){kind=link}
/// <summary>
/// Processes a request to update the password for a membership user.
/// </summary>
/// <param name="username">The user to update the password for. </param>
/// <param name="oldPassword">The current password for the specified user.</param>
/// <param name="newPassword">The new password for the specified user. </param>
/// <returns>true if the password was updated successfully; otherwise, false.</returns>
public override bool ChangePassword(string username, string oldPassword, string newPassword)
{
User user = UserDataSource.LoadForUserName(username);
if ((user != null) && user.CheckPassword(oldPassword))
{
return(user.SetPassword(newPassword));
}
return(false);
}
/// <summary>
/// Removes a user from the membership data source.
/// </summary>
/// <param name="username">The name of the user to delete.</param>
/// <param name="deleteAllRelatedData">This parameter is ignored by the provider. Related user data is always deleted.</param>
/// <returns>true if the user was successfully deleted; otherwise, false.</returns>
public override bool DeleteUser(string username, bool deleteAllRelatedData)
{
User user = UserDataSource.LoadForUserName(username);
if (user != null)
{
return(user.Delete());
}
return(false);
}
){kind=link}
/// <summary>
/// Gets a value indicating whether the specified user is in the specified role for the configured applicationName.
/// </summary>
/// <param name="username">The name of the user to check for</param>
/// <param name="roleName">The role to check for</param>
/// <returns><b>true</b> if user is in role, <b>false</b> otherwise</returns>
public override bool IsUserInRole(string username, string roleName)
{
User user = UserDataSource.LoadForUserName(username);
if (user == null)
{
return(false);
}
return(RoleDataSource.IsUserInRole(user.UserId, roleName));
}
/// <summary>
/// Clears a lock so that the membership user can be validated.
/// </summary>
/// <param name="username">The membership user whose lock status you want to clear.</param>
/// <returns>true if the membership user was successfully unlocked; otherwise, false.</returns>
public override bool UnlockUser(string username)
{
User user = UserDataSource.LoadForUserName(username);
if (user != null)
{
user.IsLockedOut = false;
return(user.Save() != SaveResult.Failed);
}
return(false);
}
/// <summary>
/// Processes a request to update the password question and answer for a membership user.
/// </summary>
/// <param name="username">The user to change the password question and answer for. </param>
/// <param name="password">The password for the specified user.</param>
/// <param name="newPasswordQuestion">The new password question for the specified user</param>
/// <param name="newPasswordAnswer">The new password answer for the specified user. </param>
/// <returns>true if the password question and answer are updated successfully; otherwise, false.</returns>
public override bool ChangePasswordQuestionAndAnswer(string username, string password, string newPasswordQuestion, string newPasswordAnswer)
{
User user = UserDataSource.LoadForUserName(username);
if ((user != null) && user.CheckPassword(password))
{
user.PasswordQuestion = newPasswordQuestion;
//password answer is always encoded in SHA1
user.PasswordAnswer = UserPasswordHelper.EncodePassword(newPasswordAnswer, "SHA1");
return(user.Save() != SaveResult.Failed);
}
return(false);
}
/// <summary>
/// Gets information from the data source for a user. Provides an option to update the last-activity date/time stamp for the user.
/// </summary>
/// <param name="username">The name of the user to get information for. </param>
/// <param name="userIsOnline">true to update the last-activity date/time stamp for the user; false to return user information without updating the last-activity date/time stamp for the user.</param>
/// <returns>A MembershipUser object populated with the specified user's information from the data source.</returns>
public override MembershipUser GetUser(string username, bool userIsOnline)
{
//validate the provider user key
User user = UserDataSource.LoadForUserName(username);
if (user == null)
{
return(null);
}
if (userIsOnline)
{
user.LastActivityDate = LocaleHelper.LocalNow;
user.Save();
}
return(new MembershipUser(this.Name, user.UserName, user.UserId, user.Email, user.PasswordQuestion, user.Comment, user.IsApproved, user.IsLockedOut, user.CreateDate, user.LastLoginDate, user.LastActivityDate, user.Passwords[0].CreateDate, user.LastLockoutDate));
}
/// <summary>
/// Gets a list of the roles that a specified user is in for the configured applicationName.
/// </summary>
/// <param name="username">The user to return a list of roles for.</param>
/// <returns>A string array containing the names of all the roles that the specified user is in for the configured applicationName.</returns>
public override string[] GetRolesForUser(string username)
{
string[] userRoles = new string[0];
User user = UserDataSource.LoadForUserName(username);
if (user != null)
{
RoleCollection roles = RoleDataSource.LoadForUser(user.UserId);
if (roles.Count > 0)
{
userRoles = new string[roles.Count];
for (int i = 0; i < roles.Count; i++)
{
userRoles[i] = roles[i].Name;
}
}
}
return(userRoles);
}
/// <summary>
/// Validates the given username and password
/// </summary>
/// <param name="username">Name of user attempting login</param>
/// <param name="password">Password provided by user</param>
/// <returns>True if the login succeeds; false otherwise.</returns>
public static bool Login(string username, string password)
{
User user = UserDataSource.LoadForUserName(username);
if (user == null)
{
return(AuditLogin_InvalidUsername(username));
}
if (!user.IsApproved)
{
return(AuditLogin_Unapproved(user));
}
UserPasswordCollection passwordCollection = user.Passwords;
if (passwordCollection.Count == 0)
{
return(AuditLogin_NoPassword(user));
}
UserPassword storedPassword = passwordCollection[0];
bool isPasswordValid = storedPassword.VerifyPassword(password);
PasswordPolicy policy;
if (user.IsAdmin)
{
policy = new MerchantPasswordPolicy();
}
else
{
policy = new CustomerPasswordPolicy();
}
if (user.IsLockedOut)
{
if (user.LastLockoutDate >= LocaleHelper.LocalNow.AddMinutes(-1 * policy.LockoutPeriod))
{
//STILL LOCKED OUT
// BUG # 6688 (DONT RESET THE LOCKOUT TIME IF ACCOUNT ALREADY LOCKED)
// ALSO IGNORE THE LOGIN ATTEMPTS
//if (!isPasswordValid)
//{
// user.LastLockoutDate = LocaleHelper.LocalNow;
// user.FailedPasswordAttemptCount += 1;
// user.Save();
//}
return(AuditLogin_AccountLocked(user));
}
user.IsLockedOut = false;
}
if (isPasswordValid)
{
user.FailedPasswordAttemptCount = 0;
user.LastLoginDate = LocaleHelper.LocalNow;
user.Save();
return(AuditLogin_Success(user));
}
else
{
user.FailedPasswordAttemptCount += 1;
if (user.FailedPasswordAttemptCount >= policy.MaxAttempts)
{
user.IsLockedOut = true;
// RESET THE FAILED ATTEMPTS COUNT
user.FailedPasswordAttemptCount = 0;
user.LastLockoutDate = LocaleHelper.LocalNow;
}
user.Save();
return(AuditLogin_InvalidPassword(user));
}
}