You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
101 lines
3.7 KiB
101 lines
3.7 KiB
using Common.Helper;
|
|
using Microsoft.AspNet.Identity;
|
|
using System;
|
|
using System.Web;
|
|
using System.Web.Security;
|
|
using System.Web.UI;
|
|
using System.Web.UI.WebControls;
|
|
|
|
namespace JMEAgentSystem
|
|
{
|
|
public partial class SiteMaster : MasterPage
|
|
{
|
|
private const string AntiXsrfTokenKey = "__AntiXsrfToken";
|
|
private const string AntiXsrfUserNameKey = "__AntiXsrfUserName";
|
|
private string _antiXsrfTokenValue;
|
|
|
|
protected void Page_Init(object sender, EventArgs e)
|
|
{
|
|
IsLogin();
|
|
// The code below helps to protect against XSRF attacks
|
|
var requestCookie = Request.Cookies[AntiXsrfTokenKey];
|
|
Guid requestCookieGuidValue;
|
|
if (requestCookie != null && Guid.TryParse(requestCookie.Value, out requestCookieGuidValue))
|
|
{
|
|
// Use the Anti-XSRF token from the cookie
|
|
_antiXsrfTokenValue = requestCookie.Value;
|
|
Page.ViewStateUserKey = _antiXsrfTokenValue;
|
|
}
|
|
else
|
|
{
|
|
// Generate a new Anti-XSRF token and save to the cookie
|
|
_antiXsrfTokenValue = Guid.NewGuid().ToString("N");
|
|
Page.ViewStateUserKey = _antiXsrfTokenValue;
|
|
|
|
var responseCookie = new HttpCookie(AntiXsrfTokenKey)
|
|
{
|
|
HttpOnly = true,
|
|
Value = _antiXsrfTokenValue
|
|
};
|
|
if (FormsAuthentication.RequireSSL && Request.IsSecureConnection)
|
|
{
|
|
responseCookie.Secure = true;
|
|
}
|
|
Response.Cookies.Set(responseCookie);
|
|
}
|
|
|
|
Page.PreLoad += master_Page_PreLoad;
|
|
}
|
|
|
|
protected void master_Page_PreLoad(object sender, EventArgs e)
|
|
{
|
|
if (!IsPostBack)
|
|
{
|
|
// Set Anti-XSRF token
|
|
ViewState[AntiXsrfTokenKey] = Page.ViewStateUserKey;
|
|
ViewState[AntiXsrfUserNameKey] = Context.User.Identity.Name ?? String.Empty;
|
|
}
|
|
else
|
|
{
|
|
// Validate the Anti-XSRF token
|
|
if ((string)ViewState[AntiXsrfTokenKey] != _antiXsrfTokenValue
|
|
|| (string)ViewState[AntiXsrfUserNameKey] != (Context.User.Identity.Name ?? String.Empty))
|
|
{
|
|
throw new InvalidOperationException("Validation of Anti-XSRF token failed.");
|
|
}
|
|
}
|
|
}
|
|
|
|
protected void Page_Load(object sender, EventArgs e)
|
|
{
|
|
}
|
|
|
|
protected void Unnamed_LoggingOut(object sender, LoginCancelEventArgs e)
|
|
{
|
|
Context.GetOwinContext().Authentication.SignOut(DefaultAuthenticationTypes.ApplicationCookie);
|
|
}
|
|
|
|
private void IsLogin()
|
|
{
|
|
if (GetStatic.GetUser() != null && GetStatic.GetUser() == "")
|
|
Response.Redirect("/Webpages/Account/Login");
|
|
agentName1.InnerText = GetStatic.ReadSession("agentName", "");
|
|
//agentName2.InnerText = GetStatic.ReadSession("agentName", "");
|
|
//username1.InnerText = user.Username;
|
|
branchName1.InnerText = GetStatic.ReadSession("agentAddress", "");
|
|
|
|
var pg = this.Page;
|
|
|
|
string a = Page.Page.AppRelativeVirtualPath;
|
|
|
|
if (a.ToLower().Equals("~/webpages/account/forcechangepassword.aspx") || a.ToLower().Equals("~/webpages/account/forcechangepassword"))
|
|
{
|
|
return;
|
|
}
|
|
|
|
if (GetStatic.ReadSession("isForceChangePassword", "") == "True")
|
|
Response.Redirect("/Webpages/Account/ForceChangePassword");
|
|
}
|
|
|
|
}
|
|
}
|