/// <summary> /// Creates a user from the given parameters and settings in the web.config (under the membership section) /// </summary> /// <param name="username">Kerberos LoginID of the user who created the account (or string.empty)</param> /// <param name="password">Password -- complexity determined by web.config settings</param> /// <param name="email">Email entered by user</param> /// <param name="passwordQuestion"></param> /// <param name="passwordAnswer"></param> /// <param name="isApproved"></param> /// <param name="providerUserKey">Not used since username is always unique, we can look up with UserID when necessary</param> /// <param name="status"></param> /// <returns>A representation of the current user's membership information</returns> public override MembershipUser CreateUser(string username, string password, string email, string passwordQuestion, string passwordAnswer, bool isApproved, object providerUserKey, out MembershipCreateStatus status) { //if the username is SELFCREATED, set it to empty so that we know it was not created on a Kerberos user's behalf if (username == "SELFCREATED") { username = string.Empty; } //Make sure the password is non-null or empty (excluding white space) if (!SecUtility.ValidateParameter(ref password, true, true, false, 0)) { //If the password is invalid, return the correct status status = MembershipCreateStatus.InvalidPassword; return(null); } //Check that the password meets all requirements laid out in the web.config if (password.Length < MinRequiredPasswordLength) { status = MembershipCreateStatus.InvalidPassword; return(null); } int count = 0; for (int i = 0; i < password.Length; i++) { if (!char.IsLetterOrDigit(password, i)) { count++; } } if (count < MinRequiredNonAlphanumericCharacters) { status = MembershipCreateStatus.InvalidPassword; return(null); } if (PasswordStrengthRegularExpression.Length > 0) { if (!Regex.IsMatch(password, PasswordStrengthRegularExpression)) { status = MembershipCreateStatus.InvalidPassword; return(null); } } //Validate with email as the username ValidatePasswordEventArgs e = new ValidatePasswordEventArgs(email, password, true); OnValidatingPassword(e); if (e.Cancel) { status = MembershipCreateStatus.InvalidPassword; return(null); } //Generate a salt of length SALT_SIZE_IN_BYTES string salt = GenerateSalt(); //Encodes the password using the method defined in the web.config membership section (clear, hashed, or encrypted) //If method = hashed, then the algortihm defined by the HashAlgorithmType key is used string encodedPassword = EncodePassword(password, (int)_PasswordFormat, salt); //Make sure the password isn't too long (if it is, it will not fit in the database if (encodedPassword.Length > 128) { status = MembershipCreateStatus.InvalidPassword; return(null); } //Check the email, question, answer (only the last two if they are required in the web.config) //if (!SecUtility.ValidateParameter(ref username, true, true, true, 255)) //{ // status = MembershipCreateStatus.InvalidUserName; // return null; //} if (!SecUtility.ValidateParameter(ref email, RequiresUniqueEmail, RequiresUniqueEmail, false, 128)) { status = MembershipCreateStatus.InvalidEmail; return(null); } if (!SecUtility.ValidateParameter(ref passwordQuestion, RequiresQuestionAndAnswer, true, false, 255)) { status = MembershipCreateStatus.InvalidQuestion; return(null); } if (!SecUtility.ValidateParameter(ref passwordAnswer, RequiresQuestionAndAnswer, true, false, 128)) { status = MembershipCreateStatus.InvalidAnswer; return(null); } _dops.ResetDops(); _dops.Sproc = "usp_InsertAccount"; _dops.SetParameter("@LoginID", username, "IN"); //KerberosID of user that created this account (null if created by applicant) _dops.SetParameter("@Email", email, "IN"); _dops.SetParameter("@Password", encodedPassword, "IN"); _dops.SetParameter("@PasswordFormat", (int)PasswordFormat, "IN"); _dops.SetParameter("@PasswordSalt", salt, "IN"); _dops.SetParameter("@PasswordQuestion", passwordQuestion, "IN"); _dops.SetParameter("@PasswordAnswer", passwordAnswer, "IN"); _dops.SetParameter("@CreateStatus", string.Empty, "OUT"); _dops.SetParameter("RETURN_VALUE", string.Empty, "RETURN"); try { _dops.Execute_Sql(); } catch (SqlException) { status = MembershipCreateStatus.ProviderError; return(null); } //If the return value is not 0 (success), inspect the error and return it to the user if ((int)_dops.GetOutputVariable("RETURN_VALUE") != 0) { switch ((string)_dops.GetOutputVariable("@CreateStatus")) { case "InvalidLogin": status = MembershipCreateStatus.DuplicateUserName; break; case "InvalidEmail": status = MembershipCreateStatus.DuplicateEmail; break; default: status = MembershipCreateStatus.ProviderError; break; } return(null); } else { //No error, so go ahead and return success DateTime dt = DateTime.Now; status = MembershipCreateStatus.Success; return(new MembershipUser(this.Name, username, null, email, passwordQuestion, string.Empty, isApproved, false, dt, dt, dt, dt, DateTime.MinValue)); } }