private MembershipUser GetMembershipUserFromUser(User user) { return new MembershipUser( Name, user.Name, user.Id, user.Email, user.PasswordQuestion, user.Comment, user.IsConfirmed, user.IsLockedOut, user.CreateDate, user.LastLoginDate.GetValueOrDefault(), user.LastActiveDate.GetValueOrDefault(), user.LastPasswordChangedDate.GetValueOrDefault(), user.LastLockoutDate.GetValueOrDefault()); }
/// <summary> /// validate the user and password /// throw exceptions for NotExist/NotConfirmed/LockedOut user; /// if wrong password is given, increase the FaildPasswordAttempCount, if this exceeds the MaxInvalidPasswordAttemps, throw exception; /// </summary> /// <param name="username"></param> /// <param name="password"></param> /// <param name="ctx"></param> /// <param name="user"></param> /// <returns></returns> private bool ValidateUser(string username, string password, MembershipContext ctx, out User user) { user = GetUser(u => u.Name.ToLower() == username.ToLower(), ctx); if (user == null) { throw new EFMemberException(EFMembershipValidationStatus.UserNotExist, string.Format(Resource.msg_UserNotExist, username)); } if (!user.IsConfirmed) { throw new EFMemberException(EFMembershipValidationStatus.UserNotConfirmed, string.Format(Resource.msg_UserNotConfirmed, username)); } if (user.IsLockedOut) { throw new EFMemberException(EFMembershipValidationStatus.UserIsLockedOut, string.Format(Resource.msg_UserLockedOut, username)); } string encryptedPwd = EncryptPassword(password); if (encryptedPwd != user.Password) { // update falure password attempt count DateTime? lastFailureTry = user.FailedPasswordAttempWindowStart; if (lastFailureTry == null || DateTime.Now > lastFailureTry.Value.AddMinutes(PasswordAttemptWindow)) { user.FailedPasswordAttempWindowStart = DateTime.Now; user.FailedPasswordAttempCount = 1; } else { ++user.FailedPasswordAttempCount; } if (user.FailedPasswordAttempCount >= MaxInvalidPasswordAttempts) { user.IsLockedOut = true; user.LastLockoutDate = DateTime.Now; } ctx.SaveChanges(); throw new EFMemberException(EFMembershipValidationStatus.WrongPassword, string.Format(Resource.msg_WrongPassword, username)); } // update last date user.LastActiveDate = DateTime.Now; user.LastLoginDate = DateTime.Now; return true; }
public override MembershipUser CreateUser(string username, string password, string email, string passwordQuestion, string passwordAnswer, bool isConfirmed, object providerUserKey, out MembershipCreateStatus status) { status = MembershipCreateStatus.Success; ValidatePasswordEventArgs args = new ValidatePasswordEventArgs(username, password, true); OnValidatingPassword(args); if (!CheckPwdComplexity(password)) { status = MembershipCreateStatus.InvalidPassword; return null; } MembershipUser membershipUser = null; User user = null; using (var ctx = CreateContext()) { // check username uniqueness if (UserNameExist(username, ctx)) { status = MembershipCreateStatus.DuplicateUserName; return null; } // check email uniqueness if (RequiresUniqueEmail) { if (UserEmailExist(email, ctx)) { status = MembershipCreateStatus.DuplicateEmail; return null; } } user = new User { Name = username, Password = EncryptPassword(password), Email = email, CreateDate = DateTime.Now, Application = ProviderUtils.EnsureApplication(ApplicationName, ctx), Id = Guid.NewGuid(), IsConfirmed = false, // this should always be false PasswordAnswer = passwordAnswer, PasswordQuestion = passwordQuestion }; ctx.Users.Add(user); ctx.SaveChanges(); } membershipUser = GetMembershipUserFromUser(user); return membershipUser; }