IME-LONDON
/
BankingSystem
8
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
72 Commits
2 Branches
0 Tags
63 MiB
Tree: efd672f6bd
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'efd672f6bd'
${ noResults }
BankingSystem/JMEAgentSystem/Site.Master.cs

100 lines
3.7 KiB
Raw Normal View History

4 years ago
4 years ago
4 years ago
4 years ago
4 years ago
  1. using Common.Helper;
  2. using Microsoft.AspNet.Identity;
  3. using System;
  4. using System.Web;
  5. using System.Web.Security;
  6. using System.Web.UI;
  7. using System.Web.UI.WebControls;
  9. namespace JMEAgentSystem
  10. {
  11. public partial class SiteMaster : MasterPage
  12. {
  13. private const string AntiXsrfTokenKey = "__AntiXsrfToken";
  14. private const string AntiXsrfUserNameKey = "__AntiXsrfUserName";
  15. private string _antiXsrfTokenValue;
  17. protected void Page_Init(object sender, EventArgs e)
  18. {
  19. IsLogin();
  20. // The code below helps to protect against XSRF attacks
  21. var requestCookie = Request.Cookies[AntiXsrfTokenKey];
  22. Guid requestCookieGuidValue;
  23. if (requestCookie != null && Guid.TryParse(requestCookie.Value, out requestCookieGuidValue))
  24. {
  25. // Use the Anti-XSRF token from the cookie
  26. _antiXsrfTokenValue = requestCookie.Value;
  27. Page.ViewStateUserKey = _antiXsrfTokenValue;
  28. }
  29. else
  30. {
  31. // Generate a new Anti-XSRF token and save to the cookie
  32. _antiXsrfTokenValue = Guid.NewGuid().ToString("N");
  33. Page.ViewStateUserKey = _antiXsrfTokenValue;
  35. var responseCookie = new HttpCookie(AntiXsrfTokenKey)
  36. {
  37. HttpOnly = true,
  38. Value = _antiXsrfTokenValue
  39. };
  40. if (FormsAuthentication.RequireSSL && Request.IsSecureConnection)
  41. {
  42. responseCookie.Secure = true;
  43. }
  44. Response.Cookies.Set(responseCookie);
  45. }
  47. Page.PreLoad += master_Page_PreLoad;
  48. }
  50. protected void master_Page_PreLoad(object sender, EventArgs e)
  51. {
  52. if (!IsPostBack)
  53. {
  54. // Set Anti-XSRF token
  55. ViewState[AntiXsrfTokenKey] = Page.ViewStateUserKey;
  56. ViewState[AntiXsrfUserNameKey] = Context.User.Identity.Name ?? String.Empty;
  57. }
  58. else
  59. {
  60. // Validate the Anti-XSRF token
  61. if ((string)ViewState[AntiXsrfTokenKey] != _antiXsrfTokenValue
  62. || (string)ViewState[AntiXsrfUserNameKey] != (Context.User.Identity.Name ?? String.Empty))
  63. {
  64. throw new InvalidOperationException("Validation of Anti-XSRF token failed.");
  65. }
  66. }
  67. }
  69. protected void Page_Load(object sender, EventArgs e)
  70. {
  71. }
  73. protected void Unnamed_LoggingOut(object sender, LoginCancelEventArgs e)
  74. {
  75. Context.GetOwinContext().Authentication.SignOut(DefaultAuthenticationTypes.ApplicationCookie);
  76. }
  78. private void IsLogin()
  79. {
  80. if (GetStatic.GetUser() != null && GetStatic.GetUser() == "")
  81. Response.Redirect("/Webpages/Account/Login");
  82. agentName1.InnerText = GetStatic.ReadSession("agentName", "");
  83. agentName2.InnerText = GetStatic.ReadSession("agentName", "");
  84. //username1.InnerText = user.Username;
  85. branchName1.InnerText = GetStatic.ReadSession("agentAddress", "");
  87. var pg = this.Page;
  89. string a = Page.Page.AppRelativeVirtualPath;
  91. if (a.ToLower().Equals("~/webpages/account/forcechangepassword.aspx") || a.ToLower().Equals("~/webpages/account/forcechangepassword"))
  92. {
  93. return;
  94. }
  96. if (GetStatic.ReadSession("isForceChangePassword", "") == "True")
  97. Response.Redirect("/Webpages/Account/ForceChangePassword");
  98. }
  100. }
  101. }