private static void SetPasswordFieldsInt(IUserFormLogin user, string password)
{
var salt = GenerateHashSalt();
user.PasswordHashSalt = Convert.ToBase64String(salt);
user.PasswordHash = GeneratePasswordHash(password, salt);
}
private static void SavePasswordHistory(IUserFormLogin userFormLogin)
{
if (string.IsNullOrEmpty(userFormLogin.PasswordHash) || PasswordPolicyFacade.PasswordHistoryLength <= 0)
{
return;
}
var passwordHistoryRecord = DataFacade.BuildNew<IUserPasswordHistory>();
passwordHistoryRecord.Id = Guid.NewGuid();
passwordHistoryRecord.UserId = userFormLogin.UserId;
passwordHistoryRecord.SetDate = userFormLogin.LastPasswordChangeDate;
passwordHistoryRecord.PasswordSalt = userFormLogin.PasswordHashSalt;
passwordHistoryRecord.PasswordHash = userFormLogin.PasswordHash;
DataFacade.AddNew(passwordHistoryRecord);
// Cleaning up old history records
Guid userId = userFormLogin.UserId;
var passwordDataToBeRemoved = DataFacade.GetData<IUserPasswordHistory>()
.Where(uph => uph.UserId == userId)
.OrderByDescending(uph => uph.SetDate).Skip(PasswordPolicyFacade.PasswordHistoryLength).ToList();
if (passwordDataToBeRemoved.Any())
{
DataFacade.Delete((IEnumerable<IData>) passwordDataToBeRemoved);
}
}
/// <summary>
/// Sets a password for a user, preserving password history.
/// </summary>
/// <param name="userFormLogin">The user form login data.</param>
/// <param name="password">The new password.</param>
public static void SetPassword(IUserFormLogin userFormLogin, string password)
{
Verify.ArgumentNotNullOrEmpty(password, "password");
SavePasswordHistory(userFormLogin);
SetPasswordFieldsInt(userFormLogin, password);
userFormLogin.LastPasswordChangeDate = DateTime.Now;
DataFacade.Update(userFormLogin);
}
/// <summary>
/// Validates user's password.
/// </summary>
/// <param name="user"></param>
/// <param name="password"></param>
/// <returns></returns>
public static bool ValidatePassword(IUserFormLogin user, string password)
{
if (user.PasswordHash.IsNullOrEmpty())
{
return false;
}
if (user.PasswordHashSalt.IsNullOrEmpty())
{
return false;
}
byte[] salt = Convert.FromBase64String(user.PasswordHashSalt);
return user.PasswordHash == GeneratePasswordHash(password, salt);
}
private void LockUser(IUserFormLogin userFormLogin)
{
userFormLogin.IsLocked = true;
userFormLogin.LockoutReason = (int) UserLockoutReason.TooManyFailedLoginAttempts;
DataFacade.Update(userFormLogin);
}
