public void Logout(UserSessionInfo session)
{
using (LoginService service = new LoginService())
{
service.Logout(session.SessionToken.Id);
}
}
public void ChangePassword_Click(object sender, EventArgs e)
{
using(LoginService service = new LoginService())
{
try
{
if (!NewPassword.Text.Equals(ConfirmNewPassword.Text) || NewPassword.Text.Equals(string.Empty))
{
ErrorMessage.Text = ErrorMessages.PasswordsDontMatch;
ErrorMessagePanel.Visible = true;
}
else
{
service.ChangePassword(Username.Text, OriginalPassword.Value, NewPassword.Text);
SessionManager.InitializeSession(Username.Text, NewPassword.Text, ImageServerConstants.DefaultApplicationName /*TODO: must change this */ );
}
}
catch (Exception ex)
{
ErrorMessage.Text = ex.Message;
ErrorMessagePanel.Visible = true;
SetInputFocus(NewPassword);
// May want to elimiate this.
Platform.Log(LogLevel.Error, ex, "Unexpected exception changing password: {0}.", ex.Message);
}
}
}
public UserSessionInfo RenewSession(UserSessionInfo session)
{
using (LoginService service = new LoginService())
{
var newToken = service.Renew(session.SessionToken.Id);
return new UserSessionInfo(session.Principal, newToken);
}
}
public UserSessionInfo QuerySession(string sessionId)
{
using(LoginService service = new LoginService())
{
var sessionInfo = service.Query(sessionId);
if (sessionInfo == null)
{
throw new SessionDoesNotExistException();
}
return new UserSessionInfo(sessionInfo.User, sessionInfo.Credentials.SessionToken);
}
}
public void Validate()
{
_valid = false;
using(var service = new LoginService())
{
SessionInfo sessionInfo = service.Query(Credentials.SessionToken.Id);
if (sessionInfo == null)
{
throw new SessionValidationException();
}
_user.Credentials = sessionInfo.Credentials;
SessionToken newToken = service.Renew(Credentials.SessionToken.Id);
_user.Credentials.SessionToken = newToken;
_valid = true;
}
}
public void Query()
{
_valid = false;
using (var service = new LoginService())
{
SessionInfo sessionInfo = service.Query(Credentials.SessionToken.Id);
if (sessionInfo == null)
{
throw new SessionValidationException();
}
if (sessionInfo.Credentials.SessionToken.ExpiryTime < Platform.Time)
{
throw new SessionValidationException();
}
_user.Credentials = sessionInfo.Credentials;
_valid = true;
}
}
public void ChangePassword_Click(object sender, EventArgs e)
{
using(LoginService service = new LoginService())
{
try
{
SessionInfo session = service.Login(ChangePasswordUsername.Text, OriginalPassword.Text, ImageServerConstants.DefaultApplicationName);
if (!NewPassword.Text.Equals(ConfirmNewPassword.Text) || NewPassword.Text.Equals(string.Empty))
{
ErrorMessage.Text = ErrorMessages.PasswordsDoNotMatch;
ErrorMessagePanel.Visible = true;
}
else
{
service.ChangePassword(ChangePasswordUsername.Text, OriginalPassword.Text,NewPassword.Text);
session = service.Login(ChangePasswordUsername.Text, NewPassword.Text, ImageServerConstants.DefaultApplicationName);
SessionManager.InitializeSession(session);
if (LoginPasswordChange.Checked)
{
Response.Redirect(
FormsAuthentication.GetRedirectUrl(ChangePasswordUsername.Text, false), false);
}
else
{
ModalDialog1.Hide();
}
}
}
catch(ArgumentException ex)
{
Platform.Log(LogLevel.Error, ex, "Unable to change password for {0}: {1}", ChangePasswordUsername.Text, ex.Message);
string error = String.Format(ErrorMessages.ChangePasswordError, ex.Message);
ShowError(error);
}
catch (PasswordExpiredException ex)
{
Platform.Log(LogLevel.Error, ex, "Unable to change password for {0}: {1}", ChangePasswordUsername.Text, ex.Message);
ShowError(ErrorMessages.PasswordExpired);
}
catch (UserAccessDeniedException ex)
{
Platform.Log(LogLevel.Error, ex, "Unable to change password for {0}: {1}", ChangePasswordUsername.Text, ex.Message);
ShowError(ErrorMessages.UserAccessDenied);
}
catch (RequestValidationException ex)
{
// NOTE: The server is throwing FaultException<RequestValidationException> when username or password doesn't match the configured policy
Platform.Log(LogLevel.Error, ex, "Unable to change password for {0}: {1}", ChangePasswordUsername.Text, ex.Message);
string error = String.Format(ErrorMessages.PasswordPolicyNotMet);
ShowError(error);
}
catch (CommunicationException ex)
{
Platform.Log(LogLevel.Error, ex, ErrorMessages.CannotContactEnterpriseServer);
ShowError(ErrorMessages.CannotContactEnterpriseServer);
}
catch (Exception ex)
{
ShowError(ex.Message);
// May want to elimiate this.
Platform.Log(LogLevel.Error, ex, "Unexpected exception changing password: {0}.", ex.Message);
}
}
}
public static void SignOut(SessionInfo session)
{
FormsAuthentication.SignOut();
if (session != null)
{
try
{
ForceOtherPagesToLogout(session);
using (LoginService service = new LoginService())
{
service.Logout(session.Credentials.SessionToken.Id);
}
}
catch (NotSupportedException)
{
//ignore this.
}
catch (Exception e)
{
Platform.Log(LogLevel.Warn, e, "Failed to log user out.");
}
UserAuthenticationAuditHelper audit = new UserAuthenticationAuditHelper(
ServerPlatform.AuditSource,
EventIdentificationContentsEventOutcomeIndicator.Success,
UserAuthenticationEventType.Logout);
audit.AddUserParticipant(new AuditPersonActiveParticipant(
session.Credentials.UserName,
null,
session.Credentials.DisplayName));
ServerPlatform.LogAuditMessage(audit);
}
}
/// <summary>
/// Logs in and intializes the session using the given username and password.
/// </summary>
/// <param name="username"></param>
/// <param name="password"></param>
/// <param name="appName"></param>
/// <param name="redirect"></param>
public static SessionInfo InitializeSession(string username, string password, string appName, bool redirect)
{
using (LoginService service = new LoginService())
{
SessionInfo session = service.Login(username, password, appName);
InitializeSession(session);
Platform.Log(LogLevel.Info, "[{0}]: {1} has successfully logged in.", appName, username);
if(redirect) HttpContext.Current.Response.Redirect(FormsAuthentication.GetRedirectUrl(username, false), false);
return session;
}
}
/// <summary>
/// Renew the current session
/// </summary>
public static void RenewSession()
{
var session = Current;
if (session != null)
{
using (var service = new LoginService())
{
SessionInfo sessionInfo = service.Renew(session.Credentials.SessionToken.Id, true /* force to bypass local cache */);
InitializeSession(sessionInfo);
}
}
}
public static void SignOut(SessionInfo session)
{
FormsAuthentication.SignOut();
if (session != null)
{
try
{
ForceOtherPagesToLogout(session);
using (LoginService service = new LoginService())
{
service.Logout(session.Credentials.SessionToken.Id);
}
}
catch (NotSupportedException)
{
//ignore this.
}
catch (Exception e)
{
Platform.Log(LogLevel.Warn, e, "Failed to log user out.");
}
}
}
private void CleanupSession(SessionInfo session)
{
lock (_sync)
{
using (var service = new LoginService())
{
try
{
try
{
service.Logout(session.Credentials.SessionToken.Id);
}
catch(Exception ex)
{
Platform.Log(LogLevel.Warn, ex, "Unable to terminate session {0} gracefully",
session.Credentials.SessionToken.Id);
}
}
finally
{
RemoveSession(session.Credentials.SessionToken.Id);
}
}
}
}
public void Query()
{
_valid = false;
using (var service = new LoginService())
{
SessionInfo sessionInfo = service.Query(Credentials.SessionToken.Id);
if (sessionInfo == null)
{
throw new SessionValidationException();
}
if (sessionInfo.Credentials.SessionToken.ExpiryTime < Platform.Time)
{
throw new SessionValidationException();
}
_user.Credentials = sessionInfo.Credentials;
_valid = true;
}
}
public void Validate()
{
_valid = false;
using(var service = new LoginService())
{
try
{
var sessionInfo = service.Renew(Credentials.SessionToken.Id);
_user.Credentials.SessionToken = sessionInfo.Credentials.SessionToken;
_user.Credentials.Authorities = sessionInfo.Credentials.Authorities;
_user.Credentials.DataAccessAuthorityGroups = sessionInfo.Credentials.DataAccessAuthorityGroups;
_valid = true;
}
catch (Exception)
{
throw new SessionValidationException();
}
}
}
protected void Page_Load(object sender, EventArgs e)
{
UserID = Request.Params[ImageServerConstants.WebViewerQueryStrings.Username];
Password = Request.Params[ImageServerConstants.WebViewerQueryStrings.Password];
AppName = Request.Params[ImageServerConstants.WebViewerQueryStrings.ApplicationName];
ListStudies = Request.Params[ImageServerConstants.WebViewerQueryStrings.ListStudies];
WebViewerInitString = Request.Params[ImageServerConstants.WebViewerQueryStrings.WebViewerInitParams];
//Try to authenticate the user
if (!string.IsNullOrEmpty(UserID) && !string.IsNullOrEmpty(Password))
{
if(String.IsNullOrEmpty(AppName))
{
int start = WebViewerInitString.IndexOf(ImageServerConstants.WebViewerQueryStrings.ApplicationName + "=");
if (start < 0) AppName = ImageServerConstants.DefaultApplicationName;
else
{
start += (ImageServerConstants.WebViewerQueryStrings.ApplicationName + "=").Length;
AppName = WebViewerInitString.Substring(start);
int end = AppName.IndexOf(',');
AppName = AppName.Substring(0, end);
if (string.IsNullOrEmpty(AppName)) AppName = ImageServerConstants.DefaultApplicationName;
}
}
AppName = String.Format("{0}@{1}", AppName, HttpContext.Current.Request.UserHostName);
try
{
using (LoginService service = new LoginService())
{
SessionInfo session = service.Login(UserID, Password, AppName);
Platform.Log(LogLevel.Info, "[{0}]: {1} has successfully logged in.", AppName, UserID);
WebViewerInitString += string.Format(",{0}={1},{2}={3}",
ImageServerConstants.WebViewerQueryStrings.Username, UserID,
ImageServerConstants.WebViewerQueryStrings.Session,
session.Credentials.SessionToken.Id);
//_sessionId = session.Credentials.SessionToken.Id;
//Add the session information to the context in case we redirect to the studies page.
//We need these to properly launch the WebViewer
Context.Items.Add(ImageServerConstants.WebViewerQueryStrings.Username, UserID);
Context.Items.Add(ImageServerConstants.WebViewerQueryStrings.Session, session.Credentials.SessionToken.Id);
Context.Items.Add("Authorized", false);
foreach(string role in session.Credentials.Authorities)
{
if (role.Equals(ClearCanvas.ImageServer.Enterprise.Authentication.AuthorityTokens.Study.ViewImages))
{
Context.Items["Authorized"] = "true";
break;
}
}
}
}
catch (PasswordExpiredException)
{
Platform.Log(LogLevel.Info, "[{0}]: {1} encountered PasswordExpiredException.", AppName, UserID);
Server.Transfer(ImageServerConstants.PageURLs.WebViewerAuthorizationErrorPage, true);
}
catch (UserAccessDeniedException)
{
Platform.Log(LogLevel.Info, "[{0}]: {1} encountered UserAccessDeniedException.", AppName, UserID);
Server.Transfer(ImageServerConstants.PageURLs.WebViewerAuthorizationErrorPage, true);
}
catch (Exception ex)
{
Platform.Log(LogLevel.Info, "[{0}]: {1} encountered exception {2} - {3}.", AppName, UserID, ex.GetType(), ex.Message);
Server.Transfer(ImageServerConstants.PageURLs.WebViewerAuthorizationErrorPage, true);
}
if (!string.IsNullOrEmpty(ListStudies) && ListStudies.Equals("true"))
{
//Extract the WebViewer Init Parameters to determine whether or not we need
//to redirect to the Studies page.
var initParams = new WebViewerInitParams();
string[] vals = HttpUtility.UrlDecode(WebViewerInitString).Split(new[] { '?', ';', '=', ',', '&' });
for (int i = 0; i < vals.Length - 1; i++)
{
if (String.IsNullOrEmpty(vals[i]))
continue;
if (vals[i].Equals(ImageServerConstants.WebViewerStartupParameters.Study))
{
i++;
initParams.StudyInstanceUids.Add(vals[i]);
}
else if (vals[i].Equals(ImageServerConstants.WebViewerStartupParameters.PatientID))
{
i++;
initParams.PatientIds.Add(vals[i]);
}
else if (vals[i].Equals(ImageServerConstants.WebViewerStartupParameters.AeTitle))
{
i++;
initParams.AeTitle = vals[i];
}
else if (vals[i].Equals(ImageServerConstants.WebViewerStartupParameters.AccessionNumber))
{
i++;
initParams.AccessionNumbers.Add(vals[i]);
}
}
//Check if there are multiple studies to be displayed.
var controller = new StudyController();
var partitionAdapter = new ServerPartitionDataAdapter();
var partitionCriteria = new ServerPartitionSelectCriteria();
StudySelectCriteria studyCriteria;
ServerPartition partition = null;
int studyCount = 0;
if(!string.IsNullOrEmpty(initParams.AeTitle))
{
partitionCriteria.AeTitle.EqualTo(initParams.AeTitle);
IList<ServerPartition> partitions = partitionAdapter.GetServerPartitions(partitionCriteria);
//TODO: What if the AE Title is invalid?
if(partitions.Count == 1)
{
partition = partitions[0];
}
}
//TODO: The logic below is very weird.
foreach (string patientId in initParams.PatientIds)
{
studyCriteria = new StudySelectCriteria();
if (partition != null) studyCriteria.ServerPartitionKey.EqualTo(partition.Key);
SetStringCondition(studyCriteria.PatientId, patientId);
studyCount +=controller.GetStudyCount(studyCriteria);
}
if (studyCount < 2)
foreach (string accession in initParams.AccessionNumbers)
{
studyCriteria = new StudySelectCriteria();
if (partition != null) studyCriteria.ServerPartitionKey.EqualTo(partition.Key);
SetStringCondition(studyCriteria.AccessionNumber, accession);
// TODO: studyCount is either 0 or 1 entering this block. If the same study is found, studyCount is incremented to 2, which is wrong
studyCount += controller.GetStudyCount(studyCriteria);
}
if (studyCount < 2 && initParams.StudyInstanceUids.Count > 0)
{
studyCriteria = new StudySelectCriteria();
if (partition != null) studyCriteria.ServerPartitionKey.EqualTo(partition.Key);
studyCriteria.StudyInstanceUid.In(initParams.StudyInstanceUids);
// TODO: studyCount is either 0 or 1 entering this block. If the same study is found, studyCount is incremented to 2, which is wrong
studyCount += controller.GetStudyCount(studyCriteria);
}
if (studyCount > 1)
Server.Transfer(ImageServerConstants.PageURLs.WebViewerStudiesPage, true);
}
if (string.IsNullOrEmpty(WebViewerInitString))
{
Response.Redirect(ImageServerConstants.PageURLs.WebViewerDefaultPage, true);
}
else
{
Response.Redirect(ImageServerConstants.PageURLs.WebViewerDefaultPage + "?" + ImageServerConstants.WebViewerQueryStrings.WebViewerInitParams + "=" + WebViewerInitString, true);
}
}
else
{
Server.Transfer(ImageServerConstants.PageURLs.WebViewerAuthorizationErrorPage, true);
}
}