internal bool LogAction(String reason, Guid userId)
{
try
{
var logger = new BCLoggerMapperService();
if (_logIpAddress)
{
reason = reason + " (" + Request.UserHostAddress + ")";
}
return(logger.AddLog(_portletTemplate.ID.AsGuid, PortalUser.Current.ID.AsGuid, userId, reason, DateTime.Now));
}
catch (Exception ex)
{
if (PortalUser.Current.IsSiteAdmin)
{
divError.InnerHtml = Globalizer.GetGlobalizedString("CUS_BC_PL_ERROR_ADMIN") + ex;
}
else
{
divError.InnerHtml = Globalizer.GetGlobalizedString("CUS_BC_PL_ERROR_USER");
}
divError.Visible = true;
return(false);
}
}
internal bool LogAction(String reason, Guid userId)
{
try
{
var logger = new BCLoggerMapperService();
if (_logIpAddress)
{
reason = reason + " (" + Request.UserHostAddress + ")";
}
return(logger.AddLog(ParentPortlet.Portlet.PortletTemplate.ID.AsGuid, PortalUser.Current.ID.AsGuid, userId, reason, DateTime.Now));
}
catch (Exception ex)
{
if (PortalUser.Current.IsSiteAdmin)
{
ParentPortlet.ShowFeedback(FeedbackType.Error, Globalizer.GetGlobalizedString("CUS_BC_PL_ERROR_ADMIN") + ex);
}
else
{
ParentPortlet.ShowFeedback(FeedbackType.Error, Globalizer.GetGlobalizedString("CUS_BC_PL_ERROR_USER"));
}
return(false);
}
}
public Check RoleCheck(PortalUser pu, PortletTemplate portletTemplate, PortalUser currentUser = null)
{
if (currentUser == null)
{
currentUser = PortalUser.Current;
}
if (portletTemplate.AccessCheck("DenyAccess", pu))
{
return(new Check(false, Globalizer.GetGlobalizedString("CUS_BC_PL_DENIED_PERMS")));
}
if (pu.IsMemberOf(PortalGroup.Staff))
{
if (!portletTemplate.AccessCheck("CanProxyStaff", currentUser))
{
return(new Check(false, Globalizer.GetGlobalizedString("CUS_BC_PL_STAFF_PERMS")));
}
}
if (pu.IsMemberOf(PortalGroup.Faculty))
{
if (!portletTemplate.AccessCheck("CanProxyFaculty", currentUser))
{
return(new Check(false, Globalizer.GetGlobalizedString("CUS_BC_PL_FACULTY_PERMS")));
}
}
if (pu.IsMemberOf(PortalGroup.Students))
{
if (!portletTemplate.AccessCheck("CanProxyStudent", currentUser))
{
return(new Check(false, Globalizer.GetGlobalizedString("CUS_BC_PL_STUDENT_PERMS")));
}
}
if (pu.IsMemberOf(PortalGroup.FindByStatusCode("CAN"))) // Candidate
{
if (!portletTemplate.AccessCheck("CanProxyCandidate", currentUser))
{
return(new Check(false, Globalizer.GetGlobalizedString("CUS_BC_PL_CANDIDATE_PERMS")));
}
}
if (pu.IsMemberOf(PortalGroup.FindByStatusCode("ALM")))
{
if (!portletTemplate.AccessCheck("CanProxyConstituent", currentUser))
{
return(new Check(false, Globalizer.GetGlobalizedString("CUS_BC_PL_CONSTITUENT_PERMS")));
}
}
return(pu.IsMemberOf(PortalGroup.Administrators) ? new Check(false, Globalizer.GetGlobalizedString("CUS_BC_PL_SITE_ADMIN_PERMS")) : new Check(true));
}
protected void BtnLoginClick(object sender, EventArgs e)
{
if (String.Empty == tbReason.Text.Trim())
{
divmessage.InnerHtml = Globalizer.GetGlobalizedString("CUS_BC_PL_REQUIRED_REASON");
divmessage.Visible = true;
}
else if (_requirePassword && !ValidPassword())
{
divmessage.InnerHtml = Globalizer.GetGlobalizedString("CUS_BC_PL_INVALID_PW");
divmessage.Visible = true;
if (_logFailures)
{
var user = getPortalUserByUserName(tbUserName.Text);
LogAction(Globalizer.GetGlobalizedString("CUS_BC_PL_INVALID_PW"), user.ID);
}
}
else
{
PerformLogin();
}
}
private void PerformLogin()
{
var username = tbUserName.Text;
var user = getPortalUserByUserName(username);
if (user != null)
{
var roleCheck = new RoleChecker().RoleCheck(user, _portletTemplate);
if (roleCheck.Success)
{
if (LogAction(tbReason.Text, user.ID))
{
var currentUser = PortalUser.Current.Username;
HttpContext.Current.Session.Clear();
PortalGlobal.Login(user.Username, String.Empty);
HttpContext.Current.Session["file_access"] = new StringDictionary(); // UploadFile doesn't check to see if there is a valid StringDictionary here, and does a cast. This causes a unhandled exception that bubbles up to a YSOD
HttpContext.Current.Session["ProxyLoginOriginalUser"] = currentUser;
HttpContext.Current.Session["ProxyLoginDontRedirect"] = true;
}
}
else
{
divmessage.InnerHtml = roleCheck.Reason;
divmessage.Visible = true;
if (_logFailures)
{
LogAction(roleCheck.Reason, user.ID);
}
}
}
else
{
divmessage.InnerHtml = Globalizer.GetGlobalizedString("CUS_BC_PL_USER_NOT_FOUND");
divmessage.Visible = true;
}
}
private void PerformLogin()
{
var username = tbUserName.Text;
var user = getPortalUserByUserName(username);
if (user != null)
{
var roleCheck = new RoleChecker().RoleCheck(user, ParentPortlet.Portlet.PortletTemplate);
if (roleCheck.Success)
{
if (LogAction(tbReason.Text, user.ID))
{
var currentUser = PortalUser.Current.Username;
HttpContext.Current.Session.Clear();
HttpContext.Current.Session["file_access"] = new StringDictionary();// UploadFile doesn't check to see if there is a valid StringDictionary here, and does a cast. This causes a unhandled exception that bubbles up to a YSOD
PortalGlobal.Login(user.Username, String.Empty);
HttpContext.Current.Session["ProxyLoginOriginalUser"] = currentUser;
BCProxyLogin.RedirectUrl(Response);
}
}
else
{
ParentPortlet.ShowFeedback(FeedbackType.Message, roleCheck.Reason);
if (_logFailures)
{
LogAction(roleCheck.Reason, user.ID);
}
}
}
else
{
ParentPortlet.ShowFeedback(FeedbackType.Message, Globalizer.GetGlobalizedString("CUS_BC_PL_USER_NOT_FOUND"));
}
}
protected void BtnLoginClick(object sender, EventArgs e)
{
if (String.Empty == tbReason.Text.Trim())
{
ParentPortlet.ShowFeedback(FeedbackType.Message, Globalizer.GetGlobalizedString("CUS_BC_PL_REQUIRED_REASON"));
}
else if (_requirePassword && !ValidPassword())
{
ParentPortlet.ShowFeedback(FeedbackType.Message, Globalizer.GetGlobalizedString("CUS_BC_PL_INVALID_PW"));
if (_logFailures)
{
var user = getPortalUserByUserName(tbUserName.Text);
LogAction(Globalizer.GetGlobalizedString("CUS_BC_PL_INVALID_PW"), user.ID);
}
}
else if (HttpContext.Current.Session["ProxyLoginOriginalUser"] != null)
{
ParentPortlet.ShowFeedback(FeedbackType.Message, Globalizer.GetGlobalizedString("CUS_BC_PL_ALREADY_PROXIED"));
}
else
{
PerformLogin();
}
}
protected void Page_Load(object sender, EventArgs e)
{
if (!IsFirstLoad)
{
return;
}
lblReason.Text = Globalizer.GetGlobalizedString("CUS_BC_PL_REASON_LABEL_TEXT");
lblUserName.Text = Globalizer.GetGlobalizedString("CUS_BC_PL_USERNAME_LABEL_TEXT");
lblPassword.Text = Globalizer.GetGlobalizedString("CUS_BC_PL_PASSWORD_LABEL_TEXT");
if (_requirePassword)
{
pnlPassword.Visible = true;
}
if (Session["reloginCommand"] != null)
{
var args = Session["reloginCommand"].ToString().Split('|');
tbUserName.Text = args[0];
tbReason.Text = args[1];
Session.Remove("reloginCommand");
}
}
public ActionResult CheckCredentials(User currentUser, string username, string password, string reason)
{
var returnContent = Globalizer.GetGlobalizedString("MSG_LOGINPORTLET_INVALID");
if (currentUser.Username == "Guest")
{
return(Content("User Not Loged In"));
}
var currentPortalUser = _portalUserFacade.FindByUsername(currentUser.Username);
if (Request.IsAjaxRequest())
{
try
{
if (_loginService.IsLoginValid(currentUser.Username, password) || !_requirePassword)
{
if (System.Web.HttpContext.Current.Session["ProxyLoginOriginalUser"] != null)
{
return(Content(Globalizer.GetGlobalizedString("CUS_BC_PL_ALREADY_PROXIED")));
}
var user = _portalUserFacade.FindByUsername(username);
if (user != null)
{
var roleCheck = new RoleChecker().RoleCheck(user, _portletTemplateFacade.FindByName("[CUS] BCProxyLogin"), currentPortalUser);
if (roleCheck.Success)
{
LogAction(reason, user.ID, currentPortalUser.ID);
System.Web.HttpContext.Current.Session.Clear();
System.Web.HttpContext.Current.Session["file_access"] = new StringDictionary();// UploadFile doesn't check to see if there is a valid StringDictionary here, and does a cast. This causes a unhandled exception that bubbles up to a YSOD
_formsAuthenticationService.SignIn(username, false);
System.Web.HttpContext.Current.Session["ProxyLoginOriginalUser"] = currentUser;
returnContent = "OK";
}
else
{
if (_logFailures)
{
LogAction(roleCheck.Reason, user.ID, currentPortalUser.ID);
}
returnContent = roleCheck.Reason;
}
}
else
{
returnContent = Globalizer.GetGlobalizedString("CUS_BC_PL_USER_NOT_FOUND");
}
}
}
catch (Exception ex)
{
returnContent = ex.GetBaseException().Message;
}
}
return(Content(returnContent));
}
