You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
|
|
using Common.Helper; using Microsoft.AspNet.Identity; using System; using System.Web; using System.Web.Security; using System.Web.UI; using System.Web.UI.WebControls;
namespace JMEAgentSystem { public partial class SiteMaster : MasterPage { private const string AntiXsrfTokenKey = "__AntiXsrfToken"; private const string AntiXsrfUserNameKey = "__AntiXsrfUserName"; private string _antiXsrfTokenValue;
protected void Page_Init(object sender, EventArgs e) { IsLogin(); // The code below helps to protect against XSRF attacks
var requestCookie = Request.Cookies[AntiXsrfTokenKey]; Guid requestCookieGuidValue; if (requestCookie != null && Guid.TryParse(requestCookie.Value, out requestCookieGuidValue)) { // Use the Anti-XSRF token from the cookie
_antiXsrfTokenValue = requestCookie.Value; Page.ViewStateUserKey = _antiXsrfTokenValue; } else { // Generate a new Anti-XSRF token and save to the cookie
_antiXsrfTokenValue = Guid.NewGuid().ToString("N"); Page.ViewStateUserKey = _antiXsrfTokenValue;
var responseCookie = new HttpCookie(AntiXsrfTokenKey) { HttpOnly = true, Value = _antiXsrfTokenValue }; if (FormsAuthentication.RequireSSL && Request.IsSecureConnection) { responseCookie.Secure = true; } Response.Cookies.Set(responseCookie); }
Page.PreLoad += master_Page_PreLoad; }
protected void master_Page_PreLoad(object sender, EventArgs e) { if (!IsPostBack) { // Set Anti-XSRF token
ViewState[AntiXsrfTokenKey] = Page.ViewStateUserKey; ViewState[AntiXsrfUserNameKey] = Context.User.Identity.Name ?? String.Empty; } else { // Validate the Anti-XSRF token
if ((string)ViewState[AntiXsrfTokenKey] != _antiXsrfTokenValue || (string)ViewState[AntiXsrfUserNameKey] != (Context.User.Identity.Name ?? String.Empty)) { throw new InvalidOperationException("Validation of Anti-XSRF token failed."); } } }
protected void Page_Load(object sender, EventArgs e) { }
protected void Unnamed_LoggingOut(object sender, LoginCancelEventArgs e) { Context.GetOwinContext().Authentication.SignOut(DefaultAuthenticationTypes.ApplicationCookie); }
private void IsLogin() { if (GetStatic.GetUser() != null && GetStatic.GetUser() == "") Response.Redirect("/Webpages/Account/Login"); agentName1.InnerText = GetStatic.ReadSession("agentName", ""); agentName2.InnerText = GetStatic.ReadSession("agentName", ""); //username1.InnerText = user.Username;
branchName1.InnerText = GetStatic.ReadSession("agentAddress", "");
var pg = this.Page;
string a = Page.Page.AppRelativeVirtualPath;
if (a.ToLower().Equals("~/webpages/account/forcechangepassword.aspx") || a.ToLower().Equals("~/webpages/account/forcechangepassword")) { return; } if (GetStatic.ReadSession("isForceChangePassword", "") == "True") Response.Redirect("/Webpages/Account/ForceChangePassword"); } } }
|