public void ValidateRequestSecurity()
{
var useSSL = BehaviorsConfiguration.HTTPSecurity == HTTPSecurity.SSL;
if (useSSL || ShouldEnforceSecureRequests(AppInfo.GetAppInfo()))
{
if (!RuntimePlatformUtils.RequestIsSecure(HttpContext.Current.Request, !useSSL))
{
throw new ExposeRestException("HTTPS connection required.", HttpStatusCode.Forbidden);
}
}
if (BehaviorsConfiguration.InternalAccessOnly)
{
if (!RuntimePlatformUtils.InternalAddressIdentification(HttpContext.Current.Request))
{
throw new ExposeRestException("Access Denied.", HttpStatusCode.Forbidden);
}
}
}
private void Page_Load(object sender, System.EventArgs e)
{
// init vars
AppInfo appInfo = Global.App;
if (appInfo != null)
{
heContext = appInfo.OsContext;
}
Response.ContentType = "text/html; charset=" + Response.ContentEncoding.WebName;
// No session SessionFixationValidation because screen is accessible by anonymous users or uses a readonly session.
if (appInfo != null)
{
heContext = appInfo.OsContext; heContext.RequestTracer.MainEventType = RequestTracerEventType.WebScreenServerExecuted; heContext.RequestTracer.RegisterEndpoint("2dcd742c-96b7-4e62-ae6f-1644bcab95a5", "InvalidPermissions");
}
OutSystems.HubEdition.RuntimePlatform.Web.JavaScriptManager.CheckRelativeJavaScriptPrefix(AppUtils.Instance.getImagePath());
appInfo.IsLoadingScreen = !IsPostBack;
if (!IsPostBack)
{
ArrayList screenParameters = (ArrayList)Global.App.OsContext.Session["ContactManager._ScreenParameters_InvalidPermissions"];
bool screenParametersInSession = false;
object screenParametersKey = heContext.Session["_ScreenParametersKey"];
if ((screenParametersKey == null || this.Key.Equals(ObjectKey.Parse(Convert.ToString(screenParametersKey)))) && screenParameters != null)
{
try {
screenParametersInSession = true;
} catch (Exception parametersException) {
ErrorLog.LogApplicationError("Failed to load Screen Input Parameters from session.", "ScreenParametersKey = " + screenParametersKey + ", Count = " + screenParameters.Count + "\r\n" + parametersException.StackTrace, heContext, "Global");
} finally {
Global.App.OsContext.Session["ContactManager._ScreenParameters_InvalidPermissions"] = null;
heContext.Session["_ScreenParametersKey"] = null;
}
}
else if (Request.HttpMethod == "GET")
{
}
else if (Request.HttpMethod == "POST")
{
}
}
if (!appInfo.IsApplicationEnabled)
{
ErrorLog.LogApplicationError(message: "eSpace " + appInfo.eSpaceName + " is disabled", stackTrace: Environment.StackTrace, context: heContext, moduleName: "Global");
String contact = RuntimePlatformUtils.GetAdministrationEmail();
try {
Context.Items[Constants.AppOfflineCustomHandler.ContactKey] = contact;
Context.Items[Constants.AppOfflineCustomHandler.ErrorCodeKey] = "APPLICATION_OFFLINE";
Server.Transfer("/ContactManager/CustomHandlers/app_offline.aspx");
}
catch (System.Threading.ThreadAbortException) {}
catch {
Response.Redirect("/ContactManager/CustomHandlers/internalerror.aspx");
}
}
InitializeUrls();
Actions.ActionOnBeginWebRequest(heContext);
if (appInfo.IsForcingSecurityForScreens() && !RuntimePlatformUtils.RequestIsSecure(Request))
{
Response.Redirect("https://" + Request.Url.Host + "" + AppUtils.Instance.getImagePath() + "InvalidPermissions.aspx" + Request.Url.Query);
HttpContext.Current.ApplicationInstance.CompleteRequest();
}
if (!IsPostBack)
{
CheckPermissions(heContext);
bool bindEditRecords = !IsPostBack;
Title = "Invalid Permissions"; Page.DataBind();
if (RuntimePlatformUtils.GetRequestTracer() != null)
{
RuntimePlatformUtils.GetRequestTracer().RegisterSessionSize(); if (heContext.Session != null)
{
RuntimePlatformUtils.GetRequestTracer().RegisterUserId(heContext.Session.UserId);
}
}
if (!heContext.AppInfo.SelectiveLoggingEnabled || heContext.AppInfo.Properties.AllowLogging)
{
ScreenLog.StaticWrite(heContext.AppInfo, heContext.Session, heContext.StartInstant, (int)((TimeSpan)(DateTime.Now - heContext.StartInstant)).TotalMilliseconds, "InvalidPermissions", (string)heContext.Session["MSISDN"], "WEB", "Screen", RuntimeEnvironment.MachineName, RuntimePlatformUtils.GetViewstateSize(), RuntimePlatformUtils.GetRetrievedSessionSize(), RuntimePlatformUtils.GetRetrievedSessionRequests());
}
}
else
{
if (heContext.AppInfo.IsForcingSecurityForScreens() && !RuntimePlatformUtils.RequestIsSecure(Request))
{
Response.Redirect("https://" + Request.Url.Host + "" + AppUtils.Instance.getImagePath() + "InvalidPermissions.aspx" + Request.Url.Query);
HttpContext.Current.ApplicationInstance.CompleteRequest();
}
FetchViewState();
}
}
