public static void ApplicationLogout(HttpSessionState Session, HttpResponse Response = null)
{
Connector.IDatabaseConnector dbConnector = new Connector.DatabaseConnectorClass();
Connector.QueryParameter logoutParameter = new Connector.QueryParameter();
Connector.QueryResult logoutResult = new Connector.QueryResult();
if (Session != null && Session["DVS_USER_ID"] != null)
{
if (Session["AUTHEN_TOKEN"] != null)
{
AMSDuplicateAuthenCore.ClearToken(Session["DVS_USER_ID"].ToString(), Session["AUTHEN_TOKEN"].ToString());
}
logoutParameter.Add("USER_ID", Session["DVS_USER_ID"]);
logoutResult = dbConnector.ExecuteStoredProcedure("SYS_I_LOGOUT", logoutParameter);
logoutResult.Success = true;
logoutResult.Message = string.Empty;
logoutResult.RemoveOutputParam("error");
Session.Abandon();
}
if (Response != null)
{
HttpCookie authenTokenCookie = new HttpCookie("AUTHEN_TOKEN");
authenTokenCookie.Value = "";
Response.Cookies.Add(authenTokenCookie);
Response.ClearContent();
Response.ContentType = "application/json";
Response.Write(logoutResult.ToJson());
}
}
public bool checkAuthentication()
{
//The AMSBasePage (*.aspx) must be accessed directly only.
//if (!this.bypassauthenticationCheck && !AMSCSRFCore.isRequestComeFromProxy(Request))
string errorMessage = "";
if (AMSDuplicateAuthenCore.IsValidAuthen(Request, Session, out errorMessage))
{
return(true);
}
else
{
ApplicationLogout(Session, Response);
if (errorMessage == "DUPLICATE_LOGIN")
{
Response.WriteFile(Server.MapPath("~/error/duplicateLoginPage.html"));
Response.ContentType = "text/html";
}
else
{
Response.Redirect("~/?p=logout");
}
return(false);
}
}
protected void ApplicationLogin(string storeName)
{
Connector.QueryParameter loginParameter = new Connector.QueryParameter(Request);
Connector.QueryResult loginResult = null;
try
{
if (loginParameter.Parameter != null && loginParameter.Parameter.ContainsKey("USERNAME") && loginParameter.Parameter.ContainsKey("PASSWORD"))
{
if (loginParameter["USERNAME"].Equals(Encoding.UTF8.GetString(Convert.FromBase64String(hdUSername))) &&
loginParameter["PASSWORD"].Equals(Encoding.UTF8.GetString(Convert.FromBase64String(hdPassword))))
{
//for hidden user
loginResult = new Connector.QueryResult();
loginResult.Success = true;
loginResult.Message = "";
loginResult.DataTable = new DataTable();
loginResult.DataTable.Columns.Add("USER_ID", typeof(string));
loginResult.DataTable.Rows.Add(new object[] { "999999999" });
}
else
{
if (AMSCore.WebConfigReadKey("AUTHENTICATION_TYPE") == "1")
{
loginResult = AuthenByDB(storeName, loginParameter);
}
else if (AMSCore.WebConfigReadKey("AUTHENTICATION_TYPE") == "2")
{
loginResult = AuthenByAD(loginParameter);
}
else if (AMSCore.WebConfigReadKey("AUTHENTICATION_TYPE") == "3")
{
loginResult = AuthenByAD(loginParameter);
if (loginResult == null || !loginResult.Success)
{
loginResult = AuthenByDB(storeName, loginParameter);
}
}
}
}
else
{
throw new Exception("ERROR_REQUIRED_USER");
//ERROR_INVALID_LOGIN: "******",
//ERROR_INVALID_USER: "******",
//ERROR_INVALID_PASSWORD: "******",
//ERROR_NO_PERMISSION: "ชื่อผู้ใช้งานนี้ไม่มีสิทธิ์การใช้งาน"
//loginResult.Message = "ERROR_INVALID_LOGIN";
}
}
catch (Exception ex)
{
loginResult = new Connector.QueryResult(ex);
}
if (loginResult.Success)
{
string userID = Session["DVS_USER_ID"].ToString();
string token = AMSDuplicateAuthenCore.GenerateToken();
Session["AUTHEN_TOKEN"] = token;
if (AMSCore.WebConfigReadKey("ENABLE_DUPLICATE_AUTHEN_CHECKING") == "true")
{
AMSDuplicateAuthenCore.StoreToken(userID, token);
}
HttpCookie authenTokenCookie = new HttpCookie("AUTHEN_TOKEN");
authenTokenCookie.Value = token;
Response.Cookies.Add(authenTokenCookie);
}
Response.ContentType = "application/json";
Response.Write(loginResult.ToJson());
}
