public SsoSettingsV2 GetSsoSettingsV2()
{
CheckSsoPermissions();
var settings = SsoSettingsV2.Load();
if (string.IsNullOrEmpty(settings.SpLoginLabel))
{
settings.SpLoginLabel = SsoSettingsV2.SSO_SP_LOGIN_LABEL;
}
return(settings);
}
public SsoSettingsV2 ResetSsoSettingsV2()
{
CheckSsoPermissions();
var defaultSettings = new SsoSettingsV2().GetDefault() as SsoSettingsV2;
if (defaultSettings != null && !defaultSettings.Save())
{
throw new Exception(Resource.SsoSettingsCantSaveSettings);
}
ConverSsoUsersToOrdinary();
MessageService.Send(HttpContext.Current.Request, MessageAction.SSODisabled);
return(defaultSettings);
}
public SsoSettingsV2 ResetSsoSettingsV2()
{
CheckSsoPermissions();
var defaultSettings = new SsoSettingsV2().GetDefault();
if (!SettingsManager.Instance.SaveSettings(defaultSettings, TenantProvider.CurrentTenantID))
{
throw new Exception(Resource.SsoSettingsCantSaveSettings);
}
ConverSsoUsersToOrdirary();
MessageService.Send(HttpContext.Current.Request, MessageAction.SSODisabled);
return(defaultSettings as SsoSettingsV2);
}
[Read("", false, false)] //NOTE: this method doesn't requires auth!!! //NOTE: this method doesn't check payment!!!
public CapabilitiesData GetPortalCapabilities()
{
try
{
bool ldapEnabled;
if (!SetupInfo.IsVisibleSettings(ManagementType.LdapSettings.ToString()) ||
(CoreContext.Configuration.Standalone &&
!CoreContext.TenantManager.GetTenantQuota(TenantProvider.CurrentTenantID).Ldap))
{
ldapEnabled = false;
}
else
{
var settings = LdapSettings.Load();
ldapEnabled = settings.EnableLdapAuthentication;
}
string ssoUrl = string.Empty;
string ssoLabel = string.Empty;
if (!SetupInfo.IsVisibleSettings(ManagementType.SingleSignOnSettings.ToString()) ||
(CoreContext.Configuration.Standalone &&
!CoreContext.TenantManager.GetTenantQuota(TenantProvider.CurrentTenantID).Sso))
{
ssoUrl = string.Empty;
ssoLabel = string.Empty;
}
else
{
var settings = SsoSettingsV2.Load();
if (settings.EnableSso)
{
var uri = HttpContext.Current.Request.GetUrlRewriter();
var configUrl = GetAppSettings("web.sso.saml.login.url", "");
ssoUrl = string.Format("{0}://{1}{2}{3}", uri.Scheme, uri.Host,
(uri.Port == 80 || uri.Port == 443) ? "" : ":" + uri.Port, configUrl);
ssoLabel = settings.SpLoginLabel;
}
}
var capa = new CapabilitiesData
{
LdapEnabled = ldapEnabled,
SsoUrl = ssoUrl,
SsoLabel = ssoLabel
};
return(capa);
}
catch (Exception ex)
{
LogManager.GetLogger(typeof(CapabilitiesEntryPoint)).Error(ex.Message);
}
return(CapabilitiesData.GetSample());
}
protected override void OnPreInit(EventArgs e)
{
base.OnPreInit(e);
if (!SecurityContext.IsAuthenticated)
{
if (CoreContext.Configuration.Personal)
{
if (Request["campaign"] == "personal")
{
Session["campaign"] = "personal";
}
CheckSocialMedia();
SetLanguage(abTesting: true);
}
var token = Request["asc_auth_key"];
if (SecurityContext.AuthenticateMe(token))
{
CookiesManager.SetCookies(CookiesType.AuthKey, token);
var refererURL = Request["refererURL"];
if (string.IsNullOrEmpty(refererURL))
{
refererURL = "~/auth.aspx";
}
Response.Redirect(refererURL, true);
}
return;
}
if (IsLogout)
{
var user = CoreContext.UserManager.GetUsers(SecurityContext.CurrentAccount.ID);
var loginName = user.DisplayUserName(false);
ProcessLogout();
MessageService.Send(HttpContext.Current.Request, loginName, MessageAction.Logout);
if (!string.IsNullOrEmpty(user.SsoNameId))
{
var settings = SsoSettingsV2.Load();
if (settings.EnableSso && !string.IsNullOrEmpty(settings.IdpSettings.SloUrl))
{
var logoutSsoUserData = Signature.Create(new LogoutSsoUserData
{
NameId = user.SsoNameId,
SessionId = user.SsoSessionId
});
HttpContext.Current.Response.Redirect(SetupInfo.SsoSamlLogoutUrl + "?data=" + HttpUtility.UrlEncode(logoutSsoUserData), true);
}
}
Response.Redirect("~/auth.aspx", true);
}
else
{
Response.Redirect(CommonLinkUtility.GetDefault(), true);
}
}
[Read("", false, false)] //NOTE: this method doesn't requires auth!!! //NOTE: this method doesn't check payment!!!
public CapabilitiesData GetPortalCapabilities()
{
var result = new CapabilitiesData
{
LdapEnabled = false,
Providers = null,
SsoLabel = string.Empty,
SsoUrl = string.Empty
};
try
{
if (SetupInfo.IsVisibleSettings(ManagementType.LdapSettings.ToString()) &&
(!CoreContext.Configuration.Standalone ||
CoreContext.TenantManager.GetTenantQuota(TenantProvider.CurrentTenantID).Ldap))
{
var settings = LdapSettings.Load();
result.LdapEnabled = settings.EnableLdapAuthentication;
}
}
catch (Exception ex)
{
LogManager.GetLogger("ASC").Error(ex.Message);
}
try
{
result.Providers = AccountLinkControl.AuthProviders
.Where(loginProvider =>
{
var provider = ProviderManager.GetLoginProvider(loginProvider);
return(provider != null && provider.IsEnabled);
})
.ToList();
}
catch (Exception ex)
{
LogManager.GetLogger("ASC").Error(ex.Message);
}
try
{
if (SetupInfo.IsVisibleSettings(ManagementType.SingleSignOnSettings.ToString()) &&
(!CoreContext.Configuration.Standalone ||
CoreContext.TenantManager.GetTenantQuota(TenantProvider.CurrentTenantID).Sso))
{
var settings = SsoSettingsV2.Load();
if (settings.EnableSso)
{
var uri = HttpContext.Current.Request.GetUrlRewriter();
var configUrl = GetAppSettings("web.sso.saml.login.url", "");
result.SsoUrl = string.Format("{0}://{1}{2}{3}", uri.Scheme, uri.Host,
(uri.Port == 80 || uri.Port == 443) ? "" : ":" + uri.Port, configUrl);
result.SsoLabel = settings.SpLoginLabel;
}
}
}
catch (Exception ex)
{
LogManager.GetLogger("ASC").Error(ex.Message);
}
return(result);
}
private bool CheckStartupEnabled(TenantQuota currentQuota, TenantQuota startupQuota, out string errorMessage)
{
errorMessage = string.Empty;
if (!currentQuota.Trial)
{
errorMessage = UserControlsCommonResource.SaasTariffErrorTrial;
return(false);
}
if (TenantStatisticsProvider.GetUsersCount() > startupQuota.ActiveUsers)
{
errorMessage = string.Format(UserControlsCommonResource.SaasTariffErrorUsers, startupQuota.ActiveUsers);
return(false);
}
if (TenantStatisticsProvider.GetVisitorsCount() > 0)
{
errorMessage = string.Format(UserControlsCommonResource.SaasTariffErrorGuests, 0);
return(false);
}
var currentTenant = CoreContext.TenantManager.GetCurrentTenant();
var admins = WebItemSecurity.GetProductAdministrators(Guid.Empty);
if (admins.Any(admin => admin.ID != currentTenant.OwnerId))
{
errorMessage = string.Format(UserControlsCommonResource.SaasTariffErrorAdmins, 1);
return(false);
}
if (TenantStatisticsProvider.GetUsedSize() > startupQuota.MaxTotalSize)
{
errorMessage = string.Format(UserControlsCommonResource.SaasTariffErrorStorage, FileSizeComment.FilesSizeToString(startupQuota.MaxTotalSize));
return(false);
}
var authServiceList = new AuthorizationKeys().AuthServiceList.Where(x => x.CanSet);
foreach (var service in authServiceList)
{
if (service.Props.Any(r => !string.IsNullOrEmpty(r.Value)))
{
errorMessage = UserControlsCommonResource.SaasTariffErrorThirparty;
return(false);
}
}
if (!TenantWhiteLabelSettings.Load().IsDefault)
{
errorMessage = UserControlsCommonResource.SaasTariffErrorWhiteLabel;
return(false);
}
if (!string.IsNullOrEmpty(currentTenant.MappedDomain))
{
errorMessage = UserControlsCommonResource.SaasTariffErrorDomain;
return(false);
}
var accountLinker = new AccountLinker("webstudio");
foreach (var user in CoreContext.UserManager.GetUsers(EmployeeStatus.All))
{
var linkedAccounts = accountLinker.GetLinkedProfiles(user.ID.ToString());
if (linkedAccounts.Any())
{
errorMessage = UserControlsCommonResource.SaasTariffErrorOauth;
return(false);
}
}
if (SsoSettingsV2.Load().EnableSso)
{
errorMessage = UserControlsCommonResource.SaasTariffErrorSso;
return(false);
}
if (ActiveDirectory.Base.Settings.LdapSettings.Load().EnableLdapAuthentication)
{
errorMessage = UserControlsCommonResource.SaasTariffErrorLdap;
return(false);
}
using (var service = new BackupServiceClient())
{
var scheduleResponse = service.GetSchedule(currentTenant.TenantId);
if (scheduleResponse != null)
{
errorMessage = UserControlsCommonResource.SaasTariffErrorAutoBackup;
return(false);
}
}
return(true);
}
public void ProcessRequest(HttpContext context)
{
try
{
if (!SetupInfo.IsVisibleSettings(ManagementType.SingleSignOnSettings.ToString()))
{
_log.DebugFormat("Single sign-on settings are disabled");
context.Response.Redirect(AUTH_PAGE + "?m=" + HttpUtility.UrlEncode(Resource.SsoSettingsDisabled),
false);
return;
}
if (CoreContext.Configuration.Standalone &&
!CoreContext.TenantManager.GetTenantQuota(TenantProvider.CurrentTenantID).Sso)
{
_log.DebugFormat("Single sign-on settings are not paid");
context.Response.Redirect(
AUTH_PAGE + "?m=" + HttpUtility.UrlEncode(Resource.ErrorNotAllowedOption), false);
return;
}
var settings = SsoSettingsV2.Load();
if (context.Request["config"] == "saml")
{
context.Response.StatusCode = 200;
var signedSettings = Signature.Create(settings);
var ssoConfig = JavaScriptSerializer.Serialize(signedSettings);
context.Response.Write(ssoConfig.Replace("\"", ""));
return;
}
if (!settings.EnableSso)
{
_log.DebugFormat("Single sign-on is disabled");
context.Response.Redirect(AUTH_PAGE + "?m=" + HttpUtility.UrlEncode(Resource.SsoSettingsDisabled),
false);
return;
}
var data = context.Request["data"];
if (string.IsNullOrEmpty(data))
{
_log.Error("SAML response is null or empty");
context.Response.Redirect(
AUTH_PAGE + "?m=" + HttpUtility.UrlEncode(Resource.SsoSettingsEmptyToken), false);
return;
}
if (context.Request["auth"] == "true")
{
var userData = Signature.Read <SsoUserData>(data);
if (userData == null)
{
_log.Error("SAML response is not valid");
MessageService.Send(context.Request, MessageAction.LoginFailViaSSO);
context.Response.Redirect(
AUTH_PAGE + "?m=" + HttpUtility.UrlEncode(Resource.SsoSettingsNotValidToken), false);
return;
}
var userInfo = userData.ToUserInfo(true);
if (Equals(userInfo, Constants.LostUser))
{
_log.Error("Can't create userInfo using current SAML response");
context.Response.Redirect(
AUTH_PAGE + "?m=" + HttpUtility.UrlEncode(Resource.SsoSettingsCantCreateUser), false);
return;
}
if (userInfo.Status == EmployeeStatus.Terminated)
{
_log.Error("Current user is terminated");
context.Response.Redirect(
AUTH_PAGE + "?m=" + HttpUtility.UrlEncode(Resource.SsoSettingsUserTerminated), false);
return;
}
if (context.User != null && context.User.Identity != null && context.User.Identity.IsAuthenticated)
{
var authenticatedUserInfo = CoreContext.UserManager.GetUsers(((IUserAccount)context.User.Identity).ID);
if (!Equals(userInfo, authenticatedUserInfo))
{
var loginName = authenticatedUserInfo.DisplayUserName(false);
CookiesManager.ResetUserCookie();
SecurityContext.Logout();
MessageService.Send(HttpContext.Current.Request, loginName, MessageAction.Logout);
}
else
{
_log.DebugFormat("User {0} already authenticated", context.User.Identity);
}
}
userInfo = AddUser(userInfo);
var authKey = SecurityContext.AuthenticateMe(userInfo.ID);
CookiesManager.SetCookies(CookiesType.AuthKey, authKey);
MessageService.Send(context.Request, MessageAction.LoginSuccessViaSSO);
context.Response.Redirect(CommonLinkUtility.GetDefault() + "?token=" + HttpUtility.UrlEncode(authKey), false);
}
else if (context.Request["logout"] == "true")
{
var logoutSsoUserData = Signature.Read <LogoutSsoUserData>(data);
if (logoutSsoUserData == null)
{
_log.Error("SAML Logout response is not valid");
MessageService.Send(context.Request, MessageAction.LoginFailViaSSO);
context.Response.Redirect(
AUTH_PAGE + "?m=" + HttpUtility.UrlEncode(Resource.SsoSettingsNotValidToken), false);
return;
}
var userInfo = CoreContext.UserManager.GetSsoUserByNameId(logoutSsoUserData.NameId);
if (Equals(userInfo, Constants.LostUser))
{
_log.Error("Can't logout userInfo using current SAML response");
context.Response.Redirect(
AUTH_PAGE + "?m=" + HttpUtility.UrlEncode(Resource.SsoSettingsCantCreateUser), false);
return;
}
if (userInfo.Status == EmployeeStatus.Terminated)
{
_log.Error("Current user is terminated");
context.Response.Redirect(
AUTH_PAGE + "?m=" + HttpUtility.UrlEncode(Resource.SsoSettingsUserTerminated), false);
return;
}
SecurityContext.AuthenticateMe(userInfo.ID);
var loginName = userInfo.DisplayUserName(false);
CookiesManager.ResetUserCookie();
SecurityContext.Logout();
MessageService.Send(HttpContext.Current.Request, loginName, MessageAction.Logout);
context.Response.Redirect(AUTH_PAGE, false);
}
}
catch (Exception e)
{
_log.ErrorFormat("Unexpected error. {0}", e);
context.Response.Redirect(AUTH_PAGE + "?m=" + HttpUtility.UrlEncode(e.Message), false);
}
finally
{
context.ApplicationInstance.CompleteRequest();
}
}