public LoginSessionServiceImpl(LoginSessionMaker loginSessionMaker, LoginSessionRepository loginSessionRepo, AuthenticationRepository authenticationRepo, Helper.TransactionManager transactionManager) { _loginSessionMaker = loginSessionMaker; _loginSessionRepo = loginSessionRepo; _authenticationRepo = authenticationRepo; _transactionManager = transactionManager; }
protected void Page_Load(object sender, EventArgs e) { // Load all active sessions LoginSessionRepository loginRepository = new LoginSessionRepository(); string userSessionID = Settings.getSessionIDFromCookies(Settings.logonCookieName, Request); LoginSession currentUser = loginRepository.Get(userSessionID, Request.ServerVariables["REMOTE_ADDR"], Request.ServerVariables["HTTP_USER_AGENT"]); List <LoginSession> AllSessions = loginRepository.GetActive(); if (!string.IsNullOrEmpty(Request.QueryString["expiresession"])) { string hashToExpire = Sanitizers.SanitizeSearchString(Request.QueryString["expiresession"]); if (!string.IsNullOrEmpty(hashToExpire)) { loginRepository.Delete(hashToExpire); } } // Some of the following code won't work if the currentUser object is null. Ideally this shouldn't // happen because the template should catch this before this page loads, but it's better to be safe if (currentUser != null) { // Display them in a table List <LoginSession> AllSessionsSorted = AllSessions.OrderBy(c => c.Username).ToList <LoginSession>(); foreach (LoginSession session in AllSessionsSorted) { // Determine if this session is the current user bool isCurrentUser = currentUser.Thumbprint == session.Thumbprint; tsblSessions.Rows.Add(AddTableRow_Sessions(session, isCurrentUser, true)); } } }
protected void btnPostMessage_Click(object sender, EventArgs e) { string newMessageContent = txtNewMessageContent.Text.Trim(); int expireHours = Parsers.ParseInt(drpMessageExpiry.SelectedValue); DateTime messageExpires = DateTime.Now.AddHours(expireHours); bool isImportant = chkIsHighPriority.Checked; string icon = drpIcon.SelectedValue; if (icon.Length <= 0) { icon = "default.png"; } if (newMessageContent.Length > 0) { // Get the current logged in user LoginSessionRepository loginRepository = new LoginSessionRepository(); string foundUserSessionID = loginRepository.GetSessionIDFromCookies(Request); LoginSession currentUser = loginRepository.LoadIfValid(foundUserSessionID, Request.ServerVariables["REMOTE_ADDR"], Request.ServerVariables["HTTP_USER_AGENT"]); if (currentUser != null) { ShopMessageRepository messageRepo = new ShopMessageRepository(); ShopMessage msg = messageRepo.Add(currentUser.Username, newMessageContent, DateTime.Now, messageExpires, isImportant, icon); tblActiveMessages.Rows.Add(addMessageTableRow(msg)); } } }
protected void btnActivate_OnClick(object sender, EventArgs e) { // Get the current user LoginSessionRepository loginRepository = new LoginSessionRepository(); string foundUserSessionID = loginRepository.GetSessionIDFromCookies(Request); LoginSession currentUser = null; if (!string.IsNullOrEmpty(foundUserSessionID)) { // A cookie exists, lets see if it corresponds to a valid session ID currentUser = loginRepository.LoadIfValid(foundUserSessionID, Request.ServerVariables["REMOTE_ADDR"], Request.ServerVariables["HTTP_USER_AGENT"]); } if (currentUser != null) { // Parse the number int count = Parsers.ParseInt(drpBatchCount.SelectedValue); if (count > 0) { GuestAccountController guestrepo = new GuestAccountController(); string batchID = guestrepo.RequisitionBatch(currentUser, txtReason.Text, count); // Wait a few seconds System.Threading.Thread.Sleep(1000 * 3); // Redirect to the batch info page redirectToInfoPage(batchID); } } }
protected void Page_Load(object sender, EventArgs e) { LoginSessionRepository loginRepository = new LoginSessionRepository(); string foundUserSessionID = loginRepository.GetSessionIDFromCookies(Request); LoginSession currentUser = null; if (!string.IsNullOrEmpty(foundUserSessionID)) { // A cookie exists, lets see if it corresponds to a valid session ID currentUser = loginRepository.LoadIfValid(foundUserSessionID, Request.ServerVariables["REMOTE_ADDR"], Request.ServerVariables["HTTP_USER_AGENT"]); } if (currentUser != null) { if (!currentUser.CanViewLogs) { redirectToIndex(); } } if (!IsPostBack) { LogRepository logRepository = new LogRepository(); List <LoggedActivation> activationLog = logRepository.GetRecentEntries(500); tblLog.Rows.Clear(); tblLog.Rows.Add(addTableHeadings()); foreach (LoggedActivation entry in activationLog) { tblLog.Rows.Add(addLogEntry(entry)); } } }
protected void btnLogin_Click(object sender, EventArgs e) {// Do a sanity check on the username and password string username = Authentication.ParseUsername(txtUsername.Text); string password = txtPassword.Text; if ( (username.Length > 3) && (password.Length > 3) ) { // Validate username and password if (Authentication.ValidateADCredentials(Settings.Domain, username, password)) { // Check the user's permissions UserPermissionResponse permissions = Authentication.GetUserPermissions(Settings.Domain, username); // Check if the user is a member of a required group if (permissions.CanUserUseSystem) { // Attempt to create a session for the user LoginSessionRepository loginSessionRepo = new LoginSessionRepository(); string newSessionID = loginSessionRepo.CreateSession(username, Request.ServerVariables["REMOTE_ADDR"], Request.ServerVariables["HTTP_USER_AGENT"], permissions.IsAdministrator); if (newSessionID != string.Empty) { // Create a cookie with the user's shiny new session ID createCookie(newSessionID); // Wait a few seconds System.Threading.Thread.Sleep(1000 * 3); // Redirect to the front page tblAlreadyLoggedIn.Visible = true; tblLoginform.Visible = false; lblUsername.Text = username; redirectToIndex(); } else { displayError( "<b style=\"color: red\">Access denied:</b> There was an error creating your login session.<br><br> Please create a ticket in our <a href=\"https://helpdesk.lskysd.ca\">Help Desk system</a>."); } } else { displayError( "<b style=\"color: red\">Access denied:</b> Your account is not authorized for access to this site.<br><br> To request access to this site, please create a ticket in our <a href=\"https://helpdesk.lskysd.ca\">Help Desk system</a>."); } } else { displayError("<b style=\"color: red\">Access denied:</b> Invalid username or password entered"); } } else { displayError("<b style=\"color: red\">Access denied:</b> Invalid username or password entered"); } }
protected void btnLogin_Click(object sender, EventArgs e) { // Do a sanity check on the username and password string username = txtUsername.Text; string password = txtPassword.Text; if ( (username.Length > 3) && (password.Length > 3) ) { // Validate username and password if (Settings.validateADCredentials("lskysd", username, password)) { // Check if the password is complex enough if (isPasswordStrongEnough(password)) { // Attempt to create a session for the user LoginSessionRepository loginSessionRepository = new LoginSessionRepository(); string newSessionID = loginSessionRepository.Create(username, Request.ServerVariables["REMOTE_ADDR"], Request.ServerVariables["HTTP_USER_AGENT"]); if (newSessionID != string.Empty) { // Create a cookie with the user's shiny new session ID createCookie(newSessionID); // Redirect to the front page Logging.logLoginAttempt(username, Request.ServerVariables["REMOTE_ADDR"], Request.ServerVariables["HTTP_USER_AGENT"], "SUCCESS", "Successful login"); tblAlreadyLoggedIn.Visible = true; tblLoginform.Visible = false; lblUsername.Text = username; redirectToIndex(); } else { displayError("<b style=\"color: red\">Access denied:</b> Your credentials worked, but your account is not authorized for access to this site.<br><br> To request access to this site, please create a ticket in our <a href=\"https://helpdesk.lskysd.ca\">Help Desk system</a>."); Logging.logLoginAttempt(username, Request.ServerVariables["REMOTE_ADDR"], Request.ServerVariables["HTTP_USER_AGENT"], "FAILURE", "Not authorized for access"); } } else { displayError("<b style=\"color: red\">Access denied:</b> Your password is not complex enough. Please change your password to something more complex and try again."); Logging.logLoginAttempt(username, Request.ServerVariables["REMOTE_ADDR"], Request.ServerVariables["HTTP_USER_AGENT"], "FAILURE", "Password not complex enough"); } } else { displayError("<b style=\"color: red\">Access denied:</b> Invalid username or password entered"); Logging.logLoginAttempt(username, Request.ServerVariables["REMOTE_ADDR"], Request.ServerVariables["HTTP_USER_AGENT"], "FAILURE", "Invalid username or password"); } } else { displayError("<b style=\"color: red\">Access denied:</b> Invalid username or password entered"); // Don't bother logging this } }
protected void Page_Load(object sender, EventArgs e) { lblMaxBatchSize.Text = Settings.MaxBatchSize.ToString(); LoginSessionRepository loginRepository = new LoginSessionRepository(); string foundUserSessionID = loginRepository.GetSessionIDFromCookies(Request); LoginSession currentUser = null; if (!string.IsNullOrEmpty(foundUserSessionID)) { // A cookie exists, lets see if it corresponds to a valid session ID currentUser = loginRepository.LoadIfValid(foundUserSessionID, Request.ServerVariables["REMOTE_ADDR"], Request.ServerVariables["HTTP_USER_AGENT"]); } if (currentUser != null) { if (!currentUser.CanViewLogs) { redirectToIndex(); } } if (!IsPostBack) { tblControls.Visible = true; tblIndexInstructions.Visible = true; GuestAccountController guestRepo = new GuestAccountController(); int availableAccounts = guestRepo.GetAvailableGuestAccounts().Count(); lblAvailableGuestAccounts.Text = availableAccounts.ToString(); int maxBatchSize = Settings.MaxBatchSize; if (availableAccounts < maxBatchSize) { maxBatchSize = availableAccounts; } drpBatchCount.Items.Clear(); for (int x = 2; x <= Settings.MaxBatchSize; x++) { drpBatchCount.Items.Add(new ListItem() { Text = x.ToString(), Value = x.ToString() }); } } }
protected void Page_Load(object sender, EventArgs e) { // If "Logout" or "Logoff" are in the querystring, log the current session off if ((Request.QueryString.AllKeys.Contains("logoff")) || (Request.QueryString.AllKeys.Contains("logout"))) { LoginSessionRepository loginRepository = new LoginSessionRepository(); string foundUserSessionID = loginRepository.GetSessionIDFromCookies(Request); if (!string.IsNullOrEmpty(foundUserSessionID)) { loginRepository.Expire(foundUserSessionID); RedirectToLogin(); } } }
protected void Page_Init(object sender, EventArgs e) { LoginSessionRepository loginRepository = new LoginSessionRepository(); string foundUserSessionID = loginRepository.GetSessionIDFromCookies(Request); LoginSession currentUser = null; if (!string.IsNullOrEmpty(foundUserSessionID)) { // A cookie exists, lets see if it corresponds to a valid session ID currentUser = loginRepository.LoadIfValid(foundUserSessionID, Request.ServerVariables["REMOTE_ADDR"], Request.ServerVariables["HTTP_USER_AGENT"]); } // If there is no logged in user, redirect to login page if (currentUser == null) { string CurrentURL = Request.Url.AbsoluteUri; string LoginURL = Request.Url.GetLeftPart(UriPartial.Authority) + HttpContext.Current.Request.ApplicationPath + Settings.LoginURL; // If the application is running in the root, we dont need to include the application path if (HttpContext.Current.Request.ApplicationPath == "/") { LoginURL = Request.Url.GetLeftPart(UriPartial.Authority) + Settings.LoginURL; } if (! (CurrentURL.ToLower().Equals(LoginURL.ToLower())) ) { RedirectToLogin(); } Response.Write("<!-- Not logged in -->"); } else { Response.Write("<!-- Logged in: " + currentUser.Username + " -->"); lblUsername.Text = currentUser.Username; } }
protected void Page_Load(object sender, EventArgs e) { if (!Request.IsSecureConnection) { tblLoginform.Visible = false; displayError("<p>This login form will only work over an SSL encrypted connection.</p><p>Your web server should be configured to only serve this site over SSL.</p>"); } // Check to see if a user is already logged in and display an appropriate message string userSessionID = Authentication.GetSessionIDFromCookies(Settings.CookieName, Request); LoginSessionRepository loginSessionRepo = new LoginSessionRepository(); LoginSession currentUser = loginSessionRepo.LoadIfValid(userSessionID, Request.ServerVariables["REMOTE_ADDR"], Request.ServerVariables["HTTP_USER_AGENT"]); if (currentUser != null) { tblAlreadyLoggedIn.Visible = true; tblLoginform.Visible = false; lblUsername.Text = currentUser.Username; } Page.SetFocus(txtUsername); }
protected void Page_Load(object sender, EventArgs e) { if (!IsPostBack) { // Check to see if a user is already logged in and display an appropriate message LoginSession currentUser = null; string userSessionID = Settings.getSessionIDFromCookies(Settings.logonCookieName, Request); // Load the current user to get a listof allowed schools if (!string.IsNullOrEmpty(userSessionID)) { LoginSessionRepository loginSessionRepository = new LoginSessionRepository(); currentUser = loginSessionRepository.Get(userSessionID, Request.ServerVariables["REMOTE_ADDR"], Request.ServerVariables["HTTP_USER_AGENT"]); } if (currentUser != null) { tblAlreadyLoggedIn.Visible = true; tblLoginform.Visible = false; lblUsername.Text = currentUser.Username; } } }
protected void btnActivate_OnClick(object sender, EventArgs e) { // Get the current user LoginSessionRepository loginRepository = new LoginSessionRepository(); string foundUserSessionID = loginRepository.GetSessionIDFromCookies(Request); LoginSession currentUser = null; if (!string.IsNullOrEmpty(foundUserSessionID)) { // A cookie exists, lets see if it corresponds to a valid session ID currentUser = loginRepository.LoadIfValid(foundUserSessionID, Request.ServerVariables["REMOTE_ADDR"], Request.ServerVariables["HTTP_USER_AGENT"]); } if (currentUser != null) { // Check to make sure that they've enterd a reason GuestAccountController guestrepo = new GuestAccountController(); GuestAccount activatedAccount = guestrepo.RequisitionAccount(currentUser, txtReason.Text.Trim()); if (activatedAccount != null) { lblUsername.Text = activatedAccount.sAMAccountName; lblPassword.Text = activatedAccount.Password; lblExpires.Text = DateTime.Today.AddDays(1).AddMinutes(-1).ToString(); lblAccountActiveTime.Text = DateTime.Now.AddMinutes(15).ToShortTimeString(); tblControls.Visible = false; tblIndexInstructions.Visible = false; tblNewAccountInfo.Visible = true; tblNewAccountInstructions.Visible = true; tblActiveAccounts.Visible = false; } } }
protected void Page_Load(object sender, EventArgs e) { lblAllowedRequisitionsPerDay.Text = Settings.AllowedRequisitionsPerDay.ToString(); lblAllowedRequisitionsPerDay2.Text = Settings.AllowedRequisitionsPerDay.ToString(); if (!IsPostBack) { tblControls.Visible = true; tblIndexInstructions.Visible = true; tblNewAccountInfo.Visible = false; tblNewAccountInstructions.Visible = false; } // Get the current user LoginSessionRepository loginRepository = new LoginSessionRepository(); string foundUserSessionID = loginRepository.GetSessionIDFromCookies(Request); LoginSession currentUser = null; if (!string.IsNullOrEmpty(foundUserSessionID)) { // A cookie exists, lets see if it corresponds to a valid session ID currentUser = loginRepository.LoadIfValid(foundUserSessionID, Request.ServerVariables["REMOTE_ADDR"], Request.ServerVariables["HTTP_USER_AGENT"]); } if (currentUser != null) { if (currentUser.CanUseBatches) { tblCellBatch.Visible = true; } else { tblCellBatch.Visible = false; } if (currentUser.CanViewLogs) { tblCellLog.Visible = true; } else { tblCellLog.Visible = false; } // Find any guest accounts that the logged in user has already requisitions GuestAccountController guestRepo = new GuestAccountController(); List <GuestAccount> alreadyProvisionedGuestAccounts = guestRepo.GetActiveAccountsRequisitionedBy(currentUser); if (alreadyProvisionedGuestAccounts.Count > 0) { lblCount.Text = "<div class=\"already_active_text\">You have already activated " + alreadyProvisionedGuestAccounts.Count + " of a maximum of " + Settings.AllowedRequisitionsPerDay + " guest account(s) today</div>"; } if ((alreadyProvisionedGuestAccounts.Count >= Settings.AllowedRequisitionsPerDay) && (!currentUser.CanBypassLimits)) { tblControls.Visible = false; tblNewAccountInfo.Visible = false; tblNewAccountInstructions.Visible = false; tblTooMany.Visible = true; } if (alreadyProvisionedGuestAccounts.Count > 0) { tblActiveAccounts.Visible = true; tblActiveAccounts.Rows.Clear(); tblActiveAccounts.Rows.Add(alreadyActiveHeadings()); LogRepository logRepo = new LogRepository(); List <LoggedActivation> provisionedAccounts = logRepo.GetActivationsToday(currentUser); // Make a list of active usernames that we can compare to List <string> activeUsernames = alreadyProvisionedGuestAccounts.Select(g => g.sAMAccountName).ToList(); List <string> alreadyDisplayed = new List <string>(); foreach (LoggedActivation guest in provisionedAccounts.OrderByDescending(g => g.Date)) { if (activeUsernames.Contains(guest.GuestAccountName)) { if (!alreadyDisplayed.Contains(guest.GuestAccountName)) { alreadyDisplayed.Add(guest.GuestAccountName); tblActiveAccounts.Rows.Add(alreadyActiveRow(guest)); } } } } } }