protected int OrgId; //Read from authentication ticket. #endregion Fields #region Methods /// <summary> /// Function is returning an access for input page. /// </summary> /// <param name="pageName">Input page</param> /// <returns>The access for input page, false - not permission, true - yes</returns> public bool CheckPermission(string pageName) { bool bResult = false; DataView dvPages = null; clsUsers user = null; try { if((pageName.ToLower() != "default.aspx") && (pageName.ToLower() != "error.aspx") && (pageName.ToLower() != "accessdenied.aspx")) { dvPages = (DataView)Context.Cache["userPages"]; if(dvPages == null) { user = new clsUsers(); user.iOrgId = _functions.GetUserOrgId(HttpContext.Current.User.Identity.Name, false); dvPages = new DataView(user.GetPagesList()); Context.Cache.Insert("userPages", dvPages, null, DateTime.Now.AddHours(12), TimeSpan.Zero); } dvPages.RowFilter = "vchPageName = '" + pageName + "'"; if(dvPages.Count > 0) { foreach(string role in dvPages[0]["vchGroupList"].ToString().Split(new char[] {';'})) { if(Context.User.IsInRole(role)) { bResult = true; } } } else if(Context.User.IsInRole("Administrators")) bResult = true; } else { bResult = true; } } catch(Exception ex) { _functions.Log(ex, HttpContext.Current.User.Identity.Name, "BFPPage.cs"); } finally { if(user != null) { user.Dispose(); } } return bResult; }
protected void CheckLinks(System.Web.UI.Page _page) { System.Web.UI.WebControls.HyperLink hlItem; string pageName; DataView dvPages = null; clsUsers user = null; try { foreach(System.Web.UI.Control _MainControl in _page.Controls) { if(_MainControl.GetType().FullName == "System.Web.UI.HtmlControls.HtmlForm") { foreach(System.Web.UI.Control _control in _MainControl.Controls) { if(_control.GetType().FullName == "System.Web.UI.WebControls.HyperLink") { hlItem = (System.Web.UI.WebControls.HyperLink)_control; hlItem.Visible = false; pageName = _functions.GetFileNameFromURL(hlItem.NavigateUrl); if((pageName.ToLower() != "default.aspx") && (pageName.ToLower() != "error.aspx") && (pageName.ToLower() != "accessdenied.aspx")) { dvPages = (DataView)Context.Cache["userPages"]; if(dvPages == null) { user = new clsUsers(); user.iOrgId = _functions.GetUserOrgId(HttpContext.Current.User.Identity.Name, false); dvPages = new DataView(user.GetPagesList()); Context.Cache.Insert("userPages", dvPages, null, DateTime.Now.AddHours(12), TimeSpan.Zero); } dvPages.RowFilter = "vchPageName = '" + pageName + "'"; if(dvPages.Count > 0) { foreach(string role in dvPages[0]["vchGroupList"].ToString().Split(new char[] {';'})) { if(Context.User.IsInRole(role)) { hlItem.Visible = true; } } } else if(Context.User.IsInRole("Administrators")) hlItem.Visible = true; } else { hlItem.Visible = true; } } } return; } } } catch(Exception ex) { _functions.Log("Application error: \n" + ex.ToString()); } finally { if(user != null) { user.Dispose(); } } }
private void Global_AuthorizeRequest(object sender, System.EventArgs e) { string sMode; try { // Is user authenticated? if(Request.IsAuthenticated) { // getting the current page from the Request Object string pageName = Request.FilePath.Remove(0, Request.FilePath.LastIndexOf("/") + 1); // if page is avaible then skip it if((pageName.ToLower() == "default.aspx") || (pageName == "error.aspx") || (pageName.ToLower() == "accessdenied.aspx")) return; if (!pageName.Contains(".aspx")) return; // getting a mode from cookies if(Request.Cookies["bfp_mode"] == null) sMode = ""; else sMode = Request.Cookies["bfp_mode"].Value; switch(sMode) { case "OperatorKiosk": if(pageName.Substring(0, 3) == "ok_" || pageName == "ReportViewer.aspx" || pageName == "selectMode.aspx") break; else { Context.RewritePath("accessdenied.aspx"); return; } case "TechnicianMode": if(pageName.Substring(0, 5) == "admin_" || pageName.Substring(0, 6) == "error_") { Context.RewritePath("accessdenied.aspx"); return; } break; default: if(pageName == "ok_mainMenu.aspx") break; else if(pageName.Substring(0, 3) != "ok_") break; else { Context.RewritePath("accessdenied.aspx"); return; } } if(Request.Cookies["bfp_operator"] == null) { if(pageName.Substring(0, 3) == "ok_" && pageName != "ok_mainMenu.aspx" && pageName != "ok_authCredentials.aspx") { Context.RewritePath("accessdenied.aspx"); return; } } // getting the pages and groups for them from cache DataView dvPages = (DataView)Context.Cache["userPages"]; // if pages isn't existing then we create a new if(dvPages == null) { // getting the pages from database user = new clsUsers(); user.iOrgId = _functions.GetUserOrgId(HttpContext.Current.User.Identity.Name, false); dvPages = new DataView(user.GetPagesList()); // insert pages to cache Context.Cache.Insert("userPages", dvPages, null, DateTime.Now.AddHours(12), TimeSpan.Zero); } // filter pages for current page dvPages.RowFilter = "vchPageName = '" + pageName + "'"; // if the page is there in pages list if(dvPages.Count > 0) { // to see roles for current groups of this page foreach(string role in dvPages[0]["vchGroupList"].ToString().Split(new char[] {';'})) { // if the current user have current role then we give an access for current page if(Context.User.IsInRole(role)) { return; } } } else // if current user is administrator then we give all access for every page if(Context.User.IsInRole("Administrators")) return; // if we come here then current user hasn't access to current page Context.RewritePath("accessdenied.aspx"); } } catch(Exception ex) { _functions.Log(ex, HttpContext.Current.User.Identity.Name, "Global.asax.cs"); } finally { if(user != null) { user.Dispose(); } } }
private void Global_AuthorizeRequest(object sender, System.EventArgs e) { try { if(Request.IsAuthenticated) { string pageName = Request.FilePath.Remove(0, Request.FilePath.LastIndexOf("/") + 1); if((pageName == "default.aspx") || (pageName == "error.aspx") || (pageName.ToLower() == "accessdenied.aspx")) return; DataView dvPages = (DataView)Context.Cache["userPages"]; if(dvPages == null) { user = new clsUsers(); user.iOrgId = _functions.GetUserOrgId(HttpContext.Current.User.Identity.Name, false); dvPages = new DataView(user.GetPagesList()); Context.Cache.Insert("userPages", dvPages, null, DateTime.Now.AddHours(12), TimeSpan.Zero); } dvPages.RowFilter = "vchPageName = '" + pageName + "'"; if(dvPages.Count > 0) { foreach(string role in dvPages[0]["vchGroupList"].ToString().Split(new char[] {';'})) { if(Context.User.IsInRole(role)) { return; } } } else if(Context.User.IsInRole("Administrators")) return; Context.RewritePath("accessdenied.aspx"); } } catch(Exception ex) { _functions.Log(ex, HttpContext.Current.User.Identity.Name, "Global.asax.cs"); } finally { if(user != null) { user.Dispose(); } } }