Esempio n. 1
0
        protected void FormsAuthentication_OnAuthenticate(Object sender, FormsAuthenticationEventArgs e)
        {
            if (FormsAuthentication.CookiesSupported == true)
            {
                if (Request.Cookies[FormsAuthentication.FormsCookieName] != null)
                {
                    try
                    {
                        //let us take out the username now
                        string username   = FormsAuthentication.Decrypt(Request.Cookies[FormsAuthentication.FormsCookieName].Value).Name;
                        string signInType = "";

                        if (Request.Cookies["UserCookie"] != null)
                        {
                            var cookie = Request.Cookies["UserCookie"];
                            signInType = ClassHashing.basicDecryption(cookie.Values["SignInType"].ToString());
                        }


                        //let us extract the roles from our own custom cookie
                        string roles = UserVerification.GetUserRoles(username, signInType);

                        //Let us set the Pricipal with our user specific details
                        e.User = new System.Security.Principal.GenericPrincipal(
                            new System.Security.Principal.GenericIdentity(username, "Forms"), roles.Split(';'));
                    }
                    catch (Exception ex)
                    {
                        throw new Exception(ex.ToString());
                    }
                }
            }
        }
        protected void btnSubmit_Click(object sender, EventArgs e)
        {
            if (ViewState["StaffID"] != null)
            {
                SqlConnection conPrintDB;
                string        connStr = ConfigurationManager.ConnectionStrings["printDBServer"].ConnectionString;
                conPrintDB = new SqlConnection(connStr);
                conPrintDB.Open();
                try
                {
                    string     strUpdate;
                    SqlCommand cmdUpdate;

                    strUpdate = "Update CompanyStaff SET StaffPassword = @password ,StaffSalt = @salt WHERE StaffID = @staffID";

                    byte[] generatedSalt = ClassHashing.generateSalt();
                    byte[] hashPassword  = ClassHashing.generateSaltedHash(txtPassword.Text, generatedSalt);


                    cmdUpdate = new SqlCommand(strUpdate, conPrintDB);
                    cmdUpdate.Parameters.AddWithValue("@password", hashPassword);
                    cmdUpdate.Parameters.AddWithValue("@salt", generatedSalt);
                    cmdUpdate.Parameters.AddWithValue("@staffID", ClassHashing.basicDecryption((string)ViewState["StaffID"]));


                    int n = cmdUpdate.ExecuteNonQuery();
                    if (n > 0)
                    {
                        Response.Write("<script LANGUAGE='JavaScript' >alert('Successfully activated your account. Redirecting to login page.')</script>");
                        Response.Redirect("Login.aspx");
                    }
                    else
                    {
                        lblMessage.Text       = "Unable to update account inforation. Please try again later.";
                        messageHolder.Visible = true;
                    }
                }
                catch (Exception ex)
                {
                    lblMessage.Text       = "An error occured when setting the password to the account :" + ex.ToString();
                    messageHolder.Visible = true;
                }
                finally
                {
                    conPrintDB.Close();
                }
            }
            else
            {
                lblMessage.Text       = "Unable to retrieve account inforation. Please try again later.";
                messageHolder.Visible = true;
            }
        }