/// <summary>
/// Processes a request to update the password question and answer for a membership user.
/// </summary>
/// <returns>
/// true if the password question and answer are updated successfully; otherwise, false.
/// </returns>
/// <param name="username">The user to change the password question and answer for. </param><param name="password">The password for the specified user. </param><param name="newPasswordQuestion">The new password question for the specified user. </param><param name="newPasswordAnswer">The new password answer for the specified user. </param>
public override bool ChangePasswordQuestionAndAnswer(string username, string password,
string newPasswordQuestion, string newPasswordAnswer)
{
var account = AccountRepository.Get(username);
if (account == null)
{
return(false);
}
var info = new AccountPasswordInfo(username, account.Password)
{
PasswordSalt = account.PasswordSalt
};
if (PasswordStrategy.Compare(info, password))
{
return(false);
}
account.PasswordQuestion = newPasswordAnswer;
account.PasswordAnswer = newPasswordAnswer;
AccountRepository.Update(account);
return(true);
}
///// <summary>
///// Updates information about a user in the data source.
///// </summary>
///// <param name="user">A <see cref="T:System.Web.Security.IUser"/> object that represents the user to update and the updated information for the user. </param>
//public void UpdateUser(IUser user)
//{
// var account = UserQueries.Get(user.UserName);
// Merge(user, account);
// AccountRepository.Update(account);
//}
//private void Merge(IUser user, IUser account)
//{
// account.Comment = user.Comment;
// account.IsApproved = user.IsApproved;
// account.Email = user.Email;
// account.PasswordQuestion = user.PasswordQuestion;
// account.IsLockedOut = user.IsLockedOut;
// //account.IsOnline = user.IsOnline;
// account.LastActivityAt = user.LastActivityDate;
// account.LastLockedOutAt = user.LastLockoutDate;
// account.LastPasswordChangeAt = user.LastPasswordChangedDate;
// account.ProviderUserKey = user.ProviderUserKey;
// account.Name = user.UserName;
//}
/// <summary>
/// Verifies that the specified user name and password exist in the data source.
/// </summary>
/// <returns>
/// true if the specified username and password are valid; otherwise, false.
/// </returns>
/// <param name="username">The name of the user to validate. </param><param name="password">The password for the specified user. </param>
public bool ValidateUser(string username, string password)
{
if (String.IsNullOrEmpty(username))
{
throw new ArgumentException("Value cannot be null or empty.", "username");
}
if (String.IsNullOrEmpty(password))
{
throw new ArgumentException("Value cannot be null or empty.", "password");
}
var user = UserQueries.Get(username);
if (user == null || user.IsLockedOut)
{
return(false);
}
var passwordInfo = user.CreatePasswordInfo();
var validated = PasswordStrategy.Compare(passwordInfo, password);
var now = _dateTimeManager.Now();
if (validated)
{
user.LastLoginAt = now;
user.FailedPasswordWindowStartedAt = null;
user.FailedPasswordWindowAttemptCount = 0;
UserCommands.Update(user);
return(true);
}
user.FailedPasswordWindowAttemptCount += 1;
if (!user.FailedPasswordWindowStartedAt.HasValue)
{
user.FailedPasswordAnswerWindowStartedAt = now;
}
else if (now.Subtract(user.FailedPasswordAnswerWindowStartedAt.Value).TotalMinutes >
PasswordPolicy.PasswordAttemptWindow)
{
user.IsLockedOut = true;
user.LastLockedOutAt = now;
UserCommands.Update(user);
}
return(false);
}
/// <summary>
/// Processes a request to update the password for a membership user.
/// </summary>
/// <returns>
/// true if the password was updated successfully; otherwise, false.
/// </returns>
/// <param name="username">The user to update the password for. </param><param name="oldPassword">The current password for the specified user. </param><param name="newPassword">The new password for the specified user. </param>
public override bool ChangePassword(string username, string oldPassword, string newPassword)
{
var account = AccountRepository.Get(username);
var pwInfo = account.CreatePasswordInfo();
if (!PasswordStrategy.Compare(pwInfo, oldPassword))
{
return(false);
}
ValidatePassword(username, newPassword);
account.Password = newPassword;
pwInfo = account.CreatePasswordInfo();
account.Password = PasswordStrategy.Encrypt(pwInfo);
AccountRepository.Update(account);
return(true);
}
public bool ChangePassword(string username, string oldPassword, string newPassword)
{
if (String.IsNullOrEmpty(username))
{
throw new ArgumentException("Value cannot be null or empty.", "username");
}
if (String.IsNullOrEmpty(oldPassword))
{
throw new ArgumentException("Value cannot be null or empty.", "oldPassword");
}
if (String.IsNullOrEmpty(newPassword))
{
throw new ArgumentException("Value cannot be null or empty.", "newPassword");
}
// The underlying ChangePassword() will throw an exception rather
// than return false in certain failure scenarios.
try
{
var account = UserQueries.Get(username);
var pwInfo = account.CreatePasswordInfo();
if (!PasswordStrategy.Compare(pwInfo, oldPassword))
{
return(false);
}
ValidatePassword(username, newPassword);
account.Password = newPassword;
pwInfo = account.CreatePasswordInfo();
account.Password = PasswordStrategy.Encrypt(pwInfo);
UserCommands.Update(account);
return(true);
}
catch (ArgumentException)
{
return(false);
}
catch (MembershipPasswordException)
{
return(false);
}
}
/// <summary>
/// Verifies that the specified user name and password exist in the data source.
/// </summary>
/// <returns>
/// true if the specified username and password are valid; otherwise, false.
/// </returns>
/// <param name="username">The name of the user to validate. </param><param name="password">The password for the specified user. </param>
public override bool ValidateUser(string username, string password)
{
var user = AccountRepository.Get(username);
if (user == null || user.IsLockedOut)
{
return(false);
}
var passwordInfo = user.CreatePasswordInfo();
var validated = PasswordStrategy.Compare(passwordInfo, password);
if (validated)
{
user.LastLoginAt = DateTime.Now;
user.FailedPasswordWindowStartedAt = DateTime.MinValue;
user.FailedPasswordWindowAttemptCount = 0;
AccountRepository.Update(user);
return(true);
}
user.FailedPasswordWindowAttemptCount += 1;
if (user.FailedPasswordWindowStartedAt == DateTime.MinValue)
{
user.FailedPasswordAnswerWindowStartedAt = DateTime.Now;
}
else if (DateTime.Now.Subtract(user.FailedPasswordAnswerWindowStartedAt).TotalMinutes >
PasswordPolicy.PasswordAttemptWindow)
{
user.IsLockedOut = true;
user.LastLockedOutAt = DateTime.Now;
AccountRepository.Update(user);
}
return(false);
}