예제 #1
0
        /// <summary>
        /// Sets the confirmed flag for the username if it is correct.
        /// </summary>
        /// <returns>True if the account could be successfully confirmed. False if the username was not found or the confirmation token is invalid.</returns>
        /// <remarks>Inherited from ExtendedMembershipProvider ==> Simple Membership MUST be enabled to use this method</remarks>
        public override bool ConfirmAccount(string userName, string accountConfirmationToken)
        {
            VerifyInitialized();
            // We need to compare the token using a case insensitive comparison however it seems tricky to do this uniformly across databases when representing the token as a string.
            // Therefore verify the case on the client
            //session.ConfirmAccount(userTableName, userNameColumn, userIdColumn);
            var row = _session.Users.FirstOrDefault(x => x.ConfirmationToken == accountConfirmationToken && x.UserName == userName);

            if (row == null)
            {
                return(false);
            }
            string expectedToken = row.ConfirmationToken;

            if (String.Equals(accountConfirmationToken, expectedToken, StringComparison.Ordinal))
            {
                try
                {
                    row.IsConfirmed = true;
                    _session.Update(row);
                }
                catch (Exception)
                {
                    return(false);
                }
            }
            return(false);
        }
예제 #2
0
 // Inherited from ExtendedMembershipProvider ==> Simple Membership MUST be enabled to use this method
 public override bool ResetPasswordWithToken(string token, string newPassword)
 {
     VerifyInitialized();
     if (string.IsNullOrEmpty(newPassword))
     {
         throw new ArgumentException("Argument_Cannot_Be_Null_Or_Empty", "newPassword");
     }
     using (var session = new MongoSession(_connectionString))
     {
         var user = session.Users.FirstOrDefault(x => x.PasswordVerificationToken == token && x.PasswordVerificationTokenExpirationDate > DateTime.UtcNow);
         if (user != null)
         {
             bool success = SetPassword(session, user, newPassword);
             if (success)
             {
                 // Clear the Token on success
                 user.PasswordVerificationToken = null;
                 user.PasswordVerificationTokenExpirationDate = null;
                 try
                 {
                     session.Update(user);
                 }
                 catch (Exception)
                 {
                     throw new ProviderException("Database operation failed.");
                 }
             }
             return(success);
         }
         else
         {
             return(false);
         }
     }
 }
예제 #3
0
 /// <summary>
 /// Sets the confirmed flag for the username if it is correct.
 /// </summary>
 /// <returns>True if the account could be successfully confirmed. False if the username was not found or the confirmation token is invalid.</returns>
 /// <remarks>Inherited from ExtendedMembershipProvider ==> Simple Membership MUST be enabled to use this method.
 /// There is a tiny possibility where this method fails to work correctly. Two or more users could be assigned the same token but specified using different cases.
 /// A workaround for this would be to use the overload that accepts both the user name and confirmation token.
 /// </remarks>
 public override bool ConfirmAccount(string accountConfirmationToken)
 {
     VerifyInitialized();
     using (var session = new MongoSession(_connectionString))
     {
         // We need to compare the token using a case insensitive comparison however it seems tricky to do this uniformly across databases when representing the token as a string.
         // Therefore verify the case on the client
         var rows = session.Users
                    .Where(x => x.ConfirmationToken == accountConfirmationToken)
                    .ToList()
                    .Where(r => ((string)r.ConfirmationToken).Equals(accountConfirmationToken, StringComparison.Ordinal))
                    .ToList();
         Debug.Assert(rows.Count < 2, "By virtue of the fact that the ConfirmationToken is random and unique, we can never have two tokens that are identical.");
         if (!rows.Any())
         {
             return(false);
         }
         var row = rows.First();
         row.IsConfirmed = true;
         try
         {
             session.Update(row);
             return(true);
         }
         catch (Exception)
         {
             return(false);
         }
     }
 }
예제 #4
0
        //internal void ValidateUserTable()
        //{
        //    using (var session = new MongoSession(_connectionString))
        //    {
        //        // GetUser will fail with an exception if the user table isn't set up properly
        //        try
        //        {
        //            GetUserId(db, SafeUserTableName, SafeUserNameColumn, SafeUserIdColumn, "z");
        //        }
        //        catch (Exception e)
        //        {
        //            throw new InvalidOperationException(String.Format(CultureInfo.InvariantCulture, WebDataResources.Security_FailedToFindUserTable, UserTableName), e);
        //        }
        //    }
        //}

        // Inherited from MembershipProvider ==> Forwarded to previous provider if this provider hasn't been initialized
        public override bool ValidateUser(string username, string password)
        {
            if (!InitializeCalled)
            {
                return(PreviousProvider.ValidateUser(username, password));
            }
            if (string.IsNullOrEmpty(username))
            {
                throw new ArgumentException("Argument_Cannot_Be_Null_Or_Empty", "username");
            }
            if (string.IsNullOrEmpty(password))
            {
                throw new ArgumentException("Argument_Cannot_Be_Null_Or_Empty", "password");
            }
            using (var session = new MongoSession(_connectionString))
            {
                var user = VerifyUserNameHasConfirmedAccount(session, username, throwException: false);
                if (user == null)
                {
                    return(false);
                }
                else
                {
                    var result = CheckPassword(session, user.UserId, password);
                    try
                    {
                        if (result)
                        {
                            user.LastLoginDate = DateTime.Now;
                        }
                        else
                        {
                            user.LastPasswordFailureDate = DateTime.Now;
                        }

                        session.Update(user);
                    }
                    catch (Exception ex) { }
                    return(result);
                }
            }
        }
예제 #5
0
        private static bool SetPassword(MongoSession session, MembershipAccount user, string newPassword)
        {
            string hashedPassword = Crypto.HashPassword(newPassword);

            if (hashedPassword.Length > 128)
            {
                throw new ArgumentException("The membership password is too long. (Maximum length is 128 characters).");
            }

            try
            {
                user.Password            = hashedPassword;
                user.PasswordSalt        = string.Empty;
                user.PasswordChangedDate = DateTime.UtcNow;
                session.Update(user);
                return(true);
            }
            catch (Exception)
            {
                return(false);
            }
        }
예제 #6
0
        // Inherited from ExtendedMembershipProvider ==> Simple Membership MUST be enabled to use this method
        public override string CreateAccount(string userName, string password, bool requireConfirmationToken)
        {
            VerifyInitialized();

            if (string.IsNullOrEmpty(password))
            {
                throw new MembershipCreateUserException(MembershipCreateStatus.InvalidPassword);
            }

            string hashedPassword = Crypto.HashPassword(password);

            if (hashedPassword.Length > 128)
            {
                throw new MembershipCreateUserException(MembershipCreateStatus.InvalidPassword);
            }

            if (string.IsNullOrEmpty(userName))
            {
                throw new MembershipCreateUserException(MembershipCreateStatus.InvalidUserName);
            }

            // Step 1: Check if the user exists in the Users table
            var usr = GetUser(userName);

            if (usr == null)
            {
                // User not found
                throw new MembershipCreateUserException(MembershipCreateStatus.ProviderError);
            }

            using (var session = new MongoSession(_connectionString))
            {
                // Step 2: Check if the user exists in the Membership table: Error if yes.
                var result = session.Users.Count(x => x.UserName == userName);
                if (result > 1)
                {
                    throw new MembershipCreateUserException(MembershipCreateStatus.DuplicateUserName);
                }


                // Step 3: Create user in Membership table
                string token   = null;
                object dbtoken = DBNull.Value;
                if (requireConfirmationToken)
                {
                    token   = GenerateToken();
                    dbtoken = token;
                }
                int defaultNumPasswordFailures = 0;

                try
                {
                    var now = DateTime.UtcNow;

                    usr.Password            = hashedPassword;
                    usr.PasswordSalt        = string.Empty;
                    usr.IsConfirmed         = !requireConfirmationToken;
                    usr.ConfirmationToken   = dbtoken as string;
                    usr.CreationDate        = now;
                    usr.PasswordChangedDate = now;
                    usr.PasswordFailuresSinceLastSuccess = defaultNumPasswordFailures;

                    session.Update(usr);

                    return(token);
                }
                catch (Exception)
                {
                    throw new MembershipCreateUserException(MembershipCreateStatus.ProviderError);
                }
            }
        }