string GetCookieValue(UserAccount account) { return(CryptoHelper.Hash(account.ID.ToString(), account.HashedPassword)); }
void SetMobileCode(MobileCodePurpose purpose) { this.MobileCode = CryptoHelper.GenerateNumericCode(MobileCodeLength); this.MobileCodeSent = UtcNow; this.MobilePurpose = purpose; }
public void SignInWithLinkedAccount( string tenant, string providerName, string providerAccountID, IEnumerable <Claim> claims) { if (!UserAccountService.Configuration.SecuritySettings.MultiTenant) { tenant = UserAccountService.Configuration.SecuritySettings.DefaultTenant; } if (String.IsNullOrWhiteSpace(tenant)) { throw new ArgumentException("tenant"); } if (String.IsNullOrWhiteSpace(providerName)) { throw new ArgumentException("providerName"); } if (String.IsNullOrWhiteSpace(providerAccountID)) { throw new ArgumentException("providerAccountID"); } if (claims == null) { throw new ArgumentNullException("claims"); } UserAccount account = null; var user = ClaimsPrincipal.Current; if (user.Identity.IsAuthenticated) { // already logged in, so use the current user's account account = this.UserAccountService.GetByID(user.GetUserID()); } else { // see if there's already an account mapped to this provider account = this.UserAccountService.GetByLinkedAccount(tenant, providerName, providerAccountID); if (account == null) { // no account associated, so create one // we need email var email = claims.GetValue(ClaimTypes.Email); if (String.IsNullOrWhiteSpace(email)) { throw new ValidationException("Can't create an account because there was no email from the identity provider."); } // guess at a name to use var name = claims.GetValue(ClaimTypes.Name); if (name == null || this.UserAccountService.UsernameExists(tenant, name)) { name = email; } // check to see if email already exists if (this.UserAccountService.EmailExists(tenant, email)) { throw new ValidationException("Can't login with this provider because the email is already associated with another account. Please login with your local account and then associate the provider."); } // auto-gen a password, they can always reset it later if they want to use the password feature // this is slightly dangerous if we don't do email account verification, so if email account // verification is disabled then we need to be very confident that the external provider has // provided us with a verified email var pwd = CryptoHelper.GenerateSalt(); account = this.UserAccountService.CreateAccount(tenant, name, pwd, email); } } if (account == null) { throw new Exception("Failed to locate account"); } // add/update the provider with this account account.AddOrUpdateLinkedAccount(providerName, providerAccountID, claims); this.UserAccountService.Update(account); // signin from the account // if we want to include the provider's claims, then perhaps this // should be done in the claims transformer this.SignIn(account, providerName); }
protected internal virtual bool VerifyHashedPassword(string password) { return(CryptoHelper.VerifyHashedPassword(HashedPassword, password)); }
protected internal virtual string HashPassword(string password) { return(CryptoHelper.HashPassword(password)); }
protected internal virtual string GenerateSalt() { return(CryptoHelper.GenerateSalt()); }
protected internal virtual string Hash(string value) { return(CryptoHelper.Hash(value)); }
void IssueMobileCode() { this.MobileCode = CryptoHelper.GenerateNumericCode(MembershipRebootConstants.UserAccount.MobileCodeLength); this.MobileCodeSent = UtcNow; }