/// <summary>
/// Handles the CreatedUser event of the CreateUserWizard1 control.
/// </summary>
/// <param name="sender">The source of the event.</param>
/// <param name="e">The <see cref="System.EventArgs"/> instance containing the event data.</param>
protected void CreateUserWizard1_CreatedUser(object sender, EventArgs e)
{
string userName = CreateUserWizard1.UserName;
MembershipUser user = ITUser.GetUser(userName);
if (user != null)
{
TextBox FirstName = (TextBox)CreateUserWizardStep0.ContentTemplateContainer.FindControl("FirstName");
TextBox LastName = (TextBox)CreateUserWizardStep0.ContentTemplateContainer.FindControl("LastName");
TextBox FullName = (TextBox)CreateUserWizardStep0.ContentTemplateContainer.FindControl("FullName");
WebProfile Profile = new WebProfile().GetProfile(user.UserName);
Profile.FirstName = FirstName.Text;
Profile.LastName = LastName.Text;
Profile.DisplayName = FullName.Text;
Profile.Save();
//auto assign user to roles
List<Role> roles = Role.GetAllRoles();
foreach (Role r in roles)
{
if (r.AutoAssign)
Role.AddUserToRole(user.UserName, r.Id);
}
//send notification this user was created
ITUser.SendUserRegisteredNotification(user.UserName);
}
}
/// <summary>
/// Installs the bug NET.
/// </summary>
/// <returns></returns>
private bool InstallBugNET()
{
try
{
string providerPath = DataProviderManager.Provider.GetProviderPath();
if (!providerPath.StartsWith("ERROR"))
{
WriteMessage(string.Format("Installing Version: {0}<br/>", Upgrade.GetCurrentVersion()), 0, true);
WriteMessage("Installing Membership Provider:<br/>", 0, true);
ExecuteSqlInFile(string.Format("{0}InstallCommon.sql",providerPath));
ExecuteSqlInFile(string.Format("{0}InstallMembership.sql",providerPath));
ExecuteSqlInFile(string.Format("{0}InstallProfile.sql",providerPath));
ExecuteSqlInFile(string.Format("{0}InstallRoles.sql",providerPath));
WriteMessage("Installing BugNET Database:<br/>", 0, true);
ExecuteSqlInFile(string.Format("{0}BugNET.Schema.SqlDataProvider.sql",providerPath));
WriteMessage("Installing BugNET Default Data:<br/>", 0, true);
ExecuteSqlInFile(string.Format("{0}BugNET.Data.SqlDataProvider.sql",providerPath));
WriteMessage("Creating Administrator Account", 0, true);
//create admin user
MembershipCreateStatus status = MembershipCreateStatus.Success;
MembershipUser NewUser = Membership.CreateUser("Admin", "password", "*****@*****.**", "no question", "no answer", true, out status);
if (NewUser != null)
{
//add the admin user to the Super Users role.
Role.AddUserToRole("Admin", 1);
//add user profile information
WebProfile Profile = new WebProfile().GetProfile("Admin");
Profile.FirstName = "Admin";
Profile.LastName = "Admin";
Profile.DisplayName = "Administrator";
Profile.Save();
}
WriteScriptSuccessError(true);
Upgrade.UpdateDatabaseVersion(Upgrade.GetCurrentVersion());
}
else
{
//upgrade error
Response.Write("<h2>Upgrade Error: " + providerPath + "</h2>");
return false;
}
}
catch (Exception e)
{
WriteErrorMessage(e.Message);
return false;
}
return true;
}
/// <summary>
/// Handles the AuthenticateRequest event of the context control.
/// </summary>
/// <param name="sender">The source of the event.</param>
/// <param name="e">The <see cref="T:System.EventArgs"/> instance containing the event data.</param>
void context_AuthenticateRequest(object sender, EventArgs e)
{
//check if we are upgrading/installing
// TODO: Potential security hole
// You might be able to spoof the path and bypass later checks which are
// expecting to be given an exception if there is a problem.
//
// However this is a nice solution.
if (HttpContext.Current.Request.Url.LocalPath.ToLower().EndsWith("install.aspx"))
return;
//get host settings
bool enabled = HostSetting.GetHostSetting("UserAccountSource") == "ActiveDirectory" || HostSetting.GetHostSetting("UserAccountSource") == "WindowsSAM";
//check if windows authentication is enabled in the host settings
if (enabled)
{
if (System.Web.HttpContext.Current.User != null)
MDC.Set("user", System.Web.HttpContext.Current.User.Identity.Name);
// This was moved from outside "if enabled" to only happen when we need it.
HttpRequest request = HttpContext.Current.Request;
// not needed to be removed
// HttpResponse response = HttpContext.Current.Response;
if (request.IsAuthenticated)
{
if ((HttpContext.Current.User.Identity.AuthenticationType == "NTLM" || HttpContext.Current.User.Identity.AuthenticationType == "Negotiate"))
{
//check if the user exists in the database
MembershipUser user = ITUser.GetUser(HttpContext.Current.User.Identity.Name);
if (user == null)
{
try
{
UserProperties userprop = GetUserProperties(HttpContext.Current.User.Identity.Name);
MembershipUser mu = null;
MembershipCreateStatus createStatus = MembershipCreateStatus.Success;
//create a new user with the current identity and a random password.
if (Membership.RequiresQuestionAndAnswer)
mu = Membership.CreateUser(HttpContext.Current.User.Identity.Name, Membership.GeneratePassword(7, 2), userprop.Email, "WindowsAuth", "WindowsAuth", true, out createStatus);
else
mu = Membership.CreateUser(HttpContext.Current.User.Identity.Name, Membership.GeneratePassword(7, 2), userprop.Email);
if (createStatus == MembershipCreateStatus.Success && mu != null)
{
WebProfile Profile = new WebProfile().GetProfile(HttpContext.Current.User.Identity.Name);
Profile.DisplayName = String.Format("{0} {1}", userprop.FirstName, userprop.LastName);
Profile.FirstName = userprop.FirstName;
Profile.LastName = userprop.LastName;
Profile.Save();
//auto assign user to roles
List<Role> roles = Role.GetAllRoles().FindAll(r => r.AutoAssign == true);
foreach (Role r in roles)
Role.AddUserToRole(mu.UserName, r.Id);
}
user = Membership.GetUser(HttpContext.Current.User.Identity.Name);
}
catch (Exception ex)
{
if (Log.IsErrorEnabled)
Log.Error(String.Format("Unable to add new user '{0}' to BugNET application. Authentication Type='{1}'.", HttpContext.Current.User.Identity.Name, HttpContext.Current.User.Identity.AuthenticationType), ex);
}
}
else
{
//update the user's last login date.
user.LastLoginDate = DateTime.Now;
Membership.UpdateUser(user);
}
}
//else
//{
// // Warning:
// // This line may generate too many log entries!!
// // We will have to see in practice.
// if (System.Web.HttpContext.Current.User != null)
// MDC.Set("user", System.Web.HttpContext.Current.User.Identity.Name);
// if (Log.IsErrorEnabled)
// Log.Error(String.Format("Unknown Authentication Type '{0}'.", HttpContext.Current.User.Identity.Name));
//}
}
}
}
/// <summary>
/// Handles the Click event of the cmdUpdate control.
/// </summary>
/// <param name="sender">The source of the event.</param>
/// <param name="e">The <see cref="System.EventArgs"/> instance containing the event data.</param>
protected void cmdUpdate_Click(object sender, EventArgs e)
{
try
{
MembershipUser user = ITUser.GetUser(UserId);
if (user != null)
{
WebProfile Profile = new WebProfile().GetProfile(user.UserName);
Profile.DisplayName = DisplayName.Text;
Profile.FirstName = FirstName.Text;
Profile.LastName = LastName.Text;
//Profile.ContactInfo.Fax = Fax.Text;
//Profile.ContactInfo.Mobile = Mobile.Text;
//Profile.ContactInfo.Telephone = Telephone.Text;
Profile.Save();
}
}
catch
{
lblError.Text = Logging.GetErrorMessageResource("ProfileUpdateError");
}
}
/// <summary>
/// Handles the LoggedIn event of the OpenIdLogin1 control.
/// </summary>
/// <param name="sender">The source of the event.</param>
/// <param name="e">The <see cref="DotNetOpenAuth.OpenId.RelyingParty.OpenIdEventArgs"/> instance containing the event data.</param>
protected void OpenIdLogin1_LoggedIn(object sender, OpenIdEventArgs e)
{
try
{
// Clear previously remembered OpenID state
Session["isDoingOpenIDLogin"] = "";
// May 30 2010
// BGN-1356
//
// Added by smoss for security.
// Another user shouldnt be able to use this method
// if OpenID is off.
if (!isOpenIDEnabled)
{
throw new UnauthorizedAccessException();
}
if (e.Response != null)
{
switch (e.Response.Status)
{
case AuthenticationStatus.Authenticated:
// This is where you would look for any OpenID extension responses included
// in the authentication assertion.
// var extension = openid.Response.GetExtension<someextensionresponsetype>();
// TODO : check for linked account via user profile settings if Desired
// May 31 2010
// WARNING: There is no logging in this method!
string email = string.Empty;
string alias = string.Empty;
string fullname = string.Empty;
ClaimsResponse fetch = e.Response.GetExtension(typeof(ClaimsResponse)) as ClaimsResponse;
if (fetch != null)
{
alias = fetch.Nickname; // set size limits
email = fetch.Email; // no validation of email
fullname = fetch.FullName; // set size limits
}
if (string.IsNullOrEmpty(alias))
alias = e.Response.ClaimedIdentifier;
// Warning: Invalid email address
if (string.IsNullOrEmpty(email))
email = e.Response.ClaimedIdentifier;
if (string.IsNullOrEmpty(fullname))
fullname = e.Response.ClaimedIdentifier;
//Now see if the user already exists, if not create them
MembershipUser TestUser = Membership.GetUser(e.Response.ClaimedIdentifier);
if (TestUser != null)
{
// BGN-1867
// Banned users are not allowed to login via OpenID
// See if this user is allowed on the system. Also dont allow users
// who are still logged in to try and login.
if ((!TestUser.IsApproved) || (TestUser.IsLockedOut) )
{
loginFailedLabel.Text += ": Account not authorized or is locked.";
loginFailedLabel.Visible = true;
e.Cancel = true;
break;
}
if ((TestUser.IsOnline))
{
loginFailedLabel.Text += ": Account is already online.";
loginFailedLabel.Visible = true;
e.Cancel = true;
break;
}
}
else
{
if (Boolean.Parse(HostSetting.GetHostSetting("DisableUserRegistration")))
{
loginFailedLabel.Text += ": User registration has been disabled by the administrator.";
loginFailedLabel.Visible = true;
e.Cancel = true;
break; // unsecure break should be a return
}
MembershipCreateStatus membershipCreateStatus;
MembershipUser user = Membership.CreateUser(e.Response.ClaimedIdentifier, Membership.GeneratePassword(7, 2), email, Membership.GeneratePassword(12, 4), Membership.GeneratePassword(12, 4), true, out membershipCreateStatus);
if (membershipCreateStatus != MembershipCreateStatus.Success)
{
loginFailedLabel.Text += ": Unsuccessful creation of Account: "
+ membershipCreateStatus.ToString();
loginFailedLabel.Visible = true;
e.Cancel = true;
break;// unsecure break should be a return
}
//save profile info
WebProfile Profile = new WebProfile().GetProfile(user.UserName);
Profile.DisplayName = fullname;
Profile.Save();
user.Comment = alias;
Membership.UpdateUser(user);
//auto assign user to roles
List<Role> roles = Role.GetAllRoles();
foreach (Role r in roles)
{
if (r.AutoAssign)
Role.AddUserToRole(user.UserName, r.Id);
}
//send notification this user was created
ITUser.SendUserRegisteredNotification(user.UserName);
}
// NB NB Only do the redirect when e.Cancel != true
// There is a very very slim chance this code will be reached with
// e.Cancel == true
if (e.Cancel == false)
{
// Use FormsAuthentication to tell ASP.NET that the user is now logged in,
// with the OpenID Claimed Identifier as their username.
FormsAuthentication.RedirectFromLoginPage(e.Response.ClaimedIdentifier, false);
}
break;
case AuthenticationStatus.Canceled:
loginCanceledLabel.Visible = true;
e.Cancel = true;
break; // unsecure break should be a return
// extra enums detected and force a default case
// They all mean failures
case AuthenticationStatus.Failed:
case AuthenticationStatus.ExtensionsOnly:
case AuthenticationStatus.SetupRequired:
default:
loginFailedLabel.Visible = true;
e.Cancel = true;
break; // unsecure break should be a return
}
}
else
{
// response is null
}
}
finally
{
// This finally block covers all the code
if (e.Cancel)
{
// make sure we stay focused on the openid control
Session["isDoingOpenIDLogin"] = "******";
}
}
}
/// <summary>
/// Handles the Click event of the AddNewUser control.
/// </summary>
/// <param name="sender">The source of the event.</param>
/// <param name="e">The <see cref="System.EventArgs"/> instance containing the event data.</param>
protected void AddNewUser_Click(object sender, EventArgs e)
{
string password;
if (!Page.IsValid)
{
return;
}
if (chkRandomPassword.Checked)
{
cvPassword.Enabled = false;
rvConfirmPassword.Enabled = false;
rvPassword.Enabled = false;
password = Membership.GeneratePassword(7, 0);
}
else
{
rvConfirmPassword.Enabled = true;
rvPassword.Enabled = true;
password = Password.Text;
}
lblMessage.Visible = false;
MembershipCreateStatus createStatus = MembershipCreateStatus.Success;
string resultMsg = "";
string userIDText = UserName.Text;
string emailText = Email.Text;
bool isActive = ActiveUser.Checked;
string question = "";
string answer = "";
if (Membership.RequiresQuestionAndAnswer)
{
question = SecretQuestion.Text;
answer = SecretAnswer.Text;
}
try
{
MembershipUser mu = null;
if (Membership.RequiresQuestionAndAnswer)
{
mu = Membership.CreateUser(userIDText, password, emailText, question, answer, isActive, out createStatus);
}
else
{
mu = Membership.CreateUser(userIDText, password, emailText);
}
if (createStatus == MembershipCreateStatus.Success && mu != null)
{
WebProfile Profile = new WebProfile().GetProfile(mu.UserName);
Profile.DisplayName = DisplayName.Text;
Profile.FirstName = FirstName.Text;
Profile.LastName = LastName.Text;
Profile.Save();
//auto assign user to roles
List<Role> roles = Role.GetAllRoles();
foreach (Role r in roles)
{
if (r.AutoAssign)
Role.AddUserToRole(mu.UserName, r.Id);
}
}
ImageButton2.Enabled = false;
LinkButton2.Enabled = false;
resultMsg = GetLocalResourceObject("UserCreated").ToString();
Message1.IconType = BugNET.UserControls.Message.MessageType.Information;
}
catch (Exception ex)
{
resultMsg = GetLocalResourceObject("UserCreatedError").ToString() + "<br/>" + ex.Message;
Message1.IconType = BugNET.UserControls.Message.MessageType.Error;
}
Message1.Text = resultMsg;
Message1.Visible = true;
}