public void PasswordAnswerAttemptFailedTest() { User user = ClientMembershipService.GetUser("timm"); string passwordSalt = "1U3h6r/tQ+dGWhLm9Unyng=="; PasswordFormat passwordFormat = PasswordFormat.Hashed; int failedPasswordAttemptCount = 0; DateTime failedPasswordAttemptWindowStart = DateTime.MinValue; int failedPasswordAnswerAttemptCount = 0; DateTime failedPasswordAnswerAttemptWindowStart = DateTime.MinValue; ClientMembershipUser target = new ClientMembershipUser(user, passwordSalt, passwordFormat, failedPasswordAttemptCount, failedPasswordAttemptWindowStart, failedPasswordAnswerAttemptCount, failedPasswordAnswerAttemptWindowStart); target.PasswordAnswerAttemptSucceeded(); target.PasswordAnswerAttemptFailed(); Assert.AreNotEqual(DateTime.MinValue, target.FailedPasswordAnswerAttemptWindowStart); Assert.AreEqual(1, target.FailedPasswordAnswerAttemptCount); Assert.AreEqual(false, target.IsLockedOut); target.PasswordAnswerAttemptFailed(); target.PasswordAnswerAttemptFailed(); target.PasswordAnswerAttemptFailed(); target.PasswordAnswerAttemptFailed(); Assert.AreEqual(true, target.IsLockedOut); Assert.AreNotEqual(DateTime.MinValue, target.LastLockoutDate); }
private void ValidateUserWithPasswordAnswer(ClientMembershipUser user, string passwordAnswer, bool throwIfFails) { if (passwordAnswer != null) { passwordAnswer = passwordAnswer.Trim(); } SecurityHelper.CheckParameter(passwordAnswer, this.Application.RequiresQuestionAndAnswer, this.Application.RequiresQuestionAndAnswer, false, this.Application.MaxPasswordAnswerSize, "passwordAnswer"); string passwordAnswerFromPersistence = this.GetPasswordAnswerFromPersistence(user); try { if (!this.CheckPasswordAnswer(passwordAnswer, passwordAnswerFromPersistence, user.PasswordFormat, user.PasswordSalt)) { user.PasswordAnswerAttemptFailed(); if (throwIfFails) { throw new SecurityException ("The password answer supplied was not correct"); } } else { user.PasswordAnswerAttemptSucceeded(); } } finally { this.PersistUser(user); } }