Example #1
0
 public UserCredentialSaveReply CredentialUpdate(UserCredentialSaveRequest request)
 {
     throw new NotImplementedException("This method is intended to specific VAR/OEM applications and is not currently implemented for the open source version");
 }
Example #2
0
        /// <summary>
        /// Change user's credentials.  Use non-null/non-empty value to indicate credential property to change
        /// </summary>
        /// <param name="request">New credentials to update</param>
        /// <returns>ActionStatus.OK and re/activation key</returns>
        public UserCredentialSaveReply UserCredentialSave(UserCredentialSaveRequest request)
        {
            UserCredentialSaveReply response = new UserCredentialSaveReply();

            try
            {
                //-------------------------------------------------------
                // verify original username and password exists
                //-------------------------------------------------------
                bool verifyUserResult = _membership.ValidateUser(request.OriginalIdentityName, request.OriginalPassword);
                if (verifyUserResult == false)
                {
                    response.Status = ActionStatus.Forbidden;
                    response.Messages.Add(ActionStatus.Forbidden, "Could not verify credentials for: '{0}'.  Account must be active and in good standing to change it's credentials", request.OriginalIdentityName);
                    return(response);
                }
                response.Messages.Add("User '{0}' validated", request.OriginalIdentityName);

                //-------------------------------------------------------
                // change password
                //-------------------------------------------------------
                if (string.IsNullOrEmpty(request.NewPassword) == false)
                {
                    bool changePasswordResult = _membership.ChangePassword(request.OriginalIdentityName, request.OriginalPassword, request.NewPassword);
                    if (changePasswordResult == false)
                    {
                        response.Status = ActionStatus.Forbidden;
                        response.Messages.Add(ActionStatus.Forbidden, "Could not change password for: '{0}'.  Account must be active and in good standing to change it's credentials", request.OriginalIdentityName);
                        return(response);
                    }
                    response.Messages.Add("Password updated");
                }

                //-------------------------------------------------------
                //  change password question & answer
                //-------------------------------------------------------
                bool changeQAResult = _membership.ChangePasswordQuestionAndAnswer(request.OriginalIdentityName, request.OriginalPassword, request.ChallengeQuestion, request.ChallengeAnswer);
                if (string.IsNullOrEmpty(request.ChallengeQuestion) == false && string.IsNullOrEmpty(request.ChallengeAnswer) == false)
                {
                    if (changeQAResult == false)
                    {
                        response.Status = ActionStatus.Forbidden;
                        response.Messages.Add(ActionStatus.Forbidden, "Could not change challenge question/answer for: '{0}'.  Account must be active and in good standing to change it's credentials", request.OriginalIdentityName);
                        return(response);
                    }
                    response.Messages.Add("Challenge question updated");
                }
                //-------------------------------------------------------
                // verify username doesn't already exist
                //-------------------------------------------------------
                string activationKey = Guid.NewGuid().ToString();
                if (string.IsNullOrEmpty(request.NewIdentityName) == false)
                {
                    var tmpUser = _membership.GetUser(request.NewIdentityName, false);
                    if (tmpUser != null)
                    {
                        response.Status = ActionStatus.Conflict;
                        response.Messages.Add(ActionStatus.Conflict, "Requested identity '{0}' already exists.", request.OriginalIdentityName);
                        return(response);
                    }

                    //-------------------------------------------------------
                    //  now update username.  NOTE: make ADO calls since
                    //  SQL membership provider does not have capability to
                    //  change username
                    //-------------------------------------------------------
                    string sql = "UPDATE aspnet_Users SET username = @user1, loweredUserName = @user2 WHERE userId = @userId;UPDATE aspnet_Membership SET email=@user1, loweredEMail=@user2,IsApproved=0,Comment=@comment where USERID = @userId";
                    using (SqlConnection cn = new SqlConnection(_membership.dbConnectionString))
                    {
                        using (SqlCommand cmd = cn.CreateCommand())
                        {
                            cmd.CommandText = sql;
                            cmd.CommandType = CommandType.Text;
                            cmd.Parameters.AddWithValue("user1", request.NewIdentityName);
                            cmd.Parameters.AddWithValue("user2", request.NewIdentityName.ToLower());
                            cmd.Parameters.AddWithValue("comment", activationKey);
                            throw new NotImplementedException("Need to set @userid");
                            cn.Open();
                            cmd.ExecuteNonQuery();
                            cn.Close();
                        }
                    }
                    response.Messages.Add("LoginName updated");
                }

                //-------------------------------------------------------
                //  all changes where successful so "deactivate" account so
                //  it can be "reactivated".  Credential changes always
                //  force a "reactivation".
                //-------------------------------------------------------
                var user = _membership.GetUser(request.OriginalIdentityName, true);
                user.Comment    = Guid.NewGuid().ToString();
                user.IsApproved = false;
                _membership.UpdateUser(user);

                response.Messages.Add("Account has been de-verified due to succssful credential change and must be reverified");
                response.ActivationKey = activationKey;
                response.Status        = ActionStatus.OK;
                return(response);
            }
            catch (Exception ex)
            {
                response.Status = ActionStatus.InternalError;
                response.Messages.Add(ex);
                return(response);
            }
        }