/// <summary>
/// Handling login authenticate event.
/// </summary>
/// <param name="sender">Sender.</param>
/// <param name="e">Authenticate event arguments.</param>
private void loginElem_Authenticate(object sender, AuthenticateEventArgs e)
{
if (MFAuthenticationHelper.IsMultiFactorRequiredForUser(loginElem.UserName))
{
var plcPasscodeBox = loginElem.FindControl("plcPasscodeBox");
var plcLoginInputs = loginElem.FindControl("plcLoginInputs");
var txtPasscode = loginElem.FindControl("txtPasscode") as CMSTextBox;
if (txtPasscode == null)
{
return;
}
if (plcPasscodeBox == null)
{
return;
}
if (plcLoginInputs == null)
{
return;
}
// Handle passcode
string passcode = txtPasscode.Text;
txtPasscode.Text = "";
var provider = new CMSMembershipProvider();
// Validate username and password
if (plcLoginInputs.Visible)
{
if (provider.MFValidateCredentials(loginElem.UserName, loginElem.Password))
{
// Show passcode screen
plcLoginInputs.Visible = false;
plcPasscodeBox.Visible = true;
}
}
// Validate passcode
else
{
if (provider.MFValidatePasscode(loginElem.UserName, passcode))
{
e.Authenticated = true;
}
}
}
else
{
try
{
e.Authenticated = Membership.Provider.ValidateUser(loginElem.UserName, loginElem.Password);
}
catch (ConfigurationException ex)
{
EventLogProvider.LogException("LogonMiniForm", "VALIDATEUSER", ex);
var provider = new CMSMembershipProvider();
e.Authenticated = provider.ValidateUser(loginElem.UserName, loginElem.Password);
}
}
}
private void Login1_LoginError(object sender, EventArgs e)
{
bool showError = true;
if (FailureLabel != null)
{
if (AuthenticationHelper.DisplayAccountLockInformation(SiteContext.CurrentSiteName) && MembershipContext.UserAccountLockedDueToInvalidLogonAttempts)
{
DisplayAccountLockedError(GetString("invalidlogonattempts.unlockaccount.accountlocked"));
}
else if (AuthenticationHelper.DisplayAccountLockInformation(SiteContext.CurrentSiteName) && MembershipContext.UserAccountLockedDueToPasswordExpiration)
{
DisplayAccountLockedError(GetString("passwordexpiration.accountlocked"));
}
else if (MembershipContext.UserIsPartiallyAuthenticated && !MembershipContext.UserAuthenticationFailedDueToInvalidPasscode)
{
if (MembershipContext.MFAuthenticationTokenNotInitialized && MFAuthenticationHelper.DisplaySetupCode)
{
var lblTokenID = Login1.FindControl("lblTokenID") as LocalizedLabel;
var plcTokenInfo = Login1.FindControl("plcTokenInfo");
if ((lblTokenID != null) && (plcTokenInfo != null))
{
DisplayWarning(string.Format("<strong>{0}</strong> {1}", GetString("mfauthentication.isRequired"), GetString("mfauthentication.token.get")));
lblTokenID.Text = MFAuthenticationHelper.GetSetupCodeForUser(Login1.UserName);
plcTokenInfo.Visible = true;
}
}
showError = false;
}
else if (!MembershipContext.UserIsPartiallyAuthenticated)
{
// Show login and password screen
var plcPasscodeBox = Login1.FindControl("plcPasscodeBox");
var plcLoginInputs = Login1.FindControl("plcLoginInputs");
var plcTokenInfo = Login1.FindControl("plcTokenInfo");
if (plcLoginInputs != null)
{
plcLoginInputs.Visible = true;
}
if (plcPasscodeBox != null)
{
plcPasscodeBox.Visible = false;
}
if (plcTokenInfo != null)
{
plcTokenInfo.Visible = false;
}
}
if (showError && string.IsNullOrEmpty(FailureLabel.Text))
{
DisplayError(GetString("Login_FailureText"));
}
}
}
/// <summary>
/// Reset token to initial state.
/// </summary>
protected void btnResetToken_Click(object sender, EventArgs e)
{
// Check "modify" permission
if (!CurrentUser.IsAuthorizedPerResource("CMS.Users", "Modify"))
{
RedirectToAccessDenied("CMS.Users", "Modify");
}
MFAuthenticationHelper.ResetTokenAndIterationForUser(ui);
LoadData();
ShowConfirmation(GetString("administration-user.token.reset"));
}
/// <summary>
/// Handling login authenticate event.
/// </summary>
/// <param name="sender">Sender.</param>
/// <param name="e">Authenticate event arguments.</param>
private void Login1_Authenticate(object sender, AuthenticateEventArgs e)
{
if (MFAuthenticationHelper.IsMultiFactorRequiredForUser(Login1.UserName))
{
var plcPasscodeBox = Login1.FindControl("plcPasscodeBox");
var plcLoginInputs = Login1.FindControl("plcLoginInputs");
var txtPasscode = Login1.FindControl("txtPasscode") as CMSTextBox;
if (txtPasscode == null)
{
return;
}
if (plcPasscodeBox == null)
{
return;
}
if (plcLoginInputs == null)
{
return;
}
// Handle passcode
string passcode = txtPasscode.Text;
txtPasscode.Text = string.Empty;
var provider = new CMSMembershipProvider();
// Validate username and password
if (plcLoginInputs.Visible)
{
if (provider.MFValidateCredentials(Login1.UserName, Login1.Password))
{
// Show passcode screen
plcLoginInputs.Visible = false;
plcPasscodeBox.Visible = true;
}
}
// Validate passcode
else
{
if (provider.MFValidatePasscode(Login1.UserName, passcode))
{
e.Authenticated = true;
}
}
}
else
{
e.Authenticated = Membership.Provider.ValidateUser(Login1.UserName, Login1.Password);
}
}
/// <summary>
/// Generate passcode and fire it through MultifactorAuthenticate event.
/// </summary>
/// <param name="user">User info.</param>
public string GeneratePasscode(UserInfo user)
{
MFAuthenticationHelper.IssuePasscode(user.UserName);
if (MembershipContext.MFAuthenticationTokenNotInitialized && MFAuthenticationHelper.DisplaySetupCode)
{
var sb = new StringBuilder("missingToken|");
sb.Append(GetString("mfauthentication.isRequired"), " ", GetString("mfauthentication.token.get"),
ARGUMENTS_SEPARATOR, GetString("mfauthentication.label.token"), ARGUMENTS_SEPARATOR,
MFAuthenticationHelper.GetSetupCodeForUser(user.UserName));
return(sb.ToString());
}
return("waitingForPasscode");
}
/// <summary>
/// Reset token to initial state.
/// </summary>
protected void btnResetToken_Click(object sender, EventArgs e)
{
if (!CheckGlobalAdminEdit(ui))
{
plcTable.Visible = false;
ShowError(GetString("Administration-User_List.ErrorGlobalAdmin"));
return;
}
// Check "modify" permission
if (!CurrentUser.IsAuthorizedPerResource("CMS.Users", "Modify"))
{
RedirectToAccessDenied("CMS.Users", "Modify");
}
MFAuthenticationHelper.ResetSecretForUser(ui);
LoadData();
ShowConfirmation(GetString("administration-user.token.reset"));
}
/// <summary>
/// Raises the callback event.
/// </summary>
public void RaiseCallbackEvent(string eventArgument)
{
if (eventArgument.Contains("logout"))
{
userIsLoggingOut = true;
}
else if (eventArgument.Contains("validate"))
{
userValidates = true;
validatePassword = eventArgument.Substring(START_INDEX_FOR_PASSWORD);
if (MFAuthenticationHelper.IsMultiFactorRequiredForUser(MembershipContext.AuthenticatedUser.UserName))
{
userWaitingForPasscode = true;
}
}
else if (eventArgument.Contains("validPasscode"))
{
userValidates = false;
userWaitingForPasscode = false;
passcValidates = true;
validatePasscode = eventArgument.Substring(START_INDEX_FOR_PASSCODE);
}
else if (eventArgument.Contains("isLocked"))
{
userAsksForState = true;
}
else if (eventArgument.Contains("cancel"))
{
userCanceling = true;
}
else if (eventArgument.Contains("action"))
{
userAsksForState = true;
SecurityHelper.LogScreenLockAction();
}
// Find out when screen will be locked
timeLeft = CMSPage.LastRequest + TimeSpan.FromMinutes(minutesToLock) - DateTime.Now;
}
void Login1_LoginError(object sender, EventArgs e)
{
bool showError = true;
// Ban IP addresses which are blocked for login
if (MembershipContext.UserIsBanned)
{
DisplayError(GetString("banip.ipisbannedlogin"));
}
else if (AuthenticationHelper.DisplayAccountLockInformation(SiteContext.CurrentSiteName) && MembershipContext.UserAccountLockedDueToInvalidLogonAttempts)
{
DisplayAccountLockedError(GetString("invalidlogonattempts.unlockaccount.accountlocked"));
}
else if (AuthenticationHelper.DisplayAccountLockInformation(SiteContext.CurrentSiteName) && MembershipContext.UserAccountLockedDueToPasswordExpiration)
{
DisplayAccountLockedError(GetString("passwordexpiration.accountlocked"));
}
else if (MembershipContext.UserIsPartiallyAuthenticated && !MembershipContext.UserAuthenticationFailedDueToInvalidPasscode)
{
if (MembershipContext.MFAuthenticationTokenNotInitialized && MFAuthenticationHelper.DisplayTokenID)
{
var lblTokenInfo = Login1.FindControl("lblTokenInfo") as LocalizedLabel;
var lblTokenID = Login1.FindControl("lblTokenID") as LocalizedLabel;
var plcTokenInfo = Login1.FindControl("plcTokenInfo");
if (lblTokenInfo != null)
{
lblTokenInfo.Text = string.Format("{0} {1}", GetString("mfauthentication.isRequired"), GetString("mfauthentication.token.get"));
lblTokenInfo.Visible = true;
}
if (lblTokenID != null)
{
lblTokenID.Text = MFAuthenticationHelper.GetTokenIDForUser(Login1.UserName);
}
if (plcTokenInfo != null)
{
plcTokenInfo.Visible = true;
}
}
if (string.IsNullOrEmpty(DisplayedError))
{
HideError();
}
showError = false;
}
else if (!MembershipContext.UserIsPartiallyAuthenticated)
{
// Show login and password screen
var plcPasscodeBox = Login1.FindControl("plcPasscodeBox");
var plcLoginInputs = Login1.FindControl("plcLoginInputs");
var plcTokenInfo = Login1.FindControl("plcTokenInfo");
if (plcLoginInputs != null)
{
plcLoginInputs.Visible = true;
}
if (plcPasscodeBox != null)
{
plcPasscodeBox.Visible = false;
}
if (plcTokenInfo != null)
{
plcTokenInfo.Visible = false;
}
}
if (showError && string.IsNullOrEmpty(DisplayedError))
{
DisplayError(DataHelper.GetNotEmpty(FailureText, GetString("Login_FailureText")));
}
}
/// <summary>
/// Login error handler.
/// </summary>
protected void loginElem_LoginError(object sender, EventArgs e)
{
bool showError = true;
// Ban IP addresses which are blocked for login
if (MembershipContext.UserIsBanned)
{
DisplayError(GetString("banip.ipisbannedlogin"));
}
// Check if account locked due to reaching maximum invalid logon attempts
else if (AuthenticationHelper.DisplayAccountLockInformation(SiteContext.CurrentSiteName) && MembershipContext.UserAccountLockedDueToInvalidLogonAttempts)
{
string msg = GetString("invalidlogonattempts.unlockaccount.accountlocked");
if (!ErrorAsPopup)
{
msg += " " + string.Format(GetString("invalidlogonattempts.unlockaccount.accountlockedlink"), GetLogonAttemptsUnlockingLink());
}
DisplayError(msg);
}
// Check if account locked due to password expiration
else if (AuthenticationHelper.DisplayAccountLockInformation(SiteContext.CurrentSiteName) && MembershipContext.UserAccountLockedDueToPasswordExpiration)
{
string msg = GetString("passwordexpiration.accountlocked");
if (!ErrorAsPopup)
{
msg += " " + string.Format(GetString("invalidlogonattempts.unlockaccount.accountlockedlink"), GetLogonAttemptsUnlockingLink());
}
DisplayError(msg);
}
else if (MembershipContext.UserIsPartiallyAuthenticated && !MembershipContext.UserAuthenticationFailedDueToInvalidPasscode)
{
if (MembershipContext.MFAuthenticationTokenNotInitialized && MFAuthenticationHelper.DisplayTokenID)
{
var plcTokenInfo = loginElem.FindControl("plcTokenInfo");
var lblTokenID = loginElem.FindControl("lblTokenID") as LocalizedLabel;
if (lblTokenID != null)
{
lblTokenID.Text = string.Format("{0} {1}", GetString("mfauthentication.label.token"), MFAuthenticationHelper.GetTokenIDForUser(loginElem.UserName));
}
if (plcTokenInfo != null)
{
plcTokenInfo.Visible = true;
}
}
if (string.IsNullOrEmpty(DisplayedError))
{
HideError();
}
showError = false;
}
else if (!MembershipContext.UserIsPartiallyAuthenticated)
{
// Show login and password screen
var plcPasscodeBox = loginElem.FindControl("plcPasscodeBox");
var plcLoginInputs = loginElem.FindControl("plcLoginInputs");
var plcTokenInfo = loginElem.FindControl("plcTokenInfo");
if (plcLoginInputs != null)
{
plcLoginInputs.Visible = true;
}
if (plcPasscodeBox != null)
{
plcPasscodeBox.Visible = false;
}
if (plcTokenInfo != null)
{
plcTokenInfo.Visible = false;
}
}
if (showError && string.IsNullOrEmpty(DisplayedError))
{
DisplayError(DataHelper.GetNotEmpty(FailureText, GetString("Login_FailureText")));
}
// Display the failure message in a client-side alert box
if (ErrorAsPopup)
{
if (string.IsNullOrEmpty(DisplayedError))
{
return;
}
ScriptHelper.RegisterStartupScript(this, GetType(), "LoginError", ScriptHelper.GetScript("alert(" + ScriptHelper.GetString(HTMLHelper.StripTags(DisplayedError)) + ");"));
// Hide error message
HideError();
}
}
