/// <summary>
/// Creates a new random BookCode for the given provider.
/// Its size is 64 or lower ever, suitable for the database field.
/// </summary>
/// <param name="userID"></param>
/// <param name="positionID"></param>
/// <returns></returns>
public static string GenerateBookCode(int userID)
{
var r = LcEncryptor.GenerateRandomToken(userID.ToString() + "_");
r = ASP.LcHelpers.GetLastStringChars(r, 64);
return(r);
}
/// <summary>
/// Check a user autologinkey to performs the automatic login if
/// match.
/// If success, the request continue being processing but with a
/// new session and new authentication cookie being sent in the response.
/// If no user, no key matches, just continue without auth session, the code after this
/// must check if authentication is effective (with WebSecurity.IsAuthenticated, for example);
/// even on fail, it ends current session (anyway, at the beggining).
/// </summary>
/// <param name="userid"></param>
/// <param name="autologinkey"></param>
public static void Autologin(string userid, string autologinkey)
{
// Clear current session to avoid conflicts:
if (HttpContext.Current.Session != null)
{
HttpContext.Current.Session.Clear();
}
using (var db = Database.Open("sqlloco"))
{
// Get user email by userid
var userEmail = db.QueryValue(@"
SELECT email
FROM userprofile
WHERE userid = @0
", userid);
// Invalid ID? Out
if (String.IsNullOrEmpty(userEmail))
{
return;
}
if (IsAccountLockedOut(userEmail))
{
throw new ConstraintException(AccountLockedErrorMessage);
}
var p = db.QueryValue(@"
SELECT Password
FROM webpages_Membership
WHERE UserId=@0
", userid);
// No password saved? out! (avoid exception with encryptor later)
if (String.IsNullOrEmpty(p))
{
return;
}
// If auto
// TODO For performance and security, save a processed autologinkey in database
// and check against that rather than do this tasks every time; auto compute on
// any password change.
// Check if autologinkey and password (encrypted and then converted for url) match
if (autologinkey == LcEncryptor.ConvertForURL(LcEncryptor.Encrypt(p)))
{
// Autologin Success
// New authentication cookie: Logged!
System.Web.Security.FormsAuthentication.SetAuthCookie(userEmail, false);
LcData.UserInfo.RegisterLastLoginTime(userid.AsInt(), userEmail);
}
}
}
/// <summary>
/// Get the key that enable the user to autologged from url, to
/// be used by email templates.
/// </summary>
/// <param name="userid"></param>
/// <returns></returns>
public static string GetAutologinKey(int userid)
{
try
{
using (var db = Database.Open("sqlloco"))
{
var p = db.QueryValue(@"
SELECT Password
FROM webpages_Membership
WHERE UserId=@0
", userid);
return(LcEncryptor.ConvertForURL(LcEncryptor.Encrypt(p)));
}
}
catch { }
return(null);
}
/// <summary>
/// Creates a unique authorization token for a user using its ID and password.
/// #827
/// The internal generation of the token is based on the original Autologin, using encryption
/// of the (already) encrypted password made suitable for use in URL, but on this case it
/// includes the userID along the password as the text to encrypt and adapt.
/// Length of the result is ever 216 ASCII characters.
/// </summary>
/// <param name="userid"></param>
/// <returns></returns>
public static string CreateTokenFromUserPassword(int userID)
{
try
{
using (var db = Database.Open("sqlloco"))
{
var p = db.QueryValue(@"
SELECT Password
FROM webpages_Membership
WHERE UserId=@0
", userID);
return(LcEncryptor.ConvertForURL(LcEncryptor.Encrypt(userID.ToString() + "::::" + p)));
}
}
catch { }
return(null);
}
/// <summary>
/// Creates a token based on a new GUID and the userID.
/// Benefit from CreateTokenFromUserPassword, this is different any time is generated.
/// Note: using GUID should not require adding the userID, even maybe don't use an encryption and
/// sanitization for URL, but just reusing that until be sure
/// </summary>
/// <param name="userID"></param>
/// <returns></returns>
public static string CreateUserGuidToken(int userID)
{
var guid = Guid.NewGuid();
return(LcEncryptor.ConvertForURL(LcEncryptor.Encrypt(userID.ToString() + "::::" + guid)));
}