public void ValidateRequestSecurity() { var useSSL = BehaviorsConfiguration.HTTPSecurity == HTTPSecurity.SSL; if (useSSL || ShouldEnforceSecureRequests(AppInfo.GetAppInfo())) { if (!RuntimePlatformUtils.RequestIsSecure(HttpContext.Current.Request, !useSSL)) { throw new ExposeRestException("HTTPS connection required.", HttpStatusCode.Forbidden); } } if (BehaviorsConfiguration.InternalAccessOnly) { if (!RuntimePlatformUtils.InternalAddressIdentification(HttpContext.Current.Request)) { throw new ExposeRestException("Access Denied.", HttpStatusCode.Forbidden); } } }
private void Page_Load(object sender, System.EventArgs e) { // init vars AppInfo appInfo = Global.App; if (appInfo != null) { heContext = appInfo.OsContext; } Response.ContentType = "text/html; charset=" + Response.ContentEncoding.WebName; // No session SessionFixationValidation because screen is accessible by anonymous users or uses a readonly session. if (appInfo != null) { heContext = appInfo.OsContext; heContext.RequestTracer.MainEventType = RequestTracerEventType.WebScreenServerExecuted; heContext.RequestTracer.RegisterEndpoint("2dcd742c-96b7-4e62-ae6f-1644bcab95a5", "InvalidPermissions"); } OutSystems.HubEdition.RuntimePlatform.Web.JavaScriptManager.CheckRelativeJavaScriptPrefix(AppUtils.Instance.getImagePath()); appInfo.IsLoadingScreen = !IsPostBack; if (!IsPostBack) { ArrayList screenParameters = (ArrayList)Global.App.OsContext.Session["ContactManager._ScreenParameters_InvalidPermissions"]; bool screenParametersInSession = false; object screenParametersKey = heContext.Session["_ScreenParametersKey"]; if ((screenParametersKey == null || this.Key.Equals(ObjectKey.Parse(Convert.ToString(screenParametersKey)))) && screenParameters != null) { try { screenParametersInSession = true; } catch (Exception parametersException) { ErrorLog.LogApplicationError("Failed to load Screen Input Parameters from session.", "ScreenParametersKey = " + screenParametersKey + ", Count = " + screenParameters.Count + "\r\n" + parametersException.StackTrace, heContext, "Global"); } finally { Global.App.OsContext.Session["ContactManager._ScreenParameters_InvalidPermissions"] = null; heContext.Session["_ScreenParametersKey"] = null; } } else if (Request.HttpMethod == "GET") { } else if (Request.HttpMethod == "POST") { } } if (!appInfo.IsApplicationEnabled) { ErrorLog.LogApplicationError(message: "eSpace " + appInfo.eSpaceName + " is disabled", stackTrace: Environment.StackTrace, context: heContext, moduleName: "Global"); String contact = RuntimePlatformUtils.GetAdministrationEmail(); try { Context.Items[Constants.AppOfflineCustomHandler.ContactKey] = contact; Context.Items[Constants.AppOfflineCustomHandler.ErrorCodeKey] = "APPLICATION_OFFLINE"; Server.Transfer("/ContactManager/CustomHandlers/app_offline.aspx"); } catch (System.Threading.ThreadAbortException) {} catch { Response.Redirect("/ContactManager/CustomHandlers/internalerror.aspx"); } } InitializeUrls(); Actions.ActionOnBeginWebRequest(heContext); if (appInfo.IsForcingSecurityForScreens() && !RuntimePlatformUtils.RequestIsSecure(Request)) { Response.Redirect("https://" + Request.Url.Host + "" + AppUtils.Instance.getImagePath() + "InvalidPermissions.aspx" + Request.Url.Query); HttpContext.Current.ApplicationInstance.CompleteRequest(); } if (!IsPostBack) { CheckPermissions(heContext); bool bindEditRecords = !IsPostBack; Title = "Invalid Permissions"; Page.DataBind(); if (RuntimePlatformUtils.GetRequestTracer() != null) { RuntimePlatformUtils.GetRequestTracer().RegisterSessionSize(); if (heContext.Session != null) { RuntimePlatformUtils.GetRequestTracer().RegisterUserId(heContext.Session.UserId); } } if (!heContext.AppInfo.SelectiveLoggingEnabled || heContext.AppInfo.Properties.AllowLogging) { ScreenLog.StaticWrite(heContext.AppInfo, heContext.Session, heContext.StartInstant, (int)((TimeSpan)(DateTime.Now - heContext.StartInstant)).TotalMilliseconds, "InvalidPermissions", (string)heContext.Session["MSISDN"], "WEB", "Screen", RuntimeEnvironment.MachineName, RuntimePlatformUtils.GetViewstateSize(), RuntimePlatformUtils.GetRetrievedSessionSize(), RuntimePlatformUtils.GetRetrievedSessionRequests()); } } else { if (heContext.AppInfo.IsForcingSecurityForScreens() && !RuntimePlatformUtils.RequestIsSecure(Request)) { Response.Redirect("https://" + Request.Url.Host + "" + AppUtils.Instance.getImagePath() + "InvalidPermissions.aspx" + Request.Url.Query); HttpContext.Current.ApplicationInstance.CompleteRequest(); } FetchViewState(); } }