/// <summary> /// /// </summary> /// <param name="role"></param> /// <param name="procedura"></param> /// <returns></returns> protected bool IsPageEditable(string role, string procedura) { bool fResult = false; //test sul diritto di lavorare su questa procedura if (!MySecurityProvider.CheckAccessRight(procedura)) { System.Web.Security.FormsAuthentication.SignOut(); Session.Abandon(); //TODO:aggiungere il log //Response.Redirect("~/Login.aspx", true); Redirect("LoginPage", null); } else { fResult = !string.IsNullOrEmpty(role) && MySecurityProvider.CheckAccessRight(role); } return(fResult); }
protected void CreateUser_Click(object sender, EventArgs e) { // Default UserStore constructor uses the default connection string named: DefaultConnection var userStore = new UserStore(); var user = new IdentityUser() { UserName = UserName.Text }; user.PasswordHash = MySecurityProvider.PlainToSHA256(Password.Text); user.SecurityStamp = System.DateTime.Now.Ticks.ToString(); string result = userStore.CreateAsync(user).Result; if (result == "OK") { StatusMessage.Text = string.Format("Utente {0} è stato correttamente creato!", user.UserName); } else { StatusMessage.Text = "Utente non creato"; } }
public HttpResponseMessage UpdateOwnProfile(FormDataCollection formsValues) { UsersMailModel model = new UsersMailModel(); var userName = formsValues["UserName"]; var password = formsValues["Password"]; var cognome = formsValues["Cognome"]; var nome = formsValues["Nome"]; var domain = formsValues["Domain"]; var codicefiscale = formsValues["CodiceFiscale"]; var userStore = new UserStore(); string result = "OK"; try { var user = userStore.FindByNameAsync(userName).Result; if (!(string.IsNullOrEmpty(password))) { user.PasswordHash = MySecurityProvider.PlainToSHA256(password); user.SecurityStamp = System.DateTime.Now.Ticks.ToString(); result = userStore.UpdateAsync(user).Result; } if (result == "OK") { BackendUserService bus = new BackendUserService(); BackendUser userBackend = new BackendUser(); userBackend.Cognome = cognome.Trim().ToUpper(); userBackend.Nome = nome.Trim().ToUpper(); userBackend.UserName = userName.Trim().ToUpper(); userBackend.Domain = domain; userBackend.CodiceFiscale = codicefiscale.Trim().ToUpper(); userBackend.UserId = long.Parse(user.Id); bus.Update(userBackend); model.success = "true"; } else { model.success = "false"; model.message = "Utente non aggiornato"; return(this.Request.CreateResponse <UsersMailModel>(HttpStatusCode.OK, model)); } } catch (Exception ex) { if (ex.GetType() != typeof(ManagedException)) { ManagedException mEx = new ManagedException("Errore aggiornamento utente. Dettaglio: " + ex.Message + "StackTrace: " + ((ex.StackTrace != null) ? ex.StackTrace.ToString() : " vuoto "), "ERR322", string.Empty, string.Empty, ex.InnerException); ErrorLogInfo err = new ErrorLogInfo(mEx); log.Error(err); model.success = "false"; model.message = string.Format("Utente {0} non correttamente aggiornato", userName); return(this.Request.CreateResponse <UsersMailModel>(HttpStatusCode.OK, model)); } model.success = "false"; model.message = ex.Message; return(this.Request.CreateResponse <UsersMailModel>(HttpStatusCode.OK, model)); } return(this.Request.CreateResponse <UsersMailModel>(HttpStatusCode.OK, model)); }
public HttpResponseMessage RegisterUser(FormDataCollection formsValues) { var userStore = new UserStore(); UsersModel model = new UsersModel(); var userName = formsValues["UserName"]; var password = formsValues["Password"]; var cognome = formsValues["Cognome"]; var nome = formsValues["Nome"]; var role = formsValues["Role"]; var codicefiscale = formsValues["CodiceFiscale"]; var user = new IdentityUser() { UserName = userName.ToUpper() }; user.PasswordHash = MySecurityProvider.PlainToSHA256(password); user.SecurityStamp = System.DateTime.Now.Ticks.ToString(); try { string result = userStore.CreateAsync(user).Result; user.Id = userStore.FindByNameAsync(userName.ToUpper()).Result.Id; if (result == "OK") { BackendUserService bus = new BackendUserService(); BackendUser userBackend = new BackendUser(); userBackend.Cognome = cognome.Trim().ToUpper(); userBackend.Nome = nome.Trim().ToUpper(); userBackend.UserName = userName.Trim().ToUpper(); userBackend.CodiceFiscale = codicefiscale.Trim().ToUpper(); userBackend.Domain = role.ToUpper(); userBackend.UserId = long.Parse(user.Id); bus.Save(userBackend); model.success = "true"; } else { model.success = "false"; model.message = "Utente non creato"; } var resultRole = (userStore.AddToRoleAsync(user, int.Parse(role.ToUpper()))).Result; if (resultRole != 1) { model.success = "false"; model.message = string.Format("Utente {0} non aggiunto a ruolo {1} è stato correttamente creato!", user.UserName, role); } } catch (Exception ex) { if (ex.GetType() != typeof(ManagedException)) { ManagedException mEx = new ManagedException("Errore creazione utente. Dettaglio: " + ex.Message + "StackTrace: " + ((ex.StackTrace != null) ? ex.StackTrace.ToString() : " vuoto "), "ERR317", string.Empty, string.Empty, ex.InnerException); ErrorLogInfo err = new ErrorLogInfo(mEx); log.Error(err); model.success = "false"; model.message = string.Format("Utente {0} non correttamente creato", user.UserName); } else { model.success = "false"; model.message = "Utene non creato"; } return(this.Request.CreateResponse <UsersModel>(HttpStatusCode.OK, model)); } return(this.Request.CreateResponse <UsersModel>(HttpStatusCode.OK, model)); }
public HttpResponseMessage DoLogin(string username, string password) { LoginModel loginModel = new LoginModel(); try { string user = username.Trim().ToUpper(); string pw = password.Trim(); MyPrincipal upro = null; bool found = false; MyIdentity identity = null; if ((HttpContext.Current.Cache[user] != null)) { upro = (MyPrincipal)HttpContext.Current.Cache.Get(user); identity = (MyIdentity)upro.Identity; HttpContext.Current.User = upro; found = true; } if (!found) { try { upro = MySecurityProvider.BuildNewIdentity(user, "", pw, "Form").Result; } catch (System.Exception ex) { ErrorLogInfo error = new ErrorLogInfo(); error.freeTextDetails = ex.Message; error.logCode = "ERR111"; error.loggingAppCode = "SCA"; error.loggingTime = System.DateTime.Now; error.uniqueLogID = System.DateTime.Now.Ticks.ToString(); _log.Error(error); loginModel.Error = ex.Message; loginModel.success = "false"; return(this.Request.CreateResponse <LoginModel>(HttpStatusCode.InternalServerError, loginModel)); } } //se l'utente ha fornito username e password corretta if (upro != null && (((MyIdentity)upro.Identity).checkIdentity(user, pw))) { //se l'utente non era in cache carico il profilo utente if (!found) { //upro = MySecurityProvider.BuildPrincipal(identity, "0"); HttpContext.Current.Cache.Add(user, upro, null, System.Web.Caching.Cache.NoAbsoluteExpiration, TimeSpan.FromMinutes(CACHEEXPIRATION), System.Web.Caching.CacheItemPriority.AboveNormal, null); } //a questo punto ho riunito le due strade //controllo se l'utente è già loggato //if (upro.isLoggedIn) errorlabel.Text = "Accesso impossibile.<br /><br /><b>ATTENZIONE: Account già in uso!!</b>"; if (false) { } else { MailLogInfo logInfo = new MailLogInfo(); logInfo.logCode = "LON"; logInfo.loggingAppCode = "MAIL"; logInfo.loggingTime = System.DateTime.Now; logInfo.uniqueLogID = System.DateTime.Now.Ticks.ToString(); logInfo.userID = user; logInfo.freeTextDetails = string.Empty; _log.Info(logInfo); FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(user, false, 15); HttpCookie cookie = new HttpCookie(FormsAuthentication.FormsCookieName, FormsAuthentication.Encrypt(ticket)); HttpContext.Current.Response.Cookies.Add(cookie); //Response.Cookies.Add(cookie); // upro.isLoggedIn = true; HttpContext.Current.User = upro; HttpContext.Current.Cache.Insert(user, upro, null, System.Web.Caching.Cache.NoAbsoluteExpiration, TimeSpan.FromMinutes(CACHEEXPIRATION), System.Web.Caching.CacheItemPriority.AboveNormal, null); loginModel.success = "true"; loginModel.ResponseUrl = "pages/Common/Default.aspx"; } } // hanno provato ad inserie uno username giusto ma una password sbagliata(grave) else { loginModel.success = "false"; loginModel.Error = "Attenzione! Credenziali di accesso errate"; return(this.Request.CreateResponse <LoginModel>(HttpStatusCode.BadRequest, loginModel)); } } catch (System.Exception e0) { loginModel.Error = e0.Message; loginModel.success = "false"; return(this.Request.CreateResponse <LoginModel>(HttpStatusCode.InternalServerError, loginModel)); } return(this.Request.CreateResponse <LoginModel>(HttpStatusCode.OK, loginModel)); }