public static bool CheckAccess(HttpResponse Response, HttpSessionState Session)
{
//Response.Cache.SetExpires(new DateTime(0));
//return true;
DatabaseConnection dbConn = HROne.Common.WebUtility.GetDatabaseConnection(Session);
if (GetCurUser(Session) == null)
{
string LastURL = Session["LastURL"].ToString();
Session.Abandon();
if (!string.IsNullOrEmpty(LastURL))
{
HROne.Common.WebUtility.RedirectURLwithEncryptedQueryString(Response, Session, "~/Login.aspx?LastURL=" + Convert.ToBase64String(Encoding.ASCII.GetBytes(LastURL)));
}
else
{
HROne.Common.WebUtility.RedirectURLwithEncryptedQueryString(Response, Session, "~/Login.aspx");
}
return(false);
}
if (Session["ForceChangePassword"] != null)
{
if (Session["ForceChangePassword"].Equals(true))
{
HROne.Common.WebUtility.RedirectURLwithEncryptedQueryString(Response, Session, "~/ESS_EmpChangePassword.aspx");
}
}
return(true);
}
// Cierra la session, clareando las variables usadas en Session.
public static void closeSession()
{
HttpSessionState session = HttpContext.Current.Session;
session.Clear();
session.Abandon();
}
public static void StopSession(HttpSessionState Session, HttpResponse Response)
{
Session["user"] = null;
Session.Abandon();
Response.Redirect("Login.aspx");
}
public static bool EsUsuarioPermitido(HttpSessionState Session, int codigoObjeto)
{
bool respuesta = true;
CSeguridad objetoSeguridad = new CSeguridad();
if (Session["UserID"] == null)
{
respuesta = false;
}
//Valida que si el usuario esta correctamente loggeado no pueda entrar a modulo no permitido
if (respuesta == true)
{
if (codigoObjeto != 999)
{
objetoSeguridad.SeguridadUsuarioDatosID = Convert.ToInt32(Session["UserId"].ToString());
if (objetoSeguridad.EsUsuarioAdministrador() == false)
{
respuesta = objetoSeguridad.EsAccesoPermitido(codigoObjeto);
if (respuesta == false)
{
Session.Abandon();
}
}
else
{
respuesta = true;
}
}
else
{
respuesta = true;
}
}
return(respuesta);
}
public static void ApplicationLogout(HttpSessionState Session, HttpResponse Response = null)
{
Connector.IDatabaseConnector dbConnector = new Connector.DatabaseConnectorClass();
Connector.QueryParameter logoutParameter = new Connector.QueryParameter();
Connector.QueryResult logoutResult = new Connector.QueryResult();
if (Session != null && Session["DVS_USER_ID"] != null)
{
if (Session["AUTHEN_TOKEN"] != null)
{
AMSDuplicateAuthenCore.ClearToken(Session["DVS_USER_ID"].ToString(), Session["AUTHEN_TOKEN"].ToString());
}
logoutParameter.Add("USER_ID", Session["DVS_USER_ID"]);
logoutResult = dbConnector.ExecuteStoredProcedure("SYS_I_LOGOUT", logoutParameter);
logoutResult.Success = true;
logoutResult.Message = string.Empty;
logoutResult.RemoveOutputParam("error");
Session.Abandon();
}
if (Response != null)
{
HttpCookie authenTokenCookie = new HttpCookie("AUTHEN_TOKEN");
authenTokenCookie.Value = "";
Response.Cookies.Add(authenTokenCookie);
Response.ClearContent();
Response.ContentType = "application/json";
Response.Write(logoutResult.ToJson());
}
}
public void TakeAction()
{
if (_initialized)
{
Debug.WriteLine("abandoning session");
_session.Abandon();
}
}
public void ClearSession(HttpSessionState s)
{
if (s != null)
{
s.Clear();
s.Abandon();
}
}
/// <summary>
/// Cancels the current session
/// </summary>
/// <param name="session">User session</param>
public void Abandon(HttpSessionState session)
{
if (session == null)
{
return;
}
session.Abandon();
this._isAbandoned = true;
}
public static void logout(HttpSessionState session, System.Web.HttpResponse response)
{
string url = FormsAuthentication.LoginUrl;
session.Clear();
session.Abandon();
FormsAuthentication.SignOut();
response.Redirect(url, true);
}
public static void Abandon(HttpSessionState session) //Must be called where Session.Clear and Session.Abandon are called
{
var sessionGUID = LoggingHelper.GetSessionGUID(session);
session.Abandon();
if (sessionGUID != null)
{
LoggingHelper.SetSessionGUID(session, sessionGUID.Value);
}
}
public static void SessionDesposed()
{
try
{
HttpSessionState session = HttpContext.Current.Session;
session.Abandon();
}
catch
{
throw;
}
}
public static void Logout(HttpSessionState Session)
{
if (Session != null)
{
Session.Clear();
Session.Abandon();
//DatabaseConnection dbConn = WebUtils.GetDatabaseConnection();
//if (dbConn != null)
//{
// WebUtils.SetSessionDatabaseConnection(Session, dbConn);
//}
}
}
/// <summary>
/// <para>Abandons the current session in the backend and removes all associations with the current session.</para>
/// </summary>
public override void Abandon()
{
try
{
this.SyncRoot.EnterWriteLock();
HttpSessionState backend = this.GetStorageBackend();
backend.Abandon();
}
finally
{
if (this.SyncRoot.IsWriteLockHeld)
{
this.SyncRoot.ExitWriteLock();
}
}
}
public static void Logout(HttpSessionState Session, HttpResponse Response = null)
{
IDatabaseConnector dbConnector = new DatabaseConnectorClass();
QueryParameter logoutParameter = new QueryParameter();
QueryResult logoutResult = new QueryResult();
if (Session != null)
{
if (AppSession.GetSession("USER_ID", Session) != null)
{
string userID = AppSession.GetSession("USER_ID", Session).ToString();
if (AppSession.GetSession("AUTHEN_TOKEN", Session) != null)
{
AuthenUtil.ClearToken(userID, AppSession.GetSession("AUTHEN_TOKEN", Session).ToString());
}
logoutParameter.Add("USER_ID", userID);
logoutResult = dbConnector.ExecuteStoredProcedure("SYS_I_LOGOUT", logoutParameter);
logoutResult.Success = true;
logoutResult.Message = string.Empty;
logoutResult.RemoveOutputParam("error");
}
AppSession.SetSession("USER_ID", null, Session);
AppSession.SetSession("AUTHEN_TOKEN", null, Session);
AppSession.SetSession("IS_GUEST", true, Session);
//ถ้าอยาก clear session จะต้องบังคับให้ client refresh หน้าเว็บด้วยนะ เพราะต้อง regen CSRF ด้วย
Session.Clear();
Session.Abandon();
}
if (Response != null)
{
HttpCookie authenTokenCookie = new HttpCookie("AUTHEN_TOKEN");
authenTokenCookie.Value = "";
Response.Cookies.Add(authenTokenCookie);
//ถ้าอยาก clear session จะต้องบังคับให้ client refresh หน้าเว็บด้วยนะ เพราะต้อง regen CSRF ด้วย
Response.Cookies["esrith.session.id"].Expires = DateTime.Now.AddDays(-30);
Response.ClearContent();
Response.ContentType = "application/json";
Response.Write(logoutResult.ToJson());
}
}
public static void CheckUserStatus(BizPortalSessionContext context, HttpSessionState session, HttpApplicationState application, HttpRequest request, HttpResponse response)
{
var activingUsers = (Dictionary <long, string>)application["ActivingUsers"];
foreach (var pair in activingUsers)
{
if (!context.UserID.Equals(pair.Key))
{
continue;
}
if (session.SessionID.Equals(pair.Value))
{
continue;
}
FormsAuthentication.SignOut();
response.Redirect("~/login.aspx");
//FormsAuthentication.RedirectToLoginPage();
session.Abandon();
}
}
public HttpSessionState ChangeSessionIdentifier()
{
HttpRequest currentRequest = ((Authenticator)Owasp.Esapi.Esapi.Authenticator()).CurrentRequest;
HttpResponse currentResponse = ((Authenticator)Owasp.Esapi.Esapi.Authenticator()).CurrentResponse;
HttpSessionState currentSession = ((Authenticator)Owasp.Esapi.Esapi.Authenticator()).CurrentSession;
IDictionary dictionary = (IDictionary) new Hashtable();
IEnumerator enumerator = ((IEnumerable)currentSession).GetEnumerator();
while (enumerator != null && enumerator.MoveNext())
{
string current = (string)enumerator.Current;
object obj = currentSession;
dictionary[(object)current] = obj;
}
currentSession.Abandon();
currentResponse.SetCookie(new HttpCookie("ASP.NET_SessionId", ""));
foreach (DictionaryEntry dictionaryEntry in new ArrayList((ICollection)dictionary))
{
currentSession.Add((string)dictionaryEntry.Key, dictionaryEntry.Value);
}
return(currentSession);
}
public static ConjuntoDePermissoesUsuarioSistemas ObterConjuntoDePermissoesUsuario(HttpSessionState Session, string nomUsrRde = "", List <string> grupos = null)
{
ConjuntoDePermissoesUsuarioSistemas retorno = new ConjuntoDePermissoesUsuarioSistemas();
//
if ((!nomUsrRde.Equals(string.Empty)))
{
var bll = new ControleDeAcessoBLL();
//
retorno.InformacoesUsuario = bll.ObterInformacoesUsuario(0, nomUsrRde).FirstOrDefault();
if (retorno.InformacoesUsuario != null)
{
retorno.SistemasPermitidos = bll.ObterSistemasPermitidos(CODSISINF, retorno.InformacoesUsuario.CODFNC);
if (grupos != null)
{
retorno.SistemasPermitidos = retorno.SistemasPermitidos.Where(x => grupos.Contains(x.DESGRPRDESISSMA)).ToList();
}
}
}
else if (Session["ConjuntoDePermissoesUsuario"] != null)
{
retorno = (ConjuntoDePermissoesUsuarioSistemas)Session["ConjuntoDePermissoesUsuario"];
}
//
if (retorno != null && retorno.InformacoesUsuario != null && retorno.SistemasPermitidos.Count > 0)
{
Session["ConjuntoDePermissoesUsuario"] = retorno;
}
else
{
Session.Clear();
Session.Abandon();
}
//
return(retorno);
}
internal void AbandonSessions()
{
_session.Abandon();
}
public void Abandon()// Deleting a session
{
session.Abandon();
}
public void AbandonSession()
{
session.Clear();
session.Abandon();
}
//********************************************************
public static void Logout()
{
FormsAuthentication.SignOut();
CurrentSession.Abandon();
}
public void Abandon()
{
_session.Abandon();
//anuluje bierzącą sesję
//throw new NotImplementedException();
}
public void Abandon()
{
_sessionState.Abandon();
}
public void AbandonSessions()
{
_session.Abandon();
}
public static void Logout()
{
Session.Abandon();
}
//remove session
public void Remove()
{
session.Abandon();
}
public void Dispose()
{
session.Clear();
session.Abandon();
}
public void Abandom(string key)
{
session.Abandon();
}
public void Abandon()
{
session.Abandon();
}
public void Logout()
{
_session.Abandon();
}
