Exemple #1
0
        public override bool ChangePassword(string username, string oldPassword, string newPassword)
        {
            if ((string.IsNullOrEmpty(username)) || (username.Length > 256))
            {
                throw new ArgumentNullException("username");
            }

            if ((string.IsNullOrEmpty(oldPassword)) || (oldPassword.Length > 256))
            {
                throw new ArgumentNullException("oldPassword");
            }

            if ((string.IsNullOrEmpty(newPassword)) || (newPassword.Length > 256))
            {
                throw new ArgumentNullException("newPassword");
            }

            if (newPassword.Length < MinRequiredPasswordLength)
            {
                throw new ArgumentException(SoftFluent.Samples.GED.Resources.Manager.GetStringWithDefault("PasswordTooShort", "Password is too short. Minimum length is {0}", new object[] { MinRequiredPasswordLength }));
            }

            int min = 0;

            for (int i = 0; i < newPassword.Length; i++)
            {
                if (!char.IsLetterOrDigit(newPassword, i))
                {
                    min++;
                }
            }
            if (min < MinRequiredNonAlphanumericCharacters)
            {
                throw new ArgumentException(SoftFluent.Samples.GED.Resources.Manager.GetStringWithDefault("PasswordTooAlpha", "Password needs more non alpha numeric characters. Minimum is {0}", new object[] { MinRequiredNonAlphanumericCharacters }));
            }

            if ((PasswordStrengthRegularExpression.Length > 0) && !Regex.IsMatch(newPassword, PasswordStrengthRegularExpression))
            {
                throw new ArgumentException(SoftFluent.Samples.GED.Resources.Manager.GetStringWithDefault("PasswordInvalid", "Password does not match regular expression"));
            }

            global::SoftFluent.Samples.GED.Security.User user = global::SoftFluent.Samples.GED.Security.User.LoadByUserName(username);
            if (user == null)
            {
                return(false);
            }

            if (!CheckPassword(user, oldPassword))
            {
                SetAttempt(user, false);
                user.Save();
                return(false);
            }


            string encodedPassword = EncodePassword(newPassword, user.PasswordSalt);

            if (encodedPassword.Length > 256)
            {
                SetAttempt(user, false);
                user.Save();
                throw new ArgumentException(SoftFluent.Samples.GED.Resources.Manager.GetStringWithDefault("PasswordTooLong", "Password is too long"));
            }

            ValidatePasswordEventArgs e = new ValidatePasswordEventArgs(username, encodedPassword, false);

            OnValidatingPassword(e);
            if (e.Cancel)
            {
                if (e.FailureInformation != null)
                {
                    throw e.FailureInformation;
                }
                throw new ArgumentException(SoftFluent.Samples.GED.Resources.Manager.GetStringWithDefault("PasswordInvalidCustom", "Password is invalid"));
            }

            user.Password = encodedPassword;
            user.Save();
            return(true);
        }
        public MembershipUser CreateUserBetter(string username, string email, string gender, string password, DateTime dob, string bio, long locationId, out MembershipCreateStatus status)
        {
            var args = new ValidatePasswordEventArgs(email, password, true);

            OnValidatingPassword(args);

            if (args.Cancel)
            {
                status = MembershipCreateStatus.InvalidPassword;
                return(null);
            }

            if (string.IsNullOrEmpty(email))
            {
                status = MembershipCreateStatus.InvalidEmail;
                return(null);
            }

            if (password.Length < MinRequiredPasswordLength)
            {
                status = MembershipCreateStatus.InvalidPassword;
                return(null);
            }

            if (RequiresUniqueEmail && EmailExists(email))
            {
                status = MembershipCreateStatus.DuplicateEmail;
                return(null);
            }

            if (RequiresUniqueUsername && UserNameExists(username))
            {
                status = MembershipCreateStatus.DuplicateUserName;
                return(null);
            }

            var u = GetUser(email, false);

            try
            {
                if (u == null)
                {
                    var salt = CreateSalt();

                    //CREATE NEW USER
                    var user = new User
                    {
                        Username    = username,
                        Bio         = bio,
                        Gender      = gender,
                        Email       = email,
                        Salt        = salt,
                        Password    = CreatePasswordHash(password, salt),
                        CreatedDate = DateTime.UtcNow,
                        DateOfBirth = dob
                    };
                    user.LocationId = locationId;
                    //CREATE USER VIA UNITOFWORK
                    Adapter.UserRepository.Insert(user);
                    Adapter.Save();

                    status = MembershipCreateStatus.Success;
                    return(GetUser(email, false));
                }
            }
            catch (Exception ex)
            {
                status = MembershipCreateStatus.ProviderError;
                return(null);
            }

            status = MembershipCreateStatus.DuplicateUserName;
            return(null);
        }
        //public override string CreateUserAndAccount(string userName, string password)
        //{
        //    return base.CreateUserAndAccount(userName, password);
        //}

        //public override string CreateUserAndAccount(string userName, string password, bool requireConfirmation)
        //{
        //    return base.CreateUserAndAccount(userName, password, requireConfirmation);
        //}

        public override string CreateUserAndAccount(string username, string password, bool requireConfirmation, IDictionary <string, object> values)
        {
            username = username.ToLower();
            var email        = values.FirstOrDefault(x => x.Key == "EmailId");
            var firstName    = values.FirstOrDefault(x => x.Key == "FirstName");
            var lastName     = values.FirstOrDefault(x => x.Key == "LastName");
            var userStatusId = values.FirstOrDefault(x => x.Key == "UserStatusId");

            MembershipCreateStatus status;

            var args = new ValidatePasswordEventArgs(username, password, true);

            OnValidatingPassword(args);

            if (args.Cancel)
            {
                status = MembershipCreateStatus.InvalidPassword;
                return(null);
            }

            if (RequiresUniqueEmail && GetUserNameByEmail(email.Value as string) != string.Empty)
            {
                status = MembershipCreateStatus.DuplicateEmail;
                return(null);
            }

            var existingUser = GetUser(username, true);

            if (existingUser == null)
            {
                var profile = new ExtendedUserProfileContract()
                {
                    UserProfile = new UserProfileImplementor()
                    {
                        EmailId   = email.Value as string,
                        FirstName = firstName.Value as string,
                        LastName  = lastName.Value as string,
                        //UserId = providerUserKey
                        UserName     = args.UserName,
                        UserStatusId = Convert.ToByte(userStatusId.Value)
                    }
                    ,
                    WebPagesMembership = new WebPagesMembershipImplementor()
                    {
                        //ConfirmationToken =
                        CreateDate  = DateTime.UtcNow,
                        IsConfirmed = !requireConfirmation || (Convert.ToByte(userStatusId.Value) != Convert.ToByte(UserStatusOptions.New)),
                        //LastPasswordFailureDate =
                        Password            = Crypto.HashPassword(args.Password),
                        PasswordChangedBy   = Requestor.UserId,
                        PasswordChangedDate = DateTime.UtcNow,
                        PasswordSalt        = String.Empty,
                        //PasswordFailuresSinceLastSuccess
                        //PasswordVerificationToken =
                        // PasswordVerificationTokenExpirationDate =
                        //UserId =  = providerUserKey
                    }
                };
                Db.InsertUserProfile(new ExtendedUserProfileContract[] { profile });
                status = MembershipCreateStatus.Success;

                return(username);
            }
            status = MembershipCreateStatus.DuplicateUserName;

            return(null);
        }
Exemple #4
0
 protected override void OnValidatingPassword(ValidatePasswordEventArgs e)
 {
     base.OnValidatingPassword(e);
 }
Exemple #5
0
        public override MembershipUser CreateUser(string username, string password, string email, string passwordQuestion, string passwordAnswer, bool isApproved, object providerUserKey, out MembershipCreateStatus status)
        {
            if (string.IsNullOrEmpty(username))
            {
                status = MembershipCreateStatus.InvalidUserName;
                return(null);
            }
            if (string.IsNullOrEmpty(password))
            {
                status = MembershipCreateStatus.InvalidPassword;
                return(null);
            }

            N2.Security.Items.User u = Bridge.GetUser(username);
            if (u != null)
            {
                if (u.IsLogin)
                {
                    status = MembershipCreateStatus.DuplicateUserName;
                    return(null);
                }
                else
                {
                    // The user object may be a profile which isn't yet a user
                    u.IsLogin = true;
                }
            }

            //access the property, not the field, in case overriden by a subclass
            if (RequiresUniqueEmail)
            {
                if (!string.IsNullOrEmpty(GetUserNameByEmail(email)))
                {
                    status = MembershipCreateStatus.DuplicateEmail;
                    return(null);
                }
            }

            var args = new ValidatePasswordEventArgs(username, password, true);

            OnValidatingPassword(args);
            if (args.Cancel)
            {
                throw new MembershipCreateUserException("Create user cancelled", args.FailureInformation);
            }

            status = MembershipCreateStatus.Success;
            if (u == null)
            {
                u = Bridge.CreateUser(username, ToStoredPassword(password), email, passwordQuestion, passwordAnswer, isApproved, providerUserKey);
            }
            else
            {
                u.Password         = ToStoredPassword(password);
                u.Email            = email;
                u.PasswordQuestion = passwordQuestion;
                u.PasswordAnswer   = passwordAnswer;
                u.IsApproved       = isApproved;
            }
            Cache.Expire();
            MembershipUser m = u.GetMembershipUser(this.Name);

            return(m);
        }
Exemple #6
0
        public override MembershipUser CreateUser(string username, string password, string email, string passwordQuestion, string passwordAnswer, bool isApproved, object providerUserKey, out MembershipCreateStatus status)
        {
            // Ignored by our database schema:
            // - passwordQuestion (not in database)
            // - passwordAnswer (not in database)
            // - isApproved (not in database)
            // - providerUserKey (this is the 'id' field in database, but that
            //   should be auto-increment, so Access DBMS takes care of this!)

            ValidatePasswordEventArgs args = new ValidatePasswordEventArgs(username, password, true);

            OnValidatingPassword(args);

            if (args.Cancel || (password.Length < minRequiredPasswordLength))
            {
                status = MembershipCreateStatus.InvalidPassword;
                return(null);
            }

            if (RequiresUniqueEmail && GetUserNameByEmail(email) != "")
            {
                status = MembershipCreateStatus.DuplicateEmail;
                return(null);
            }

            MembershipUser u = GetUser(username, false);

            if (u == null) // Insert new into DB only if 'u'ser does not already exist...
            {
                OleDbConnection conn = new OleDbConnection(connectionString);
                OleDbCommand    cmd  = new OleDbCommand("INSERT INTO users (username, [password], emailaddress) Values(?, ?, ?)", conn);

                string pass = HashPassword(password);
                cmd.Parameters.Add("@username", OleDbType.VarChar, 128).Value     = username;
                cmd.Parameters.Add("@password", OleDbType.VarChar, 128).Value     = pass;
                cmd.Parameters.Add("@emailaddress", OleDbType.VarChar, 128).Value = email;

                try
                {
                    conn.Open();

                    int recAdded = cmd.ExecuteNonQuery();

                    if (recAdded > 0)
                    {
                        status = MembershipCreateStatus.Success;
                    }
                    else
                    {
                        status = MembershipCreateStatus.UserRejected;
                    }
                }
                catch (Exception ex)
                {
                    string bok = ex.Message;
                    status = MembershipCreateStatus.ProviderError;
                }
                finally
                {
                    conn.Close();
                }

                return(GetUser(username, false));
            }
            else
            {
                status = MembershipCreateStatus.DuplicateUserName;
            }

            return(null);
        }
Exemple #7
0
 private void CreateUserCancel_ValidatingPassword(object sender, ValidatePasswordEventArgs e)
 {
     e.Cancel = true;
 }
Exemple #8
0
        public OnlineStoreMembershipUser CreateUser(string username,
                                                    string password,
                                                    string email,
                                                    string passwordQuestion,
                                                    string passwordAnswer,
                                                    bool isApproved,
                                                    object providerUserKey,
                                                    string contact,
                                                    string phoneNumber,
                                                    AddressDto contactAddress,
                                                    AddressDto deliveryAddress,
                                                    out MembershipCreateStatus status)
        {
            var args = new ValidatePasswordEventArgs(username, password, true);

            OnValidatingPassword(args);
            if (args.Cancel)
            {
                status = MembershipCreateStatus.InvalidPassword;
                return(null);
            }
            if (RequiresUniqueEmail && !string.IsNullOrEmpty(GetUserNameByEmail(email)))
            {
                status = MembershipCreateStatus.DuplicateEmail;
                return(null);
            }
            var user = GetUser(username, true) as OnlineStoreMembershipUser;

            if (user == null)
            {
                using (var proxy = new UserServiceClient())
                {
                    List <UserDto> userDtos = new List <UserDto>
                    {
                        new UserDto
                        {
                            UserName        = username,
                            Password        = password,
                            Contact         = contact,
                            LastLogonDate   = null,
                            RegisteredDate  = DateTime.Now,
                            Email           = email,
                            IsDisabled      = false,
                            PhoneNumber     = phoneNumber,
                            ContactAddress  = contactAddress,
                            DeliveryAddress = deliveryAddress
                        }
                    };

                    proxy.CreateUsers(userDtos.ToArray());
                }

                status = MembershipCreateStatus.Success;
                return(GetUser(username, true) as OnlineStoreMembershipUser);
            }
            else
            {
                status = MembershipCreateStatus.DuplicateUserName;
                return(null);
            }
        }
        public override MembershipUser CreateUser(string username, string password, string email, string passwordQuestion, string passwordAnswer, bool isApproved, object providerUserKey, out MembershipCreateStatus status)
        {
            if (string.IsNullOrEmpty(username) || string.IsNullOrEmpty(password))
            {
                throw new ArgumentException("Null username or password supplied to CreateUser");
            }

            ValidatePasswordEventArgs args =
                new ValidatePasswordEventArgs(username, password, true);

            OnValidatingPassword(args);

            if (args.Cancel)
            {
                status = MembershipCreateStatus.InvalidPassword;
                return(null);
            }

            if (!Validation.IsValidEmail(email))
            {
                status = MembershipCreateStatus.InvalidEmail;
                return(null);
            }

            try
            {
                IUserRepository repo = Repository.Instance.Registered(typeof(User)) as IUserRepository;
                IUser           existingUser;
                if (RequiresUniqueEmail)
                {
                    existingUser = repo.GetAnyUser(username, email); //ctx.IUserSet.Cast<IUser>().FirstOrDefault(u => u.UserName == username || u.Email == email);
                }
                else
                {
                    existingUser = repo.GetUser(username); //ctx.IUserSet.Cast<IUser>().FirstOrDefault(u => u.UserName == username);
                }
                if (existingUser != null)
                {
                    if (existingUser.UserName == username)
                    {
                        status = MembershipCreateStatus.DuplicateUserName;
                    }
                    else
                    {
                        status = MembershipCreateStatus.DuplicateEmail;
                    }
                    return(null);
                }
                User user = (User)Activator.CreateInstance(typeof(User));
                user.UserName = username;
                user.Password = EncryptPassword(password);
                user.Email    = email;
                user.Created  = DateTime.UtcNow;
                user.Modified = DateTime.UtcNow;
                user.Id       = Guid.NewGuid();


                repo.Set(new List <object> {
                    user
                }, new Dictionary <string, object>());
                providerUserKey = user.Id;
                status          = MembershipCreateStatus.Success;
                return(new LightweightMembershipUser(user));
            }
            catch (Exception ex)
            {
                throw new ProviderException("Failed to create user", ex);
            }
        }
        public override string ResetPassword(string username, string answer)
        {
            User user = getProviderUser(username, true);

            if (!EnablePasswordReset)
            {
                throw new Exception("Password reset is not enabled.");
            }

            if (RequiresQuestionAndAnswer && (answer.IsNull() || answer.Length == 0))
            {
                updateFailureCount(user, FailureType.PasswordAnswer);
                throw new Exception("Password answer required.");
            }

            string newPassword = Membership.GeneratePassword(MinRequiredPasswordLength, MinRequiredNonAlphanumericCharacters);

            ValidatePasswordEventArgs args = new ValidatePasswordEventArgs(username, newPassword, true);

            OnValidatingPassword(args);

            if (args.Cancel)
            {
                if (args.FailureInformation != null)
                {
                    throw args.FailureInformation;
                }
                else
                {
                    throw new Exception("Reset password canceled.");
                }
            }

            bool   isLockedOut = false;
            string salt        = String.Empty;
            string dbAnswer    = getPasswordAnswer(username, out isLockedOut, out salt);

            if (isLockedOut)
            {
                throw new Exception(String.Format("Wrong password. Max invalid password attempts {0} has been reached.", MaxInvalidPasswordAttempts));
            }

            if (RequiresQuestionAndAnswer && !validatePassword(answer, dbAnswer, salt))
            {
                updateFailureCount(user, FailureType.PasswordAnswer);
                throw new Exception("Incorrect password answer.");
            }
            user.Password                               = ASCIIEncoding.ASCII.GetBytes(encodePassword(newPassword, salt));
            user.PasswordSalt                           = ASCIIEncoding.ASCII.GetBytes(salt);
            user.PasswordAnswer                         = encodePassword(dbAnswer, salt);
            user.LastPasswordChangedDate                = DateTime.Now;
            user.ResetPasswordOnFirstLogin              = false;
            user.FailedPasswordAttemptCount             = 0;
            user.FailedPasswordAttemptWindowStart       = DateTime.Now;
            user.FailedPasswordAnswerAttemptCount       = 0;
            user.FailedPasswordAnswerAttemptWindowStart = DateTime.Now;
            try
            {
                UsersCollection.Save(user, SafeMode.True);
            }
            catch
            {
                throw new Exception(String.Format("Password {0} not reset.", username));
            }
            return(newPassword);
        }
Exemple #11
0
        public override MembershipUser CreateUser(string username, string password, string email, string passwordQuestion, string passwordAnswer, bool isApproved, object providerUserKey, out MembershipCreateStatus status)
        {
            if (!SecUtility.ValidateParameter(ref password, true, true, false, 0x80))
            {
                status = MembershipCreateStatus.InvalidPassword;
                return(null);
            }
            if (!SecUtility.ValidateParameter(ref username, true, true, true, 0x100))
            {
                status = MembershipCreateStatus.InvalidUserName;
                return(null);
            }
            if (!SecUtility.ValidateParameter(ref email, this.RequiresUniqueEmail, this.RequiresUniqueEmail, false, 0x100))
            {
                status = MembershipCreateStatus.InvalidEmail;
                return(null);
            }
            if (GetUser(username, false) != null)
            {
                status = MembershipCreateStatus.DuplicateUserName;
                return(null);
            }
            if (GetUserNameByEmail(email) != null)
            {
                status = MembershipCreateStatus.DuplicateUserName;
                return(null);
            }
            if (password.Length < this.MinRequiredPasswordLength)
            {
                status = MembershipCreateStatus.InvalidPassword;
                return(null);
            }
            int num = 0;

            for (int i = 0; i < password.Length; i++)
            {
                if (!char.IsLetterOrDigit(password, i))
                {
                    num++;
                }
            }
            if (num < this.MinRequiredNonAlphanumericCharacters)
            {
                status = MembershipCreateStatus.InvalidPassword;
                return(null);
            }
            if ((this.PasswordStrengthRegularExpression.Length > 0) && !Regex.IsMatch(password, this.PasswordStrengthRegularExpression))
            {
                status = MembershipCreateStatus.InvalidPassword;
                return(null);
            }
            ValidatePasswordEventArgs e = new ValidatePasswordEventArgs(username, password, true);

            this.OnValidatingPassword(e);
            if (e.Cancel)
            {
                status = MembershipCreateStatus.InvalidPassword;
                return(null);
            }

            return(CheckedCreateUser(username, password, email, passwordQuestion, passwordAnswer, isApproved, providerUserKey, out status));
        }
    public bool ChangePassword(string username, string newPwd)
    {
        ValidatePasswordEventArgs args = new ValidatePasswordEventArgs(username, newPwd, true);

        OnValidatingPassword(args);

        if (args.Cancel)
            if (args.FailureInformation != null)
                throw args.FailureInformation;
            else
                throw new MembershipPasswordException("Change password canceled due to new password validation failure.");
        int affectesRows = PersonModel.ChangePassword(username, newPwd);
        return affectesRows > 0;
    }
    public override string ResetPassword(string username, string answer)
    {
        if (!EnablePasswordReset)
            {
                throw new NotSupportedException("Password reset is not enabled.");
            }
            if (answer == null && RequiresQuestionAndAnswer)
            {
                throw new ProviderException("Password answer required for password reset.");
            }
            string newPassword =
                System.Web.Security.Membership.GeneratePassword(newPasswordLength, MinRequiredNonAlphanumericCharacters);

            ValidatePasswordEventArgs args =
                new ValidatePasswordEventArgs(username, newPassword, true);
            OnValidatingPassword(args);
            if (args.Cancel)
                if (args.FailureInformation != null)
                    throw args.FailureInformation;
                else
                    throw new MembershipPasswordException("Reset password canceled due to password validation failure.");

            SqlConnection conn = new SqlConnection(connectionString);
            SqlCommand cmd = new SqlCommand("SELECT User_Password FROM T_Users " +
                         " WHERE User_Email = @User_Email", conn);
            cmd.Parameters.Add("@User_Email", SqlDbType.VarChar, 50).Value = username;
            int rowsAffected = 0;
            string passwordAnswer = "";
            SqlDataReader reader = null;
            try
            {
                conn.Open();
                reader = cmd.ExecuteReader(CommandBehavior.SingleRow);
                if (reader.HasRows)
                {
                    reader.Read();
                }
                else
                {
                    throw new MembershipPasswordException("The supplied user name is not found.");
                }
                if (RequiresQuestionAndAnswer && !CheckPassword(answer, passwordAnswer))
                {
                    throw new MembershipPasswordException("Incorrect password answer.");
                }
                SqlCommand updateCmd = new SqlCommand("UPDATE T_Users " +
                        " SET User_Password = @User_Password" +
                        " WHERE User_Email = @User_Email", conn);
                updateCmd.Parameters.Add("@Password", SqlDbType.NVarChar, 50).Value = EncodePassword(newPassword);
                updateCmd.Parameters.Add("@User_Email", SqlDbType.NVarChar, 50).Value = username;
                rowsAffected = updateCmd.ExecuteNonQuery();
            }
            catch (SqlException e)
            {
                if (WriteExceptionsToEventLog)
                {
                    WriteToEventLog(e, "ResetPassword");
                    throw new ProviderException(exceptionMessage);
                }
                else
                {
                    throw e;
                }
            }
            finally
            {
                if (reader != null) { reader.Close(); }
                conn.Close();
            }
            if (rowsAffected > 0)
            {
                return newPassword;
            }
            else
            {
                throw new MembershipPasswordException("User not found, or user is locked out. Password not Reset.");
            }
    }
    //*******************************************************************  CREATE USER OVERRIDE
    public override MembershipUser CreateUser(string username,
                                                     string password,
                                                     string email,
                                                     string passwordQuestion,
                                                     string passwordAnswer,
                                                     bool isApproved,
                                                     object providerUserKey,
                                                     out MembershipCreateStatus status)
    {
        ValidatePasswordEventArgs args = new ValidatePasswordEventArgs(username, password, true);
            OnValidatingPassword(args);
            if (args.Cancel)
            {
                status = MembershipCreateStatus.InvalidPassword;
                return null;
            }
            if (RequiresUniqueEmail && GetUserNameByEmail(email).Length > 0)
            {
                status = MembershipCreateStatus.DuplicateEmail;
                return null;
            }
            MembershipUser u = GetUser(username, false);
            if (u == null)
            {
                DateTime createDate = DateTime.Now;
                SqlConnection conn = new SqlConnection(connectionString);
                SqlCommand cmd = new SqlCommand("INSERT INTO Users " +
                            " (UserEmail, userPwd, roleID, clientID, userCreateDate)" +
                            " Values (@UserEmail, @userPwd, @roleID, @clientID, @userCreateDate)", conn);

                cmd.Parameters.Add("@UserEmail", SqlDbType.NVarChar, 50).Value = email;
                cmd.Parameters.Add("@userPwd", SqlDbType.NVarChar, 15).Value = EncodePassword(password);
                cmd.Parameters.Add("@userCreateDate", SqlDbType.DateTime).Value = createDate;
                cmd.Parameters.Add("@roleID", SqlDbType.Int,4).Value = HttpContext.Current.Session["R_User_roleID"].ToString();
                cmd.Parameters.Add("@clientID", SqlDbType.Int, 4).Value = HttpContext.Current.Session["R_User_clientID"].ToString();

                try
                {
                    conn.Open();
                    int recAdded = cmd.ExecuteNonQuery();
                    if (recAdded > 0)
                    {
                        status = MembershipCreateStatus.Success;
                    }
                    else
                    {
                        status = MembershipCreateStatus.UserRejected;
                    }
                }
                catch (SqlException e)
                {
                    if (WriteExceptionsToEventLog)
                    {
                        WriteToEventLog(e, "CreateUser");
                    }
                    status = MembershipCreateStatus.ProviderError;
                }
                finally
                {
                    conn.Close();
                }
                return GetUser(username, false);
            }
            else
            {
                status = MembershipCreateStatus.DuplicateUserName;
            }
            return null;
    }
    public override MembershipUser CreateUser(string username, string password, string email, string passwordQuestion, string passwordAnswer, bool isApproved, object providerUserKey, out MembershipCreateStatus status)
    {
        var args = new ValidatePasswordEventArgs(username, password, true);
        OnValidatingPassword(args);

        if (args.Cancel)
        {
            status = MembershipCreateStatus.InvalidPassword;
            return null;
        }

        if (!Regex.IsMatch(email, "^([a-zA-Z0-9_\\-\\.]+)@((\\[[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}\\.)|(([a-zA-Z0-9\\-]+\\.)+))([a-zA-Z]{2,4}|[0-9]{1,3})$"))
        {
            status = MembershipCreateStatus.InvalidEmail;
            return null;
        }

        if (RequiresUniqueEmail && GetUserNameByEmail(email) != string.Empty)
        {
            status = MembershipCreateStatus.DuplicateEmail;
            return null;
        }

        var user = GetUser(username, true);

        if (user == null)
        {
            string MD5Pass = GetMd5Hash(password);
            var userObj = new User { ID = username, Name = username, Pass = MD5Pass, Email = email, Question = passwordQuestion, Answer = passwordAnswer,LastLogin = DateTime.Now };

            db.Users.Add(userObj);
            db.SaveChanges();

            status = MembershipCreateStatus.Success;

            return GetUser(username, true);
        }
        status = MembershipCreateStatus.DuplicateUserName;

        return null;
    }
Exemple #16
0
        public override MembershipUser CreateUser(string username, string password, string email,
                                                  string passwordQuestion, string passwordAnswer, bool isApproved,
                                                  object providerUserKey, out MembershipCreateStatus status)
        {
            ValidatePasswordEventArgs args = new ValidatePasswordEventArgs(username, password, true);

            OnValidatingPassword(args);

            if (args.Cancel)
            {
                status = MembershipCreateStatus.InvalidPassword;
                return(null);
            }

            if (_requiresUniqueEmail && GetUserNameByEmail(email) != string.Empty)
            {
                status = MembershipCreateStatus.DuplicateEmail;
                return(null);
            }

            MembershipUser membershipUser = GetUser(username, false);

            if (membershipUser == null)
            {
                DateTime registrado = DateTime.Now;

                if (providerUserKey == null)
                {
                    providerUserKey = Guid.NewGuid();
                }
                else
                {
                    if (!(providerUserKey is Guid))
                    {
                        status = MembershipCreateStatus.InvalidProviderUserKey;
                        return(null);
                    }
                }

                SqlDatabase sqlDatabase = new SqlDatabase(_connectionString);
                DbCommand   dbCommand   = sqlDatabase.GetStoredProcCommand("adm.NlayerSP_RegistrarUsuario");

                sqlDatabase.AddInParameter(dbCommand, "Aplicacion", DbType.String, _applicationName);
                sqlDatabase.AddInParameter(dbCommand, "ProviderUserKey", DbType.Guid, providerUserKey);
                sqlDatabase.AddInParameter(dbCommand, "Login", DbType.String, username);
                sqlDatabase.AddInParameter(dbCommand, "Password", DbType.String, Encode(password));
                sqlDatabase.AddInParameter(dbCommand, "Email", DbType.String, email);
                sqlDatabase.AddInParameter(dbCommand, "PreguntaPassword", DbType.String, passwordQuestion);
                sqlDatabase.AddInParameter(dbCommand, "RespuestaPassword", DbType.String, Encode(passwordAnswer));
                sqlDatabase.AddInParameter(dbCommand, "Comentario", DbType.String, null);
                sqlDatabase.AddInParameter(dbCommand, "UltimaActividad", DbType.DateTime, registrado);
                sqlDatabase.AddInParameter(dbCommand, "UltimaSesion", DbType.DateTime, registrado);
                sqlDatabase.AddInParameter(dbCommand, "UltimoCambioDePassword", DbType.DateTime, registrado);
                sqlDatabase.AddInParameter(dbCommand, "CantidadIntentosFallidosPassword", DbType.Int32, 0);
                sqlDatabase.AddInParameter(dbCommand, "InicioIntentosFallidosPassword", DbType.DateTime, registrado);
                sqlDatabase.AddInParameter(dbCommand, "CantidadIntentosFallidosPregunta", DbType.Int32, 0);
                sqlDatabase.AddInParameter(dbCommand, "InicioIntentosFallidosPregunta", DbType.DateTime, registrado);
                sqlDatabase.AddInParameter(dbCommand, "EstaAprobado", DbType.Boolean, isApproved);
                sqlDatabase.AddInParameter(dbCommand, "EstaBloqueado", DbType.Boolean, false);
                sqlDatabase.AddInParameter(dbCommand, "UltimoBloqueo", DbType.DateTime, registrado);
                sqlDatabase.AddInParameter(dbCommand, "Registrado", DbType.DateTime, registrado);

                using (IDataReader dataReader = sqlDatabase.ExecuteReader(dbCommand))
                {
                    dataReader.Read();
                    membershipUser = GetUserFromDataReader(dataReader);
                }

                status = MembershipCreateStatus.Success;

                return(membershipUser);
            }

            status = MembershipCreateStatus.DuplicateUserName;

            return(null);
        }
Exemple #17
0
        public override MembershipUser CreateUser(string username, string password, string email, string passwordQuestion, string passwordAnswer, bool isApproved, object providerUserKey, out MembershipCreateStatus status)
        {
            if (providerUserKey != null)
            {
                if (!(providerUserKey is Guid))
                {
                    status = MembershipCreateStatus.InvalidProviderUserKey;
                    return(null);
                }
            }
            else
            {
                providerUserKey = Guid.NewGuid();
            }

            var validatePasswordEventArgs = new ValidatePasswordEventArgs(username, password, true);

            OnValidatingPassword(validatePasswordEventArgs);

            if (validatePasswordEventArgs.Cancel)
            {
                status = MembershipCreateStatus.InvalidPassword;
                return(null);
            }

            if (this.RequiresQuestionAndAnswer && !String.IsNullOrWhiteSpace(passwordQuestion))
            {
                status = MembershipCreateStatus.InvalidQuestion;
                return(null);
            }

            if (this.RequiresQuestionAndAnswer && !String.IsNullOrWhiteSpace(passwordAnswer))
            {
                status = MembershipCreateStatus.InvalidAnswer;
                return(null);
            }

            if (this.GetUser(username, false) != null)
            {
                status = MembershipCreateStatus.DuplicateUserName;
                return(null);
            }

            if (this.GetUser(providerUserKey, false) != null)
            {
                status = MembershipCreateStatus.DuplicateProviderUserKey;
                return(null);
            }

            if (this.RequiresUniqueEmail && !String.IsNullOrWhiteSpace(this.GetUserNameByEmail(email)))
            {
                status = MembershipCreateStatus.DuplicateEmail;
                return(null);
            }

            byte[] buffer = new byte[16];
            (new RNGCryptoServiceProvider()).GetBytes(buffer);
            var salt = Convert.ToBase64String(buffer);

            var creationDate = DateTime.UtcNow;

            var bsonDocument = new BsonDocument
            {
                { "_id", (Guid)providerUserKey },
                { "ApplicationName", this.ApplicationName },
                { "CreationDate", creationDate },
                { "Email", email },
                { "FailedPasswordAnswerAttemptCount", 0 },
                { "FailedPasswordAnswerAttemptWindowStart", creationDate },
                { "FailedPasswordAttemptCount", 0 },
                { "FailedPasswordAttemptWindowStart", creationDate },
                { "IsApproved", isApproved },
                { "IsLockedOut", false },
                { "LastActivityDate", creationDate },
                { "LastLockoutDate", new DateTime(1970, 1, 1) },
                { "LastLoginDate", creationDate },
                { "LastPasswordChangedDate", creationDate },
                { "Password", this.EncodePassword(password, this.PasswordFormat, salt) },
                { "PasswordAnswer", this.EncodePassword(passwordAnswer, this.PasswordFormat, salt) },
                { "PasswordQuestion", passwordQuestion },
                { "Salt", salt },
                { "Username", username }
            };

            this.mongoCollection.Insert(bsonDocument);
            status = MembershipCreateStatus.Success;
            return(this.GetUser(username, false));
        }
Exemple #18
0
        public override string ResetPassword(string username, string answer)
        {
            if (!EnablePasswordReset)
            {
                throw new NotSupportedException("El reseteo de password no está disponible.");
            }

            if (answer == null && RequiresQuestionAndAnswer)
            {
                throw new ProviderException("La pregunta de seguridad es obligatoria.");
            }

            string newPassword = Membership.GeneratePassword(NewPasswordLength, _minRequiredNonAlphanumericCharacters);

            ValidatePasswordEventArgs args = new ValidatePasswordEventArgs(username, newPassword, true);

            OnValidatingPassword(args);

            if (args.Cancel)
            {
                if (args.FailureInformation != null)
                {
                    throw args.FailureInformation;
                }
                throw new MembershipPasswordException(
                          "El reseteo del password ha sido cancelado debido a un error en la validación del usuario..");
            }

            SqlDatabase sqlDatabase = new SqlDatabase(_connectionString);
            DbCommand   dbCommand   = sqlDatabase.GetStoredProcCommand("adm.NlayerSP_ResetearPasswordUsuario");

            sqlDatabase.AddInParameter(dbCommand, "Aplicacion", DbType.String, _applicationName);
            sqlDatabase.AddInParameter(dbCommand, "Login", DbType.String, username);
            sqlDatabase.AddInParameter(dbCommand, "NuevoPassword", DbType.String, Encode(newPassword));
            sqlDatabase.AddInParameter(dbCommand, "Respuesta", DbType.String, Encode(answer));
            sqlDatabase.AddInParameter(dbCommand, "IntentosPassword", DbType.Int32, _passwordAttemptWindow);
            sqlDatabase.AddInParameter(dbCommand, "MaximoIntentosFallidos", DbType.Int32, _maxInvalidPasswordAttempts);

            int resultado = (int)sqlDatabase.ExecuteScalar(dbCommand);

            switch (resultado)
            {
            case 0:
                return(newPassword);

            case 1:
                throw new MembershipPasswordException("El usuario no existe.");

            case 2:
                throw new MembershipPasswordException("El usuario se encuentra bloqueado.");

            case 3:
                throw new MembershipPasswordException("El usuario no tiene una respuesta establecida.");

            case 4:
                throw new MembershipPasswordException("Respuesta incorrecta.");
            }

            throw new MembershipPasswordException(
                      "Usuario no existe, o el usuario está bloqueado. El password no ha sido reseteado.");
        }
    public override bool ChangePassword(string username, string oldPwd, string newPwd)
    {
        if (!ValidateUser(username, oldPwd))
                return false;

            ValidatePasswordEventArgs args =
                new ValidatePasswordEventArgs(username, newPwd, true);
            OnValidatingPassword(args);
            if (args.Cancel)
                if (args.FailureInformation != null)
                    throw args.FailureInformation;
                else
                    throw new MembershipPasswordException("Change password canceled due to new password validation failure.");

            SqlConnection conn = new SqlConnection(connectionString);
            SqlCommand cmd = new SqlCommand("UPDATE T_Users " +
                            " SET User_Password = @Password " +
                            " WHERE User_Email = @Username", conn);
            cmd.Parameters.Add("@Password", SqlDbType.NVarChar, 50).Value = EncodePassword(newPwd);
            cmd.Parameters.Add("@Username", SqlDbType.NVarChar, 50).Value = username;
            int rowsAffected = 0;
            try
            {
                conn.Open();
                rowsAffected = cmd.ExecuteNonQuery();
            }
            catch (SqlException e)
            {
                if (WriteExceptionsToEventLog)
                {
                    WriteToEventLog(e, "ChangePassword");
                    throw new ProviderException(exceptionMessage);
                }
                else
                {
                    throw e;
                }
            }
            finally
            {
                conn.Close();
            }
            if (rowsAffected > 0)
            {
                return true;
            }
            return false;
    }
Exemple #20
0
        public override string ResetPassword(string username, string answer)
        {
            if (!EnablePasswordReset)
            {
                throw new MembershipPasswordException(
                          NhibernateMembershipProviderExceptionUtil.FormatExceptionMessage(this,
                                                                                           NHibernateProviderSR.
                                                                                           Pwd_ResetNotEnabled));
            }
            if ((answer == null) && RequiresQuestionAndAnswer)
            {
                UpdateFailureCount(username, FailureType.PasswordAnswer);
                throw new MembershipPasswordException(
                          NhibernateMembershipProviderExceptionUtil.FormatExceptionMessage(this,
                                                                                           NHibernateProviderSR.
                                                                                           Pwd_AnswerRequiredForReset));
            }
            string password = Membership.GeneratePassword(minRequiredPasswordLength,
                                                          MinRequiredNonAlphanumericCharacters);
            var e = new ValidatePasswordEventArgs(username, password, true);

            OnValidatingPassword(e);
            if (e.Cancel)
            {
                if (e.FailureInformation != null)
                {
                    throw e.FailureInformation;
                }
                throw new MembershipPasswordException(
                          NhibernateMembershipProviderExceptionUtil.FormatExceptionMessage(this,
                                                                                           NHibernateProviderSR.
                                                                                           Pwd_ResetCancelledDueToNewPassword));
            }
            SystemUserWrapper user = SystemUserWrapper.GetUserByLoginID(username);

            if (user != null)
            {
                if (user.IsLockedOut)
                {
                    throw new MembershipPasswordException(
                              NhibernateMembershipProviderExceptionUtil.FormatExceptionMessage(this,
                                                                                               NHibernateProviderSR.
                                                                                               User_IsLockedOut));
                }
                if (RequiresQuestionAndAnswer && !CheckPassword(answer, user.PasswordAnswer, user.PasswordSalt))
                {
                    UpdateFailureCount(username, FailureType.PasswordAnswer);
                    throw new MembershipPasswordException(
                              NhibernateMembershipProviderExceptionUtil.FormatExceptionMessage(this,
                                                                                               NHibernateProviderSR.
                                                                                               Pwd_IncorrectAnswer));
                }
                try
                {
                    user.UserPassword           = EncodePassword(password, user.PasswordSalt);
                    user.LastPasswordChangeDate = DateTime.Now;
                    user.LastActivityDate       = DateTime.Now;
                    SystemUserWrapper.SaveOrUpdate(user);
                }
                catch
                {
                    throw new MembershipPasswordException(
                              NhibernateMembershipProviderExceptionUtil.FormatExceptionMessage(this,
                                                                                               NHibernateProviderSR.
                                                                                               Pwd_OpCancelledDueToAccountLocked));
                }
            }
            return(password);
        }
Exemple #21
0
        public override MembershipUser CreateUser(string username, string password, string email, string passwordQuestion, string passwordAnswer, bool isApproved, object providerUserKey, out MembershipCreateStatus status)
        {
            ValidatePasswordEventArgs args = new ValidatePasswordEventArgs(username, password, true);

            OnValidatingPassword(args);
            if (args.Cancel)
            {
                status = MembershipCreateStatus.InvalidPassword;
                return(null);
            }

            if (RequiresUniqueEmail && GetUserNameByEmail(email) != "")
            {
                status = MembershipCreateStatus.DuplicateEmail;
                return(null);
            }

            MembershipUser u = GetUser(username, false);

            if (u == null)
            {
                DateTime createDate = DateTime.Now;


                UserEntity user = new UserEntity();
                user.Username                = username;
                user.Password                = EncodePassword(password);
                user.Email                   = email;
                user.IsAdmin                 = false;
                user.PasswordQuestion        = passwordQuestion;
                user.PasswordAnswer          = passwordAnswer;//EncodePassword(passwordAnswer);
                user.IsApproved              = isApproved;
                user.CreationDate            = createDate;
                user.LastPasswordChangedDate = createDate;
                user.LastActivityDate        = createDate;
                user.IsLockedOut             = false;
                user.LastLockedOutDate       = createDate;

                try
                {
                    RepositoryContext.Current.Users.Save(user);


                    if (Guid.Empty.CompareTo(user.Id) == 0)
                    {
                        status = MembershipCreateStatus.UserRejected;
                    }
                    else
                    {
                        status = MembershipCreateStatus.Success;
                    }
                }
                catch (Exception e)
                {
                    status = MembershipCreateStatus.ProviderError;
                    WlogLogger.Current.Error(e);
                }



                return(GetUser(username, false));
            }
            else
            {
                status = MembershipCreateStatus.DuplicateUserName;
            }
            return(null);
        }
        public override string ResetPassword(string userName, string answer)
        {
            if (!EnablePasswordReset)
            {
                throw new NotSupportedException("Password reset is not enabled.");
            }

            if (answer == string.Empty)
            {
                UpdateAnswerFailureCount(userName);
                throw new ProviderException("Password answer required for password reset.");
            }

            string newPassword = System.Web.Security.Membership.GeneratePassword(NewPasswordLength,
                                                                                 MinRequiredNonAlphanumericCharacters);

            var args = new ValidatePasswordEventArgs(userName, newPassword, true);

            OnValidatingPassword(args);

            if (args.Cancel)
            {
                if (args.FailureInformation != null)
                {
                    throw args.FailureInformation;
                }

                throw new MembershipPasswordException("Reset password canceled due to password validation failure.");
            }

            try
            {
                UserProfile userProfile = _membershipService.GetUserProfileByName(userName);

                if (userProfile.Membership.IsLockedOut)
                {
                    throw new MembershipPasswordException("The supplied user is locked out.");
                }

                var passwordAnswer     = userProfile.Membership.PasswordAnswer;
                var passwordAnswerSalt = userProfile.Membership.PasswordAnswerSalt;

                if (!Verify(answer, passwordAnswer, passwordAnswerSalt))
                {
                    UpdateAnswerFailureCount(userName);
                    throw new MembershipPasswordException("Incorrect password answer.");
                }

                string passwordSalt;
                _membershipService.ChangeUserPassword(userName,
                                                      _encryptionStrategy.Encrypt(newPassword, out passwordSalt),
                                                      passwordSalt,
                                                      DateTime.Now);

                return(newPassword);
            }
            catch (Exception e)
            {
                if (WriteExceptionsToEventLog)
                {
                    WriteToEventLog(e, "ResetPassword");
                }

                throw new ProviderException(ExceptionMessage, e);
            }
        }
    public override MembershipUser CreateUser(String username, String password, String email, String passwordQuestion, String passwordAnswer, Boolean isApproved, object providerUserKey, out MembershipCreateStatus status)
    {
        ValidatePasswordEventArgs args = new ValidatePasswordEventArgs(username, password, true);

        OnValidatingPassword(args);

        if (args.Cancel)
        {
            status = MembershipCreateStatus.InvalidPassword;
            return(null);
        }

        if (RequiresQuestionAndAnswer && String.IsNullOrEmpty(passwordAnswer))
        {
            status = MembershipCreateStatus.InvalidAnswer;
            return(null);
        }

        if (RequiresUniqueEmail)
        {
            if (!IsEmail(email))
            {
                status = MembershipCreateStatus.InvalidEmail;
                return(null);
            }
            if (!String.IsNullOrEmpty(GetUserNameByEmail(email)))
            {
                status = MembershipCreateStatus.DuplicateEmail;
                return(null);
            }
        }

        MembershipUser mUser = GetUser(username, false);

        if (mUser != null)
        {
            status = MembershipCreateStatus.DuplicateUserName;
            return(null);
        }

        using (Session session = XpoHelper.GetNewSession()) {
            XpoUser user = new XpoUser(session)
            {
                ApplicationName  = ApplicationName,
                UserName         = username,
                Password         = EncodePassword(password),
                Email            = email,
                PasswordQuestion = passwordQuestion,
                PasswordAnswer   = EncodePassword(passwordAnswer),
                IsApproved       = isApproved,
                CreationDate     = DateTime.Now,
                FailedPasswordAnswerAttemptCount       = 0,
                FailedPasswordAnswerAttemptWindowStart = DateTime.MinValue,
                IsLockedOut                      = false,
                LastActivityDate                 = DateTime.Now,
                LastLockedOutDate                = DateTime.MinValue,
                FailedPasswordAttemptCount       = 0,
                FailedPasswordAttemptWindowStart = DateTime.MinValue
            };

            user.Save();
            status = MembershipCreateStatus.Success;
        }

        return(GetUser(username, false));
    }
Exemple #24
0
        public override bool ChangePassword(string username, string oldPwd, string newPwd)
        {
            username = Util.GetUserName(username);
            if (!ValidateUser(username, oldPwd))
            {
                return(false);
            }
            var args = new ValidatePasswordEventArgs(username, newPwd, true);

            OnValidatingPassword(args);
            if (args.Cancel)
            {
                if (args.FailureInformation != null)
                {
                    throw args.FailureInformation;
                }
                else
                {
                    throw new MembershipPasswordException("Change password canceled due to new password validation failure.");
                }
            }

            if (!AdminOverride)
            {
                if (newPwd.Length < MinRequiredPasswordLength)
                {
                    throw new ArgumentException($"Password must contain at least {MinRequiredPasswordLength} chars");
                }
                if (MembershipService.RequireSpecialCharacter)
                {
                    if (newPwd.All(char.IsLetterOrDigit))
                    {
                        throw new ArgumentException("Password needs at least 1 non-alphanumeric character");
                    }
                }
                if (MembershipService.RequireOneNumber)
                {
                    if (!newPwd.Any(char.IsDigit))
                    {
                        throw new ArgumentException("Password needs at least 1 number");
                    }
                }
                if (MembershipService.RequireOneUpper)
                {
                    if (!newPwd.Any(char.IsUpper))
                    {
                        throw new ArgumentException("Password needs at least 1 uppercase letter");
                    }
                }
            }

            var db   = GetDb();
            var user = db.Users.Single(u => u.Username == username);

            user.Password                = EncodePassword(newPwd);
            user.MustChangePassword      = false;
            user.LastPasswordChangedDate = Util.Now;
            ApiSessionModel.DeleteSession(db, user);
            db.SubmitChanges();
            return(true);
        }
Exemple #25
0
        /// <summary>
        /// Adds a new membership user to the data source.
        /// </summary>
        /// <param name="username">The user name could be user's email depending on configuration.</param>
        /// <param name="password">The password for the new user.</param>
        /// <param name="email">The e-mail address for the new user.</param>
        /// <param name="passwordQuestion">The password question for the new user.</param>
        /// <param name="passwordAnswer">The password answer for the new user</param>
        /// <param name="isApproved">The new user is always approved no matter the value of this parameter.</param>
        /// <param name="providerUserKey">The unique identifier from the membership data source for the user. Generated if null.</param>
        /// <param name="status">A <see cref="T:System.Web.Security.MembershipCreateStatus"/> enumeration value indicating whether the user was created successfully.</param>
        /// <returns>
        /// A <see cref="T:System.Web.Security.MembershipUser"/> object populated with the information for the newly created user.
        /// </returns>
        public override MembershipUser CreateUser(string username, string password, string email,
                                                  string passwordQuestion, string passwordAnswer,
                                                  bool isApproved, object providerUserKey,
                                                  out MembershipCreateStatus status)
        {
            string domainUsername;

            if (TryGetDomainUser(username, out domainUsername))
            {
                // Username shouldn't contain domain
                status = MembershipCreateStatus.UserRejected;
                return(null);
            }

            var args = new ValidatePasswordEventArgs(domainUsername, password, true);

            OnValidatingPassword(args);

            if (args.Cancel)
            {
                status = MembershipCreateStatus.InvalidPassword;
                return(null);
            }

            Guid userId = Guid.Empty;

            if (providerUserKey != null)
            {
                if (!(providerUserKey is Guid))
                {
                    status = MembershipCreateStatus.InvalidProviderUserKey;
                    return(null);
                }

                userId = (Guid)providerUserKey;
            }

            var request = new CreateCustomerMembershipRequest
            {
                Id               = userId,
                Username         = username,
                Email            = email,
                FirstName        = OvertureMembershipConfiguration.DefaultFirstName, // Required in Overture
                LastName         = OvertureMembershipConfiguration.DefaultLastName,  // Required in Overture
                Password         = password,
                PasswordQuestion = passwordQuestion,
                PasswordAnswer   = passwordAnswer,
                ScopeId          = GetCurrentScope(),
            };

            try
            {
                var createdCustomer = _client.Send(request);

                status = MembershipCreateStatus.Success;

                return(ConvertToMembershipUser(createdCustomer));
            }
            catch (ValidationError ex)
            {
                switch (ex.ErrorCode)
                {
                case "InvalidPassword":
                case "InvalidOperationException":
                    status = MembershipCreateStatus.InvalidPassword;
                    return(null);

                case "PasswordQuestionNoSet":
                    status = MembershipCreateStatus.InvalidQuestion;
                    return(null);

                case "UserNameAlreadyUsed":
                    status = MembershipCreateStatus.DuplicateUserName;
                    return(null);

                default:
                    status = MembershipCreateStatus.UserRejected;
                    return(null);
                }
            }
            catch (WebException ex)
            {
                throw new MembershipCreateUserException(ex.Message, ex);
            }
            catch (WebServiceException ex)
            {
                throw new MembershipCreateUserException(ex.ErrorMessage, ex);
            }
        }
Exemple #26
0
        public override MembershipUser CreateUser(string username,
                                                  string password,
                                                  string email,
                                                  string passwordQuestion,
                                                  string passwordAnswer,
                                                  bool isApproved,
                                                  object providerUserKey,
                                                  out MembershipCreateStatus status)
        {
            username = Util.GetUserName(username);
            var args = new ValidatePasswordEventArgs(username, password, true);

            OnValidatingPassword(args);
            if (args.Cancel)
            {
                status = MembershipCreateStatus.InvalidPassword;
                return(null);
            }
            if (RequiresUniqueEmail && GetUserNameByEmail(email) != "")
            {
                status = MembershipCreateStatus.DuplicateEmail;
                return(null);
            }
            var Db = GetDb();
            var u  = GetUser(username, false);

            if (u == null)
            {
                int?   pid = null;
                Person per = null;
                if (providerUserKey != null && providerUserKey is int)
                {
                    per = Db.People.SingleOrDefault(p => p.PeopleId == (int)providerUserKey);
                }
                else
                {
                    per = Db.People.SingleOrDefault(p => p.EmailAddress == email);
                }

                if (per != null)
                {
                    pid = per.PeopleId;
                }

                var createDate = Util.Now;
                var user       = new User
                {
                    PeopleId = pid,
                    Username = username,
                    //EmailAddress = email,
                    Password                               = EncodePassword(password),
                    PasswordQuestion                       = passwordQuestion,
                    PasswordAnswer                         = EncodePassword(passwordAnswer),
                    IsApproved                             = isApproved,
                    Comment                                = "",
                    CreationDate                           = createDate,
                    LastPasswordChangedDate                = createDate,
                    LastActivityDate                       = createDate,
                    IsLockedOut                            = false,
                    LastLockedOutDate                      = createDate,
                    FailedPasswordAttemptCount             = 0,
                    FailedPasswordAttemptWindowStart       = createDate,
                    FailedPasswordAnswerAttemptCount       = 0,
                    FailedPasswordAnswerAttemptWindowStart = createDate,
                };
                Db.Users.InsertOnSubmit(user);
                Db.SubmitChanges();
                status = MembershipCreateStatus.Success;
                return(GetUser(username, false));
            }
            else
            {
                status = MembershipCreateStatus.DuplicateUserName;
            }
            return(null);
        }
Exemple #27
0
        public override System.Web.Security.MembershipUser CreateUser(string username, string password, string email, string passwordQuestion, string passwordAnswer, bool isApproved, object providerUserKey, out System.Web.Security.MembershipCreateStatus status)
        {
            bool createInactive = true;

            using (var db = new ClimbingContext())
            {
                if (db.UserProfiles.Count(u => u.Name.Equals(username, StringComparison.OrdinalIgnoreCase)) > 0)
                {
                    status = MembershipCreateStatus.DuplicateUserName;
                    return(null);
                }
                if (String.IsNullOrEmpty(password))
                {
                    password = Membership.GeneratePassword(minRequiredPasswordLength + 10, minRequiredNonAlphanumericCharacters + 1);
                }
                else
                {
                    ValidatePasswordEventArgs args = new ValidatePasswordEventArgs(username, password, true);
                    OnValidatingPassword(args);
                    if (args.Cancel)
                    {
                        status = MembershipCreateStatus.InvalidPassword;
                        return(null);
                    }
                }
                if (String.IsNullOrEmpty(email))
                {
                    status = MembershipCreateStatus.InvalidEmail;
                    return(null);
                }
                if (requiresUniqueEmail && db.UserProfiles.Count(u => u.Email.Equals(email, StringComparison.OrdinalIgnoreCase)) > 0)
                {
                    status = MembershipCreateStatus.DuplicateEmail;
                    return(null);
                }
                try
                {
                    string token = null;
                    if (createInactive)
                    {
                        do
                        {
                            token = GenerateToken();
                        }while (db.UserProfiles.Count(p => p.Token.Equals(token, StringComparison.InvariantCultureIgnoreCase)) > 0);
                    }
                    var upm = db.UserProfiles.Create();
                    upm.Name = username;
                    upm.SetPassword(password);
                    upm.Email    = email;
                    upm.Inactive = createInactive;
                    upm.Token    = token;
                    upm.PasswordTokenExpirationTime = null;
                    db.UserProfiles.Add(upm);
                    db.SaveChanges();
                    status = MembershipCreateStatus.Success;
                    return(GetUser(username, false));
                }
                catch
                {
                    status = MembershipCreateStatus.ProviderError;
                    return(null);
                }
            }
        }
Exemple #28
0
        public override MembershipUser CreateUser(string username, string password, string email, string passwordQuestion, string passwordAnswer, bool isApproved, object providerUserKey, out MembershipCreateStatus status)
        {
            var userId = (int)providerUserKey;
            var user   = new UserEntity(userId);

            if (!user.IsNew && !user.LastLoginTime.HasValue)
            {
                if (username.Length >= MinUsernameLength && !username.Contains(" "))
                {
                    if (ValidateNewPassword(password))
                    {
                        var args = new ValidatePasswordEventArgs(username, password, true);
                        OnValidatingPassword(args);
                        if (!args.Cancel)
                        {
                            if (UserUtils.GetByUsername(username) == null)
                            {
                                Transaction transaction = new Transaction(IsolationLevel.ReadCommitted, "user initialization");

                                try
                                {
                                    transaction.Add(user);

                                    user.Username     = username;
                                    user.EmailAddress = email;
                                    SetPassword(user, password, transaction);

                                    user.Save();

                                    transaction.Commit();

                                    status = MembershipCreateStatus.Success;

                                    return(GetUser(username, true));
                                }
                                catch (Exception)
                                {
                                    transaction.Rollback();
                                    status = MembershipCreateStatus.ProviderError;
                                }
                                finally
                                {
                                    transaction.Dispose();
                                }
                            }
                            else
                            {
                                status = MembershipCreateStatus.DuplicateUserName;
                            }
                        }
                        else
                        {
                            status = MembershipCreateStatus.InvalidPassword;
                        }
                    }
                    else
                    {
                        status = MembershipCreateStatus.InvalidPassword;
                    }
                }
                else
                {
                    status = MembershipCreateStatus.InvalidUserName;
                }
            }
            else
            {
                status = MembershipCreateStatus.InvalidProviderUserKey;
            }

            return(null);
        }
Exemple #29
0
        public override MembershipUser CreateUser(string username,
                                                  string password,
                                                  string email,
                                                  string passwordQuestion,
                                                  string passwordAnswer,
                                                  bool isApproved,
                                                  object providerUserKey,
                                                  out MembershipCreateStatus status)
        {
            ValidatePasswordEventArgs args = new ValidatePasswordEventArgs(username, password, true);

            OnValidatingPassword(args);
            if (args.Cancel)
            {
                status = MembershipCreateStatus.InvalidPassword;
                return(null);
            }

            if (RequiresUniqueEmail && !String.IsNullOrEmpty(GetUserNameByEmail(email)))
            {
                status = MembershipCreateStatus.DuplicateEmail;
                return(null);
            }

            MembershipUser u = GetUser(username, false);

            if (u == null)
            {
                DateTime createDate = DateTime.Now;

                if (providerUserKey == null)
                {
                    providerUserKey = Guid.NewGuid();
                }
                else if (!(providerUserKey is Guid))
                {
                    status = MembershipCreateStatus.InvalidProviderUserKey;
                    return(null);
                }

                User user = new User()
                {
                    UserId          = 0,
                    CreateDate      = DateTime.Now,
                    Email           = email,
                    UserName        = username,
                    PasswordHash    = CreatePasswordHash(password),
                    AuthorizatonKey = (Guid)providerUserKey
                };

                int            userId = new UserDAO().Add(user);
                MembershipUser mUser  = getMembershipUserFromDnUser(user);

                if (userId > 0)
                {
                    status = MembershipCreateStatus.Success;
                }
                else
                {
                    status = MembershipCreateStatus.UserRejected;
                }

                return(mUser);
            }
            else
            {
                status = MembershipCreateStatus.DuplicateUserName;
            }
            return(null);
        }
        /// <summary>
        /// Creates a user from the given parameters and settings in the web.config (under the membership section)
        /// </summary>
        /// <param name="username">Kerberos LoginID of the user who created the account (or string.empty)</param>
        /// <param name="password">Password -- complexity determined by web.config settings</param>
        /// <param name="email">Email entered by user</param>
        /// <param name="passwordQuestion"></param>
        /// <param name="passwordAnswer"></param>
        /// <param name="isApproved"></param>
        /// <param name="providerUserKey">Not used since username is always unique, we can look up with UserID when necessary</param>
        /// <param name="status"></param>
        /// <returns>A representation of the current user's membership information</returns>
        public override MembershipUser CreateUser(string username, string password, string email, string passwordQuestion, string passwordAnswer, bool isApproved, object providerUserKey, out MembershipCreateStatus status)
        {
            //if the username is SELFCREATED, set it to empty so that we know it was not created on a Kerberos user's behalf
            if (username == "SELFCREATED")
            {
                username = string.Empty;
            }

            //Make sure the password is non-null or empty (excluding white space)
            if (!SecUtility.ValidateParameter(ref password, true, true, false, 0))
            {
                //If the password is invalid, return the correct status
                status = MembershipCreateStatus.InvalidPassword;
                return(null);
            }

            //Check that the password meets all requirements laid out in the web.config
            if (password.Length < MinRequiredPasswordLength)
            {
                status = MembershipCreateStatus.InvalidPassword;
                return(null);
            }

            int count = 0;

            for (int i = 0; i < password.Length; i++)
            {
                if (!char.IsLetterOrDigit(password, i))
                {
                    count++;
                }
            }

            if (count < MinRequiredNonAlphanumericCharacters)
            {
                status = MembershipCreateStatus.InvalidPassword;
                return(null);
            }

            if (PasswordStrengthRegularExpression.Length > 0)
            {
                if (!Regex.IsMatch(password, PasswordStrengthRegularExpression))
                {
                    status = MembershipCreateStatus.InvalidPassword;
                    return(null);
                }
            }

            //Validate with email as the username
            ValidatePasswordEventArgs e = new ValidatePasswordEventArgs(email, password, true);

            OnValidatingPassword(e);

            if (e.Cancel)
            {
                status = MembershipCreateStatus.InvalidPassword;
                return(null);
            }

            //Generate a salt of length SALT_SIZE_IN_BYTES
            string salt = GenerateSalt();

            //Encodes the password using the method defined in the web.config membership section (clear, hashed, or encrypted)
            //If method = hashed, then the algortihm defined by the HashAlgorithmType key is used
            string encodedPassword = EncodePassword(password, (int)_PasswordFormat, salt);

            //Make sure the password isn't too long (if it is, it will not fit in the database
            if (encodedPassword.Length > 128)
            {
                status = MembershipCreateStatus.InvalidPassword;
                return(null);
            }

            //Check the email, question, answer (only the last two if they are required in the web.config)
            //if (!SecUtility.ValidateParameter(ref username, true, true, true, 255))
            //{
            //    status = MembershipCreateStatus.InvalidUserName;
            //    return null;
            //}

            if (!SecUtility.ValidateParameter(ref email,
                                              RequiresUniqueEmail,
                                              RequiresUniqueEmail,
                                              false,
                                              128))
            {
                status = MembershipCreateStatus.InvalidEmail;
                return(null);
            }

            if (!SecUtility.ValidateParameter(ref passwordQuestion,
                                              RequiresQuestionAndAnswer,
                                              true,
                                              false,
                                              255))
            {
                status = MembershipCreateStatus.InvalidQuestion;
                return(null);
            }

            if (!SecUtility.ValidateParameter(ref passwordAnswer,
                                              RequiresQuestionAndAnswer,
                                              true,
                                              false,
                                              128))
            {
                status = MembershipCreateStatus.InvalidAnswer;
                return(null);
            }

            _dops.ResetDops();
            _dops.Sproc = "usp_InsertAccount";

            _dops.SetParameter("@LoginID", username, "IN"); //KerberosID of user that created this account (null if created by applicant)
            _dops.SetParameter("@Email", email, "IN");
            _dops.SetParameter("@Password", encodedPassword, "IN");
            _dops.SetParameter("@PasswordFormat", (int)PasswordFormat, "IN");
            _dops.SetParameter("@PasswordSalt", salt, "IN");
            _dops.SetParameter("@PasswordQuestion", passwordQuestion, "IN");
            _dops.SetParameter("@PasswordAnswer", passwordAnswer, "IN");
            _dops.SetParameter("@CreateStatus", string.Empty, "OUT");
            _dops.SetParameter("RETURN_VALUE", string.Empty, "RETURN");

            try
            {
                _dops.Execute_Sql();
            }
            catch (SqlException)
            {
                status = MembershipCreateStatus.ProviderError;
                return(null);
            }

            //If the return value is not 0 (success), inspect the error and return it to the user
            if ((int)_dops.GetOutputVariable("RETURN_VALUE") != 0)
            {
                switch ((string)_dops.GetOutputVariable("@CreateStatus"))
                {
                case "InvalidLogin":
                    status = MembershipCreateStatus.DuplicateUserName;
                    break;

                case "InvalidEmail":
                    status = MembershipCreateStatus.DuplicateEmail;
                    break;

                default:
                    status = MembershipCreateStatus.ProviderError;
                    break;
                }

                return(null);
            }
            else
            {
                //No error, so go ahead and return success
                DateTime dt = DateTime.Now;

                status = MembershipCreateStatus.Success;
                return(new MembershipUser(this.Name,
                                          username,
                                          null,
                                          email,
                                          passwordQuestion,
                                          string.Empty,
                                          isApproved,
                                          false,
                                          dt,
                                          dt,
                                          dt,
                                          dt,
                                          DateTime.MinValue));
            }
        }
Exemple #31
0
        public override System.Web.Security.MembershipUser CreateUser(string username, string password, string email, string passwordQuestion, string passwordAnswer, bool isApproved, object providerUserKey, out MembershipCreateStatus status)
        {
            global::SoftFluent.Samples.GED.Security.User user = new global::SoftFluent.Samples.GED.Security.User();
            if (providerUserKey != null)
            {
                if (providerUserKey is System.Guid)
                {
                    user.Id = (System.Guid)providerUserKey;
                }
                else
                {
                    status = MembershipCreateStatus.InvalidProviderUserKey;
                    return(null);
                }
            }

            email = ConvertUtilities.Nullify(email, true);
            if ((email != null) && (email.Length > 256))
            {
                status = MembershipCreateStatus.InvalidEmail;
                return(null);
            }

            if ((email == null) && RequiresUniqueEmail)
            {
                status = MembershipCreateStatus.InvalidEmail;
                return(null);
            }
            user.Email = email;

            password = ConvertUtilities.Nullify(password, true);

            user.PasswordSalt = GenerateSalt();
            string encodedPassword = EncodePassword(password, user.PasswordSalt);

            if ((password == null) || (password.Length > 256))
            {
                status = MembershipCreateStatus.InvalidPassword;
                return(null);
            }
            user.Password = encodedPassword;

            username = ConvertUtilities.Nullify(username, true);
            if ((username == null) || (username.Length > 256))
            {
                status = MembershipCreateStatus.InvalidUserName;
                return(null);
            }
            user.UserName = username;

            DateTime time = DateTime.UtcNow; time = new DateTime(time.Year, time.Month, time.Day, time.Hour, time.Minute, time.Second);


            user.IsLockedOut = false;

            user.LastLoginDate          = time;
            user.LastActivityDate       = time;
            user.LastPasswordChangeDate = time;
            user.LastLockoutDate        = DateTime.MinValue;



            if (password.Length < MinRequiredPasswordLength)
            {
                status = MembershipCreateStatus.InvalidPassword;
                return(null);
            }

            int min = 0;

            for (int i = 0; i < password.Length; i++)
            {
                if (!char.IsLetterOrDigit(password, i))
                {
                    min++;
                }
            }
            if (min < MinRequiredNonAlphanumericCharacters)
            {
                status = MembershipCreateStatus.InvalidPassword;
                return(null);
            }

            if ((!string.IsNullOrEmpty(PasswordStrengthRegularExpression)) &&
                (!Regex.IsMatch(password, PasswordStrengthRegularExpression)))
            {
                status = MembershipCreateStatus.InvalidPassword;
                return(null);
            }

            ValidatePasswordEventArgs e = new ValidatePasswordEventArgs(username, password, true);

            OnValidatingPassword(e);
            if (e.Cancel)
            {
                status = MembershipCreateStatus.InvalidPassword;
                return(null);
            }

            try
            {
                user.Save();
            }
            catch (CodeFluent.Runtime.CodeFluentDuplicateException)
            {
                status = MembershipCreateStatus.DuplicateProviderUserKey;
                return(null);
            }

            status = MembershipCreateStatus.Success;
            return(MembershipUserFromUser(user));
        }
        /// <summary>
        /// Resets a user's password if they have the correct answer to the passwordQuestion
        /// </summary>
        /// <param name="username">Username</param>
        /// <param name="answer">Answer to the users question</param>
        /// <returns>New password as a string</returns>
        public override string ResetPassword(string username, string passwordAnswer)
        {
            if (!EnablePasswordReset)
            {
                throw new NotSupportedException();
            }

            SecUtility.CheckParameter(ref username, true, true, true, 256, "username");

            string salt;
            int    passwordFormat;
            int    status;
            bool   isApproved;

            GetPasswordWithFormat(username, out passwordFormat, out status, out salt, out isApproved);

            //Check to see if there were any problems (may expand later to involve more specific errors)
            if (status != 0) //problem occurred
            {
                throw new ProviderException();
            }

            //We will do encoding of passwords later, will require changes to createUser, ValidateUser, and others
            //string encodedPasswordAnswer;

            //if (!string.IsNullOrEmpty(passwordAnswer))
            //    encodedPasswordAnswer = EncodePassword(passwordAnswer.ToLower(), passwordFormat, salt);
            //else
            //    encodedPasswordAnswer = passwordAnswer;

            if (passwordAnswer != null)
            {
                passwordAnswer = passwordAnswer.Trim();
            }

            SecUtility.CheckParameter(ref passwordAnswer, RequiresQuestionAndAnswer, RequiresQuestionAndAnswer, false, 128, "passwordAnswer");

            string newPassword = GeneratePassword();

            ValidatePasswordEventArgs eventArgs = new ValidatePasswordEventArgs(username, newPassword, false);

            OnValidatingPassword(eventArgs);

            if (eventArgs.Cancel)
            {
                if (eventArgs.FailureInformation != null)
                {
                    throw eventArgs.FailureInformation;
                }
                else
                {
                    throw new ProviderException();
                }
            }

            _dops.ResetDops();
            _dops.Sproc = "usp_ResetPassword";

            _dops.SetParameter("@Email", username, "IN");
            _dops.SetParameter("@NewPassword", EncodePassword(newPassword, (int)passwordFormat, salt), "IN");
            _dops.SetParameter("@PasswordFormat", passwordFormat, "IN");
            _dops.SetParameter("@PasswordSalt", salt, "IN");
            _dops.SetParameter("@PasswordAnswer", passwordAnswer, "IN");
            _dops.SetParameter("RETURN_VALUE", string.Empty, "RETURN");

            _dops.Execute_Sql();

            int success = 1;

            try
            {
                success = (int)_dops.GetOutputVariable("RETURN_VALUE");
            }
            catch (SqlException ex)
            {
                throw new ProviderException(ex.Message, ex);
            }

            //Check to see if there is a problem
            if (success != 0)
            {
                throw new MembershipPasswordException(); //If there is a problem, throw the exception
            }

            return(newPassword);
        }
Exemple #33
0
        public override MembershipUser CreateUser(string username, string password, string email, string passwordQuestion, string passwordAnswer, bool isApproved, object providerUserKey, out MembershipCreateStatus status)
        {
            //Thread Safety
            DbContext DataContext = (DbContext)Activator.CreateInstance(CFMembershipSettings.DataContext);
            DbSet     Users       = DataContext.Set(CFMembershipSettings.UserType);

            status = MembershipCreateStatus.Success;

            MembershipUser user = null;

            if (string.IsNullOrEmpty(username) || string.IsNullOrWhiteSpace(username))
            {
                throw new ArgumentNullException("username");
            }
            if (string.IsNullOrEmpty(password) || string.IsNullOrWhiteSpace(password))
            {
                throw new ArgumentNullException("password");
            }
            if (string.IsNullOrEmpty(email) || string.IsNullOrWhiteSpace(email))
            {
                throw new ArgumentNullException("email");
            }

            if (RequiresQuestionAndAnswer)
            {
                if (string.IsNullOrEmpty(passwordQuestion) || string.IsNullOrWhiteSpace(passwordQuestion))
                {
                    throw new ArgumentNullException("passwordQuestion");
                }
                if (string.IsNullOrEmpty(passwordAnswer) || string.IsNullOrWhiteSpace(passwordAnswer))
                {
                    throw new ArgumentNullException("passwordAnswer");
                }
            }

            if (username.Length > 100)
            {
                status = MembershipCreateStatus.InvalidUserName;
            }

            if (!this.CheckPasswordPolicy(password))
            {
                status = MembershipCreateStatus.InvalidPassword;
            }

            var args = new ValidatePasswordEventArgs(username, password, true);

            OnValidatingPassword(args);
            if (args.Cancel)
            {
                if (args.FailureInformation != null)
                {
                    throw args.FailureInformation;
                }
                status = MembershipCreateStatus.InvalidPassword;
            }

            if (!Regex.IsMatch(email, EmailRegularExpression))
            {
                status = MembershipCreateStatus.InvalidEmail;
            }

            if (UseEmailAsUsername)
            {
                username = email;
            }

            if (RequiresUniqueEmail && GetUserNameByEmail(email).Trim().Length > 0)
            {
                status = MembershipCreateStatus.DuplicateEmail;
            }

            if (GetUser(username, false) != null)
            {
                status = MembershipCreateStatus.DuplicateUserName;
            }

            if (providerUserKey != null && GetUser(providerUserKey, false) != null)
            {
                status = MembershipCreateStatus.DuplicateProviderUserKey;
            }

            if (status == MembershipCreateStatus.Success)
            {
                byte[] passwordSalt, passwordHash;
                Guid   guid;

                HashPassword(password, out passwordSalt, out passwordHash);

                dynamic usr = Activator.CreateInstance(CFMembershipSettings.UserType);

                if (CFMembershipSettings.ProviderKeyType == typeof(Guid) && providerUserKey != null && Guid.TryParse(providerUserKey.ToString(), out guid))
                {
                    usr.UserId = (Guid)providerUserKey;
                }

                //If using SqlServeCE or the UserId is missing the DatabaseGenerated attribute
                //automatically generate keys via code, otherwise allow the server to generate them.
                if (CFMembershipSettings.ProviderKeyType == typeof(Guid) && providerUserKey == null)
                {
                    var info = (CFMembershipSettings.UserType).GetProperty("UserId").GetCustomAttributesData()
                               .SingleOrDefault(item => item.Constructor.ReflectedType.Name == "DatabaseGeneratedAttribute");

                    if (info == null)
                    {
                        usr.UserId = Guid.NewGuid();
                    }
                }

                usr.Username               = username;
                usr.PasswordHash           = passwordHash;
                usr.PasswordSalt           = passwordSalt;
                usr.PasswordQuestion       = passwordQuestion;
                usr.PasswordAnswer         = passwordAnswer;
                usr.DateLastPasswordChange = DateTime.Now;
                usr.DateCreated            = DateTime.Now;
                usr.DateLastActivity       = null;
                usr.DateLastLogin          = null;
                usr.Email      = email;
                usr.Comment    = null;
                usr.IsApproved = isApproved;

                try
                {
                    Users.Add(usr);
                }
                catch (Exception)
                {
                    status = MembershipCreateStatus.UserRejected;
                }
                try
                {
                    DataContext.SaveChanges();
                }
                catch (Exception)
                {
                    status = MembershipCreateStatus.ProviderError;
                }

                user = GetUser(usr.UserId, false);
            }

            DataContext.Dispose();

            return(user);
        }
        /// <summary>
        /// Changes a users password after checking that they know their old password
        /// </summary>
        /// <param name="username">Username</param>
        /// <param name="oldPassword">The old password in the system</param>
        /// <param name="newPassword">The desired new password</param>
        /// <returns>True if the change succeeds, otherwise false</returns>
        public override bool ChangePassword(string username, string oldPassword, string newPassword)
        {
            SecUtility.CheckParameter(ref username, true, true, true, 256, "username");
            SecUtility.CheckParameter(ref oldPassword, true, true, false, 128, "oldPassword");
            SecUtility.CheckParameter(ref newPassword, true, true, false, 128, "newPassword");

            int status;

            //Return false if the old password is not correct
            if (!CheckPassword(username, oldPassword, out status))
            {
                return(false);
            }

            //Make sure the new password meets password length requirements
            if (newPassword.Length < MinRequiredPasswordLength)
            {
                throw new ArgumentException();
            }

            int count = 0;

            //Check the number of non-alpha numeric chars
            for (int i = 0; i < newPassword.Length; i++)
            {
                if (!char.IsLetterOrDigit(newPassword, i))
                {
                    count++;
                }
            }

            if (count < MinRequiredNonAlphanumericCharacters)
            {
                throw new ArgumentException();
            }

            //If we are using a regular expression, make sure the password passes
            if (PasswordStrengthRegularExpression.Length > 0)
            {
                if (!Regex.IsMatch(newPassword, PasswordStrengthRegularExpression))
                {
                    throw new ArgumentException();
                }
            }

            string salt = GenerateSalt();

            //Encode password using new salt and password format settings
            string pass = EncodePassword(newPassword, (int)_PasswordFormat, salt);

            if (pass.Length > 128)
            {
                throw new ArgumentException();
            }

            //Raise the OnValidatingPassword() function so someone can hook into it if they want
            ValidatePasswordEventArgs e = new ValidatePasswordEventArgs(username, newPassword, false);

            OnValidatingPassword(e);

            if (e.Cancel)
            {
                if (e.FailureInformation != null)
                {
                    throw e.FailureInformation;
                }
                else
                {
                    throw new ArgumentException();
                }
            }

            _dops.ResetDops();
            _dops.Sproc = "usp_ChangePassword";

            _dops.SetParameter("@Email", username, "IN");
            _dops.SetParameter("@NewPassword", pass, "IN");
            _dops.SetParameter("@PasswordFormat", (int)_PasswordFormat, "IN");
            _dops.SetParameter("@PasswordSalt", salt, "IN");
            _dops.SetParameter("RETURN_VALUE", string.Empty, "RETURN");

            try
            {
                _dops.Execute_Sql();
            }
            catch (SqlException ex)
            {
                throw new ProviderException(ex.Message, ex);
            }

            int result = (int)_dops.GetOutputVariable("RETURN_VALUE");

            //Check to see if there is a problem
            if (result != 0)
            {
                throw new MembershipPasswordException(); //If there is a problem, throw the exception
            }

            return(true);
        }
    public override MembershipUser CreateUser(string username, string password, string email, string passwordQuestion, string passwordAnswer, bool isApproved, object providerUserKey, out MembershipCreateStatus status)
    {
        ValidatePasswordEventArgs args = new ValidatePasswordEventArgs(username,
                                                                        password,
                                                                        true);

        OnValidatingPassword(args);

        if (args.Cancel)
        {
            status = MembershipCreateStatus.InvalidPassword;
            return null;
        }

        if (RequiresUniqueEmail && GetUserNameByEmail(email) != "")
        {
            status = MembershipCreateStatus.DuplicateEmail;
            return null;
        }

        MembershipUser u = GetUser(username, false);

        if (u == null)
        {
            UserModel _user = new UserModel();

            _user.CreateUser(username, password, email);
            status = MembershipCreateStatus.Success;

            return GetUser(username, false);
        }
        else
        {
            status = MembershipCreateStatus.DuplicateUserName;
        }

        return null;
    }
        public override MembershipUser CreateUser(string username, string password, string email, string passwordQuestion, string passwordAnswer, bool isApproved, object providerUserKey, out MembershipCreateStatus status)
        {
            if (providerUserKey == null)
            {
                providerUserKey = Guid.NewGuid();
            }

            var validatePasswordEventArgs = new ValidatePasswordEventArgs(username, password, true);

            OnValidatingPassword(validatePasswordEventArgs);

            if (validatePasswordEventArgs.Cancel)
            {
                status = MembershipCreateStatus.InvalidPassword;
                return(null);
            }

            if (RequiresQuestionAndAnswer)
            {
                if (passwordQuestion.IsNullOrWhiteSpace())
                {
                    status = MembershipCreateStatus.InvalidQuestion;
                    return(null);
                }
                if (passwordAnswer.IsNullOrWhiteSpace())
                {
                    status = MembershipCreateStatus.InvalidAnswer;
                    return(null);
                }
            }

            if (GetUser(username, false) != null)
            {
                status = MembershipCreateStatus.DuplicateUserName;
                return(null);
            }

            if (GetUser(providerUserKey, false) != null)
            {
                status = MembershipCreateStatus.DuplicateProviderUserKey;
                return(null);
            }

            if (RequiresUniqueEmail && !GetUserNameByEmail(email).IsNullOrWhiteSpace())
            {
                status = MembershipCreateStatus.DuplicateEmail;
                return(null);
            }

            var buffer = new byte[16];

            buffer.RngGenerator();
            var passwordSalt = buffer.ToBase64String();

            var createDate = DateTime.UtcNow;
            var user       = new User
            {
                Id = providerUserKey.ToString(),
                ApplicationName = ApplicationName,
                CreateDate      = createDate,
                EmailLowercase  = email?.ToLowerInvariant(),
                Email           = email,
                FailedPasswordAnswerAttemptCount       = 0,
                FailedPasswordAnswerAttemptWindowStart = createDate,
                FailedPasswordAttemptCount             = 0,
                FailedPasswordAttemptWindowStart       = createDate,
                IsApproved              = isApproved,
                IsDeleted               = false,
                IsLockedOut             = false,
                LastActivityDate        = createDate,
                LastLockedOutDate       = new DateTime(1970, 1, 1),
                LastLoginDate           = createDate,
                LastPasswordChangedDate = createDate,
                Password          = Encode(password, passwordSalt),
                PasswordAnswer    = Encode(passwordAnswer, passwordSalt),
                PasswordQuestion  = passwordQuestion,
                PasswordSalt      = passwordSalt,
                UsernameLowercase = username?.ToLowerInvariant(),
                Username          = username
            };

            mongoGateway.CreateUser(user);
            status = MembershipCreateStatus.Success;
            return(GetUser(username, false));
        }
    public override MembershipUser CreateUser(string username, string password, string email, string passwordQuestion, string passwordAnswer, bool isApproved, object providerUserKey, out MembershipCreateStatus status)
    {
        var args = new ValidatePasswordEventArgs(username, password, true);
        OnValidatingPassword(args);

        if (args.Cancel)
        {
            status = MembershipCreateStatus.InvalidPassword;
            return null;
        }

        if (RequiresUniqueEmail && GetUserNameByEmail(email) != string.Empty)
        {
            status = MembershipCreateStatus.DuplicateEmail;
            return null;
        }

        var user = GetUser(username, true);

        if (user == null)
        {
            //var userObj = new NguoiDung { Username = username, Password = GetMd5Hash(password), Email = email };
            var userObj = new NguoiDung { Username = username, Password = password, Email = email };

            db.NguoiDungs.InsertOnSubmit(userObj);
            db.SubmitChanges();

            status = MembershipCreateStatus.Success;

            return GetUser(username, true);
        }
        status = MembershipCreateStatus.DuplicateUserName;

        return null;
    }
    public override bool ChangePassword(string username, string oldPassword, string newPassword)
    {
        ValidatePasswordEventArgs args = new ValidatePasswordEventArgs(username, oldPassword, true);
        OnValidatingPassword(args);

        if (args.Cancel)
        {
            return false;
        }

        MembershipUser acc = GetUser(username, false);
        if (acc != null)
        {
            AccountRepository _account = new AccountRepository();
            if (_account.ChangePassword(username, newPassword))
            {
                return true;
            }
        }

        return false;
    }