protected void linksignout_Click(object sender, EventArgs e)
{
DotNetNuke.Security.PortalSecurity signout = new DotNetNuke.Security.PortalSecurity();
signout.SignOut();
string currentpage = Page.Request.Url.AbsoluteUri.ToString();
Response.Redirect(currentpage.ToString());
}
public string BecomeUser(int userToBecomeId, int currentlyLoggedInUser, HttpContext context, PortalSettings portalSettings, HttpSessionState sessionState)
{
string url = string.Empty;
string sessionStateName = string.Empty;
if (Settings[ModuleSettingsNames.SessionObject] != null)
sessionStateName = Settings[ModuleSettingsNames.SessionObject].ToString();
if (userToBecomeId > 0)
{
DataCache.ClearUserCache(portalSettings.PortalId, context.User.Identity.Name);
PortalSecurity portalSecurity = new PortalSecurity();
portalSecurity.SignOut();
UserInfo newUserInfo = UserController.GetUserById(portalSettings.PortalId, userToBecomeId);
if (newUserInfo != null)
{
sessionState.Contents[sessionStateName] = null;
UserController.UserLogin(portalSettings.PortalId, newUserInfo, portalSettings.PortalName, HttpContext.Current.Request.UserHostAddress, false);
if (currentlyLoggedInUser != 0)
{
sessionState[sessionStateName] = currentlyLoggedInUser;
}
else
{
sessionState[sessionStateName] = null;
}
url = (context.Request.UrlReferrer.AbsoluteUri);
}
}
return url;
}
private void DoLogoff()
{
try
{
//Remove user from cache
if (User != null)
{
DataCache.ClearUserCache(PortalSettings.PortalId, Context.User.Identity.Name);
}
var objPortalSecurity = new PortalSecurity();
objPortalSecurity.SignOut();
}
catch (Exception exc) //Page failed to load
{
Exceptions.ProcessPageLoadException(exc);
}
}
private void OnAcquireRequestState(object sender, EventArgs eventArgs)
{
Debug.WriteLine("SessionManagement OnAuthenticateRequest");
var context = HttpContext.Current;
if (context.User == null || context.User.Identity == null || !context.User.Identity.IsAuthenticated)
{
return;
}
var session = context.Session;
if (session == null)
{
return;
}
var userInfo = UserController.GetCurrentUserInfo();
if (userInfo.IsSuperUser)
{
return;
}
var userId = userInfo.UserID;
var sessionId = session.SessionID;
var ipAddress = context.Request.ServerVariables["HTTP_X_FORWARDED_FOR"];
if (!sharedSessionManagement.RegisterSession(userId, sessionId, ipAddress))
{
// Logout user
var objPortalSecurity = new PortalSecurity();
objPortalSecurity.SignOut();
// Redirect the user to the current page
context.Response.Redirect(Globals.NavigateURL());
}
}
protected void Continue_Click(object sender, EventArgs e)
{
try
{
PortalSecurity secure = new PortalSecurity();
user.FirstName = txtFirstName.Text;
user.LastName = txtLastName.Text;
user.Email = txtEmailAdd.Text;
if ((Page.IsValid && user.UserID > 0) && (TextBox1.Text != "" && TextBox2.Text != ""))
{
UserController.ChangePassword(user, UserController.GetPassword(ref user, user.Membership.PasswordAnswer), TextBox1.Text);
}
Page.ClientScript.RegisterStartupScript(this.GetType(), "nKey", "DisplayAlert()", true);
SqlConnection conn = new SqlConnection(connectionString);
SqlDataAdapter adap = new SqlDataAdapter("Update Users set IsFirstLogin=1 where username= '******'", conn);
dt.Clear();
adap.Fill(dt);
secure.SignOut();
Session.Abandon();
}
catch (Exception ex)
{
UserInfo info = UserController.GetCurrentUserInfo();
ErrorLog objLog = new ErrorLog();
objLog.ErrorDescription = ex.ToString();
objLog.ErrorDate = DateTime.Now;
objLog.ErrorFunctionName = System.Reflection.MethodBase.GetCurrentMethod().Name;
objLog.ErrorControlName = (GetType().ToString().Replace("ASP.", "").Replace("_ascx", ".ascx").Remove(0, GetType().ToString().Replace("ASP.", "").Replace("_ascx", ".ascx").LastIndexOf("_") + 1));
objLog.ErrorLoggedInUser = info.Username;
objLog.AddErrorToLog(objLog);
}
}
/// <summary>
/// Sets the current user so that checking authentication and roles works.
/// </summary>
/// <remarks>
/// Copies functionality from <c>DotNetNuke.HttpModules.Membership.MembershipModule.OnAuthenticateRequest</c>
/// to get the current user set as the "Current User"
/// </remarks>
private void SetCurrentUser()
{
// Obtain PortalSettings from Current Context
var portalSettings = PortalController.GetCurrentPortalSettings();
if (this.Context.Request.IsAuthenticated && portalSettings != null)
{
var roleController = new RoleController();
var cachedUser = UserController.GetCachedUser(portalSettings.PortalId, this.Context.User.Identity.Name);
if (this.Context.Request.Cookies["portalaliasid"] != null)
{
// ReSharper disable PossibleNullReferenceException
var portalCookie = FormsAuthentication.Decrypt(this.Context.Request.Cookies["portalaliasid"].Value);
// check if user has switched portals
if (portalSettings.PortalAlias.PortalAliasID != int.Parse(portalCookie.UserData))
{
// expire cookies if portal has changed
this.Context.Response.Cookies["portalaliasid"].Value = null;
this.Context.Response.Cookies["portalaliasid"].Path = "/";
this.Context.Response.Cookies["portalaliasid"].Expires = DateTime.Now.AddYears(-30);
this.Context.Response.Cookies["portalroles"].Value = null;
this.Context.Response.Cookies["portalroles"].Path = "/";
this.Context.Response.Cookies["portalroles"].Expires = DateTime.Now.AddYears(-30);
// ReSharper restore PossibleNullReferenceException
}
}
// authenticate user and set last login ( this is necessary for users who have a permanent Auth cookie set )
if (cachedUser == null || cachedUser.IsDeleted || cachedUser.Membership.LockedOut ||
cachedUser.Membership.Approved == false ||
cachedUser.Username.ToLower() != this.Context.User.Identity.Name.ToLower())
{
var portalSecurity = new PortalSecurity();
portalSecurity.SignOut();
// Remove user from cache
if (cachedUser != null)
{
DataCache.ClearUserCache(portalSettings.PortalId, this.Context.User.Identity.Name);
}
// Redirect browser back to home page
this.Context.Response.Redirect(this.Context.Request.RawUrl, true);
return;
}
// valid Auth cookie
// if users LastActivityDate is outside of the UsersOnlineTimeWindow then record user activity
if (
DateTime.Compare(
cachedUser.Membership.LastActivityDate.AddMinutes(Host.UsersOnlineTimeWindow), DateTime.Now) < 0)
{
// update LastActivityDate and IP Address for user
cachedUser.Membership.LastActivityDate = DateTime.Now;
cachedUser.LastIPAddress = this.Context.Request.UserHostAddress;
UserController.UpdateUser(portalSettings.PortalId, cachedUser);
}
// refreshroles is set when a role is added to a user by an administrator
bool refreshCookies = cachedUser.RefreshRoles;
// check for RSVP code
if (!cachedUser.RefreshRoles && this.Context.Request.QueryString["rsvp"] != null &&
string.IsNullOrEmpty(this.Context.Request.QueryString["rsvp"]) == false)
{
foreach (RoleInfo objRole in roleController.GetPortalRoles(portalSettings.PortalId))
{
if (objRole.RSVPCode == this.Context.Request.QueryString["rsvp"])
{
roleController.UpdateUserRole(portalSettings.PortalId, cachedUser.UserID, objRole.RoleID);
// clear portalroles so the new role is added to the cookie below
refreshCookies = true;
}
}
}
// create cookies if they do not exist yet for this session.
if (this.Context.Request.Cookies["portalroles"] == null || refreshCookies)
{
// keep cookies in sync
var currentDateTime = DateTime.Now;
// create a cookie authentication ticket ( version, user name, issue time, expires every hour, don't persist cookie, roles )
var portalTicket = new FormsAuthenticationTicket(
1,
this.Context.User.Identity.Name,
currentDateTime,
currentDateTime.AddHours(1),
false,
portalSettings.PortalAlias.PortalAliasID.ToString());
// encrypt the ticket
string portalAliasId = FormsAuthentication.Encrypt(portalTicket);
// ReSharper disable PossibleNullReferenceException
// send portal cookie to client
this.Context.Response.Cookies["portalaliasid"].Value = portalAliasId;
this.Context.Response.Cookies["portalaliasid"].Path = "/";
this.Context.Response.Cookies["portalaliasid"].Expires = currentDateTime.AddMinutes(1);
// ReSharper restore PossibleNullReferenceException
// get roles from UserRoles table
string[] arrPortalRoles = roleController.GetRolesByUser(cachedUser.UserID, portalSettings.PortalId);
// create a string to persist the roles, attach a portalID so that cross-portal impersonation cannot occur
string strPortalRoles = portalSettings.PortalId + "!!" + string.Join(";", arrPortalRoles);
// create a cookie authentication ticket ( version, user name, issue time, expires every hour, don't persist cookie, roles )
var rolesTicket = new FormsAuthenticationTicket(
1,
this.Context.User.Identity.Name,
currentDateTime,
currentDateTime.AddHours(1),
false,
strPortalRoles);
// encrypt the ticket
string strRoles = FormsAuthentication.Encrypt(rolesTicket);
// ReSharper disable PossibleNullReferenceException
// send roles cookie to client
this.Context.Response.Cookies["portalroles"].Value = strRoles;
this.Context.Response.Cookies["portalroles"].Path = "/";
this.Context.Response.Cookies["portalroles"].Expires = currentDateTime.AddMinutes(1);
if (refreshCookies)
{
// if rsvp, update portalroles in context because it is being used later
this.Context.Request.Cookies["portalroles"].Value = strRoles;
}
}
if (this.Context.Request.Cookies["portalroles"] != null)
{
// get roles from roles cookie
if (this.Context.Request.Cookies["portalroles"].Value != string.Empty)
{
var roleTicket = FormsAuthentication.Decrypt(this.Context.Request.Cookies["portalroles"].Value);
// ReSharper restore PossibleNullReferenceException
if (roleTicket != null)
{
// get the role data and split it into portalid and a string array of role data
string rolesdata = roleTicket.UserData;
char[] separator = "!!".ToCharArray();
// need to use StringSplitOptions.None to preserve case where superuser has no roles
string[] rolesParts = rolesdata.Split(separator, StringSplitOptions.None);
// if cookie is for a different portal than current force a refresh of roles else used cookie cached version
if (Convert.ToInt32(rolesParts[0]) != portalSettings.PortalId)
{
cachedUser.Roles = roleController.GetRolesByUser(cachedUser.UserID, portalSettings.PortalId);
}
else
{
cachedUser.Roles = rolesParts[2].Split(';');
}
}
else
{
cachedUser.Roles = roleController.GetRolesByUser(cachedUser.UserID, portalSettings.PortalId);
}
// Clear RefreshRoles flag
if (cachedUser.RefreshRoles)
{
cachedUser.RefreshRoles = false;
UserController.UpdateUser(portalSettings.PortalId, cachedUser);
}
}
// save userinfo object in context
this.Context.Items.Add("UserInfo", cachedUser);
// load the personalization object
var personalizationController = new PersonalizationController();
personalizationController.LoadProfile(this.Context, cachedUser.UserID, cachedUser.PortalID);
// Localization.SetLanguage also updates the user profile, so this needs to go after the profile is loaded
Localization.SetLanguage(cachedUser.Profile.PreferredLocale);
}
}
if (HttpContext.Current.Items["UserInfo"] == null)
{
this.Context.Items.Add("UserInfo", new UserInfo());
}
}
public static void AuthenticateRequest(HttpContextBase context, bool allowUnknownExtensinons)
{
HttpRequestBase request = context.Request;
HttpResponseBase response = context.Response;
//First check if we are upgrading/installing
if (request == null || request.Url == null
|| request.Url.LocalPath.ToLower().EndsWith("install.aspx")
|| request.Url.LocalPath.ToLower().Contains("upgradewizard.aspx")
|| request.Url.LocalPath.ToLower().Contains("installwizard.aspx"))
{
return;
}
//exit if a request for a .net mapping that isn't a content page is made i.e. axd
if (allowUnknownExtensinons == false
&& request.Url.LocalPath.ToLower().EndsWith(".aspx") == false
&& request.Url.LocalPath.ToLower().EndsWith(".asmx") == false
&& request.Url.LocalPath.ToLower().EndsWith(".ashx") == false)
{
return;
}
//Obtain PortalSettings from Current Context
PortalSettings portalSettings = PortalController.GetCurrentPortalSettings();
bool isActiveDirectoryAuthHeaderPresent = false;
var auth = request.Headers.Get("Authorization");
if(!string.IsNullOrEmpty(auth))
{
if(auth.StartsWith("Negotiate"))
{
isActiveDirectoryAuthHeaderPresent = true;
}
}
if (request.IsAuthenticated && !isActiveDirectoryAuthHeaderPresent && portalSettings != null)
{
var roleController = new RoleController();
var user = UserController.GetCachedUser(portalSettings.PortalId, context.User.Identity.Name);
//if current login is from windows authentication, the ignore the process
if (user == null && context.User is WindowsPrincipal)
{
return;
}
//authenticate user and set last login ( this is necessary for users who have a permanent Auth cookie set )
if (user == null || user.IsDeleted || user.Membership.LockedOut
|| (!user.Membership.Approved && !user.IsInRole("Unverified Users"))
|| user.Username.ToLower() != context.User.Identity.Name.ToLower())
{
var portalSecurity = new PortalSecurity();
portalSecurity.SignOut();
//Remove user from cache
if (user != null)
{
DataCache.ClearUserCache(portalSettings.PortalId, context.User.Identity.Name);
}
//Redirect browser back to home page
response.Redirect(request.RawUrl, true);
return;
}
if (!user.IsSuperUser && user.IsInRole("Unverified Users") && !HttpContext.Current.Items.Contains(DotNetNuke.UI.Skins.Skin.OnInitMessage))
{
HttpContext.Current.Items.Add(DotNetNuke.UI.Skins.Skin.OnInitMessage, Localization.GetString("UnverifiedUser"));
}
if (!user.IsSuperUser && HttpContext.Current.Request.QueryString.AllKeys.Contains("VerificationSuccess") && !HttpContext.Current.Items.Contains(DotNetNuke.UI.Skins.Skin.OnInitMessage))
{
HttpContext.Current.Items.Add(DotNetNuke.UI.Skins.Skin.OnInitMessage, Localization.GetString("VerificationSuccess"));
HttpContext.Current.Items.Add(DotNetNuke.UI.Skins.Skin.OnInitMessageType, ModuleMessage.ModuleMessageType.GreenSuccess);
}
//if users LastActivityDate is outside of the UsersOnlineTimeWindow then record user activity
if (DateTime.Compare(user.Membership.LastActivityDate.AddMinutes(Host.UsersOnlineTimeWindow), DateTime.Now) < 0)
{
//update LastActivityDate and IP Address for user
user.Membership.LastActivityDate = DateTime.Now;
user.LastIPAddress = request.UserHostAddress;
UserController.UpdateUser(portalSettings.PortalId, user, false, false);
}
//check for RSVP code
if (request.QueryString["rsvp"] != null && !string.IsNullOrEmpty(request.QueryString["rsvp"]))
{
foreach (var role in TestableRoleController.Instance.GetRoles(portalSettings.PortalId, r => (r.SecurityMode != SecurityMode.SocialGroup || r.IsPublic) && r.Status == RoleStatus.Approved))
{
if (role.RSVPCode == request.QueryString["rsvp"])
{
roleController.UpdateUserRole(portalSettings.PortalId, user.UserID, role.RoleID);
}
}
}
//save userinfo object in context
context.Items.Add("UserInfo", user);
//Localization.SetLanguage also updates the user profile, so this needs to go after the profile is loaded
Localization.SetLanguage(user.Profile.PreferredLocale);
}
if (context.Items["UserInfo"] == null)
{
context.Items.Add("UserInfo", new UserInfo());
}
}
private void ProcessLogin(int newUserId)
{
var currentUser = UserController.GetCurrentUserInfo();
//Log event
var objEventLog = new EventLogController();
objEventLog.AddLog("Username", currentUser.Username, PortalSettings, currentUser.UserID, EventLogController.EventLogType.USER_IMPERSONATED);
//Remove user from cache
DataCache.ClearUserCache(PortalSettings.PortalId, currentUser.Username);
var objPortalSecurity = new PortalSecurity();
objPortalSecurity.SignOut();
var ctlUser = new UserController();
var newUser = ctlUser.GetUser(PortalSettings.PortalId, newUserId);
UserController.UserLogin(newUser.PortalID, newUser, PortalSettings.PortalName, HttpContext.Current.Request.ServerVariables["REMOTE_ADDR"], false);
ClearCookies();
Response.Redirect(DotNetNuke.Common.Globals.NavigateURL(PortalSettings.ActiveTab.TabID));
}
private void CheckLogout(bool bLogout)
{
if (bLogout && UserInfo != null && UserInfo.UserID > 0) {
DataCache.ClearUserCache(PortalSettings.PortalId, Context.User.Identity.Name);
PortalSecurity objPortalSecurity = new PortalSecurity();
objPortalSecurity.SignOut();
}
}
public void OnAuthenticateRequest( object s, EventArgs e )
{
HttpContext Context = ( (HttpApplication)s ).Context;
HttpRequest Request = Context.Request;
HttpResponse Response = Context.Response;
//First check if we are upgrading/installing
if( Request.Url.LocalPath.EndsWith( "Install.aspx" ) )
{
return;
}
//exit if a request for a .net mapping that isn't a content page is made i.e. axd
if (Request.Url.LocalPath.ToLower().EndsWith(".aspx") == false && Request.Url.LocalPath.ToLower().EndsWith(".asmx") == false)
{
return;
}
// Obtain PortalSettings from Current Context
PortalSettings portalSettings = PortalController.GetCurrentPortalSettings();
if( Request.IsAuthenticated && portalSettings != null )
{
RoleController objRoleController = new RoleController();
UserInfo objUser = UserController.GetCachedUser( portalSettings.PortalId, Context.User.Identity.Name );
if( !Convert.ToBoolean( Request.Cookies["portalaliasid"] == null ) )
{
FormsAuthenticationTicket PortalCookie = FormsAuthentication.Decrypt( Context.Request.Cookies["portalaliasid"].Value );
// check if user has switched portals
if( portalSettings.PortalAlias.PortalAliasID != int.Parse( PortalCookie.UserData ) )
{
// expire cookies if portal has changed
Response.Cookies["portalaliasid"].Value = null;
Response.Cookies["portalaliasid"].Path = "/";
Response.Cookies["portalaliasid"].Expires = DateTime.Now.AddYears( - 30 );
Response.Cookies["portalroles"].Value = null;
Response.Cookies["portalroles"].Path = "/";
Response.Cookies["portalroles"].Expires = DateTime.Now.AddYears( - 30 );
}
}
// authenticate user and set last login ( this is necessary for users who have a permanent Auth cookie set )
if( objUser == null || objUser.Membership.LockedOut || objUser.Membership.Approved == false )
{
PortalSecurity objPortalSecurity = new PortalSecurity();
objPortalSecurity.SignOut();
// Redirect browser back to home page
Response.Redirect( Request.RawUrl, true );
return;
}
else // valid Auth cookie
{
// create cookies if they do not exist yet for this session.
if( Request.Cookies["portalroles"] == null )
{
// keep cookies in sync
DateTime CurrentDateTime = DateTime.Now;
// create a cookie authentication ticket ( version, user name, issue time, expires every hour, don't persist cookie, roles )
FormsAuthenticationTicket PortalTicket = new FormsAuthenticationTicket( 1, objUser.Username, CurrentDateTime, CurrentDateTime.AddHours( 1 ), false, portalSettings.PortalAlias.PortalAliasID.ToString() );
// encrypt the ticket
string strPortalAliasID = FormsAuthentication.Encrypt( PortalTicket );
// send portal cookie to client
Response.Cookies["portalaliasid"].Value = strPortalAliasID;
Response.Cookies["portalaliasid"].Path = "/";
Response.Cookies["portalaliasid"].Expires = CurrentDateTime.AddMinutes( 1 );
// get roles from UserRoles table
string[] arrPortalRoles = objRoleController.GetRolesByUser( objUser.UserID, portalSettings.PortalId );
// create a string to persist the roles
string strPortalRoles = String.Join(";", arrPortalRoles);
// create a cookie authentication ticket ( version, user name, issue time, expires every hour, don't persist cookie, roles )
FormsAuthenticationTicket rolesTicket = new FormsAuthenticationTicket( 1, objUser.Username, CurrentDateTime, CurrentDateTime.AddHours( 1 ), false, strPortalRoles );
// encrypt the ticket
string strRoles = FormsAuthentication.Encrypt( rolesTicket );
// send roles cookie to client
Response.Cookies["portalroles"].Value = strRoles;
Response.Cookies["portalroles"].Path = "/";
Response.Cookies["portalroles"].Expires = CurrentDateTime.AddMinutes( 1 );
}
if( Request.Cookies["portalroles"] != null )
{
// get roles from roles cookie
if( !String.IsNullOrEmpty( Request.Cookies["portalroles"].Value ))
{
FormsAuthenticationTicket RoleTicket = FormsAuthentication.Decrypt( Context.Request.Cookies["portalroles"].Value );
// convert the string representation of the role data into a string array
// and store it in the Roles Property of the User
objUser.Roles = RoleTicket.UserData.Split( ';' );
}
Context.Items.Add( "UserInfo", objUser );
Localization.SetLanguage( objUser.Profile.PreferredLocale );
}
}
}
if( HttpContext.Current.Items["UserInfo"] == null )
{
Context.Items.Add( "UserInfo", new UserInfo() );
}
}
protected void Page_Load(object sender, EventArgs e)
{
try
{
DotNetNuke.Framework.ServicesFramework.Instance.RequestAjaxAntiForgerySupport();
DotNetNuke.Framework.ServicesFramework.Instance.RequestAjaxScriptSupport();
if (Request["iu"] != null)
{
if (Request["iu"].ToString() != "")
{
// impersoniamo un caro utonto
int uid = int.Parse(Request["iu"].ToString());
//UserInfo MyUserInfo = UserController.GetUser(this.PortalId, uid, true);
UserInfo MyUserInfo = UserController.GetUserById(this.PortalId, uid);
if ((MyUserInfo != null))
{
//Remove user from cache
if (Page.User != null)
{
DotNetNuke.Common.Utilities.DataCache.ClearUserCache(this.PortalSettings.PortalId, Context.User.Identity.Name);
}
// sign current user out
PortalSecurity objPortalSecurity = new PortalSecurity();
objPortalSecurity.SignOut();
// sign new user in
UserController.UserLogin(PortalId, MyUserInfo, PortalSettings.PortalName, Request.UserHostAddress, false);
// redirect to the base url
if (HttpContext.Current.Request.IsSecureConnection)
{
Response.Redirect("https://" + PortalSettings.PortalAlias.HTTPAlias, true);
}
else
{
Response.Redirect("http://" + PortalSettings.PortalAlias.HTTPAlias, true);
}
}
}
}
//Module is not usuable by unauthenticated users
if (UserInfo.UserID <= 0)
{
this.panel_unregistereduser.Visible = true;
this.panel_normal.Visible = false;
return;
}
if (this.IsPostBack == false)
{
if (Session["UManage_StopAutoLauncher"] == null)
{
LaunchModule();
}
}
}
catch (Exception exc) //Module failed to load
{
Exceptions.ProcessModuleLoadException(this, exc);
}
}
