private void InferRoleSelection() { _selectedRole = LookupBLL.Roles.Find(p => p.Id == Int16.Parse(ddlRoles.SelectedValue)); if (_selectedRole == null) { ShiptalkException.ThrowSecurityException("Possible role list manipulation. The selected role was not found.", "Sorry. We're unable to serve your request. Please contact support for assistance"); } //DisplayMessage("Sorry. We're unable to serve your request. Please contact support for assistance."); }
private bool IsAuthorized() { //return AccessRulesBLL.CheckReadOnlyAccess(this.AccountInfo, UserData); bool AuthResult = AccessRulesBLL.CanViewSubStateUser(UserSubStateRegionData.RegionId, UserSubStateRegionData.IsAdmin, UserData.StateFIPS, ViewerUserData); if (!AuthResult) { ShiptalkException.ThrowSecurityException(string.Format("Access denied. User :{0} cannot view {1}.", this.AccountInfo.UserId, UserData.UserId), "You are not authorized to view the User information."); } return(AuthResult); }
protected void Page_Load(object sender, EventArgs e) { if (!IsAuthorized()) { ShiptalkException.ThrowSecurityException(string.Format("Access denied. User :{0} cannot edit {1}.", this.AccountInfo.UserId, UserData.UserId), "You are not authorized to edit the User information."); } InitializeView(); //Pbattineni - 10/08/12 oldEmailId = (formView.FindControl("oldEmail") as TextBox).Text.ToString(); }
private void InferRoleSelection() { Role CMSRole = LookupBLL.GetRole(Scope.CMS, true); if (Int16.Parse(ddlRoles.SelectedValue) == CMSRole.Id) { _selectedRole = CMSRole; } else { _selectedRole = LookupBLL.Roles.Find(p => p.Id == Int16.Parse(ddlRoles.SelectedValue)); } if (_selectedRole == null) { ShiptalkException.ThrowSecurityException("Possible role list manipulation. The selected role was not found.", "Sorry. We're unable to serve your request. Please contact support for assistance"); } }
protected void Application_Error(object sender, EventArgs e) { bool RedirectToCustomErrorPage = true; string ErrorPagesVirPath = "~/ErrorPages/"; string Error404Page = ErrorPagesVirPath + "404.aspx"; string CustomErrorPage = ErrorPagesVirPath + "CustomError.aspx"; string SessionUnavailablePage = ErrorPagesVirPath + "SessionExpired.aspx"; string UnAuthorizedAccessPage = ErrorPagesVirPath + "UnAuthorizedAccess.aspx"; try { Exception Ex = HttpContext.Current.Error; var request = HttpContext.Current.Request; string mesg = Ex.Message.ToLower(); string pagePath = Request.Url.PathAndQuery.ToString(); string WEB_EVENT_NAME = "WebEventRequestInformation"; bool IsAuthenticated = (HttpContext.Current.User != null && HttpContext.Current.User.Identity.IsAuthenticated); bool IsUserLoggedIn = IsAuthenticated && ShiptalkPrincipal.IsSessionActive; string UserInfo = IsUserLoggedIn ? GetUserInfo(ShiptalkPrincipal.UserId) : "Unhandled error. Caught in global.asax."; ErrorHandlerUtil.HandleError(Ex, HttpContext.Current, UserInfo); if (Ex is HttpUnhandledException) { //The default action: Must redirect to custom page. The event must be logged before that. RedirectToCustomErrorPage = true; Application.Add(WEB_EVENT_NAME, CreateWebEventRequestInfo(request)); } else if (Ex is HttpException) { Server.ClearError(); HttpException httpEx = Ex as HttpException; if (httpEx.GetHttpCode() == 404) { if (pagePath.ToLower().EndsWith(".aspx")) { //We need to redirect User to 404 page. RedirectToCustomErrorPage = false; //For now, we are not going to log this event. //Application.Add(WEB_EVENT_NAME, CreateWebEventRequestInfo(request)); Response.Redirect(Error404Page); return; } else { //Here we do not take any action. We do not want to keep logging for some cached image request that does not exist. //404 for Gif, JPG and other requests handled here. fakeimg.jpg //If we try to redirect user to another page, user will get //undesired results, just because of a missing insignificant image. Response.ClearContent(); RedirectToCustomErrorPage = false; return; } } } else if (Ex is ShiptalkException) { ShiptalkException shipEx = Ex as ShiptalkException; if (shipEx != null && shipEx.ExceptionType.HasValue) { if (shipEx.ExceptionType.Value == ShiptalkException.ShiptalkExceptionTypes.UN_AUTHORIZED_EXCEPTION) { //Redirect if session expired. //We're not going to log this event. Server.ClearError(); RedirectToCustomErrorPage = false; Response.Redirect(UnAuthorizedAccessPage, true); } else if (shipEx.ExceptionType.Value == ShiptalkException.ShiptalkExceptionTypes.SESSION_EXPIRED_OR_UNAVAILABLE) { //Redirect if session expired. //We're not going to log this event. Server.ClearError(); RedirectToCustomErrorPage = false; Response.Redirect(SessionUnavailablePage, true); } } } else if (Ex is System.Security.SecurityException) { //Redirect if session expired. //We're not going to log this event. Server.ClearError(); RedirectToCustomErrorPage = false; Response.Redirect(UnAuthorizedAccessPage, true); } } catch (Exception OuterEx) { RedirectToCustomErrorPage = true; } if (RedirectToCustomErrorPage) { Server.Transfer(CustomErrorPage); } //Response.Write(string.Format("<h1>{0}</h1>", Server.GetLastError().StackTrace.ToString())); //Response.Flush(); //Response.End(); }