/// <summary> /// Store the user's roles in a cookie to cut down on database calls /// </summary> /// <param name="userid">The user id</param> /// <param name="roles">list of roles delimited by |</param> private void CreateRoleCookie(string userid, string roles) { HttpCookie rolecookie = new HttpCookie(RoleCookieName); rolecookie.Values["roles"] = PortalUtility.Encrypt(userid, roles); rolecookie.Values["userid"] = userid; rolecookie.Values["created"] = DateTime.Now.ToString(); HttpContext.Current.Response.Cookies.Add(rolecookie); }
public static string GetSiteSetting(string _settingcode) { string returnval = String.Empty; using (MySqlConnection conn = new MySqlConnection(PortalUtility.GetConnectionString("default"))) { conn.Open(); returnval = GetSiteSetting(_settingcode, conn); conn.Close(); } return(returnval); }
public static string SendEmail(string _subject, string _body, string _mailto, string _mailfrom, string _fromdisplayname) { string error = String.Empty; string smtpuser = String.Empty; string smtppass = String.Empty; try { using (MySqlConnection conn = new MySqlConnection(PortalUtility.GetConnectionString("default"))) { conn.Open(); smtpuser = GetSiteSetting("ContactUsername", conn); smtppass = GetSiteSetting("ContactPassword", conn); if (String.IsNullOrEmpty(_mailfrom)) { _mailfrom = GetSiteSetting("ContactFrom", conn); } if (String.IsNullOrEmpty(_mailto)) { _mailto = GetSiteSetting("ContactTo", conn); } conn.Close(); } MailMessage mailmsg = new MailMessage(); mailmsg.To.Add(_mailto); mailmsg.Subject = _subject; mailmsg.Body = _body; mailmsg.From = new MailAddress(_mailfrom, _fromdisplayname); if (HttpContext.Current.Request.ServerVariables["SERVER_NAME"] == "localhost") { return(String.Empty); //mailmsg.To.Clear(); //mailmsg.To.Add("alternate email to"); } SmtpClient client = new SmtpClient(); client.Credentials = new System.Net.NetworkCredential(smtpuser, smtppass); client.Send(mailmsg); } catch (Exception ex) { error = ex.Message; } return(error); }
/// <summary> /// Get the user's role from the database /// </summary> /// <param name="userid">User id to look up</param> /// <returns>string of roles delimited by |</returns> /// <remarks>This method is only called if the roles are not found in a cookie</remarks> private string GetUserRoles(string userid) { string rolelist = string.Empty; //build a delimited string of the roles using (MySqlConnection conn = new MySqlConnection(PortalUtility.GetConnectionString("default"))) { conn.Open(); MySqlCommand cmd = new MySqlCommand("Security_Select_UserRoles", conn); cmd.CommandType = System.Data.CommandType.StoredProcedure; cmd.Parameters.AddWithValue("@pUsername", userid); using (MySqlDataReader dr = cmd.ExecuteReader()) { while (dr.Read()) { rolelist += dr["RoleName"].ToString() + "|"; } } conn.Close(); } rolelist = rolelist.TrimEnd('|'); return(rolelist); }
protected void Application_AuthenticateRequest(object sender, EventArgs e) { // Extract the forms authentication cookie string cookieName = FormsAuthentication.FormsCookieName; HttpCookie authCookie = Context.Request.Cookies[cookieName]; if (null == authCookie) { // There is no authentication cookie. return; } //Extract and ecrypt authentication ticket FormsAuthenticationTicket authTicket = null; try { authTicket = FormsAuthentication.Decrypt(authCookie.Value); } catch { // Log exception details (omitted for simplicity) return; } if (null == authTicket) { // Cookie failed to decrypt. return; } // Create an Identity object GenericIdentity id = new GenericIdentity(authTicket.Name, "LdapAuthentication"); string rolestring = string.Empty; string[] roles; //Get the users roles if (RoleCookieIsValid(id.Name)) { //get roles from the cookie HttpCookie rolecookie = HttpContext.Current.Request.Cookies[RoleCookieName]; rolestring = PortalUtility.Decrypt(rolecookie.Values["userid"], rolecookie.Values["roles"]); } //Either the cookie doesn't exist, or the user has no roles so we check again //This is done so new users won't have to restart their browser windows (user has no roles, gets access, refreshes the page and now they have access) if (string.IsNullOrEmpty(rolestring)) { rolestring = GetUserRoles(id.Name); CreateRoleCookie(id.Name, rolestring); } //Get the users security rights for the site roles = rolestring.Split(new string[] { "|" }, StringSplitOptions.RemoveEmptyEntries); //This principal will flow throughout the request. GenericPrincipal principal = new GenericPrincipal(id, roles); // Attach the new principal object to the current HttpContext object Context.User = principal; //For some reason User.IsInRole quit working, manually setting Claims with the security roles seems to fix it foreach (string role in roles) { ((ClaimsIdentity)User.Identity).AddClaim(new Claim(ClaimTypes.Role, role)); } }