/// <summary>
/// authenticate the user against the enterprise active directory and list the servers available to the user
/// </summary>
private void CreateEnterpriseSessionFromLogin()
{
try
{
// authenticate the user
_enterpriseSession = _enterpriseClient.Authenticate(user.Value, password.Value);
if (_enterpriseSession == null || _enterpriseSession.AuthenticationErrorCode != EnterpriseAuthenticationErrorCode.NONE)
{
if (_enterpriseSession == null)
{
connectError.InnerText = EnterpriseAuthenticationErrorHelper.GetErrorDescription(EnterpriseAuthenticationErrorCode.UNKNOWN_ERROR);
}
else if (_enterpriseSession.AuthenticationErrorCode == EnterpriseAuthenticationErrorCode.PASSWORD_EXPIRED)
{
ClientScript.RegisterClientScriptBlock(GetType(), Guid.NewGuid().ToString(), "window.onload = function() { " + string.Format("openPopup('changePasswordPopup', 'EnterpriseChangePassword.aspx?userName={0}" + (_localAdmin ? "&mode=admin" : string.Empty) + "');", user.Value) + " }", true);
}
else
{
connectError.InnerText = EnterpriseAuthenticationErrorHelper.GetErrorDescription(_enterpriseSession.AuthenticationErrorCode);
}
UpdateControls();
return;
}
// bind the enterprise session to the current http session
Session[HttpSessionStateVariables.EnterpriseSession.ToString()] = _enterpriseSession;
// session fixation protection
if (_httpSessionUseUri)
{
// generate a new http session id
HttpSessionHelper.RegenerateSessionId();
}
// redirect to the hosts list
Response.Redirect("~/", true);
}
catch (ThreadAbortException)
{
// occurs because the response is ended after redirect
}
catch (Exception exc)
{
System.Diagnostics.Trace.TraceError("Failed to create enterprise session from login ({0})", exc);
}
}
/// <summary>
/// authenticate the user against the enterprise active directory and list the servers available to the user
/// </summary>
private void CreateEnterpriseSessionFromLogin()
{
try
{
// authenticate the user against the enterprise active directory
_enterpriseSession = _enterpriseClient.Authenticate(user.Value, password.Value);
if (_enterpriseSession.AuthenticationErrorCode != EnterpriseAuthenticationErrorCode.NONE)
{
if (_enterpriseSession.AuthenticationErrorCode == EnterpriseAuthenticationErrorCode.PASSWORD_EXPIRED)
{
Page.ClientScript.RegisterClientScriptBlock(this.GetType(), Guid.NewGuid().ToString(), string.Format("openPopup('changePasswordPopup', 'EnterpriseChangePassword.aspx?userId={0}');", user.Value), true);
}
else
{
connectError.InnerText = EnterpriseAuthenticationErrorHelper
.GetErrorDescription(_enterpriseSession.AuthenticationErrorCode);
}
UpdateControls();
return;
}
// bind the enterprise session to the current http session
HttpContext.Current.Session[HttpSessionStateVariables.EnterpriseSession.ToString()] = _enterpriseSession;
// cancel the current http session
HttpContext.Current.Session.Abandon();
// prevent session fixation attack by generating a new session ID upon login
// also, using http get method to prevent the browser asking for http post data confirmation if the page is reloaded
// https://www.owasp.org/index.php/Session_Fixation
Response.Redirect(string.Format("?oldSID={0}", HttpContext.Current.Session.SessionID), true);
}
catch (ThreadAbortException)
{
// occurs because the response is ended after redirect
}
catch (Exception exc)
{
System.Diagnostics.Trace.TraceError("Failed to create enterprise session from login ({0})", exc);
}
}
