public void Create(int employeeId, string userName, bool isDisabled, IEnumerable <int> roleIds)
{
SettingsService settingsService = new SettingsService(Name);
MembershipSettings membershipSettings = settingsService.GetMembershipSettings();
string password = settingsService.GetInitialPasswordSettings().InitialPassword;
string encryptedPassword = PasswordSecurity.EncryptPassword(membershipSettings, password, out int crypto, out string key, out string iv);
XElement xUser = new XElement("User");
xUser.SetElementValue("EmployeeId", employeeId);
xUser.SetElementValue("UserName", userName);
xUser.SetElementValue("LoweredUserName", userName.ToLower());
xUser.SetElementValue("IsDisabled", isDisabled);
xUser.SetElementValue("Password", encryptedPassword);
xUser.SetElementValue("PasswordCrypto", crypto);
xUser.SetElementValue("PasswordKey", key);
xUser.SetElementValue("PasswordIV", iv);
XElement xRoles = new XElement("Roles");
foreach (int roleId in roleIds)
{
XElement xRole = new XElement("Role");
xRole.SetElementValue("Id", roleId);
xRoles.Add(xRole);
}
if (xRoles.HasElements)
{
xUser.Add(xRoles);
}
Modifier.Create(xUser);
}
public static string EncryptPassword(MembershipSettings membershipSettings, string password, out int crypto, out string key, out string iv)
{
switch (membershipSettings.PasswordFormat)
{
// Clear
case 0:
crypto = 0;
key = null;
iv = null;
return(password);
// Hashed
case 1:
string salt = Convert.ToBase64String(new RandomNumGenerator().Generate());
crypto = membershipSettings.PasswordHash;
key = null;
iv = salt;
Hasher hasher = CreateHasher(crypto);
return(hasher.Hash(password, salt));
// Encrypted
case 2:
crypto = membershipSettings.PasswordCrypto;
SymmetricCryptor cryptor = CreateSymmetricCryptor(crypto);
key = Convert.ToBase64String(cryptor.Key);
iv = Convert.ToBase64String(cryptor.IV);
return(cryptor.Encrypt(password));
default:
throw new NotSupportedException(membershipSettings.PasswordFormat.ToString()); // never
}
}
public void ChangePassword(string password, string newPassword)
{
XElement xSecurityEntry = ThreadDataStore.RequestInfo.CreateSecurityEntry(ODataQuerier);
xSecurityEntry.SetElementValue("Operation", "ChangePassword");
SettingsService settingsService = new SettingsService(Name);
MembershipSettings membershipSettings = settingsService.GetMembershipSettings();
if (!PasswordSecurity.ValidatePassword(membershipSettings, newPassword, out string[] errorMessages))
protected void UpdateLockedOutState(XElement user, bool isSuccessful)
{
DateTime now = ODataQuerier.GetNow();
string nowString = new DotNETDateFormatter().Format(now);
SettingsService settingsService = new SettingsService(Name);
MembershipSettings membershipSettings = settingsService.GetMembershipSettings();
if (isSuccessful)
{
user.SetElementValue("LastLoginDate", nowString);
user.SetElementValue("FailedPasswordAttemptCount", 0);
}
else
{
if (membershipSettings.MaxInvalidPasswordAttempts == 0)
{
return;
}
int failedCount = int.Parse(user.Element("FailedPasswordAttemptCount").Value);
if (failedCount > 0)
{
DateTime start = DateTime.Parse(user.Element("FailedPasswordAttemptWindowStart").Value);
if ((DateTime.Now - start).TotalMinutes < membershipSettings.PasswordAttemptWindow)
{
if (failedCount >= membershipSettings.MaxInvalidPasswordAttempts)
{
user.SetElementValue("IsLockedOut", true.ToString());
user.SetElementValue("LastLockoutDate", nowString);
}
else
{
failedCount++;
user.SetElementValue("FailedPasswordAttemptCount", failedCount);
}
}
else
{
user.SetElementValue("FailedPasswordAttemptCount", 1);
user.SetElementValue("FailedPasswordAttemptWindowStart", nowString);
}
}
else
{
user.SetElementValue("FailedPasswordAttemptCount", 1);
user.SetElementValue("FailedPasswordAttemptWindowStart", nowString);
}
}
Modifier.AppendUpdate(user);
}
public MembershipSettings GetMembershipSettings()
{
MembershipSettings membershipSettings = new MembershipSettings();
IEnumerable <XElement> elements = ODataQuerier.GetCollection("Setting", null, "Catalog eq 'Membership'", null);
foreach (XElement element in elements)
{
string name = element.Element("Name").Value;
string value = element.Element("Value").Value;
switch (name)
{
case "PasswordFormat":
membershipSettings.PasswordFormat = int.Parse(value);
break;
case "PasswordCrypto":
membershipSettings.PasswordCrypto = int.Parse(value);
break;
case "PasswordHash":
membershipSettings.PasswordHash = int.Parse(value);
break;
case "MaxInvalidPasswordAttempts":
membershipSettings.MaxInvalidPasswordAttempts = int.Parse(value);
break;
case "PasswordAttemptWindow":
membershipSettings.PasswordAttemptWindow = int.Parse(value);
break;
case "MinRequiredPasswordLength":
membershipSettings.MinRequiredPasswordLength = int.Parse(value);
break;
case "MinRequiredNonAlphanumericCharacters":
membershipSettings.MinRequiredNonAlphanumericCharacters = int.Parse(value);
break;
case "PasswordStrengthRegularExpression":
membershipSettings.PasswordStrengthRegularExpression = value;
break;
}
}
return(membershipSettings);
}
protected void Validate(MembershipSettings value)
{
StringBuilder sb = new StringBuilder();
if (value.PasswordFormat < 0)
{
sb.AppendLine("The PasswordFormat must be one of {Clear, Hashed, Encrypted}");
}
if (value.PasswordCrypto < 0)
{
sb.AppendLine("The PasswordCrypto must be one of {Aes, DES, RC2, Rijndael, TripleDES}");
}
if (value.PasswordHash < 0)
{
sb.AppendLine("The PasswordHash must be one of {MD5, SHA1, SHA256, SHA384, SHA512}");
}
if (value.MaxInvalidPasswordAttempts < 0)
{
sb.AppendLine("The MaxInvalidPasswordAttempts must be a non-negative number");
}
if (value.PasswordAttemptWindow < 0)
{
sb.AppendLine("The PasswordAttemptWindow must be a non-negative number");
}
if (value.MinRequiredPasswordLength < 0)
{
sb.AppendLine("The MinRequiredPasswordLength must be a non-negative number");
}
if (value.MinRequiredNonAlphanumericCharacters < 0)
{
sb.AppendLine("The MinRequiredNonAlphanumericCharacters must be a non-negative number");
}
string errorMessage = sb.ToString();
if (!string.IsNullOrWhiteSpace(errorMessage))
{
throw ValidationHelper.CreateValidationException(errorMessage);
}
}
public static bool ValidatePassword(MembershipSettings membershipSettings, string password, out string[] errorMessages)
{
List <string> errors = new List <string>();
if (password.Length < membershipSettings.MinRequiredPasswordLength)
{
string error = string.Format("The new password must be at least {0} characters long", membershipSettings.MinRequiredPasswordLength);
errors.Add(error);
}
if (membershipSettings.MinRequiredNonAlphanumericCharacters > 0)
{
int nonAlphanumericCount = 0;
foreach (char c in password)
{
if (char.IsLetterOrDigit(c))
{
continue;
}
nonAlphanumericCount++;
}
if (nonAlphanumericCount < membershipSettings.MinRequiredNonAlphanumericCharacters)
{
string error = string.Format("The new password requires at least {0} non-letter or digit characters", membershipSettings.MinRequiredNonAlphanumericCharacters);
errors.Add(error);
}
}
if (!string.IsNullOrWhiteSpace(membershipSettings.PasswordStrengthRegularExpression))
{
Match match = Regex.Match(password, membershipSettings.PasswordStrengthRegularExpression);
if (!match.Success || match.Value != password)
{
string error = string.Format("The new password must match the specified regular expression '{0}'", membershipSettings.PasswordStrengthRegularExpression);
errors.Add(error);
}
}
errorMessages = errors.ToArray();
return(errorMessages.Length == 0);
}
public void SetMembershipSettings(MembershipSettings value)
{
Validate(value);
IEnumerable <XElement> elements = ODataQuerier.GetCollection("Setting", null, "Catalog eq 'Membership'", null);
XElement xSettings = new XElement("Settings");
xSettings.Add(elements);
XElement xItem = xSettings.Elements().First(x => x.Element("Name").Value == "PasswordFormat");
xItem.SetElementValue("Value", value.PasswordFormat);
xItem = xSettings.Elements().First(x => x.Element("Name").Value == "PasswordCrypto");
xItem.SetElementValue("Value", value.PasswordCrypto);
xItem = xSettings.Elements().First(x => x.Element("Name").Value == "PasswordHash");
xItem.SetElementValue("Value", value.PasswordHash);
xItem = xSettings.Elements().First(x => x.Element("Name").Value == "MaxInvalidPasswordAttempts");
xItem.SetElementValue("Value", value.MaxInvalidPasswordAttempts);
xItem = xSettings.Elements().First(x => x.Element("Name").Value == "PasswordAttemptWindow");
xItem.SetElementValue("Value", value.PasswordAttemptWindow);
xItem = xSettings.Elements().First(x => x.Element("Name").Value == "MinRequiredPasswordLength");
xItem.SetElementValue("Value", value.MinRequiredPasswordLength);
xItem = xSettings.Elements().First(x => x.Element("Name").Value == "MinRequiredNonAlphanumericCharacters");
xItem.SetElementValue("Value", value.MinRequiredNonAlphanumericCharacters);
xItem = xSettings.Elements().First(x => x.Element("Name").Value == "PasswordStrengthRegularExpression");
xItem.SetElementValue("Value", value.PasswordStrengthRegularExpression);
Modifier.Update(xSettings);
}