private MembershipUser GetMembershipUserFromUser(User user)
{
return new MembershipUser(
Name,
user.Name,
user.Id,
user.Email,
user.PasswordQuestion,
user.Comment,
user.IsConfirmed,
user.IsLockedOut,
user.CreateDate,
user.LastLoginDate.GetValueOrDefault(),
user.LastActiveDate.GetValueOrDefault(),
user.LastPasswordChangedDate.GetValueOrDefault(),
user.LastLockoutDate.GetValueOrDefault());
}
/// <summary>
/// validate the user and password
/// throw exceptions for NotExist/NotConfirmed/LockedOut user;
/// if wrong password is given, increase the FaildPasswordAttempCount, if this exceeds the MaxInvalidPasswordAttemps, throw exception;
/// </summary>
/// <param name="username"></param>
/// <param name="password"></param>
/// <param name="ctx"></param>
/// <param name="user"></param>
/// <returns></returns>
private bool ValidateUser(string username, string password, MembershipContext ctx, out User user)
{
user = GetUser(u => u.Name.ToLower() == username.ToLower(), ctx);
if (user == null)
{
throw new EFMemberException(EFMembershipValidationStatus.UserNotExist, string.Format(Resource.msg_UserNotExist, username));
}
if (!user.IsConfirmed)
{
throw new EFMemberException(EFMembershipValidationStatus.UserNotConfirmed, string.Format(Resource.msg_UserNotConfirmed, username));
}
if (user.IsLockedOut)
{
throw new EFMemberException(EFMembershipValidationStatus.UserIsLockedOut, string.Format(Resource.msg_UserLockedOut, username));
}
string encryptedPwd = EncryptPassword(password);
if (encryptedPwd != user.Password)
{
// update falure password attempt count
DateTime? lastFailureTry = user.FailedPasswordAttempWindowStart;
if (lastFailureTry == null || DateTime.Now > lastFailureTry.Value.AddMinutes(PasswordAttemptWindow))
{
user.FailedPasswordAttempWindowStart = DateTime.Now;
user.FailedPasswordAttempCount = 1;
}
else
{
++user.FailedPasswordAttempCount;
}
if (user.FailedPasswordAttempCount >= MaxInvalidPasswordAttempts)
{
user.IsLockedOut = true;
user.LastLockoutDate = DateTime.Now;
}
ctx.SaveChanges();
throw new EFMemberException(EFMembershipValidationStatus.WrongPassword, string.Format(Resource.msg_WrongPassword, username));
}
// update last date
user.LastActiveDate = DateTime.Now;
user.LastLoginDate = DateTime.Now;
return true;
}
public override MembershipUser CreateUser(string username, string password, string email, string passwordQuestion, string passwordAnswer, bool isConfirmed, object providerUserKey, out MembershipCreateStatus status)
{
status = MembershipCreateStatus.Success;
ValidatePasswordEventArgs args = new ValidatePasswordEventArgs(username, password, true);
OnValidatingPassword(args);
if (!CheckPwdComplexity(password))
{
status = MembershipCreateStatus.InvalidPassword;
return null;
}
MembershipUser membershipUser = null;
User user = null;
using (var ctx = CreateContext())
{
// check username uniqueness
if (UserNameExist(username, ctx))
{
status = MembershipCreateStatus.DuplicateUserName;
return null;
}
// check email uniqueness
if (RequiresUniqueEmail)
{
if (UserEmailExist(email, ctx))
{
status = MembershipCreateStatus.DuplicateEmail;
return null;
}
}
user = new User
{
Name = username,
Password = EncryptPassword(password),
Email = email,
CreateDate = DateTime.Now,
Application = ProviderUtils.EnsureApplication(ApplicationName, ctx),
Id = Guid.NewGuid(),
IsConfirmed = false, // this should always be false
PasswordAnswer = passwordAnswer,
PasswordQuestion = passwordQuestion
};
ctx.Users.Add(user);
ctx.SaveChanges();
}
membershipUser = GetMembershipUserFromUser(user);
return membershipUser;
}
