protected Connector.QueryResult AuthenByDB(string storeName, Connector.QueryParameter loginParameter) { Connector.IDatabaseConnector dbConnector = new Connector.DatabaseConnectorClass(); Connector.QueryResult loginResult = dbConnector.ExecuteStoredProcedure(storeName, loginParameter); if (loginResult.Success) { if (loginResult.DataTable != null && loginResult.DataTable.Rows.Count > 0) { foreach (DataColumn dc in loginResult.DataTable.Columns) { Session["DVS_" + dc.ColumnName] = loginResult.DataTable.Rows[0][dc.ColumnName]; } loginResult = GetSystemPermission(Session["DVS_USER_ID"].ToString()); Session.Remove("DVS_IS_GUEST"); } else { throw new Exception(loginResult.Message); } } else { throw new Exception(loginResult.Message); } return(loginResult); }
protected Connector.QueryResult GetSystemPermission(string userid) { if (userid == "999999999") { return(GetPrivatePermission()); } Connector.IDatabaseConnector dbConnector = new Connector.DatabaseConnectorClass(); Connector.QueryResult permissionResult = null; permissionResult = dbConnector.ExecuteStoredProcedure("APP_Q_CONFIG", new Connector.QueryParameter(new Dictionary <string, object>() { { "USER_ID", userid } })); Dictionary <string, object> session = new Dictionary <string, object>(); foreach (string sKey in Session.Keys) { if (!sKey.StartsWith("DVS_")) { continue; } session.Add(sKey.Replace("DVS_", ""), Session[sKey]); } permissionResult.AddOutputParam("session", session); return(permissionResult); }
public static void ApplicationLogout(HttpSessionState Session, HttpResponse Response = null) { Connector.IDatabaseConnector dbConnector = new Connector.DatabaseConnectorClass(); Connector.QueryParameter logoutParameter = new Connector.QueryParameter(); Connector.QueryResult logoutResult = new Connector.QueryResult(); if (Session != null && Session["DVS_USER_ID"] != null) { if (Session["AUTHEN_TOKEN"] != null) { AMSDuplicateAuthenCore.ClearToken(Session["DVS_USER_ID"].ToString(), Session["AUTHEN_TOKEN"].ToString()); } logoutParameter.Add("USER_ID", Session["DVS_USER_ID"]); logoutResult = dbConnector.ExecuteStoredProcedure("SYS_I_LOGOUT", logoutParameter); logoutResult.Success = true; logoutResult.Message = string.Empty; logoutResult.RemoveOutputParam("error"); Session.Abandon(); } if (Response != null) { HttpCookie authenTokenCookie = new HttpCookie("AUTHEN_TOKEN"); authenTokenCookie.Value = ""; Response.Cookies.Add(authenTokenCookie); Response.ClearContent(); Response.ContentType = "application/json"; Response.Write(logoutResult.ToJson()); } }
protected bool PageSelector(string request, out string wgNamespace, out Dictionary <string, object> wgParameters) { wgNamespace = string.Empty; wgParameters = new Dictionary <string, object>(); switch (request) { case "portal": wgNamespace = "viewer/Portal/Portal"; if (Session != null && Session["DVS_USER_ID"] != null) { if (!checkAuthentication()) { return(false); } if (AMSCore.WebConfigReadKey("AUTHENTICATION_TYPE") == "1") { wgParameters = new Dictionary <string, object>() { { "permission", GetSystemPermission(Session["DVS_USER_ID"].ToString()).ToDictionary() } }; } else if (AMSCore.WebConfigReadKey("AUTHENTICATION_TYPE") == "2") { wgParameters = new Dictionary <string, object>() { { "permission", AuthenByAD(Session["DVS_USER_ID"].ToString()).ToDictionary() } }; } else if (AMSCore.WebConfigReadKey("AUTHENTICATION_TYPE") == "3") { } } else if (AMSCore.WebConfigReadKey("GUEST_ENABLED") != null && AMSCore.WebConfigReadKey("GUEST_ENABLED").Equals("1")) { Session["DVS_IS_GUEST"] = true; Session["DVS_USER_ID"] = AMSCore.WebConfigReadKey("GUEST_USER_ID"); wgParameters = new Dictionary <string, object>() { { "permission", GetSystemPermission(Session["DVS_USER_ID"].ToString()).ToDictionary() } }; } break; case "logout": { ApplicationLogout(Session, Response); if (Request.HttpMethod != "POST") { Response.Redirect("~/", true); } return(false); } case "system": if (Request.HttpMethod == "POST") { Response.ClearContent(); Connector.QueryParameter reqParameter = new Connector.QueryParameter(Request); if (reqParameter["SYS_ID"].Equals("-1")) { Session.Remove("DVS_SYSTEM_ID"); } else { Session["DVS_SYSTEM_ID"] = reqParameter["SYS_ID"]; } Response.ContentType = "application/json"; Response.Write(new Connector.QueryResult().ToJson()); return(false); } else if (!checkAuthentication()) { return(false); } break; case "forgetPassword": { wgNamespace = "viewer/ForgetPassword/ForgetPassword"; wgParameters = new Dictionary <string, object>() { { "token", Request.Params["token"] }, { "userid", Request.Params["userid"] }, { "forgetByEmail", true } }; break; } case "APP_Q_LOGIN": { Response.ClearContent(); ApplicationLogin("APP_Q_LOGIN"); return(false); } case "UM_Q_VERIFY_USER": case "UM_U_PWD": case "UM_U_RESET_PWD": case "UM_Q_MAIL_TOKEN": { Response.ClearContent(); string storeName = request; Connector.IDatabaseConnector dbConnector = new Connector.DatabaseConnectorClass(); Connector.QueryParameter reqParameter = new Connector.QueryParameter(Request); Connector.QueryResult logoutResult = dbConnector.ExecuteStoredProcedure(storeName, reqParameter); Response.ContentType = "application/json"; Response.Write(logoutResult.ToJson()); return(false); } default: break; } return(true); }
protected override void CreateChildControls() { base.CreateChildControls(); //assign HTML injection configuration. List <string> webConfigToSetCookieList = new List <string>() { "PREVENT_HTML_INPUT", "ENCODE_HTML", "PREVENT_HTML_INPUT_CHAR_LIST" }; foreach (string webConfigParam in webConfigToSetCookieList) { if (Response.Cookies[webConfigParam] == null) { HttpCookie cookie = new HttpCookie(webConfigParam); cookie.Value = AMSCore.WebConfigReadKey(webConfigParam); Response.Cookies.Add(cookie); } else { Response.Cookies[webConfigParam].Value = AMSCore.WebConfigReadKey(webConfigParam); } } //assign authentication token for checking authentication. if (Session["AUTHEN_TOKEN"] != null) { HttpCookie authenTokenCookie = new HttpCookie("AUTHEN_TOKEN"); authenTokenCookie.Value = Session["AUTHEN_TOKEN"].ToString(); Response.Cookies.Add(authenTokenCookie); } //assign CSRF token for checking form sending from across domain. if (Session["CSRF_TOKEN"] != null) { HttpCookie authenTokenCookie = new HttpCookie("CSRF_TOKEN"); authenTokenCookie.Value = Session["CSRF_TOKEN"].ToString(); Response.Cookies.Add(authenTokenCookie); } Response.Cache.SetNoStore(); InsertMeta(); Connector.QueryParameter requestParameter = new Connector.QueryParameter(Request); string cssDojoUrl = AMSCore.WebConfigReadKey("CSS_DOJO"); string cssEsriUrl = AMSCore.WebConfigReadKey("CSS_ESRI"); string jsAmosUrl = AMSCore.WebConfigReadKey("JS_AMOS_URL"); string cssAmosUrl = AMSCore.WebConfigReadKey("CSS_AMOS"); /// Insert Script Tags (reverse seq.) /// last --> first InsertScriptSrc(AMSCore.WebConfigReadKey("CONFIG_ESRI") + appCacheBust); InsertScriptSrc(AMSCore.WebConfigReadKey("JS_API_URL") + appCacheBust); InitializeDojoConfig(requestParameter); if (jsAmosUrl.StartsWith("//")) { jsAmosUrl = "location.protocol + '" + jsAmosUrl + "'"; } else { jsAmosUrl = "'" + jsAmosUrl + "'"; } InsertScriptTag("dojoConfig.packages.push({'name': 'esrith', 'location': " + jsAmosUrl + "});"); InsertScriptSrc(AMSCore.WebConfigReadKey("CONFIG_DOJO") + appCacheBust); /// Insert Style Tags (forward seq.) /// first --> last InsertStyleTag( string.Format("@import '{0}';", cssDojoUrl + appCacheBust) + "\r\n" + string.Format("@import '{0}';", cssEsriUrl + appCacheBust) + "\r\n" + string.Format("@import '{0}';", cssAmosUrl + appCacheBust) ); long timeDiff = 0; double timezone = 0; if (AMSCore.WebConfigReadKey("IS_DEBUG") == "0") { Connector.IDatabaseConnector dbConnector = new Connector.DatabaseConnectorClass(); Connector.QueryResult dbResult = null; try { if (dbConnector.Provider == Connector.ProviderFactory.Oracle) { dbResult = dbConnector.ExecuteStatement("select sysdate as CURRENT_DATE, dbtimezone as TIMEOFFSET from dual"); } else if (dbConnector.Provider == Connector.ProviderFactory.MSSQL) { dbResult = dbConnector.ExecuteStatement("select getdate() as CURRENT_DATE, datediff(minute, convert(time, sysutcdatetime()), convert(time, sysdatetimeoffset())) as TIMEOFFSET"); } } catch { } if (dbResult.Success == true && dbResult.DataTable.Rows.Count > 0) { timeDiff = AMSCore.DateTimeToUnixTimeStamp((dbResult.DataTable.Rows[0]["CURRENT_DATE"] as DateTime?).Value); string timeOffset = dbResult.DataTable.Rows[0]["TIMEOFFSET"].ToString(); if (timeOffset.StartsWith("+")) { timezone = double.Parse("-" + AMSCore.StringToDateTime(timeOffset.Substring(1), "HH:mm").TimeOfDay.TotalMinutes.ToString()); } else if (timeOffset.StartsWith("-")) { timezone = double.Parse("+" + AMSCore.StringToDateTime(timeOffset.Substring(1), "HH:mm").TimeOfDay.TotalMinutes.ToString()); } else { timezone = double.Parse(dbResult.DataTable.Rows[0]["TIMEOFFSET"].ToString()); } } else { TimeZone localZone = TimeZone.CurrentTimeZone; DateTime currentDate = DateTime.Now; TimeSpan currentOffset = localZone.GetUtcOffset(currentDate); timeDiff = AMSCore.DateTimeToUnixTimeStamp(currentDate, -currentOffset.TotalMinutes); timezone = currentOffset.TotalMinutes * -1; } } else { TimeZone localZone = TimeZone.CurrentTimeZone; DateTime currentDate = DateTime.Now; TimeSpan currentOffset = localZone.GetUtcOffset(currentDate); timeDiff = AMSCore.DateTimeToUnixTimeStamp(DateTime.Now, -currentOffset.TotalMinutes); timezone = currentOffset.TotalMinutes * -1; } //Dictionary<string, object> sessionObject = new Dictionary<string, object>(); //Dictionary<string, object> sessionObject2 = null; System.Web.Script.Serialization.JavaScriptSerializer serialization = new System.Web.Script.Serialization.JavaScriptSerializer(); StringBuilder txtScript = new StringBuilder(); txtScript.AppendLine("try{"); txtScript.AppendLine("Object.defineProperty(window,'appVersion',{value:'" + appVersion + "'});"); txtScript.AppendLine("Object.defineProperty(window,'appServer',{value:{}});"); txtScript.AppendLine("Object.defineProperty(appServer,'timeDiff',{value:" + timeDiff + " - new Date().getTime()});"); txtScript.AppendLine("Object.defineProperty(appServer,'timeZone',{value:" + timezone + "});"); txtScript.AppendLine("Object.defineProperty(appServer,'isDebug',{value:'" + AMSCore.WebConfigReadKey("IS_DEBUG") + "'});"); txtScript.AppendLine("Object.defineProperty(appServer,'isEncrypt',{value:'" + AMSCore.WebConfigReadKey("IS_ENCRYPT") + "'});"); txtScript.AppendLine("Object.defineProperty(appServer,'sessionId',{value:'" + Session.SessionID + "'});"); Dictionary <string, object> webConfigObject = new Dictionary <string, object>(); txtScript.AppendLine("Object.defineProperty(appServer,'webConfig',{value:{}});"); foreach (string keyConfig in AMSCore.WebConfigKeys()) { webConfigObject.Add(keyConfig, AMSCore.WebConfigReadKey(keyConfig)); txtScript.AppendLine(string.Format(@"Object.defineProperty(appServer.webConfig,'{0}',{1});", keyConfig, serialization.Serialize(new Dictionary <string, object>() { { "value", AMSCore.WebConfigReadKey(keyConfig) } }))); } txtScript.AppendLine("}catch(err){"); txtScript.AppendLine("window.appVersion = '" + appVersion + "'"); txtScript.AppendLine("window.appServer = {"); txtScript.AppendLine("'timeDiff':" + timeDiff + " - new Date().getTime(),"); txtScript.AppendLine("'timeZone':" + timezone + ","); txtScript.AppendLine("'isDebug':'" + AMSCore.WebConfigReadKey("IS_DEBUG") + "',"); txtScript.AppendLine("'isEncrypt':'" + AMSCore.WebConfigReadKey("IS_ENCRYPT") + "',"); txtScript.AppendLine("'sessionId':'" + Session.SessionID + "',"); txtScript.AppendLine("'webConfig':" + serialization.Serialize(webConfigObject)); txtScript.AppendLine("};"); txtScript.AppendLine("}"); //string onCloseBrowserScript = @" // window.onbeforeunload = function (event) // { // try // { // var request = new XMLHttpRequest(); // request.open('POST','{logoutURLPath}',false); // request.setRequestHeader('content-type','application/x-www-form-urlencoded'); // request.timeout = 4000; // request.send(''); // } // catch(err) // { // } // }; //"; //string logoutURLPath = HttpContext.Current.Request.Url.GetLeftPart(UriPartial.Authority) + ResolveUrl("~/?p=logout"); //onCloseBrowserScript = onCloseBrowserScript.Replace("{logoutURLPath}", logoutURLPath); //txtScript.AppendLine(onCloseBrowserScript); InsertScriptTag(txtScript.ToString()); }