protected virtual bool Login(string username, string password, ref string message)
 {
     //if the session is old reset it
     if (ExtranetSession.ExpiryDate().CompareTo(DateTime.Now) < 1)
     {
         ExtranetSession.Reset();
     }
     //increase the counter
     ExtranetSession.IncreaseCounter();
     //only try to login a limited amount of times
     if (ExtranetSession.Count() < ExtranetSecurity.LoginCount())
     {
         if (ExtranetSecurity.HasExtranetUserPrefix())
         {
             try
             {
                 Sitecore.Security.Domains.Domain domain = Sitecore.Context.Domain;
                 string extranetDomainUser = domain.Name + @"\" + ExtranetSecurity.ExtranetUserPrefix() + username;
                 string sitecoreDomainUser = @"sitecore\" + username;
                 if (Sitecore.Security.Authentication.AuthenticationManager.Login(extranetDomainUser, password, false) ||
                     Sitecore.Security.Authentication.AuthenticationManager.Login(sitecoreDomainUser, password, false))
                 {
                     //if you pass the login attempt but you're not logged in, that means there's no security attached to your user.
                     if (ExtranetSecurity.IsLoggedIn())
                     {
                         ExtranetSession.Reset();
                         return(true);
                     }
                     else
                     {
                         //users with no roles never activated their accounts
                         message = FormTextUtility.Provider.GetTextByKey("/Login/UserRegisteredNotActivated");
                     }
                 }
                 else
                 {
                     //throw new System.Security.Authentication.AuthenticationException("Invalid username or password.");
                     message = FormTextUtility.Provider.GetTextByKey("/Login/InvalidUsernameOrPassword");
                 }
             }
             catch (System.Security.Authentication.AuthenticationException)
             {
                 //generic error
                 message = FormTextUtility.Provider.GetTextByKey("/Login/AuthenticationError");
             }
         }
         else
         {
             //actually an error because the extranet user prefix wasn't setup properly
             message = ": " + FormTextUtility.Provider.GetTextByKey("/Login/AuthenticationError");
         }
     }
     else
     {
         //too many attempts to login.
         message = FormTextUtility.Provider.GetTextByKey("/Login/TooManyAttempts");
     }
     return(false);
 }
        protected virtual bool ResetPassAndSendUserAnEmail(string username, ref string message)
        {
            try {
                if (ExtranetSecurity.HasExtranetUserPrefix())
                {
                    string domainUser = Sitecore.Context.Domain.GetFullName(ExtranetSecurity.ExtranetUserPrefix() + username);
                    User   u          = (User)User.FromName(domainUser, AccountType.User);
                    if (!Sitecore.Security.Accounts.User.Exists(domainUser))
                    {
                        //throw new System.Security.Authentication.AuthenticationException(domainUser + " does not exist.");
                        message = username + FormTextUtility.Provider.GetTextByKey("/ForgotPassword/UserDoesntExist");
                    }
                    else if (u != null)
                    {
                        System.Web.Security.MembershipUser user = System.Web.Security.Membership.GetUser(domainUser);
                        string newPass = user.ResetPassword();

                        MailMessage m = new MailMessage();
                        m.From = new MailAddress(ExtranetSecurity.FromEmailAddress());
                        m.To.Add(new MailAddress(u.Profile.Email));
                        m.Subject = string.Format("{0} {1}",
                                                  FormTextUtility.Provider.GetTextByKey("/ForgotPassword/EmailResetPasswordSubject"),
                                                  HttpContext.Current.Request.Url.Host);
                        m.Body = string.Format("{0} {1},\r\n{2}: {3}",
                                               FormTextUtility.Provider.GetTextByKey("/ForgotPassword/EmailHello"),
                                               u.Profile.FullName,
                                               FormTextUtility.Provider.GetTextByKey("/ForgotPassword/EmailYourNewPasswordIs"),
                                               newPass);
                        Sitecore.MainUtil.SendMail(m);
                        message = FormTextUtility.Provider.GetTextByKey("/ForgotPassword/NewPasswordWasSent");

                        return(true);
                    }
                    else
                    {
                        message = username + FormTextUtility.Provider.GetTextByKey("/ForgotPassword/UserDoesntExist");
                    }
                }
                else
                {
                    message = "." + FormTextUtility.Provider.GetTextByKey("/ForgotPassword/ConfigurationError");
                }
            } catch (System.Security.Authentication.AuthenticationException) {
                message = FormTextUtility.Provider.GetTextByKey("/ForgotPassword/AuthenticationError");
            } catch (System.Configuration.ConfigurationException) {
                message = FormTextUtility.Provider.GetTextByKey("/ForgotPassword/ConfigurationError");
            }
            return(false);
        }
        protected virtual bool SetupAccountAndSendEmail(string username, string email, string confirmEmail, string password, string confirmPassword, string fullName, string comment, ref string message)
        {
            bool returnVal = false;

            //if the system isn't storing user prefix then fail
            if (ExtranetSecurity.HasExtranetUserPrefix())
            {
                //check if passwords match
                if (password.Equals(confirmPassword))
                {
                    //check it emails match
                    if (email.Equals(confirmEmail, StringComparison.OrdinalIgnoreCase))
                    {
                        //see if user exists
                        string domainUser = Sitecore.Context.Domain.GetFullName(ExtranetSecurity.ExtranetUserPrefix() + username);
                        if (System.Web.Security.Membership.GetUser(domainUser) == null && !Sitecore.Security.Accounts.User.Exists(domainUser))
                        {
                            try {
                                //create user
                                User           u  = Sitecore.Security.Accounts.User.Create(domainUser, password);
                                MembershipUser mu = Membership.GetUser(domainUser);
                                if (u == null)
                                {
                                    message = FormTextUtility.Provider.GetTextByKey("/Register/UserWasntCreatedProperly");
                                }
                                else
                                {
                                    u.Profile.Email    = email;
                                    u.Profile.FullName = fullName;
                                    u.Profile.Comment  = comment;
                                    u.Profile.Save();

                                    HttpRequest   req  = HttpContext.Current.Request;
                                    StringBuilder body = new StringBuilder();
                                    body.AppendLine(FormTextUtility.Provider.GetTextByKey("/Register/EmailHello") + " " + fullName + ",\r\n" + FormTextUtility.Provider.GetTextByKey("/Register/EmailThanksForRegistering") + " " + req.Url.Host + "\r\n" + FormTextUtility.Provider.GetTextByKey("/Register/EmailYourNewPasswordIs") + ": " + password);
                                    NameValueCollection qString = new NameValueCollection();
                                    qString.Set("code", ((Guid)mu.ProviderUserKey).ToString());
                                    //if there's a querystring value and it's in the raw path then remove it.
                                    string path = (string.IsNullOrEmpty(req.Url.Query) == false && req.RawUrl.Contains(req.Url.Query)) ? req.RawUrl.Replace(req.Url.Query, "") : req.RawUrl;
                                    body.AppendLine().AppendLine(FormTextUtility.Provider.GetTextByKey("/Register/EmailMessage") + ": http://" + req.Url.Host + path + req.QueryString.ToQueryString(qString) + ".");

                                    MailMessage m = new MailMessage();
                                    m.From = new MailAddress(ExtranetSecurity.FromEmailAddress());
                                    m.To.Add(new MailAddress(email));
                                    m.Subject = FormTextUtility.Provider.GetTextByKey("/Register/EmailNewUserSubject");
                                    m.Body    = body.ToString();
                                    Sitecore.MainUtil.SendMail(m);

                                    returnVal = true;
                                }
                            } catch (System.Web.Security.MembershipCreateUserException ex) {
                                message = ex.ToString() + "<br/>" + FormTextUtility.Provider.GetTextByKey("/Register/ErrorCreatingUser");
                            }
                        }
                        else
                        {
                            message = username + " " + FormTextUtility.Provider.GetTextByKey("/Register/UserAlreadyRegisteredOnThisSite");
                        }
                    }
                    else
                    {
                        message = FormTextUtility.Provider.GetTextByKey("/Register/EmailsDontMatch");
                    }
                }
                else
                {
                    message = FormTextUtility.Provider.GetTextByKey("/Register/PasswordsDontMatch");
                }
            }
            else
            {
                //it's really because the extranet user prefix wasn't setup
                message = ": " + FormTextUtility.Provider.GetTextByKey("/Register/UnknownError");
            }

            return(returnVal);
        }