/// <summary>
/// create an enterprise session from a one time url
/// </summary>
private void CreateEnterpriseSessionFromUrl()
{
try
{
// create enterprise session from querystring params
_enterpriseSession = new EnterpriseSession
{
IsAdmin = false, // simple host connection only (no hosts management)
SessionID = Request["SI"],
SessionKey = Request["SK"],
SingleUseConnection = true
};
// bind the enterprise session to the current http session
Session[HttpSessionStateVariables.EnterpriseSession.ToString()] = _enterpriseSession;
// session fixation protection
if (_cookielessSession)
{
// generate a new http session id
HttpSessionHelper.RegenerateSessionId();
}
}
catch (Exception exc)
{
System.Diagnostics.Trace.TraceError("Failed to create enterprise session from url ({0})", exc);
}
}
/// <summary>
/// logout the enterprise session
/// </summary>
/// <param name="sender"></param>
/// <param name="e"></param>
protected void LogoutButtonClick(
object sender,
EventArgs e)
{
if (!_authorizedRequest)
{
return;
}
if (_enterpriseSession == null)
{
return;
}
try
{
// logout the enterprise session
_enterpriseClient.Logout(_enterpriseSession.SessionID);
Session[HttpSessionStateVariables.EnterpriseSession.ToString()] = null;
_enterpriseSession = null;
// redirect to the login screen
Response.Redirect("~/", true);
}
catch (ThreadAbortException)
{
// occurs because the response is ended after redirect
}
catch (Exception exc)
{
System.Diagnostics.Trace.TraceError("Failed to logout the enterprise session {0} ({1})", _enterpriseSession.SessionID, exc);
}
}
/// <summary>
/// page load (postback data is now available)
/// </summary>
/// <param name="sender"></param>
/// <param name="e"></param>
protected void Page_Load(
object sender,
EventArgs e)
{
try
{
if (Session[HttpSessionStateVariables.EnterpriseSession.ToString()] == null)
{
throw new NullReferenceException();
}
_enterpriseSession = (EnterpriseSession)Session[HttpSessionStateVariables.EnterpriseSession.ToString()];
try
{
if (!_enterpriseSession.IsAdmin)
{
Response.Redirect("~/", true);
}
// retrieve the host
if (Request["hostId"] != null)
{
long hostId;
if (!long.TryParse(Request["hostId"], out hostId))
{
hostId = 0;
}
if (hostId != 0)
{
_hostId = hostId;
try
{
var host = _enterpriseClient.GetHost(_hostId, _enterpriseSession.SessionID);
if (host != null)
{
hostName.InnerText = host.HostName;
}
}
catch (Exception exc)
{
System.Diagnostics.Trace.TraceError("Failed to retrieve host {0}, ({1})", _hostId, exc);
}
}
}
}
catch (ThreadAbortException)
{
// occurs because the response is ended after redirect
}
}
catch (Exception exc)
{
System.Diagnostics.Trace.TraceError("Failed to retrieve the active enterprise session ({0})", exc);
}
}
/// <summary>
/// page load (postback data is now available)
/// </summary>
/// <param name="sender"></param>
/// <param name="e"></param>
protected void Page_Load(
object sender,
EventArgs e)
{
// retrieve the active enterprise session, if any
if (HttpContext.Current.Session[HttpSessionStateVariables.EnterpriseSession.ToString()] != null)
{
try
{
_enterpriseSession = (EnterpriseSession)HttpContext.Current.Session[HttpSessionStateVariables.EnterpriseSession.ToString()];
}
catch (Exception exc)
{
System.Diagnostics.Trace.TraceError("Failed to retrieve the enterprise session for the http session {0}, ({1})", HttpContext.Current.Session.SessionID, exc);
}
}
if (_enterpriseSession == null || !_enterpriseSession.IsAdmin)
{
Response.Redirect("~/", true);
}
// retrieve the host
if (Request["hostId"] != null)
{
long lResult = 0;
if (long.TryParse(Request["hostId"], out lResult))
{
_hostId = lResult;
}
if (!IsPostBack && Request["edit"] == null)
{
try
{
var host = _enterpriseClient.GetHost(_hostId.Value, _enterpriseSession.SessionID);
if (host != null)
{
hostName.Value = host.HostName;
hostAddress.Value = host.HostAddress;
groupsAccess.Value = host.DirectoryGroups;
securityProtocol.SelectedIndex = (int)host.Protocol;
}
}
catch (Exception exc)
{
System.Diagnostics.Trace.TraceError("Failed to retrieve host {0}, ({1})", _hostId, exc);
}
}
createSessionUrl.Attributes["onclick"] = string.Format("parent.openPopup('editHostSessionPopup', 'EditHostSession.aspx?hostId={0}');", _hostId);
}
else
{
createSessionUrl.Disabled = true;
deleteHost.Disabled = true;
}
}
/// <summary>
/// authenticate the user against the enterprise active directory and list the servers available to the user
/// </summary>
private void CreateEnterpriseSessionFromLogin()
{
try
{
// authenticate the user
_enterpriseSession = _enterpriseClient.Authenticate(user.Value, password.Value);
if (_enterpriseSession == null || _enterpriseSession.AuthenticationErrorCode != EnterpriseAuthenticationErrorCode.NONE)
{
if (_enterpriseSession == null)
{
connectError.InnerText = EnterpriseAuthenticationErrorHelper.GetErrorDescription(EnterpriseAuthenticationErrorCode.UNKNOWN_ERROR);
}
else if (_enterpriseSession.AuthenticationErrorCode == EnterpriseAuthenticationErrorCode.PASSWORD_EXPIRED)
{
ClientScript.RegisterClientScriptBlock(GetType(), Guid.NewGuid().ToString(), "window.onload = function() { " + string.Format("openPopup('changePasswordPopup', 'EnterpriseChangePassword.aspx?userName={0}" + (_localAdmin ? "&mode=admin" : string.Empty) + "');", user.Value) + " }", true);
}
else
{
connectError.InnerText = EnterpriseAuthenticationErrorHelper.GetErrorDescription(_enterpriseSession.AuthenticationErrorCode);
}
UpdateControls();
return;
}
// bind the enterprise session to the current http session
Session[HttpSessionStateVariables.EnterpriseSession.ToString()] = _enterpriseSession;
// session fixation protection
if (_httpSessionUseUri)
{
// generate a new http session id
HttpSessionHelper.RegenerateSessionId();
}
// redirect to the hosts list
Response.Redirect("~/", true);
}
catch (ThreadAbortException)
{
// occurs because the response is ended after redirect
}
catch (Exception exc)
{
System.Diagnostics.Trace.TraceError("Failed to create enterprise session from login ({0})", exc);
}
}
/// <summary>
/// page load (postback data is now available)
/// </summary>
/// <param name="sender"></param>
/// <param name="e"></param>
protected void Page_Load(
object sender,
EventArgs e)
{
// retrieve the active enterprise session, if any
if (HttpContext.Current.Session[HttpSessionStateVariables.EnterpriseSession.ToString()] != null)
{
try
{
_enterpriseSession = (EnterpriseSession)HttpContext.Current.Session[HttpSessionStateVariables.EnterpriseSession.ToString()];
}
catch (Exception exc)
{
System.Diagnostics.Trace.TraceError("Failed to retrieve the enterprise session for the http session {0}, ({1})", HttpContext.Current.Session.SessionID, exc);
}
}
if (_enterpriseSession == null || !_enterpriseSession.IsAdmin)
{
Response.Redirect("~/", true);
}
// retrieve the host
if (Request["hostId"] != null)
{
long lResult = 0;
if (long.TryParse(Request["hostId"], out lResult))
{
_hostId = lResult;
}
try
{
var host = _enterpriseClient.GetHost(_hostId.Value, _enterpriseSession.SessionID);
if (host != null)
{
hostName.InnerText = host.HostName;
}
}
catch (Exception exc)
{
System.Diagnostics.Trace.TraceError("Failed to retrieve host {0}, ({1})", _hostId, exc);
}
}
}
protected void btnSubmit_Click(object sender, System.EventArgs e)
{
/*
* Log onto BusinessObjects Enterprise.
*/
EnterpriseSession boEnterpriseSession = (EnterpriseSession)Session["EnterpriseSession"];
if (boEnterpriseSession == null)
{
try {
boEnterpriseSession = (new SessionMgr()).Logon(txtUserName.Text, txtPassword.Text, txtCMSName.Text, lstAuthType.SelectedItem.Value);
} catch (Exception ex) {
Session["ErrorMessage"] = "Error encountered logging onto BusinessObjects Enterprise: "
+ ex.Message;
Response.Redirect("ErrorPage.aspx");
}
}
// Store EnterpriseSession object in HTTP Session, to keep the EnterpriseSession alive.
Session["EnterpriseSession"] = boEnterpriseSession;
/*
* Retrieve Web Intelligence document SI_ID and redirect to the viewer page.
*/
InfoStore boInfoStore = new InfoStore(boEnterpriseSession.GetService("InfoStore"));
InfoObjects boInfoObjects = boInfoStore.Query("Select SI_ID From CI_INFOOBJECTS Where SI_KIND='Webi' And SI_NAME='" + txtWebiName.Text + "'");
if (boInfoObjects.Count == 0)
{
Session["ErrorMessage"] = "Web Intelligence Report '" + txtWebiName.Text + "' not found.";
Response.Redirect("ErrorPage.aspx");
}
/*
* Save Web Intelligence SI_ID in HTTP Session and redirect to the viewer page.
*/
Session["WebiID"] = boInfoObjects[1].ID;
Response.Redirect("ViewWebiXLS.ashx");
}
/// <summary>
/// page load (postback data is now available)
/// </summary>
/// <param name="sender"></param>
/// <param name="e"></param>
protected void Page_Load(
object sender,
EventArgs e)
{
// prevent session fixation or stealing
SessionFixationHandler();
// retrieve the active enterprise session, if any
if (HttpContext.Current.Session[HttpSessionStateVariables.EnterpriseSession.ToString()] != null)
{
try
{
_enterpriseSession = (EnterpriseSession)HttpContext.Current.Session[HttpSessionStateVariables.EnterpriseSession.ToString()];
}
catch (Exception exc)
{
System.Diagnostics.Trace.TraceError("Failed to retrieve the enterprise session for the http session {0}, ({1})", HttpContext.Current.Session.SessionID, exc);
}
}
// retrieve the active remote session, if any
if (HttpContext.Current.Session[HttpSessionStateVariables.RemoteSession.ToString()] != null)
{
try
{
RemoteSession = (RemoteSession)HttpContext.Current.Session[HttpSessionStateVariables.RemoteSession.ToString()];
}
catch (Exception exc)
{
System.Diagnostics.Trace.TraceError("Failed to retrieve the remote session for the http session {0}, ({1})", HttpContext.Current.Session.SessionID, exc);
}
}
// postback events may redirect after execution; UI is updated from there
if (!IsPostBack)
{
UpdateControls();
}
// disable the browser cache; in addition to a "noCache" dummy param, with current time, on long-polling and xhr requests
Response.Cache.SetCacheability(HttpCacheability.NoCache);
Response.Cache.SetNoStore();
}
/// <summary>
/// page load (postback data is now available)
/// </summary>
/// <param name="sender"></param>
/// <param name="e"></param>
protected void Page_Load(
object sender,
EventArgs e)
{
try
{
if (Session[HttpSessionStateVariables.EnterpriseSession.ToString()] == null)
{
throw new NullReferenceException();
}
_enterpriseSession = (EnterpriseSession)Session[HttpSessionStateVariables.EnterpriseSession.ToString()];
try
{
if (Request["hostId"] != null)
{
if (!long.TryParse(Request["hostId"], out _hostId))
{
hostID.Value = _hostId.ToString();
}
}
if (Request["edit"] != null)
{
hostID.Value = _hostId.ToString();
}
if (!IsPostBack)
{
promptDomain.Value = _enterpriseSession.Domain;
}
}
catch (ThreadAbortException)
{
// occurs because the response is ended after redirect
}
}
catch (Exception exc)
{
System.Diagnostics.Trace.TraceError("Failed to load credentials prompt ({0})", exc);
}
}
/// <summary>
/// create an enterprise session from a one time url
/// </summary>
private void CreateEnterpriseSessionFromUrl()
{
try
{
// create enterprise session from querystring params
_enterpriseSession = new EnterpriseSession
{
IsAdmin = false, // simple host connection only (no hosts management)
SessionID = Request["SI"],
SessionKey = Request["SK"]
};
// bind the enterprise session to the current http session
HttpContext.Current.Session[HttpSessionStateVariables.EnterpriseSession.ToString()] = _enterpriseSession;
}
catch (Exception exc)
{
System.Diagnostics.Trace.TraceError("Failed to create enterprise session from url ({0})", exc);
}
}
/// <summary>
/// authenticate the user against the enterprise active directory and list the servers available to the user
/// </summary>
private void CreateEnterpriseSessionFromLogin()
{
try
{
// authenticate the user against the enterprise active directory
_enterpriseSession = _enterpriseClient.Authenticate(user.Value, password.Value);
if (_enterpriseSession.AuthenticationErrorCode != EnterpriseAuthenticationErrorCode.NONE)
{
if (_enterpriseSession.AuthenticationErrorCode == EnterpriseAuthenticationErrorCode.PASSWORD_EXPIRED)
{
Page.ClientScript.RegisterClientScriptBlock(this.GetType(), Guid.NewGuid().ToString(), string.Format("openPopup('changePasswordPopup', 'EnterpriseChangePassword.aspx?userId={0}');", user.Value), true);
}
else
{
connectError.InnerText = EnterpriseAuthenticationErrorHelper
.GetErrorDescription(_enterpriseSession.AuthenticationErrorCode);
}
UpdateControls();
return;
}
// bind the enterprise session to the current http session
HttpContext.Current.Session[HttpSessionStateVariables.EnterpriseSession.ToString()] = _enterpriseSession;
// cancel the current http session
HttpContext.Current.Session.Abandon();
// prevent session fixation attack by generating a new session ID upon login
// also, using http get method to prevent the browser asking for http post data confirmation if the page is reloaded
// https://www.owasp.org/index.php/Session_Fixation
Response.Redirect(string.Format("?oldSID={0}", HttpContext.Current.Session.SessionID), true);
}
catch (ThreadAbortException)
{
// occurs because the response is ended after redirect
}
catch (Exception exc)
{
System.Diagnostics.Trace.TraceError("Failed to create enterprise session from login ({0})", exc);
}
}
/// <summary>
/// page load (postback data is now available)
/// </summary>
/// <param name="sender"></param>
/// <param name="e"></param>
protected void Page_Load(
object sender,
EventArgs e)
{
// client ip protection
if (_clientIPTracking)
{
var clientIP = ClientIPHelper.ClientIPFromRequest(new HttpContextWrapper(HttpContext.Current).Request, true, new string[] { });
if (Session[HttpSessionStateVariables.ClientIP.ToString()] == null)
{
Session[HttpSessionStateVariables.ClientIP.ToString()] = clientIP;
}
else if (!((string)Session[HttpSessionStateVariables.ClientIP.ToString()]).Equals(clientIP))
{
System.Diagnostics.Trace.TraceWarning("Failed to validate the client ip");
_authorizedRequest = false;
UpdateControls();
return;
}
}
// session spoofing protection
if (_cookielessSession)
{
if (Request.Cookies["clientKey"] == null)
{
if (Session[HttpSessionStateVariables.ClientKey.ToString()] == null)
{
var cookie = new HttpCookie("clientKey");
cookie.Value = Guid.NewGuid().ToString();
cookie.Path = "/";
Response.Cookies.Add(cookie);
}
else
{
System.Diagnostics.Trace.TraceWarning("Failed to validate the client key: missing key");
_authorizedRequest = false;
UpdateControls();
return;
}
}
else
{
var clientKey = Request.Cookies["clientKey"].Value;
if (Session[HttpSessionStateVariables.ClientKey.ToString()] == null)
{
Session[HttpSessionStateVariables.ClientKey.ToString()] = clientKey;
}
else if (!((string)Session[HttpSessionStateVariables.ClientKey.ToString()]).Equals(clientKey))
{
System.Diagnostics.Trace.TraceWarning("Failed to validate the client key: key mismatch");
_authorizedRequest = false;
UpdateControls();
return;
}
}
}
// retrieve the active enterprise session, if any
if (Session[HttpSessionStateVariables.EnterpriseSession.ToString()] != null)
{
try
{
_enterpriseSession = (EnterpriseSession)Session[HttpSessionStateVariables.EnterpriseSession.ToString()];
}
catch (Exception exc)
{
System.Diagnostics.Trace.TraceError("Failed to retrieve the active enterprise session ({0})", exc);
}
}
// retrieve the active remote session, if any
if (Session[HttpSessionStateVariables.RemoteSession.ToString()] != null)
{
try
{
RemoteSession = (RemoteSession)Session[HttpSessionStateVariables.RemoteSession.ToString()];
if (RemoteSession.State == RemoteSessionState.Disconnected)
{
// handle connection failure
ClientScript.RegisterClientScriptBlock(GetType(), Guid.NewGuid().ToString(), string.Format("handleRemoteSessionExit({0});", RemoteSession.ExitCode), true);
// cleanup
Session[HttpSessionStateVariables.RemoteSession.ToString()] = null;
RemoteSession = null;
}
}
catch (Exception exc)
{
System.Diagnostics.Trace.TraceError("Failed to retrieve the active remote session ({0})", exc);
}
}
// retrieve a shared remote session from url, if any
else if (Request["SSE"] != null)
{
Session[HttpSessionStateVariables.RemoteSession.ToString()] = GetSharedRemoteSession(Request["SSE"]);
try
{
// remove the shared session guid from url
Response.Redirect("~/", true);
}
catch (ThreadAbortException)
{
// occurs because the response is ended after redirect
}
}
// postback events may redirect after execution; UI is updated from there
if (!IsPostBack)
{
UpdateControls();
}
// disable the browser cache; in addition to a "noCache" dummy param, with current time, on long-polling and xhr requests
Response.Cache.SetCacheability(HttpCacheability.NoCache);
Response.Cache.SetNoStore();
}
/// <summary>
/// page load (postback data is now available)
/// </summary>
/// <param name="sender"></param>
/// <param name="e"></param>
protected void Page_Load(
object sender,
EventArgs e)
{
// client ip protection
if (_clientIPTracking)
{
var clientIP = ClientIPHelper.ClientIPFromRequest(new HttpContextWrapper(HttpContext.Current).Request, true, new string[] { });
if (Session[HttpSessionStateVariables.ClientIP.ToString()] == null)
{
Session[HttpSessionStateVariables.ClientIP.ToString()] = clientIP;
}
else if (!((string)Session[HttpSessionStateVariables.ClientIP.ToString()]).Equals(clientIP))
{
System.Diagnostics.Trace.TraceWarning("Failed to validate the client ip");
_authorizedRequest = false;
UpdateControls();
return;
}
}
// session spoofing protection
if (_httpSessionUseUri)
{
if (Request.Cookies[HttpRequestCookies.ClientKey.ToString()] == null)
{
if (Session[HttpSessionStateVariables.ClientKey.ToString()] == null || _allowShareSessionUrl)
{
var cookie = new HttpCookie(HttpRequestCookies.ClientKey.ToString());
cookie.Value = Guid.NewGuid().ToString();
cookie.Path = "/";
Response.Cookies.Add(cookie);
}
else
{
System.Diagnostics.Trace.TraceWarning("Failed to validate the client key: missing key");
_authorizedRequest = false;
UpdateControls();
return;
}
}
else
{
var clientKey = Request.Cookies[HttpRequestCookies.ClientKey.ToString()].Value;
if (Session[HttpSessionStateVariables.ClientKey.ToString()] == null)
{
Session[HttpSessionStateVariables.ClientKey.ToString()] = clientKey;
}
else if (!((string)Session[HttpSessionStateVariables.ClientKey.ToString()]).Equals(clientKey) && !_allowShareSessionUrl)
{
System.Diagnostics.Trace.TraceWarning("Failed to validate the client key: key mismatch");
_authorizedRequest = false;
UpdateControls();
return;
}
}
}
// retrieve the active enterprise session, if any
if (Session[HttpSessionStateVariables.EnterpriseSession.ToString()] != null)
{
try
{
_enterpriseSession = (EnterpriseSession)Session[HttpSessionStateVariables.EnterpriseSession.ToString()];
}
catch (Exception exc)
{
System.Diagnostics.Trace.TraceError("Failed to retrieve the active enterprise session ({0})", exc);
}
}
// retrieve the active remote session, if any
if (Session[HttpSessionStateVariables.RemoteSession.ToString()] != null)
{
try
{
RemoteSession = (RemoteSession)Session[HttpSessionStateVariables.RemoteSession.ToString()];
// if using a connection service, send the connection state
if (Session.SessionID.Equals(RemoteSession.OwnerSessionID) && RemoteSession.ConnectionService)
{
_connectionClient.SetConnectionState(RemoteSession.Id, string.IsNullOrEmpty(RemoteSession.VMAddress) ? RemoteSession.ServerAddress : RemoteSession.VMAddress, GuidHelper.ConvertFromString(RemoteSession.VMGuid), RemoteSession.State);
}
if (RemoteSession.State == RemoteSessionState.Disconnected)
{
// if connecting from a login page or url, show any connection failure into a dialog box
// otherwise, this is delegated to the connection API used and its related UI
if (_loginEnabled)
{
// handle connection failure
var script = string.Format("handleRemoteSessionExit({0});", RemoteSession.ExitCode);
// redirect to login page
if (!string.IsNullOrEmpty(_loginUrl))
{
script += string.Format("window.location.href = '{0}';", _loginUrl);
}
ClientScript.RegisterClientScriptBlock(GetType(), Guid.NewGuid().ToString(), script, true);
}
// cleanup
Session[HttpSessionStateVariables.RemoteSession.ToString()] = null;
if (Session[HttpSessionStateVariables.GuestInfo.ToString()] != null)
{
Session[HttpSessionStateVariables.GuestInfo.ToString()] = null;
}
RemoteSession = null;
}
}
catch (Exception exc)
{
System.Diagnostics.Trace.TraceError("Failed to retrieve the active remote session ({0})", exc);
}
}
// retrieve a shared remote session from url, if any
else if (!string.IsNullOrEmpty(Request["gid"]))
{
var guestId = Guid.Empty;
if (Guid.TryParse(Request["gid"], out guestId))
{
var sharingInfo = GetSharingInfo(guestId);
if (sharingInfo != null)
{
Session[HttpSessionStateVariables.RemoteSession.ToString()] = sharingInfo.RemoteSession;
Session[HttpSessionStateVariables.GuestInfo.ToString()] = sharingInfo.GuestInfo;
try
{
// remove the shared session guid from url
Response.Redirect("~/", true);
}
catch (ThreadAbortException)
{
// occurs because the response is ended after redirect
}
}
}
}
if (_httpSessionUseUri)
{
// if running myrtille into an iframe, the iframe url is registered (into a cookie) after the remote session is connected
// this is necessary to prevent a new http session from being generated for the iframe if the page is reloaded, due to the missing http session id into the iframe url (!)
// multiple iframes (on the same page), like multiple connections/tabs, requires cookieless="UseUri" for sessionState into web.config
// problem is, there can be many cases where the cookie is not removed after the remote session is disconnected (network issue, server down, etc?)
// if the page is reloaded, the iframe will use it's previously registered http session... which may not exist anymore or have its active remote session disconnected
// if that happens, unregister the iframe url (from the cookie) and reload the page; that will provide a new connection identifier to the iframe and reconnect it
if (!string.IsNullOrEmpty(Request["fid"]) && RemoteSession == null)
{
if (Request.Cookies[Request["fid"]] != null)
{
// remove the cookie for the given iframe
Response.Cookies[Request["fid"]].Expires = DateTime.Now.AddDays(-1);
// reload the page
ClientScript.RegisterClientScriptBlock(GetType(), Guid.NewGuid().ToString(), "parent.location.href = parent.location.href;", true);
}
}
}
// local admin
if (_enterpriseSession == null && RemoteSession == null && _enterpriseClient.GetMode() == EnterpriseMode.Local && !string.IsNullOrEmpty(Request["mode"]) && Request["mode"].Equals("admin"))
{
_localAdmin = true;
}
// postback events may redirect after execution; UI is updated from there
if (!IsPostBack)
{
UpdateControls();
}
// disable the browser cache; in addition to a "noCache" dummy param, with current time, on long-polling and xhr requests
Response.Cache.SetCacheability(HttpCacheability.NoCache);
Response.Cache.SetNoStore();
}
/// <summary>
/// page load (postback data is now available)
/// </summary>
/// <param name="sender"></param>
/// <param name="e"></param>
protected void Page_Load(
object sender,
EventArgs e)
{
try
{
if (Session[HttpSessionStateVariables.EnterpriseSession.ToString()] == null)
{
throw new NullReferenceException();
}
_enterpriseSession = (EnterpriseSession)Session[HttpSessionStateVariables.EnterpriseSession.ToString()];
try
{
if (!_enterpriseSession.IsAdmin)
{
Response.Redirect("~/", true);
}
if (Request["hostType"] == null || !Enum.TryParse(Request["hostType"], out _hostType))
{
_hostType = HostType.RDP;
}
// retrieve the host, if any (create if empty)
if (Request["hostId"] != null)
{
long hostId;
if (!long.TryParse(Request["hostId"], out hostId))
{
hostId = 0;
}
if (hostId != 0)
{
_hostId = hostId;
if (!IsPostBack && Request["edit"] == null)
{
try
{
var host = _enterpriseClient.GetHost(_hostId.Value, _enterpriseSession.SessionID);
if (host != null)
{
_hostType = host.HostType;
hostType.Value = _hostType.ToString();
hostName.Value = host.HostName;
hostAddress.Value = host.HostAddress;
vmGuid.Value = host.VMGuid;
vmEnhancedMode.Checked = host.VMEnhancedMode;
groupsAccess.Value = host.DirectoryGroups;
securityProtocol.SelectedIndex = (int)host.Protocol;
promptCredentials.Checked = host.PromptForCredentials;
startProgram.Value = host.StartRemoteProgram;
}
}
catch (Exception exc)
{
System.Diagnostics.Trace.TraceError("Failed to retrieve host {0}, ({1})", _hostId, exc);
}
}
createSessionUrl.Attributes["onclick"] = string.Format("parent.openPopup('editHostSessionPopup', 'EditHostSession.aspx?hostId={0}');", _hostId);
}
}
else
{
createSessionUrl.Disabled = true;
deleteHost.Disabled = true;
}
vmGuidInput.Visible = _hostType == HostType.RDP;
vmEnhancedModeInput.Visible = _hostType == HostType.RDP;
rdpSecurityInput.Visible = _hostType == HostType.RDP;
startProgramInput.Visible = _hostType == HostType.RDP;
// local admin
groupsAccessInput.Visible = !string.IsNullOrEmpty(_enterpriseSession.Domain);
if (string.IsNullOrEmpty(_enterpriseSession.Domain))
{
promptCredentials.Checked = true;
promptCredentials.Disabled = true;
}
}
catch (ThreadAbortException)
{
// occurs because the response is ended after redirect
}
}
catch (Exception exc)
{
System.Diagnostics.Trace.TraceError("Failed to retrieve the active enterprise session ({0})", exc);
}
}
public EnterpriseSession Authenticate(string username, string password, string adminGroup, string domain, string netbiosDomain)
{
EnterpriseSession enterpriseSession = null;
try
{
var config = ConfigurationManager.OpenExeConfiguration(ConfigurationUserLevel.None);
var localAdminUser = ((AppSettingsSection)config.GetSection("localAdmin")).Settings["LocalAdminUser"].Value;
var localAdminPassword = ((AppSettingsSection)config.GetSection("localAdmin")).Settings["localAdminPassword"].Value;
if (!username.Equals(localAdminUser))
{
enterpriseSession = new EnterpriseSession
{
AuthenticationErrorCode = EnterpriseAuthenticationErrorCode.USER_NOT_FOUND
};
}
else
{
if (!localAdminPassword.Equals("admin"))
{
localAdminPassword = CryptoHelper.AES_Decrypt(localAdminPassword, localAdminUser);
}
if (!password.Equals(localAdminPassword))
{
enterpriseSession = new EnterpriseSession
{
AuthenticationErrorCode = EnterpriseAuthenticationErrorCode.INVALID_LOGIN_CREDENTIALS
};
}
else
{
if (password.Equals("admin"))
{
enterpriseSession = new EnterpriseSession
{
AuthenticationErrorCode = EnterpriseAuthenticationErrorCode.PASSWORD_EXPIRED
};
}
else
{
using (var db = new MyrtilleEnterpriseDBContext())
{
var session = db.Session.FirstOrDefault(m => m.Username == username);
if (session != null)
{
db.Session.Remove(session);
db.SaveChanges();
}
string sessionID = Guid.NewGuid().ToString();
string sessionKey = Guid.NewGuid().ToString("n");
session = new Session
{
Domain = netbiosDomain,
Username = username,
Password = CryptoHelper.AES_Encrypt(CryptoHelper.RDP_Encrypt(password), sessionKey),
SessionID = sessionID,
IsAdmin = true
};
db.Session.Add(session);
db.SaveChanges();
enterpriseSession = new EnterpriseSession
{
Domain = netbiosDomain,
UserName = username,
SessionID = sessionID,
SessionKey = sessionKey,
IsAdmin = true,
SingleUseConnection = false
};
}
}
}
}
}
catch (Exception)
{
enterpriseSession = new EnterpriseSession
{
AuthenticationErrorCode = EnterpriseAuthenticationErrorCode.UNKNOWN_ERROR
};
}
return(enterpriseSession);
}
/// <summary>
/// page load (postback data is now available)
/// </summary>
/// <param name="sender"></param>
/// <param name="e"></param>
protected void Page_Load(
object sender,
EventArgs e)
{
try
{
if (HttpContext.Current.Session[HttpSessionStateVariables.EnterpriseSession.ToString()] == null)
{
throw new NullReferenceException();
}
_enterpriseSession = (EnterpriseSession)HttpContext.Current.Session[HttpSessionStateVariables.EnterpriseSession.ToString()];
try
{
if (!_enterpriseSession.IsAdmin)
{
Response.Redirect("~/", true);
}
// retrieve the host, if any (create if empty)
if (Request["hostId"] != null)
{
long hostId;
if (!long.TryParse(Request["hostId"], out hostId))
{
hostId = 0;
}
if (hostId != 0)
{
_hostId = hostId;
if (!IsPostBack && Request["edit"] == null)
{
try
{
var host = _enterpriseClient.GetHost(_hostId.Value, _enterpriseSession.SessionID);
if (host != null)
{
hostName.Value = host.HostName;
hostAddress.Value = host.HostAddress;
groupsAccess.Value = host.DirectoryGroups;
securityProtocol.SelectedIndex = (int)host.Protocol;
}
}
catch (Exception exc)
{
System.Diagnostics.Trace.TraceError("Failed to retrieve host {0}, ({1})", _hostId, exc);
}
}
createSessionUrl.Attributes["onclick"] = string.Format("parent.openPopup('editHostSessionPopup', 'EditHostSession.aspx?hostId={0}');", _hostId);
}
}
else
{
createSessionUrl.Disabled = true;
deleteHost.Disabled = true;
}
}
catch (ThreadAbortException)
{
// occurs because the response is ended after redirect
}
}
catch (Exception exc)
{
System.Diagnostics.Trace.TraceError("Failed to retrieve the active enterprise session ({0})", exc);
}
}
/// <summary>
/// page load (postback data is now available)
/// </summary>
/// <param name="sender"></param>
/// <param name="e"></param>
protected void Page_Load(
object sender,
EventArgs e)
{
// prevent session fixation or stealing
SessionFixationHandler();
// retrieve the active enterprise session, if any
if (HttpContext.Current.Session[HttpSessionStateVariables.EnterpriseSession.ToString()] != null)
{
try
{
_enterpriseSession = (EnterpriseSession)HttpContext.Current.Session[HttpSessionStateVariables.EnterpriseSession.ToString()];
var clientIP = ClientIPHelper.ClientIPFromRequest(new HttpContextWrapper(HttpContext.Current).Request, true, new string[] { });
if (!_enterpriseSession.ClientRemoteIP.Equals(clientIP))
{
HttpContext.Current.Session[HttpSessionStateVariables.EnterpriseSession.ToString()] = null;
_enterpriseSession = null;
}
}
catch (Exception exc)
{
System.Diagnostics.Trace.TraceError("Failed to retrieve the enterprise session for the http session {0}, ({1})", HttpContext.Current.Session.SessionID, exc);
}
}
//Retrieve remote session information from session url
if (Request.QueryString["SSE"] != null)
{
RemoteSession = GetSharedRemoteSession(Request.QueryString["SSE"]);
if (RemoteSession == null)
{
Response.Redirect(string.Format("?oldSID={0}", HttpContext.Current.Session.SessionID), true);
}
}
else
// retrieve the active remote session, if any
if (HttpContext.Current.Session[HttpSessionStateVariables.RemoteSession.ToString()] != null)
{
try
{
RemoteSession = (RemoteSession)HttpContext.Current.Session[HttpSessionStateVariables.RemoteSession.ToString()];
}
catch (Exception exc)
{
System.Diagnostics.Trace.TraceError("Failed to retrieve the remote session for the http session {0}, ({1})", HttpContext.Current.Session.SessionID, exc);
}
}
// postback events may redirect after execution; UI is updated from there
if (!IsPostBack)
{
UpdateControls();
}
// disable the browser cache; in addition to a "noCache" dummy param, with current time, on long-polling and xhr requests
Response.Cache.SetCacheability(HttpCacheability.NoCache);
Response.Cache.SetNoStore();
}
