/// <summary>
///
/// </summary>
private void _TransferOnUserRole()
{
string Url = Request.QueryString["Url"];
if (Url != null && Url != "")
{
string Token = Request.QueryString["Token"];
string UserId = Request.QueryString["User"];
if (Token != null && UserId != null && (new OrderClasses.Service.Order(Page).ValidateToken(Token, UserId)))
{
if (System.IO.File.Exists(Server.MapPath(Url)))
{
Response.Redirect(Url);
}
else
{
Response.Redirect(Application["GeneralErrorPage"].ToString());
}
}
}
if (User.Identity.IsAuthenticated)
{
// get the authentication ticket
FormsAuthenticationTicket tkt = ((FormsIdentity)User.Identity).Ticket;
string StartUrl = NavACL.StartUrl((((FormsIdentity)User.Identity).Ticket).UserData);
//MAIG - CH1 - BEGIN - Added code to pass the Session for NewInsurance page alone
if (StartUrl.Equals("/PaymentToolmsc/forms/newinsurance.aspx"))
{
//Request.Cookies.Add(new HttpCookie("IsDown", "false"));
// Response.AppendCookie(new HttpCookie("IsDown", "false"));
//Context.Session.Add("IsDown", "false");
Response.Cookies.Add(new HttpCookie("IsDown", "false"));
}
//MAIG - CH1 - END - Added code to pass the Session for NewInsurance page alone
if (StartUrl != null && StartUrl != "")
{
Response.Redirect(StartUrl);
}
else
{
Logger.Log("Unable to determine user role!! Roles returned from service (UserData) = " + tkt.UserData);
Response.Redirect(Application["GeneralErrorPage"].ToString());
}
}
else
{
// force user to log in
Response.Redirect("Forms/login.aspx?ReturnUrl=" + Request.Url);
}
}
/// <summary>
/// Calls the Update User web service method if the page is validated.
/// </summary>
protected void Update_onclick(object sender, ImageClickEventArgs e)
{
if (Page.IsValid)
{
NavACL.ResetNav();
OrderService.AppId = AppName;
ArrayOfErrorInfo Result;
OrderService.Lookup("Authentication", "UpdateUser", out Result, new object[] { new UserInfo((object)this) });
if (Result != null)
{
string Msg = Result[0].Target.ToString() + " " + Result[0].Message.ToString();
//67811A0 - PCI Remediation for Payment systems CH1 : Start Arcsight logging -Update user's profile
Logger.DestinationProcessName = CSAAWeb.Constants.PCI_ARC_DESTINATION_USER;
Logger.DeviceEventCategory = CSAAWeb.Constants.PCI_ARC_DEVICEEVENTCATEGORY_FAILURE;
Logger.SourceProcessName = CSAAWeb.Constants.PCI_SOURCE_PROCESS_NAME;
Logger.DeviceSeverity = CSAAWeb.Constants.PCI_ARC_SEVERITY_HIGH;
Logger.SourceUserName = this.User.Identity.Name;
Logger.DeviceAction = Msg;
Logger.Name = CSAAWeb.Constants.PCI_ARC_NAME_ADD_USER;
Logger.ArcsightLog();
//67811A0 - PCI Remediation for Payment systems CH1 : End Arcsight logging -Update user's profile
Continue(Msg, "User " + UserId + "'s profile could not be " + ((UserRid == 0)?"created.":"updated."));
//vldUserId.MarkInvalid();
}
else
{
//67811A0 - PCI Remediation for Payment systems CH1 : Start Arcsight logging -Update user's profile
Logger.DestinationProcessName = CSAAWeb.Constants.PCI_ARC_DESTINATION_PROCESSNAME_USER;
Logger.DeviceEventCategory = CSAAWeb.Constants.PCI_ARC_DEVICEEVENTCATEGORY_SUCCESS;
Logger.SourceUserName = this.User.Identity.Name;
Logger.DeviceSeverity = CSAAWeb.Constants.PCI_ARC_SEVERITY_LOW;
Logger.SourceProcessName = CSAAWeb.Constants.PCI_SOURCE_PROCESS_NAME;
if (this.Caption.Text == "Edit")
{
Logger.DeviceAction = "User " + UserId + CSAAWeb.Constants.PCI_ARC_NAME_ADDUSER_UPDATE + this.User.Identity.Name;
Logger.Name = CSAAWeb.Constants.PCI_ARC_NAME_MODIFY_USER_SUCCESS;
}
else
{
Logger.DeviceAction = "User " + UserId + CSAAWeb.Constants.PCI_ARC_NAME_ADDUSER_NEW + this.User.Identity.Name;
Logger.Name = CSAAWeb.Constants.PCI_ARC_NAME_ADD_USER_SUCCESS;
}
Logger.ArcsightLog();
//67811A0 - PCI Remediation for Payment systems CH1 : End Arcsight logging -Update user's profile
Continue("", "User " + UserId + "'s profile was " + ((UserRid == 0) ? "created." : "updated."));
}
}
}
/// <summary>
/// Calls the Delete User web method.
/// </summary>
protected void Delete_onclick(object sender, ImageClickEventArgs e)
{
NavACL.ResetNav();
OrderService.AppId = AppName;
string Result = (string)OrderService.Lookup("Authentication", "DeleteUser", new object[] { UserRid });
if (Result != "")
{
GetUserInfo();
}
//67811A0 - PCI Remediation for Payment systems CH1 : Start Arcsight logging - Delete user
Logger.DestinationProcessName = CSAAWeb.Constants.PCI_ARC_DESTINATION_USER;
Logger.SourceUserName = this.User.Identity.Name;
Logger.SourceProcessName = CSAAWeb.Constants.PCI_SOURCE_PROCESS_NAME;
if (Result != "")
{
Logger.DeviceAction = Result;
Logger.DeviceEventCategory = CSAAWeb.Constants.PCI_ARC_DEVICEEVENTCATEGORY_FAILURE;
Logger.DeviceSeverity = CSAAWeb.Constants.PCI_ARC_SEVERITY_HIGH;
Logger.Name = CSAAWeb.Constants.PCI_ARC_NAME_DELETE_USER_FAILED;
}
else
{
Logger.DeviceAction = "User " + UserId + CSAAWeb.Constants.PCI_ARC_NAME_USER + this.User.Identity.Name;
Logger.DeviceEventCategory = CSAAWeb.Constants.PCI_ARC_DEVICEEVENTCATEGORY_SUCCESS;
Logger.DeviceSeverity = CSAAWeb.Constants.PCI_ARC_SEVERITY_LOW;
Logger.Name = CSAAWeb.Constants.PCI_ARC_NAME_DELETE_USER_SUCCESS;
}
Logger.ArcsightLog();
//67811A0 - PCI Remediation for Payment systems CH1 : End Arcsight logging - Delete user
Continue(Result, "User " + UserId + " was deleted.");
}
protected void UpdateDO_Click(object sender, System.Web.UI.ImageClickEventArgs e)
{
if (Page.IsValid)
{
NavACL.ResetNav();
ArrayOfErrorInfo Result = new ArrayOfErrorInfo();
Result = auth.UpdateDO(DORid, DOName, DOID, HUB, Active, currentUser);
if (Result != null)
{
string Msg = Result[0].Message.ToString();
//67811A0 START - PCI Remediation for Payment systems :Arcsight logging - To log the details of DO's Addition (on Failure)
Logger.DestinationProcessName = CSAAWeb.Constants.PCI_ARC_DEVICEACTION_DO;
Logger.DeviceEventCategory = CSAAWeb.Constants.PCI_ARC_DEVICEEVENTCATEGORY_FAILURE;
Logger.SourceUserName = currentUser;
Logger.SourceProcessName = CSAAWeb.Constants.PCI_SOURCE_PROCESS_NAME;
Logger.DeviceSeverity = CSAAWeb.Constants.PCI_ARC_SEVERITY_HIGH;
Logger.DeviceAction = Msg;
Logger.Name = CSAAWeb.Constants.PCI_ARC_NAME_DO_ADD_FAILED;
Logger.ArcsightLog();
//67811A0 END - PCI Remediation for Payment systems :Arcsight logging -To log the details of DO's Addition (on Failure)
Continue(Msg, "");
}
else
{
//Clear the cache to load the updated data.
Cache.Remove("AUTH_HUB");
Cache.Remove("AUTH_AllDOs");
Cache.Remove("AUTH_DO");
Cache.Remove("AUTH_REPDO");
//67811A0 START - PCI Remediation for Payment systems :Arcsight logging To log the details of DO's Addition/Editing (on Success)
if (this.Caption.Text == "Add Branch Office")
{
Logger.DestinationProcessName = CSAAWeb.Constants.PCI_ARC_DEVICEACTION_DO;
Logger.DeviceEventCategory = CSAAWeb.Constants.PCI_ARC_DEVICEEVENTCATEGORY_SUCCESS;
Logger.SourceUserName = currentUser;
Logger.SourceProcessName = CSAAWeb.Constants.PCI_SOURCE_PROCESS_NAME;
Logger.DeviceSeverity = CSAAWeb.Constants.PCI_ARC_SEVERITY_LOW;
Logger.DeviceAction = CSAAWeb.Constants.PCI_ARC_NAME_ADD_DO;
Logger.Name = CSAAWeb.Constants.PCI_ARC_NAME_DO_ADD;
Logger.ArcsightLog();
}
else if (this.Caption.Text == "Edit Branch Office")
{
Logger.DestinationProcessName = CSAAWeb.Constants.PCI_ARC_DEVICEACTION_DO;
Logger.DeviceEventCategory = CSAAWeb.Constants.PCI_ARC_DEVICEEVENTCATEGORY_SUCCESS;
Logger.SourceProcessName = CSAAWeb.Constants.PCI_SOURCE_PROCESS_NAME;
Logger.DeviceSeverity = CSAAWeb.Constants.PCI_ARC_SEVERITY_LOW;
Logger.SourceUserName = currentUser;
Logger.DeviceAction = CSAAWeb.Constants.PCI_ARC_NAME_EDIT_DO;
Logger.Name = CSAAWeb.Constants.PCI_ARC_NAME_DO_EDIT1;
Logger.ArcsightLog();
}
//67811A0 END - PCI Remediation for Payment systems :Arcsight logging - Arcsight logging To log the details of DO's Addition/Editing (on Success)
Continue("", DOName + " " + "Branch Office" + ((DORid == 0) ? " has been Created." : " details has been Updated."));
}
}
}