public static void ValidateUser(string login, string pass)
{
umbraco.BusinessLogic.User u = null;
if (umbraco.UmbracoSettings.DefaultBackofficeProvider == "UsersMembershipProvider")
{
u = new User(login);
if(u!= null && pass != u.GetPassword())
throw new Umbraco.Courier.Core.Exceptions.UnauthorizedClientException("User: "******" could not be authenticated");
}
else
{
if (Membership.Providers[umbraco.UmbracoSettings.DefaultBackofficeProvider].ValidateUser(login, pass))
u = new User(login);
else
throw new Umbraco.Courier.Core.Exceptions.UnauthorizedClientException("User: "******" could not be authenticated");
}
if(u == null)
throw new Umbraco.Courier.Core.Exceptions.UnauthorizedClientException("User: "******" does not exists");
if (u.Disabled)
throw new Umbraco.Courier.Core.Exceptions.UnauthorizedClientException("User: "******" is not enabled");
// CLN: Can not compare passwords from membership providers -- Check is done
//if (u.GetPassword() != pass)
// throw new Umbraco.Courier.Core.Exceptions.UnauthorizedClientException("User: "******" and password: xxx does not match");
if (!Umbraco.Courier.Core.Configuration.Security.AllowAllUsers && Umbraco.Courier.Core.Configuration.Security.DeniedUsers.Contains(u.LoginName))
throw new Umbraco.Courier.Core.Exceptions.UnauthorizedClientException("User: "******" does not have access to courier");
if (u.Applications.Where(x => x.alias.ToLower() == "courier").Count() == 0)
throw new Umbraco.Courier.Core.Exceptions.UnauthorizedClientException("User: "******" does not have access to courier.");
}
//�Private�Methods�(2)
private void getloginAndPass(int userId, ref string login, ref string pass)
{
//if we have a userID, we will use that...
if (UserId >= 0)
{
var u = new User(UserId);
//encrypt login and password
login = Encryption.Encrypt(u.LoginName);
pass = Encryption.Encrypt(u.GetPassword());
}
else
{
//we will fetch them from the set values
login = Encryption.Encrypt(Login);
pass = Encryption.Encrypt(encodePassWord(Password) );
}
}