public void PasswordAttemptFailedTest() { User user = ClientMembershipService.GetUser("timm"); string passwordSalt = "1U3h6r/tQ+dGWhLm9Unyng=="; PasswordFormat passwordFormat = PasswordFormat.Hashed; int failedPasswordAttemptCount = 0; DateTime failedPasswordAttemptWindowStart = DateTime.MinValue; int failedPasswordAnswerAttemptCount = 0; DateTime failedPasswordAnswerAttemptWindowStart = DateTime.MinValue; ClientMembershipUser target = new ClientMembershipUser(user, passwordSalt, passwordFormat, failedPasswordAttemptCount, failedPasswordAttemptWindowStart, failedPasswordAnswerAttemptCount, failedPasswordAnswerAttemptWindowStart); target.PasswordAttemptSucceeded(); target.PasswordAttemptFailed(); Assert.AreNotEqual(DateTime.MinValue, target.FailedPasswordAttemptWindowStart); Assert.AreEqual(1, target.FailedPasswordAttemptCount); Assert.AreEqual(false, target.IsLockedOut); target.PasswordAttemptFailed(); target.PasswordAttemptFailed(); target.PasswordAttemptFailed(); target.PasswordAttemptFailed(); Assert.AreEqual(true, target.IsLockedOut); Assert.AreNotEqual(DateTime.MinValue, target.LastLockoutDate); }
public virtual string GetPassword(string username) { User.CheckPasswordRetrieval(); ClientMembershipUser user = this.GetClientMembershipUser(username); return(this.GetPasswordFromPersistence(user)); }
public virtual void UpdateUser(User user) { ClientMembershipUser clientMembershipUser = this.GetUser(user); this.unitOfWork.RegisterChanged(clientMembershipUser, this); this.unitOfWork.Commit(); }
protected virtual void ChangePassword(ClientMembershipUser user, string oldPassword, string newPassword) { SecurityHelper.CheckParameter(oldPassword, true, true, false, this.Application.MaxPasswordSize, "oldPassword"); SecurityHelper.CheckParameter(newPassword, true, true, false, this.Application.MaxPasswordSize, "newPassword"); // Validate the user before making any changes this.ValidateUserWithPassword(user, oldPassword, true); // Make sure the new password is ok User.ValidatePassword(newPassword); // encode the new password string encodedPassword = this.EncodePassword(newPassword, user.PasswordFormat, user.PasswordSalt); if (encodedPassword.Length > this.Application.MaxPasswordSize) { throw new ArgumentException("Membership password too long", "newPassword"); } // Save the new password this.PersistChangedPassword(user, encodedPassword); }
protected virtual string ResetPassword(ClientMembershipUser user, string passwordAnswer) { // Are password resets allowed? User.CheckPasswordReset(passwordAnswer); // Validate the user's password answer this.ValidateUserWithPasswordAnswer(user, passwordAnswer, true); int maxPasswordSize = (this.Application.MinRequiredPasswordLength < Constants.PasswordSize) ? Constants.PasswordSize : this.Application.MinRequiredPasswordLength; // Create the new password string newPassword = System.Web.Security.Membership.GeneratePassword( maxPasswordSize, this.Application.MinRequiredNonAlphanumericCharacters); // Encode the password string newEncodedPassword = this.EncodePassword(newPassword, user.PasswordFormat, user.PasswordSalt); // Save the user's new password this.PersistResetPassword(user, newEncodedPassword); // return the new password (not the encoded one!) return(newPassword); }
protected override string GetPasswordFromPersistence(ClientMembershipUser user) { string sql = string.Format("SELECT Password FROM [User] WHERE UserId = '{0}'", user.UserKey.ToString()); return(this.database.ExecuteScalar( this.database.GetSqlStringCommand(sql)).ToString()); }
protected override void PersistResetPassword(ClientMembershipUser user, string newEncodedPassword) { string sql = string.Format("UPDATE [User] SET Password = '******' WHERE UserId = '{1}'", newEncodedPassword, user.UserKey.ToString()); this.database.ExecuteNonQuery( this.database.GetSqlStringCommand(sql)); }
public virtual bool ChangePassword(string username, string oldPassword, string newPassword) { ClientMembershipUser user = this.GetClientMembershipUser(username); this.ChangePassword(user, oldPassword, newPassword); return(true); }
protected override void PersistChangedPasswordQuestionAndAnswer(ClientMembershipUser user, string password, string newPasswordAnswer) { string sql = string.Format("UPDATE [User] SET PasswordQuestion = '{0}', PasswordAnswer = '{1}' WHERE UserId = '{2}'", user.PasswordQuestion, newPasswordAnswer, user.UserKey.ToString()); this.database.ExecuteNonQuery( this.database.GetSqlStringCommand(sql)); }
public virtual bool ChangePasswordQuestionAndAnswer(string username, string password, string newPasswordQuestion, string newPasswordAnswer) { ClientMembershipUser user = this.GetClientMembershipUser(username); this.ChangePasswordQuestionAndAnswer(user, password, newPasswordQuestion, newPasswordAnswer); return(true); }
protected virtual string GetPassword(ClientMembershipUser user, string passwordAnswer) { // Make sure password retrievals are allowed User.CheckPasswordRetrieval(); // Validate the user's password answer this.ValidateUserWithPasswordAnswer(user, passwordAnswer, true); // Get the user's password from persistence return(this.GetPasswordFromPersistence(user)); }
protected override void PersistUser(ClientMembershipUser user) { StringBuilder builder = new StringBuilder(100); builder.Append("UPDATE [User] SET "); builder.Append(string.Format("{0}={1}", UserFactory.FieldNames.Email, DataHelper.GetSqlValue(user.Email))); builder.Append(string.Format(",{0}={1}", UserFactory.FieldNames.IsLockedOut, DataHelper.GetSqlValue(user.IsLockedOut))); builder.Append(string.Format(",{0}={1}", UserFactory.FieldNames.LastActivityDate, DataHelper.GetSqlValue(user.LastActivityDate))); builder.Append(string.Format(",{0}={1}", UserFactory.FieldNames.LastLockoutDate, DataHelper.GetSqlValue(user.LastLockoutDate))); builder.Append(string.Format(",{0}={1}", UserFactory.FieldNames.LastLoginDate, DataHelper.GetSqlValue(user.LastLoginDate))); builder.Append(string.Format(",{0}={1}", UserFactory.FieldNames.LastPasswordChangedDate, DataHelper.GetSqlValue(user.LastPasswordChangedDate))); builder.Append(string.Format(",{0}={1}", UserFactory.FieldNames.PasswordQuestion, DataHelper.GetSqlValue(user.PasswordQuestion))); builder.Append(string.Format(",{0}={1}", UserFactory.FieldNames.UserName, DataHelper.GetSqlValue(user.UserName))); builder.Append(string.Format(",{0}={1}", ClientMembershipUserFactory.FieldNames.PasswordSalt, DataHelper.GetSqlValue(user.PasswordSalt))); builder.Append(string.Format(",{0}={1}", ClientMembershipUserFactory.FieldNames.PasswordFormat, DataHelper.GetSqlValue((int)user.PasswordFormat))); builder.Append(" "); builder.Append(string.Format("WHERE UserId = '{0}'", user.UserKey.ToString())); this.database.ExecuteNonQuery( this.database.GetSqlStringCommand(builder.ToString())); }
private string GetEncodedPasswordAnswer(ClientMembershipUser user, string passwordAnswer) { if (passwordAnswer != null) { passwordAnswer = passwordAnswer.Trim(); } if (string.IsNullOrEmpty(passwordAnswer)) { return(passwordAnswer); } return(this.EncodePassword(passwordAnswer.ToLower(CultureInfo.InvariantCulture), user.PasswordFormat, user.PasswordSalt)); }
protected virtual string ResetPassword(ClientMembershipUser user) { User.CheckPasswordReset(null); string newPassword = System.Web.Security.Membership.GeneratePassword( (this.Application.MinRequiredPasswordLength < Constants.PasswordSize) ? Constants.PasswordSize : this.Application.MinRequiredPasswordLength, this.Application.MinRequiredNonAlphanumericCharacters); string newEncodedPassword = this.EncodePassword(newPassword, user.PasswordFormat, user.PasswordSalt); this.PersistResetPassword(user, newEncodedPassword); return(newPassword); }
protected virtual void ChangePasswordQuestionAndAnswer( ClientMembershipUser user, string password, string newPasswordQuestion, string newPasswordAnswer) { SecurityHelper.CheckParameter(newPasswordQuestion, this.Application.RequiresQuestionAndAnswer, this.Application.RequiresQuestionAndAnswer, false, this.Application.MaxPasswordQuestionSize, "newPasswordQuestion"); if (newPasswordAnswer != null) { newPasswordAnswer = newPasswordAnswer.Trim(); } SecurityHelper.CheckParameter(newPasswordAnswer, this.Application.RequiresQuestionAndAnswer, this.Application.RequiresQuestionAndAnswer, false, this.Application.MaxPasswordAnswerSize, "newPasswordAnswer"); // Validate the user before making any changes this.ValidateUserWithPassword(user, password, true); string encodedPasswordAnswer; if (!string.IsNullOrEmpty(newPasswordAnswer)) { encodedPasswordAnswer = this.EncodePassword( newPasswordAnswer.ToLower(CultureInfo.InvariantCulture), user.PasswordFormat, user.PasswordSalt); } else { encodedPasswordAnswer = newPasswordAnswer; } SecurityHelper.CheckParameter(encodedPasswordAnswer, this.Application.RequiresQuestionAndAnswer, this.Application.RequiresQuestionAndAnswer, false, this.Application.MaxPasswordAnswerSize, "newPasswordAnswer"); this.PersistChangedPasswordQuestionAndAnswer(user, password, encodedPasswordAnswer); }
protected override ClientMembershipUser GetUser(User user) { ClientMembershipUser membershipUser = null; string sql = string.Format( "SELECT * FROM [User] WHERE UserId = '{0}'", user.UserKey.ToString()); using (DbCommand command = this.database.GetSqlStringCommand(sql)) { using (IDataReader reader = this.database.ExecuteReader(command)) { if (reader.Read()) { membershipUser = ClientMembershipUserFactory.BuildClientMembershipUser( user, reader); } } } return(membershipUser); }
public virtual bool ValidateUser(string username, string password) { bool validationResult = false; // First validate the method parameters if (SecurityHelper.ValidateParameter(username, true, true, true, this.Application.MaxUsernameSize) && SecurityHelper.ValidateParameter(password, true, true, false, this.Application.MaxPasswordSize)) { // Now get the User instance ClientMembershipUser user = this.GetClientMembershipUser(username); // Validate the user's password this.ValidateUserWithPassword(user, password, false); validationResult = true; } // return the result return(validationResult); }
private void ValidateUserWithPasswordAnswer(ClientMembershipUser user, string passwordAnswer, bool throwIfFails) { if (passwordAnswer != null) { passwordAnswer = passwordAnswer.Trim(); } SecurityHelper.CheckParameter(passwordAnswer, this.Application.RequiresQuestionAndAnswer, this.Application.RequiresQuestionAndAnswer, false, this.Application.MaxPasswordAnswerSize, "passwordAnswer"); string passwordAnswerFromPersistence = this.GetPasswordAnswerFromPersistence(user); try { if (!this.CheckPasswordAnswer(passwordAnswer, passwordAnswerFromPersistence, user.PasswordFormat, user.PasswordSalt)) { user.PasswordAnswerAttemptFailed(); if (throwIfFails) { throw new SecurityException ("The password answer supplied was not correct"); } } else { user.PasswordAnswerAttemptSucceeded(); } } finally { this.PersistUser(user); } }
public void PersistUpdatedItem(IEntity item) { ClientMembershipUser user = (ClientMembershipUser)item; this.PersistUser(user); }
public virtual string ResetPassword(string username, string answer) { ClientMembershipUser user = this.GetClientMembershipUser(username); return(this.ResetPassword(user, answer)); }
protected abstract void PersistUser(ClientMembershipUser user);
protected abstract void PersistResetPassword(ClientMembershipUser user, string newEncodedPassword);
protected abstract string GetPasswordAnswerFromPersistence( ClientMembershipUser user);
protected abstract void PersistChangedPasswordQuestionAndAnswer( ClientMembershipUser user, string password, string newPasswordAnswer);
protected abstract void PersistChangedPassword(ClientMembershipUser user, string newPassword);