public bool ChangePassword(string username, string newPassword)
{
bool flag = false;
SystemUserWrapper user = SystemUserWrapper.GetUserByLoginID(username);
if (user == null)
{
return(flag);
}
try
{
user.UserPassword = EncodePassword(newPassword, user.PasswordSalt);
user.LastPasswordChangeDate = DateTime.Now;
user.LastActivityDate = DateTime.Now;
SystemUserWrapper.Update(user);
flag = true;
}
catch
{
throw new MembershipPasswordException(
NhibernateMembershipProviderExceptionUtil.FormatExceptionMessage(this,
NHibernateProviderSR.
Pwd_OpCancelledDueToAccountLocked));
}
return(flag);
}
public override bool UnlockUser(string userName)
{
bool flag = false;
try
{
SystemUserWrapper user = SystemUserWrapper.GetUserByLoginID(userName);
if (user != null)
{
user.IsLockedOut = false;
user.LastLockedOutDate = DateTime.Now;
user.LastActivityDate = DateTime.Now;
SystemUserWrapper.SaveOrUpdate(user);
flag = true;
}
}
catch (Exception exception)
{
throw NhibernateMembershipProviderExceptionUtil.NewProviderException(this,
NHibernateProviderSR.
User_UnableToUnlock,
exception);
}
return(flag);
}
public override string GetPassword(string username, string answer)
{
string password = null;
if (!EnablePasswordRetrieval)
{
throw NhibernateMembershipProviderExceptionUtil.NewProviderException(this,
NHibernateProviderSR.
Pwd_RetrievalNotEnabled);
}
if (MembershipPasswordFormat.Hashed == PasswordFormat)
{
throw NhibernateMembershipProviderExceptionUtil.NewProviderException(this,
NHibernateProviderSR.
Pwd_CannotRetrieveHashed);
}
SystemUserWrapper user = SystemUserWrapper.GetUserByLoginID(username);
if (user != null)
{
if (RequiresQuestionAndAnswer && !CheckPassword(answer, user.PasswordAnswer, user.PasswordSalt))
{
UpdateFailureCount(username, FailureType.PasswordAnswer);
throw new MembershipPasswordException(
NhibernateMembershipProviderExceptionUtil.FormatExceptionMessage(this,
NHibernateProviderSR.
Pwd_IncorrectAnswer));
}
if (MembershipPasswordFormat.Encrypted == PasswordFormat)
{
password = UnencodePassword(password);
}
}
return(password);
}
public string EncodePassword(string password, string validationKey)
{
string str = password;
switch (PasswordFormat)
{
case MembershipPasswordFormat.Clear:
return(str);
case MembershipPasswordFormat.Hashed:
{
if (string.IsNullOrEmpty(validationKey))
{
validationKey = machineKey.ValidationKey;
}
var hmacsha = new HMACSHA1 {
Key = HexToByte(validationKey)
};
return(Convert.ToBase64String(hmacsha.ComputeHash(Encoding.Unicode.GetBytes(password))));
}
case MembershipPasswordFormat.Encrypted:
return(Convert.ToBase64String(EncryptPassword(Encoding.Unicode.GetBytes(password))));
}
throw NhibernateMembershipProviderExceptionUtil.NewProviderException(this,
NHibernateProviderSR.
Pwd_UnsupportedFormat);
}
public override bool ChangePasswordQuestionAndAnswer(string username, string password,
string newPasswordQuestion, string newPasswordAnswer)
{
bool flag = false;
if (ValidateUser(username, password))
{
SystemUserWrapper user = SystemUserWrapper.GetUserByLoginID(username);
if (user == null)
{
return(flag);
}
try
{
user.PasswordQuestion = newPasswordQuestion;
user.PasswordAnswer = EncodePassword(newPasswordAnswer, user.PasswordSalt);
user.LastActivityDate = DateTime.Now;
SystemUserWrapper.Update(user);
flag = true;
}
catch
{
throw new MembershipPasswordException(
NhibernateMembershipProviderExceptionUtil.FormatExceptionMessage(this,
NHibernateProviderSR.
Pwd_UnableToChangeQandA));
}
}
return(flag);
}
public override MembershipUser CreateUser(string username, string password, string email,
string passwordQuestion, string passwordAnswer, bool isApproved,
object providerUserKey, out MembershipCreateStatus status)
{
var e = new ValidatePasswordEventArgs(username, password, true);
OnValidatingPassword(e);
if (e.Cancel)
{
status = MembershipCreateStatus.InvalidPassword;
return(null);
}
if (RequiresUniqueEmail && !string.IsNullOrEmpty(GetUserNameByEmail(email)))
{
status = MembershipCreateStatus.DuplicateEmail;
return(null);
}
if (SystemUserWrapper.GetUserByLoginID(username) != null)
{
status = MembershipCreateStatus.DuplicateUserName;
return(null);
}
var user = new SystemUserWrapper
{
UserName = username,
UserLoginID = username,
UserPassword = EncodePassword(password, machineKey.ValidationKey),
PasswordFormat = ((int)PasswordFormat),
PasswordSalt = machineKey.ValidationKey,
UserEmail = email,
PasswordQuestion = passwordQuestion,
PasswordAnswer = passwordAnswer,
IsApproved = isApproved
};
user.UserCreateDate = DateTime.Now;
user.FailedPwdAnsAttemptWndStart = DateTime.Parse("1753-1-1");
user.LastPasswordChangeDate = DateTime.Parse("1753-1-1");
user.LastLoginDate = DateTime.Parse("1753-1-1");
user.FailedPwdAttemptWndStart = DateTime.Parse("1753-1-1");
user.LastActivityDate = DateTime.Parse("1753-1-1");
user.LastLockedOutDate = DateTime.Parse("1753-1-1");
user.Applications.Add(application);
try
{
SystemUserWrapper.Save(user);
status = MembershipCreateStatus.Success;
}
catch (Exception exception)
{
throw NhibernateMembershipProviderExceptionUtil.NewProviderException(this,
NHibernateProviderSR.
User_UnableToCreate,
exception);
}
return(GetUser(username, false));
}
public override bool RoleExists(string roleName)
{
try
{
return(SystemRoleWrapper.RoleExists(roleName));
}
catch (Exception exception)
{
throw NhibernateMembershipProviderExceptionUtil.NewProviderException(this, NHibernateProviderSR.Role_UnableToCheckIfExists, exception);
}
}
public override string[] GetRolesForUser(string username)
{
try
{
return(SystemUserWrapper.GetRolesForUser(username));
}
catch (Exception exception)
{
throw NhibernateMembershipProviderExceptionUtil.NewProviderException(this, NHibernateProviderSR.Role_UnableToGetRolesForUser, exception);
}
}
public override string[] FindUsersInRole(string roleName, string usernameToMatch)
{
try
{
return(SystemRoleWrapper.FindUsersInRole(roleName, usernameToMatch));
}
catch (Exception exception)
{
throw NhibernateMembershipProviderExceptionUtil.NewProviderException(this, NHibernateProviderSR.Role_UnableToFindUsersInRole, exception);
}
}
public override string[] GetAllRoles()
{
try
{
return(SystemRoleWrapper.GetAllRoles());
}
catch (Exception exception)
{
throw NhibernateMembershipProviderExceptionUtil.NewProviderException(this, NHibernateProviderSR.Role_UnableToGetAllRoles, exception);
}
}
public override bool IsUserInRole(string username, string roleName)
{
try
{
return(SystemUserWrapper.IsUserInRole(username, roleName));
}
catch (Exception exception)
{
throw NhibernateMembershipProviderExceptionUtil.NewProviderException(this, NHibernateProviderSR.Role_UnableToFindUserInRole, exception);
}
}
public override bool UnlockUser(string userName)
{
try
{
return(SystemUserWrapper.UnlockUser(userName));
}
catch (Exception exception)
{
throw NhibernateMembershipProviderExceptionUtil.NewProviderException(this,
NHibernateProviderSR.
User_UnableToUnlock,
exception);
}
}
public override void UpdateUser(MembershipUser user)
{
try
{
SystemUserWrapper.SaveOrUpdate(SystemUserWrapper.GetUserByLoginID(user.UserName).FromMembershipUser(user));
}
catch (Exception exception)
{
throw NhibernateMembershipProviderExceptionUtil.NewProviderException(this,
NHibernateProviderSR.
User_UnableToUpdate,
exception);
}
}
public override void CreateRole(string roleName)
{
if (this.RoleExists(roleName))
{
throw NhibernateMembershipProviderExceptionUtil.NewProviderException(this, NHibernateProviderSR.Role_AlreadyExists);
}
try
{
SystemRoleWrapper.CreateRole(roleName);
}
catch (Exception exception)
{
throw NhibernateMembershipProviderExceptionUtil.NewProviderException(this, NHibernateProviderSR.Role_UnableToCreate, exception);
}
}
public override bool DeleteRole(string roleName, bool throwOnPopulatedRole)
{
if (throwOnPopulatedRole && (0 < this.GetUsersInRole(roleName).Length))
{
throw NhibernateMembershipProviderExceptionUtil.NewProviderException(this, "role is not empty.");
}
try
{
return(SystemRoleWrapper.DeleteRole(roleName, throwOnPopulatedRole));
}
catch (Exception exception)
{
throw NhibernateMembershipProviderExceptionUtil.NewProviderException(this, NHibernateProviderSR.Role_UnableToDelete, exception);
}
}
public override void AddUsersToRoles(string[] usernames, string[] roleNames)
{
int length = usernames.Length;
if (length != roleNames.Length)
{
throw new ArgumentOutOfRangeException(NhibernateMembershipProviderExceptionUtil.FormatExceptionMessage(this, NHibernateProviderSR.Role_UserRoleParamsNotSameLength));
}
try
{
SystemRoleWrapper.AddUsersToRoles(usernames, roleNames);
}
catch (Exception exception)
{
throw NhibernateMembershipProviderExceptionUtil.NewProviderException(this, NHibernateProviderSR.Role_UnableToAddUsersToRoles, exception);
}
}
public override bool DeleteUser(string username, bool deleteAllRelatedData)
{
bool flag = false;
try
{
SystemUserWrapper.DeleteUser(username, deleteAllRelatedData);
flag = true;
}
catch (Exception exception)
{
throw NhibernateMembershipProviderExceptionUtil.NewProviderException(this,
NHibernateProviderSR.
User_UnableToDelete,
exception);
}
return(flag);
}
public override int GetNumberOfUsersOnline()
{
int num;
try
{
var span = new TimeSpan(0, Membership.UserIsOnlineTimeWindow, 0);
DateTime time = DateTime.Now.Subtract(span);
num = SystemUserWrapper.FindOnlineUsersCount(time);
}
catch (Exception exception)
{
throw NhibernateMembershipProviderExceptionUtil.NewProviderException(this,
NHibernateProviderSR.
User_UnableToGetOnlineNumber,
exception);
}
return(num);
}
private void UpdateLastLoginDate(string username)
{
SystemUserWrapper user = SystemUserWrapper.GetUserByLoginID(username);
if (user != null)
{
try
{
user.LastLoginDate = DateTime.Now;
SystemUserWrapper.SaveOrUpdate(user);
}
catch (Exception exception)
{
throw NhibernateMembershipProviderExceptionUtil.NewProviderException(this,
NHibernateProviderSR.
User_UnableToUpdateLastLoginDate,
exception);
}
}
}
public override bool ChangePassword(string username, string oldPassword, string newPassword)
{
bool flag = false;
if (ValidateUser(username, oldPassword))
{
var e = new ValidatePasswordEventArgs(username, newPassword, true);
OnValidatingPassword(e);
if (e.Cancel)
{
if (e.FailureInformation != null)
{
throw e.FailureInformation;
}
throw NhibernateMembershipProviderExceptionUtil.NewProviderException(this,
NHibernateProviderSR.
Pwd_ChangeCancelledDueToNewPassword);
}
SystemUserWrapper user = SystemUserWrapper.GetUserByLoginID(username);
if (user == null)
{
return(flag);
}
try
{
user.UserPassword = EncodePassword(newPassword, user.PasswordSalt);
user.LastPasswordChangeDate = DateTime.Now;
user.LastActivityDate = DateTime.Now;
SystemUserWrapper.Update(user);
flag = true;
}
catch
{
throw new MembershipPasswordException(
NhibernateMembershipProviderExceptionUtil.FormatExceptionMessage(this,
NHibernateProviderSR.
Pwd_OpCancelledDueToAccountLocked));
}
}
return(flag);
}
/// <summary>
/// ½âÃÜÃÜÂë
/// </summary>
/// <param name="password">ÃÜÂë</param>
/// <returns>½âÃܺó½á¹û</returns>
private string UnencodePassword(string password)
{
string s = password;
switch (PasswordFormat)
{
case MembershipPasswordFormat.Clear:
return(s);
case MembershipPasswordFormat.Hashed:
throw NhibernateMembershipProviderExceptionUtil.NewProviderException(this,
NHibernateProviderSR.
Pwd_CannotUnencodeHashed);
case MembershipPasswordFormat.Encrypted:
return(Encoding.Unicode.GetString(DecryptPassword(Convert.FromBase64String(s))));
}
throw NhibernateMembershipProviderExceptionUtil.NewProviderException(this,
NHibernateProviderSR.
Pwd_UnsupportedFormat);
}
public override MembershipUser GetUser(object providerUserKey, bool userIsOnline)
{
if (providerUserKey == null)
{
throw new ArgumentNullException("providerUserKey");
}
SystemUserWrapper user = SystemUserWrapper.FindById(providerUserKey);
if (user == null)
{
throw NhibernateMembershipProviderExceptionUtil.NewProviderException(this,
NHibernateProviderSR.
User_UnableToGet);
}
if (userIsOnline)
{
UpdateLastActivityDate(user.UserName);
}
return(user.ToMembershipUser(Name));
}
public override MembershipUser GetUser(string username, bool userIsOnline)
{
if (username == null)
{
throw new ArgumentNullException("username");
}
SystemUserWrapper user = SystemUserWrapper.GetUserByLoginID(username);
if (user == null)
{
throw NhibernateMembershipProviderExceptionUtil.NewProviderException(this,
NHibernateProviderSR.
User_UnableToGet);
}
if (userIsOnline)
{
UpdateLastActivityDate(user.UserName);
}
return(user.ToMembershipUser(Name));
}
private void UpdateFailureCount(string username, FailureType failureType)
{
SystemUserWrapper user = SystemUserWrapper.GetUserByLoginID(username);
if (user != null)
{
DateTime now = DateTime.Now;
int failedPasswordAttemptCount = 0;
try
{
switch (failureType)
{
case FailureType.Password:
now = user.FailedPwdAttemptWndStart;
failedPasswordAttemptCount = user.FailedPwdAttemptCnt;
break;
case FailureType.PasswordAnswer:
now = user.FailedPwdAnsAttemptWndStart;
failedPasswordAttemptCount = user.FailedPwdAnsAttemptCnt;
break;
}
DateTime time2 = now.AddMinutes(PasswordAttemptWindow);
if ((failedPasswordAttemptCount == 0) || (DateTime.Now > time2))
{
switch (failureType)
{
case FailureType.Password:
user.FailedPwdAttemptWndStart = DateTime.Now;
user.FailedPwdAttemptCnt = 1;
goto Label_00E7;
case FailureType.PasswordAnswer:
user.FailedPwdAnsAttemptWndStart = DateTime.Now;
user.FailedPwdAnsAttemptCnt = 1;
goto Label_00E7;
}
}
else
{
failedPasswordAttemptCount++;
if (failedPasswordAttemptCount >= MaxInvalidPasswordAttempts)
{
user.IsLockedOut = true;
user.LastLockedOutDate = DateTime.Now;
}
else
{
switch (failureType)
{
case FailureType.Password:
user.FailedPwdAttemptCnt = failedPasswordAttemptCount;
goto Label_00E7;
case FailureType.PasswordAnswer:
user.FailedPwdAnsAttemptCnt = failedPasswordAttemptCount;
goto Label_00E7;
}
}
}
Label_00E7:
SystemUserWrapper.SaveOrUpdate(user);
}
catch (Exception exception)
{
throw NhibernateMembershipProviderExceptionUtil.NewProviderException(this,
NHibernateProviderSR.
User_UnableToUpdateFailureCount,
exception);
}
}
}
public override string ResetPassword(string username, string answer)
{
if (!EnablePasswordReset)
{
throw new MembershipPasswordException(
NhibernateMembershipProviderExceptionUtil.FormatExceptionMessage(this,
NHibernateProviderSR.
Pwd_ResetNotEnabled));
}
if ((answer == null) && RequiresQuestionAndAnswer)
{
UpdateFailureCount(username, FailureType.PasswordAnswer);
throw new MembershipPasswordException(
NhibernateMembershipProviderExceptionUtil.FormatExceptionMessage(this,
NHibernateProviderSR.
Pwd_AnswerRequiredForReset));
}
string password = Membership.GeneratePassword(minRequiredPasswordLength,
MinRequiredNonAlphanumericCharacters);
var e = new ValidatePasswordEventArgs(username, password, true);
OnValidatingPassword(e);
if (e.Cancel)
{
if (e.FailureInformation != null)
{
throw e.FailureInformation;
}
throw new MembershipPasswordException(
NhibernateMembershipProviderExceptionUtil.FormatExceptionMessage(this,
NHibernateProviderSR.
Pwd_ResetCancelledDueToNewPassword));
}
SystemUserWrapper user = SystemUserWrapper.GetUserByLoginID(username);
if (user != null)
{
if (user.IsLockedOut)
{
throw new MembershipPasswordException(
NhibernateMembershipProviderExceptionUtil.FormatExceptionMessage(this,
NHibernateProviderSR.
User_IsLockedOut));
}
if (RequiresQuestionAndAnswer && !CheckPassword(answer, user.PasswordAnswer, user.PasswordSalt))
{
UpdateFailureCount(username, FailureType.PasswordAnswer);
throw new MembershipPasswordException(
NhibernateMembershipProviderExceptionUtil.FormatExceptionMessage(this,
NHibernateProviderSR.
Pwd_IncorrectAnswer));
}
try
{
user.UserPassword = EncodePassword(password, user.PasswordSalt);
user.LastPasswordChangeDate = DateTime.Now;
user.LastActivityDate = DateTime.Now;
SystemUserWrapper.SaveOrUpdate(user);
}
catch
{
throw new MembershipPasswordException(
NhibernateMembershipProviderExceptionUtil.FormatExceptionMessage(this,
NHibernateProviderSR.
Pwd_OpCancelledDueToAccountLocked));
}
}
return(password);
}
public override void Initialize(string name, NameValueCollection config)
{
if (config == null)
{
throw new ArgumentNullException("config");
}
if (string.IsNullOrEmpty(name))
{
name = "NHibernateMembershipProvider";
}
if (string.IsNullOrEmpty(config["description"]))
{
config.Remove("description");
config.Add("description", "NHibernate Membership Provider");
}
base.Initialize(name, config);
application =
SystemApplicationWrapper.CreateOrLoadApplication(
ConfigurationUtil.GetConfigValue(config["applicationName"],
HostingEnvironment.ApplicationVirtualPath));
requiresQuestionAndAnswer =
Convert.ToBoolean(ConfigurationUtil.GetConfigValue(config["requiresQuestionAndAnswer"], "False"));
requiresUniqueEmail =
Convert.ToBoolean(ConfigurationUtil.GetConfigValue(config["requiresUniqueEmail"], "True"));
enablePasswordRetrieval =
Convert.ToBoolean(ConfigurationUtil.GetConfigValue(config["enablePasswordRetrieval"], "True"));
enablePasswordReset =
Convert.ToBoolean(ConfigurationUtil.GetConfigValue(config["enablePasswordReset"], "True"));
maxInvalidPasswordAttempts =
Convert.ToInt32(ConfigurationUtil.GetConfigValue(config["maxInvalidPasswordAttempts"], "5"));
passwordAttemptWindow =
Convert.ToInt32(ConfigurationUtil.GetConfigValue(config["passwordAttemptWindow"], "10"));
minRequiredPasswordLength =
Convert.ToInt32(ConfigurationUtil.GetConfigValue(config["minRequiredPasswordLength"], "7"));
minRequiredNonAlphanumericCharacters =
Convert.ToInt32(ConfigurationUtil.GetConfigValue(config["minRequiredAlphaNumericCharacters"], "1"));
passwordStrengthRegularExpression =
Convert.ToString(ConfigurationUtil.GetConfigValue(config["passwordStrengthRegularExpression"],
string.Empty));
string configValue = ConfigurationUtil.GetConfigValue(config["passwordFormat"], "Hashed");
if (configValue != null)
{
if (!(configValue == "Hashed"))
{
if (configValue == "Encrypted")
{
passwordFormat = MembershipPasswordFormat.Encrypted;
goto Label_01FB;
}
if (configValue == "Clear")
{
passwordFormat = MembershipPasswordFormat.Clear;
goto Label_01FB;
}
}
else
{
passwordFormat = MembershipPasswordFormat.Hashed;
goto Label_01FB;
}
}
throw NhibernateMembershipProviderExceptionUtil.NewProviderException(this, "password format not supported");
Label_01FB:
Configuration configuration =
WebConfigurationManager.OpenWebConfiguration(HostingEnvironment.ApplicationVirtualPath);
machineKey = (MachineKeySection)configuration.GetSection("system.web/machineKey");
if ("Auto".Equals(machineKey.Decryption))
{
machineKey.DecryptionKey = CryptographyUtil.CreateKey(0x18);
machineKey.ValidationKey = CryptographyUtil.CreateKey(0x40);
}
}
