예제 #1
        /// <summary>
        /// Checks that the user is logged on
        /// Executed on all controllers with RequiresValidLogonAttribute
        /// </summary>
        /// <param name="filterContext">The ActionExecutingContext</param>
        public override void OnActionExecuting(ActionExecutingContext filterContext)

            string returnurl = string.Empty;

                // Set the return URL to the request URL
                returnurl = filterContext.HttpContext.Request.Url.AbsolutePath;

            // Get the current access token
            string token = SecurityTokenStore.GetAccessToken(filterContext.HttpContext.Session, AuthenticationProviderFactory.GetProvider());

            HttpRequestBase request = filterContext.HttpContext.Request;

                // if the token is not set then redirect to the logon page
                if (string.IsNullOrEmpty(token))
                    filterContext.Result = new RedirectToRouteResult(
                        new RouteValueDictionary(
                        controller = "Account",
                        action     = "Logon",
                        ReturnUrl  = returnurl
            catch (Exception)
                    // force re-logon

                    filterContext.Result = new System.Web.Mvc.HttpUnauthorizedResult();
예제 #2
        /// <summary>
        /// The CreateNew method creates an instance of the APIClient for use
        /// in your application.
        /// Here you must specify your SUBSCRIPTION KEY, SIGNING KEY and BASEURL
        /// The base url will be different if you are using a Murano API, however it
        /// follows the same pattern as Sage 200, so it is the url up to but not
        /// including the version number.
        /// </summary>
        /// <returns>A configured APIClient</returns>
        public static APIClient CreateNew(HttpSessionStateBase Session)
            if (Session == null)
                throw new Exception("Session not set");
            // Create a new instance of the APIClient.
            APIClient apiClient = new APIClient();

            // Set the base URL, this sample is for Sage 200.
            apiClient.BaseUrl = @"https://api.columbus.sage.com/uk/sage200/accounts/";
            // Enter your developer subscription key (from the developer portal).
            apiClient.SubscriptionKey = "Enter your subscription key here";
            // Enter your developer signing key (from the developer portal).
            apiClient.SigningKey = "Enter your signing key here";

            // Validate that values have been set
            if (string.IsNullOrEmpty(apiClient.SubscriptionKey) || apiClient.SubscriptionKey.ToLower().StartsWith("enter"))
                throw new System.ArgumentException("Please edit APIClientFactory.cs and specify your SubscriptionKey");
            if (string.IsNullOrEmpty(apiClient.SigningKey) || apiClient.SigningKey.ToLower().StartsWith("enter"))
                throw new System.ArgumentException("Please edit APIClientFactory.cs and specify your SigningKey");

            // The following line will get a SageID security token based on the
            // ClientID and Scope defined in AuthenticationProviderFactory.cs.
            // If you are not signed in, then this will present a sign in screen,
            // where you must sign in to receive a security token.
            // If you are already signed in, it will return a security token.
            // It’s important to make this call on every request: to ensure that you have a new and valid Access Token.
            // If the access token has expired: it will silently get you a new access token by making use of the Refresh token.
            // If the Refresh token has also expired, it will then prompt user for sign in.
            apiClient.AccessToken = SecurityTokenStore.GetAccessToken(Session, AuthenticationProviderFactory.GetProvider());
            // If there is now a valid site ID and company ID on the HTTPContext then set the default values on the API
            if (ContextStore.IsValid(Session))
                apiClient.CompanyID = ContextStore.GetCompanyID(Session).ToString();
                apiClient.SiteID    = ContextStore.GetSiteID(Session);
            // Returns the configured client.
예제 #3
        /// <summary>
        /// Action after clicking login button.
        /// </summary>
        /// <param name="sender"></param>
        /// <param name="e"></param>
        protected void Login_Click(object sender, EventArgs e)
            this.ErrorInfo.Text = String.Empty;
            bool persistent = false;
            // Authorization using portal's membership provider when STS authentication is inactive.
            AuthorizationSection section = (AuthorizationSection)WebConfigurationManager.GetSection("system.web/authorization");

            foreach (System.Web.Configuration.AuthorizationRule entry in section.Rules)
                if (entry.Action == System.Web.Configuration.AuthorizationRuleAction.Allow && entry.Users.Contains("*"))
                        if (Membership.ValidateUser(UsernameTextBox.Text, PasswordTextBox.Text))
                            if (RememberCheckbox.Checked)
                                persistent = true;
                            System.Web.Security.FormsAuthentication.RedirectFromLoginPage(UsernameTextBox.Text, persistent);
                    catch (Exception)
                        this.ErrorInfo.Text = GetLocalResourceObject("AuthenticationError.Text").ToString();

            SecurityToken Token = null;

                Token = SecurityTokenStore.GetTokenFromUsername(UsernameTextBox.Text, PasswordTextBox.Text);
                if (Token != null)
                    SecurityTokenStore.StoreToken(Token, UsernameTextBox.Text);
                    if (RememberCheckbox.Checked)
                        persistent = true;
                    System.Web.Security.FormsAuthentication.RedirectFromLoginPage(UsernameTextBox.Text, persistent);
            catch (Exception ex)
                this.ErrorInfo.Text = GetLocalResourceObject("AuthenticationError.Text").ToString();
                if (ex.InnerException != null)
                    switch (ex.InnerException.Message)
                    case STSConstants.InvalidUsernameOrPassword:
                        this.ErrorInfo.Text = GetLocalResourceObject("IncorrectCredentials.Text").ToString();

                    case STSConstants.PasswordExpired:
                        this.ErrorInfo.Text = GetLocalResourceObject("AuthorizationError.Text").ToString();

                    case STSConstants.AccountSuspended:
                        this.ErrorInfo.Text = GetLocalResourceObject("AccountSuspended.Text").ToString();

                    case STSConstants.ID3242:
                        this.ErrorInfo.Text = GetLocalResourceObject("IncorrectCredentials.Text").ToString();

                        this.ErrorInfo.Text = GetLocalResourceObject("AuthenticationError.Text").ToString();