/// <summary> /// authenticate the user against the enterprise active directory and list the servers available to the user /// </summary> private void CreateEnterpriseSessionFromLogin() { try { // authenticate the user _enterpriseSession = _enterpriseClient.Authenticate(user.Value, password.Value); if (_enterpriseSession == null || _enterpriseSession.AuthenticationErrorCode != EnterpriseAuthenticationErrorCode.NONE) { if (_enterpriseSession == null) { connectError.InnerText = EnterpriseAuthenticationErrorHelper.GetErrorDescription(EnterpriseAuthenticationErrorCode.UNKNOWN_ERROR); } else if (_enterpriseSession.AuthenticationErrorCode == EnterpriseAuthenticationErrorCode.PASSWORD_EXPIRED) { ClientScript.RegisterClientScriptBlock(GetType(), Guid.NewGuid().ToString(), "window.onload = function() { " + string.Format("openPopup('changePasswordPopup', 'EnterpriseChangePassword.aspx?userName={0}" + (_localAdmin ? "&mode=admin" : string.Empty) + "');", user.Value) + " }", true); } else { connectError.InnerText = EnterpriseAuthenticationErrorHelper.GetErrorDescription(_enterpriseSession.AuthenticationErrorCode); } UpdateControls(); return; } // bind the enterprise session to the current http session Session[HttpSessionStateVariables.EnterpriseSession.ToString()] = _enterpriseSession; // session fixation protection if (_httpSessionUseUri) { // generate a new http session id HttpSessionHelper.RegenerateSessionId(); } // redirect to the hosts list Response.Redirect("~/", true); } catch (ThreadAbortException) { // occurs because the response is ended after redirect } catch (Exception exc) { System.Diagnostics.Trace.TraceError("Failed to create enterprise session from login ({0})", exc); } }
/// <summary> /// authenticate the user against the enterprise active directory and list the servers available to the user /// </summary> private void CreateEnterpriseSessionFromLogin() { try { // authenticate the user against the enterprise active directory _enterpriseSession = _enterpriseClient.Authenticate(user.Value, password.Value); if (_enterpriseSession.AuthenticationErrorCode != EnterpriseAuthenticationErrorCode.NONE) { if (_enterpriseSession.AuthenticationErrorCode == EnterpriseAuthenticationErrorCode.PASSWORD_EXPIRED) { Page.ClientScript.RegisterClientScriptBlock(this.GetType(), Guid.NewGuid().ToString(), string.Format("openPopup('changePasswordPopup', 'EnterpriseChangePassword.aspx?userId={0}');", user.Value), true); } else { connectError.InnerText = EnterpriseAuthenticationErrorHelper .GetErrorDescription(_enterpriseSession.AuthenticationErrorCode); } UpdateControls(); return; } // bind the enterprise session to the current http session HttpContext.Current.Session[HttpSessionStateVariables.EnterpriseSession.ToString()] = _enterpriseSession; // cancel the current http session HttpContext.Current.Session.Abandon(); // prevent session fixation attack by generating a new session ID upon login // also, using http get method to prevent the browser asking for http post data confirmation if the page is reloaded // https://www.owasp.org/index.php/Session_Fixation Response.Redirect(string.Format("?oldSID={0}", HttpContext.Current.Session.SessionID), true); } catch (ThreadAbortException) { // occurs because the response is ended after redirect } catch (Exception exc) { System.Diagnostics.Trace.TraceError("Failed to create enterprise session from login ({0})", exc); } }