protected override string GetPasswordFromPersistence(ClientMembershipUser user)
 {
     string sql = string.Format("SELECT Password FROM [User] WHERE UserId = '{0}'",
         user.UserKey.ToString());
     return this.database.ExecuteScalar(
             this.database.GetSqlStringCommand(sql)).ToString();
 }
 protected override void PersistChangedPasswordQuestionAndAnswer(ClientMembershipUser user, 
     string password, string newPasswordAnswer)
 {
     string sql = string.Format("UPDATE [User] SET PasswordQuestion = '{0}', PasswordAnswer = '{1}' WHERE UserId = '{2}'",
         user.PasswordQuestion, newPasswordAnswer, user.UserKey.ToString());
     this.database.ExecuteNonQuery(
             this.database.GetSqlStringCommand(sql));
 }
        protected virtual string GetPassword(ClientMembershipUser user, 
            string passwordAnswer)
        {
            // Make sure password retrievals are allowed
            User.CheckPasswordRetrieval();

            // Validate the user's password answer
            this.ValidateUserWithPasswordAnswer(user, passwordAnswer, true);

            // Get the user's password from persistence
            return this.GetPasswordFromPersistence(user);
        }
        protected virtual string ResetPassword(ClientMembershipUser user)
        {
            User.CheckPasswordReset(null);

            string newPassword = System.Web.Security.Membership.GeneratePassword(
                      (this.Application.MinRequiredPasswordLength < Constants.PasswordSize) ?
                        Constants.PasswordSize : this.Application.MinRequiredPasswordLength,
                        this.Application.MinRequiredNonAlphanumericCharacters);

            string newEncodedPassword = this.EncodePassword(newPassword,
                user.PasswordFormat, user.PasswordSalt);

            this.PersistResetPassword(user, newEncodedPassword);

            return newPassword;
        }
        public void PasswordAttemptSucceededTest()
        {
            User user = ClientMembershipService.GetUser("timm");
            string passwordSalt = "1U3h6r/tQ+dGWhLm9Unyng==";
            PasswordFormat passwordFormat = PasswordFormat.Hashed;
            int failedPasswordAttemptCount = 0;
            DateTime failedPasswordAttemptWindowStart = DateTime.MinValue;
            int failedPasswordAnswerAttemptCount = 0;
            DateTime failedPasswordAnswerAttemptWindowStart = DateTime.MinValue;

            ClientMembershipUser target = new ClientMembershipUser(user,
                passwordSalt, passwordFormat, failedPasswordAttemptCount,
                failedPasswordAttemptWindowStart, failedPasswordAnswerAttemptCount,
                failedPasswordAnswerAttemptWindowStart);

            target.PasswordAttemptSucceeded();

            Assert.AreEqual(DateTime.MinValue, target.FailedPasswordAttemptWindowStart);
            Assert.AreEqual(0, target.FailedPasswordAttemptCount);
            Assert.AreEqual(false, target.IsLockedOut);
            Assert.AreEqual(DateTime.MinValue, target.LastLockoutDate);
        }
        protected override void PersistUser(ClientMembershipUser user)
        {
            StringBuilder builder = new StringBuilder(100);
            builder.Append("UPDATE [User] SET ");

            builder.Append(string.Format("{0}={1}",
                UserFactory.FieldNames.Email,
                DataHelper.GetSqlValue(user.Email)));

            builder.Append(string.Format(",{0}={1}",
                UserFactory.FieldNames.IsLockedOut,
                DataHelper.GetSqlValue(user.IsLockedOut)));

            builder.Append(string.Format(",{0}={1}",
                UserFactory.FieldNames.LastActivityDate,
                DataHelper.GetSqlValue(user.LastActivityDate)));

            builder.Append(string.Format(",{0}={1}",
                UserFactory.FieldNames.LastLockoutDate,
                DataHelper.GetSqlValue(user.LastLockoutDate)));

            builder.Append(string.Format(",{0}={1}",
                UserFactory.FieldNames.LastLoginDate,
                DataHelper.GetSqlValue(user.LastLoginDate)));

            builder.Append(string.Format(",{0}={1}",
                UserFactory.FieldNames.LastPasswordChangedDate,
                DataHelper.GetSqlValue(user.LastPasswordChangedDate)));

            builder.Append(string.Format(",{0}={1}",
                UserFactory.FieldNames.PasswordQuestion,
                DataHelper.GetSqlValue(user.PasswordQuestion)));

            builder.Append(string.Format(",{0}={1}",
                UserFactory.FieldNames.UserName,
                DataHelper.GetSqlValue(user.UserName)));

            builder.Append(string.Format(",{0}={1}",
                ClientMembershipUserFactory.FieldNames.PasswordSalt,
                DataHelper.GetSqlValue(user.PasswordSalt)));

            builder.Append(string.Format(",{0}={1}",
                ClientMembershipUserFactory.FieldNames.PasswordFormat,
                DataHelper.GetSqlValue((int)user.PasswordFormat)));

            builder.Append(" ");
            builder.Append(string.Format("WHERE UserId = '{0}'", 
                user.UserKey.ToString()));

            this.database.ExecuteNonQuery(
                this.database.GetSqlStringCommand(builder.ToString()));
        }
        protected virtual string ResetPassword(ClientMembershipUser user, 
            string passwordAnswer)
        {
            // Are password resets allowed?
            User.CheckPasswordReset(passwordAnswer);

            // Validate the user's password answer
            this.ValidateUserWithPasswordAnswer(user, passwordAnswer, true);

            int maxPasswordSize =
                (this.Application.MinRequiredPasswordLength < 
                    Constants.PasswordSize)
                        ? Constants.PasswordSize : 
                        this.Application.MinRequiredPasswordLength;

            // Create the new password
            string newPassword = System.Web.Security.Membership.GeneratePassword(
                maxPasswordSize,
                this.Application.MinRequiredNonAlphanumericCharacters);

            // Encode the password
            string newEncodedPassword = this.EncodePassword(newPassword,
                user.PasswordFormat, user.PasswordSalt);
            
            // Save the user's new password
            this.PersistResetPassword(user, newEncodedPassword);

            // return the new password (not the encoded one!)
            return newPassword;
        }
        protected virtual void ChangePassword(ClientMembershipUser user, 
            string oldPassword, string newPassword)
        {
            SecurityHelper.CheckParameter(oldPassword, true, true, false,
                this.Application.MaxPasswordSize, "oldPassword");
            SecurityHelper.CheckParameter(newPassword, true, true, false,
                this.Application.MaxPasswordSize, "newPassword");

            // Validate the user before making any changes
            this.ValidateUserWithPassword(user, oldPassword, true);

            // Make sure the new password is ok
            User.ValidatePassword(newPassword);

            // encode the new password
            string encodedPassword = this.EncodePassword(newPassword, 
                user.PasswordFormat, user.PasswordSalt);

            if (encodedPassword.Length > this.Application.MaxPasswordSize)
            {
                throw new ArgumentException("Membership password too long", 
                    "newPassword");
            }

            // Save the new password
            this.PersistChangedPassword(user, encodedPassword);
        }
Beispiel #9
0
 public static ClientMembershipUserContract ToClientMembershipUserContract(ClientMembershipUser user)
 {
     ClientMembershipUserContract contract = null;
     if (user != null)
     {
         contract = new ClientMembershipUserContract();
         contract.CreationDate = user.CreationDate;
         contract.Email = user.Email;
         contract.FailedPasswordAnswerAttemptCount = user.FailedPasswordAnswerAttemptCount;
         contract.FailedPasswordAnswerAttemptWindowStart = user.FailedPasswordAnswerAttemptWindowStart;
         contract.FailedPasswordAttemptCount = user.FailedPasswordAttemptCount;
         contract.FailedPasswordAttemptWindowStart = user.FailedPasswordAttemptWindowStart;
         contract.IsLockedOut = user.IsLockedOut;
         contract.Key = user.Key;
         contract.LastActivityDate = user.LastActivityDate;
         contract.LastLockoutDate = user.LastLockoutDate;
         contract.LastLoginDate = user.LastLoginDate;
         contract.LastPasswordChangedDate = user.LastPasswordChangedDate;
         contract.PasswordFormat = Converter.ToPasswordFormatContract(user.PasswordFormat);
         contract.PasswordQuestion = user.PasswordQuestion;
         contract.PasswordSalt = user.PasswordSalt;
         foreach (Role role in user.Roles)
         {
             contract.Roles.Add(Converter.ToRoleContract(role));
         }
         contract.UserKey = user.UserKey;
         contract.UserName = user.UserName;
     }
     return contract;
 }
 protected abstract void PersistResetPassword(ClientMembershipUser user,
     string newEncodedPassword);
 protected abstract string GetPasswordAnswerFromPersistence(
     ClientMembershipUser user);
 protected abstract void PersistChangedPasswordQuestionAndAnswer(
     ClientMembershipUser user, string password,
     string newPasswordAnswer);
 protected abstract void PersistChangedPassword(ClientMembershipUser user, 
     string newPassword);
        private void ValidateUserWithPasswordAnswer(ClientMembershipUser user,
            string passwordAnswer, bool throwIfFails)
        {
            if (passwordAnswer != null)
            {
                passwordAnswer = passwordAnswer.Trim();
            }

            SecurityHelper.CheckParameter(passwordAnswer,
                this.Application.RequiresQuestionAndAnswer,
                this.Application.RequiresQuestionAndAnswer,
                false, this.Application.MaxPasswordAnswerSize, 
                "passwordAnswer");

            string passwordAnswerFromPersistence =
                this.GetPasswordAnswerFromPersistence(user);

            try
            {
                if (!this.CheckPasswordAnswer(passwordAnswer, 
                    passwordAnswerFromPersistence,
                    user.PasswordFormat, user.PasswordSalt))
                {
                    user.PasswordAnswerAttemptFailed();
                    if (throwIfFails)
                    {
                        throw new SecurityException
                            ("The password answer supplied was not correct");
                    }
                }
                else
                {
                    user.PasswordAnswerAttemptSucceeded();
                }
            }
            finally
            {
                this.PersistUser(user);
            }
        }
 private string GetEncodedPasswordAnswer(ClientMembershipUser user, string passwordAnswer)
 {
     if (passwordAnswer != null)
     {
         passwordAnswer = passwordAnswer.Trim();
     }
     if (string.IsNullOrEmpty(passwordAnswer))
     {
         return passwordAnswer;
     }
     return this.EncodePassword(passwordAnswer.ToLower(CultureInfo.InvariantCulture), 
         user.PasswordFormat, user.PasswordSalt);
 }
 protected override void PersistResetPassword(ClientMembershipUser user, string newEncodedPassword)
 {
     string sql = string.Format("UPDATE [User] SET Password = '******' WHERE UserId = '{1}'",
         newEncodedPassword, user.UserKey.ToString());
     this.database.ExecuteNonQuery(
             this.database.GetSqlStringCommand(sql));
 }
 protected abstract void PersistUser(ClientMembershipUser user);
Beispiel #18
0
 public static ClientMembershipUser ToClientMembershipUser(ClientMembershipUserContract contract)
 {
     ClientMembershipUser user = null;
     if (user != null)
     {
         user = new ClientMembershipUser(new User(contract.UserKey,
             contract.UserName, contract.Email, contract.PasswordQuestion,
             contract.IsLockedOut, contract.CreationDate, contract.LastLoginDate,
             contract.LastActivityDate, contract.LastPasswordChangedDate,
             contract.LastLockoutDate), contract.PasswordSalt, 
             Converter.ToPasswordFormat(contract.PasswordFormat),
             contract.FailedPasswordAttemptCount,
             contract.FailedPasswordAttemptWindowStart,
             contract.FailedPasswordAnswerAttemptCount,
             contract.FailedPasswordAnswerAttemptWindowStart);
         foreach (RoleContract role in contract.Roles)
         {
             user.Roles.Add(Converter.ToRole(role));
         }
     }
     return user;
 }
        protected virtual void ChangePasswordQuestionAndAnswer(
            ClientMembershipUser user, string password, 
            string newPasswordQuestion, string newPasswordAnswer)
        {
            SecurityHelper.CheckParameter(newPasswordQuestion, 
                this.Application.RequiresQuestionAndAnswer,
                this.Application.RequiresQuestionAndAnswer, false,
                this.Application.MaxPasswordQuestionSize, "newPasswordQuestion");
            
            if (newPasswordAnswer != null)
            {
                newPasswordAnswer = newPasswordAnswer.Trim();
            }

            SecurityHelper.CheckParameter(newPasswordAnswer, 
                this.Application.RequiresQuestionAndAnswer,
                this.Application.RequiresQuestionAndAnswer, false,
                this.Application.MaxPasswordAnswerSize, "newPasswordAnswer");

            // Validate the user before making any changes
            this.ValidateUserWithPassword(user, password, true);

            string encodedPasswordAnswer;

            if (!string.IsNullOrEmpty(newPasswordAnswer))
            {
                encodedPasswordAnswer = this.EncodePassword(
                    newPasswordAnswer.ToLower(CultureInfo.InvariantCulture),
                    user.PasswordFormat, user.PasswordSalt);
            }
            else
            {
                encodedPasswordAnswer = newPasswordAnswer;
            }

            SecurityHelper.CheckParameter(encodedPasswordAnswer,
                this.Application.RequiresQuestionAndAnswer,
                this.Application.RequiresQuestionAndAnswer, false,
                this.Application.MaxPasswordAnswerSize, "newPasswordAnswer");

            this.PersistChangedPasswordQuestionAndAnswer(user, password,
                encodedPasswordAnswer);
        }