i have a problem: when i login User.Identity.GetUserId() return correct value of ID, but when i click logout and then login again with another user User.Identity.GetUserId() return null:
my code:
protected void LogIn(object sender, EventArgs e)
{
string url="";
if (IsValid)
{
// Convalidare la password utente
var manager = Context.GetOwinContext().GetUserManager<ApplicationUserManager>();
var signinManager = Context.GetOwinContext().GetUserManager<ApplicationSignInManager>();
var result = signinManager.PasswordSignIn(Email.Text, Password.Text, RememberMe.Checked, shouldLockout: false);
FormsAuthentication.RedirectFromLoginPage(User.Identity.GetUserId(), false);
var roles = manager.GetRoles(User.Identity.GetUserId().ToString());
Session["Role"] = roles[0];
switch (Convert.ToString(Session["Role"]))
{
case "GruppoAzienda":
url = "G_Aziende/g_aziende.aspx";break;
case "Azienda":
url = "Aziende/Dipendenti.aspx"; break;
}
switch (result)
{
case SignInStatus.Success:
IdentityHelper.RedirectToReturnUrl(Request.QueryString["ReturnUrl"], Response, url);
break;
case SignInStatus.LockedOut:
Response.Redirect("/Account/Lockout");
break;
case SignInStatus.RequiresVerification:
Response.Redirect(String.Format("/Account/TwoFactorAuthenticationSignIn?ReturnUrl={0}&RememberMe={1}",
Request.QueryString["ReturnUrl"],
RememberMe.Checked),
true);
break;
case SignInStatus.Failure:
default:
FailureText.Text = "Tentativo di accesso non valido";
ErrorMessage.Visible = true;
break;
}
}
}
this is logout code:
protected void Unnamed_LoggingOut(object sender, LoginCancelEventArgs e)
{
Context.GetOwinContext().Authentication.SignOut(DefaultAuthenticationTypes.ApplicationCookie);
Session.Abandon();
}
Can someone help?
Related
I have an ASP.Net web form application that users can register to. In the registration process, some user details are stored as claims, the MemberApproved variable is used to check the approval status of a user, it is set to "No" when the user is created, and can be changed later by admin:
var manager = Context.GetOwinContext().GetUserManager<ApplicationUserManager>();
var signInManager = Context.GetOwinContext().Get<ApplicationSignInManager>();
var user = new ApplicationUser() { UserName = Email.Text, Email = Email.Text, FirstName = FirstName.Text, LastName = LastName.Text,MemberApproved="No" };
THis is working fine and I can see the user details above added correctly in the AspNetUsers
Then I am trying to check if the user has been approved by an admin when they login, in this process, I am trying to retrieve MemberApproved value using the following code:
protected void Page_Load(object sender, EventArgs e)
{
RegisterHyperLink.NavigateUrl = "Register";
OpenAuthLogin.ReturnUrl = Request.QueryString["ReturnUrl"];
var returnUrl = HttpUtility.UrlEncode(Request.QueryString["ReturnUrl"]);
if (!String.IsNullOrEmpty(returnUrl))
{
RegisterHyperLink.NavigateUrl += "?ReturnUrl=" + returnUrl;
}
}
protected void LogIn(object sender, EventArgs e)
{
if (IsValid)
{
var manager = Context.GetOwinContext().GetUserManager<ApplicationUserManager>();
var signinManager = Context.GetOwinContext().GetUserManager<ApplicationSignInManager>();
var result = signinManager.PasswordSignIn(Email.Text, Password.Text, RememberMe.Checked, shouldLockout: false);
switch (result)
{
case SignInStatus.Success:
var claims = ClaimsPrincipal.Current.Identities.First().Claims.ToList();
string MemberApproved = claims?.FirstOrDefault(x => x.Type.Equals("MemberApproved", StringComparison.OrdinalIgnoreCase))?.Value;
if (MemberApproved == "No")
{
FailureText.Text = "User not approved yet";
ErrorMessage.Visible = true;
break;
}
else
{ IdentityHelper.RedirectToReturnUrl(Request.QueryString["ReturnUrl"], Response);
break;
}
case SignInStatus.LockedOut:
Response.Redirect("/Account/Lockout");
break;
case SignInStatus.RequiresVerification:
Response.Redirect(String.Format("/Account/TwoFactorAuthenticationSignIn?ReturnUrl={0}&RememberMe={1}",
Request.QueryString["ReturnUrl"],
RememberMe.Checked),
true);
break;
case SignInStatus.Failure:
default:
FailureText.Text = "Invalid login attempt";
ErrorMessage.Visible = true;
break;
}
}
}
}
I am however running into problems and the code above does not seem to be able to retrieve the value of "MemberApproved"
Any suggestions would be very much appreciated.
In our intranet there are some clinks with href pointing to my applcation. When any of the links is clicked and browser redirects, ELMAH generates the hundreds of repeating errors below for 10 seconds or so .
System.Web.HttpException: Server cannot set status after HTTP headers have been sent.
Generated: Tue, 13 Dec 2016 17:20:43 GMT
System.Web.HttpException (0x80004005): Server cannot set status after HTTP headers have been sent.
at System.Web.HttpResponse.set_StatusCode(Int32 value)
at System.Web.Mvc.HandleErrorAttribute.OnException(ExceptionContext filterContext)
at System.Web.Mvc.ControllerActionInvoker.InvokeExceptionFilters(ControllerContext controllerContext, IList`1 filters, Exception exception)
at System.Web.Mvc.Async.AsyncControllerActionInvoker.<>c__DisplayClass21.<BeginInvokeAction>b__1e(IAsyncResult asyncResult)
My application has the following code in the Application_BeginRequest() and Application_Error() which set statuscode. I am not sure if it has anything to do with it.
protected void Application_BeginRequest(object sender, EventArgs e) {
Response.BufferOutput = true;
//enforce HTTPS
if (!HttpContext.Current.Request.IsLocal && !Request.IsSecureConnection )
{
bool addHttpsAttribute = true;
foreach (Filter filter in GlobalFilters.Filters)
{
if (filter.Instance is RequireHttpsAttribute)
{
addHttpsAttribute = false;
break;
}
}
if (addHttpsAttribute)
GlobalFilters.Filters.Add(new RequireHttpsAttribute());
}
}
protected void Application_Error(object sender, EventArgs e) {
Response.BufferOutput = true;
var httpContext = HttpContext.Current;
var currentRouteData = RouteTable.Routes.GetRouteData(new HttpContextWrapper(httpContext));
var currentController = " ";
var currentAction = " ";
if (currentRouteData != null) {
if (currentRouteData.Values["controller"] != null && !String.IsNullOrEmpty(currentRouteData.Values["controller"].ToString())) {
currentController = currentRouteData.Values["controller"].ToString();
}
if (currentRouteData.Values["action"] != null && !String.IsNullOrEmpty(currentRouteData.Values["action"].ToString())) {
currentAction = currentRouteData.Values["action"].ToString();
}
}
var ex = Server.GetLastError();
var controller = new myApp.Controllers.ErrorController();
var routeData = new RouteData();
var action = "OtherError";
if (ex is HttpException) {
var httpEx = ex as HttpException;
switch (httpEx.GetHttpCode()) {
case 404:
action = "NotFound";
break;
// others if any
default:
action = "OtherError";
break;
}
}
httpContext.ClearError();
httpContext.Response.Clear();
httpContext.Response.StatusCode = ex is HttpException ? ((HttpException) ex).GetHttpCode() : 500;
httpContext.Response.TrySkipIisCustomErrors = true;
routeData.Values["controller"] = "Error";
routeData.Values["action"] = action;
controller.ViewData.Model = new myApp.Models.HandleErrorInfo(ex, currentController, currentAction);
((IController) controller).Execute(new RequestContext(new HttpContextWrapper(httpContext), routeData));
Context.ApplicationInstance.CompleteRequest();
}
I'm trying to get an auth basic on my web api. I've written a simple HttpModule to check it
public class BasicAuth : IHttpModule
{
SqlConnection con = new SqlConnection(WebConfigurationManager.ConnectionStrings["Connection"].ConnectionString);
private const string Realm = "MyRealm";
public void Init(HttpApplication context)
{
// Register event handlers
context.AuthorizeRequest += new EventHandler(OnApplicationAuthenticateRequest);
context.EndRequest += new EventHandler(OnApplicationEndRequest);
}
private static void SetPrincipal(IPrincipal principal)
{
Thread.CurrentPrincipal = principal;
if (HttpContext.Current != null)
{
HttpContext.Current.User = principal;
}
}
private bool CheckPassword(string username, string password)
{
var parameters = new DynamicParameters();
parameters.Add("#UserName", username);
parameters.Add("#Password", password);
con.Open();
try
{
var query = //query to db to check username and password
return query.Count() == 1 ? true : false;
}
catch
{
return false;
}
finally
{
con.Close();
}
}
private bool AuthenticateUser(string credentials)
{
try
{
var encoding = Encoding.GetEncoding("iso-8859-1");
credentials = encoding.GetString(Convert.FromBase64String(credentials));
int separator = credentials.IndexOf(':');
string name = credentials.Substring(0, separator);
string password = credentials.Substring(separator + 1);
if (CheckPassword(name, password))
{
var identity = new GenericIdentity(name);
SetPrincipal(new GenericPrincipal(identity, null));
return true;
}
else
{
return false;
}
}
catch
{
return false;
}
}
private void OnApplicationAuthenticateRequest(object sender, EventArgs e)
{
var authHeader = request.Headers["Authorization"];
if (authHeader != null)
{
var authHeaderVal = AuthenticationHeaderValue.Parse(authHeader);
// RFC 2617 sec 1.2, "scheme" name is case-insensitive
if (authHeaderVal.Scheme.Equals("basic",
StringComparison.OrdinalIgnoreCase) &&
authHeaderVal.Parameter != null)
{
if (AuthenticateUser(authHeaderVal.Parameter))
{
//user is authenticated
}
else
{
HttpContext.Current.Response.StatusCode = 401;
}
}
else
{
HttpContext.Current.Response.StatusCode = 401;
}
}
catch
{
HttpContext.Current.Response.StatusCode = 401;
}
}
private static void OnApplicationEndRequest(object sender, EventArgs e)
{
var response = HttpContext.Current.Response;
if (response.StatusCode == 401)
{
response.Headers.Add("WWW-Authenticate",
string.Format("Basic realm=\"{0}\"", Realm));
}
}
public void Dispose()
{
}
}
well, this code works pretty well, except the fact it asks for basic auth even on controller I don't put the [Authorize] tag on. And when it occurs, it gives the right data back.
Let me explain:
My HistoryController has [Authorize] attribute, to make a POST request I have to send Header auth to get data, if I don't do it, I receive 401 status code and a custom error.
My HomeController doesn't have [Authorize] attribute, if i make a get request on my homepage, the browser popups the authentication request, but if I hit Cancel it shows my home page. (The page is sent back with 401 error, checked with fiddler).
What am I doing wrong?
I'm using the new Microsoft identity to manage my website login and register.
I've configured the website to start using external login (Facebook).
How i can get the Access Token in the (RegisterExternalLogin) page?
``
protected void Page_Load(){
// Process the result from an auth provider in the request
ProviderName = IdentityHelper.GetProviderNameFromRequest(Request);
if (String.IsNullOrEmpty(ProviderName))
{
RedirectOnFail();
return;
}
if (!IsPostBack)
{
var manager = Context.GetOwinContext().GetUserManager<ApplicationUserManager>();
var loginInfo = Context.GetOwinContext().Authentication.GetExternalLoginInfo();
if (loginInfo == null)
{
RedirectOnFail();
return;
}
var user = manager.Find(loginInfo.Login);
if (user != null)
{
IdentityHelper.SignIn(manager, user, isPersistent: false);
IdentityHelper.RedirectToReturnUrl(Request.QueryString["ReturnUrl"], Response);
}
else if (User.Identity.IsAuthenticated)
{
Response.Write("ok.2");
// Apply Xsrf check when linking
var verifiedloginInfo = Context.GetOwinContext().Authentication.GetExternalLoginInfo(IdentityHelper.XsrfKey, User.Identity.GetUserId());
if (verifiedloginInfo == null)
{
RedirectOnFail();
return;
}
var result = manager.AddLogin(User.Identity.GetUserId(), verifiedloginInfo.Login);
if (result.Succeeded)
{
IdentityHelper.RedirectToReturnUrl(Request.QueryString["ReturnUrl"], Response);
}
else
{
AddErrors(result);
return;
}
}
else
{
try
{
var accessToken = "What can i get the access token";
Response.Write(accessToken + "<br>");
var client = new FacebookClient(accessToken);
//var client = new FacebookClient();
dynamic me = client.Get("me");
string firstName = me.first_name;
string lastName = me.last_name;
Response.Write(firstName + " " + lastName);
}
catch (Exception ex)
{
Response.Write(ex.Message);
}
email.Text = loginInfo.Email;
}
}
}
Regards,
Moayyad
Iam using GoogleDriveAPI to upload Documents to Drive from Asp.net.It is working fine but i need to use ClientID and ClientSecret for Authentication. Not the gmail userName/Password.After Authentication for Authorization it is redirected to gmail for login after login it is asking for AccessPermission for Drive.So how can i pass the GmailUserID and Password for Authentication not the ClientID and ClientSecret . and after that can i restrict again from Login for Authorization .
using System;
using System.Collections.Generic;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using DotNetOpenAuth.OAuth2;
using Google.Apis.Authentication.OAuth2;
using Google.Apis.Authentication.OAuth2.DotNetOpenAuth;
using Google.Apis.Drive.v2;
using Google.Apis.Drive.v2.Data;
using Google.Apis.Util;
using System.Diagnostics;
using DotNetOpenAuth.Messaging;
using System.Text;
using System.IO;
public partial class _Default : System.Web.UI.Page
{
private static DriveService driveService;
private static OAuth2Authenticator<WebServerClient> authenticator;
private static IAuthorizationState _state;
String CLIENT_ID = "90994017777728.apps.googleusercontent.com";
String CLIENT_SECRET = "IR777777773Nf3vnLT0v";
private static readonly string[] SCOPES = new[] { DriveService.Scopes.Drive.GetStringValue() };
protected void Page_Load(object sender, EventArgs e)
{
Login();
}
private IAuthorizationState AuthState {
get {
return _state ?? HttpContext.Current.Session["GoogleAuthState"] as IAuthorizationState;
}
}
private OAuth2Authenticator<WebServerClient> CreateAuthenticator() {
var provider = new WebServerClient(GoogleAuthenticationServer.Description,CLIENT_ID,CLIENT_SECRET);
var authenticator = new OAuth2Authenticator<WebServerClient>(provider,GetAuthorization);
return authenticator;
}
private IAuthorizationState GetAuthorization(WebServerClient client) {
IAuthorizationState state = AuthState;
if (state != null) {
if (state.AccessTokenExpirationUtc.Value.CompareTo(DateTime.Now.ToUniversalTime()) > 0)
return state;
else
state = null;
}
state = client.ProcessUserAuthorization(new HttpRequestInfo(HttpContext.Current.Request));
if (state != null && (!string.IsNullOrEmpty(state.AccessToken) || !string.IsNullOrEmpty(state.RefreshToken))) {
if (state.RefreshToken == null)
state.RefreshToken = "";
HttpContext.Current.Session["GoogleAuthState"] = _state = state;
return state;
}
client.RequestUserAuthorization(SCOPES,"",HttpContext.Current.Request.Url); // Redirecting to Gmail LoginPage
return null;
}
private string GetContentType(string fileExtension) {
if (string.IsNullOrEmpty(fileExtension))
return string.Empty;
string contentType = string.Empty;
switch (fileExtension) {
case "htm":
case "html":
contentType = "text/HTML";
break;
case "txt":
contentType = "text/plain";
break;
case "doc":
case "rtf":
case "docx":
contentType = "Application/msword";
break;
case "xls":
case "xlsx":
contentType = "Application/x-msexcel";
break;
case "jpg":
case "jpeg":
contentType = "image/jpeg";
break;
case "png":
contentType = "image/png";
break;
case "bmp":
contentType = "image/bmp";
break;
case "gif":
contentType = "image/GIF";
break;
case "pdf":
contentType = "application/pdf";
break;
}
return contentType;
}
public void Login() {
if (authenticator == null)
authenticator = CreateAuthenticator();
if (driveService == null) {
driveService = new DriveService(authenticator);
}
}
protected void Button1_Click(object sender,EventArgs e) {
string[] stringParts = FileUpload1.FileName.Split(new char[] { '/' });
string str = stringParts[stringParts.Length - 1].ToString();
string[] strType = str.Split(new char[] { '.' });
string type = GetContentType(strType[1]);
Google.Apis.Drive.v2.Data.File newFile = new Google.Apis.Drive.v2.Data.File { Title = FileUpload1.FileName,MimeType = type };
byte[] byteArray = FileUpload1.FileBytes;
MemoryStream stream = new MemoryStream(byteArray);
FilesResource.InsertMediaUpload request = driveService.Files.Insert(newFile,stream,newFile.MimeType);
request.Convert = true;
request.Upload();
Google.Apis.Drive.v2.Data.File file = request.ResponseBody;
InsertPermission(driveService,file);
HttpContext.Current.Session["GoogleAuthState"] = null;
Response.Write(file.AlternateLink);
}
public void InsertPermission(DriveService service,Google.Apis.Drive.v2.Data.File file) {
Permission newPermission = new Permission();
newPermission.Value = TextBox1.Text;
newPermission.Type = "user";
newPermission.Role = "reader";
try {
Permission per = service.Permissions.Insert(newPermission,file.Id).Fetch();
}
catch (Exception e) {
Console.WriteLine("An error occurred: " + e.Message);
}
}