public void SetPassword(SetPasswordParameters parameters) { if (parameters == null) { throw new ClientException("It is not allowed to call this authentication service method with no parameters provided."); } _logger.Trace(() => "SetPassword: "******"User '{0}' is not registered.", new[] { parameters.UserName }, null, null); // Providing this information is not a security issue, because this method requires admin credentials (SetPasswordClaim). } if (!IsAccountCreated(parameters.UserName)) { WebSecurity.CreateAccount(parameters.UserName, parameters.Password); _logger.Trace("Password successfully initialized."); } else { var token = WebSecurity.GeneratePasswordResetToken(parameters.UserName); var changed = WebSecurity.ResetPassword(token, parameters.Password); if (!changed) { throw new UserException("Cannot change password.", "WebSecurity.ResetPassword returned 'false'."); } _logger.Trace("Password successfully changed."); } }
public void SetPassword(SetPasswordParameters parameters) { if (parameters == null) throw new ClientException("It is not allowed to call this authentication service method with no parameters provided."); _logger.Trace(() => "SetPassword: "******"User '" + parameters.UserName + "' is not registered."); // Providing this information is not a security issue, because this method requires admin credentials (SetPasswordClaim). if (!IsAccountCreated(parameters.UserName)) { WebSecurity.CreateAccount(parameters.UserName, parameters.Password); _logger.Trace("Password successfully initialized."); } else { var token = WebSecurity.GeneratePasswordResetToken(parameters.UserName); var changed = WebSecurity.ResetPassword(token, parameters.Password); if (!changed) throw new UserException("Cannot change password.", "WebSecurity.ResetPassword returned 'false'."); _logger.Trace("Password successfully changed."); } }
public async Task SetPassword([FromBody] SetPasswordParameters parameters) { ValidateForEmptyParameters(parameters); await _authenticationService.SetPasswordAsync(parameters.UserName, parameters.Password, parameters.IgnorePasswordStrengthPolicy); }