| public UserLoginExternal ( Profiles.Login.Utilities.User &user ) : bool | ||
| user | Profiles.Login.Utilities.User | |
| return | bool | |
public bool UserLoginExternal(ref User user)
{
bool loginsuccess = false;
try
{
SessionManagement sm = new SessionManagement();
string connstr = ConfigurationManager.ConnectionStrings["ProfilesDB"].ConnectionString;
SqlConnection dbconnection = new SqlConnection(connstr);
SqlParameter[] param = new SqlParameter[3];
dbconnection.Open();
param[0] = new SqlParameter("@UserName", user.UserName);
param[1] = new SqlParameter("@UserID", null);
param[1].DbType = DbType.Int32;
param[1].Direction = ParameterDirection.Output;
param[2] = new SqlParameter("@PersonID", null);
param[2].DbType = DbType.Int32;
param[2].Direction = ParameterDirection.Output;
//For Output Parameters you need to pass a connection object to the framework so you can close it before reading the output params value.
ExecuteSQLDataCommand(GetDBCommand(ref dbconnection, "[User.Account].[AuthenticateExternal]", CommandType.StoredProcedure, CommandBehavior.CloseConnection, param));
dbconnection.Close();
try
{
user.UserID = Convert.ToInt32(param[1].Value.ToString());
if (param[2].Value != DBNull.Value)
user.PersonID = Convert.ToInt32(param[2].Value.ToString());
}
catch { }
if (user.UserID != 0)
{
loginsuccess = true;
sm.Session().UserID = user.UserID;
sm.Session().PersonID = user.PersonID;
sm.Session().LoginDate = DateTime.Now;
Session session = sm.Session();
SessionUpdate(ref session);
SessionActivityLog();
}
}
catch (Exception ex)
{
throw ex;
}
return loginsuccess;
}
protected void Page_Load(object sender, EventArgs e)
{
if (!IsPostBack)
{
if (Request.QueryString["method"].ToString() == "logout")
{
sm.SessionLogout();
sm.SessionDestroy();
Response.Redirect(Request.QueryString["redirectto"].ToString());
}
else if (Request.QueryString["method"].ToString() == "shibboleth")
{
// added by Eric
// If they specify an Idp, then check that they logged in from the configured IDP
bool authenticated = false;
if (ConfigurationManager.AppSettings["Shibboleth.ShibIdentityProvider"] == null ||
ConfigurationManager.AppSettings["Shibboleth.ShibIdentityProvider"].ToString().Equals(Request.Headers.Get("ShibIdentityProvider").ToString(), StringComparison.InvariantCultureIgnoreCase))
{
String userName = Request.Headers.Get(ConfigurationManager.AppSettings["Shibboleth.UserNameHeader"].ToString()); //"025693078";
if (userName != null && userName.Trim().Length > 0)
{
Profiles.Login.Utilities.DataIO data = new Profiles.Login.Utilities.DataIO();
Profiles.Login.Utilities.User user = new Profiles.Login.Utilities.User();
user.UserName = userName;
if (data.UserLoginExternal(ref user))
{
authenticated = true;
RedirectAuthenticatedUser();
}
}
}
if (!authenticated)
{
// try and just put their name in the session.
sm.Session().ShortDisplayName = Request.Headers.Get("ShibdisplayName");
RedirectAuthenticatedUser();
}
}
else if (Request.QueryString["method"].ToString() == "login")
{
// see if they already have a login session, if so don't send them to shibboleth
Profiles.Framework.Utilities.SessionManagement sm = new Profiles.Framework.Utilities.SessionManagement();
String viewerId = sm.Session().PersonURI;
if (viewerId != null && viewerId.Trim().Length > 0)
{
RedirectAuthenticatedUser();
}
else
{
string redirect = Root.Domain + "/login/default.aspx?method=shibboleth";
if (Request.QueryString["redirectto"] == null && Request.QueryString["edit"] == "true")
redirect += "&edit=true";
else
redirect += "&redirectto=" + Request.QueryString["redirectto"].ToString();
Response.Redirect(ConfigurationManager.AppSettings["Shibboleth.LoginURL"].ToString().Trim() +
HttpUtility.UrlEncode(redirect));
}
}
}
}
