示例#1
0
        //-----------------------------------------------------------------------------------------------------------------------------------------------
        /// <summary>
        ///     Called the first time the login page is requested.  For security, on new logins, the current session should be
        ///     abandoned and a new session started.
        ///
        ///     Calls the login page back with the ResetSession and an encrypted CID token which contains the AnonID
        ///     cookie value (a GUID) and a date time stamp
        ///
        /// </summary>
        protected void Step1KillSession()
        {
            string redirectURL = MGLApplicationSecurityInterface.Instance().AppLoginConfig.DefaultPostLoginPage;

            try {
                //-----1----- Abandon the current session
                // 20-Apr-2016 - Before killing the session lets make absolutely sure that the current Session ID has been removed from the HTTPS checks
                // This should be entirely unnecessary and does appear to be so, but lets do it anyway as it is light, fast and important
                //Logger.Log("XXXXX - "+ActionPage+".aspx - removing the session requires https for " + Session.SessionID + " BEFORE Killing the session....");
                if (MGLApplicationInterface.Instance().UseHttpsSessionsIndependently == true)
                {
                    MGLApplicationInterface.Instance().RemoveSessionRequiringHTTPS(Session.SessionID);
                    MGLSessionInterface.Instance().UseHTTPS = false;
                }
                // And then lets abandon the session properly
                Session.Abandon();
                Response.Cookies.Add(new HttpCookie("ASP.NET_SessionId", ""));

                //-----2----- Build the encrypted string
                StringBuilder authKey = GenerateKey();

                //-----3----- Build the redirectURL, including the special action, next page URL and CID authorisation token
                // For the independent HTTPS in sessions we need to call this page again to configure the new session and then continue
                // otherwise we can just go with it ...
                string redirectPage = (MGLApplicationInterface.Instance().UseHttpsSessionsIndependently == false) ? ActionPage + "Do.aspx" : ActionPage + ".aspx";
                redirectURL = BuildRedirectURL(redirectPage, authKey);
            } catch (Exception ex) {
                Logger.LogError(8, "Problem setting the authorisation redirect url in the login page.  This is serious!  The specific error was: " + ex.ToString());
            }

            //-----4----- Redirect to the loginDo page and commence the login event in anger.
            // Or if this a use-https-in-sessions-independently website, lets come back to the login page to reconfigure.
            Response.Redirect(redirectURL);
        }
示例#2
0
        //-------------------------------------------------------------------------------------------------------------------------------------------------------------
        protected void Page_Load(object sender, EventArgs e)
        {
            // Get the ID and the Language and extract the working title from the database
            string wdIDStr = Request.Params.Get("DocID");

            int.TryParse(wdIDStr, out wdID);

            WebDocProcessing wdp = new WebDocProcessing(MGLSessionInterface.Instance().Config);
            WebDoc           wd  = new WebDoc(wdID);

            wdp.GetWebDoc(wd);
            wdp.GetWebDocChapters(wd);

            wdp.GetWebDocTagXRefs(wd);

            WDSelectedID.InnerHtml   = wd.ID.ToString();
            WDWorkingTitle.InnerHtml = wd.DescriptionInternal;

            // OK - lets now standardise the metadata we store in the page for the TagEditor with the BlogEditor and DocumentEditor...
            DocID.Value   = wd.ID.ToString();
            DocType.Value = ((int)wd.DocumentType).ToString();


            // OK - so now we want to build a dynamic listing of the chapters
            BuildChapterTagWidget(wd);
        }
示例#3
0
        //-----------------------------------------------------------------------------------------------------------------------------------------------
        /// <summary>
        ///     Modifies the given next page URL to explicitly declare using HTTPS, if this is required at the application or session level
        /// </summary>
        protected string BuildNextPageURL(string url, bool httpsRequired)
        {
            // 20-Apr-2016 - modify the next page URL so that it automatically goes to the HTTPs page if required
            if (httpsRequired == true)
            {
                if (url.StartsWith("http://") == true)
                {
                    url = url.Replace("http://", "https://");
                }
                else if (url.StartsWith("~/") == true)
                {
                    url = url.Replace("~/", "https://" + MGLSessionInterface.Instance().Config.WebProjectPath());
                }
            }
            else
            {
                if (url.StartsWith("https://") == true)
                {
                    url = url.Replace("https://", "http://");
                }
                else if (url.StartsWith("~/") == true)
                {
                    url = url.Replace("~/", "http://" + MGLSessionInterface.Instance().Config.WebProjectPath());
                }
            }

            return(url);
        }
示例#4
0
        //-------------------------------------------------------------------------------------------------------------------------------------------------------------
        protected void Page_Load(object sender, EventArgs e)
        {
            Testing.Visible = true;

            // Hide the main login button once the user has logged in, otherwise this might get a little confusing ...
            bool isLoggedIn = Authorisation.DoIsLoggedIn();

            if (isLoggedIn)
            {
                MainLoginButton.Visible = false;
            }

            //WebDocConversion.Test(MGLSessionInterface.Instance().Config);

            StringBuilder str = new StringBuilder();

            str.Append("<script type='text/javascript'>");

            // 18-Mar-2016 - Get the JS Version ...
            string jsVersionConfig = MGLApplicationInterface.Instance().JSVersion;

            str.Append("var jsVersionConfig=" + jsVersionConfig + ";");

            //-----a----- Display any warnings or confirmation messages to the user
            // Session timeout warning is the default (and most common) ...
            // 20-Apr-2016 - show a logout confirmation ...
            string showLogoutStr = Request.Params.Get("ShowLogout");

            if (string.IsNullOrEmpty(showLogoutStr) == false && showLogoutStr == "1")
            {
                ctlInfoSplash.SetupInfoSplash(true, "You have successfully logged out.", false);
                str.Append("window.setTimeout( 'HideInfoSplash();', 3000 );");
            }
            else
            {
                // 21-Apr-2016 - show a password reset message if any ...
                string showPasswordReset = Request.Params.Get("FromPasswordReset");
                if (string.IsNullOrEmpty(showPasswordReset) == false && showPasswordReset == "1")
                {
                    ctlInfoSplash.SetupInfoSplash(true, "Password reset successfully - You are now logged in.", false);
                    str.Append("window.setTimeout( 'HideInfoSplash();', 3000 );");
                }
                else if (MGLSessionInterface.Instance().SessionExpired == true)
                {
                    // Show the session expiry warning ...
                    // can we do something in here with the duration?

                    ctlInfoSplash.SetupInfoSplash(false, "Session expired - please log in again.", true);
                    str.Append("window.setTimeout( 'HideInfoSplash();', 3000 );");
                    MGLSessionInterface.Instance().SessionExpired = false;
                }
            }


            str.Append("</script>");
            jsStuff.Controls.Add(new LiteralControl(str.ToString()));
        }
示例#5
0
        //-----------------------------------------------------------------------------------------------------------------------------------------------
        /// <summary>
        ///     Called the second time the login page is requested.  For security, on new logins, the current session should be
        ///     abandoned and a new session started.
        ///
        ///     If HTTPS is globally all false or globally all true, this intermediate step is not required as the page requesting the login page will
        ///     have the same protocol (both HTTP or both HTTPS).  However, if the MGLApplicationInterface.UseHttpsSessionsIndependently variable is set, then we need
        ///     an intermediate step - this step - to force the session to use HTTPs and then call LoginDo...
        ///
        ///     Calls the LoginDo page with the ResetSession and an encrypted CID token which contains the AnonID
        ///     cookie value ( a GUID) and a date time stamp.
        ///
        /// </summary>
        protected void Step2SetSecureSession(StringBuilder encryptedKey)
        {
            string redirectURL = MGLApplicationSecurityInterface.Instance().AppLoginConfig.DefaultPostLoginPage;

            try {
                bool keyIsValid = KeyIsValid(encryptedKey);
                //Logger.Log("XXXXX - "+ActionPage+".aspx - Setting the secure session.  And checking that the key is valid: " + keyIsValid);

                //-----a----- Get the AuthKey and check it is legit - if not we do nothing and the user is bounced out to the default page
                if (keyIsValid == true)
                {
                    //-----b----- Setup the new session to be secure - which by now should have been created as this page loads for the second time!
                    // Force this session to use HTTPs as this page has been requested
                    if (MGLSessionInterface.Instance().UseHTTPS == false)
                    {
                        MGLSessionInterface.Instance().SetSessionRequiresHTTPs(Request.Cookies["AnonID"], Session.SessionID, HttpContext.Current.Request.IsLocal);
                    }

                    //-----c----- Build the URL for the LoginDo page - and if HTTPS is enabled, we explicitly set the LoginDo page to use HTTPS
                    // ASSUMPTION is that the action page HAS TO BE IN THE Code/Security folder!!
                    string redirectPage = ActionPage + "Do.aspx";
                    if (MGLSessionInterface.Instance().UseHTTPS == true && HttpContext.Current.Request.IsLocal == false)
                    {
                        redirectPage = "https://" + MGLSessionInterface.Instance().Config.WebProjectPath() + "Code/Security/" + redirectPage;
                    }

                    redirectURL = BuildRedirectURL(redirectPage, encryptedKey);
                }
            } catch (Exception ex) {
                Logger.LogError(8, "Problem setting the secure session in the login page.  This is serious!  The specific error was: " + ex.ToString());
            }
            //Logger.Log("XXXXX - " + ActionPage + ".aspx - https is " + MGLSessionInterface.Instance().UseHTTPS + " and Redirecting to : " + redirectURL);

            //-----d----- Redirect to the LoginDo page and commence the login event in anger ...
            Response.Redirect(redirectURL);
        }
示例#6
0
        //-------------------------------------------------------------------------------------------------------------------------------------------------------------
        protected void Session_Start(Object sender, EventArgs e)
        {
            //_____ Add the Config Info to the address seshion interface
            MGL.Web.WebUtilities.MGLSessionInterface.Instance().Config = MGL.Web.WebUtilities.MGLApplicationInterface.Instance().ConfigDefault;

            //____ Generate a new Unique SessionID ...  Use for logging specific sessions ...
            MGLSessionInterface.Instance().GenerateNewSessionID();
            // 8-Jan-2015 - Code that runs when a new session is started - this stops the following error from occurring intermittently:
            // "Session state has created a session id, but cannot save it because the response was already flushed by the application"
            string sessionId = Session.SessionID;

            //_____ Update the number of users in the database ...
            bool success = DataNirvanaWebProcessing.LogNewSiteVisitor(MGLSessionInterface.Instance().Config);

            MGLSessionInterface.Instance().NumberOfUsers = DataNirvanaWebProcessing.GetNumberOfVisitors(MGLSessionInterface.Instance().Config);

            //_____ LEGACY - Increment the number of users ....
            MGLApplicationInterface.Instance().NumberOfUsers++;

            //_____ Set the Users Host Address at the startup of the session ...
            // 27-Nov-2015 - Converted to use this v4IPAddress method.
            //MGLSessionSecurityInterface.Instance().UserIPAddress = Request.UserHostAddress;
            MGLSessionSecurityInterface.Instance().UserIPAddress = IPAddressHelper.GetIP4OrAnyAddressFromHTTPRequest();

            // 7-Dec-2015 - set the default session timeout in minutes in the case locker object.
            //            if (CaseLocker.SessionTimeoutMins == 0) {
            //                CaseLocker.SessionTimeoutMins = Session.Timeout;
            //            }

            // 17-Dec-2015 - align the session UseHTTPS variable with the global variable and always set the session requires HTTPS if HTTPS is true
            MGLSessionInterface.Instance().UseHTTPS = MGLApplicationSecurityInterface.Instance().AppLoginConfig.UseHTTPS;
            if (MGLSessionInterface.Instance().UseHTTPS == true)
            {
                MGLSessionInterface.Instance().SetSessionRequiresHTTPs(Request.Cookies["AnonID"], sessionId, HttpContext.Current.Request.IsLocal);
            }
        }
示例#7
0
        //-------------------------------------------------------------------------------------------------------------------------------------------------------
        protected bool DeleteTag(int tagID, out string errorMessage)
        {
            bool success = false;

            errorMessage = "";

            try {
                //___ Check it is not shit
                if (tagID <= 0)
                {
                    errorMessage = "No tag was selected.  Please try again.";
                }
                else
                {
                    string tagName = "";
                    foreach (WebDocTag wdt in KeyInfo.Tags)
                    {
                        if (wdt.ID == tagID)
                        {
                            tagName = wdt.Name;
                            break;
                        }
                    }

                    // OK here lets setup the processing obj
                    WebDocProcessing wdp = new WebDocProcessing(MGLSessionInterface.Instance().Config);

                    //_____ So now then lets try to delete it ... and all the associated XRefs ...
                    success = wdp.DeleteWebDocTag(tagID);

                    //_____ Lastly, if added then we need to reset the global organisation variables ....
                    if (success == false)
                    {
                        errorMessage = "Could not delete the tag with ID " + tagID + ".  This should not normally happen - please inform a website administrator and provide them with a screenshot.";
                    }
                    else
                    {
                        int b4Count = KeyInfo.Tags.Count;

                        // then lastly - if this is successful - we need to refresh the global list of tags ...
                        lock (KeyInfo.Tags) {
                            KeyInfo.Tags = wdp.GetAllWebDocTags();
                        }

                        // Success is that the number of tags increments by one
                        success = ((b4Count - 1) == KeyInfo.Tags.Count);
                        if (success == false)
                        {
                            errorMessage = "Could not update the website global variables after deleting the tag with ID " + tagID
                                           + ". This should not normally happen - please inform a website administrator and provide them with a screenshot.";
                        }
                        else
                        {
                            errorMessage   = "The tag '" + tagName + "' and all corresponding cross-references have been successfully deleted.";
                            TBTag.Value    = "";
                            DoDelete.Value = "";
                        }
                    }
                }
            } catch (Exception ex) {
                ctlInfoSplash.SetupInfoSplash(false, "General error trying to delete the organisation.  Please try again.", false);
                Logger.LogError(7, "Error deleting the organisation: " + ex.ToString());
            }

            return(success);
        }
示例#8
0
        //-------------------------------------------------------------------------------------------------------------------------------------------------------
        protected bool AddTag(string tagName, out string errorMessage)
        {
            bool success = false;

            errorMessage = "";

            string tagTN = WebDocProcessing.dbTNWebDocTag;

            try {
                //___ Check it is not shit
                if (tagName == null || tagName == "" || tagName.Trim() == "")
                {
                    errorMessage = "No new tag was provided - please try again.";
                }
                else
                {
                    // clean it up a bit
                    tagName = tagName.Trim();
                    tagName = tagName.Replace("  ", " ");
                    tagName = tagName.Replace("  ", " ");
                    tagName = tagName.Replace("  ", " ");
                    tagName = tagName.Replace("  ", " ");
                    tagName = tagName.Replace("  ", " ");
                    tagName = tagName.Replace("  ", " ");
                    tagName = tagName.Replace("  ", " ");

                    //_____ See if it exists already
                    bool alreadyExists = false;
                    foreach (WebDocTag wdt in KeyInfo.Tags)
                    {
                        if (wdt.Name.Equals(tagName, StringComparison.CurrentCultureIgnoreCase) == true)
                        {
                            alreadyExists = true;
                            break;
                        }
                    }

                    if (alreadyExists == true)
                    {
                        errorMessage = "The tag name '" + tagName + "' already exists!  Please check the name and try again.";
                    }
                    else
                    {
                        // OK here lets setup the processing obj
                        WebDocProcessing wdp = new WebDocProcessing(MGLSessionInterface.Instance().Config);

                        //_____ So now then lets try to insert it ...
                        success = wdp.InsertWebDocTag(tagName);

                        //_____ Lastly, if added then we need to reset the global organisation variables ....
                        if (success == false)
                        {
                            errorMessage = "Could not insert the new tag name '" + tagName + "'.  This should not normally happen - please inform a website administrator and provide them with a screenshot.";
                        }
                        else
                        {
                            int b4Count = KeyInfo.Tags.Count;

                            // then lastly - if this is successful - we need to refresh the global list of tags ...
                            lock (KeyInfo.Tags) {
                                KeyInfo.Tags = wdp.GetAllWebDocTags();
                            }

                            // Success is that the number of tags increments by one
                            success = ((b4Count + 1) == KeyInfo.Tags.Count);
                            if (success == false)
                            {
                                errorMessage = "Could not update the website global variables after adding new tag '" + tagName
                                               + "'. This should not normally happen - please inform a website administrator and provide them with a screenshot.";
                            }
                            else
                            {
                                errorMessage = "The new tag '" + tagName + "' has been added successfully.";
                                //TBTag.Value = tagName;
                                TBTag.Value    = "";
                                DoDelete.Value = "";
                            }
                        }
                    }
                }
            } catch (Exception ex) {
                ctlInfoSplash.SetupInfoSplash(false, "General error trying to add the tag.  Please try again.", false);
                Logger.LogError(7, "Error adding a new tag: " + ex.ToString());
            }


            return(success);
        }
示例#9
0
        //--------------------------------------------------------------------------------------------------------------------------------------------------------------
        protected string BuildTagSummary(int tagID)
        {
            KeyValuePair <int, string> kvp = KeyInfo.FindValue(WebDocTag.ConvertToKeyValuePair(KeyInfo.Tags), tagID);

            tagName.InnerHtml = kvp.Value;


            WebDocProcessing wdp = new WebDocProcessing(MGLSessionInterface.Instance().Config);
            // ok this is gonna be a custom query!!
            List <string[]> data = wdp.ContentLinkedToTag(tagID);

            HtmlGenericControl container = new HtmlGenericControl("div");

            if (data == null || data.Count == 0)
            {
                container.InnerHtml = "No content is currently associated with the '" + kvp.Value + "' tag.";
            }
            else
            {
                int counter = 0;

                // The header row
                {
                    HtmlGenericControl hDivRow = new HtmlGenericControl("div");
                    hDivRow.Attributes.Add("class", "row");

                    HtmlGenericControl hCell1 = new HtmlGenericControl("div");
                    hCell1.Attributes.Add("class", "col-md-2");
                    hCell1.InnerHtml = "<h4>Document type</h4>";
                    hDivRow.Controls.Add(hCell1);

                    // Document ID
                    HtmlGenericControl hCell2 = new HtmlGenericControl("div");
                    hCell2.Attributes.Add("class", "col-md-2");
                    hCell2.InnerHtml = "<h4>Document ID</h4>";
                    hDivRow.Controls.Add(hCell2);

                    // Description
                    HtmlGenericControl hCell3 = new HtmlGenericControl("div");
                    hCell3.Attributes.Add("class", "col-md-4");
                    hCell3.InnerHtml = "<h4>Document description</h4>";
                    hDivRow.Controls.Add(hCell3);

                    // Chapter
                    HtmlGenericControl hCell4 = new HtmlGenericControl("div");
                    hCell4.Attributes.Add("class", "col-md-4");
                    hCell4.InnerHtml = "<h4>Chapter name</h4>";
                    hDivRow.Controls.Add(hCell4);

                    container.Controls.Add(hDivRow);
                }


                // a.ID, a.DocumentType, a.GeneralDescription, b.ChapterNumber, b.ChapterTitle
                foreach (string[] row in data)
                {
                    string altCSS = (counter++ % 2 == 0) ? "BA" : "BB";

                    HtmlGenericControl divRow = new HtmlGenericControl("div");
                    divRow.Attributes.Add("class", "row " + altCSS);

                    // Document type
                    WebDocType         webDocType = (WebDocType)Enum.Parse(typeof(WebDocType), row[1]);
                    HtmlGenericControl cell1      = new HtmlGenericControl("div");
                    cell1.Attributes.Add("class", "col-md-2");
                    cell1.InnerHtml = webDocType.ToString();
                    divRow.Controls.Add(cell1);

                    // Document ID
                    HtmlGenericControl cell2 = new HtmlGenericControl("div");
                    cell2.Attributes.Add("class", "col-md-2");
                    HtmlAnchor link = new HtmlAnchor();
                    link.InnerHtml = row[0];
                    link.HRef      = "/" + webDocType.ToString() + "Editor?DocID=" + row[0];
                    cell2.Controls.Add(link);
                    divRow.Controls.Add(cell2);

                    // Description
                    HtmlGenericControl cell3 = new HtmlGenericControl("div");
                    cell3.Attributes.Add("class", "col-md-4");
                    cell3.InnerHtml = row[2];
                    divRow.Controls.Add(cell3);

                    // Chapter
                    HtmlGenericControl cell4 = new HtmlGenericControl("div");
                    cell4.Attributes.Add("class", "col-md-4");
                    cell4.InnerHtml = "<b>" + row[3] + ".</b> " + row[4];
                    divRow.Controls.Add(cell4);

                    container.Controls.Add(divRow);
                }
            }

            string html = HTMLUtilities.RenderControlToHtml(container);

            return(html);
        }