public override bool ValidateUser(string username, string password) { using (_log.NewTrace()) { //WcfClientUtils.VerifyParameter("username",username); //validate user should not throw an error,simply return false //WcfClientUtils.VerifyParameter("password", password); try { UserVerifyRequest request = new UserVerifyRequest(); request.ServiceSessionToken = WcfClientUtils.SessionToken;; request.ChallengePrompt = username; request.ChallengeAnswer = password; UserVerifyReply response = _membershipService.CredentialVerify(request); if (response.Context.IsAuthenticated == true) { _userSecurityToken = response.Context.IdentityToken; return(true); } _log.Warning("User '{0}' is not validated with status '{1}'. {2}", username, response.Status, response.Messages.ToString()); _userSecurityToken = null; return(false); } catch (Exception ex) { throw WcfUtils.Extract(ex); } } }
public UserVerifyReply CredentialVerify(UserVerifyRequest request) { UserVerifyReply response = new UserVerifyReply(request); try { // if (verifySessionToken(request.ServiceSessionToken, response) == false) return response; response.IsAuthenticated = _membership.ValidateUser(request.ChallengePrompt, request.ChallengeAnswer); if (response.IsAuthenticated == false) { response.Status = ActionStatus.Error; response.Messages.Add(ActionStatus.Forbidden, string.Format("Unable to validate credentials for '{0}'", request.ChallengePrompt)); response.Context.IdentityToken = null; response.RequestorData = request.RequestorData; response.ServiceSessionToken = request.ServiceSessionToken; response.Context.Name = null; return(response); } } catch (Exception ex) { throw ex.NewFault(); } //catch (Exception ex) //{ // response.Status = ActionStatus.Error; // response.Messages.Add(MessageSeverity.Error, 0, Utils.Expand(ex)); // return response; //} //response.Context.Roles.AddRange(asp.Roles.GetRolesForUser(request.ChallengePrompt)); response.ServiceSessionToken = request.ServiceSessionToken; //register new session response.Status = ActionStatus.OK; response.RequestorData = request.RequestorData; return(response); }