private void loginControl_LoggedIn(object sender, EventArgs e)
{
string sUser = loginControl.UserName;
SessionHandler.ClearSession();
SessionHandler.BeginSession(sUser, Request);
var master = Master as SiteMaster;
if (master != null)
{
master.GenerateAuthTicket(Session, sUser);
}
}
protected void Page_Load(object sender, EventArgs e)
{
InitDefaultPage();
if (listNoRedirect.Contains(Path.GetFileNameWithoutExtension(Request.FilePath).ToLower()))
{
SetTopMenuVisible(false);
return;
}
var ocToken = Request.QueryString[QSToken];
if (Session == null)
{
// No existing session, check if request from OC or ASP
if (!string.IsNullOrWhiteSpace(ocToken))
{
// OC request, create or 404.
var userInfo = Auth.GetOCRecord(ocToken);
if (userInfo.IsValid)
{
SessionHandler.BeginSession(userInfo.UserName, Request, userInfo);
InitOCPage(Session[SKeys.User] as User, userInfo);
}
else
{
ProgramLog.LogError(null, "SiteMaster", "Page_Load", "Unable to authenticate user.");
Response.Redirect(Path404);
}
}
else
{
// ASP request, redirect to login
RedirectToLogin("A");
}
}
else
{
if (!IsExistingSessionValid())
{
if (!string.IsNullOrWhiteSpace(ocToken))
{
// OC request, create or 404.
var userInfo = Auth.GetOCRecord(ocToken);
if (userInfo.IsValid)
{
SessionHandler.BeginSession(userInfo.UserName, Request, userInfo);
InitOCPage(Session[SKeys.User] as User, userInfo);
}
else
{
Response.Redirect(Path404);
}
}
else
{
RedirectToLogin("S");
}
}
else
{
var user = Session[SKeys.User] as User;
var isOCSession = Session[SKeys.IsOCSession] as bool?;
if (isOCSession == true)
{
if (!string.IsNullOrWhiteSpace(ocToken))
{
// OC session + OC request -> maintain existing session
var userInfo = Auth.GetOCRecord(ocToken);
if (userInfo.IsValid)
{
// Check the userinfo against the existing session info. If match, then good.
if (user.UserName == userInfo.UserName)
{
InitOCPage(user, userInfo);
}
else
{
// Remove OC session, redirect to 404.
Session.Abandon();
Response.Redirect(Path404);
}
}
else
{
// Invalid info, Remove OC session, redirect to 404.
Session.Abandon();
Response.Redirect(Path404);
}
}
else
{
// OC Session + ASP request -> Remove OC session, redirect to login.
Session.Abandon();
RedirectToLogin("OA");
}
}
else
{
// ASP session, token doesn't matter, setup page as usual.
RedirectAppIfNotAllowed(user, PathDefault);
SetupUserPage(user);
}
}
}
}