Controlling Access to Web Interface using Web Interface Access Control Center

This article describes the features in the new Web Interface Access Control Center. Using the Web Interface Access Control Center you can limit access to Citrix Web Interface/Secure Gateway as well as view usage statistics.

Have you ever had a need to allow only a subset of your users access to Citrix Web Interface or Secure Gateway? This is especially useful if you use an internal Web Interface and an external Web Interface/Secure Gateway environment. You might want to let anybody log on through the internal Web Interface, but restrict access through the external Web Interface/Secure Gateway. Sam Jacobs created a utility to do just that at http://www.ipm.com/home/freecode/RestrictedUsers.zip. The basic concept of this modification is to place a list of users in a text file on your Web Interface server. Then, the code looks in this file at login time to see if the authenticating user is allowed to continue.

This concept works quite well, but I had a request to allow non-technical people to control the access list. Rather than give them rights to the server to modify the text file, I came up with a slightly different solution – the Web Interface Access Control Center. This solution involves placing the allowed users in a database table and comparing the authenticating user to the database table, rather than a text file, at login time. As an added bonus, this solution logs all access attempts to the database as well.

To help implement this solution, I created an ASP.NET interface to allow adding and removing users from the list. This utility integrates with Active Directory to display available users to add to or remove from the access list. In addition, the utility analyzes usage and presents this information in a drill-down format.

Download the Web Interface Access Control Center

The Components

The Web Interface Access Control Center consists of three logical components; a database to store allowed users and access activity, a Citrix Web Interface server, and an IIS Web Application server running the .NET Framework version 2.0 to host the end-user utilities. I say these are three logical components because all three components can reside on the same physical server.

The Database
The database can be any ODBC compliant database such as Microsoft SQL, MSDE, MySql, etc. The database has a very simple structure consisting of only two tables; the WI_Access table to store which users are permitted access via Web Interface, and WI_AccessLog to store access attempts.

The Web Interface Server
Naturally you will need a Citrix Web Interface server. You will need to make one modification in order for this solution to work. The modification instructions can be found in the setup instructions accompanying the download. One thing to note however is if there is a firewall between the Web Interface server and the database, port 1433 will need to opened in order for SQL communication to occur.

The IIS Web Application Server
The IIS Web Application server reads information from the database and reports this information in a drill down fashion. The virtual directory that the web application runs from will need to be configured to use the .NET Framework version 2.0 (this is covered in the setup instructions).

Component Communications

Web Interface Access Control Center Communications

Screen Shots

Access Control List

Click to enlarge

Usage Calendar

Click to enlarge

Day Detail

Click to enlarge

Hour Detail

Click to enlarge

User Detail

Click to enlarge

I hope you find this tool useful. But, keep in mind that while every effort has been made to test this tool, this tool is still in “beta” and may contain bugs. Also, the modification made to Web Interface is not supported by Citrix.

Author: Jason Conger

Hey there. Hope you like the site.

71 thoughts on “Controlling Access to Web Interface using Web Interface Access Control Center”

  1. Nice work Jason. Now can you create one like this that goes against the IMA data store? Can this intergrate into AD and use groups?
    This has been my favorite site for cool Citrix stuff and fun things to ponder and play with!!!

    MF Boston

  2. An elegant solution to the problem ! My original solution was also not optimal when you had to keep multiple web servers in sync. Keeping the users in a database neatly solves that problem.
    Another approach that I’ve presented is to control access from the CMC (where it should be) by publishing an “authentication” application to authorized users and filtering out the app from the application list.
    That approach is discussed in the following Citrix Support Forum post:
    http://support.citrix.com/forums/thread.jspa?messageID=297420
    It still doesn’t have your cool graph, though !

    Sam

  3. Wildcard’s are not currently allowed. I plan on updating the Web Interface Access Control Center soon with some additional functionality. I will include your suggestion in a future release! In the mean time, check out Thomas Koetzing’s Analyze Center for Web Interface 4.x.

  4. Jason,

    I got the WI access utility working by adding names to the WI_Include table manually.

    I do not want to connect to AD from the DMz, hence I have used these settings for the web interface:

    “ManagementGroup” value=”\administrators”

    also tried setting “LDAPDomain” =

    The UI only shows reporting and I cannot add new users. I even used Windows Authentication for the Virtual directory.

    Any suggestions?

    Kevin Smith
    Senior Systems Engineer
    IMG-LLC
    [email protected]

  5. I agree that opening up AD from the DMZ to the LAN is a bad idea. The way I intended for this to be set up is to use a separate Web Server on the LAN to host the Web Application. The Web Application server is only used for adding users to the access control list and reporting on usage. The Web Interface/Secure Gateway server never contacts the Web Application server. This way, you only have to open port 1433 (SQL) from the Citrix Web Interface server in the DMZ to your SQL server. All the Active Directory LDAP traffic stays on the LAN in this scenario. You can combine the SQL and Web Application server on the same physical box if you desire.

  6. I am getting “access denied” on the /admin/manageaccess.aspx page.

    Here are my settings in web.config:

    The user “WI_Admin” has been assigned “db

    I get the usage calendar and user detail, but cannot manage user access. I have verifed that my sql user can insert and delete from the table.

    any ideas?

    Thanks,

    Kevin Smith

  7. The most likely cause of this is improper settings in the Web.Config file. Verify the following entries:

    <add key=”LDAPDomain” value=”domain”/>
    <add key=”ManagementGroup” value=”domain\group”/>

    Where domain = your Active Directory domain, and group = a valid Active Directory group you belong to.

    One thing to note, you may have to use your pre-Windows 2000 domain name.

  8. Problem solved: I was using “ManagementGroup = \administrators. This is actually a “builtin” group. I changed the group to \domain admins and all is good.

    For LDAPDomain, the DNS format works.

    Thanks for building a great tool for Citrix!

    Kevin Smith
    Senior Systems Engineer
    IMG-LLC

  9. HI,

    I got WI 4.2 on DMZ and i only need to log external user connection ( TIME/ DTAE). Is that possible with this utility or do i need to modify?

    I got MF XPa 1.0 FR3 And is that possible to get that sort of information with this utility? or any other tool?

  10. I have setup the application according to the notes but when I access the citrix portal I just get an internal error.

    Am I doing something wrong ??

  11. With a slight modification you can accomplish this.
    Open up WIACC.cs and find the following text:

    try
    {

    }

    Replace everything between { and } with the following:

    conn.Open();
    boolAllowed = true;
    string strSQLAllowed = string.Format(“INSERT INTO WI_AccessLog (username, logintime, remote_addr, success) VALUES (‘{0}’, ‘{1}’, ‘{2}’, ‘{3}’)”, strUsername, DateTime.Now.ToString(), clientIP, “yes”);
    System.Data.SqlClient.SqlCommand sqlCmdAllowed = new System.Data.SqlClient.SqlCommand(strSQLAllowed, conn);
    sqlCmdAllowed.ExecuteNonQuery();

  12. Hi Jason, it’s Stuart from the Citrix support forum here, we chatted over beers at Briforum in Germany !

    I’ve setup the app as described, inserting users directly into the SQL table works for me, so I guess I’m half there….. but

    On browsing to the web site setup as a virtual direcotry, I get the Access log calender, which does not show login attempts on the dates ? Should there also be another button to manage users here ?

    Below the calender is the following error:

    “The conversion of a char data type to a datetime data type resulted in an out-of-range datetime value”

    Also if I try to browse to the /admin/manageaccess.aspx page directly I get the “access denied” message as detailed above.

    Thanks

    Stuart

  13. There are two issues here. This first is to do with the reporting. It looks like you need to add the following to Web.Config:

    – Add “;Current Language=English” after the password on your connection string.

    – Add
    <globalization requestEncoding=”utf-8″ responseEncoding=”utf-8″ culture=”en-US” uiCulture=”en-US” enableClientBasedCulture=”false” responseHeaderEncoding=”utf-8″ enableBestFitResponseEncoding=”false” /> to Web.Config right after <system.web>

    The second issue has to do with your LDAP specification in Web.Config. Try using a tool such as ADSI Edit to ensure you are specifying the correct domain name and group.

  14. Thanks for your reply Jason.

    That’s that’s fixed the first issue, I can now see the entries in the caleder and get the cool graph when I click.

    I’ll take a look at the LDAP domain and user string tomorrow and let you know.

    Thanks again

    Stuart

  15. Having the same issue as abouve. All works well but if I cannot get manageaccess.aspx to work. I do not see any buttons to add users either. Manually entering users in the database does work. Im trying to use the Domain Admins group with Win2k AD.

  16. Probably something i’m doing wrong…but I am receiving the following error:

    Server Error in ‘/’ Application.
    ——————————————————————————–

    Configuration Error
    Description: An error occurred during the processing of a configuration file required to service this request. Please review the specific error details below and modify your configuration file appropriately.

    Parser Error Message: It is an error to use a section registered as allowDefinition=’MachineToApplication’ beyond application level. This error can be caused by a virtual directory not being configured as an application in IIS.

    Source Error:

    Line 30:
    Line 31:
    Line 32:
    Line 33:
    Line 34:

    Source File: c:\inetpub\wwwroot\citrix\wi_access\web.config Line: 32

    Show Additional Configuration Errors:

    It is an error to use a section registered as allowDefinition=’MachineToApplication’ beyond application level. This error can be caused by a virtual directory not being configured as an application in IIS. (c:\inetpub\wwwroot\citrix\wi_access\web.config line 33)

    ——————————————————————————–
    Version Information: Microsoft .NET Framework Version:2.0.50727.42; ASP.NET Version:2.0.50727.42

    Any ideas??

  17. Hi Jason
    I also got the WI access utility working by adding names to the WI_Include table manually.

    The UI only shows reporting and I cannot add new users. I even used Windows Authentication for the Virtual directory.
    I checked the Domainentry and the membergroup very carefully – but I use it on a german-System. I think WI dont find the domain??
    The Domainname is lbs-hartberg???
    Any suggestions?

    Wolf Greiner
    LBS Hartberg
    [email protected]

  18. Hi all,

    I have everything working but the user list is incomplete. The LDAP domain is right and i am a full admin in the group specified for managing. i cannot login to the WI as i get access denied

  19. Hi Jason,
    I can restrict access, but i can´t to see the reports..

    I get the Access log calender, which does not show login attempts.

    What I need to do??

  20. I have tried everything and cannot get all users to enumerate from AD. I get about half. i cannot see my own user name in the list and am a member of the group assigned to manage.

    If i try access the WI i get the following
    Unauthorized Access Attempt

    You have not been permitted external access to Web Interface.

    This access attempt has been logged.

    If you feel this message is in error, please contact the system administrator

    If anyone is reading this it would be great to get some help

  21. Will you send me the rendered source of the page? Just right-click on the page showing half of the users and select “View Source” (or similar). Then save the source as a text file and email to me.

    Thanks,
    Jason

  22. i am getting a following error while trying to view “show denied login”.
    ‘lbUsers’ has a SelectedIndex which is invalid because it does not exist in the list of items.
    Parameter name: value.
    Stack Trace:
    [ArgumentOutOfRangeException: ‘lbUsers’ has a SelectedIndex which is invalid because it does not exist in the list of items.
    Parameter name: value]
    System.Web.UI.WebControls.ListControl.set_SelectedIndex(Int32 value) +1777006
    PerUserUsage.lbUsers_DataBound(Object sender, EventArgs e) +24
    System.Web.UI.WebControls.BaseDataBoundControl.OnDataBound(EventArgs e) +86
    System.Web.UI.WebControls.ListControl.PerformSelect() +60
    System.Web.UI.WebControls.BaseDataBoundControl.DataBind() +70
    System.Web.UI.WebControls.BaseDataBoundControl.EnsureDataBound() +82
    System.Web.UI.WebControls.ListControl.OnPreRender(EventArgs e) +26
    System.Web.UI.WebControls.ListBox.OnPreRender(EventArgs e) +9
    System.Web.UI.Control.PreRenderRecursiveInternal() +77
    System.Web.UI.Control.PreRenderRecursiveInternal() +161
    System.Web.UI.Control.PreRenderRecursiveInternal() +161
    System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +1360

    any help would be appreciated.
    i am using Windows 2000 Server SP4, WI 4.2

  23. Thanks for this excellent control.

    Two things I would like to add. Most environments will find that the virtual folder for the Website will work best when set to Basic Authentication only. Might be worth adding to the setup instructions, and anyone experienced enough with IIS can always choose to ignore it.

    Secondly, I have found that it has some issues when used on a server with non-US date/time formats (ie where the date format is dd/mm/yyyy)

    The trick is that datetime representations in SQL statements are ALWAYS mm/dd/yyyy format, whereas everywhere else in .NET code it will use the local formats. So whenever we read or write from the SQL, we need to be sure its in the expected format!

    To get it all to work smoothly I found the following changes were required:

    WIACC.cs
    ============
    Insert these two lines above the line that starts: //Retrieve the username…

    System.Globalization.CultureInfo cultureUS;
    cultureUS = new System.Globalization.CultureInfo(“en-US”, true);

    Replace two instances of
    DateTime.Now.ToString()
    with
    DateTime.Now.ToString(cultureUS)

    UsageCalendar.aspx.cs
    ======================
    function loadDays()
    ——————-
    Insert these two lines into above the line that starts: //Set up SQL query parameters

    System.Globalization.CultureInfo cultureUS;
    cultureUS = new System.Globalization.CultureInfo(“en-US”, true);

    replace the line
    tmpDate = DateTime.Parse(strMonth + “/1/” + strYear);
    with
    tmpDate = DateTime.Parse(strMonth + “/1/” + strYear,cultureUS);

    replace the line
    strSQL = String.Format(“SELECT logintime, success FROM WI_AccessLog WHERE logintime BETWEEN ‘{0}’ AND ‘{1}'”, startDate.ToShortDateString(), endDate.ToShortDateString());
    with
    strSQL = String.Format(“SELECT logintime, success FROM WI_AccessLog WHERE logintime BETWEEN ‘{0}’ AND ‘{1}'”, startDate.ToShortDateString(cultureUS), endDate.ToShortDateString(cultureUS));

    HourDetail.aspx.cs
    =====================
    function Page_Load()
    ———————
    Insert these two lines at the top of the function:

    System.Globalization.CultureInfo cultureUS;
    cultureUS = new System.Globalization.CultureInfo(“en-US”, true);

    Replace these lines
    int intMonth = Int16.Parse(strDate.Split(‘/’)[0]);
    int intDay = Int16.Parse(strDate.Split(‘/’)[1]);
    int intYear = Int16.Parse(strDate.Split(‘/’)[2]);
    with
    DateTime dtTmp = DateTime.Parse(strDate);
    int intMonth = dtTmp.Month;
    int intDay = dtTmp.Day;
    int intYear = dtTmp.Year;

    Replace these lines
    string strStart = string.Format(“{0} {1}:00:00”, strDate, strHour);
    string strEnd = string.Format(“{0} {1}:59:59”, strDate, strHour);
    with
    string strStart = string.Format(“{0} {1}:00:00”, dtTmp.ToString(“d”,cultureUS), strHour);
    string strEnd = string.Format(“{0} {1}:59:59”, dtTmp.ToString(“d”,cultureUS), strHour);

    DayDetail.aspx.cs
    ========================
    function loadUserList()
    ————————
    Insert these two lines at the top of the function:

    System.Globalization.CultureInfo cultureUS;
    cultureUS = new System.Globalization.CultureInfo(“en-US”, true);

    replace these lines
    sqlUsers.SelectParameters[0].DefaultValue = strStart;
    sqlUsers.SelectParameters[1].DefaultValue = strEnd;
    with
    DateTime dtStart = DateTime.Parse(strStart);
    DateTime dtEnd = DateTime.Parse(strEnd);
    sqlUsers.SelectParameters[0].DefaultValue = dtStart.ToString(cultureUS);
    sqlUsers.SelectParameters[1].DefaultValue = dtEnd.ToString(cultureUS);

    generateXMLChartData.aspx
    ===========================
    Insert after the line

    function Page_Load()
    ————————–
    Insert these two lines at the top of the function:

    System.Globalization.CultureInfo cultureUS;
    cultureUS = new System.Globalization.CultureInfo(“en-US”, true);

    Insert above the line: string strAnimation = “1”;
    DateTime dtStartDate = DateTime.Parse(strStartDate);
    DateTime dtEndDate = DateTime.Parse(strEndDate);

    Replace the line
    string strSQL = String.Format(“SELECT logintime FROM WI_AccessLog WHERE logintime BETWEEN ‘{0}’ AND ‘{1}'”, strStartDate, strEndDate);
    with
    string strSQL = String.Format(“SELECT logintime FROM WI_AccessLog WHERE logintime BETWEEN ‘{0}’ AND ‘{1}'”, dtStartDate.ToString(cultureUS), dtEndDate.ToString(cultureUS));

  24. Hmm – two lines got filtered out here, presumably because they’re native HTML. Not sure of the syntax I should use, so see if you can make sense of this:

    generateXMLChartData.aspx
    ===========================
    Insert at the second line in the file (below &gt%@ Page Language=”C#” %&lt ):
    &gt%@ Import Namespace=”System” %&lt

  25. Everything is working exept for admin page. If I try to browse the /admin/manageaccess.aspx page directly I get the “access denied” message.

    – My server is not member of the domain.
    – LDAP require authentification
    – The web server is on DMZ
    – WI 4.2, Win2k3, CSG 2.0
    – I can add users manually for testing but…

    1) How LDAP query can work if the LDAP server is not specified ?
    2) I’m not a programmer, but is it possible to include LDAP parameters like it’s included in the Victor Viudez restrict access code (LDAP Server, Username, password) ?
    http://www.thomaskoetzing.de/index.php?option=com_content&task=view&id=57&Itemid=97

    3) Otherwise, how can I restrict access to the Citrix Web Interface with the Access Control Center ?

    Tks

  26. I’ve attempted every combination I can think of to get the Admin Access to work. I’m not sure what could be going wrong. I went through all the other posts and tried any fixed I found. Here is a copy of my web.config:

    I have several domain in my forest as well, so that may add to the issue.

    PreWin2k should be PHOTO\Domain Admins
    AD is photo.com.

    The web server is joined to the root domain.

    Thanks for any help you can provide.

  27. I think the permissions thing is a common thread. Could anyone show what they have put in for the LDAP values?

    key=”LDAPDomain” value=”????”

    key=”ManagementGroup” value=”???\???”

  28. If you are having problems accessing the “Manage Access” portion of the program make sure “Enable Anonymous Access” is UNCHECKED and “Integrated Windows authentication” is CHECKED in the IIS settings for this specific Virtual Directory under Directory Security tab/Authentication and access control.

  29. I have a relatively small install where the text based version would work just fine. However, the URL at the top of this listing is no longer valid. Does anyone know a current url for that version of this solution?

  30. I have set up the WIACC and and trying to access the administration page to add users. However as soon as I log into the admin page i get the following message:

    Server Error in ‘/’ Application.
    ——————————————————————————–

    Runtime Error
    Description: An application error occurred on the server. The current custom error settings for this application prevent the details of the application error from being viewed.

    Details: To enable the details of this specific error message to be viewable on the local server machine, please create a tag within a “web.config” configuration file located in the root directory of the current web application. This tag should then have its “mode” attribute set to “RemoteOnly”. To enable the details to be viewable on remote machines, please set “mode” to “Off”.

    Can anyone lead me in the right direction here

  31. I am trying to configure this with WI 4.6, but some of the site folder structure has changed. Is is possible to to modify the install to work with 4.6?

  32. I’ve got most everything working at this point, except, when I manually key in usernames into WI_Include table OR do it through the Manage Access UI, I continue to get “Unauthorized Access”, even when my username is in the database. Also no data is populating the usage calendar. At this point, I would just like the restricted access to work! any help would be great, thanks

  33. From the details you provided of your issue, it sounds like there might be a SQL communication issue from your Web Interface server to the SQL server. Ensure that you can telnet from your WI server to your SQL server on port 1433. Also, when using SQL Express, remote access is disabled by default. Make sure remote access is enabled for your SQL instance.

  34. I have set this up on my web server following the information on this page and in the setup doc. Everything is working except for the manageAccess. When I go there, I get an access denied. My setup is as follows.

    Web server in the DMZ (not part of the domain)
    SQL installed on WEB server
    LDAP port opened on the firewall

    I have tested LDAP communication with Softerra LDAP Browser, ldp.exe, and also adsiedit. The only way LDP works with no input but Softerra and adsiedit require credentials to access the domain (user name and password). This is in the form of domain/user.

    I am thinking this is why I am getting a access denied from the ManageAccess page. For another test I changes the ManageAccess.aspx.cs and removed the Response.End() line. This allow the page to display but gave an error under the Non-Members stating “Logon failure: unknmown user name”.
    Is there any way to add this information to the script so that the scripts can access the AD, or have a prompt come up asking for this information

  35. I installed everything and I am able to add/deny users. However, I do have 2 errors which do not allow me to use the application as of this moment. When entering the Citrix WebInterface (4.6 with CSG in DMZ) I get an internal on the “default.aspx” file where I load the WIACC.cs.
    Also, in the management interface, when I click to filter “DeniedLogins” in the userdata I get an error saying the selected index for lbUsers does not exist (perhaps OK since the app doesn’t work for me ?)

    Can anyone clarify, has anyone installed this on 4.6 yet ?

  36. OK, I no longer get the internal error. But even though I added users, I always get that it is not allowed. I can telnet to the SQL server from my WI/DMZ server. I can setup an ODBC connection as well, AND I can see the users in the DB table. Anyone ?

  37. Ok, finally got everything to work (stupid SQL issue), but now it seems that the AccessLog table remains empty. Do I need to do anything to get it up & running ? Adding/removing users works without problems.

  38. All working after a few tweaks with WI4.5 and CSG 3.0
    only thing is i would love to be able to get an email notification when people try and connect.

  39. What tweaks would be required for WI4.6 and SG 3.0

    I get “An internal error has occurred” on the WI login

  40. I received the same error until I did this:

    In the default.aspx file, what I did was I edited the line that was to be copied there to and pasted it at the top below the line instead of before

    I copied and pasted the errorPage.html in the same directory as WIACC.cs (\AccessPlatform\app_data\site\serverscripts). I edited the line

    Server.Transfer(“../auth/errorPage.html”);
    to
    Server.Transfer(“../app_data/site/serverscripts/errorPage.html”);

    This worked for me

  41. For some reason, when I posted it omitted a couple of things so I’ll
    re-write the first sentence:
    Copy the line, what is in between the parenthesis
    ()
    and paste it below
    ()
    instead of before ()

  42. Do I need ASP.net 2.0 installed on the secure gateway side. I have it installed on my SQL/web application server on my inside LAN and everything works fine, adding users etc. But when users go to logon they get denied even though they have been added to the allow list. My secure gateway is in the DMZ and I have opened up the SQL port to my SQl server. Also I have tested the ODBC connection to the server and it works. Please help!

  43. I have WI 4.0 and SG3 and I get a message that says internal error on the WI. What can I do to resolve this?
    Also On theWeb application side I can add users, see the calendar but when I switch to log for denied user it gives me an error page.

  44. This is what was logged when I turned off the custom error mode. Can you anyone tell me what is going wrong?

    Server Error in ‘/Citrix/AccessPlatform’ Application.
    ——————————————————————————–

    Compilation Error
    Description: An error occurred during the compilation of a resource required to service this request. Please review the following specific error details and modify your source code appropriately.

    Compiler Error Message: CS0103: The name ‘authGetPrimaryAccessToken’ does not exist in the current context

    Source Error:

    Line 13:
    Line 14: // Retrieve the username of the current logged in user
    Line 15: strUsername = ((AccessToken)authGetPrimaryAccessToken()).getShortUserName();
    Line 16:
    Line 17: // Work around to get real client IP address (http://www.thomaskoetzing.de/index.php?option=com_content&task=view&id=64&Itemid=103)

    Source File: c:\Inetpub\wwwroot\Citrix\AccessPlatform\site\serverscripts\WIACC.cs Line: 15

    Show Detailed Compiler Output:

    c:\windows\system32\inetsrv> "c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\csc.exe" /t:library /utf8output /R:"c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\citrix_accessplatform\11d54ebb\5bd22843\assembly\dl3\a4ce21a8\a0e08392_3ab8c901\DotNetSSLSDKWrapper.DLL" /R:"c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\citrix_accessplatform\11d54ebb\5bd22843\assembly\dl3\d55da2d3\a88fb392_3ab8c901\utils.DLL" /R:"C:\WINDOWS\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll" /R:"c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\citrix_accessplatform\11d54ebb\5bd22843\assembly\dl3\4bad2a6c\1019bd92_3ab8c901\xmlclient.DLL" /R:"c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\citrix_accessplatform\11d54ebb\5bd22843\assembly\dl3\c032e484\ae078b92_3ab8c901\localization.DLL" /R:"C:\WINDOWS\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll" /R:"c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\citrix_accessplatform\11d54ebb\5bd22843\assembly\dl3\f10a3694\2a307392_3ab8c901\AuthenticatorsDotNet.DLL" /R:"c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\citrix_accessplatform\11d54ebb\5bd22843\assembly\dl3\18329ba6\38577a92_3ab8c901\clientdetect.DLL" /R:"c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\citrix_accessplatform\11d54ebb\5bd22843\assembly\dl3\7d236303\5c54b892_3ab8c901\webpnapi.DLL" /R:"c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\citrix_accessplatform\11d54ebb\5bd22843\assembly\dl3\c6a30c44\1c096c92_3ab8c901\aspnetcpmclient.DLL" /R:"c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll" /R:"C:\WINDOWS\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll" /R:"c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\citrix_accessplatform\11d54ebb\5bd22843\assembly\dl3\b96430b3\38577a92_3ab8c901\Citrix.Platform.Authentication.InboundSingleSignOn.DLL" /R:"c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\citrix_accessplatform\11d54ebb\5bd22843\assembly\dl3\2a469c3c\0ee26492_3ab8c901\ApplyAccessPrefs.DLL" /R:"c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\citrix_accessplatform\11d54ebb\5bd22843\assembly\dl3\44b6742d\bc2e9292_3ab8c901\MpsSourceImpl.DLL" /R:"c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\citrix_accessplatform\11d54ebb\5bd22843\assembly\dl3\ac55ec07\c2a66992_3ab8c901\aspnetageclient.DLL" /R:"c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\citrix_accessplatform\11d54ebb\5bd22843\assembly\dl3\c341c41f\467e8192_3ab8c901\ConnectionRoutingProvider.DLL" /R:"c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\citrix_accessplatform\11d54ebb\5bd22843\assembly\dl3\7bd75448\24b89b92_3ab8c901\pnagentimpl.DLL" /R:"C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll" /R:"c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\citrix_accessplatform\11d54ebb\5bd22843\App_SubCode_PagesJava.knuaf1oq.dll" /R:"c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\citrix_accessplatform\11d54ebb\5bd22843\assembly\dl3\3746b5ac\d87ca092_3ab8c901\radeimpl.DLL" /R:"c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\citrix_accessplatform\11d54ebb\5bd22843\assembly\dl3\2615b696\92b97c92_3ab8c901\ClientProxyProvider.DLL" /R:"c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\citrix_accessplatform\11d54ebb\5bd22843\assembly\dl3\dc427aa7\4e2db192_3ab8c901\Utilities.DLL" /R:"c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\citrix_accessplatform\11d54ebb\5bd22843\assembly\dl3\74183c13\b6b6ba92_3ab8c901\wingapi.DLL" /R:"c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\citrix_accessplatform\11d54ebb\5bd22843\assembly\dl3\dbcc9e3f\def47792_3ab8c901\CachingProvider.DLL" /R:"c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\citrix_accessplatform\11d54ebb\5bd22843\assembly\dl3\2f8b58c3\70f39692_3ab8c901\mvccommon.DLL" /R:"C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll" /R:"C:\WINDOWS\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll" /R:"c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\citrix_accessplatform\11d54ebb\5bd22843\assembly\dl3\cace945d\d87ca092_3ab8c901\RedirectionHandler.DLL" /R:"C:\WINDOWS\assembly\GAC_32\vjslib\2.0.0.0__b03f5f7f11d50a3a\vjslib.dll" /R:"c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\citrix_accessplatform\11d54ebb\5bd22843\assembly\dl3\e0d4b7bd\086a8d92_3ab8c901\log4net.DLL" /R:"c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\citrix_accessplatform\11d54ebb\5bd22843\assembly\dl3\27facfbf\32dfa292_3ab8c901\shared.DLL" /R:"c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\citrix_accessplatform\11d54ebb\5bd22843\assembly\dl3\1239560a\d0cd7092_3ab8c901\AuthenticationState.DLL" /R:"c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\citrix_accessplatform\11d54ebb\5bd22843\assembly\dl3\60919941\5c54b892_3ab8c901\webpnimpl.DLL" /R:"c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\citrix_accessplatform\11d54ebb\5bd22843\assembly\dl3\20a6cf6c\54a58892_3ab8c901\FTAProvider.DLL" /R:"c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\citrix_accessplatform\11d54ebb\5bd22843\App_Code.q_8h2bzh.dll" /R:"c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\citrix_accessplatform\11d54ebb\5bd22843\assembly\dl3\bda74437\766b6e92_3ab8c901\AuthenticationFilter.DLL" /R:"c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\citrix_accessplatform\11d54ebb\5bd22843\assembly\dl3\31e75915\6a7bbf92_3ab8c901\xms1rt.DLL" /R:"c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\citrix_accessplatform\11d54ebb\5bd22843\assembly\dl3\0c9d9263\ec1b7f92_3ab8c901\config.DLL" /R:"c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\citrix_accessplatform\11d54ebb\5bd22843\assembly\dl3\f061151c\16919492_3ab8c901\mvcasp.DLL" /R:"c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\citrix_accessplatform\11d54ebb\5bd22843\assembly\dl3\bf7e49c0\a0e08392_3ab8c901\coreapi.DLL" /R:"c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\citrix_accessplatform\11d54ebb\5bd22843\assembly\dl3\c93066a7\4006aa92_3ab8c901\Spring.Core.DLL" /R:"c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\citrix_accessplatform\11d54ebb\5bd22843\assembly\dl3\f7ff5932\d0cd7092_3ab8c901\AuthenticatorsCommon.DLL" /R:"c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\citrix_accessplatform\11d54ebb\5bd22843\assembly\dl3\58ffcc9b\68446792_3ab8c901\ASPNetAdaptor.DLL" /R:"c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\citrix_accessplatform\11d54ebb\5bd22843\App_Web_wq7oqmv6.dll" /R:"c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\citrix_accessplatform\11d54ebb\5bd22843\assembly\dl3\cd8cf042\1c096c92_3ab8c901\aspnetenvironment.DLL" /R:"c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\citrix_accessplatform\11d54ebb\5bd22843\assembly\dl3\a655685d\c4ddc192_3ab8c901\xmsgen.DLL" /R:"c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\citrix_accessplatform\11d54ebb\5bd22843\assembly\dl3\c7d227e5\b47f6292_3ab8c901\AccessTokens.DLL" /R:"c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\citrix_accessplatform\11d54ebb\5bd22843\assembly\dl3\09e886fe\84927592_3ab8c901\BandwidthControlProvider.DLL" /R:"C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll" /R:"c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\citrix_accessplatform\11d54ebb\5bd22843\assembly\dl3\a3d0eeb8\f4caae92_3ab8c901\TwoFactor.DLL" /R:"c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\citrix_accessplatform\11d54ebb\5bd22843\assembly\dl3\66e0806b\02f2b592_3ab8c901\webinterface.DLL" /R:"c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\citrix_accessplatform\11d54ebb\5bd22843\assembly\dl3\80b876ad\f4caae92_3ab8c901\Tracing.DLL" /R:"c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\citrix_accessplatform\11d54ebb\5bd22843\assembly\dl3\def0b787\ca559992_3ab8c901\netsslsdk.DLL" /R:"c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\citrix_accessplatform\11d54ebb\5bd22843\assembly\dl3\5fffc2ea\8c41a592_3ab8c901\SimpleAggregator.DLL" /R:"c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\citrix_accessplatform\11d54ebb\5bd22843\App_SubCode_PagesCs.k9azkwxg.dll" /R:"c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\citrix_accessplatform\11d54ebb\5bd22843\assembly\dl3\4c69a27b\62cc8f92_3ab8c901\MpsSourceApi.DLL" /R:"c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\citrix_accessplatform\11d54ebb\5bd22843\assembly\dl3\8583f2d7\7e1a9e92_3ab8c901\RadeAPI.DLL" /R:"c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\citrix_accessplatform\11d54ebb\5bd22843\assembly\dl3\1098fa8f\9a68ac92_3ab8c901\Support.DLL" /R:"c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\citrix_accessplatform\11d54ebb\5bd22843\assembly\dl3\d224f521\fa428692_3ab8c901\dotnetsupport.DLL" /R:"C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll" /R:"c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\citrix_accessplatform\11d54ebb\5bd22843\assembly\dl3\9777da3d\8c41a592_3ab8c901\Socks5.DLL" /R:"C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll" /R:"c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\citrix_accessplatform\11d54ebb\5bd22843\assembly\dl3\b4d764e9\ca559992_3ab8c901\pnagentapi.DLL" /R:"C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll" /R:"c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\citrix_accessplatform\11d54ebb\5bd22843\assembly\dl3\520d19ee\54a58892_3ab8c901\IconCache.DLL" /R:"c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\citrix_accessplatform\11d54ebb\5bd22843\App_global.asax.vdcpios8.dll" /out:"c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\citrix_accessplatform\11d54ebb\5bd22843\App_Web_default.aspx.e322493f.1tylog_t.dll" /debug- /optimize+ /w:4 /nowarn:1659;1699;1701 "c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\citrix_accessplatform\11d54ebb\5bd22843\App_Web_default.aspx.e322493f.1tylog_t.0.cs" "c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\citrix_accessplatform\11d54ebb\5bd22843\App_Web_default.aspx.e322493f.1tylog_t.1.cs"

    Microsoft (R) Visual C# 2005 Compiler version 8.00.50727.1433
    for Microsoft (R) Windows (R) 2005 Framework version 2.0.50727
    Copyright (C) Microsoft Corporation 2001-2005. All rights reserved.

    c:\Inetpub\wwwroot\Citrix\AccessPlatform\site\serverscripts\WIACC.cs(15,29): error CS0103: The name ‘authGetPrimaryAccessToken’ does not exist in the current context

    Show Complete Compilation Source:

    Line 1: <%
    Line 2:
    Line 3: // Modify the following line to reflect your database connection settings
    Line 4: string strConnString = "Data Source=app01;Initial Catalog=Citrix_Portal_Access;Persist Security Info=True;User ID=Citrix_Portal;Password=Citrix_Portal";
    Line 5:
    Line 6: System.Data.SqlClient.SqlConnection conn = new System.Data.SqlClient.SqlConnection();
    Line 7: conn.ConnectionString = strConnString;
    Line 8:
    Line 9: bool boolAllowed = false;
    Line 10: string strUsername = String.Empty;
    Line 11: string clientIP = String.Empty;
    Line 12:
    Line 13:
    Line 14: // Retrieve the username of the current logged in user
    Line 15: strUsername = ((AccessToken)authGetPrimaryAccessToken()).getShortUserName();
    Line 16:
    Line 17: // Work around to get real client IP address (http://www.thomaskoetzing.de/index.php?option=com_content&task=view&id=64&Itemid=103)
    Line 18: if (!(Request.ServerVariables["HTTP_X_FORWARDED_FOR"] == null) && (Request.ServerVariables["REMOTE_ADDR"] == "127.0.0.1"))
    Line 19: {
    Line 20: clientIP = Request.ServerVariables["HTTP_X_FORWARDED_FOR"];
    Line 21: }
    Line 22: else
    Line 23: {
    Line 24: clientIP = Request.ServerVariables["REMOTE_ADDR"];
    Line 25: }
    Line 26:
    Line 27:
    Line 28: try
    Line 29: {
    Line 30: conn.Open();
    Line 31: string strSQL = string.Format("SELECT COUNT(username) FROM WI_Include WHERE username='{0}’", strUsername);
    Line 32: System.Data.SqlClient.SqlCommand sqlCmd = new System.Data.SqlClient.SqlCommand(strSQL, conn);
    Line 33:
    Line 34: int numRows = (int)sqlCmd.ExecuteScalar();
    Line 35:
    Line 36: // If the user is not allowed to log in, log the access attempt in the database
    Line 37: if(numRows < 1)
    Line 38: {
    Line 39: boolAllowed = false;
    Line 40: string strSQLDenied = string.Format("INSERT INTO WI_AccessLog (username, logintime, remote_addr, success) VALUES (‘{0}’, ‘{1}’, ‘{2}’, ‘{3}’)", strUsername, DateTime.Now.ToString(), clientIP, "no");
    Line 41: System.Data.SqlClient.SqlCommand sqlCmdDenied = new System.Data.SqlClient.SqlCommand(strSQLDenied, conn);
    Line 42: sqlCmdDenied.ExecuteNonQuery();
    Line 43: }
    Line 44: else
    Line 45: {
    Line 46: boolAllowed = true;
    Line 47: string strSQLAllowed = string.Format("INSERT INTO WI_AccessLog (username, logintime, remote_addr, success) VALUES (‘{0}’, ‘{1}’, ‘{2}’, ‘{3}’)", strUsername, DateTime.Now.ToString(), clientIP, "yes");
    Line 48: System.Data.SqlClient.SqlCommand sqlCmdAllowed = new System.Data.SqlClient.SqlCommand(strSQLAllowed, conn);
    Line 49: sqlCmdAllowed.ExecuteNonQuery();
    Line 50: }
    Line 51: }
    Line 52:
    Line 53: catch
    Line 54: {
    Line 55: }
    Line 56:
    Line 57:
    Line 58: finally
    Line 59: {
    Line 60: conn.Close();
    Line 61: }
    Line 62:
    Line 63:
    Line 64: if(!boolAllowed)
    Line 65: {
    Line 66: Server.Transfer("../../auth/errorPage.html");
    Line 67: }
    Line 68:
    Line 69: %>

    ——————————————————————————–
    Version Information: Microsoft .NET Framework Version:2.0.50727.1433; ASP.NET Version:2.0.50727.1433

  45. Have managed to make work with 5.4 with a few changes mainly around the retrieving of the username and the Saving of the date as we are in Australia

Leave a Reply to Sam Jacobs Cancel reply