internal static bool ValidatePassword(User user, string password)
{
if (user == null || string.IsNullOrWhiteSpace(password))
return false;
byte[] checkHash = GenerateSaltedHash(password, user.Salt);
return checkHash.SequenceEqual(user.Password);
}
public override MembershipUser CreateUser(string username, string password, string email, string passwordQuestion, string passwordAnswer, bool isApproved, object providerUserKey, out MembershipCreateStatus status)
{
ValidatePasswordEventArgs args = new ValidatePasswordEventArgs(username, password, true);
OnValidatingPassword(args);
if (args.Cancel)
{
status = MembershipCreateStatus.InvalidPassword;
return null;
}
if (RequiresUniqueEmail && !string.IsNullOrEmpty(GetUserNameByEmail(email)))
{
status = MembershipCreateStatus.DuplicateEmail;
return null;
}
MembershipUser membershipUser = GetUser(username, true);
if (membershipUser != null)
{
status = MembershipCreateStatus.DuplicateUserName;
return null;
}
using (TransactionScope scope = new TransactionScope())
{
byte[] passwordSalt = PasswordHelper.CreateSalt(32);
byte[] passwordHash = PasswordHelper.GenerateSaltedHash(System.Text.Encoding.UTF8.GetBytes(password), passwordSalt);
byte[] answerHash = PasswordHelper.GenerateSaltedHash(System.Text.Encoding.UTF8.GetBytes(passwordAnswer ?? ""),passwordSalt);
User user = new User
{
Username = username,
Salt = passwordSalt,
Password = passwordHash,
Email = email,
PasswordQuestion = passwordQuestion,
PasswordAnswer = answerHash,
IsApproved = isApproved,
ProviderUserKey = providerUserKey,
Comment = string.Empty,
CreationDate = DateTime.Now,
IsLockedOut = false,
LastActivityDate = DateTime.Now,
LastLockoutDate = DateTime.MinValue,
LastLoginDate = DateTime.MinValue,
LastPasswordChangedDate = DateTime.MinValue,
ProviderName = ProviderName
};
using (IDocumentSession session = _store.OpenSession())
{
session.Store(user);
session.SaveChanges();
}
status = MembershipCreateStatus.Success;
scope.Complete();
return user.ToMembershipUser();
}
}
