public override bool ExtendedValidateUser(string userNameOrEmail, string password) { if (string.IsNullOrEmpty(userNameOrEmail)) { throw CreateArgumentNullOrEmptyException("userNameOrEmail"); } if (string.IsNullOrEmpty(password)) { throw CreateArgumentNullOrEmptyException("password"); } using (BusinessFlowContext context = new BusinessFlowContext()) { User user = null; user = context.User.FirstOrDefault(Usr => Usr.Username == userNameOrEmail); if (user == null) { user = context.User.FirstOrDefault(Usr => Usr.Email == userNameOrEmail); } if (user == null) { return(false); } if (!user.IsConfirmed) { return(false); } dynamic hashedPassword = user.Password; bool verificationSucceeded = (hashedPassword != null && CodeFirstCrypto.VerifyHashedPassword(hashedPassword, password)); if (verificationSucceeded) { user.PasswordFailuresSinceLastSuccess = 0; } else { int failures = user.PasswordFailuresSinceLastSuccess; if (failures != -1) { user.PasswordFailuresSinceLastSuccess += 1; user.LastPasswordFailureDate = DateTime.UtcNow; } } context.SaveChanges(); //if (verificationSucceeded) //{ // return user.Username; //} //else //{ // return string.Empty; //} return(verificationSucceeded); } }
public override bool ChangePassword(string userName, string oldPassword, string newPassword) { if (string.IsNullOrEmpty(userName)) { throw CreateArgumentNullOrEmptyException("userName"); } if (string.IsNullOrEmpty(oldPassword)) { throw CreateArgumentNullOrEmptyException("oldPassword"); } if (string.IsNullOrEmpty(newPassword)) { throw CreateArgumentNullOrEmptyException("newPassword"); } using (BusinessFlowContext context = new BusinessFlowContext()) { dynamic user = context.User.FirstOrDefault(Usr => Usr.Username == userName); if (user == null) { return(false); } dynamic hashedPassword = user.Password; bool verificationSucceeded = (hashedPassword != null && CodeFirstCrypto.VerifyHashedPassword(hashedPassword, oldPassword)); if (verificationSucceeded) { user.PasswordFailuresSinceLastSuccess = 0; } else { int failures = user.PasswordFailuresSinceLastSuccess; if (failures != -1) { user.PasswordFailuresSinceLastSuccess += 1; user.LastPasswordFailureDate = DateTime.UtcNow; } context.SaveChanges(); return(false); } dynamic newhashedPassword = CodeFirstCrypto.HashPassword(newPassword); if (newhashedPassword.Length > 128) { throw new ArgumentException("Password too long"); } user.Password = newhashedPassword; user.PasswordChangedDate = DateTime.UtcNow; context.SaveChanges(); return(true); } }