public override bool ChangePassword(string username, string oldPassword, string newPassword) { if ((string.IsNullOrEmpty(username)) || (username.Length > 256)) { throw new ArgumentNullException("username"); } if ((string.IsNullOrEmpty(oldPassword)) || (oldPassword.Length > 256)) { throw new ArgumentNullException("oldPassword"); } if ((string.IsNullOrEmpty(newPassword)) || (newPassword.Length > 256)) { throw new ArgumentNullException("newPassword"); } if (newPassword.Length < MinRequiredPasswordLength) { throw new ArgumentException(SoftFluent.Samples.GED.Resources.Manager.GetStringWithDefault("PasswordTooShort", "Password is too short. Minimum length is {0}", new object[] { MinRequiredPasswordLength })); } int min = 0; for (int i = 0; i < newPassword.Length; i++) { if (!char.IsLetterOrDigit(newPassword, i)) { min++; } } if (min < MinRequiredNonAlphanumericCharacters) { throw new ArgumentException(SoftFluent.Samples.GED.Resources.Manager.GetStringWithDefault("PasswordTooAlpha", "Password needs more non alpha numeric characters. Minimum is {0}", new object[] { MinRequiredNonAlphanumericCharacters })); } if ((PasswordStrengthRegularExpression.Length > 0) && !Regex.IsMatch(newPassword, PasswordStrengthRegularExpression)) { throw new ArgumentException(SoftFluent.Samples.GED.Resources.Manager.GetStringWithDefault("PasswordInvalid", "Password does not match regular expression")); } global::SoftFluent.Samples.GED.Security.User user = global::SoftFluent.Samples.GED.Security.User.LoadByUserName(username); if (user == null) { return(false); } if (!CheckPassword(user, oldPassword)) { SetAttempt(user, false); user.Save(); return(false); } string encodedPassword = EncodePassword(newPassword, user.PasswordSalt); if (encodedPassword.Length > 256) { SetAttempt(user, false); user.Save(); throw new ArgumentException(SoftFluent.Samples.GED.Resources.Manager.GetStringWithDefault("PasswordTooLong", "Password is too long")); } ValidatePasswordEventArgs e = new ValidatePasswordEventArgs(username, encodedPassword, false); OnValidatingPassword(e); if (e.Cancel) { if (e.FailureInformation != null) { throw e.FailureInformation; } throw new ArgumentException(SoftFluent.Samples.GED.Resources.Manager.GetStringWithDefault("PasswordInvalidCustom", "Password is invalid")); } user.Password = encodedPassword; user.Save(); return(true); }
public MembershipUser CreateUserBetter(string username, string email, string gender, string password, DateTime dob, string bio, long locationId, out MembershipCreateStatus status) { var args = new ValidatePasswordEventArgs(email, password, true); OnValidatingPassword(args); if (args.Cancel) { status = MembershipCreateStatus.InvalidPassword; return(null); } if (string.IsNullOrEmpty(email)) { status = MembershipCreateStatus.InvalidEmail; return(null); } if (password.Length < MinRequiredPasswordLength) { status = MembershipCreateStatus.InvalidPassword; return(null); } if (RequiresUniqueEmail && EmailExists(email)) { status = MembershipCreateStatus.DuplicateEmail; return(null); } if (RequiresUniqueUsername && UserNameExists(username)) { status = MembershipCreateStatus.DuplicateUserName; return(null); } var u = GetUser(email, false); try { if (u == null) { var salt = CreateSalt(); //CREATE NEW USER var user = new User { Username = username, Bio = bio, Gender = gender, Email = email, Salt = salt, Password = CreatePasswordHash(password, salt), CreatedDate = DateTime.UtcNow, DateOfBirth = dob }; user.LocationId = locationId; //CREATE USER VIA UNITOFWORK Adapter.UserRepository.Insert(user); Adapter.Save(); status = MembershipCreateStatus.Success; return(GetUser(email, false)); } } catch (Exception ex) { status = MembershipCreateStatus.ProviderError; return(null); } status = MembershipCreateStatus.DuplicateUserName; return(null); }
//public override string CreateUserAndAccount(string userName, string password) //{ // return base.CreateUserAndAccount(userName, password); //} //public override string CreateUserAndAccount(string userName, string password, bool requireConfirmation) //{ // return base.CreateUserAndAccount(userName, password, requireConfirmation); //} public override string CreateUserAndAccount(string username, string password, bool requireConfirmation, IDictionary <string, object> values) { username = username.ToLower(); var email = values.FirstOrDefault(x => x.Key == "EmailId"); var firstName = values.FirstOrDefault(x => x.Key == "FirstName"); var lastName = values.FirstOrDefault(x => x.Key == "LastName"); var userStatusId = values.FirstOrDefault(x => x.Key == "UserStatusId"); MembershipCreateStatus status; var args = new ValidatePasswordEventArgs(username, password, true); OnValidatingPassword(args); if (args.Cancel) { status = MembershipCreateStatus.InvalidPassword; return(null); } if (RequiresUniqueEmail && GetUserNameByEmail(email.Value as string) != string.Empty) { status = MembershipCreateStatus.DuplicateEmail; return(null); } var existingUser = GetUser(username, true); if (existingUser == null) { var profile = new ExtendedUserProfileContract() { UserProfile = new UserProfileImplementor() { EmailId = email.Value as string, FirstName = firstName.Value as string, LastName = lastName.Value as string, //UserId = providerUserKey UserName = args.UserName, UserStatusId = Convert.ToByte(userStatusId.Value) } , WebPagesMembership = new WebPagesMembershipImplementor() { //ConfirmationToken = CreateDate = DateTime.UtcNow, IsConfirmed = !requireConfirmation || (Convert.ToByte(userStatusId.Value) != Convert.ToByte(UserStatusOptions.New)), //LastPasswordFailureDate = Password = Crypto.HashPassword(args.Password), PasswordChangedBy = Requestor.UserId, PasswordChangedDate = DateTime.UtcNow, PasswordSalt = String.Empty, //PasswordFailuresSinceLastSuccess //PasswordVerificationToken = // PasswordVerificationTokenExpirationDate = //UserId = = providerUserKey } }; Db.InsertUserProfile(new ExtendedUserProfileContract[] { profile }); status = MembershipCreateStatus.Success; return(username); } status = MembershipCreateStatus.DuplicateUserName; return(null); }
protected override void OnValidatingPassword(ValidatePasswordEventArgs e) { base.OnValidatingPassword(e); }
public override MembershipUser CreateUser(string username, string password, string email, string passwordQuestion, string passwordAnswer, bool isApproved, object providerUserKey, out MembershipCreateStatus status) { if (string.IsNullOrEmpty(username)) { status = MembershipCreateStatus.InvalidUserName; return(null); } if (string.IsNullOrEmpty(password)) { status = MembershipCreateStatus.InvalidPassword; return(null); } N2.Security.Items.User u = Bridge.GetUser(username); if (u != null) { if (u.IsLogin) { status = MembershipCreateStatus.DuplicateUserName; return(null); } else { // The user object may be a profile which isn't yet a user u.IsLogin = true; } } //access the property, not the field, in case overriden by a subclass if (RequiresUniqueEmail) { if (!string.IsNullOrEmpty(GetUserNameByEmail(email))) { status = MembershipCreateStatus.DuplicateEmail; return(null); } } var args = new ValidatePasswordEventArgs(username, password, true); OnValidatingPassword(args); if (args.Cancel) { throw new MembershipCreateUserException("Create user cancelled", args.FailureInformation); } status = MembershipCreateStatus.Success; if (u == null) { u = Bridge.CreateUser(username, ToStoredPassword(password), email, passwordQuestion, passwordAnswer, isApproved, providerUserKey); } else { u.Password = ToStoredPassword(password); u.Email = email; u.PasswordQuestion = passwordQuestion; u.PasswordAnswer = passwordAnswer; u.IsApproved = isApproved; } Cache.Expire(); MembershipUser m = u.GetMembershipUser(this.Name); return(m); }
public override MembershipUser CreateUser(string username, string password, string email, string passwordQuestion, string passwordAnswer, bool isApproved, object providerUserKey, out MembershipCreateStatus status) { // Ignored by our database schema: // - passwordQuestion (not in database) // - passwordAnswer (not in database) // - isApproved (not in database) // - providerUserKey (this is the 'id' field in database, but that // should be auto-increment, so Access DBMS takes care of this!) ValidatePasswordEventArgs args = new ValidatePasswordEventArgs(username, password, true); OnValidatingPassword(args); if (args.Cancel || (password.Length < minRequiredPasswordLength)) { status = MembershipCreateStatus.InvalidPassword; return(null); } if (RequiresUniqueEmail && GetUserNameByEmail(email) != "") { status = MembershipCreateStatus.DuplicateEmail; return(null); } MembershipUser u = GetUser(username, false); if (u == null) // Insert new into DB only if 'u'ser does not already exist... { OleDbConnection conn = new OleDbConnection(connectionString); OleDbCommand cmd = new OleDbCommand("INSERT INTO users (username, [password], emailaddress) Values(?, ?, ?)", conn); string pass = HashPassword(password); cmd.Parameters.Add("@username", OleDbType.VarChar, 128).Value = username; cmd.Parameters.Add("@password", OleDbType.VarChar, 128).Value = pass; cmd.Parameters.Add("@emailaddress", OleDbType.VarChar, 128).Value = email; try { conn.Open(); int recAdded = cmd.ExecuteNonQuery(); if (recAdded > 0) { status = MembershipCreateStatus.Success; } else { status = MembershipCreateStatus.UserRejected; } } catch (Exception ex) { string bok = ex.Message; status = MembershipCreateStatus.ProviderError; } finally { conn.Close(); } return(GetUser(username, false)); } else { status = MembershipCreateStatus.DuplicateUserName; } return(null); }
private void CreateUserCancel_ValidatingPassword(object sender, ValidatePasswordEventArgs e) { e.Cancel = true; }
public OnlineStoreMembershipUser CreateUser(string username, string password, string email, string passwordQuestion, string passwordAnswer, bool isApproved, object providerUserKey, string contact, string phoneNumber, AddressDto contactAddress, AddressDto deliveryAddress, out MembershipCreateStatus status) { var args = new ValidatePasswordEventArgs(username, password, true); OnValidatingPassword(args); if (args.Cancel) { status = MembershipCreateStatus.InvalidPassword; return(null); } if (RequiresUniqueEmail && !string.IsNullOrEmpty(GetUserNameByEmail(email))) { status = MembershipCreateStatus.DuplicateEmail; return(null); } var user = GetUser(username, true) as OnlineStoreMembershipUser; if (user == null) { using (var proxy = new UserServiceClient()) { List <UserDto> userDtos = new List <UserDto> { new UserDto { UserName = username, Password = password, Contact = contact, LastLogonDate = null, RegisteredDate = DateTime.Now, Email = email, IsDisabled = false, PhoneNumber = phoneNumber, ContactAddress = contactAddress, DeliveryAddress = deliveryAddress } }; proxy.CreateUsers(userDtos.ToArray()); } status = MembershipCreateStatus.Success; return(GetUser(username, true) as OnlineStoreMembershipUser); } else { status = MembershipCreateStatus.DuplicateUserName; return(null); } }
public override MembershipUser CreateUser(string username, string password, string email, string passwordQuestion, string passwordAnswer, bool isApproved, object providerUserKey, out MembershipCreateStatus status) { if (string.IsNullOrEmpty(username) || string.IsNullOrEmpty(password)) { throw new ArgumentException("Null username or password supplied to CreateUser"); } ValidatePasswordEventArgs args = new ValidatePasswordEventArgs(username, password, true); OnValidatingPassword(args); if (args.Cancel) { status = MembershipCreateStatus.InvalidPassword; return(null); } if (!Validation.IsValidEmail(email)) { status = MembershipCreateStatus.InvalidEmail; return(null); } try { IUserRepository repo = Repository.Instance.Registered(typeof(User)) as IUserRepository; IUser existingUser; if (RequiresUniqueEmail) { existingUser = repo.GetAnyUser(username, email); //ctx.IUserSet.Cast<IUser>().FirstOrDefault(u => u.UserName == username || u.Email == email); } else { existingUser = repo.GetUser(username); //ctx.IUserSet.Cast<IUser>().FirstOrDefault(u => u.UserName == username); } if (existingUser != null) { if (existingUser.UserName == username) { status = MembershipCreateStatus.DuplicateUserName; } else { status = MembershipCreateStatus.DuplicateEmail; } return(null); } User user = (User)Activator.CreateInstance(typeof(User)); user.UserName = username; user.Password = EncryptPassword(password); user.Email = email; user.Created = DateTime.UtcNow; user.Modified = DateTime.UtcNow; user.Id = Guid.NewGuid(); repo.Set(new List <object> { user }, new Dictionary <string, object>()); providerUserKey = user.Id; status = MembershipCreateStatus.Success; return(new LightweightMembershipUser(user)); } catch (Exception ex) { throw new ProviderException("Failed to create user", ex); } }
public override string ResetPassword(string username, string answer) { User user = getProviderUser(username, true); if (!EnablePasswordReset) { throw new Exception("Password reset is not enabled."); } if (RequiresQuestionAndAnswer && (answer.IsNull() || answer.Length == 0)) { updateFailureCount(user, FailureType.PasswordAnswer); throw new Exception("Password answer required."); } string newPassword = Membership.GeneratePassword(MinRequiredPasswordLength, MinRequiredNonAlphanumericCharacters); ValidatePasswordEventArgs args = new ValidatePasswordEventArgs(username, newPassword, true); OnValidatingPassword(args); if (args.Cancel) { if (args.FailureInformation != null) { throw args.FailureInformation; } else { throw new Exception("Reset password canceled."); } } bool isLockedOut = false; string salt = String.Empty; string dbAnswer = getPasswordAnswer(username, out isLockedOut, out salt); if (isLockedOut) { throw new Exception(String.Format("Wrong password. Max invalid password attempts {0} has been reached.", MaxInvalidPasswordAttempts)); } if (RequiresQuestionAndAnswer && !validatePassword(answer, dbAnswer, salt)) { updateFailureCount(user, FailureType.PasswordAnswer); throw new Exception("Incorrect password answer."); } user.Password = ASCIIEncoding.ASCII.GetBytes(encodePassword(newPassword, salt)); user.PasswordSalt = ASCIIEncoding.ASCII.GetBytes(salt); user.PasswordAnswer = encodePassword(dbAnswer, salt); user.LastPasswordChangedDate = DateTime.Now; user.ResetPasswordOnFirstLogin = false; user.FailedPasswordAttemptCount = 0; user.FailedPasswordAttemptWindowStart = DateTime.Now; user.FailedPasswordAnswerAttemptCount = 0; user.FailedPasswordAnswerAttemptWindowStart = DateTime.Now; try { UsersCollection.Save(user, SafeMode.True); } catch { throw new Exception(String.Format("Password {0} not reset.", username)); } return(newPassword); }
public override MembershipUser CreateUser(string username, string password, string email, string passwordQuestion, string passwordAnswer, bool isApproved, object providerUserKey, out MembershipCreateStatus status) { if (!SecUtility.ValidateParameter(ref password, true, true, false, 0x80)) { status = MembershipCreateStatus.InvalidPassword; return(null); } if (!SecUtility.ValidateParameter(ref username, true, true, true, 0x100)) { status = MembershipCreateStatus.InvalidUserName; return(null); } if (!SecUtility.ValidateParameter(ref email, this.RequiresUniqueEmail, this.RequiresUniqueEmail, false, 0x100)) { status = MembershipCreateStatus.InvalidEmail; return(null); } if (GetUser(username, false) != null) { status = MembershipCreateStatus.DuplicateUserName; return(null); } if (GetUserNameByEmail(email) != null) { status = MembershipCreateStatus.DuplicateUserName; return(null); } if (password.Length < this.MinRequiredPasswordLength) { status = MembershipCreateStatus.InvalidPassword; return(null); } int num = 0; for (int i = 0; i < password.Length; i++) { if (!char.IsLetterOrDigit(password, i)) { num++; } } if (num < this.MinRequiredNonAlphanumericCharacters) { status = MembershipCreateStatus.InvalidPassword; return(null); } if ((this.PasswordStrengthRegularExpression.Length > 0) && !Regex.IsMatch(password, this.PasswordStrengthRegularExpression)) { status = MembershipCreateStatus.InvalidPassword; return(null); } ValidatePasswordEventArgs e = new ValidatePasswordEventArgs(username, password, true); this.OnValidatingPassword(e); if (e.Cancel) { status = MembershipCreateStatus.InvalidPassword; return(null); } return(CheckedCreateUser(username, password, email, passwordQuestion, passwordAnswer, isApproved, providerUserKey, out status)); }
public bool ChangePassword(string username, string newPwd) { ValidatePasswordEventArgs args = new ValidatePasswordEventArgs(username, newPwd, true); OnValidatingPassword(args); if (args.Cancel) if (args.FailureInformation != null) throw args.FailureInformation; else throw new MembershipPasswordException("Change password canceled due to new password validation failure."); int affectesRows = PersonModel.ChangePassword(username, newPwd); return affectesRows > 0; }
public override string ResetPassword(string username, string answer) { if (!EnablePasswordReset) { throw new NotSupportedException("Password reset is not enabled."); } if (answer == null && RequiresQuestionAndAnswer) { throw new ProviderException("Password answer required for password reset."); } string newPassword = System.Web.Security.Membership.GeneratePassword(newPasswordLength, MinRequiredNonAlphanumericCharacters); ValidatePasswordEventArgs args = new ValidatePasswordEventArgs(username, newPassword, true); OnValidatingPassword(args); if (args.Cancel) if (args.FailureInformation != null) throw args.FailureInformation; else throw new MembershipPasswordException("Reset password canceled due to password validation failure."); SqlConnection conn = new SqlConnection(connectionString); SqlCommand cmd = new SqlCommand("SELECT User_Password FROM T_Users " + " WHERE User_Email = @User_Email", conn); cmd.Parameters.Add("@User_Email", SqlDbType.VarChar, 50).Value = username; int rowsAffected = 0; string passwordAnswer = ""; SqlDataReader reader = null; try { conn.Open(); reader = cmd.ExecuteReader(CommandBehavior.SingleRow); if (reader.HasRows) { reader.Read(); } else { throw new MembershipPasswordException("The supplied user name is not found."); } if (RequiresQuestionAndAnswer && !CheckPassword(answer, passwordAnswer)) { throw new MembershipPasswordException("Incorrect password answer."); } SqlCommand updateCmd = new SqlCommand("UPDATE T_Users " + " SET User_Password = @User_Password" + " WHERE User_Email = @User_Email", conn); updateCmd.Parameters.Add("@Password", SqlDbType.NVarChar, 50).Value = EncodePassword(newPassword); updateCmd.Parameters.Add("@User_Email", SqlDbType.NVarChar, 50).Value = username; rowsAffected = updateCmd.ExecuteNonQuery(); } catch (SqlException e) { if (WriteExceptionsToEventLog) { WriteToEventLog(e, "ResetPassword"); throw new ProviderException(exceptionMessage); } else { throw e; } } finally { if (reader != null) { reader.Close(); } conn.Close(); } if (rowsAffected > 0) { return newPassword; } else { throw new MembershipPasswordException("User not found, or user is locked out. Password not Reset."); } }
//******************************************************************* CREATE USER OVERRIDE public override MembershipUser CreateUser(string username, string password, string email, string passwordQuestion, string passwordAnswer, bool isApproved, object providerUserKey, out MembershipCreateStatus status) { ValidatePasswordEventArgs args = new ValidatePasswordEventArgs(username, password, true); OnValidatingPassword(args); if (args.Cancel) { status = MembershipCreateStatus.InvalidPassword; return null; } if (RequiresUniqueEmail && GetUserNameByEmail(email).Length > 0) { status = MembershipCreateStatus.DuplicateEmail; return null; } MembershipUser u = GetUser(username, false); if (u == null) { DateTime createDate = DateTime.Now; SqlConnection conn = new SqlConnection(connectionString); SqlCommand cmd = new SqlCommand("INSERT INTO Users " + " (UserEmail, userPwd, roleID, clientID, userCreateDate)" + " Values (@UserEmail, @userPwd, @roleID, @clientID, @userCreateDate)", conn); cmd.Parameters.Add("@UserEmail", SqlDbType.NVarChar, 50).Value = email; cmd.Parameters.Add("@userPwd", SqlDbType.NVarChar, 15).Value = EncodePassword(password); cmd.Parameters.Add("@userCreateDate", SqlDbType.DateTime).Value = createDate; cmd.Parameters.Add("@roleID", SqlDbType.Int,4).Value = HttpContext.Current.Session["R_User_roleID"].ToString(); cmd.Parameters.Add("@clientID", SqlDbType.Int, 4).Value = HttpContext.Current.Session["R_User_clientID"].ToString(); try { conn.Open(); int recAdded = cmd.ExecuteNonQuery(); if (recAdded > 0) { status = MembershipCreateStatus.Success; } else { status = MembershipCreateStatus.UserRejected; } } catch (SqlException e) { if (WriteExceptionsToEventLog) { WriteToEventLog(e, "CreateUser"); } status = MembershipCreateStatus.ProviderError; } finally { conn.Close(); } return GetUser(username, false); } else { status = MembershipCreateStatus.DuplicateUserName; } return null; }
public override MembershipUser CreateUser(string username, string password, string email, string passwordQuestion, string passwordAnswer, bool isApproved, object providerUserKey, out MembershipCreateStatus status) { var args = new ValidatePasswordEventArgs(username, password, true); OnValidatingPassword(args); if (args.Cancel) { status = MembershipCreateStatus.InvalidPassword; return null; } if (!Regex.IsMatch(email, "^([a-zA-Z0-9_\\-\\.]+)@((\\[[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}\\.)|(([a-zA-Z0-9\\-]+\\.)+))([a-zA-Z]{2,4}|[0-9]{1,3})$")) { status = MembershipCreateStatus.InvalidEmail; return null; } if (RequiresUniqueEmail && GetUserNameByEmail(email) != string.Empty) { status = MembershipCreateStatus.DuplicateEmail; return null; } var user = GetUser(username, true); if (user == null) { string MD5Pass = GetMd5Hash(password); var userObj = new User { ID = username, Name = username, Pass = MD5Pass, Email = email, Question = passwordQuestion, Answer = passwordAnswer,LastLogin = DateTime.Now }; db.Users.Add(userObj); db.SaveChanges(); status = MembershipCreateStatus.Success; return GetUser(username, true); } status = MembershipCreateStatus.DuplicateUserName; return null; }
public override MembershipUser CreateUser(string username, string password, string email, string passwordQuestion, string passwordAnswer, bool isApproved, object providerUserKey, out MembershipCreateStatus status) { ValidatePasswordEventArgs args = new ValidatePasswordEventArgs(username, password, true); OnValidatingPassword(args); if (args.Cancel) { status = MembershipCreateStatus.InvalidPassword; return(null); } if (_requiresUniqueEmail && GetUserNameByEmail(email) != string.Empty) { status = MembershipCreateStatus.DuplicateEmail; return(null); } MembershipUser membershipUser = GetUser(username, false); if (membershipUser == null) { DateTime registrado = DateTime.Now; if (providerUserKey == null) { providerUserKey = Guid.NewGuid(); } else { if (!(providerUserKey is Guid)) { status = MembershipCreateStatus.InvalidProviderUserKey; return(null); } } SqlDatabase sqlDatabase = new SqlDatabase(_connectionString); DbCommand dbCommand = sqlDatabase.GetStoredProcCommand("adm.NlayerSP_RegistrarUsuario"); sqlDatabase.AddInParameter(dbCommand, "Aplicacion", DbType.String, _applicationName); sqlDatabase.AddInParameter(dbCommand, "ProviderUserKey", DbType.Guid, providerUserKey); sqlDatabase.AddInParameter(dbCommand, "Login", DbType.String, username); sqlDatabase.AddInParameter(dbCommand, "Password", DbType.String, Encode(password)); sqlDatabase.AddInParameter(dbCommand, "Email", DbType.String, email); sqlDatabase.AddInParameter(dbCommand, "PreguntaPassword", DbType.String, passwordQuestion); sqlDatabase.AddInParameter(dbCommand, "RespuestaPassword", DbType.String, Encode(passwordAnswer)); sqlDatabase.AddInParameter(dbCommand, "Comentario", DbType.String, null); sqlDatabase.AddInParameter(dbCommand, "UltimaActividad", DbType.DateTime, registrado); sqlDatabase.AddInParameter(dbCommand, "UltimaSesion", DbType.DateTime, registrado); sqlDatabase.AddInParameter(dbCommand, "UltimoCambioDePassword", DbType.DateTime, registrado); sqlDatabase.AddInParameter(dbCommand, "CantidadIntentosFallidosPassword", DbType.Int32, 0); sqlDatabase.AddInParameter(dbCommand, "InicioIntentosFallidosPassword", DbType.DateTime, registrado); sqlDatabase.AddInParameter(dbCommand, "CantidadIntentosFallidosPregunta", DbType.Int32, 0); sqlDatabase.AddInParameter(dbCommand, "InicioIntentosFallidosPregunta", DbType.DateTime, registrado); sqlDatabase.AddInParameter(dbCommand, "EstaAprobado", DbType.Boolean, isApproved); sqlDatabase.AddInParameter(dbCommand, "EstaBloqueado", DbType.Boolean, false); sqlDatabase.AddInParameter(dbCommand, "UltimoBloqueo", DbType.DateTime, registrado); sqlDatabase.AddInParameter(dbCommand, "Registrado", DbType.DateTime, registrado); using (IDataReader dataReader = sqlDatabase.ExecuteReader(dbCommand)) { dataReader.Read(); membershipUser = GetUserFromDataReader(dataReader); } status = MembershipCreateStatus.Success; return(membershipUser); } status = MembershipCreateStatus.DuplicateUserName; return(null); }
public override MembershipUser CreateUser(string username, string password, string email, string passwordQuestion, string passwordAnswer, bool isApproved, object providerUserKey, out MembershipCreateStatus status) { if (providerUserKey != null) { if (!(providerUserKey is Guid)) { status = MembershipCreateStatus.InvalidProviderUserKey; return(null); } } else { providerUserKey = Guid.NewGuid(); } var validatePasswordEventArgs = new ValidatePasswordEventArgs(username, password, true); OnValidatingPassword(validatePasswordEventArgs); if (validatePasswordEventArgs.Cancel) { status = MembershipCreateStatus.InvalidPassword; return(null); } if (this.RequiresQuestionAndAnswer && !String.IsNullOrWhiteSpace(passwordQuestion)) { status = MembershipCreateStatus.InvalidQuestion; return(null); } if (this.RequiresQuestionAndAnswer && !String.IsNullOrWhiteSpace(passwordAnswer)) { status = MembershipCreateStatus.InvalidAnswer; return(null); } if (this.GetUser(username, false) != null) { status = MembershipCreateStatus.DuplicateUserName; return(null); } if (this.GetUser(providerUserKey, false) != null) { status = MembershipCreateStatus.DuplicateProviderUserKey; return(null); } if (this.RequiresUniqueEmail && !String.IsNullOrWhiteSpace(this.GetUserNameByEmail(email))) { status = MembershipCreateStatus.DuplicateEmail; return(null); } byte[] buffer = new byte[16]; (new RNGCryptoServiceProvider()).GetBytes(buffer); var salt = Convert.ToBase64String(buffer); var creationDate = DateTime.UtcNow; var bsonDocument = new BsonDocument { { "_id", (Guid)providerUserKey }, { "ApplicationName", this.ApplicationName }, { "CreationDate", creationDate }, { "Email", email }, { "FailedPasswordAnswerAttemptCount", 0 }, { "FailedPasswordAnswerAttemptWindowStart", creationDate }, { "FailedPasswordAttemptCount", 0 }, { "FailedPasswordAttemptWindowStart", creationDate }, { "IsApproved", isApproved }, { "IsLockedOut", false }, { "LastActivityDate", creationDate }, { "LastLockoutDate", new DateTime(1970, 1, 1) }, { "LastLoginDate", creationDate }, { "LastPasswordChangedDate", creationDate }, { "Password", this.EncodePassword(password, this.PasswordFormat, salt) }, { "PasswordAnswer", this.EncodePassword(passwordAnswer, this.PasswordFormat, salt) }, { "PasswordQuestion", passwordQuestion }, { "Salt", salt }, { "Username", username } }; this.mongoCollection.Insert(bsonDocument); status = MembershipCreateStatus.Success; return(this.GetUser(username, false)); }
public override string ResetPassword(string username, string answer) { if (!EnablePasswordReset) { throw new NotSupportedException("El reseteo de password no está disponible."); } if (answer == null && RequiresQuestionAndAnswer) { throw new ProviderException("La pregunta de seguridad es obligatoria."); } string newPassword = Membership.GeneratePassword(NewPasswordLength, _minRequiredNonAlphanumericCharacters); ValidatePasswordEventArgs args = new ValidatePasswordEventArgs(username, newPassword, true); OnValidatingPassword(args); if (args.Cancel) { if (args.FailureInformation != null) { throw args.FailureInformation; } throw new MembershipPasswordException( "El reseteo del password ha sido cancelado debido a un error en la validación del usuario.."); } SqlDatabase sqlDatabase = new SqlDatabase(_connectionString); DbCommand dbCommand = sqlDatabase.GetStoredProcCommand("adm.NlayerSP_ResetearPasswordUsuario"); sqlDatabase.AddInParameter(dbCommand, "Aplicacion", DbType.String, _applicationName); sqlDatabase.AddInParameter(dbCommand, "Login", DbType.String, username); sqlDatabase.AddInParameter(dbCommand, "NuevoPassword", DbType.String, Encode(newPassword)); sqlDatabase.AddInParameter(dbCommand, "Respuesta", DbType.String, Encode(answer)); sqlDatabase.AddInParameter(dbCommand, "IntentosPassword", DbType.Int32, _passwordAttemptWindow); sqlDatabase.AddInParameter(dbCommand, "MaximoIntentosFallidos", DbType.Int32, _maxInvalidPasswordAttempts); int resultado = (int)sqlDatabase.ExecuteScalar(dbCommand); switch (resultado) { case 0: return(newPassword); case 1: throw new MembershipPasswordException("El usuario no existe."); case 2: throw new MembershipPasswordException("El usuario se encuentra bloqueado."); case 3: throw new MembershipPasswordException("El usuario no tiene una respuesta establecida."); case 4: throw new MembershipPasswordException("Respuesta incorrecta."); } throw new MembershipPasswordException( "Usuario no existe, o el usuario está bloqueado. El password no ha sido reseteado."); }
public override bool ChangePassword(string username, string oldPwd, string newPwd) { if (!ValidateUser(username, oldPwd)) return false; ValidatePasswordEventArgs args = new ValidatePasswordEventArgs(username, newPwd, true); OnValidatingPassword(args); if (args.Cancel) if (args.FailureInformation != null) throw args.FailureInformation; else throw new MembershipPasswordException("Change password canceled due to new password validation failure."); SqlConnection conn = new SqlConnection(connectionString); SqlCommand cmd = new SqlCommand("UPDATE T_Users " + " SET User_Password = @Password " + " WHERE User_Email = @Username", conn); cmd.Parameters.Add("@Password", SqlDbType.NVarChar, 50).Value = EncodePassword(newPwd); cmd.Parameters.Add("@Username", SqlDbType.NVarChar, 50).Value = username; int rowsAffected = 0; try { conn.Open(); rowsAffected = cmd.ExecuteNonQuery(); } catch (SqlException e) { if (WriteExceptionsToEventLog) { WriteToEventLog(e, "ChangePassword"); throw new ProviderException(exceptionMessage); } else { throw e; } } finally { conn.Close(); } if (rowsAffected > 0) { return true; } return false; }
public override string ResetPassword(string username, string answer) { if (!EnablePasswordReset) { throw new MembershipPasswordException( NhibernateMembershipProviderExceptionUtil.FormatExceptionMessage(this, NHibernateProviderSR. Pwd_ResetNotEnabled)); } if ((answer == null) && RequiresQuestionAndAnswer) { UpdateFailureCount(username, FailureType.PasswordAnswer); throw new MembershipPasswordException( NhibernateMembershipProviderExceptionUtil.FormatExceptionMessage(this, NHibernateProviderSR. Pwd_AnswerRequiredForReset)); } string password = Membership.GeneratePassword(minRequiredPasswordLength, MinRequiredNonAlphanumericCharacters); var e = new ValidatePasswordEventArgs(username, password, true); OnValidatingPassword(e); if (e.Cancel) { if (e.FailureInformation != null) { throw e.FailureInformation; } throw new MembershipPasswordException( NhibernateMembershipProviderExceptionUtil.FormatExceptionMessage(this, NHibernateProviderSR. Pwd_ResetCancelledDueToNewPassword)); } SystemUserWrapper user = SystemUserWrapper.GetUserByLoginID(username); if (user != null) { if (user.IsLockedOut) { throw new MembershipPasswordException( NhibernateMembershipProviderExceptionUtil.FormatExceptionMessage(this, NHibernateProviderSR. User_IsLockedOut)); } if (RequiresQuestionAndAnswer && !CheckPassword(answer, user.PasswordAnswer, user.PasswordSalt)) { UpdateFailureCount(username, FailureType.PasswordAnswer); throw new MembershipPasswordException( NhibernateMembershipProviderExceptionUtil.FormatExceptionMessage(this, NHibernateProviderSR. Pwd_IncorrectAnswer)); } try { user.UserPassword = EncodePassword(password, user.PasswordSalt); user.LastPasswordChangeDate = DateTime.Now; user.LastActivityDate = DateTime.Now; SystemUserWrapper.SaveOrUpdate(user); } catch { throw new MembershipPasswordException( NhibernateMembershipProviderExceptionUtil.FormatExceptionMessage(this, NHibernateProviderSR. Pwd_OpCancelledDueToAccountLocked)); } } return(password); }
public override MembershipUser CreateUser(string username, string password, string email, string passwordQuestion, string passwordAnswer, bool isApproved, object providerUserKey, out MembershipCreateStatus status) { ValidatePasswordEventArgs args = new ValidatePasswordEventArgs(username, password, true); OnValidatingPassword(args); if (args.Cancel) { status = MembershipCreateStatus.InvalidPassword; return(null); } if (RequiresUniqueEmail && GetUserNameByEmail(email) != "") { status = MembershipCreateStatus.DuplicateEmail; return(null); } MembershipUser u = GetUser(username, false); if (u == null) { DateTime createDate = DateTime.Now; UserEntity user = new UserEntity(); user.Username = username; user.Password = EncodePassword(password); user.Email = email; user.IsAdmin = false; user.PasswordQuestion = passwordQuestion; user.PasswordAnswer = passwordAnswer;//EncodePassword(passwordAnswer); user.IsApproved = isApproved; user.CreationDate = createDate; user.LastPasswordChangedDate = createDate; user.LastActivityDate = createDate; user.IsLockedOut = false; user.LastLockedOutDate = createDate; try { RepositoryContext.Current.Users.Save(user); if (Guid.Empty.CompareTo(user.Id) == 0) { status = MembershipCreateStatus.UserRejected; } else { status = MembershipCreateStatus.Success; } } catch (Exception e) { status = MembershipCreateStatus.ProviderError; WlogLogger.Current.Error(e); } return(GetUser(username, false)); } else { status = MembershipCreateStatus.DuplicateUserName; } return(null); }
public override string ResetPassword(string userName, string answer) { if (!EnablePasswordReset) { throw new NotSupportedException("Password reset is not enabled."); } if (answer == string.Empty) { UpdateAnswerFailureCount(userName); throw new ProviderException("Password answer required for password reset."); } string newPassword = System.Web.Security.Membership.GeneratePassword(NewPasswordLength, MinRequiredNonAlphanumericCharacters); var args = new ValidatePasswordEventArgs(userName, newPassword, true); OnValidatingPassword(args); if (args.Cancel) { if (args.FailureInformation != null) { throw args.FailureInformation; } throw new MembershipPasswordException("Reset password canceled due to password validation failure."); } try { UserProfile userProfile = _membershipService.GetUserProfileByName(userName); if (userProfile.Membership.IsLockedOut) { throw new MembershipPasswordException("The supplied user is locked out."); } var passwordAnswer = userProfile.Membership.PasswordAnswer; var passwordAnswerSalt = userProfile.Membership.PasswordAnswerSalt; if (!Verify(answer, passwordAnswer, passwordAnswerSalt)) { UpdateAnswerFailureCount(userName); throw new MembershipPasswordException("Incorrect password answer."); } string passwordSalt; _membershipService.ChangeUserPassword(userName, _encryptionStrategy.Encrypt(newPassword, out passwordSalt), passwordSalt, DateTime.Now); return(newPassword); } catch (Exception e) { if (WriteExceptionsToEventLog) { WriteToEventLog(e, "ResetPassword"); } throw new ProviderException(ExceptionMessage, e); } }
public override MembershipUser CreateUser(String username, String password, String email, String passwordQuestion, String passwordAnswer, Boolean isApproved, object providerUserKey, out MembershipCreateStatus status) { ValidatePasswordEventArgs args = new ValidatePasswordEventArgs(username, password, true); OnValidatingPassword(args); if (args.Cancel) { status = MembershipCreateStatus.InvalidPassword; return(null); } if (RequiresQuestionAndAnswer && String.IsNullOrEmpty(passwordAnswer)) { status = MembershipCreateStatus.InvalidAnswer; return(null); } if (RequiresUniqueEmail) { if (!IsEmail(email)) { status = MembershipCreateStatus.InvalidEmail; return(null); } if (!String.IsNullOrEmpty(GetUserNameByEmail(email))) { status = MembershipCreateStatus.DuplicateEmail; return(null); } } MembershipUser mUser = GetUser(username, false); if (mUser != null) { status = MembershipCreateStatus.DuplicateUserName; return(null); } using (Session session = XpoHelper.GetNewSession()) { XpoUser user = new XpoUser(session) { ApplicationName = ApplicationName, UserName = username, Password = EncodePassword(password), Email = email, PasswordQuestion = passwordQuestion, PasswordAnswer = EncodePassword(passwordAnswer), IsApproved = isApproved, CreationDate = DateTime.Now, FailedPasswordAnswerAttemptCount = 0, FailedPasswordAnswerAttemptWindowStart = DateTime.MinValue, IsLockedOut = false, LastActivityDate = DateTime.Now, LastLockedOutDate = DateTime.MinValue, FailedPasswordAttemptCount = 0, FailedPasswordAttemptWindowStart = DateTime.MinValue }; user.Save(); status = MembershipCreateStatus.Success; } return(GetUser(username, false)); }
public override bool ChangePassword(string username, string oldPwd, string newPwd) { username = Util.GetUserName(username); if (!ValidateUser(username, oldPwd)) { return(false); } var args = new ValidatePasswordEventArgs(username, newPwd, true); OnValidatingPassword(args); if (args.Cancel) { if (args.FailureInformation != null) { throw args.FailureInformation; } else { throw new MembershipPasswordException("Change password canceled due to new password validation failure."); } } if (!AdminOverride) { if (newPwd.Length < MinRequiredPasswordLength) { throw new ArgumentException($"Password must contain at least {MinRequiredPasswordLength} chars"); } if (MembershipService.RequireSpecialCharacter) { if (newPwd.All(char.IsLetterOrDigit)) { throw new ArgumentException("Password needs at least 1 non-alphanumeric character"); } } if (MembershipService.RequireOneNumber) { if (!newPwd.Any(char.IsDigit)) { throw new ArgumentException("Password needs at least 1 number"); } } if (MembershipService.RequireOneUpper) { if (!newPwd.Any(char.IsUpper)) { throw new ArgumentException("Password needs at least 1 uppercase letter"); } } } var db = GetDb(); var user = db.Users.Single(u => u.Username == username); user.Password = EncodePassword(newPwd); user.MustChangePassword = false; user.LastPasswordChangedDate = Util.Now; ApiSessionModel.DeleteSession(db, user); db.SubmitChanges(); return(true); }
/// <summary> /// Adds a new membership user to the data source. /// </summary> /// <param name="username">The user name could be user's email depending on configuration.</param> /// <param name="password">The password for the new user.</param> /// <param name="email">The e-mail address for the new user.</param> /// <param name="passwordQuestion">The password question for the new user.</param> /// <param name="passwordAnswer">The password answer for the new user</param> /// <param name="isApproved">The new user is always approved no matter the value of this parameter.</param> /// <param name="providerUserKey">The unique identifier from the membership data source for the user. Generated if null.</param> /// <param name="status">A <see cref="T:System.Web.Security.MembershipCreateStatus"/> enumeration value indicating whether the user was created successfully.</param> /// <returns> /// A <see cref="T:System.Web.Security.MembershipUser"/> object populated with the information for the newly created user. /// </returns> public override MembershipUser CreateUser(string username, string password, string email, string passwordQuestion, string passwordAnswer, bool isApproved, object providerUserKey, out MembershipCreateStatus status) { string domainUsername; if (TryGetDomainUser(username, out domainUsername)) { // Username shouldn't contain domain status = MembershipCreateStatus.UserRejected; return(null); } var args = new ValidatePasswordEventArgs(domainUsername, password, true); OnValidatingPassword(args); if (args.Cancel) { status = MembershipCreateStatus.InvalidPassword; return(null); } Guid userId = Guid.Empty; if (providerUserKey != null) { if (!(providerUserKey is Guid)) { status = MembershipCreateStatus.InvalidProviderUserKey; return(null); } userId = (Guid)providerUserKey; } var request = new CreateCustomerMembershipRequest { Id = userId, Username = username, Email = email, FirstName = OvertureMembershipConfiguration.DefaultFirstName, // Required in Overture LastName = OvertureMembershipConfiguration.DefaultLastName, // Required in Overture Password = password, PasswordQuestion = passwordQuestion, PasswordAnswer = passwordAnswer, ScopeId = GetCurrentScope(), }; try { var createdCustomer = _client.Send(request); status = MembershipCreateStatus.Success; return(ConvertToMembershipUser(createdCustomer)); } catch (ValidationError ex) { switch (ex.ErrorCode) { case "InvalidPassword": case "InvalidOperationException": status = MembershipCreateStatus.InvalidPassword; return(null); case "PasswordQuestionNoSet": status = MembershipCreateStatus.InvalidQuestion; return(null); case "UserNameAlreadyUsed": status = MembershipCreateStatus.DuplicateUserName; return(null); default: status = MembershipCreateStatus.UserRejected; return(null); } } catch (WebException ex) { throw new MembershipCreateUserException(ex.Message, ex); } catch (WebServiceException ex) { throw new MembershipCreateUserException(ex.ErrorMessage, ex); } }
public override MembershipUser CreateUser(string username, string password, string email, string passwordQuestion, string passwordAnswer, bool isApproved, object providerUserKey, out MembershipCreateStatus status) { username = Util.GetUserName(username); var args = new ValidatePasswordEventArgs(username, password, true); OnValidatingPassword(args); if (args.Cancel) { status = MembershipCreateStatus.InvalidPassword; return(null); } if (RequiresUniqueEmail && GetUserNameByEmail(email) != "") { status = MembershipCreateStatus.DuplicateEmail; return(null); } var Db = GetDb(); var u = GetUser(username, false); if (u == null) { int? pid = null; Person per = null; if (providerUserKey != null && providerUserKey is int) { per = Db.People.SingleOrDefault(p => p.PeopleId == (int)providerUserKey); } else { per = Db.People.SingleOrDefault(p => p.EmailAddress == email); } if (per != null) { pid = per.PeopleId; } var createDate = Util.Now; var user = new User { PeopleId = pid, Username = username, //EmailAddress = email, Password = EncodePassword(password), PasswordQuestion = passwordQuestion, PasswordAnswer = EncodePassword(passwordAnswer), IsApproved = isApproved, Comment = "", CreationDate = createDate, LastPasswordChangedDate = createDate, LastActivityDate = createDate, IsLockedOut = false, LastLockedOutDate = createDate, FailedPasswordAttemptCount = 0, FailedPasswordAttemptWindowStart = createDate, FailedPasswordAnswerAttemptCount = 0, FailedPasswordAnswerAttemptWindowStart = createDate, }; Db.Users.InsertOnSubmit(user); Db.SubmitChanges(); status = MembershipCreateStatus.Success; return(GetUser(username, false)); } else { status = MembershipCreateStatus.DuplicateUserName; } return(null); }
public override System.Web.Security.MembershipUser CreateUser(string username, string password, string email, string passwordQuestion, string passwordAnswer, bool isApproved, object providerUserKey, out System.Web.Security.MembershipCreateStatus status) { bool createInactive = true; using (var db = new ClimbingContext()) { if (db.UserProfiles.Count(u => u.Name.Equals(username, StringComparison.OrdinalIgnoreCase)) > 0) { status = MembershipCreateStatus.DuplicateUserName; return(null); } if (String.IsNullOrEmpty(password)) { password = Membership.GeneratePassword(minRequiredPasswordLength + 10, minRequiredNonAlphanumericCharacters + 1); } else { ValidatePasswordEventArgs args = new ValidatePasswordEventArgs(username, password, true); OnValidatingPassword(args); if (args.Cancel) { status = MembershipCreateStatus.InvalidPassword; return(null); } } if (String.IsNullOrEmpty(email)) { status = MembershipCreateStatus.InvalidEmail; return(null); } if (requiresUniqueEmail && db.UserProfiles.Count(u => u.Email.Equals(email, StringComparison.OrdinalIgnoreCase)) > 0) { status = MembershipCreateStatus.DuplicateEmail; return(null); } try { string token = null; if (createInactive) { do { token = GenerateToken(); }while (db.UserProfiles.Count(p => p.Token.Equals(token, StringComparison.InvariantCultureIgnoreCase)) > 0); } var upm = db.UserProfiles.Create(); upm.Name = username; upm.SetPassword(password); upm.Email = email; upm.Inactive = createInactive; upm.Token = token; upm.PasswordTokenExpirationTime = null; db.UserProfiles.Add(upm); db.SaveChanges(); status = MembershipCreateStatus.Success; return(GetUser(username, false)); } catch { status = MembershipCreateStatus.ProviderError; return(null); } } }
public override MembershipUser CreateUser(string username, string password, string email, string passwordQuestion, string passwordAnswer, bool isApproved, object providerUserKey, out MembershipCreateStatus status) { var userId = (int)providerUserKey; var user = new UserEntity(userId); if (!user.IsNew && !user.LastLoginTime.HasValue) { if (username.Length >= MinUsernameLength && !username.Contains(" ")) { if (ValidateNewPassword(password)) { var args = new ValidatePasswordEventArgs(username, password, true); OnValidatingPassword(args); if (!args.Cancel) { if (UserUtils.GetByUsername(username) == null) { Transaction transaction = new Transaction(IsolationLevel.ReadCommitted, "user initialization"); try { transaction.Add(user); user.Username = username; user.EmailAddress = email; SetPassword(user, password, transaction); user.Save(); transaction.Commit(); status = MembershipCreateStatus.Success; return(GetUser(username, true)); } catch (Exception) { transaction.Rollback(); status = MembershipCreateStatus.ProviderError; } finally { transaction.Dispose(); } } else { status = MembershipCreateStatus.DuplicateUserName; } } else { status = MembershipCreateStatus.InvalidPassword; } } else { status = MembershipCreateStatus.InvalidPassword; } } else { status = MembershipCreateStatus.InvalidUserName; } } else { status = MembershipCreateStatus.InvalidProviderUserKey; } return(null); }
public override MembershipUser CreateUser(string username, string password, string email, string passwordQuestion, string passwordAnswer, bool isApproved, object providerUserKey, out MembershipCreateStatus status) { ValidatePasswordEventArgs args = new ValidatePasswordEventArgs(username, password, true); OnValidatingPassword(args); if (args.Cancel) { status = MembershipCreateStatus.InvalidPassword; return(null); } if (RequiresUniqueEmail && !String.IsNullOrEmpty(GetUserNameByEmail(email))) { status = MembershipCreateStatus.DuplicateEmail; return(null); } MembershipUser u = GetUser(username, false); if (u == null) { DateTime createDate = DateTime.Now; if (providerUserKey == null) { providerUserKey = Guid.NewGuid(); } else if (!(providerUserKey is Guid)) { status = MembershipCreateStatus.InvalidProviderUserKey; return(null); } User user = new User() { UserId = 0, CreateDate = DateTime.Now, Email = email, UserName = username, PasswordHash = CreatePasswordHash(password), AuthorizatonKey = (Guid)providerUserKey }; int userId = new UserDAO().Add(user); MembershipUser mUser = getMembershipUserFromDnUser(user); if (userId > 0) { status = MembershipCreateStatus.Success; } else { status = MembershipCreateStatus.UserRejected; } return(mUser); } else { status = MembershipCreateStatus.DuplicateUserName; } return(null); }
/// <summary> /// Creates a user from the given parameters and settings in the web.config (under the membership section) /// </summary> /// <param name="username">Kerberos LoginID of the user who created the account (or string.empty)</param> /// <param name="password">Password -- complexity determined by web.config settings</param> /// <param name="email">Email entered by user</param> /// <param name="passwordQuestion"></param> /// <param name="passwordAnswer"></param> /// <param name="isApproved"></param> /// <param name="providerUserKey">Not used since username is always unique, we can look up with UserID when necessary</param> /// <param name="status"></param> /// <returns>A representation of the current user's membership information</returns> public override MembershipUser CreateUser(string username, string password, string email, string passwordQuestion, string passwordAnswer, bool isApproved, object providerUserKey, out MembershipCreateStatus status) { //if the username is SELFCREATED, set it to empty so that we know it was not created on a Kerberos user's behalf if (username == "SELFCREATED") { username = string.Empty; } //Make sure the password is non-null or empty (excluding white space) if (!SecUtility.ValidateParameter(ref password, true, true, false, 0)) { //If the password is invalid, return the correct status status = MembershipCreateStatus.InvalidPassword; return(null); } //Check that the password meets all requirements laid out in the web.config if (password.Length < MinRequiredPasswordLength) { status = MembershipCreateStatus.InvalidPassword; return(null); } int count = 0; for (int i = 0; i < password.Length; i++) { if (!char.IsLetterOrDigit(password, i)) { count++; } } if (count < MinRequiredNonAlphanumericCharacters) { status = MembershipCreateStatus.InvalidPassword; return(null); } if (PasswordStrengthRegularExpression.Length > 0) { if (!Regex.IsMatch(password, PasswordStrengthRegularExpression)) { status = MembershipCreateStatus.InvalidPassword; return(null); } } //Validate with email as the username ValidatePasswordEventArgs e = new ValidatePasswordEventArgs(email, password, true); OnValidatingPassword(e); if (e.Cancel) { status = MembershipCreateStatus.InvalidPassword; return(null); } //Generate a salt of length SALT_SIZE_IN_BYTES string salt = GenerateSalt(); //Encodes the password using the method defined in the web.config membership section (clear, hashed, or encrypted) //If method = hashed, then the algortihm defined by the HashAlgorithmType key is used string encodedPassword = EncodePassword(password, (int)_PasswordFormat, salt); //Make sure the password isn't too long (if it is, it will not fit in the database if (encodedPassword.Length > 128) { status = MembershipCreateStatus.InvalidPassword; return(null); } //Check the email, question, answer (only the last two if they are required in the web.config) //if (!SecUtility.ValidateParameter(ref username, true, true, true, 255)) //{ // status = MembershipCreateStatus.InvalidUserName; // return null; //} if (!SecUtility.ValidateParameter(ref email, RequiresUniqueEmail, RequiresUniqueEmail, false, 128)) { status = MembershipCreateStatus.InvalidEmail; return(null); } if (!SecUtility.ValidateParameter(ref passwordQuestion, RequiresQuestionAndAnswer, true, false, 255)) { status = MembershipCreateStatus.InvalidQuestion; return(null); } if (!SecUtility.ValidateParameter(ref passwordAnswer, RequiresQuestionAndAnswer, true, false, 128)) { status = MembershipCreateStatus.InvalidAnswer; return(null); } _dops.ResetDops(); _dops.Sproc = "usp_InsertAccount"; _dops.SetParameter("@LoginID", username, "IN"); //KerberosID of user that created this account (null if created by applicant) _dops.SetParameter("@Email", email, "IN"); _dops.SetParameter("@Password", encodedPassword, "IN"); _dops.SetParameter("@PasswordFormat", (int)PasswordFormat, "IN"); _dops.SetParameter("@PasswordSalt", salt, "IN"); _dops.SetParameter("@PasswordQuestion", passwordQuestion, "IN"); _dops.SetParameter("@PasswordAnswer", passwordAnswer, "IN"); _dops.SetParameter("@CreateStatus", string.Empty, "OUT"); _dops.SetParameter("RETURN_VALUE", string.Empty, "RETURN"); try { _dops.Execute_Sql(); } catch (SqlException) { status = MembershipCreateStatus.ProviderError; return(null); } //If the return value is not 0 (success), inspect the error and return it to the user if ((int)_dops.GetOutputVariable("RETURN_VALUE") != 0) { switch ((string)_dops.GetOutputVariable("@CreateStatus")) { case "InvalidLogin": status = MembershipCreateStatus.DuplicateUserName; break; case "InvalidEmail": status = MembershipCreateStatus.DuplicateEmail; break; default: status = MembershipCreateStatus.ProviderError; break; } return(null); } else { //No error, so go ahead and return success DateTime dt = DateTime.Now; status = MembershipCreateStatus.Success; return(new MembershipUser(this.Name, username, null, email, passwordQuestion, string.Empty, isApproved, false, dt, dt, dt, dt, DateTime.MinValue)); } }
public override System.Web.Security.MembershipUser CreateUser(string username, string password, string email, string passwordQuestion, string passwordAnswer, bool isApproved, object providerUserKey, out MembershipCreateStatus status) { global::SoftFluent.Samples.GED.Security.User user = new global::SoftFluent.Samples.GED.Security.User(); if (providerUserKey != null) { if (providerUserKey is System.Guid) { user.Id = (System.Guid)providerUserKey; } else { status = MembershipCreateStatus.InvalidProviderUserKey; return(null); } } email = ConvertUtilities.Nullify(email, true); if ((email != null) && (email.Length > 256)) { status = MembershipCreateStatus.InvalidEmail; return(null); } if ((email == null) && RequiresUniqueEmail) { status = MembershipCreateStatus.InvalidEmail; return(null); } user.Email = email; password = ConvertUtilities.Nullify(password, true); user.PasswordSalt = GenerateSalt(); string encodedPassword = EncodePassword(password, user.PasswordSalt); if ((password == null) || (password.Length > 256)) { status = MembershipCreateStatus.InvalidPassword; return(null); } user.Password = encodedPassword; username = ConvertUtilities.Nullify(username, true); if ((username == null) || (username.Length > 256)) { status = MembershipCreateStatus.InvalidUserName; return(null); } user.UserName = username; DateTime time = DateTime.UtcNow; time = new DateTime(time.Year, time.Month, time.Day, time.Hour, time.Minute, time.Second); user.IsLockedOut = false; user.LastLoginDate = time; user.LastActivityDate = time; user.LastPasswordChangeDate = time; user.LastLockoutDate = DateTime.MinValue; if (password.Length < MinRequiredPasswordLength) { status = MembershipCreateStatus.InvalidPassword; return(null); } int min = 0; for (int i = 0; i < password.Length; i++) { if (!char.IsLetterOrDigit(password, i)) { min++; } } if (min < MinRequiredNonAlphanumericCharacters) { status = MembershipCreateStatus.InvalidPassword; return(null); } if ((!string.IsNullOrEmpty(PasswordStrengthRegularExpression)) && (!Regex.IsMatch(password, PasswordStrengthRegularExpression))) { status = MembershipCreateStatus.InvalidPassword; return(null); } ValidatePasswordEventArgs e = new ValidatePasswordEventArgs(username, password, true); OnValidatingPassword(e); if (e.Cancel) { status = MembershipCreateStatus.InvalidPassword; return(null); } try { user.Save(); } catch (CodeFluent.Runtime.CodeFluentDuplicateException) { status = MembershipCreateStatus.DuplicateProviderUserKey; return(null); } status = MembershipCreateStatus.Success; return(MembershipUserFromUser(user)); }
/// <summary> /// Resets a user's password if they have the correct answer to the passwordQuestion /// </summary> /// <param name="username">Username</param> /// <param name="answer">Answer to the users question</param> /// <returns>New password as a string</returns> public override string ResetPassword(string username, string passwordAnswer) { if (!EnablePasswordReset) { throw new NotSupportedException(); } SecUtility.CheckParameter(ref username, true, true, true, 256, "username"); string salt; int passwordFormat; int status; bool isApproved; GetPasswordWithFormat(username, out passwordFormat, out status, out salt, out isApproved); //Check to see if there were any problems (may expand later to involve more specific errors) if (status != 0) //problem occurred { throw new ProviderException(); } //We will do encoding of passwords later, will require changes to createUser, ValidateUser, and others //string encodedPasswordAnswer; //if (!string.IsNullOrEmpty(passwordAnswer)) // encodedPasswordAnswer = EncodePassword(passwordAnswer.ToLower(), passwordFormat, salt); //else // encodedPasswordAnswer = passwordAnswer; if (passwordAnswer != null) { passwordAnswer = passwordAnswer.Trim(); } SecUtility.CheckParameter(ref passwordAnswer, RequiresQuestionAndAnswer, RequiresQuestionAndAnswer, false, 128, "passwordAnswer"); string newPassword = GeneratePassword(); ValidatePasswordEventArgs eventArgs = new ValidatePasswordEventArgs(username, newPassword, false); OnValidatingPassword(eventArgs); if (eventArgs.Cancel) { if (eventArgs.FailureInformation != null) { throw eventArgs.FailureInformation; } else { throw new ProviderException(); } } _dops.ResetDops(); _dops.Sproc = "usp_ResetPassword"; _dops.SetParameter("@Email", username, "IN"); _dops.SetParameter("@NewPassword", EncodePassword(newPassword, (int)passwordFormat, salt), "IN"); _dops.SetParameter("@PasswordFormat", passwordFormat, "IN"); _dops.SetParameter("@PasswordSalt", salt, "IN"); _dops.SetParameter("@PasswordAnswer", passwordAnswer, "IN"); _dops.SetParameter("RETURN_VALUE", string.Empty, "RETURN"); _dops.Execute_Sql(); int success = 1; try { success = (int)_dops.GetOutputVariable("RETURN_VALUE"); } catch (SqlException ex) { throw new ProviderException(ex.Message, ex); } //Check to see if there is a problem if (success != 0) { throw new MembershipPasswordException(); //If there is a problem, throw the exception } return(newPassword); }
public override MembershipUser CreateUser(string username, string password, string email, string passwordQuestion, string passwordAnswer, bool isApproved, object providerUserKey, out MembershipCreateStatus status) { //Thread Safety DbContext DataContext = (DbContext)Activator.CreateInstance(CFMembershipSettings.DataContext); DbSet Users = DataContext.Set(CFMembershipSettings.UserType); status = MembershipCreateStatus.Success; MembershipUser user = null; if (string.IsNullOrEmpty(username) || string.IsNullOrWhiteSpace(username)) { throw new ArgumentNullException("username"); } if (string.IsNullOrEmpty(password) || string.IsNullOrWhiteSpace(password)) { throw new ArgumentNullException("password"); } if (string.IsNullOrEmpty(email) || string.IsNullOrWhiteSpace(email)) { throw new ArgumentNullException("email"); } if (RequiresQuestionAndAnswer) { if (string.IsNullOrEmpty(passwordQuestion) || string.IsNullOrWhiteSpace(passwordQuestion)) { throw new ArgumentNullException("passwordQuestion"); } if (string.IsNullOrEmpty(passwordAnswer) || string.IsNullOrWhiteSpace(passwordAnswer)) { throw new ArgumentNullException("passwordAnswer"); } } if (username.Length > 100) { status = MembershipCreateStatus.InvalidUserName; } if (!this.CheckPasswordPolicy(password)) { status = MembershipCreateStatus.InvalidPassword; } var args = new ValidatePasswordEventArgs(username, password, true); OnValidatingPassword(args); if (args.Cancel) { if (args.FailureInformation != null) { throw args.FailureInformation; } status = MembershipCreateStatus.InvalidPassword; } if (!Regex.IsMatch(email, EmailRegularExpression)) { status = MembershipCreateStatus.InvalidEmail; } if (UseEmailAsUsername) { username = email; } if (RequiresUniqueEmail && GetUserNameByEmail(email).Trim().Length > 0) { status = MembershipCreateStatus.DuplicateEmail; } if (GetUser(username, false) != null) { status = MembershipCreateStatus.DuplicateUserName; } if (providerUserKey != null && GetUser(providerUserKey, false) != null) { status = MembershipCreateStatus.DuplicateProviderUserKey; } if (status == MembershipCreateStatus.Success) { byte[] passwordSalt, passwordHash; Guid guid; HashPassword(password, out passwordSalt, out passwordHash); dynamic usr = Activator.CreateInstance(CFMembershipSettings.UserType); if (CFMembershipSettings.ProviderKeyType == typeof(Guid) && providerUserKey != null && Guid.TryParse(providerUserKey.ToString(), out guid)) { usr.UserId = (Guid)providerUserKey; } //If using SqlServeCE or the UserId is missing the DatabaseGenerated attribute //automatically generate keys via code, otherwise allow the server to generate them. if (CFMembershipSettings.ProviderKeyType == typeof(Guid) && providerUserKey == null) { var info = (CFMembershipSettings.UserType).GetProperty("UserId").GetCustomAttributesData() .SingleOrDefault(item => item.Constructor.ReflectedType.Name == "DatabaseGeneratedAttribute"); if (info == null) { usr.UserId = Guid.NewGuid(); } } usr.Username = username; usr.PasswordHash = passwordHash; usr.PasswordSalt = passwordSalt; usr.PasswordQuestion = passwordQuestion; usr.PasswordAnswer = passwordAnswer; usr.DateLastPasswordChange = DateTime.Now; usr.DateCreated = DateTime.Now; usr.DateLastActivity = null; usr.DateLastLogin = null; usr.Email = email; usr.Comment = null; usr.IsApproved = isApproved; try { Users.Add(usr); } catch (Exception) { status = MembershipCreateStatus.UserRejected; } try { DataContext.SaveChanges(); } catch (Exception) { status = MembershipCreateStatus.ProviderError; } user = GetUser(usr.UserId, false); } DataContext.Dispose(); return(user); }
/// <summary> /// Changes a users password after checking that they know their old password /// </summary> /// <param name="username">Username</param> /// <param name="oldPassword">The old password in the system</param> /// <param name="newPassword">The desired new password</param> /// <returns>True if the change succeeds, otherwise false</returns> public override bool ChangePassword(string username, string oldPassword, string newPassword) { SecUtility.CheckParameter(ref username, true, true, true, 256, "username"); SecUtility.CheckParameter(ref oldPassword, true, true, false, 128, "oldPassword"); SecUtility.CheckParameter(ref newPassword, true, true, false, 128, "newPassword"); int status; //Return false if the old password is not correct if (!CheckPassword(username, oldPassword, out status)) { return(false); } //Make sure the new password meets password length requirements if (newPassword.Length < MinRequiredPasswordLength) { throw new ArgumentException(); } int count = 0; //Check the number of non-alpha numeric chars for (int i = 0; i < newPassword.Length; i++) { if (!char.IsLetterOrDigit(newPassword, i)) { count++; } } if (count < MinRequiredNonAlphanumericCharacters) { throw new ArgumentException(); } //If we are using a regular expression, make sure the password passes if (PasswordStrengthRegularExpression.Length > 0) { if (!Regex.IsMatch(newPassword, PasswordStrengthRegularExpression)) { throw new ArgumentException(); } } string salt = GenerateSalt(); //Encode password using new salt and password format settings string pass = EncodePassword(newPassword, (int)_PasswordFormat, salt); if (pass.Length > 128) { throw new ArgumentException(); } //Raise the OnValidatingPassword() function so someone can hook into it if they want ValidatePasswordEventArgs e = new ValidatePasswordEventArgs(username, newPassword, false); OnValidatingPassword(e); if (e.Cancel) { if (e.FailureInformation != null) { throw e.FailureInformation; } else { throw new ArgumentException(); } } _dops.ResetDops(); _dops.Sproc = "usp_ChangePassword"; _dops.SetParameter("@Email", username, "IN"); _dops.SetParameter("@NewPassword", pass, "IN"); _dops.SetParameter("@PasswordFormat", (int)_PasswordFormat, "IN"); _dops.SetParameter("@PasswordSalt", salt, "IN"); _dops.SetParameter("RETURN_VALUE", string.Empty, "RETURN"); try { _dops.Execute_Sql(); } catch (SqlException ex) { throw new ProviderException(ex.Message, ex); } int result = (int)_dops.GetOutputVariable("RETURN_VALUE"); //Check to see if there is a problem if (result != 0) { throw new MembershipPasswordException(); //If there is a problem, throw the exception } return(true); }
public override MembershipUser CreateUser(string username, string password, string email, string passwordQuestion, string passwordAnswer, bool isApproved, object providerUserKey, out MembershipCreateStatus status) { ValidatePasswordEventArgs args = new ValidatePasswordEventArgs(username, password, true); OnValidatingPassword(args); if (args.Cancel) { status = MembershipCreateStatus.InvalidPassword; return null; } if (RequiresUniqueEmail && GetUserNameByEmail(email) != "") { status = MembershipCreateStatus.DuplicateEmail; return null; } MembershipUser u = GetUser(username, false); if (u == null) { UserModel _user = new UserModel(); _user.CreateUser(username, password, email); status = MembershipCreateStatus.Success; return GetUser(username, false); } else { status = MembershipCreateStatus.DuplicateUserName; } return null; }
public override MembershipUser CreateUser(string username, string password, string email, string passwordQuestion, string passwordAnswer, bool isApproved, object providerUserKey, out MembershipCreateStatus status) { if (providerUserKey == null) { providerUserKey = Guid.NewGuid(); } var validatePasswordEventArgs = new ValidatePasswordEventArgs(username, password, true); OnValidatingPassword(validatePasswordEventArgs); if (validatePasswordEventArgs.Cancel) { status = MembershipCreateStatus.InvalidPassword; return(null); } if (RequiresQuestionAndAnswer) { if (passwordQuestion.IsNullOrWhiteSpace()) { status = MembershipCreateStatus.InvalidQuestion; return(null); } if (passwordAnswer.IsNullOrWhiteSpace()) { status = MembershipCreateStatus.InvalidAnswer; return(null); } } if (GetUser(username, false) != null) { status = MembershipCreateStatus.DuplicateUserName; return(null); } if (GetUser(providerUserKey, false) != null) { status = MembershipCreateStatus.DuplicateProviderUserKey; return(null); } if (RequiresUniqueEmail && !GetUserNameByEmail(email).IsNullOrWhiteSpace()) { status = MembershipCreateStatus.DuplicateEmail; return(null); } var buffer = new byte[16]; buffer.RngGenerator(); var passwordSalt = buffer.ToBase64String(); var createDate = DateTime.UtcNow; var user = new User { Id = providerUserKey.ToString(), ApplicationName = ApplicationName, CreateDate = createDate, EmailLowercase = email?.ToLowerInvariant(), Email = email, FailedPasswordAnswerAttemptCount = 0, FailedPasswordAnswerAttemptWindowStart = createDate, FailedPasswordAttemptCount = 0, FailedPasswordAttemptWindowStart = createDate, IsApproved = isApproved, IsDeleted = false, IsLockedOut = false, LastActivityDate = createDate, LastLockedOutDate = new DateTime(1970, 1, 1), LastLoginDate = createDate, LastPasswordChangedDate = createDate, Password = Encode(password, passwordSalt), PasswordAnswer = Encode(passwordAnswer, passwordSalt), PasswordQuestion = passwordQuestion, PasswordSalt = passwordSalt, UsernameLowercase = username?.ToLowerInvariant(), Username = username }; mongoGateway.CreateUser(user); status = MembershipCreateStatus.Success; return(GetUser(username, false)); }
public override MembershipUser CreateUser(string username, string password, string email, string passwordQuestion, string passwordAnswer, bool isApproved, object providerUserKey, out MembershipCreateStatus status) { var args = new ValidatePasswordEventArgs(username, password, true); OnValidatingPassword(args); if (args.Cancel) { status = MembershipCreateStatus.InvalidPassword; return null; } if (RequiresUniqueEmail && GetUserNameByEmail(email) != string.Empty) { status = MembershipCreateStatus.DuplicateEmail; return null; } var user = GetUser(username, true); if (user == null) { //var userObj = new NguoiDung { Username = username, Password = GetMd5Hash(password), Email = email }; var userObj = new NguoiDung { Username = username, Password = password, Email = email }; db.NguoiDungs.InsertOnSubmit(userObj); db.SubmitChanges(); status = MembershipCreateStatus.Success; return GetUser(username, true); } status = MembershipCreateStatus.DuplicateUserName; return null; }
public override bool ChangePassword(string username, string oldPassword, string newPassword) { ValidatePasswordEventArgs args = new ValidatePasswordEventArgs(username, oldPassword, true); OnValidatingPassword(args); if (args.Cancel) { return false; } MembershipUser acc = GetUser(username, false); if (acc != null) { AccountRepository _account = new AccountRepository(); if (_account.ChangePassword(username, newPassword)) { return true; } } return false; }