protected void Page_Load(object sender, EventArgs e)
{
if (!IsPostBack && !IsCallback && !IsAsync)
{
if (!string.IsNullOrEmpty(Request.QueryString["teacher"]))
{
HAP.MyFiles.Homework.Homework Homework = new HAP.MyFiles.Homework.Homeworks().Homework.Single(hw => hw.Teacher == Request.QueryString["teacher"] && hw.Name == Request.QueryString["name"] && hw.Start == Request.QueryString["start"].Replace('.', ':') && hw.End == Request.QueryString["end"].Replace('.', ':'));
ADUser.Authenticate(Homework.Teacher, TokenGenerator.ConvertToPlain(Homework.Token));
}
ADUser.Impersonate();
string path = Server.UrlDecode(Request.QueryString["path"].Remove(0, 1).Replace('^', '&').Replace("|", "%"));
string p = Request.QueryString["path"].Substring(0, 1);
DriveMapping unc = null;
unc = config.MyFiles.Mappings.FilteredMappings[p.ToCharArray()[0]];
if (unc == null || !isWriteAuth(unc))
{
Response.Redirect(Request.ApplicationPath + "/unauthorised.aspx", true);
}
else
{
path = Converter.FormatMapping(unc.UNC, ADUser) + path.Replace('/', '\\');
}
ADUser.EndImpersonate();
}
}
public UsersObject Authenticate(string username, string password, string ipAddress, bool isLocalRequest)
{
ADUser ldap = null;
CPDatabase database = null;
try
{
// Check if IP address is blocked from brute force
if (IsBlockedFromBruteForce(ipAddress) && !isLocalRequest)
{
ThrowEvent(AlertID.FAILED, "Your IP has been blocked");
return(null);
}
else
{
database = new CPDatabase();
// Find the user in SQL first
var user = (from d in database.Users
where d.UserPrincipalName == username
select d).FirstOrDefault();
ldap = new ADUser(StaticSettings.Username, StaticSettings.DecryptedPassword, StaticSettings.PrimaryDC);
// Authenticate the user
UsersObject userObject = ldap.Authenticate(username, password);
if (userObject == null)
{
// Audit the login
AuditLogin(username, ipAddress, false);
ThrowEvent(AlertID.FAILED, username + " failed to login.");
return(null);
}
else
{
// Audit the login
AuditLogin(username, ipAddress, true);
// Now check the groups
string[] cpGroups = StaticSettings.SuperAdmins.ToLower().Split(new char[] { ',' }, StringSplitOptions.RemoveEmptyEntries);
// User could be null if it is a domain admin which won't be in the database.
if (user != null)
{
userObject.CompanyCode = user.CompanyCode;
userObject.ResellerCode = GetResellerCode(user.CompanyCode);
if (user.IsCompanyAdmin != null && (bool)user.IsCompanyAdmin)
{
userObject.IsCompanyAdmin = true;
}
if (user.IsResellerAdmin != null && (bool)user.IsResellerAdmin)
{
userObject.IsResellerAdmin = true;
}
}
// Now check if they are a super admin
foreach (string g in cpGroups)
{
var isFound = userObject.Groups.Where(a => a.ToLower().StartsWith("cn=" + g)).Count();
if (isFound > 0)
{
userObject.IsSuperAdmin = true;
break;
}
}
return(userObject);
}
}
}
catch (Exception ex)
{
this.logger.Error("Error logging in user " + username, ex);
ThrowEvent(AlertID.FAILED, ex.Message);
return(null);
}
finally
{
if (database != null)
{
database.Dispose();
}
if (ldap != null)
{
ldap.Dispose();
}
}
}
protected void uploadbtn_Click(object sender, EventArgs e)
{
if (!string.IsNullOrEmpty(Request.QueryString["teacher"]))
{
HAP.MyFiles.Homework.Homework Homework = new HAP.MyFiles.Homework.Homeworks().Homework.Single(hw => hw.Teacher == Request.QueryString["teacher"] && hw.Name == Request.QueryString["name"] && hw.Start == Request.QueryString["start"].Replace('.', ':') && hw.End == Request.QueryString["end"].Replace('.', ':'));
ADUser.Authenticate(Homework.Teacher, TokenGenerator.ConvertToPlain(Homework.Token));
}
ADUser.Impersonate();
message.Text = "";
string path = Server.UrlDecode(Request.QueryString["path"].Remove(0, 1).Replace('^', '&').Replace("|", "%"));
string p = Request.QueryString["path"].Substring(0, 1);
DriveMapping unc = null;
unc = config.MyFiles.Mappings.FilteredMappings[p.ToCharArray()[0]];
if (unc == null || !isWriteAuth(unc))
{
Response.Redirect(Request.ApplicationPath + "/unauthorised.aspx", true);
}
else
{
path = Converter.FormatMapping(unc.UNC, ADUser) + path.Replace('/', '\\');
}
if (FileUpload1.HasFile && isAuth(Path.GetExtension(FileUpload1.FileName)))
{
FileUpload1.SaveAs(Path.Combine(path, (string.IsNullOrEmpty(Request.QueryString["teacher"]) ? "" : User.Identity.Name + " - ") + FileUpload1.FileName)); message.Text += FileUpload1.FileName + " has been uploaded<br />";
}
else if (FileUpload1.HasFile)
{
message.Text += "Error: " + FileUpload1.FileName + " is a restricted file type<br/>";
}
if (FileUpload2.HasFile && isAuth(Path.GetExtension(FileUpload2.FileName)))
{
FileUpload2.SaveAs(Path.Combine(path, (string.IsNullOrEmpty(Request.QueryString["teacher"]) ? "" : User.Identity.Name + " - ") + FileUpload2.FileName)); message.Text += FileUpload2.FileName + " has been uploaded<br />";
}
else if (FileUpload2.HasFile)
{
message.Text += "Error: " + FileUpload2.FileName + " is a restricted file type<br/>";
}
if (FileUpload3.HasFile && isAuth(Path.GetExtension(FileUpload3.FileName)))
{
FileUpload3.SaveAs(Path.Combine(path, (string.IsNullOrEmpty(Request.QueryString["teacher"]) ? "" : User.Identity.Name + " - ") + FileUpload3.FileName)); message.Text += FileUpload3.FileName + " has been uploaded<br />";
}
else if (FileUpload3.HasFile)
{
message.Text += "Error: " + FileUpload3.FileName + " is a restricted file type<br/>";
}
if (FileUpload4.HasFile && isAuth(Path.GetExtension(FileUpload4.FileName)))
{
FileUpload4.SaveAs(Path.Combine(path, (string.IsNullOrEmpty(Request.QueryString["teacher"]) ? "" : User.Identity.Name + " - ") + FileUpload4.FileName)); message.Text += FileUpload4.FileName + " has been uploaded<br />";
}
else if (FileUpload4.HasFile)
{
message.Text += "Error: " + FileUpload4.FileName + " is a restricted file type<br/>";
}
if (FileUpload5.HasFile && isAuth(Path.GetExtension(FileUpload5.FileName)))
{
FileUpload5.SaveAs(Path.Combine(path, (string.IsNullOrEmpty(Request.QueryString["teacher"]) ? "" : User.Identity.Name + " - ") + FileUpload5.FileName)); message.Text += FileUpload5.FileName + " has been uploaded<br />";
}
else if (FileUpload5.HasFile)
{
message.Text += "Error: " + FileUpload5.FileName + " is a restricted file type<br/>";
}
if (!string.IsNullOrEmpty(message.Text))
{
message.Text = "<div style=\"padding: 4px; color: red;\">" + message.Text + "</div>";
}
closeb.Visible = (((Button)sender).ID == "uploadbtnClose");
ADUser.EndImpersonate();
}