protected void btnMember_Click(object sender, EventArgs e) { lblDebug.Text = Session.SessionID; // Set the object stat to staff SessionObject obj = (SessionObject)Session["User"]; obj.Access = accessType.Member; Session["User"] = obj; Response.Redirect("Login.aspx"); }
protected void Page_Load(object sender, EventArgs e) { SessionObject obj = (SessionObject)Session["User"]; AccessType = obj.Access; lbldbg.Visible = false; if (AccessType == accessType.Staff) { lbldbg.Text = " STAFF Access : Session ID = " + Session.SessionID; btnLogin.Text = "Staff Login"; btnCreateId.Visible = false; } else { lbldbg.Text = " Member Access : Session ID = " + Session.SessionID; btnLogin.Text = "Member Login"; } if (Request.Browser.Cookies && !IsPostBack) { HttpCookie hasCookie = Request.Cookies["AD_598"]; if ((hasCookie == null) || (hasCookie["Name"] == "")) { HttpCookie noCookie = new HttpCookie("AD_598"); noCookie.Values.Add("SessionId", Session.SessionID); noCookie.Values.Add("username", String.Empty); noCookie.Values.Add("passHash", String.Empty); noCookie.Values.Add("LoggedIn", "False"); noCookie.Values.Add("Access", String.Empty); noCookie.Expires = DateTime.Now.AddDays(1d); Response.Cookies.Add(noCookie); } else { if (hasCookie.Values.Get("SessionId").ToString() == Session.SessionID && hasCookie.Values.Get("LoggedIn").ToString() == "True" && ValidateUserName(hasCookie.Values.Get("username").ToString(), AccessType) && ValidateUserPasswrod(hasCookie.Values.Get("username").ToString(), hasCookie.Values.Get("passHash").ToString(), AccessType) && (hasCookie.Values.Get("Access").ToString() == AccessType.ToString())) { // move on to the main page if (AccessType == accessType.Staff) { Response.Redirect("Private/Staff.aspx"); } else { Response.Redirect("Member/Member.aspx"); } } } } }
void Session_Start(object sender, EventArgs e) { string indexKey = "User"; SessionObject obj; int count = 0; if (Session[indexKey] == null) { obj = new SessionObject(); Session[indexKey] = obj; } if (Session["Count"] != null) { count = (int)Session["Count"]; } Session["Count"] = count + 1; Session["TryIt"] = "This is added at Session Start"; }
protected void btnLogin_Click(object sender, EventArgs e) { // Steps for login... // 1) verify captcha // 2) verify the User Name // 3) Verify Password // 4) Set credentials in the Session and redirect to main page Label capLbl = (Label)captcha.FindControl("CaptchaCorrectLabel"); // validate all fields are populated lbldbg.Text = ""; if (txtId.Text == "") { lbldbg.Text = " No User Name Entered"; } if (txtPasswd.Text == "") { lbldbg.Text += " No Password Entered"; } if (lbldbg.Text != "") { lbldbg.Visible = true; return; } // validate captcha if (capLbl.Text != "Correct!") { lbldbg.Text = " Please validate Captcha."; lbldbg.Visible = true; return; } // Get User Name and Verify string UserName = txtId.Text; bool bUserName = ValidateUserName(UserName, AccessType); string Hash = String.Empty; if (bUserName) { // get password and hash string Password = txtPasswd.Text; Hash = Encrypt.GenerateSHA256String(Password); bool bPasswd = ValidateUserPasswrod(UserName, Hash, AccessType); if (!bPasswd) { lbldbg.Text = "INVALID PASSWORD ENTERED... Check spelling and captilization"; lbldbg.Visible = true; return; } } else { lbldbg.Text = "INVALID USER NAME ENTERED... Check spelling and captilization"; lbldbg.Visible = true; return; } //Grab the cookie info HttpCookie cookie = new HttpCookie("AD_598"); cookie.Values.Add("SessionId", Session.SessionID); cookie.Values.Add("username", UserName); cookie.Values.Add("passHash", Hash); cookie.Values.Add("LoggedIn", "True"); cookie.Values.Add("Access", AccessType.ToString()); cookie.Expires = DateTime.Now.AddHours(4); Response.Cookies.Add(cookie); // Load the session Data SessionObject obj = (SessionObject)Session["User"]; obj.Name = UserName; obj.Hash = Hash; Session["User"] = obj; // move on to the main page if (AccessType == accessType.Staff) { Response.Redirect("Private/Staff.aspx"); } else { Response.Redirect("Member/Member.aspx"); } }
protected void btnCreateId_Click(object sender, EventArgs e) { // steps for create // 1) Verify user name is unique (Not on the list) // 2) add credentials to the members xml file // set credentials in teh Session and redirect to Main Page // validate all fields are populated lbldbg.Text = ""; if (txtId.Text == "") { lbldbg.Text = " No User Name Entered"; } if (txtPasswd.Text == "") { lbldbg.Text += " No Password Entered"; } if (lbldbg.Text != "") { lbldbg.Visible = true; return; } // validate captcha Label capLbl = (Label)captcha.FindControl("CaptchaCorrectLabel"); if (capLbl.Text != "Correct!") { lbldbg.Text = " Please validate Captcha."; lbldbg.Visible = true; return; } if (ValidateUserName(txtId.Text, AccessType)) { lbldbg.Text = "USER ID Already exists... Please enter a new User Id"; lbldbg.Visible = true; return; } // Add to the xml file string xmlFileName = @"App_data\Members.xml"; string SearchKey = @"member"; // if access is staff, reset the file name and searchkey if (AccessType == accessType.Staff) { xmlFileName = @"App_data\Staff.xml"; } string xmlPath = Server.MapPath("~"); string xmlFullPath = Path.Combine(xmlPath, xmlFileName); string Hash = Encrypt.GenerateSHA256String(txtPasswd.Text); XDocument doc = XDocument.Load(xmlFullPath); XElement root = new XElement(SearchKey); root.Add(new XElement("Name", txtId.Text)); root.Add(new XElement("PwdHash", Hash)); doc.Element("Members").Add(root); doc.Save(xmlFullPath); //Grab the cookie info HttpCookie cookie = new HttpCookie("AD_598"); cookie.Values.Add("SessionId", Session.SessionID); cookie.Values.Add("username", txtId.Text); cookie.Values.Add("passHash", Hash); cookie.Values.Add("LoggedIn", "True"); cookie.Values.Add("Access", AccessType.ToString()); cookie.Expires = DateTime.Now.AddDays(1d); Response.Cookies.Add(cookie); // Load the session Data SessionObject obj = (SessionObject)Session["User"]; obj.Name = txtId.Text; obj.Hash = txtPasswd.Text; Session["User"] = obj; // move on to the main page if (AccessType == accessType.Staff) { Response.Redirect("Private/Staff.aspx"); } else { Response.Redirect("Member/Member.aspx"); } }