/// <summary> /// Update the user. /// </summary> /// <param name="user">The membership user.</param> public void UpdateUser(System.Web.Security.MembershipUser user) { // Get the user data. Nequeo.DataAccess.CloudInteraction.Data.User userData = GetSpecificUser(user.UserName); // Update the user. if (user != null) { new Nequeo.DataAccess.CloudInteraction.Data.Extension.User(). Update.UpdateItemPredicate( new Data.User() { Password = userData.Password, PasswordAnswer = userData.PasswordAnswer, Email = user.Email, LastLoginDate = user.LastLoginDate, LoggedIn = user.IsOnline, UserSuspended = user.IsLockedOut, LastActivityDate = user.LastActivityDate, PasswordQuestion = user.PasswordQuestion, LastPasswordChangedDate = user.LastPasswordChangedDate, UserSuspendedDate = user.LastLockoutDate, Comments = user.Comment }, u => (u.Username == user.UserName) && (u.ApplicationName == ApplicationName) ); } }
/// <summary> /// Change password question and answer. /// </summary> /// <param name="username">The username.</param> /// <param name="password">The password.</param> /// <param name="newPasswordQuestion">The new password question.</param> /// <param name="newPasswordAnswer">The new password question.</param> /// <returns>True if complete; else false.</returns> public bool ChangePasswordQuestionAndAnswer(string username, string password, string newPasswordQuestion, string newPasswordAnswer) { // Validate the user. if (!ValidateUser(username, password)) { return(false); } bool ret = false; // Get the user data. Nequeo.DataAccess.CloudInteraction.Data.User user = GetSpecificUser(username); // User exists. if (user != null) { // Update the question and answer. ret = new Nequeo.DataAccess.CloudInteraction.Data.Extension.User(). Update.UpdateItemPredicate( new Data.User() { Password = user.Password, PasswordQuestion = newPasswordQuestion, PasswordAnswer = newPasswordAnswer }, u => (u.Username == username) && (u.ApplicationName == ApplicationName) ); } // Return the result. return(ret); }
/// <summary> /// Get the specific user for the current application. /// </summary> /// <param name="username">The user username.</param> /// <param name="password">The user password.</param> /// <returns>The user; else null.</returns> protected Nequeo.DataAccess.CloudInteraction.Data.User GetSpecificUser(string username, string password) { // Get the client data. Nequeo.DataAccess.CloudInteraction.Data.Extension.User userExt = new Nequeo.DataAccess.CloudInteraction.Data.Extension.User(); Nequeo.DataAccess.CloudInteraction.Data.User user = userExt.Select.SelectDataEntity(u => (u.Username == username) && (u.Password == password)); // Return the user. return(user); }
/// <summary> /// Get the specific user for the current application. /// </summary> /// <param name="userID">The userID.</param> /// <returns>The user; else null.</returns> protected Nequeo.DataAccess.CloudInteraction.Data.User GetSpecificUser(long userID) { // Get the client data. Nequeo.DataAccess.CloudInteraction.Data.Extension.User userExt = new Nequeo.DataAccess.CloudInteraction.Data.Extension.User(); Nequeo.DataAccess.CloudInteraction.Data.User user = userExt.Select.SelectDataEntity(u => (u.UserID == userID)); // Return the user. return(user); }
/// <summary> /// Get the specific user for the current application. /// </summary> /// <param name="username">The username.</param> /// <returns>The user; else null.</returns> private Nequeo.DataAccess.CloudInteraction.Data.User GetSpecificUser(string username) { // Get the user data. Nequeo.DataAccess.CloudInteraction.Data.Extension.User userExt = new Nequeo.DataAccess.CloudInteraction.Data.Extension.User(); Nequeo.DataAccess.CloudInteraction.Data.User user = userExt.Select.SelectDataEntity( u => (u.Username == username) && (u.ApplicationName == ApplicationName) ); // Return the user. return(user); }
/// <summary> /// Reset password. /// </summary> /// <param name="username">The username.</param> /// <param name="answer">The answer.</param> /// <returns>The new password.</returns> public string ResetPassword(string username, string answer) { // Get the user data. Nequeo.DataAccess.CloudInteraction.Data.User user = GetSpecificUser(username); if (!EnablePasswordReset) { throw new NotSupportedException("Password reset is not enabled."); } if (user == null) { throw new NotSupportedException("The supplied user name has not been found."); } // If a password answer is required. if (answer == null && RequiresQuestionAndAnswer) { UpdateFailureCount(username, "passwordAnswer", user); throw new Exception("Password answer required for password reset."); } // Generate the new password. string newPassword = System.Web.Security.Membership.GeneratePassword(MinRequiredPasswordLength, MinRequiredNonAlphanumericCharacters); // If a password answer is required. if (RequiresQuestionAndAnswer && !CheckPassword(answer, user.PasswordAnswer)) { UpdateFailureCount(username, "passwordAnswer", user); throw new Exception("Incorrect password answer."); } // Update the password. user.Password = newPassword; user.LastPasswordChangedDate = DateTime.Now; bool ret = new Nequeo.DataAccess.CloudInteraction.Data.Extension.User().Update.UpdateItem(user); // Return the password. if (ret) { return(newPassword); } else { throw new Exception("User not found, or user is locked out. Password not Reset."); } }
/// <summary> /// Unlock the user. /// </summary> /// <param name="userName">The username.</param> /// <returns>True if complete; else false.</returns> public bool UnlockUser(string userName) { bool ret = false; // Get the user data. Nequeo.DataAccess.CloudInteraction.Data.User user = GetSpecificUser(userName); // Update the user. if (user != null) { user.UserSuspended = false; ret = new Nequeo.DataAccess.CloudInteraction.Data.Extension.User().Update.UpdateItem(user); } // Return the result. return(ret); }
/// <summary> /// Get password. /// </summary> /// <param name="username">The username.</param> /// <param name="answer">The answer.</param> /// <returns>The password.</returns> public string GetPassword(string username, string answer) { string password = ""; string passwordAnswer = ""; if (!EnablePasswordRetrieval) { throw new Exception("Password Retrieval Not Enabled."); } if (PasswordFormat == System.Web.Security.MembershipPasswordFormat.Hashed) { throw new Exception("Cannot retrieve Hashed passwords."); } // Get the user data. Nequeo.DataAccess.CloudInteraction.Data.User user = GetSpecificUser(username); if (user == null) { throw new NotSupportedException("The supplied user name has not been found."); } // Assing the password data. password = user.Password; passwordAnswer = user.PasswordAnswer; // If a password answer is required. if (RequiresQuestionAndAnswer && !CheckPassword(answer, passwordAnswer)) { UpdateFailureCount(username, "passwordAnswer", user); throw new Exception("Incorrect password answer."); } // Unencode the password. if (PasswordFormat == System.Web.Security.MembershipPasswordFormat.Encrypted) { password = UnEncodePassword("", password); } // Return the password. return(password); }
/// <summary> /// Validate the user. /// </summary> /// <param name="username">The username.</param> /// <param name="password">The password.</param> /// <returns>True if complete; else false.</returns> public bool ValidateUser(string username, string password) { bool isValid = false; // Attempt to validate the user. Nequeo.DataAccess.CloudInteraction.Data.User user = GetSpecificUser(username); // User maybe suspended (LockedOut). if (user != null) { // If user is suspended. if (user.UserSuspended) { isValid = false; } else { // Check the password format. if (CheckPassword(password, user.Password)) { // If the user has been approved. if (user.IsApproved) { // User is valid. isValid = true; // Update the user data. user.LastLoginDate = DateTime.Now; new Nequeo.DataAccess.CloudInteraction.Data.Extension.User().Update.UpdateItem(user); } } else { UpdateFailureCount(username, "password", user); } } } // Return true if valid else false. return(isValid); }
/// <summary> /// Get user. /// </summary> /// <param name="username">The username.</param> /// <param name="userIsOnline">Is the user online.</param> /// <returns>The membership user.</returns> public System.Web.Security.MembershipUser GetUser(string username, bool userIsOnline) { System.Web.Security.MembershipUser memShipUser = null; // Get the user data. Nequeo.DataAccess.CloudInteraction.Data.User user = GetSpecificUser(username); // Make sure that the user exists. if (user != null) { // Create the membership user. memShipUser = new System.Web.Security.MembershipUser( ProviderName, username, user.UserID, user.Email, user.PasswordQuestion, user.Comments, user.IsApproved, user.UserSuspended, user.CreationDate, user.LastLoginDate, user.LastActivityDate, user.LastPasswordChangedDate, user.UserSuspendedDate); // If user is on line. if (userIsOnline) { user.LastActivityDate = DateTime.Now; bool ret = new Nequeo.DataAccess.CloudInteraction.Data.Extension.User().Update.UpdateItem(user); } } // Return the membership user. return(memShipUser); }
/// <summary> /// Update the current user failure count. /// </summary> /// <param name="username">The username.</param> /// <param name="failureType">The failure type.</param> /// <param name="user">The current user.</param> private void UpdateFailureCount(string username, string failureType, Nequeo.DataAccess.CloudInteraction.Data.User user) { DateTime windowStart = new DateTime(); int failureCount = 0; // Get the failure type 'Password' if (failureType == "password") { failureCount = user.FailedPasswordAttemptCount; windowStart = user.FailedPasswordAttemptWindowStart; } // Get the failure type 'Password Answer' if (failureType == "passwordAnswer") { failureCount = user.FailedPasswordAnswerAttemptCount; windowStart = user.FailedPasswordAnswerAttemptWindowStart; } // Get the number of minutes to lockout the user // from getting the password again. DateTime windowEnd = windowStart.AddMinutes(PasswordAttemptWindow); // First password failure or outside of PasswordAttemptWindow. // Start a new password failure count from 1 and a new window starting now. if (failureCount == 0 || DateTime.Now > windowEnd) { // Get the failure type 'Password' if (failureType == "password") { user.FailedPasswordAttemptCount = 1; user.FailedPasswordAttemptWindowStart = DateTime.Now; new Nequeo.DataAccess.CloudInteraction.Data.Extension.User().Update.UpdateItem(user); } // Get the failure type 'Password Answer' if (failureType == "passwordAnswer") { user.FailedPasswordAnswerAttemptCount = 1; user.FailedPasswordAnswerAttemptWindowStart = DateTime.Now; new Nequeo.DataAccess.CloudInteraction.Data.Extension.User().Update.UpdateItem(user); } } else { // Password attempts have exceeded the failure threshold. Lock out the user. if (failureCount++ >= MaxInvalidPasswordAttempts) { user.UserSuspended = true; user.UserSuspendedDate = DateTime.Now; new Nequeo.DataAccess.CloudInteraction.Data.Extension.User().Update.UpdateItem(user); } else { // Get the failure type 'Password' if (failureType == "password") { user.FailedPasswordAttemptCount = failureCount; new Nequeo.DataAccess.CloudInteraction.Data.Extension.User().Update.UpdateItem(user); } // Get the failure type 'Password Answer' if (failureType == "passwordAnswer") { user.FailedPasswordAnswerAttemptCount = failureCount; new Nequeo.DataAccess.CloudInteraction.Data.Extension.User().Update.UpdateItem(user); } } } }