public bool ValidateUser(string username, string password) { username = Sanitizer.GetSafeHtmlFragment(username); password = Sanitizer.GetSafeHtmlFragment(password); LastLoginStatus = LoginAttemptStatus.LoginSuccessful; var account = GetAccountByUserName(username); if (account == null) { LastLoginStatus = LoginAttemptStatus.UserNotFound; return(false); } var passwordMatches = password == account.Password; if (!passwordMatches) { LastLoginStatus = LoginAttemptStatus.PasswordIncorrect; return(false); } return(LastLoginStatus == LoginAttemptStatus.LoginSuccessful); }
public bool ValidateUser(string email, string password) { email = Sanitizer.GetSafeHtmlFragment(email); password = Sanitizer.GetSafeHtmlFragment(password); LastLoginStatus = LoginAttemptStatus.LoginSuccessful; var user = GetEmail(email); if (user == null) { LastLoginStatus = LoginAttemptStatus.UserNotFound; return(false); } var passwordMatches = Hash.Instance.ComputeSha256Hash(password) == user.Password; if (!passwordMatches) { LastLoginStatus = LoginAttemptStatus.PasswordIncorrect; return(false); } return(LastLoginStatus == LoginAttemptStatus.LoginSuccessful); }
public bool ChangePassword(string userName, string password, string newpassword) { userName = StringUtils.SafePlainText(userName); password = StringUtils.SafePlainText(password); newpassword = StringUtils.SafePlainText(newpassword); LastLoginStatus = LoginAttemptStatus.LoginSuccessful; var user = GetUser(userName); if (user == null) { LastLoginStatus = LoginAttemptStatus.UserNotFound; return(false); } var salt = user.PasswordSalt; var hash = StringUtils.GenerateSaltedHash(password, salt); var passwordMatches = hash == user.Password; if (!passwordMatches) { LastLoginStatus = LoginAttemptStatus.PasswordIncorrect; return(false); } var newhash = StringUtils.GenerateSaltedHash(newpassword, salt); user.Password = newhash; user.LastPasswordChangedDate = DateTime.UtcNow; Update(user); return(LastLoginStatus == LoginAttemptStatus.LoginSuccessful); }
/// <summary> /// Validate a user by password /// </summary> /// <param name="userName"></param> /// <param name="password"></param> /// <param name="maxInvalidPasswordAttempts"> </param> /// <returns></returns> public bool ValidateUser(string userName, string password, int maxInvalidPasswordAttempts) { userName = StringUtils.SafePlainText(userName); password = StringUtils.SafePlainText(password); _lastLoginStatus = LoginAttemptStatus.LoginSuccessful; var user = _membershipRepository.GetUser(userName); if (user == null) { _lastLoginStatus = LoginAttemptStatus.UserNotFound; return(false); } if (user.IsLockedOut) { _lastLoginStatus = LoginAttemptStatus.UserLockedOut; return(false); } if (!user.IsApproved) { _lastLoginStatus = LoginAttemptStatus.UserNotApproved; return(false); } var allowedPasswordAttempts = maxInvalidPasswordAttempts; if (user.FailedPasswordAttemptCount >= allowedPasswordAttempts) { _lastLoginStatus = LoginAttemptStatus.PasswordAttemptsExceeded; return(false); } var salt = user.PasswordSalt; var hash = GenerateSaltedHash(password, salt); var passwordMatches = hash == user.Password; user.FailedPasswordAttemptCount = passwordMatches ? 0 : user.FailedPasswordAttemptCount + 1; if (user.FailedPasswordAttemptCount >= allowedPasswordAttempts) { user.IsLockedOut = true; user.LastLockoutDate = DateTime.UtcNow; } if (!passwordMatches) { _lastLoginStatus = LoginAttemptStatus.PasswordIncorrect; return(false); } return(_lastLoginStatus == LoginAttemptStatus.LoginSuccessful); }
public static LoginEventType ToEventType(this LoginAttemptStatus status) { switch (status) { case LoginAttemptStatus.Success: return(LoginEventType.Login); case LoginAttemptStatus.PendingMultifactor: return(LoginEventType.LoginPendingMultiFactor); default: return(LoginEventType.LoginFailed); } }
public bool ValidateUser(string userName, string password) { LastLoginStatus = LoginAttemptStatus.LoginSuccessful; var user = GetUser(userName); if (user == null) { LastLoginStatus = LoginAttemptStatus.UserNotFound; return(false); } var hash = GenerateHash.Instance.ComputeSha256Hash(password); var passwordMatches = hash == user.password; if (!passwordMatches) { LastLoginStatus = LoginAttemptStatus.PasswordIncorrect; return(false); } return(LastLoginStatus == LoginAttemptStatus.LoginSuccessful); }
/// <summary> /// Validate a user by password /// </summary> /// <param name="userName"></param> /// <param name="password"></param> /// <param name="maxInvalidPasswordAttempts"> </param> /// <returns></returns> public bool ValidateUser(string userName, string password, int maxInvalidPasswordAttempts) { userName = StringUtils.SafePlainText(userName); password = StringUtils.SafePlainText(password); LastLoginStatus = LoginAttemptStatus.LoginSuccessful; var user = GetUser(userName); if (user == null) { LastLoginStatus = LoginAttemptStatus.UserNotFound; return false; } if (user.IsBanned) { LastLoginStatus = LoginAttemptStatus.Banned; return false; } if (user.IsLockedOut) { LastLoginStatus = LoginAttemptStatus.UserLockedOut; return false; } if (!user.IsApproved) { LastLoginStatus = LoginAttemptStatus.UserNotApproved; return false; } var allowedPasswordAttempts = maxInvalidPasswordAttempts; if (user.FailedPasswordAttemptCount >= allowedPasswordAttempts) { LastLoginStatus = LoginAttemptStatus.PasswordAttemptsExceeded; return false; } var salt = user.PasswordSalt; var hash = StringUtils.GenerateSaltedHash(password, salt); var passwordMatches = hash == user.Password; user.FailedPasswordAttemptCount = passwordMatches ? 0 : user.FailedPasswordAttemptCount + 1; if (user.FailedPasswordAttemptCount >= allowedPasswordAttempts) { user.IsLockedOut = true; user.LastLockoutDate = DateTime.UtcNow; } if (!passwordMatches) { LastLoginStatus = LoginAttemptStatus.PasswordIncorrect; return false; } return LastLoginStatus == LoginAttemptStatus.LoginSuccessful; }
/// <summary> /// Validate a user by password /// </summary> /// <param name="userName"></param> /// <param name="password"></param> /// <param name="maxInvalidPasswordAttempts"> </param> /// <returns></returns> public MembershipUser ValidateUser(string userName, string password, int maxInvalidPasswordAttempts) { userName = StringUtils.SafePlainText(userName); password = StringUtils.SafePlainText(password); LastLoginStatus = LoginAttemptStatus.LoginSuccessful; var user = GetUser(userName); if (user == null) { LastLoginStatus = LoginAttemptStatus.UserNotFound; } if (user.IsBanned) { LastLoginStatus = LoginAttemptStatus.Banned; } if (user.IsLockedOut) { LastLoginStatus = LoginAttemptStatus.UserLockedOut; } if (!user.IsApproved) { LastLoginStatus = LoginAttemptStatus.UserNotApproved; } var allowedPasswordAttempts = maxInvalidPasswordAttempts; if (user.FailedPasswordAttemptCount >= allowedPasswordAttempts) { LastLoginStatus = LoginAttemptStatus.PasswordAttemptsExceeded; } if (LastLoginStatus == LoginAttemptStatus.LoginSuccessful) { var salt = user.PasswordSalt; var hash = StringUtils.GenerateSaltedHash(password, salt); var passwordMatches = hash == user.Password; user.FailedPasswordAttemptCount = passwordMatches ? 0 : user.FailedPasswordAttemptCount + 1; if (user.FailedPasswordAttemptCount >= allowedPasswordAttempts) { user.IsLockedOut = true; user.LastLockoutDate = DateTime.UtcNow; } if (!passwordMatches) { LastLoginStatus = LoginAttemptStatus.PasswordIncorrect; } else { user.LastLoginDate = DateTime.UtcNow; } var Cmd = _context.CreateCommand(); Cmd.CommandText = "UPDATE [MembershipUser] SET FailedPasswordAttemptCount = @FailedPasswordAttemptCount,IsLockedOut = @IsLockedOut,LastLockoutDate = @LastLockoutDate,LastLoginDate = @LastLoginDate WHERE [Id] = @Id"; Cmd.Parameters.Add("Id", SqlDbType.UniqueIdentifier).Value = user.Id; Cmd.Parameters.Add("FailedPasswordAttemptCount", SqlDbType.Int).Value = user.FailedPasswordAttemptCount; Cmd.Parameters.Add("IsLockedOut", SqlDbType.Bit).Value = user.IsLockedOut; Cmd.Parameters.Add("LastLockoutDate", SqlDbType.DateTime).Value = user.LastLockoutDate; Cmd.Parameters.Add("LastLoginDate", SqlDbType.DateTime).Value = user.LastLoginDate; Cmd.command.ExecuteNonQuery(); Cmd.cacheStartsWithToClear(CacheKeys.Member.StartsWith); Cmd.Close(); } if (LastLoginStatus != LoginAttemptStatus.LoginSuccessful) { return(null); } return(user); }
/// <summary> /// Validate a user by password /// </summary> /// <param name="userName"></param> /// <param name="password"></param> /// <param name="maxInvalidPasswordAttempts"> </param> /// <returns></returns> public bool ValidateUser(string userName, string password, int maxInvalidPasswordAttempts) { userName = Sanitizer.GetSafeHtmlFragment(userName); password = Sanitizer.GetSafeHtmlFragment(password); LastLoginStatus = LoginAttemptStatus.LoginSuccessful; var user = GetUser(userName); if (user == null) { LastLoginStatus = LoginAttemptStatus.UserNotFound; return(false); } if (user.IsBanned) { LastLoginStatus = LoginAttemptStatus.Banned; return(false); } if (user.IsLockedOut) { LastLoginStatus = LoginAttemptStatus.UserLockedOut; return(false); } if (!user.IsApproved) { LastLoginStatus = LoginAttemptStatus.UserNotApproved; return(false); } var allowedPasswordAttempts = maxInvalidPasswordAttempts; if (user.FailedPasswordAttemptCount >= allowedPasswordAttempts) { LastLoginStatus = LoginAttemptStatus.PasswordAttemptsExceeded; return(false); } var salt = user.PasswordSalt; var hash = StringUtils.GenerateSaltedHash(password, salt); var passwordMatches = hash == user.Password; user.FailedPasswordAttemptCount = passwordMatches ? 0 : user.FailedPasswordAttemptCount + 1; if (user.FailedPasswordAttemptCount >= allowedPasswordAttempts) { user.IsLockedOut = true; user.LastLockoutDate = DateTime.Now; } if (!passwordMatches) { LastLoginStatus = LoginAttemptStatus.PasswordIncorrect; return(false); } return(LastLoginStatus == LoginAttemptStatus.LoginSuccessful); }
public bool ValidateUser(string email, string password, int maxInvalidPasswordAttempts) { email = StringUtils.SafePlainText(email); password = StringUtils.SafePlainText(password); LastLoginStatus = LoginAttemptStatus.LoginSuccessful; var user = GetUserByEmail(email); if (user == null) { LastLoginStatus = LoginAttemptStatus.EmailNotFound; return(false); } if (user.Active == false) { LastLoginStatus = LoginAttemptStatus.AccountNotActive; return(false); } //if (user.IsBanned) //{ // LastLoginStatus = LoginAttemptStatus.Banned; // return false; //} //if (user.IsLockedOut) //{ // LastLoginStatus = LoginAttemptStatus.UserLockedOut; // return false; //} //if (!user.IsApproved) //{ // LastLoginStatus = LoginAttemptStatus.UserNotApproved; // return false; //} //var allowedPasswordAttempts = maxInvalidPasswordAttempts; //if (user.FailedPasswordAttemptCount >= allowedPasswordAttempts) //{ // LastLoginStatus = LoginAttemptStatus.PasswordAttemptsExceeded; // return false; //} var salt = user.PasswordSalt; var hash = StringUtils.GenerateSaltedHash(password, salt); var passwordMatches = hash == user.Password; //user.FailedPasswordAttemptCount = passwordMatches ? 0 : user.FailedPasswordAttemptCount + 1; //if (user.FailedPasswordAttemptCount >= allowedPasswordAttempts) //{ // user.IsLockedOut = true; // user.LastLockoutDate = DateTime.UtcNow; //} if (!passwordMatches) { LastLoginStatus = LoginAttemptStatus.PasswordIncorrect; return(false); } return(LastLoginStatus == LoginAttemptStatus.LoginSuccessful); }
public LoginAttemptStatus ValidateUser(string userName, string password, int maxInvalidPasswordAttempts) { userName = StringUtils.SafePlainText(userName); password = StringUtils.SafePlainText(password); this._lastLoginStatus = LoginAttemptStatus.LoginSuccessful; var user = this._userRepository.GetUser(userName); if (user == null) { this._lastLoginStatus = LoginAttemptStatus.UserNotFound; return this._lastLoginStatus; } if (user.Password == GeneratePasswordHash(password)) { this._lastLoginStatus = LoginAttemptStatus.LoginSuccessful; } else { this._lastLoginStatus = LoginAttemptStatus.PasswordIncorrect; } if (!user.ActivationKey.IsNullEmpty()) { this._lastLoginStatus = LoginAttemptStatus.UserNotApproved; } return this._lastLoginStatus; }