Exemplo n.º 1
0
        /// <summary>
        /// CR119-08
        /// Save the contact and address objects extarcted from the card personaliztion object so it can be used later to populate tha anonymous user data
        /// </summary>
        public void SavePersonalizedContact()
        {
            OnlineAccountsManager lOnlineAccMgr = new OnlineAccountsManager();
            Contact lTargetContact = null;

            if (HttpContext.Current.Request.Cookies["PersonalizedContact"] != null)
            {
                //modified by Rabie @ 29 Oct 2013
                // decrypting "PersonalizedContact" cookie value as part of accepted work-around to "persistent cookie issue" in SND 4.0 security issues report
                var lPersonalizedContactID = EncryptionDecryptionManager.DecryptData(HttpContext.Current.Request.Cookies["PersonalizedContact"].Value
                                                                                     , URLLocalizationManager.PrivateKey);
                lTargetContact = lOnlineAccMgr.GetContact(int.Parse(lPersonalizedContactID), "Addresses");
                ConvertPersonalizationDataToContact(NavigationState.SB_Card.SB_CardPersonalizedInfo, lTargetContact);
                lOnlineAccMgr.UpdateContact(lTargetContact);
                lOnlineAccMgr.UpdateAddress(lTargetContact.Addresses.FirstOrDefault());
            }
            else
            {
                lTargetContact = new Contact();
                ConvertPersonalizationDataToContact(NavigationState.SB_Card.SB_CardPersonalizedInfo, lTargetContact);
                lOnlineAccMgr.CreateContact(lTargetContact);
            }
            //modified by Rabie @ 29 Oct 2013
            // encrypting/decrypting "PersonalizedContact" cookie value as accepted work-around to "persistent cookie issue" in SND 4.0 security issues report
            var lPersonalizedContactCookie = new HttpCookie("PersonalizedContact",
                                                            EncryptionDecryptionManager.EncryptData(lTargetContact.Contact_ID.ToString(), URLLocalizationManager.PublicKey));

            lPersonalizedContactCookie.Expires  = DateTime.Now.AddDays(1);
            lPersonalizedContactCookie.HttpOnly = true;
            lPersonalizedContactCookie.Secure   = true;
            HttpContext.Current.Response.Cookies.Add(lPersonalizedContactCookie);
        }
Exemplo n.º 2
0
        /// <summary>
        /// Method Name: SignUp.
        /// Method Purpose: This method used to sign up.
        /// Author: Mena Armanyous.
        /// Modification Date: April 27, 2011.
        /// </summary>
        /// <param name="pASPNetUserID"></param>
        /// <param name="pAccount"></param>
        /// <param name="pContact"></param>
        /// <param name="pNewsLetterSubscribe"></param>
        /// <returns></returns>
        public bool SignUp(Guid pASPNetUserID, Account pAccount, Contact pContact, bool pNewsLetterSubscribe)
        {
            try
            {
                //set the newly created user as logged in
                pAccount.IsLoggedIn = true;

                // create new contact with its related account information.
                pContact.Account = pAccount;

                OnlineAccountsManager lOnlineManager = new OnlineAccountsManager();
                lOnlineManager.CreateContact(pContact);

                //set aspnet_users for account
                pContact.Account.aspnet_Users = new AccountAdministrationManager().GetAspNetUser(pASPNetUserID);

                this.SendSignUpConfirmationMail(pContact, HttpContext.Current.Request.IsSecureConnection);

                #region Athenticate user
                // authenticate signed up user.
                string strUserName = (pContact.Account.aspnet_Users.UserName);
                SessionManager.Set <string>(enumSessionKeys.UserName, strUserName);
                FormsAuthentication.SetAuthCookie(strUserName, false);

                #endregion

                // update signed up user related navigation state.
                UpdateNavigationState(pASPNetUserID);

                //updated by Randa Salah Eldin as newsletter will not be connected with the Account anymore
                if (pNewsLetterSubscribe)
                {
                    NewsletterManager lNewsletterManager = new NewsletterManager();

                    if (pNewsLetterSubscribe && lNewsletterManager.IsUserSubscribed(pContact.Email) == false)
                    {
                        lNewsletterManager.AddNewsletterSubscriber(pContact.Email);
                    }
                    else if (pNewsLetterSubscribe == false && lNewsletterManager.IsUserSubscribed(pContact.Email) == true)
                    {
                        lNewsletterManager.UnsubscribeFromNewsLetter(pContact.Email);
                    }
                }

                #region Session Fixation Security Threat - FIX
                // written by rabie @ 15 july 2012
                new AccountAdministrationManager().RegenerateSessionID(false, true);
                #endregion

                return(true);
            }
            catch (Exception ex)
            {
                if (!ExceptionHandler.IsUserFriendly(ex))
                {
                    ex.Data.Add("ClassName", "NavBase");
                    ex.Data.Add("MethodName", "SignUp");
                    ExceptionHandler.handle(ex);
                }
                else
                {
                    throw ex;
                }
                return(false);
            }
        }
        /// <summary>
        /// CR119-08
        /// Save the contact and address objects extarcted from the card personaliztion object so it can be used later to populate tha anonymous user data
        /// </summary>
        public void SavePersonalizedContact()
        {
            OnlineAccountsManager lOnlineAccMgr = new OnlineAccountsManager();
            Contact lTargetContact = null;

            if (HttpContext.Current.Request.Cookies["PersonalizedContact"] != null)
            {
                //modified by Rabie @ 29 Oct 2013
                // decrypting "PersonalizedContact" cookie value as part of accepted work-around to "persistent cookie issue" in SND 4.0 security issues report
                var lPersonalizedContactID = EncryptionDecryptionManager.DecryptData(HttpContext.Current.Request.Cookies["PersonalizedContact"].Value
                    , URLLocalizationManager.PrivateKey);
                lTargetContact = lOnlineAccMgr.GetContact(int.Parse(lPersonalizedContactID), "Addresses");
                ConvertPersonalizationDataToContact(NavigationState.SB_Card.SB_CardPersonalizedInfo, lTargetContact);
                lOnlineAccMgr.UpdateContact(lTargetContact);
                lOnlineAccMgr.UpdateAddress(lTargetContact.Addresses.FirstOrDefault());
            }
            else
            {
                lTargetContact = new Contact();
                ConvertPersonalizationDataToContact(NavigationState.SB_Card.SB_CardPersonalizedInfo, lTargetContact);
                lOnlineAccMgr.CreateContact(lTargetContact);
            }
            //modified by Rabie @ 29 Oct 2013
            // encrypting/decrypting "PersonalizedContact" cookie value as accepted work-around to "persistent cookie issue" in SND 4.0 security issues report
            var lPersonalizedContactCookie = new HttpCookie("PersonalizedContact",
                EncryptionDecryptionManager.EncryptData(lTargetContact.Contact_ID.ToString(), URLLocalizationManager.PublicKey));

            lPersonalizedContactCookie.Expires = DateTime.Now.AddDays(1);
            lPersonalizedContactCookie.HttpOnly = true;
            lPersonalizedContactCookie.Secure = true;
            HttpContext.Current.Response.Cookies.Add(lPersonalizedContactCookie);
        }
        /// <summary>
        /// Method Name: SignUp.
        /// Method Purpose: This method used to sign up.
        /// Author: Mena Armanyous.
        /// Modification Date: April 27, 2011.
        /// </summary>
        /// <param name="pASPNetUserID"></param>
        /// <param name="pAccount"></param>
        /// <param name="pContact"></param>
        /// <param name="pNewsLetterSubscribe"></param>
        /// <returns></returns>
        public bool SignUp(Guid pASPNetUserID, Account pAccount, Contact pContact, bool pNewsLetterSubscribe)
        {
            try
            {
                //set the newly created user as logged in
                pAccount.IsLoggedIn = true;

                // create new contact with its related account information.
                pContact.Account = pAccount;

                OnlineAccountsManager lOnlineManager = new OnlineAccountsManager();
                lOnlineManager.CreateContact(pContact);

                //set aspnet_users for account
                pContact.Account.aspnet_Users = new AccountAdministrationManager().GetAspNetUser(pASPNetUserID);

                this.SendSignUpConfirmationMail(pContact, HttpContext.Current.Request.IsSecureConnection);

                #region Athenticate user
                // authenticate signed up user.
                string strUserName = (pContact.Account.aspnet_Users.UserName);
                SessionManager.Set<string>(enumSessionKeys.UserName,strUserName);
                FormsAuthentication.SetAuthCookie(strUserName, false);

                #endregion

                // update signed up user related navigation state.
                UpdateNavigationState(pASPNetUserID);

                //updated by Randa Salah Eldin as newsletter will not be connected with the Account anymore
                if (pNewsLetterSubscribe)
                {
                    NewsletterManager lNewsletterManager = new NewsletterManager();

                    if (pNewsLetterSubscribe && lNewsletterManager.IsUserSubscribed(pContact.Email) == false)
                    {

                        lNewsletterManager.AddNewsletterSubscriber(pContact.Email);
                    }
                    else if (pNewsLetterSubscribe == false && lNewsletterManager.IsUserSubscribed(pContact.Email) == true)
                    {
                        lNewsletterManager.UnsubscribeFromNewsLetter(pContact.Email);
                    }
                }

                #region Session Fixation Security Threat - FIX
                // written by rabie @ 15 july 2012
                new AccountAdministrationManager().RegenerateSessionID(false,true);
                #endregion

                return true;
            }
            catch (Exception ex)
            {
                if (!ExceptionHandler.IsUserFriendly(ex))
                {
                    ex.Data.Add("ClassName", "NavBase");
                    ex.Data.Add("MethodName", "SignUp");
                    ExceptionHandler.handle(ex);
                }
                else
                { throw ex; }
                return false;
            }
        }