protected void btnLockUser_Click(object sender, EventArgs e)
{
if (this.userID > -1)
{
SiteUser user = new SiteUser(siteSettings, this.userID);
user.LockoutAccount();
}
WebUtils.SetupRedirect(this, Request.RawUrl);
return;
}
public override string GetPassword(string userName, string passwordAnswer)
{
/*
* Takes, as input, a user name and a password answer and returns that user's password.
* If the user name is not valid, GetPassword throws a ProviderException. Before retrieving
* a password, GetPassword verifies that EnablePasswordRetrieval is true.
* If EnablePasswordRetrieval is false, GetPassword throws a NotSupportedException.
* If EnablePasswordRetrieval is true but the password format is hashed, GetPassword
* throws a ProviderException since hashed passwords cannot, by definition, be retrieved.
* A membership provider should also throw a ProviderException from Initialize if
* EnablePasswordRetrieval is true but the password format is hashed. GetPassword also
* checks the value of the RequiresQuestionAndAnswer property before retrieving a password.
* If RequiresQuestionAndAnswer is true, GetPassword compares the supplied password
* answer to the stored password answer and throws a MembershipPasswordException if
* the two don't match. GetPassword also throws a MembershipPasswordException if the
* user whose password is being retrieved is currently locked out.
*/
SiteSettings siteSettings = GetSiteSettings();
if (!siteSettings.AllowPasswordRetrieval)
{
throw new MojoMembershipException(
ResourceHelper.GetMessageTemplate("PasswordRetrievalNotEnabledMessage.config")
);
}
if ((userName != null) && (siteSettings != null))
{
SiteUser siteUser = new SiteUser(siteSettings, userName);
if (siteUser.UserId > -1)
{
if (siteUser.IsLockedOut)
{
throw new MembershipPasswordException(
ResourceHelper.GetMessageTemplate("UserAccountLockedMessage.config"));
}
if (siteUser.IsDeleted)
{
throw new MembershipPasswordException(
ResourceHelper.GetMessageTemplate("UserNotFoundMessage.config"));
}
bool okToGetPassword = false;
if (siteSettings.RequiresQuestionAndAnswer)
{
if ((passwordAnswer != null) && (PasswordAnswerIsMatch(passwordAnswer, siteUser.PasswordAnswer)))
{
okToGetPassword = true;
}
else
{
if (siteSettings.MaxInvalidPasswordAttempts > 0)
{
siteUser.IncrementPasswordAnswerAttempts(siteSettings);
if (WebConfigSettings.LockAccountOnMaxPasswordAnswerTries)
{
if (siteUser.FailedPasswordAnswerAttemptCount >= siteSettings.MaxInvalidPasswordAttempts)
{
siteUser.LockoutAccount();
}
}
}
}
}
else
{
okToGetPassword = true;
}
if(okToGetPassword)
{
if (siteSettings.RequirePasswordChangeOnResetRecover)
{
siteUser.MustChangePwd = true;
siteUser.Save();
}
switch(PasswordFormat)
{
case MembershipPasswordFormat.Clear:
return siteUser.Password;
case MembershipPasswordFormat.Encrypted:
try
{
if (siteUser.PasswordSalt.Length > 0)
{
return UnencodePassword(siteUser.Password, MembershipPasswordFormat.Encrypted).Replace(siteUser.PasswordSalt, string.Empty);
}
else
{
return UnencodePassword(siteUser.Password, MembershipPasswordFormat.Encrypted);
}
}
catch (FormatException ex)
{
log.Error(ex);
throw new MembershipPasswordException("failure retrieving password");
}
case MembershipPasswordFormat.Hashed:
string newPassword = SiteUser.CreateRandomPassword(siteSettings.MinRequiredPasswordLength + 2, WebConfigSettings.PasswordGeneratorChars);
siteUser.PasswordSalt = SiteUser.CreateRandomPassword(128, WebConfigSettings.PasswordGeneratorChars);
siteUser.Password = EncodePassword(siteUser.PasswordSalt + newPassword, MembershipPasswordFormat.Hashed);
siteUser.PasswordFormat = siteSettings.PasswordFormat;
//after the new random password is emailed to the user we can force him to change it again immediately after he logs in
siteUser.MustChangePwd = siteSettings.RequirePasswordChangeOnResetRecover;
// needed if we are sending a link for automatic login and force to change password instead of sending the random one by email
// will be cleared to Guid.Empty when password is changed
siteUser.PasswordResetGuid = Guid.NewGuid();
siteUser.Save();
//siteUser.UnlockAccount();
return newPassword;
}
}
else
{
return null;
}
}
else
{
throw new ProviderException(ResourceHelper.GetMessageTemplate("UserNotFoundMessage.config"));
}
}
return null;
}