edv/VERAG_Homepage
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Änderungen an seitensicherheitsmechanismus um Angirffe abzuwehen und nur authentifizierte nutzer zuzulassen, welche von der Login-Page kommen und so eine Session variable erzeugt haben mit der CustomerId drin, um Querystrings zu sparen. Auch das Page_Laod Event wird überarbeitet.

Browse Source
This commit is contained in:
ja
2021-10-29 14:37:24 +02:00
parent 7df36dc972
commit 014fefb710
16 changed files with 362 additions and 352 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
Customers/Customers.master
View File

@@ -223,12 +223,12 @@
lastloggedin = dr("LastLoginDate").ToString()
createdUserDate = dr("CreatedDate").ToString()
emailuser = dr("Email").ToString()
CustomerID = dr("KundenNr").ToString()
Session.Add("CustomerID", VERAG_PROG_ALLGEMEIN.cCryptography2.Encrypt(CustomerID))
CustomerID = dr("KundenNr").ToString
End If
End Using
con.Close()
End Using
%>
<li class="wrapper">
<!-- Sidebar -->
@@ -270,13 +270,13 @@
<ul style="list-style: none;"class="collapse list-unstyled" id="RechnungenSubmenu1">
<span class="navbar-toggler-icon"></span>-->
<%If Me.Page.User.Identity.Name = "test" Then %>
<li><a href="Invoices.aspx?P4=<%=VERAG_PROG_ALLGEMEIN.cCryptography2.Encrypt(CustomerID)%>" style="background-color:#fff;color:#043381;text-align:left;border:none">Rechnungen</a></li>
<li><a href="Invoices.aspx" style="background-color:#fff;color:#043381;text-align:left;border:none">Rechnungen</a></li>
<%ElseIf Me.Page.User.Identity.Name = "test2" Then %>
<li><a href="LKWs.aspx" style="background-color:#fff;color:#043381;text-align:left;border:none">LKWs</a></li>
<%ElseIf Me.Page.User.Identity.Name = "userwithlongername" Then%>
<li><a type="button" class="btn btn-primary" href="#" aria-disabled="true" data-bs-toggle="tooltip" data-bs-placement="top" title="Bald verfügbar!" style="background-color:#fff;color:#043381;text-align:left;border:none">Coming soon</a></li>
<%ElseIf Me.Page.User.Identity.Name = "Userwithlongername" Then%>
<li><a type="button" class="btn btn-primary" href="Invoices.aspx?P4=<%=VERAG_PROG_ALLGEMEIN.cCryptography2.Encrypt(CustomerID)%>" style="background-color:#fff;color:#043381;text-align:left;border:none">Rechnungen</a></li>
<li><a type="button" class="btn btn-primary" href="Invoices.aspx" style="background-color:#fff;color:#043381;text-align:left;border:none">Rechnungen</a></li>
<%End If %>
<!-- </ul>-->
</li>
@@ -302,11 +302,11 @@
<%If Me.Page.User.Identity.Name = "test" Then %>
<li><a href="#" aria-disabled="true" data-bs-toggle="tooltip" data-bs-placement="top" title="Bald verfügbar!" style="background-color:#fff;color:#043381;text-align:left;border:none">Coming soon</a></li>
<%ElseIf Me.Page.User.Identity.Name = "test2" Then %>
<li><a href="Invoices.aspx?P4=<%=VERAG_PROG_ALLGEMEIN.cCryptography2.Encrypt(CustomerID)%>" style="background-color:#fff;color:#043381;text-align:left;border:none">Rechnungen</a></li>
<li><a href="Invoices.aspx" style="background-color:#fff;color:#043381;text-align:left;border:none">Rechnungen</a></li>
<%ElseIf Me.Page.User.Identity.Name = "userwithlongername" Then%>
<li><a type="button" class="btn btn-primary" href="#" aria-disabled="true" data-bs-toggle="tooltip" data-bs-placement="top" title="Bald verfügbar!" style="background-color:#fff;color:#043381;text-align:left;border:none">Coming soon</a></li>
<%ElseIf Me.Page.User.Identity.Name = "Userwithlongername" Then%>
<li><a type="button" class="btn btn-primary" href="Invoices.aspx?P4=<%=VERAG_PROG_ALLGEMEIN.cCryptography2.Encrypt(CustomerID) %>" style="background-color:#fff;color:#043381;text-align:left;border:none">Rechnungen</a></li>
<li><a type="button" class="btn btn-primary" href="Invoices.aspx" style="background-color:#fff;color:#043381;text-align:left;border:none">Rechnungen</a></li>
<%End If %>
<!-- </ul>-->
</li>
@@ -345,6 +345,7 @@
<li> Registriert seit: <%=createdUserDate %></li>
<li> Email: <%=emailuser %></li>
<li>letzter Login: <%=lastloggedin %></li>
<li>Kundenummer: <%=CustomerID %></li>
<li> Die Berechtigungen im Überblick:</li>
<ul>
@@ -457,9 +458,9 @@
<%If Me.Page.User.Identity.Name = "test" Then %>
<a type="button" class="btn btn-primary" href="CustomsAviso.aspx">Aufträge</a>
<%ElseIf Me.Page.User.Identity.Name = "test2" Then%>
<a type="button" class="btn btn-primary" href="Invoices.aspx?P4=<%=VERAG_PROG_ALLGEMEIN.cCryptography2.Encrypt(CustomerID)%>">Rechnungen</a>
<a type="button" class="btn btn-primary" href="Invoices.aspx">Rechnungen</a>
<%ElseIf Me.Page.User.Identity.Name = "userwithlongername" Then%>
<a type="button" class="btn btn-primary" href="Invoices.aspx?P4=<%=VERAG_PROG_ALLGEMEIN.cCryptography2.Encrypt(CustomerID)%>">Rechnungen</a>
<a type="button" class="btn btn-primary" href="Invoices.aspx">Rechnungen</a>
<%ElseIf Me.Page.User.Identity.Name = "Userwithlongername" Then%>
<a type="button" class="btn btn-primary" href="CustomsAviso.aspx" aria-disabled="false" data-bs-toggle="tooltip" data-bs-placement="top" title="Aufträge" style="background-color:#fff;color:#043381;text-align:left;border:none">Aufträge</a>
<% End If %>
@@ -476,13 +477,13 @@
</div>
<div class="btn-group">
<%If Me.Page.User.Identity.Name = "test" Then %>
<a type="button" class="btn btn-primary" href="Invoices.aspx?P4=<%=VERAG_PROG_ALLGEMEIN.cCryptography2.Encrypt(CustomerID)%>">Rechnungen</a>
<a type="button" class="btn btn-primary" href="Invoices.aspx">Rechnungen</a>
<%ElseIf Me.Page.User.Identity.Name = "test2" Then%>
<a type="button" class="btn btn-primary" href="Cards_Boxes.aspx">Karten_Boxen</a>
<%ElseIf Me.Page.User.Identity.Name = "userwithlongername" Then%>
<a type="button" class="btn btn-primary" href="CustomsAviso.aspx" aria-disabled="false" data-bs-toggle="tooltip" data-bs-placement="top" title="Aufträge" style="background-color:#fff;color:#043381;text-align:left;border:none">Aufträge</a>
<%ElseIf Me.Page.User.Identity.Name = "Userwithlongername" Then%>
<a type="button" class="btn btn-primary" href="Invoices.aspx?P4=<%=VERAG_PROG_ALLGEMEIN.cCryptography2.Encrypt(CustomerID)%>">Rechnungen</a>
<a type="button" class="btn btn-primary" href="Invoices.aspx">Rechnungen</a>
<% End If %>
<!-- <button type="button" class="btn btn-danger dropdown-toggle dropdown-toggle-split" data-bs-toggle="dropdown" aria-haspopup="true" aria-expanded="false" style="background-color:#fff; color:#043381;border:hidden;">
<span class="visually-hidden">Toggle Dropdown</span>