protected void Application_AuthenticateRequest(Object sender, EventArgs e)
{
try
{
// Is user authenticated?
if(Request.IsAuthenticated)
{
string[] roles;
// `if roles in cookies isn't existing then to create a new else getting roles from cookies
if ((Request.Cookies["bfp_roles"] == null) || (Request.Cookies["bfp_roles"].Value == ""))
{
// geting the user's groups for current user from database
user = new clsUsers();
user.iOrgId = _functions.GetUserOrgId(HttpContext.Current.User.Identity.Name, false);
user.iId = _functions.GetUserOrgId(HttpContext.Current.User.Identity.Name, true);
DataTable dtGroups = user.GetUserGroupsList();
// creating the roles's string for user from groups list
string roleStr = "";
foreach (DataRow dr in dtGroups.Rows)
{
roleStr += String.Format("{0};", dr["vchDesc"]);
}
roleStr = roleStr.Remove(roleStr.Length - 1, 1);
// creating a ticket for user with his roles
FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(
1,
HttpContext.Current.User.Identity.Name,
DateTime.Now,
DateTime.Now.AddYears(1),
false,
roleStr
);
// convert roles to string array
roles = roleStr.Split(new Char[] {';'});
// encrypting ticket for setting to cookie
String cookieStr = FormsAuthentication.Encrypt(ticket);
Response.Cookies["bfp_roles"].Value = cookieStr;
Response.Cookies["bfp_roles"].Path = "/";
Response.Cookies["bfp_roles"].Expires = DateTime.Now.AddYears(1);
}
else
{
// getting and decrypt the ticket from cookies
FormsAuthenticationTicket ticket =
FormsAuthentication.Decrypt(Context.Request.Cookies["bfp_roles"].Value);
// getting and convert roles to string array
ArrayList userRoles = new ArrayList();
foreach (String role in ticket.UserData.Split( new char[] {';'} ))
{
userRoles.Add(role);
}
roles = (String[]) userRoles.ToArray(typeof(String));
}
// set the roles to current user
HttpContext.Current.User = new GenericPrincipal(Context.User.Identity, roles);
}
}
catch(Exception ex)
{
_functions.Log(ex, HttpContext.Current.User.Identity.Name, "Global.asax.cs");
}
finally
{
if(user != null)
{
user.Dispose();
}
}
}
private void btLogin_Click(object sender, System.EventArgs e)
{
string sUserData;
string[] roles;
string roleStr = "";
DataTable dtGroups = null;
int iReturn;
try
{
user = new clsUsers();
user.sEmail = tbEmail.Text;
user.sPass = tbPassword.Text;
iReturn = user.Authenticate();
switch(iReturn)
{
case 0:
lbErr.Visible = false;
sUserData = user.iId.Value.ToString() + ":" + user.iOrgId.Value.ToString();
dtGroups = user.GetUserGroupsList();
foreach (DataRow dr in dtGroups.Rows)
{
roleStr += String.Format("{0};", dr["vchDesc"]);
}
roleStr = roleStr.Remove(roleStr.Length - 1, 1);
FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(
1,
sUserData,
DateTime.Now,
DateTime.Now.AddHours(1),
false,
roleStr
);
roles = roleStr.Split(new char[] {';'});
string cookieStr = FormsAuthentication.Encrypt(ticket);
Response.Cookies["bfp_roles"].Value = cookieStr;
Response.Cookies["bfp_roles"].Path = "/";
Response.Cookies["bfp_roles"].Expires = DateTime.Now.AddHours(1);
FormsAuthentication.SetAuthCookie(sUserData, true);
Response.Redirect("main.aspx", false);
break;
case 1:
tblLogin.Rows[0].Visible = true;
tblLogin.Rows[1].Visible = true;
tblLogin.Rows[2].Visible = false;
tblLogin.Rows[3].Visible = false;
tblLogin.Rows[4].Visible = false;
ViewState["UserId"] = user.iId.Value;
dgOrgs.DataSource = new DataView(user.GetOrgListFromUser());
dgOrgs.DataBind();
lbErr.Visible = false;
break;
case -1:
lbErr.Visible = true;
break;
default:
lbErr.Visible = true;
break;
}
}
catch(Exception ex)
{
_functions.Log(ex, "", "default.aspx.cs");
lbErr.Visible = true;
lbErr.Text = ex.Message;
}
finally
{
if(user != null)
{
user.Dispose();
}
}
}
private void Page_Load(object sender, System.EventArgs e)
{
string sBackPage;
try
{
OrgId = _functions.GetUserOrgId(HttpContext.Current.User.Identity.Name, false);
if(Request.QueryString["id"] == null)
{
Session["lastpage"] = "admin_users.aspx";
Session["error"] = _functions.ErrorMessage(104);
Response.Redirect("error.aspx", false);
return;
}
try
{
UserId = Convert.ToInt32(Request.QueryString["id"]);
}
catch(FormatException fex)
{
Session["lastpage"] = "admin_users.aspx";
Session["error"] = _functions.ErrorMessage(105);
Response.Redirect("error.aspx", false);
return;
}
lblBack.Text = "<input type=button value=\" Back \" onclick=\"document.location='admin_users.aspx'\">";
if(!IsPostBack)
{
hlUserEdit.NavigateUrl = "admin_user_detail_edit.aspx?id=" + UserId.ToString();
user = new clsUsers();
user.cAction = "S";
user.iOrgId = OrgId;
user.iId = UserId;
if(user.UserDetails() == -1)
{
Session["lastpage"] = "admin_user_detail.aspx?id=" + UserId.ToString();
Session["error"] = _functions.ErrorMessage(134);
Response.Redirect("error.aspx", false);
return;
}
lblFirstName.Text = user.sFirstName.Value;
lblLastName.Text = user.sLastName.Value;
lblType.Text = user.sTypeName.Value;
lblEmail.Text = user.sEmail.Value;
lblHourlyRate.Text = user.dmHourlyRate.Value.ToString("C");
lblCreatedDate.Text = user.daCreated.Value.ToLongDateString() + " " + user.daCreated.Value.ToLongTimeString();
if(user.bActiveStatus.Value)
{
lblUserActivateStatus.Text = "Activated";
}
else
{
lblUserActivateStatus.Text = "Deactivated";
}
dgGroups.DataSource = new DataView(user.GetUserGroupsList());
dgGroups.DataBind();
equip = new clsEquipment();
equip.iOrgId = OrgId;
equip.iUserId = UserId;
dgEquipments.DataSource = new DataView(equip.GetEquipListByUser());
dgEquipments.DataBind();
}
}
catch(Exception ex)
{
_functions.Log(ex, HttpContext.Current.User.Identity.Name, SourcePageName);
Session["lastpage"] = "admin_users.aspx";
Session["error"] = ex.Message;
Session["error_report"] = ex.ToString();
Response.Redirect("error.aspx", false);
}
finally
{
if(equip != null)
equip.Dispose();
if(user != null)
user.Dispose();
}
}
private void dgOrgs_SelectedIndexChanged(object sender, System.EventArgs e)
{
string sUserData;
string[] roles;
string roleStr = "";
DataTable dtGroups = null;
string sOrg;
try
{
lbErr.Visible = false;
sOrg = ((LinkButton)dgOrgs.SelectedItem.FindControl("lbSelect")).CommandArgument;
sUserData = ((int)ViewState["UserId"]).ToString() + ":" + sOrg;
user = new clsUsers();
user.iOrgId = Convert.ToInt32(sOrg);
user.iId = (int)ViewState["UserId"];
dtGroups = user.GetUserGroupsList();
foreach (DataRow dr in dtGroups.Rows)
{
roleStr += String.Format("{0};", dr["vchDesc"]);
}
roleStr = roleStr.Remove(roleStr.Length - 1, 1);
FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(
1,
sUserData,
DateTime.Now,
DateTime.Now.AddHours(1),
false,
roleStr
);
roles = roleStr.Split(new char[] {';'});
string cookieStr = FormsAuthentication.Encrypt(ticket);
Response.Cookies["bfp_roles"].Value = cookieStr;
Response.Cookies["bfp_roles"].Path = "/";
Response.Cookies["bfp_roles"].Expires = DateTime.Now.AddHours(1);
FormsAuthentication.SetAuthCookie(sUserData, true);
Response.Redirect("main.aspx", false);
}
catch(Exception ex)
{
lbErr.Visible = true;
_functions.Log(ex, "", "default.aspx.cs");
lbErr.Text = ex.Message;
}
finally
{
if(user != null)
{
user.Dispose();
}
}
}
protected void Application_AuthenticateRequest(Object sender, EventArgs e)
{
try
{
if(Request.IsAuthenticated)
{
string[] roles;
if ((Request.Cookies["bfp_roles"] == null) || (Request.Cookies["bfp_roles"].Value == ""))
{
user = new clsUsers();
user.iOrgId = _functions.GetUserOrgId(HttpContext.Current.User.Identity.Name, false);
user.iId = _functions.GetUserOrgId(HttpContext.Current.User.Identity.Name, true);
DataTable dtGroups = user.GetUserGroupsList();
string roleStr = "";
foreach (DataRow dr in dtGroups.Rows)
{
roleStr += String.Format("{0};", dr["vchDesc"]);
}
roleStr = roleStr.Remove(roleStr.Length - 1, 1);
FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(
1,
HttpContext.Current.User.Identity.Name,
DateTime.Now,
DateTime.Now.AddHours(1),
false,
roleStr
);
roles = roleStr.Split(new Char[] {';'});
String cookieStr = FormsAuthentication.Encrypt(ticket);
Response.Cookies["bfp_roles"].Value = cookieStr;
Response.Cookies["bfp_roles"].Path = "/";
Response.Cookies["bfp_roles"].Expires = DateTime.Now.AddHours(1);
}
else
{
FormsAuthenticationTicket ticket =
FormsAuthentication.Decrypt(Context.Request.Cookies["bfp_roles"].Value);
ArrayList userRoles = new ArrayList();
foreach (String role in ticket.UserData.Split( new char[] {';'} ))
{
userRoles.Add(role);
}
roles = (String[]) userRoles.ToArray(typeof(String));
}
HttpContext.Current.User = new GenericPrincipal(Context.User.Identity, roles);
}
}
catch(Exception ex)
{
_functions.Log(ex, HttpContext.Current.User.Identity.Name, "Global.asax.cs");
}
finally
{
if(user != null)
{
user.Dispose();
}
}
}
/// <summary>
/// Login
/// </summary>
/// <param name="sender"></param>
/// <param name="e"></param>
private void btLogin_Click(object sender, System.EventArgs e)
{
string sUserData;
string[] roles;
string roleStr = "";
DataTable dtGroups = null;
int iReturn;
try
{
lbErr.Visible = false;
user = new clsUsers();
user.sEmail = tbEmail.Text;
// User authenticating
if(user.Authenticate() == -1)
{
lbErr.Visible = true;
}
else
{
if(!user.bActiveStatus.Value)
{
lbErr.Visible = true;
lbErr.Text = _functions.ErrorMessage(202);
return;
}
string dbPasswordHash = user.sPass.Value;
string salt = user.sSalt.Value;
// Now take the salt and the password entered by the user
// and concatenate them together.
string passwordAndSalt = String.Concat(tbPassword.Text, salt);
// Now hash them
string hashedPasswordAndSalt =
FormsAuthentication.HashPasswordForStoringInConfigFile(
passwordAndSalt,
"SHA1");
// Now verify them. Returns true if they are equal
if(!hashedPasswordAndSalt.Equals(dbPasswordHash))
{
lbErr.Visible = true;
}
else
{
// Getting info about user
iReturn = user.LoginInfo();
switch(iReturn)
{
case 0:
Response.Cookies["bfp_logo"].Value = user.sLogo.Value;
Response.Cookies["bfp_logo"].Path = "/";
Response.Cookies["bfp_logo"].Expires = DateTime.Now.AddYears(1);
// The authenticate was done successfully
lbErr.Visible = false;
// Creating the user's identifying string
sUserData = user.iId.Value.ToString() + ":" + user.iOrgId.Value.ToString();
// creating the roles's string for user from groups list
dtGroups = user.GetUserGroupsList();
foreach (DataRow dr in dtGroups.Rows)
{
roleStr += String.Format("{0};", dr["vchDesc"]);
}
roleStr = roleStr.Remove(roleStr.Length - 1, 1);
// creating a ticket for user with his roles
FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(
1,
sUserData,
DateTime.Now,
DateTime.Now.AddYears(1),
false,
roleStr
);
roles = roleStr.Split(new char[] {';'});
// encrypting ticket for setting to cookie
string cookieStr = FormsAuthentication.Encrypt(ticket);
Response.Cookies["bfp_roles"].Value = cookieStr;
Response.Cookies["bfp_roles"].Path = "/";
Response.Cookies["bfp_roles"].Expires = DateTime.Now.AddYears(1);
// setting the user's identifying string to cookie
FormsAuthentication.SetAuthCookie(sUserData, true);
if(Request.QueryString["ReturnUrl"] != null)
Response.Redirect(Request.QueryString["ReturnUrl"], false);
else
Response.Redirect("selectMode.aspx", false);
break;
case 1:
// if there are many organization for current user then we are showing they on screen for choosing
tblLogin.Rows[0].Visible = true;
tblLogin.Rows[1].Visible = true;
tblLogin.Rows[2].Visible = false;
tblLogin.Rows[3].Visible = false;
tblLogin.Rows[4].Visible = false;
ViewState["UserId"] = user.iId.Value;
dgOrgs.DataSource = new DataView(user.GetOrgListFromUser());
dgOrgs.DataBind();
lbErr.Visible = false;
break;
case -1:
lbErr.Visible = true;
break;
default:
lbErr.Visible = true;
break;
}
}
}
}
catch(Exception ex)
{
_functions.Log(ex, "", SourcePageName);
lbErr.Visible = true;
lbErr.Text = ex.Message;
}
finally
{
if(user != null)
{
user.Dispose();
}
}
}
/// <summary>
/// Adding the user to selected group
/// </summary>
/// <param name="sender"></param>
/// <param name="e"></param>
private void btnAddGroup_Click(object sender, System.EventArgs e)
{
try
{
user = new clsUsers();
user.cAction = "I";
user.iId = UserId;
user.iOrgId = OrgId;
user.iGroupId = Convert.ToInt32(ddlGroup.SelectedValue);
if(user.UsersGroupsDetail() == -1)
{
Session["lastpage"] = "admin_user_detail_edit.aspx?id=" + UserId.ToString();
Session["error"] = _functions.ErrorMessage(117);
Response.Redirect("error.aspx", false);
return;
}
// showing the groups after adding
dgGroups.DataSource = new DataView(user.GetUserGroupsList());
dgGroups.DataBind();
ddlGroup.DataSource = new DataView(user.GetGroupsListByNotUser());
ddlGroup.DataBind();
if(ddlGroup.Items.Count == 0)
{
ddlGroup.Enabled = false;
btnAddGroup.Enabled = false;
}
else
{
ddlGroup.Enabled = true;
btnAddGroup.Enabled = true;
}
}
catch(Exception ex)
{
_functions.Log(ex, HttpContext.Current.User.Identity.Name, SourcePageName);
Session["lastpage"] = "admin_user_detail_edit.aspx?id=" + UserId.ToString();
Session["error"] = ex.Message;
Session["error_report"] = ex.ToString();
Response.Redirect("error.aspx", false);
}
finally
{
if(user != null)
user.Dispose();
}
}
private void Page_Load(object sender, System.EventArgs e)
{
try
{
OrgId = _functions.GetUserOrgId(HttpContext.Current.User.Identity.Name, false);
if(Request.QueryString["id"] == null)
{
Session["lastpage"] = "admin_users.aspx";
Session["error"] = _functions.ErrorMessage(104);
Response.Redirect("error.aspx", false);
return;
}
try
{
UserId = Convert.ToInt32(Request.QueryString["id"]);
}
catch(FormatException fex)
{
Session["lastpage"] = "admin_users.aspx";
Session["error"] = _functions.ErrorMessage(105);
Response.Redirect("error.aspx", false);
return;
}
if(UserId == 0)
{
Header.AddBreadCrumb("Home", "/selectMode.aspx");
Header.AddBreadCrumb("Administration", "/admin.aspx");
Header.AddBreadCrumb("User Search", "/admin_users.aspx");
this.PageTitle = "Add a New User";
}
else
{
Header.AddBreadCrumb("Home", "/selectMode.aspx");
Header.AddBreadCrumb("Administration", "/admin.aspx");
Header.AddBreadCrumb("User Search", "/admin_users.aspx");
Header.AddBreadCrumb("User Detail", "/admin_user_detail.aspx?id=" + UserId.ToString());
this.PageTitle = "User Detail Edit";
}
Header.LeftBarHtml = "View User Detail";
Header.AddJavaScriptFile("/admin_user_detail_edit.js");
SaveCancelControl.ParentPageURL= this.ParentPageURL;
if(!IsPostBack)
{
user = new clsUsers();
user.cAction = "S";
user.iOrgId = OrgId;
user.iId = UserId;
if(UserId != 0)
{
if(user.UserDetails() == -1)
{
Session["lastpage"] = "admin_user_detail.aspx?id=" + UserId.ToString();
Session["error"] = _functions.ErrorMessage(134);
Response.Redirect("error.aspx", false);
return;
}
tbFirstName.Text = user.sFirstName.Value;
tbLastName.Text = user.sLastName.Value;
tbInitial.Text = user.sInitials.Value.Trim();
ddlType.SelectedValue = user.sTypeName.Value;
tbEmail.Text = user.sEmail.Value;
lblCreatedDate.Text = user.daCreated.Value.ToLongDateString() + " " + user.daCreated.Value.ToLongTimeString();
tbHourlyRate.Text = user.dmHourlyRate.Value.ToString("F");
if(user.bActiveStatus.Value)
{
lblUserActivateStatus.Text = "Activated";
hlInactive.Text = "[Deactivate]";
}
else
{
lblUserActivateStatus.Text = "Deactivated";
hlInactive.Text = "[Activate]";
}
hlInactive.NavigateUrl = "admin_user_detail_active.aspx?id=" + UserId.ToString();
dgGroups.DataSource = new DataView(user.GetUserGroupsList());
dgGroups.DataBind();
ddlGroup.DataSource = new DataView(user.GetGroupsListByNotUser());
ddlGroup.DataBind();
if(ddlGroup.Items.Count == 0)
{
ddlGroup.Enabled = false;
btnAddGroup.Enabled = false;
}
else
{
ddlGroup.Enabled = true;
btnAddGroup.Enabled = true;
}
rfvNewPass.Enabled = false;
rfvNewPIN.Enabled = false;
rfvConfirmPassword.Enabled = false;
rfvConfirmPIN.Enabled = false;
}
else
{
ddlGroup.DataSource = new DataView(user.GetGroupsListByNotUser());
ddlGroup.DataBind();
tblMain.Rows[11].Visible = false;
tblMain.Rows[12].Visible = false;
tblMain.Rows[13].Visible = false;
tblMain.Rows[14].Visible = false;
tblMain.Rows[15].Visible = false;
tblMain.Rows[16].Visible = false;
btnAddGroup.Visible = false;
}
}
}
catch(Exception ex)
{
_functions.Log(ex, HttpContext.Current.User.Identity.Name, SourcePageName);
Session["lastpage"] = "admin_user_detail.aspx?id=" + UserId.ToString();
Session["error"] = ex.Message;
Session["error_report"] = ex.ToString();
Response.Redirect("error.aspx", false);
}
finally
{
if(user != null)
user.Dispose();
}
}
