/// <summary>
/// enterprise mode from url: load the enterprise session (from querystring param) and proceed to connection; the user is non admin and the url is only usable once
/// enterprise mode from login: authenticate the user against the enterprise active directory and list the servers available to the user; the user is admin if member of the "EnterpriseAdminGroup" defined into myrtille services config
/// standard mode: connect the specified server; authentication is delegated to the remote server or connection broker (if applicable)
/// if MFA is enabled and not already processed, authenticate the user against the configured MFA provider (OTP preferred)
/// </summary>
/// <param name="sender"></param>
/// <param name="e"></param>
protected void ConnectButtonClick(
object sender,
EventArgs e)
{
if (!_authorizedRequest)
{
return;
}
// one time usage enterprise session url
if (_enterpriseSession == null && Request["SI"] != null && Request["SD"] != null && Request["SK"] != null)
{
CreateEnterpriseSessionFromUrl();
}
// MFA (OTP passcode)
if (_enterpriseSession == null && _mfaAuthClient.GetState())
{
var clientIP = ClientIPHelper.ClientIPFromRequest(new HttpContextWrapper(HttpContext.Current).Request, true, new string[] { });
if (!_mfaAuthClient.Authenticate(user.Value, mfaPassword.Value, clientIP))
{
connectError.InnerText = "MFA Authentication failed!";
UpdateControls();
return;
}
}
// enterprise mode from login
if (_enterpriseSession == null && _enterpriseClient.GetState())
{
CreateEnterpriseSessionFromLogin();
}
// connection from:
// > standard mode
// > enterprise mode: hosts list
// > enterprise mode: one time session url
else
{
// the display size is required to start a remote session
// if missing, the client will provide it automatically
if (string.IsNullOrEmpty(width.Value) || string.IsNullOrEmpty(height.Value))
{
return;
}
// connect
if (ConnectRemoteServer())
{
// in enterprise mode from login, a new http session id was already generated (no need to do it each time an host is connected!)
// in standard mode or enterprise mode from url, a new http session id must be generated
if (_enterpriseSession == null || Request["SI"] != null)
{
// session fixation protection
if (_cookielessSession)
{
// generate a new http session id
RemoteSession.OwnerSessionID = HttpSessionHelper.RegenerateSessionId();
}
}
try
{
// standard mode: switch to http get (standard login) or remove the connection params from url (auto-connect / start program from url)
// enterprise mode: remove the host id from url
Response.Redirect("~/", true);
}
catch (ThreadAbortException)
{
// occurs because the response is ended after redirect
}
}
// connection failed from the hosts list or from a one time session url
else if (_enterpriseSession != null && Request["SD"] != null)
{
try
{
// remove the host id from url
Response.Redirect("~/", true);
}
catch (ThreadAbortException)
{
// occurs because the response is ended after redirect
}
}
}
}
/// <summary>
/// enterprise mode from url: load the enterprise session (from querystring param) and proceed to connection; the user is non admin and the url is only usable once
/// enterprise mode from login: authenticate the user against the enterprise active directory and list the servers available to the user; the user is admin if member of the "EnterpriseAdminGroup" defined into myrtille services config
/// standard mode: connect the specified server; the rdp authentication is delegated to the rdp server or connection broker (if applicable)
/// if MFA is enabled and not already processed, authenticate the user against the configured MFA provider (OTP preferred)
/// </summary>
/// <param name="sender"></param>
/// <param name="e"></param>
protected void ConnectButtonClick(
object sender,
EventArgs e)
{
// one time usage enterprise session url
if (Request["SI"] != null && Request["SD"] != null && Request["SK"] != null)
{
CreateEnterpriseSessionFromUrl();
}
// MFA (OTP passcode)
if (_enterpriseSession == null && _mfaAuthClient.GetState())
{
var clientIP = ClientIPHelper.ClientIPFromRequest(new HttpContextWrapper(HttpContext.Current).Request, true, new string[] { });
if (!_mfaAuthClient.Authenticate(user.Value, mfaPassword.Value, clientIP))
{
connectError.InnerText = "MFA Authentication failed!";
UpdateControls();
return;
}
}
// enterprise mode from login
if (_enterpriseSession == null && _enterpriseClient.GetState())
{
CreateEnterpriseSessionFromLogin();
}
// connection from:
// > standard mode
// > enterprise mode: hosts list
// > enterprise mode: one time session url
else
{
// the display size is required to start a remote session
// if missing, the client will provide it automatically
if (string.IsNullOrEmpty(width.Value) || string.IsNullOrEmpty(height.Value))
{
return;
}
// connect
if (ConnectRemoteServer())
{
try
{
// in enterprise mode from login, a new http session was already generated (no need to do it each time an host is connected!)
// in standard mode or enterprise mode from url, a new http session must be generated
if (_enterpriseSession == null || Request["SI"] != null)
{
// cancel the current http session
HttpContext.Current.Session.Abandon();
// prevent session fixation attack by generating a new session ID upon login
// also, using http get method to prevent the browser asking for http post data confirmation if the page is reloaded
// https://www.owasp.org/index.php/Session_Fixation
Response.Redirect(string.Format("?oldSID={0}", HttpContext.Current.Session.SessionID), true);
}
// remove the host id from url
else
{
Response.Redirect("?", true);
}
}
catch (ThreadAbortException)
{
// occurs because the response is ended after redirect
}
}
// connection failed from the hosts list or from a one time session url
else if (_enterpriseSession != null && Request["SD"] != null)
{
try
{
// remove the host id from url
Response.Redirect("?", true);
}
catch (ThreadAbortException)
{
// occurs because the response is ended after redirect
}
}
}
}