0

I have an issue in the Try Catch block of my code below. In function SetUser, I use the getId function that returns an Id if the user exists in DB otherwise, I get a NullReferenceException.
I call this function in the try catch block in Login. I have a problem with the catch because when the exception is generated, I would like the user to be redirected to the register page. But when I try to execute my code with a non-existing user, I think that I have a kind of infinite loop because my page doesn't stop loading. I don't understand what I'm doing wrong. Need help please

function Login:

 public static void Login(HttpRequest Request, HttpResponse Response, string redirectUri)
{
    if (Request.IsAuthenticated)
        return;
    if (!Request.Form.AllKeys.Contains("id_token"))
        return;
    string value = Request.Form.Get("id_token");
    JObject id_token = JwtDecode(value);
    string upn = id_token.GetValue("upn").ToString();
    DateTime expiretime = GetExpireTime(id_token);

    try
    {
        SetUser(id_token);
    }
    catch (Exception ex)
    {
        Response.Redirect("~/register.aspx");
    }
    FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(1, upn, DateTime.UtcNow, expiretime, false, id_token.ToString(), FormsAuthentication.FormsCookiePath);
    string encryptedcookie = FormsAuthentication.Encrypt(ticket);
    HttpCookie cookie = new HttpCookie(FormsAuthentication.FormsCookieName, encryptedcookie);
    cookie.Expires = expiretime;
    Response.Cookies.Add(cookie);
    redirectUri = GetRedirectUrl(Request, redirectUri);
    Response.Redirect(redirectUri, true);
}

function setUser:

 private static void SetUser(JObject id_token)
{
    string email = id_token.GetValue("unique_name").ToString();
    string name = id_token.GetValue("given_name").ToString();
    DataSet ds;

    List<Claim> claims = new List<Claim>()
    {
        new Claim(ClaimTypes.Email, email),
        new Claim(ClaimTypes.Name, GetId(email))
    };

    string roles= "SELECT name FROM AspNetRoles;
    ds = GetDataSet(roles);

    if (ds.Tables.Count > 0)
    {
        foreach (var row in ds.Tables(0).Rows)
            claims.Add(new Claim(ClaimTypes.Role, row("name")));
    }

    ClaimsIdentity claimsIdentity = new ClaimsIdentity(claims, "Cookies");
    ClaimsPrincipal principal = new ClaimsPrincipal(claimsIdentity);
    HttpContext.Current.GetOwinContext().Authentication.User = principal;
    Thread.CurrentPrincipal = principal;
}

function getId:

 public static string getId(string email)
{
    return ((new UserManager()).FindByEmail(email)).Id;
}
kst92
  • 35
  • 1
  • 1
  • 8
  • What page is the function `Login()` on? Is it on `register.aspx`? – asherber Nov 27 '18 at 00:41
  • no @asherber, the function login() is in the the class that handles authentication – kst92 Nov 27 '18 at 02:17
  • I don't think I have enough information here about how the pieces fit together. What page initially calls `Login()`? Can you include some of the code that shows how it is called? – asherber Nov 27 '18 at 15:37
  • Login () is called in the masterpage. it's actually authentication via Azure Directory in an asp.net application – kst92 Nov 27 '18 at 16:41
  • I'm afraid that isn't enough for me to go on. You might be interested in https://stackoverflow.com/questions/17417366/response-redirect-exception-inside-the-try-catch-block Note that `Response.Redirect()` works by throwing an exception, so that if the code which calls `Login()` is itself in a `try..catch` block, that might have something to do with it. – asherber Nov 27 '18 at 19:33

0 Answers0