private bool ValidateExistingUser(ref string username, string password, UserDefinition user)
{
username = user.Username;
if (user.IsActive != 1)
{
if (Log.IsInfoEnabled)
{
Log.Error(String.Format("Inactive user login attempt: {0}", username), this.GetType());
}
return(false);
}
// prevent more than 50 invalid login attempts in 30 minutes
var throttler = new Throttler("ValidateUser:"******"site" || user.Source == "sign" || directoryService == null)
{
if (validatePassword())
{
throttler.Reset();
return(true);
}
return(false);
}
if (user.Source != "ldap")
{
throw new ArgumentOutOfRangeException("userSource");
}
if (!string.IsNullOrEmpty(user.PasswordHash) &&
user.LastDirectoryUpdate != null &&
user.LastDirectoryUpdate.Value.AddHours(1) >= DateTime.Now)
{
if (validatePassword())
{
throttler.Reset();
return(true);
}
return(false);
}
DirectoryEntry entry;
try
{
entry = directoryService.Validate(username, password);
if (entry == null)
{
return(false);
}
throttler.Reset();
}
catch (Exception ex)
{
Log.Error("Error on directory access", ex, this.GetType());
// couldn't access directory. allow user to login with cached password
if (!user.PasswordHash.IsTrimmedEmpty())
{
if (validatePassword())
{
throttler.Reset();
return(true);
}
return(false);
}
throw;
}
try
{
string salt = user.PasswordSalt.TrimToNull();
var hash = UserRepository.GenerateHash(password, ref salt);
var displayName = entry.FirstName + " " + entry.LastName;
var email = entry.Email.TrimToNull() ?? user.Email ?? (username + "@yourdefaultdomain.com");
using (var connection = SqlConnections.NewFor <UserRow>())
using (var uow = new UnitOfWork(connection))
{
var fld = UserRow.Fields;
new SqlUpdate(fld.TableName)
.Set(fld.DisplayName, displayName)
.Set(fld.PasswordHash, hash)
.Set(fld.PasswordSalt, salt)
.Set(fld.Email, email)
.Set(fld.LastDirectoryUpdate, DateTime.Now)
.WhereEqual(fld.UserId, user.UserId)
.Execute(connection, ExpectedRows.One);
uow.Commit();
UserRetrieveService.RemoveCachedUser(user.UserId, username);
}
return(true);
}
catch (Exception ex)
{
Log.Error("Error while updating directory user", ex, this.GetType());
return(true);
}
}
private bool ValidateFirstTimeUser(ref string username, string password)
{
var throttler = new Throttler("ValidateUser:"******"Error on directory first time authentication", ex, this.GetType());
return(false);
}
try
{
string salt = null;
var hash = UserRepository.GenerateHash(password, ref salt);
var displayName = entry.FirstName + " " + entry.LastName;
var email = entry.Email.TrimToNull() ?? (username + "@yourdefaultdomain.com");
username = entry.Username.TrimToNull() ?? username;
using (var connection = SqlConnections.NewFor <UserRow>())
using (var uow = new UnitOfWork(connection))
{
var userId = (int)connection.InsertAndGetID(new UserRow
{
Username = username,
Source = "ldap",
DisplayName = displayName,
Email = email,
PasswordHash = hash,
PasswordSalt = salt,
IsActive = 1,
InsertDate = DateTime.Now,
InsertUserId = 1,
LastDirectoryUpdate = DateTime.Now
});
uow.Commit();
UserRetrieveService.RemoveCachedUser(userId, username);
}
return(true);
}
catch (Exception ex)
{
Log.Error("Error while importing directory user", ex, this.GetType());
return(false);
}
}
