Пример #1
0
    public static bool CheckAccess(HttpResponse Response, HttpSessionState Session)
    {
        //Response.Cache.SetExpires(new DateTime(0));
        //return true;
        DatabaseConnection dbConn = HROne.Common.WebUtility.GetDatabaseConnection(Session);

        if (GetCurUser(Session) == null)
        {
            string LastURL = Session["LastURL"].ToString();
            Session.Abandon();
            if (!string.IsNullOrEmpty(LastURL))
            {
                HROne.Common.WebUtility.RedirectURLwithEncryptedQueryString(Response, Session, "~/Login.aspx?LastURL=" + Convert.ToBase64String(Encoding.ASCII.GetBytes(LastURL)));
            }
            else
            {
                HROne.Common.WebUtility.RedirectURLwithEncryptedQueryString(Response, Session, "~/Login.aspx");
            }
            return(false);
        }
        if (Session["ForceChangePassword"] != null)
        {
            if (Session["ForceChangePassword"].Equals(true))
            {
                HROne.Common.WebUtility.RedirectURLwithEncryptedQueryString(Response, Session, "~/ESS_EmpChangePassword.aspx");
            }
        }

        return(true);
    }
Пример #2
0
        // Cierra la session, clareando las variables usadas en Session.
        public static void closeSession()
        {
            HttpSessionState session = HttpContext.Current.Session;

            session.Clear();
            session.Abandon();
        }
Пример #3
0
    public static void StopSession(HttpSessionState Session, HttpResponse Response)
    {
        Session["user"] = null;
        Session.Abandon();

        Response.Redirect("Login.aspx");
    }
Пример #4
0
        public static bool EsUsuarioPermitido(HttpSessionState Session, int codigoObjeto)
        {
            bool       respuesta       = true;
            CSeguridad objetoSeguridad = new CSeguridad();

            if (Session["UserID"] == null)
            {
                respuesta = false;
            }
            //Valida que si el usuario esta correctamente loggeado no pueda entrar a modulo no permitido
            if (respuesta == true)
            {
                if (codigoObjeto != 999)
                {
                    objetoSeguridad.SeguridadUsuarioDatosID = Convert.ToInt32(Session["UserId"].ToString());
                    if (objetoSeguridad.EsUsuarioAdministrador() == false)
                    {
                        respuesta = objetoSeguridad.EsAccesoPermitido(codigoObjeto);
                        if (respuesta == false)
                        {
                            Session.Abandon();
                        }
                    }
                    else
                    {
                        respuesta = true;
                    }
                }
                else
                {
                    respuesta = true;
                }
            }
            return(respuesta);
        }
Пример #5
0
    public static void ApplicationLogout(HttpSessionState Session, HttpResponse Response = null)
    {
        Connector.IDatabaseConnector dbConnector     = new Connector.DatabaseConnectorClass();
        Connector.QueryParameter     logoutParameter = new Connector.QueryParameter();
        Connector.QueryResult        logoutResult    = new Connector.QueryResult();

        if (Session != null && Session["DVS_USER_ID"] != null)
        {
            if (Session["AUTHEN_TOKEN"] != null)
            {
                AMSDuplicateAuthenCore.ClearToken(Session["DVS_USER_ID"].ToString(), Session["AUTHEN_TOKEN"].ToString());
            }

            logoutParameter.Add("USER_ID", Session["DVS_USER_ID"]);
            logoutResult         = dbConnector.ExecuteStoredProcedure("SYS_I_LOGOUT", logoutParameter);
            logoutResult.Success = true;
            logoutResult.Message = string.Empty;
            logoutResult.RemoveOutputParam("error");
            Session.Abandon();
        }

        if (Response != null)
        {
            HttpCookie authenTokenCookie = new HttpCookie("AUTHEN_TOKEN");
            authenTokenCookie.Value = "";
            Response.Cookies.Add(authenTokenCookie);

            Response.ClearContent();
            Response.ContentType = "application/json";
            Response.Write(logoutResult.ToJson());
        }
    }
 public void TakeAction()
 {
     if (_initialized)
     {
         Debug.WriteLine("abandoning session");
         _session.Abandon();
     }
 }
Пример #7
0
 public void ClearSession(HttpSessionState s)
 {
     if (s != null)
     {
         s.Clear();
         s.Abandon();
     }
 }
Пример #8
0
 /// <summary>
 /// Cancels the current session
 /// </summary>
 /// <param name="session">User session</param>
 public void Abandon(HttpSessionState session)
 {
     if (session == null)
     {
         return;
     }
     session.Abandon();
     this._isAbandoned = true;
 }
Пример #9
0
        public static void logout(HttpSessionState session, System.Web.HttpResponse response)
        {
            string url = FormsAuthentication.LoginUrl;

            session.Clear();
            session.Abandon();
            FormsAuthentication.SignOut();
            response.Redirect(url, true);
        }
Пример #10
0
        public static void Abandon(HttpSessionState session) //Must be called where Session.Clear and Session.Abandon are called
        {
            var sessionGUID = LoggingHelper.GetSessionGUID(session);

            session.Abandon();
            if (sessionGUID != null)
            {
                LoggingHelper.SetSessionGUID(session, sessionGUID.Value);
            }
        }
Пример #11
0
 public static void SessionDesposed()
 {
     try
     {
         HttpSessionState session = HttpContext.Current.Session;
         session.Abandon();
     }
     catch
     {
         throw;
     }
 }
Пример #12
0
 public static void Logout(HttpSessionState Session)
 {
     if (Session != null)
     {
         Session.Clear();
         Session.Abandon();
         //DatabaseConnection dbConn = WebUtils.GetDatabaseConnection();
         //if (dbConn != null)
         //{
         //    WebUtils.SetSessionDatabaseConnection(Session, dbConn);
         //}
     }
 }
Пример #13
0
 /// <summary>
 /// <para>Abandons the current session in the backend and removes all associations with the current session.</para>
 /// </summary>
 public override void Abandon()
 {
     try
     {
         this.SyncRoot.EnterWriteLock();
         HttpSessionState backend = this.GetStorageBackend();
         backend.Abandon();
     }
     finally
     {
         if (this.SyncRoot.IsWriteLockHeld)
         {
             this.SyncRoot.ExitWriteLock();
         }
     }
 }
Пример #14
0
        public static void Logout(HttpSessionState Session, HttpResponse Response = null)
        {
            IDatabaseConnector dbConnector     = new DatabaseConnectorClass();
            QueryParameter     logoutParameter = new QueryParameter();
            QueryResult        logoutResult    = new QueryResult();

            if (Session != null)
            {
                if (AppSession.GetSession("USER_ID", Session) != null)
                {
                    string userID = AppSession.GetSession("USER_ID", Session).ToString();

                    if (AppSession.GetSession("AUTHEN_TOKEN", Session) != null)
                    {
                        AuthenUtil.ClearToken(userID, AppSession.GetSession("AUTHEN_TOKEN", Session).ToString());
                    }

                    logoutParameter.Add("USER_ID", userID);
                    logoutResult         = dbConnector.ExecuteStoredProcedure("SYS_I_LOGOUT", logoutParameter);
                    logoutResult.Success = true;
                    logoutResult.Message = string.Empty;
                    logoutResult.RemoveOutputParam("error");
                }

                AppSession.SetSession("USER_ID", null, Session);
                AppSession.SetSession("AUTHEN_TOKEN", null, Session);
                AppSession.SetSession("IS_GUEST", true, Session);

                //ถ้าอยาก clear session จะต้องบังคับให้ client refresh หน้าเว็บด้วยนะ เพราะต้อง regen CSRF ด้วย
                Session.Clear();
                Session.Abandon();
            }

            if (Response != null)
            {
                HttpCookie authenTokenCookie = new HttpCookie("AUTHEN_TOKEN");
                authenTokenCookie.Value = "";
                Response.Cookies.Add(authenTokenCookie);

                //ถ้าอยาก clear session จะต้องบังคับให้ client refresh หน้าเว็บด้วยนะ เพราะต้อง regen CSRF ด้วย
                Response.Cookies["esrith.session.id"].Expires = DateTime.Now.AddDays(-30);

                Response.ClearContent();
                Response.ContentType = "application/json";
                Response.Write(logoutResult.ToJson());
            }
        }
Пример #15
0
        public static void CheckUserStatus(BizPortalSessionContext context, HttpSessionState session, HttpApplicationState application, HttpRequest request, HttpResponse response)
        {
            var activingUsers = (Dictionary <long, string>)application["ActivingUsers"];

            foreach (var pair in activingUsers)
            {
                if (!context.UserID.Equals(pair.Key))
                {
                    continue;
                }
                if (session.SessionID.Equals(pair.Value))
                {
                    continue;
                }
                FormsAuthentication.SignOut();
                response.Redirect("~/login.aspx");
                //FormsAuthentication.RedirectToLoginPage();
                session.Abandon();
            }
        }
Пример #16
0
        public HttpSessionState ChangeSessionIdentifier()
        {
            HttpRequest      currentRequest  = ((Authenticator)Owasp.Esapi.Esapi.Authenticator()).CurrentRequest;
            HttpResponse     currentResponse = ((Authenticator)Owasp.Esapi.Esapi.Authenticator()).CurrentResponse;
            HttpSessionState currentSession  = ((Authenticator)Owasp.Esapi.Esapi.Authenticator()).CurrentSession;
            IDictionary      dictionary      = (IDictionary) new Hashtable();
            IEnumerator      enumerator      = ((IEnumerable)currentSession).GetEnumerator();

            while (enumerator != null && enumerator.MoveNext())
            {
                string current = (string)enumerator.Current;
                object obj     = currentSession;
                dictionary[(object)current] = obj;
            }
            currentSession.Abandon();
            currentResponse.SetCookie(new HttpCookie("ASP.NET_SessionId", ""));
            foreach (DictionaryEntry dictionaryEntry in new ArrayList((ICollection)dictionary))
            {
                currentSession.Add((string)dictionaryEntry.Key, dictionaryEntry.Value);
            }
            return(currentSession);
        }
    public static ConjuntoDePermissoesUsuarioSistemas ObterConjuntoDePermissoesUsuario(HttpSessionState Session, string nomUsrRde = "", List <string> grupos = null)
    {
        ConjuntoDePermissoesUsuarioSistemas retorno = new ConjuntoDePermissoesUsuarioSistemas();

        //
        if ((!nomUsrRde.Equals(string.Empty)))
        {
            var bll = new ControleDeAcessoBLL();
            //
            retorno.InformacoesUsuario = bll.ObterInformacoesUsuario(0, nomUsrRde).FirstOrDefault();
            if (retorno.InformacoesUsuario != null)
            {
                retorno.SistemasPermitidos = bll.ObterSistemasPermitidos(CODSISINF, retorno.InformacoesUsuario.CODFNC);
                if (grupos != null)
                {
                    retorno.SistemasPermitidos = retorno.SistemasPermitidos.Where(x => grupos.Contains(x.DESGRPRDESISSMA)).ToList();
                }
            }
        }
        else if (Session["ConjuntoDePermissoesUsuario"] != null)
        {
            retorno = (ConjuntoDePermissoesUsuarioSistemas)Session["ConjuntoDePermissoesUsuario"];
        }
        //
        if (retorno != null && retorno.InformacoesUsuario != null && retorno.SistemasPermitidos.Count > 0)
        {
            Session["ConjuntoDePermissoesUsuario"] = retorno;
        }
        else
        {
            Session.Clear();
            Session.Abandon();
        }
        //
        return(retorno);
    }
Пример #18
0
 internal void AbandonSessions()
 {
     _session.Abandon();
 }
Пример #19
0
 public void Abandon()// Deleting a session
 {
     session.Abandon();
 }
 public void AbandonSession()
 {
     session.Clear();
     session.Abandon();
 }
Пример #21
0
 //********************************************************
 public static void Logout()
 {
     FormsAuthentication.SignOut();
     CurrentSession.Abandon();
 }
Пример #22
0
 public void Abandon()
 {
     _session.Abandon();
     //anuluje bierzącą sesję
     //throw new NotImplementedException();
 }
 public void Abandon()
 {
     _sessionState.Abandon();
 }
Пример #24
0
 public void AbandonSessions()
 {
     _session.Abandon();
 }
Пример #25
0
 public static void Logout()
 {
     Session.Abandon();
 }
Пример #26
0
 //remove session
 public void Remove()
 {
     session.Abandon();
 }
Пример #27
0
 public void Dispose()
 {
     session.Clear();
     session.Abandon();
 }
Пример #28
0
 public void Abandom(string key)
 {
     session.Abandon();
 }
 public void Abandon()
 {
     session.Abandon();
 }
Пример #30
0
 public void Logout()
 {
     _session.Abandon();
 }