protected void btnLockUser_Click(object sender, EventArgs e) { if (this.userID > -1) { SiteUser user = new SiteUser(siteSettings, this.userID); user.LockoutAccount(); } WebUtils.SetupRedirect(this, Request.RawUrl); return; }
public override string GetPassword(string userName, string passwordAnswer) { /* * Takes, as input, a user name and a password answer and returns that user's password. * If the user name is not valid, GetPassword throws a ProviderException. Before retrieving * a password, GetPassword verifies that EnablePasswordRetrieval is true. * If EnablePasswordRetrieval is false, GetPassword throws a NotSupportedException. * If EnablePasswordRetrieval is true but the password format is hashed, GetPassword * throws a ProviderException since hashed passwords cannot, by definition, be retrieved. * A membership provider should also throw a ProviderException from Initialize if * EnablePasswordRetrieval is true but the password format is hashed. GetPassword also * checks the value of the RequiresQuestionAndAnswer property before retrieving a password. * If RequiresQuestionAndAnswer is true, GetPassword compares the supplied password * answer to the stored password answer and throws a MembershipPasswordException if * the two don't match. GetPassword also throws a MembershipPasswordException if the * user whose password is being retrieved is currently locked out. */ SiteSettings siteSettings = GetSiteSettings(); if (!siteSettings.AllowPasswordRetrieval) { throw new MojoMembershipException( ResourceHelper.GetMessageTemplate("PasswordRetrievalNotEnabledMessage.config") ); } if ((userName != null) && (siteSettings != null)) { SiteUser siteUser = new SiteUser(siteSettings, userName); if (siteUser.UserId > -1) { if (siteUser.IsLockedOut) { throw new MembershipPasswordException( ResourceHelper.GetMessageTemplate("UserAccountLockedMessage.config")); } if (siteUser.IsDeleted) { throw new MembershipPasswordException( ResourceHelper.GetMessageTemplate("UserNotFoundMessage.config")); } bool okToGetPassword = false; if (siteSettings.RequiresQuestionAndAnswer) { if ((passwordAnswer != null) && (PasswordAnswerIsMatch(passwordAnswer, siteUser.PasswordAnswer))) { okToGetPassword = true; } else { if (siteSettings.MaxInvalidPasswordAttempts > 0) { siteUser.IncrementPasswordAnswerAttempts(siteSettings); if (WebConfigSettings.LockAccountOnMaxPasswordAnswerTries) { if (siteUser.FailedPasswordAnswerAttemptCount >= siteSettings.MaxInvalidPasswordAttempts) { siteUser.LockoutAccount(); } } } } } else { okToGetPassword = true; } if(okToGetPassword) { if (siteSettings.RequirePasswordChangeOnResetRecover) { siteUser.MustChangePwd = true; siteUser.Save(); } switch(PasswordFormat) { case MembershipPasswordFormat.Clear: return siteUser.Password; case MembershipPasswordFormat.Encrypted: try { if (siteUser.PasswordSalt.Length > 0) { return UnencodePassword(siteUser.Password, MembershipPasswordFormat.Encrypted).Replace(siteUser.PasswordSalt, string.Empty); } else { return UnencodePassword(siteUser.Password, MembershipPasswordFormat.Encrypted); } } catch (FormatException ex) { log.Error(ex); throw new MembershipPasswordException("failure retrieving password"); } case MembershipPasswordFormat.Hashed: string newPassword = SiteUser.CreateRandomPassword(siteSettings.MinRequiredPasswordLength + 2, WebConfigSettings.PasswordGeneratorChars); siteUser.PasswordSalt = SiteUser.CreateRandomPassword(128, WebConfigSettings.PasswordGeneratorChars); siteUser.Password = EncodePassword(siteUser.PasswordSalt + newPassword, MembershipPasswordFormat.Hashed); siteUser.PasswordFormat = siteSettings.PasswordFormat; //after the new random password is emailed to the user we can force him to change it again immediately after he logs in siteUser.MustChangePwd = siteSettings.RequirePasswordChangeOnResetRecover; // needed if we are sending a link for automatic login and force to change password instead of sending the random one by email // will be cleared to Guid.Empty when password is changed siteUser.PasswordResetGuid = Guid.NewGuid(); siteUser.Save(); //siteUser.UnlockAccount(); return newPassword; } } else { return null; } } else { throw new ProviderException(ResourceHelper.GetMessageTemplate("UserNotFoundMessage.config")); } } return null; }