/// <summary> /// VerificaLasciapassare checks if login happened. /// </summary> /// <param name="Session"></param> /// <returns></returns> public static bool CanLogOn( System.Web.SessionState.HttpSessionState Session, string UserHostAddress ) { bool result = false; object lasciapassare = Session["lasciapassare"]; Entity.BusinessEntities.Permesso.Patente actualLasciapassare = default(Entity.BusinessEntities.Permesso.Patente); if ( null == lasciapassare ) { return(false);//cannot enter. }// else continue. // try { actualLasciapassare = (Entity.BusinessEntities.Permesso.Patente)lasciapassare;// here throws, if cast fails. string username = actualLasciapassare.username; int id_user = actualLasciapassare.id_username; if ( "utente not found" == username || 0 == id_user ) { throw new System.Exception("Allarme: avvenuto ingresso di utente NON riconosciuto. "); }// else can enter. Session["errore"] = null; result = true; } catch (System.Exception ex) { LoggingToolsContainerNamespace.LoggingToolsContainer.LogBothSinks_DbFs( "VerificaLasciapassare: rilevato tentativo di violazione dell'area riservata. " + " IP client=" + UserHostAddress + " SessionId=" + Session.SessionID + " Ex = " + ex.Message, 5 ); Session["errore"] = "Credenziali non riconosciute."; result = false; } // ready return(result); } //
}// end Page_Load protected void itnLogin_Click(object sender, ImageClickEventArgs e) { LogSinkFs.Wrappers.LogWrappers.SectionOpen("LoginSquareClient", 5); LogSinkDb.Wrappers.LogWrappers.SectionOpen("LoginSquareClient", 5); //---filter username----NB. no filtering on pwd---------- string filtered_username = Process.utente.utente_login.filterUsername(this.txtUser.Text); // int loginResult = Process.utente.utente_login.canLogOn( filtered_username, this.txtPwd.Text //--NB. no filtering on pwd---------- ); // cache data to be used it in permission-management, iff 0==loginresult. Entity.BusinessEntities.Permesso.Patente patente = null; if (0 == loginResult) { patente = Process.permesso.permesso_loadSingle.GetPatente( filtered_username ); }// else "patente" stays null. // if ( 0 == loginResult && null != patente ) {//--ok this.Session["lasciapassare"] = patente; this.Session["errore"] = null; // LogSinkFs.Wrappers.LogWrappers.SectionContent( "Login valido per l'utente " + ((Entity.BusinessEntities.Permesso.Patente)(this.Session["lasciapassare"])).username + " IP client=" + this.Request.UserHostAddress + " SessionId=" + this.Session.SessionID, 5); LogSinkDb.Wrappers.LogWrappers.SectionContent( "Login valido per l'utente " + ((Entity.BusinessEntities.Permesso.Patente)(this.Session["lasciapassare"])).username + " IP client=" + this.Request.UserHostAddress + " SessionId=" + this.Session.SessionID, 5); // LogSinkFs.Wrappers.LogWrappers.SectionClose(); LogSinkDb.Wrappers.LogWrappers.SectionClose(); this.Response.Redirect("~/zonaRiservata/candidatoLoad.aspx"); } else// if 0<loginResult -> get error msg. {//--out this.Session["lasciapassare"] = null; this.Session["errore"] = Process.utente.utente_login.loginMessages[loginResult]; // LogSinkFs.Wrappers.LogWrappers.SectionContent( "Login fallito per l'utente " + this.txtUser.Text + " tradotto in " + filtered_username + " IP client=" + this.Request.UserHostAddress + " SessionId=" + this.Session.SessionID, 5); LogSinkDb.Wrappers.LogWrappers.SectionContent( "Login fallito per l'utente " + this.txtUser.Text + " tradotto in " + filtered_username + " IP client=" + this.Request.UserHostAddress + " SessionId=" + this.Session.SessionID, 5); // LogSinkFs.Wrappers.LogWrappers.SectionClose(); LogSinkDb.Wrappers.LogWrappers.SectionClose(); this.Response.Redirect("~/errore.aspx"); } } // end itnLogin_Click()
}// end TryRoleChecker /// <summary> /// 0 unlogged /// 1 admin /// 2 writer /// 3 reader /// </summary> /// <returns></returns> public static int RoleCheckerQuery( System.Web.SessionState.HttpSessionState Session, string UserHostAddress ) { int res = default(int); object lasciapassare = Session["lasciapassare"]; Entity.BusinessEntities.Permesso.Patente actualLasciapassare = default(Entity.BusinessEntities.Permesso.Patente); LoggingToolsContainerNamespace.LoggingToolsContainer.LogBothSinks_DbFs( "RoleCheckerQuery for host " + UserHostAddress, 0); // if ( null == lasciapassare ) { return(0);//cannot enter. }// else continue. string username = default(string); int id_user = default(int); // try { actualLasciapassare = (Entity.BusinessEntities.Permesso.Patente)lasciapassare;// here throws, if cast fails. username = actualLasciapassare.username; id_user = actualLasciapassare.id_username; if ( "utente not found" == username || 0 == id_user ) { throw new System.Exception("Allarme: avvenuto ingresso di utente NON riconosciuto. "); }// else can enter. Session["errore"] = null; // still don't know WHO is logged, so nothing about "res" yet. } catch (System.Exception ex) { LoggingToolsContainerNamespace.LoggingToolsContainer.LogBothSinks_DbFs( "VerificaLasciapassare: rilevato tentativo di violazione dell'area riservata. " + " IP client=" + UserHostAddress + " SessionId=" + Session.SessionID + " Ex = " + ex.Message, 0 ); Session["errore"] = "Credenziali non riconosciute."; res = -1;// unlogged return(res); } // // if (// Administrator: enables LogViewing, more than writing. "admin" == username ) { res = 1; } else if (// writer "Sandro Francesconi" == username || "Thomas Albarello" == username || "Daniela Pichierri" == username ) { res = 2; } else {// reader res = 3; } Session["RoleChecker"] = res;//----NB.-------------- // ready // return(res); } //