/// <summary>
/// Resets a user's password to a new, automatically generated password.
/// </summary>
/// <returns>
/// The new password for the specified user.
/// </returns>
/// <param name="username">The user to reset the password for. </param><param name="answer">The password answer for the specified user. </param>
public override string ResetPassword(string username, string answer)
{
if (!PasswordPolicy.IsPasswordResetEnabled)
{
throw new NotSupportedException("Password reset is not supported.");
}
var user = AccountRepository.Get(username);
if (PasswordPolicy.IsPasswordQuestionRequired && answer == null)
{
throw new MembershipPasswordException("Password answer is empty and question/answer is required.");
}
if (PasswordPolicy.IsPasswordQuestionRequired &&
!user.PasswordAnswer.Equals(answer, StringComparison.OrdinalIgnoreCase))
{
return(null);
}
var newPassword = PasswordStrategy.GeneratePassword(PasswordPolicy);
ValidatePassword(username, newPassword);
var info = new AccountPasswordInfo(username, newPassword);
user.Password = PasswordStrategy.Encrypt(info);
user.PasswordSalt = info.PasswordSalt;
AccountRepository.Update(user);
return(newPassword);
}
/// <summary>
/// Processes a request to update the password question and answer for a membership user.
/// </summary>
/// <returns>
/// true if the password question and answer are updated successfully; otherwise, false.
/// </returns>
/// <param name="username">The user to change the password question and answer for. </param><param name="password">The password for the specified user. </param><param name="newPasswordQuestion">The new password question for the specified user. </param><param name="newPasswordAnswer">The new password answer for the specified user. </param>
public override bool ChangePasswordQuestionAndAnswer(string username, string password,
string newPasswordQuestion, string newPasswordAnswer)
{
var account = AccountRepository.Get(username);
if (account == null)
{
return(false);
}
var info = new AccountPasswordInfo(username, account.Password)
{
PasswordSalt = account.PasswordSalt
};
if (PasswordStrategy.Compare(info, password))
{
return(false);
}
account.PasswordQuestion = newPasswordAnswer;
account.PasswordAnswer = newPasswordAnswer;
AccountRepository.Update(account);
return(true);
}
/// <summary>
/// Adds a new membership user to the data source.
/// </summary>
/// <returns>
/// A <see cref="T:System.Web.Security.MembershipUser"/> object populated with the information for the newly created user.
/// </returns>
/// <param name="username">The user name for the new user. </param><param name="password">The password for the new user. </param><param name="email">The e-mail address for the new user.</param><param name="passwordQuestion">The password question for the new user.</param><param name="passwordAnswer">The password answer for the new user</param><param name="isApproved">Whether or not the new user is approved to be validated.</param><param name="providerUserKey">The unique identifier from the membership data source for the user.</param><param name="status">A <see cref="T:System.Web.Security.MembershipCreateStatus"/> enumeration value indicating whether the user was created successfully.</param>
public override MembershipUser CreateUser(string username, string password, string email,
string passwordQuestion, string passwordAnswer, bool isApproved,
object providerUserKey, out MembershipCreateStatus status)
{
if (AccountRepository.IsUniqueEmailRequired && AccountRepository.GetUserNameByEmail(email) != null)
{
status = MembershipCreateStatus.DuplicateEmail;
return(null);
}
if (AccountRepository.Get(username) != null)
{
status = MembershipCreateStatus.DuplicateUserName;
return(null);
}
try
{
ValidatePassword(username, password);
}
catch
{
// not the smoothest approach, but the best
// considering the inconsistent password failure handling.
status = MembershipCreateStatus.InvalidPassword;
return(null);
}
var account = AccountRepository.Create(providerUserKey, ApplicationName, username, email);
var passwordInfo = new AccountPasswordInfo(username, password);
account.Password = PasswordStrategy.Encrypt(passwordInfo);
account.PasswordSalt = passwordInfo.PasswordSalt;
account.PasswordAnswer = passwordAnswer;
account.PasswordQuestion = passwordQuestion;
status = AccountRepository.Register(account);
if (status == MembershipCreateStatus.Success)
{
return(CloneUser(account));
}
return(null);
}
/// <summary>
/// Resets a user's password to a new, automatically generated password.
/// </summary>
/// <returns>
/// The new password for the specified user.
/// </returns>
/// <param name="username">The user to reset the password for. </param><param name="answer">The password answer for the specified user. </param>
public override string ResetPassword(string username, string answer)
{
if (!PasswordPolicy.IsPasswordResetEnabled)
throw new NotSupportedException("Password reset is not supported.");
var user = AccountRepository.Get(username);
if (PasswordPolicy.IsPasswordQuestionRequired && answer == null)
throw new MembershipPasswordException("Password answer is empty and question/answer is required.");
if (PasswordPolicy.IsPasswordQuestionRequired &&
!user.PasswordAnswer.Equals(answer, StringComparison.OrdinalIgnoreCase))
return null;
var newPassword = PasswordStrategy.GeneratePassword(PasswordPolicy);
ValidatePassword(username, newPassword);
var info = new AccountPasswordInfo(username, newPassword);
user.Password = PasswordStrategy.Encrypt(info);
user.PasswordSalt = info.PasswordSalt;
AccountRepository.Update(user);
return newPassword;
}
/// <summary>
/// Processes a request to update the password question and answer for a membership user.
/// </summary>
/// <returns>
/// true if the password question and answer are updated successfully; otherwise, false.
/// </returns>
/// <param name="username">The user to change the password question and answer for. </param><param name="password">The password for the specified user. </param><param name="newPasswordQuestion">The new password question for the specified user. </param><param name="newPasswordAnswer">The new password answer for the specified user. </param>
public override bool ChangePasswordQuestionAndAnswer(string username, string password,
string newPasswordQuestion, string newPasswordAnswer)
{
var account = AccountRepository.Get(username);
if (account == null)
return false;
var info = new AccountPasswordInfo(username, account.Password)
{
PasswordSalt = account.PasswordSalt
};
if (PasswordStrategy.Compare(info, password))
return false;
account.PasswordQuestion = newPasswordAnswer;
account.PasswordAnswer = newPasswordAnswer;
AccountRepository.Update(account);
return true;
}
/// <summary>
/// Adds a new membership user to the data source.
/// </summary>
/// <returns>
/// A <see cref="T:System.Web.Security.MembershipUser"/> object populated with the information for the newly created user.
/// </returns>
/// <param name="username">The user name for the new user. </param><param name="password">The password for the new user. </param><param name="email">The e-mail address for the new user.</param><param name="passwordQuestion">The password question for the new user.</param><param name="passwordAnswer">The password answer for the new user</param><param name="isApproved">Whether or not the new user is approved to be validated.</param><param name="providerUserKey">The unique identifier from the membership data source for the user.</param><param name="status">A <see cref="T:System.Web.Security.MembershipCreateStatus"/> enumeration value indicating whether the user was created successfully.</param>
public override MembershipUser CreateUser(string username, string password, string email,
string passwordQuestion, string passwordAnswer, bool isApproved,
object providerUserKey, out MembershipCreateStatus status)
{
if (AccountRepository.IsUniqueEmailRequired && AccountRepository.GetUserNameByEmail(email) != null)
{
status = MembershipCreateStatus.DuplicateEmail;
return null;
}
if (AccountRepository.Get(username) != null)
{
status = MembershipCreateStatus.DuplicateUserName;
return null;
}
try
{
ValidatePassword(username, password);
}
catch
{
// not the smoothest approach, but the best
// considering the inconsistent password failure handling.
status = MembershipCreateStatus.InvalidPassword;
return null;
}
var account = AccountRepository.Create(providerUserKey, ApplicationName, username, email);
var passwordInfo = new AccountPasswordInfo(username, password);
account.Password = PasswordStrategy.Encrypt(passwordInfo);
account.PasswordSalt = passwordInfo.PasswordSalt;
account.PasswordAnswer = passwordAnswer;
account.PasswordQuestion = passwordQuestion;
status = AccountRepository.Register(account);
if (status == MembershipCreateStatus.Success)
return CloneUser(account);
return null;
}
/// <summary>
/// Adds a new membership user to the data source.
/// </summary>
/// <returns>
/// A <see cref="T:System.Web.Security.MembershipUser"/> object populated with the information for the newly created user.
/// </returns>
/// <param name="username">The user name for the new user. </param><param name="password">The password for the new user. </param><param name="email">The e-mail address for the new user.</param><param name="passwordQuestion">The password question for the new user.</param><param name="passwordAnswer">The password answer for the new user</param><param name="isApproved">Whether or not the new user is approved to be validated.</param><param name="providerUserKey">The unique identifier from the membership data source for the user.</param><param name="status">A <see cref="T:System.Web.Security.MembershipCreateStatus"/> enumeration value indicating whether the user was created successfully.</param>
public override MembershipUser CreateUser(string username, string password, string email,
string passwordQuestion, string passwordAnswer, bool isApproved,
object providerUserKey, out MembershipCreateStatus status)
{
if (AccountRepository.IsUniqueEmailRequired && AccountRepository.GetUserNameByEmail(email) != null)
{
status = MembershipCreateStatus.DuplicateEmail;
return null;
}
if (AccountRepository.Get(username) != null)
{
status = MembershipCreateStatus.DuplicateUserName;
return null;
}
ValidatePassword(username, password);
var account = AccountRepository.Create(providerUserKey, ApplicationName, username, email);
var passwordInfo = new AccountPasswordInfo(username, password);
account.Password = PasswordStrategy.Encrypt(passwordInfo);
account.PasswordSalt = passwordInfo.PasswordSalt;
status = AccountRepository.Register(account);
if (status == MembershipCreateStatus.Success)
return CloneUser(account);
return null;
}
