protected void linksignout_Click(object sender, EventArgs e) { DotNetNuke.Security.PortalSecurity signout = new DotNetNuke.Security.PortalSecurity(); signout.SignOut(); string currentpage = Page.Request.Url.AbsoluteUri.ToString(); Response.Redirect(currentpage.ToString()); }
public string BecomeUser(int userToBecomeId, int currentlyLoggedInUser, HttpContext context, PortalSettings portalSettings, HttpSessionState sessionState) { string url = string.Empty; string sessionStateName = string.Empty; if (Settings[ModuleSettingsNames.SessionObject] != null) sessionStateName = Settings[ModuleSettingsNames.SessionObject].ToString(); if (userToBecomeId > 0) { DataCache.ClearUserCache(portalSettings.PortalId, context.User.Identity.Name); PortalSecurity portalSecurity = new PortalSecurity(); portalSecurity.SignOut(); UserInfo newUserInfo = UserController.GetUserById(portalSettings.PortalId, userToBecomeId); if (newUserInfo != null) { sessionState.Contents[sessionStateName] = null; UserController.UserLogin(portalSettings.PortalId, newUserInfo, portalSettings.PortalName, HttpContext.Current.Request.UserHostAddress, false); if (currentlyLoggedInUser != 0) { sessionState[sessionStateName] = currentlyLoggedInUser; } else { sessionState[sessionStateName] = null; } url = (context.Request.UrlReferrer.AbsoluteUri); } } return url; }
private void DoLogoff() { try { //Remove user from cache if (User != null) { DataCache.ClearUserCache(PortalSettings.PortalId, Context.User.Identity.Name); } var objPortalSecurity = new PortalSecurity(); objPortalSecurity.SignOut(); } catch (Exception exc) //Page failed to load { Exceptions.ProcessPageLoadException(exc); } }
private void OnAcquireRequestState(object sender, EventArgs eventArgs) { Debug.WriteLine("SessionManagement OnAuthenticateRequest"); var context = HttpContext.Current; if (context.User == null || context.User.Identity == null || !context.User.Identity.IsAuthenticated) { return; } var session = context.Session; if (session == null) { return; } var userInfo = UserController.GetCurrentUserInfo(); if (userInfo.IsSuperUser) { return; } var userId = userInfo.UserID; var sessionId = session.SessionID; var ipAddress = context.Request.ServerVariables["HTTP_X_FORWARDED_FOR"]; if (!sharedSessionManagement.RegisterSession(userId, sessionId, ipAddress)) { // Logout user var objPortalSecurity = new PortalSecurity(); objPortalSecurity.SignOut(); // Redirect the user to the current page context.Response.Redirect(Globals.NavigateURL()); } }
protected void Continue_Click(object sender, EventArgs e) { try { PortalSecurity secure = new PortalSecurity(); user.FirstName = txtFirstName.Text; user.LastName = txtLastName.Text; user.Email = txtEmailAdd.Text; if ((Page.IsValid && user.UserID > 0) && (TextBox1.Text != "" && TextBox2.Text != "")) { UserController.ChangePassword(user, UserController.GetPassword(ref user, user.Membership.PasswordAnswer), TextBox1.Text); } Page.ClientScript.RegisterStartupScript(this.GetType(), "nKey", "DisplayAlert()", true); SqlConnection conn = new SqlConnection(connectionString); SqlDataAdapter adap = new SqlDataAdapter("Update Users set IsFirstLogin=1 where username= '******'", conn); dt.Clear(); adap.Fill(dt); secure.SignOut(); Session.Abandon(); } catch (Exception ex) { UserInfo info = UserController.GetCurrentUserInfo(); ErrorLog objLog = new ErrorLog(); objLog.ErrorDescription = ex.ToString(); objLog.ErrorDate = DateTime.Now; objLog.ErrorFunctionName = System.Reflection.MethodBase.GetCurrentMethod().Name; objLog.ErrorControlName = (GetType().ToString().Replace("ASP.", "").Replace("_ascx", ".ascx").Remove(0, GetType().ToString().Replace("ASP.", "").Replace("_ascx", ".ascx").LastIndexOf("_") + 1)); objLog.ErrorLoggedInUser = info.Username; objLog.AddErrorToLog(objLog); } }
/// <summary> /// Sets the current user so that checking authentication and roles works. /// </summary> /// <remarks> /// Copies functionality from <c>DotNetNuke.HttpModules.Membership.MembershipModule.OnAuthenticateRequest</c> /// to get the current user set as the "Current User" /// </remarks> private void SetCurrentUser() { // Obtain PortalSettings from Current Context var portalSettings = PortalController.GetCurrentPortalSettings(); if (this.Context.Request.IsAuthenticated && portalSettings != null) { var roleController = new RoleController(); var cachedUser = UserController.GetCachedUser(portalSettings.PortalId, this.Context.User.Identity.Name); if (this.Context.Request.Cookies["portalaliasid"] != null) { // ReSharper disable PossibleNullReferenceException var portalCookie = FormsAuthentication.Decrypt(this.Context.Request.Cookies["portalaliasid"].Value); // check if user has switched portals if (portalSettings.PortalAlias.PortalAliasID != int.Parse(portalCookie.UserData)) { // expire cookies if portal has changed this.Context.Response.Cookies["portalaliasid"].Value = null; this.Context.Response.Cookies["portalaliasid"].Path = "/"; this.Context.Response.Cookies["portalaliasid"].Expires = DateTime.Now.AddYears(-30); this.Context.Response.Cookies["portalroles"].Value = null; this.Context.Response.Cookies["portalroles"].Path = "/"; this.Context.Response.Cookies["portalroles"].Expires = DateTime.Now.AddYears(-30); // ReSharper restore PossibleNullReferenceException } } // authenticate user and set last login ( this is necessary for users who have a permanent Auth cookie set ) if (cachedUser == null || cachedUser.IsDeleted || cachedUser.Membership.LockedOut || cachedUser.Membership.Approved == false || cachedUser.Username.ToLower() != this.Context.User.Identity.Name.ToLower()) { var portalSecurity = new PortalSecurity(); portalSecurity.SignOut(); // Remove user from cache if (cachedUser != null) { DataCache.ClearUserCache(portalSettings.PortalId, this.Context.User.Identity.Name); } // Redirect browser back to home page this.Context.Response.Redirect(this.Context.Request.RawUrl, true); return; } // valid Auth cookie // if users LastActivityDate is outside of the UsersOnlineTimeWindow then record user activity if ( DateTime.Compare( cachedUser.Membership.LastActivityDate.AddMinutes(Host.UsersOnlineTimeWindow), DateTime.Now) < 0) { // update LastActivityDate and IP Address for user cachedUser.Membership.LastActivityDate = DateTime.Now; cachedUser.LastIPAddress = this.Context.Request.UserHostAddress; UserController.UpdateUser(portalSettings.PortalId, cachedUser); } // refreshroles is set when a role is added to a user by an administrator bool refreshCookies = cachedUser.RefreshRoles; // check for RSVP code if (!cachedUser.RefreshRoles && this.Context.Request.QueryString["rsvp"] != null && string.IsNullOrEmpty(this.Context.Request.QueryString["rsvp"]) == false) { foreach (RoleInfo objRole in roleController.GetPortalRoles(portalSettings.PortalId)) { if (objRole.RSVPCode == this.Context.Request.QueryString["rsvp"]) { roleController.UpdateUserRole(portalSettings.PortalId, cachedUser.UserID, objRole.RoleID); // clear portalroles so the new role is added to the cookie below refreshCookies = true; } } } // create cookies if they do not exist yet for this session. if (this.Context.Request.Cookies["portalroles"] == null || refreshCookies) { // keep cookies in sync var currentDateTime = DateTime.Now; // create a cookie authentication ticket ( version, user name, issue time, expires every hour, don't persist cookie, roles ) var portalTicket = new FormsAuthenticationTicket( 1, this.Context.User.Identity.Name, currentDateTime, currentDateTime.AddHours(1), false, portalSettings.PortalAlias.PortalAliasID.ToString()); // encrypt the ticket string portalAliasId = FormsAuthentication.Encrypt(portalTicket); // ReSharper disable PossibleNullReferenceException // send portal cookie to client this.Context.Response.Cookies["portalaliasid"].Value = portalAliasId; this.Context.Response.Cookies["portalaliasid"].Path = "/"; this.Context.Response.Cookies["portalaliasid"].Expires = currentDateTime.AddMinutes(1); // ReSharper restore PossibleNullReferenceException // get roles from UserRoles table string[] arrPortalRoles = roleController.GetRolesByUser(cachedUser.UserID, portalSettings.PortalId); // create a string to persist the roles, attach a portalID so that cross-portal impersonation cannot occur string strPortalRoles = portalSettings.PortalId + "!!" + string.Join(";", arrPortalRoles); // create a cookie authentication ticket ( version, user name, issue time, expires every hour, don't persist cookie, roles ) var rolesTicket = new FormsAuthenticationTicket( 1, this.Context.User.Identity.Name, currentDateTime, currentDateTime.AddHours(1), false, strPortalRoles); // encrypt the ticket string strRoles = FormsAuthentication.Encrypt(rolesTicket); // ReSharper disable PossibleNullReferenceException // send roles cookie to client this.Context.Response.Cookies["portalroles"].Value = strRoles; this.Context.Response.Cookies["portalroles"].Path = "/"; this.Context.Response.Cookies["portalroles"].Expires = currentDateTime.AddMinutes(1); if (refreshCookies) { // if rsvp, update portalroles in context because it is being used later this.Context.Request.Cookies["portalroles"].Value = strRoles; } } if (this.Context.Request.Cookies["portalroles"] != null) { // get roles from roles cookie if (this.Context.Request.Cookies["portalroles"].Value != string.Empty) { var roleTicket = FormsAuthentication.Decrypt(this.Context.Request.Cookies["portalroles"].Value); // ReSharper restore PossibleNullReferenceException if (roleTicket != null) { // get the role data and split it into portalid and a string array of role data string rolesdata = roleTicket.UserData; char[] separator = "!!".ToCharArray(); // need to use StringSplitOptions.None to preserve case where superuser has no roles string[] rolesParts = rolesdata.Split(separator, StringSplitOptions.None); // if cookie is for a different portal than current force a refresh of roles else used cookie cached version if (Convert.ToInt32(rolesParts[0]) != portalSettings.PortalId) { cachedUser.Roles = roleController.GetRolesByUser(cachedUser.UserID, portalSettings.PortalId); } else { cachedUser.Roles = rolesParts[2].Split(';'); } } else { cachedUser.Roles = roleController.GetRolesByUser(cachedUser.UserID, portalSettings.PortalId); } // Clear RefreshRoles flag if (cachedUser.RefreshRoles) { cachedUser.RefreshRoles = false; UserController.UpdateUser(portalSettings.PortalId, cachedUser); } } // save userinfo object in context this.Context.Items.Add("UserInfo", cachedUser); // load the personalization object var personalizationController = new PersonalizationController(); personalizationController.LoadProfile(this.Context, cachedUser.UserID, cachedUser.PortalID); // Localization.SetLanguage also updates the user profile, so this needs to go after the profile is loaded Localization.SetLanguage(cachedUser.Profile.PreferredLocale); } } if (HttpContext.Current.Items["UserInfo"] == null) { this.Context.Items.Add("UserInfo", new UserInfo()); } }
public static void AuthenticateRequest(HttpContextBase context, bool allowUnknownExtensinons) { HttpRequestBase request = context.Request; HttpResponseBase response = context.Response; //First check if we are upgrading/installing if (request == null || request.Url == null || request.Url.LocalPath.ToLower().EndsWith("install.aspx") || request.Url.LocalPath.ToLower().Contains("upgradewizard.aspx") || request.Url.LocalPath.ToLower().Contains("installwizard.aspx")) { return; } //exit if a request for a .net mapping that isn't a content page is made i.e. axd if (allowUnknownExtensinons == false && request.Url.LocalPath.ToLower().EndsWith(".aspx") == false && request.Url.LocalPath.ToLower().EndsWith(".asmx") == false && request.Url.LocalPath.ToLower().EndsWith(".ashx") == false) { return; } //Obtain PortalSettings from Current Context PortalSettings portalSettings = PortalController.GetCurrentPortalSettings(); bool isActiveDirectoryAuthHeaderPresent = false; var auth = request.Headers.Get("Authorization"); if(!string.IsNullOrEmpty(auth)) { if(auth.StartsWith("Negotiate")) { isActiveDirectoryAuthHeaderPresent = true; } } if (request.IsAuthenticated && !isActiveDirectoryAuthHeaderPresent && portalSettings != null) { var roleController = new RoleController(); var user = UserController.GetCachedUser(portalSettings.PortalId, context.User.Identity.Name); //if current login is from windows authentication, the ignore the process if (user == null && context.User is WindowsPrincipal) { return; } //authenticate user and set last login ( this is necessary for users who have a permanent Auth cookie set ) if (user == null || user.IsDeleted || user.Membership.LockedOut || (!user.Membership.Approved && !user.IsInRole("Unverified Users")) || user.Username.ToLower() != context.User.Identity.Name.ToLower()) { var portalSecurity = new PortalSecurity(); portalSecurity.SignOut(); //Remove user from cache if (user != null) { DataCache.ClearUserCache(portalSettings.PortalId, context.User.Identity.Name); } //Redirect browser back to home page response.Redirect(request.RawUrl, true); return; } if (!user.IsSuperUser && user.IsInRole("Unverified Users") && !HttpContext.Current.Items.Contains(DotNetNuke.UI.Skins.Skin.OnInitMessage)) { HttpContext.Current.Items.Add(DotNetNuke.UI.Skins.Skin.OnInitMessage, Localization.GetString("UnverifiedUser")); } if (!user.IsSuperUser && HttpContext.Current.Request.QueryString.AllKeys.Contains("VerificationSuccess") && !HttpContext.Current.Items.Contains(DotNetNuke.UI.Skins.Skin.OnInitMessage)) { HttpContext.Current.Items.Add(DotNetNuke.UI.Skins.Skin.OnInitMessage, Localization.GetString("VerificationSuccess")); HttpContext.Current.Items.Add(DotNetNuke.UI.Skins.Skin.OnInitMessageType, ModuleMessage.ModuleMessageType.GreenSuccess); } //if users LastActivityDate is outside of the UsersOnlineTimeWindow then record user activity if (DateTime.Compare(user.Membership.LastActivityDate.AddMinutes(Host.UsersOnlineTimeWindow), DateTime.Now) < 0) { //update LastActivityDate and IP Address for user user.Membership.LastActivityDate = DateTime.Now; user.LastIPAddress = request.UserHostAddress; UserController.UpdateUser(portalSettings.PortalId, user, false, false); } //check for RSVP code if (request.QueryString["rsvp"] != null && !string.IsNullOrEmpty(request.QueryString["rsvp"])) { foreach (var role in TestableRoleController.Instance.GetRoles(portalSettings.PortalId, r => (r.SecurityMode != SecurityMode.SocialGroup || r.IsPublic) && r.Status == RoleStatus.Approved)) { if (role.RSVPCode == request.QueryString["rsvp"]) { roleController.UpdateUserRole(portalSettings.PortalId, user.UserID, role.RoleID); } } } //save userinfo object in context context.Items.Add("UserInfo", user); //Localization.SetLanguage also updates the user profile, so this needs to go after the profile is loaded Localization.SetLanguage(user.Profile.PreferredLocale); } if (context.Items["UserInfo"] == null) { context.Items.Add("UserInfo", new UserInfo()); } }
private void ProcessLogin(int newUserId) { var currentUser = UserController.GetCurrentUserInfo(); //Log event var objEventLog = new EventLogController(); objEventLog.AddLog("Username", currentUser.Username, PortalSettings, currentUser.UserID, EventLogController.EventLogType.USER_IMPERSONATED); //Remove user from cache DataCache.ClearUserCache(PortalSettings.PortalId, currentUser.Username); var objPortalSecurity = new PortalSecurity(); objPortalSecurity.SignOut(); var ctlUser = new UserController(); var newUser = ctlUser.GetUser(PortalSettings.PortalId, newUserId); UserController.UserLogin(newUser.PortalID, newUser, PortalSettings.PortalName, HttpContext.Current.Request.ServerVariables["REMOTE_ADDR"], false); ClearCookies(); Response.Redirect(DotNetNuke.Common.Globals.NavigateURL(PortalSettings.ActiveTab.TabID)); }
private void CheckLogout(bool bLogout) { if (bLogout && UserInfo != null && UserInfo.UserID > 0) { DataCache.ClearUserCache(PortalSettings.PortalId, Context.User.Identity.Name); PortalSecurity objPortalSecurity = new PortalSecurity(); objPortalSecurity.SignOut(); } }
public void OnAuthenticateRequest( object s, EventArgs e ) { HttpContext Context = ( (HttpApplication)s ).Context; HttpRequest Request = Context.Request; HttpResponse Response = Context.Response; //First check if we are upgrading/installing if( Request.Url.LocalPath.EndsWith( "Install.aspx" ) ) { return; } //exit if a request for a .net mapping that isn't a content page is made i.e. axd if (Request.Url.LocalPath.ToLower().EndsWith(".aspx") == false && Request.Url.LocalPath.ToLower().EndsWith(".asmx") == false) { return; } // Obtain PortalSettings from Current Context PortalSettings portalSettings = PortalController.GetCurrentPortalSettings(); if( Request.IsAuthenticated && portalSettings != null ) { RoleController objRoleController = new RoleController(); UserInfo objUser = UserController.GetCachedUser( portalSettings.PortalId, Context.User.Identity.Name ); if( !Convert.ToBoolean( Request.Cookies["portalaliasid"] == null ) ) { FormsAuthenticationTicket PortalCookie = FormsAuthentication.Decrypt( Context.Request.Cookies["portalaliasid"].Value ); // check if user has switched portals if( portalSettings.PortalAlias.PortalAliasID != int.Parse( PortalCookie.UserData ) ) { // expire cookies if portal has changed Response.Cookies["portalaliasid"].Value = null; Response.Cookies["portalaliasid"].Path = "/"; Response.Cookies["portalaliasid"].Expires = DateTime.Now.AddYears( - 30 ); Response.Cookies["portalroles"].Value = null; Response.Cookies["portalroles"].Path = "/"; Response.Cookies["portalroles"].Expires = DateTime.Now.AddYears( - 30 ); } } // authenticate user and set last login ( this is necessary for users who have a permanent Auth cookie set ) if( objUser == null || objUser.Membership.LockedOut || objUser.Membership.Approved == false ) { PortalSecurity objPortalSecurity = new PortalSecurity(); objPortalSecurity.SignOut(); // Redirect browser back to home page Response.Redirect( Request.RawUrl, true ); return; } else // valid Auth cookie { // create cookies if they do not exist yet for this session. if( Request.Cookies["portalroles"] == null ) { // keep cookies in sync DateTime CurrentDateTime = DateTime.Now; // create a cookie authentication ticket ( version, user name, issue time, expires every hour, don't persist cookie, roles ) FormsAuthenticationTicket PortalTicket = new FormsAuthenticationTicket( 1, objUser.Username, CurrentDateTime, CurrentDateTime.AddHours( 1 ), false, portalSettings.PortalAlias.PortalAliasID.ToString() ); // encrypt the ticket string strPortalAliasID = FormsAuthentication.Encrypt( PortalTicket ); // send portal cookie to client Response.Cookies["portalaliasid"].Value = strPortalAliasID; Response.Cookies["portalaliasid"].Path = "/"; Response.Cookies["portalaliasid"].Expires = CurrentDateTime.AddMinutes( 1 ); // get roles from UserRoles table string[] arrPortalRoles = objRoleController.GetRolesByUser( objUser.UserID, portalSettings.PortalId ); // create a string to persist the roles string strPortalRoles = String.Join(";", arrPortalRoles); // create a cookie authentication ticket ( version, user name, issue time, expires every hour, don't persist cookie, roles ) FormsAuthenticationTicket rolesTicket = new FormsAuthenticationTicket( 1, objUser.Username, CurrentDateTime, CurrentDateTime.AddHours( 1 ), false, strPortalRoles ); // encrypt the ticket string strRoles = FormsAuthentication.Encrypt( rolesTicket ); // send roles cookie to client Response.Cookies["portalroles"].Value = strRoles; Response.Cookies["portalroles"].Path = "/"; Response.Cookies["portalroles"].Expires = CurrentDateTime.AddMinutes( 1 ); } if( Request.Cookies["portalroles"] != null ) { // get roles from roles cookie if( !String.IsNullOrEmpty( Request.Cookies["portalroles"].Value )) { FormsAuthenticationTicket RoleTicket = FormsAuthentication.Decrypt( Context.Request.Cookies["portalroles"].Value ); // convert the string representation of the role data into a string array // and store it in the Roles Property of the User objUser.Roles = RoleTicket.UserData.Split( ';' ); } Context.Items.Add( "UserInfo", objUser ); Localization.SetLanguage( objUser.Profile.PreferredLocale ); } } } if( HttpContext.Current.Items["UserInfo"] == null ) { Context.Items.Add( "UserInfo", new UserInfo() ); } }
protected void Page_Load(object sender, EventArgs e) { try { DotNetNuke.Framework.ServicesFramework.Instance.RequestAjaxAntiForgerySupport(); DotNetNuke.Framework.ServicesFramework.Instance.RequestAjaxScriptSupport(); if (Request["iu"] != null) { if (Request["iu"].ToString() != "") { // impersoniamo un caro utonto int uid = int.Parse(Request["iu"].ToString()); //UserInfo MyUserInfo = UserController.GetUser(this.PortalId, uid, true); UserInfo MyUserInfo = UserController.GetUserById(this.PortalId, uid); if ((MyUserInfo != null)) { //Remove user from cache if (Page.User != null) { DotNetNuke.Common.Utilities.DataCache.ClearUserCache(this.PortalSettings.PortalId, Context.User.Identity.Name); } // sign current user out PortalSecurity objPortalSecurity = new PortalSecurity(); objPortalSecurity.SignOut(); // sign new user in UserController.UserLogin(PortalId, MyUserInfo, PortalSettings.PortalName, Request.UserHostAddress, false); // redirect to the base url if (HttpContext.Current.Request.IsSecureConnection) { Response.Redirect("https://" + PortalSettings.PortalAlias.HTTPAlias, true); } else { Response.Redirect("http://" + PortalSettings.PortalAlias.HTTPAlias, true); } } } } //Module is not usuable by unauthenticated users if (UserInfo.UserID <= 0) { this.panel_unregistereduser.Visible = true; this.panel_normal.Visible = false; return; } if (this.IsPostBack == false) { if (Session["UManage_StopAutoLauncher"] == null) { LaunchModule(); } } } catch (Exception exc) //Module failed to load { Exceptions.ProcessModuleLoadException(this, exc); } }