protected void OnUserRegistered(UserRegisteredEventArgs e)
{
if (UserRegistered != null)
{
UserRegistered(this, e);
}
}
void application_AuthenticateRequest(object sender, EventArgs e)
{
//if (debugLog) log.Debug("AuthHandlerHttpModule Application_AuthenticateRequest");
if (sender == null) return;
HttpApplication app = (HttpApplication)sender;
if (app.Request == null) { return; }
if (!app.Request.IsAuthenticated) { return; }
if(WebUtils.IsRequestForStaticFile(app.Request.Path)) { return; }
if (app.Request.Path.ContainsCaseInsensitive(".ashx")) { return; }
if (app.Request.Path.ContainsCaseInsensitive(".axd")) { return; }
if (app.Request.Path.ContainsCaseInsensitive("setup/default.aspx")) { return; }
//if (debugLog) log.Debug("IsAuthenticated == true");
SiteSettings siteSettings;
try
{
siteSettings = CacheHelper.GetCurrentSiteSettings();
}
catch (System.Data.Common.DbException ex)
{
// can happen during upgrades
log.Error(ex);
return;
}
catch (Exception ex)
{
// hate to trap System.Exception but SqlCeException doe snot inherit from DbException as it should
if (DatabaseHelper.DBPlatform() != "SqlCe") { throw; }
log.Error(ex);
return;
}
bool useFolderForSiteDetection = WebConfigSettings.UseFoldersInsteadOfHostnamesForMultipleSites;
// Added by Haluk Eryuksel - 2006-01-23
// support for Windows authentication
if (
(app.User.Identity.AuthenticationType == "NTLM")
|| (app.User.Identity.AuthenticationType == "Negotiate")
// || ( Context.User.Identity.AuthenticationType == "Windows" )
)
{
//Added by Benedict Chan - 2008-08-05
//Added Cookie here so that we don't have to check the users in every page, also to authenticate under NTLM with "useFolderForSiteDetection == true"
string cookieName = "siteguid" + siteSettings.SiteGuid;
if (!CookieHelper.CookieExists(cookieName))
{
bool existsInDB;
existsInDB = SiteUser.LoginExistsInDB(siteSettings.SiteId, app.Context.User.Identity.Name);
if (!existsInDB)
{
SiteUser u = new SiteUser(siteSettings);
u.Name = app.Context.User.Identity.Name;
u.LoginName = app.Context.User.Identity.Name;
u.Email = GuessEmailAddress(u.Name);
u.Password = SiteUser.CreateRandomPassword(7, WebConfigSettings.PasswordGeneratorChars);
mojoMembershipProvider m = Membership.Provider as mojoMembershipProvider;
if (m != null)
{
u.Password = m.EncodePassword(siteSettings, u, u.Password);
}
u.Save();
NewsletterHelper.ClaimExistingSubscriptions(u);
UserRegisteredEventArgs args = new UserRegisteredEventArgs(u);
OnUserRegistered(args);
}
SiteUser siteUser = new SiteUser(siteSettings, app.Context.User.Identity.Name);
CookieHelper.SetCookie(cookieName, siteUser.UserGuid.ToString(), true);
//Copied logic from SiteLogin.cs Since we will skip them if we use NTLM
if (siteUser.UserId > -1 && siteSettings.AllowUserSkins && siteUser.Skin.Length > 0)
{
SiteUtils.SetSkinCookie(siteUser);
}
// track user ip address
try
{
UserLocation userLocation = new UserLocation(siteUser.UserGuid, SiteUtils.GetIP4Address());
userLocation.SiteGuid = siteSettings.SiteGuid;
userLocation.Hostname = app.Request.UserHostName;
userLocation.Save();
log.Info("Set UserLocation : " + app.Request.UserHostName + ":" + SiteUtils.GetIP4Address());
}
catch (Exception ex)
{
log.Error(SiteUtils.GetIP4Address(), ex);
}
}
//End-Added by Benedict Chan
}
// End-Added by Haluk Eryuksel
if ((useFolderForSiteDetection) && (!WebConfigSettings.UseRelatedSiteMode))
{
// replace GenericPrincipal with custom one
//string roles = string.Empty;
if (!(app.Context.User is mojoIdentity))
{
app.Context.User = new mojoPrincipal(app.Context.User);
}
}
}
private void OnUserRegistered(UserRegisteredEventArgs e)
{
foreach (UserRegisteredHandlerProvider handler in UserRegisteredHandlerProviderManager.Providers)
{
handler.UserRegisteredHandler(null, e);
}
}
public override void UserRegisteredHandler(object sender, UserRegisteredEventArgs e)
{
if (e == null) return;
if (e.SiteUser == null) return;
SiteSettings siteSettings = CacheHelper.GetCurrentSiteSettings();
if (
(!siteSettings.RequireApprovalBeforeLogin)
&&(siteSettings.EmailAdressesForUserApprovalNotification.Length == 0)
) { return; }
log.Debug("NotifyAdminUserRegisteredHandler called for new user " + e.SiteUser.Email);
if (HttpContext.Current == null) { return; }
CultureInfo defaultCulture = SiteUtils.GetDefaultUICulture();
string subjectTemplate
= ResourceHelper.GetMessageTemplate(defaultCulture,
"NotifyAdminofNewUserRegistationSubject.config");
string textBodyTemplate = ResourceHelper.GetMessageTemplate(defaultCulture,
"NotifyAdminofNewUserRegistationMessage.config");
string siteRoot = SiteUtils.GetNavigationSiteRoot();
SmtpSettings smtpSettings = SiteUtils.GetSmtpSettings();
//lookup admin users and send notification email with link to manage user
List<string> adminEmails;
if (siteSettings.EmailAdressesForUserApprovalNotification.Length > 0)
{
adminEmails = siteSettings.EmailAdressesForUserApprovalNotification.SplitOnChar(',');
}
else
{
adminEmails = SiteUser.GetEmailAddresses(siteSettings.SiteId, "Admins;");
}
//foreach (DataRow row in admins.Rows)
foreach(string email in adminEmails)
{
if (WebConfigSettings.EmailAddressesToExcludeFromAdminNotifications.IndexOf(email, StringComparison.InvariantCultureIgnoreCase) > -1) { continue; }
//EmailMessageTask messageTask = new EmailMessageTask(smtpSettings);
//messageTask.EmailFrom = siteSettings.DefaultEmailFromAddress;
//messageTask.EmailFromAlias = siteSettings.DefaultFromEmailAlias;
//messageTask.EmailTo = email;
//messageTask.Subject = string.Format(defaultCulture, subjectTemplate, e.SiteUser.Email, siteRoot);
string manageUserLink = siteRoot + "/Admin/ManageUsers.aspx?userid="
+ e.SiteUser.UserId.ToInvariantString();
//messageTask.TextBody = string.Format(defaultCulture, textBodyTemplate, siteSettings.SiteName, siteRoot, manageUserLink);
//messageTask.SiteGuid = siteSettings.SiteGuid;
//messageTask.QueueTask();
Email.Send(
smtpSettings,
siteSettings.DefaultEmailFromAddress,
siteSettings.DefaultFromEmailAlias,
string.Empty,
email,
string.Empty,
string.Empty,
string.Format(defaultCulture, subjectTemplate, e.SiteUser.Email, siteRoot),
string.Format(defaultCulture, textBodyTemplate, siteSettings.SiteName, siteRoot, manageUserLink),
false,
Email.PriorityNormal);
}
//WebTaskManager.StartOrResumeTasks();
}
private SiteUser CreateUser(
string openId,
string email,
string loginName,
string name,
bool emailIsVerified)
{
SiteUser newUser = new SiteUser(siteSettings);
newUser.Email = email;
if (loginName.Length > 50) loginName = loginName.Substring(0, 50);
int i = 1;
while (SiteUser.LoginExistsInDB(
siteSettings.SiteId, loginName))
{
loginName += i.ToString();
if (loginName.Length > 50) loginName = loginName.Remove(40, 1);
i++;
}
if ((name == null) || (name.Length == 0)) name = loginName;
newUser.LoginName = loginName;
newUser.Name = name;
//newUser.Password = SiteUser.CreateRandomPassword(7);
mojoMembershipProvider mojoMembership = (mojoMembershipProvider)Membership.Provider;
newUser.Password = mojoMembership.EncodePassword(siteSettings, newUser, SiteUser.CreateRandomPassword(7, WebConfigSettings.PasswordGeneratorChars));
newUser.PasswordQuestion = Resource.ManageUsersDefaultSecurityQuestion;
newUser.PasswordAnswer = Resource.ManageUsersDefaultSecurityAnswer;
newUser.OpenIdUri = openId;
newUser.Save();
//test
//emailIsVerified = false;
if (siteSettings.UseSecureRegistration)
{
if (!emailIsVerified)
{
newUser.SetRegistrationConfirmationGuid(Guid.NewGuid());
}
}
mojoProfileConfiguration profileConfig
= mojoProfileConfiguration.GetConfig();
// set default values first
foreach (mojoProfilePropertyDefinition propertyDefinition in profileConfig.PropertyDefinitions)
{
#if!MONO
// we are using the new TimeZoneInfo list but it doesn't work under Mono
// this makes us skip the TimeOffsetHours setting from mojoProfile.config which is not used under windows
if (propertyDefinition.Name == mojoProfilePropertyDefinition.TimeOffsetHoursKey) { continue; }
#endif
mojoProfilePropertyDefinition.SavePropertyDefault(
newUser, propertyDefinition);
}
foreach (mojoProfilePropertyDefinition propertyDefinition in profileConfig.PropertyDefinitions)
{
#if!MONO
// we are using the new TimeZoneInfo list but it doesn't work under Mono
// this makes us skip the TimeOffsetHours setting from mojoProfile.config which is not used under windows
if (propertyDefinition.Name == mojoProfilePropertyDefinition.TimeOffsetHoursKey) { continue; }
#endif
if ((propertyDefinition.RequiredForRegistration)||(propertyDefinition.ShowOnRegistration))
{
mojoProfilePropertyDefinition.SaveProperty(
newUser,
pnlRequiredProfileProperties,
propertyDefinition,
timeOffset,
timeZone);
}
}
// track user ip address
UserLocation userLocation = new UserLocation(newUser.UserGuid, SiteUtils.GetIP4Address());
userLocation.SiteGuid = siteSettings.SiteGuid;
userLocation.Hostname = Page.Request.UserHostName;
userLocation.Save();
UserRegisteredEventArgs u = new UserRegisteredEventArgs(newUser);
OnUserRegistered(u);
CacheHelper.ClearMembershipStatisticsCache();
// we'll map them next time they login
//OpenIdRpxHelper rpxHelper = new OpenIdRpxHelper(rpxApiKey, rpxBaseUrl);
//rpxHelper.Map(openId, newUser.UserGuid.ToString());
DoSubscribe(newUser);
NewsletterHelper.ClaimExistingSubscriptions(newUser);
return newUser;
}
//private void HookupRegistrationEventHandlers()
//{
// // this is a hook so that custom code can be fired when pages are created
// // implement a PageCreatedEventHandlerPovider and put a config file for it in
// // /Setup/ProviderConfig/pagecreatedeventhandlers
// try
// {
// foreach (UserRegisteredHandlerProvider handler in UserRegisteredHandlerProviderManager.Providers)
// {
// this.UserRegistered += handler.UserRegisteredHandler;
// }
// }
// catch (TypeInitializationException ex)
// {
// log.Error(ex);
// }
//}
//public event UserRegistreredEventHandler UserRegistered;
protected void OnUserRegistered(UserRegisteredEventArgs e)
{
foreach (UserRegisteredHandlerProvider handler in UserRegisteredHandlerProviderManager.Providers)
{
handler.UserRegisteredHandler(null, e);
}
//if (UserRegistered != null)
//{
// UserRegistered(this, e);
//}
}
private void CreateUser(string windowsLiveId)
{
SiteUser newUser = new SiteUser(siteSettings);
newUser.WindowsLiveId = windowsLiveId;
newUser.Name = SecurityHelper.RemoveMarkup(txtUserName.Text);
newUser.LoginName = newUser.Name;
newUser.Email = txtEmail.Text;
mojoMembershipProvider mojoMembership = (mojoMembershipProvider)Membership.Provider;
newUser.Password = mojoMembership.EncodePassword(siteSettings, newUser, SiteUser.CreateRandomPassword(7, WebConfigSettings.PasswordGeneratorChars));
//newUser.Password = SiteUser.CreateRandomPassword(7);
newUser.PasswordQuestion = Resource.ManageUsersDefaultSecurityQuestion;
newUser.PasswordAnswer = Resource.ManageUsersDefaultSecurityAnswer;
newUser.Save();
if (siteSettings.UseSecureRegistration)
{
newUser.SetRegistrationConfirmationGuid(Guid.NewGuid());
}
mojoProfileConfiguration profileConfig
= mojoProfileConfiguration.GetConfig();
// set default values first
foreach (mojoProfilePropertyDefinition propertyDefinition in profileConfig.PropertyDefinitions)
{
#if!MONO
// we are using the new TimeZoneInfo list but it doesn't work under Mono
// this makes us skip the TimeOffsetHours setting from mojoProfile.config which is not used under windows
if (propertyDefinition.Name == mojoProfilePropertyDefinition.TimeOffsetHoursKey) { continue; }
#endif
mojoProfilePropertyDefinition.SavePropertyDefault(
newUser, propertyDefinition);
}
foreach (mojoProfilePropertyDefinition propertyDefinition in profileConfig.PropertyDefinitions)
{
#if!MONO
// we are using the new TimeZoneInfo list but it doesn't work under Mono
// this makes us skip the TimeOffsetHours setting from mojoProfile.config which is not used under windows
if (propertyDefinition.Name == mojoProfilePropertyDefinition.TimeOffsetHoursKey) { continue; }
#endif
if ((propertyDefinition.RequiredForRegistration)||(propertyDefinition.ShowOnRegistration))
{
mojoProfilePropertyDefinition.SaveProperty(
newUser,
pnlRequiredProfileProperties,
propertyDefinition,
timeOffset,
timeZone);
}
}
// track user ip address
UserLocation userLocation = new UserLocation(newUser.UserGuid, SiteUtils.GetIP4Address());
userLocation.SiteGuid = siteSettings.SiteGuid;
userLocation.Hostname = Page.Request.UserHostName;
userLocation.Save();
UserRegisteredEventArgs u = new UserRegisteredEventArgs(newUser);
OnUserRegistered(u);
CacheHelper.ClearMembershipStatisticsCache();
NewsletterHelper.ClaimExistingSubscriptions(newUser);
DoUserLogin(newUser);
}
void RegisterUser_CreatedUser(object sender, EventArgs e)
{
TextBox txtEmail = (TextBox)CreateUserWizardStep1.ContentTemplateContainer.FindControl("Email");
TextBox txtUserName = (TextBox)CreateUserWizardStep1.ContentTemplateContainer.FindControl("UserName");
if (txtEmail == null) { return; }
if (txtUserName == null) { return; }
SiteUser siteUser;
if (siteSettings.UseEmailForLogin)
{
siteUser = new SiteUser(siteSettings, txtEmail.Text);
}
else
{
siteUser = new SiteUser(siteSettings, txtUserName.Text);
}
if (siteUser.UserId == -1) return;
if (pnlProfile != null)
{
mojoProfileConfiguration profileConfig = mojoProfileConfiguration.GetConfig();
// set default values first
foreach (mojoProfilePropertyDefinition propertyDefinition in profileConfig.PropertyDefinitions)
{
#if!MONO
// we are using the new TimeZoneInfo list but it doesn't work under Mono
// this makes us skip the TimeOffsetHours setting from mojoProfile.config which is not used under windows
if (propertyDefinition.Name == mojoProfilePropertyDefinition.TimeOffsetHoursKey) { continue; }
#endif
mojoProfilePropertyDefinition.SavePropertyDefault(siteUser, propertyDefinition);
}
foreach (mojoProfilePropertyDefinition propertyDefinition in profileConfig.PropertyDefinitions)
{
#if!MONO
// we are using the new TimeZoneInfo list but it doesn't work under Mono
// this makes us skip the TimeOffsetHours setting from mojoProfile.config which is not used under windows
if (propertyDefinition.Name == mojoProfilePropertyDefinition.TimeOffsetHoursKey) { continue; }
#endif
if ((propertyDefinition.RequiredForRegistration)||(propertyDefinition.ShowOnRegistration))
{
mojoProfilePropertyDefinition.SaveProperty(
siteUser,
pnlProfile,
propertyDefinition,
timeOffset,
timeZone);
}
}
}
// track user ip address
UserLocation userLocation = new UserLocation(siteUser.UserGuid, SiteUtils.GetIP4Address());
userLocation.SiteGuid = siteSettings.SiteGuid;
userLocation.Hostname = Page.Request.UserHostName;
userLocation.Save();
CacheHelper.ClearMembershipStatisticsCache();
if (
(!siteSettings.UseSecureRegistration)
&&(
(!siteSettings.RequireApprovalBeforeLogin)
||(siteUser.ApprovedForLogin)
)
)
{
if (siteSettings.UseEmailForLogin)
{
FormsAuthentication.SetAuthCookie(siteUser.Email, false);
}
else
{
FormsAuthentication.SetAuthCookie(siteUser.LoginName, false);
}
if (WebConfigSettings.UseFoldersInsteadOfHostnamesForMultipleSites)
{
string cookieName = "siteguid" + siteSettings.SiteGuid;
CookieHelper.SetCookie(cookieName, siteUser.UserGuid.ToString(), false);
}
siteUser.UpdateLastLoginTime();
}
DoSubscribe(siteUser);
UserRegisteredEventArgs u = new UserRegisteredEventArgs(siteUser);
OnUserRegistered(u);
}
private void CreateUser(
string openId,
string email,
string loginName,
string name)
{
SiteUser newUser = new SiteUser(siteSettings);
newUser.Email = email;
if (loginName.Length > 50) loginName = loginName.Substring(0, 50);
int i = 1;
while (SiteUser.LoginExistsInDB(
siteSettings.SiteId, loginName))
{
loginName += i.ToString();
if (loginName.Length > 50) loginName = loginName.Remove(40, 1);
i++;
}
if ((name == null) || (name.Length == 0)) name = loginName;
newUser.LoginName = loginName;
newUser.Name = name;
//newUser.Password = SiteUser.CreateRandomPassword(7);
mojoMembershipProvider mojoMembership = (mojoMembershipProvider)Membership.Provider;
newUser.Password = mojoMembership.EncodePassword(siteSettings, newUser, SiteUser.CreateRandomPassword(7, WebConfigSettings.PasswordGeneratorChars));
newUser.PasswordQuestion = Resource.ManageUsersDefaultSecurityQuestion;
newUser.PasswordAnswer = Resource.ManageUsersDefaultSecurityAnswer;
newUser.OpenIdUri = openId;
newUser.Save();
if (siteSettings.UseSecureRegistration)
{
newUser.SetRegistrationConfirmationGuid(Guid.NewGuid());
}
mojoProfileConfiguration profileConfig
= mojoProfileConfiguration.GetConfig();
// set default values first
foreach (mojoProfilePropertyDefinition propertyDefinition in profileConfig.PropertyDefinitions)
{
mojoProfilePropertyDefinition.SavePropertyDefault(
newUser, propertyDefinition);
}
foreach (mojoProfilePropertyDefinition propertyDefinition in profileConfig.PropertyDefinitions)
{
if ((propertyDefinition.RequiredForRegistration)||(propertyDefinition.ShowOnRegistration))
{
mojoProfilePropertyDefinition.SaveProperty(
newUser,
pnlRequiredProfileProperties,
propertyDefinition,
timeOffset,
timeZone);
}
}
// track user ip address
UserLocation userLocation = new UserLocation(newUser.UserGuid, SiteUtils.GetIP4Address());
userLocation.SiteGuid = siteSettings.SiteGuid;
userLocation.Hostname = Page.Request.UserHostName;
userLocation.Save();
UserRegisteredEventArgs u = new UserRegisteredEventArgs(newUser);
OnUserRegistered(u);
CacheHelper.ClearMembershipStatisticsCache();
NewsletterHelper.ClaimExistingSubscriptions(newUser);
DoUserLogin(newUser);
}
private void CreateUser()
{
if (SiteUser.EmailExistsInDB(siteSettings.SiteId, txtEmail.Text))
{
lblErrorMessage.Text = Resource.DuplicateEmailMessage;
return ;
}
if (SiteUser.LoginExistsInDB(siteSettings.SiteId, txtLoginName.Text))
{
lblErrorMessage.Text = Resource.DuplicateUserNameMessage;
return;
}
SiteUser user = new SiteUser(siteSettings);
user.Name = txtName.Text;
user.LoginName = txtLoginName.Text;
user.Email = txtEmail.Text;
user.TimeZoneId = siteSettings.TimeZoneId;
mojoMembershipProvider mojoMembership = (mojoMembershipProvider)Membership.Provider;
user.Password = mojoMembership.EncodePassword(siteSettings, user, txtPassword.Text);
user.MustChangePwd = chkRequirePasswordChange.Checked;
if(user.Save())
{
user.PasswordQuestion = this.txtPasswordQuestion.Text;
user.PasswordAnswer = this.txtPasswordAnswer.Text;
user.Save();
mojoProfileConfiguration profileConfig = mojoProfileConfiguration.GetConfig();
// set default values
foreach (mojoProfilePropertyDefinition propertyDefinition in profileConfig.PropertyDefinitions)
{
if (propertyDefinition.Name == mojoProfilePropertyDefinition.TimeZoneIdKey) { continue; }
mojoProfilePropertyDefinition.SavePropertyDefault(user, propertyDefinition);
}
CacheHelper.ClearMembershipStatisticsCache();
if (WebConfigSettings.NewsletterAutoSubscribeUsersCreatedByAdmin)
{
DoSubscribe(user);
}
UserRegisteredEventArgs u = new UserRegisteredEventArgs(user);
OnUserRegistered(u);
WebUtils.SetupRedirect(this, SiteRoot
+ "/Admin/ManageUsers.aspx?userId=" + user.UserId.ToInvariantString()
+ "&username="******"&pageid=" + pageID.ToInvariantString());
return;
}
}
public override bool ValidateUser(string userName, string password)
{
/*
Takes, as input, a user name and a password and verifies that they are valid-that is, that
* the membership
* data source contains a matching user name and password. ValidateUser returns true if the
* user name and
* password are valid, if the user is approved (that is, if MembershipUser.IsApproved is true),
* and if the user
* isn't currently locked out. Otherwise, it returns false. Following a successful validation,
* ValidateUser updates
* the user's LastLoginDate and fires an AuditMembershipAuthenticationSuccess Web event.
* Following a failed validation,
* it fires an AuditMembershipAuthenticationFailure Web event.
*/
SiteSettings siteSettings = GetSiteSettings();
if (siteSettings == null) { return false; }
if (string.IsNullOrEmpty(userName)) { return false; }
if (string.IsNullOrEmpty(password)) { return false; }
bool result = false;
if (
(siteSettings.UseEmailForLogin)
&& (userName.Length > EmailMaxlength)
)
{
return result;
}
if (
(!siteSettings.UseEmailForLogin)
&& (userName.Length > LoginnameMaxlength)
)
{
return result;
}
//previous implementation
//SiteUser siteUser = null;
//string encPassword = EncodePassword(password, siteSettings);
//string user;
//if (!siteSettings.UseLdapAuth || (siteSettings.UseLdapAuth && WebConfigSettings.UseLDAPFallbackAuthentication))
//{
// user = SiteUser.Login(siteSettings, userName, encPassword);
// if ((user != null) && (user != String.Empty))
// {
// result = true;
// siteUser = new SiteUser(siteSettings, userName);
// }
// else if (!siteSettings.UseLdapAuth)
// {
// // need to create the user here so we can increment the failed password attmpt count below
// siteUser = new SiteUser(siteSettings, userName);
// }
//}
//if (siteSettings.UseLdapAuth && siteUser == null)
//{
// user = SiteUser.LoginLDAP(siteSettings, userName, password, out siteUser);
// if ((user != null) && (user != String.Empty))
// {
// result = true;
// if (siteUser != null)
// {
// //we just auto created a user who was validated against LDAP, but did not exist as a site user
// NewsletterHelper.ClaimExistingSubscriptions(siteUser);
// UserRegisteredEventArgs u = new UserRegisteredEventArgs(siteUser);
// OnUserRegistered(u);
// }
// else
// {
// siteUser = new SiteUser(siteSettings, userName);
// }
// }
//}
SiteUser siteUser = GetSiteUser(siteSettings, userName);
if ((siteUser != null) && (siteUser.IsLockedOut) && (WebConfigSettings.ReturnFalseInValidateUserIfAccountLocked))
{
return false;
}
if ((siteUser != null) && (siteUser.IsDeleted) && (WebConfigSettings.ReturnFalseInValidateUserIfAccountDeleted))
{
return false;
}
if (siteSettings.UseLdapAuth)
{
SiteUser createdUser = null;
string user = SiteUser.LoginLDAP(siteSettings, userName, password, out createdUser);
if (!(string.IsNullOrEmpty(user)))
{
result = true;
if (createdUser != null)
{
//we just auto created a user who was validated against LDAP, but did not exist as a site user
siteUser = createdUser;
// lets make sure to use the right password encoding, the auto creation assigned a random one but did not encode it
siteUser.Password = EncodePassword(siteSettings, siteUser, siteUser.Password);
siteUser.Save();
NewsletterHelper.ClaimExistingSubscriptions(siteUser);
UserRegisteredEventArgs u = new UserRegisteredEventArgs(siteUser);
OnUserRegistered(u);
}
//else
//{
// siteUser = new SiteUser(siteSettings, userName);
//}
}
else if((siteSettings.AllowDbFallbackWithLdap)&&(siteUser != null))
{
// ldap auth failed but we did find a matching user in the db
// and we are allowing db users in addition to ldap
// so validate the db way
result = PasswordIsValid(siteSettings, siteUser, password);
}
}
else
{
result = PasswordIsValid(siteSettings, siteUser, password);
}
if (result)
{
siteUser.UpdateLastLoginTime();
//PerfCounters.IncrementCounter(AppPerfCounter.MEMBER_SUCCESS);
// this raises an error for some reason just by raisng the event
// maybe because there is no handler for it
//mojoWebAuthenticationSuccessAuditEvent webSuccess
// = new mojoWebAuthenticationSuccessAuditEvent(
// null,
// this,
// WebEventCodes.AuditMembershipAuthenticationSuccess,
// userName);
//webSuccess.Raise();
}
else
{
if (
(siteSettings.MaxInvalidPasswordAttempts > 0)
&& (siteUser != null)
&& (siteUser.UserGuid != Guid.Empty))
{
siteUser.IncrementPasswordAttempts(siteSettings);
}
if (WebConfigSettings.LogFailedLoginAttempts)
{
log.Info("failed login attempt for user " + userName);
}
//PerfCounters.IncrementCounter(AppPerfCounter.MEMBER_FAIL);
//mojoWebAuthenticationFailureAuditEvent webEvent
// = new mojoWebAuthenticationFailureAuditEvent(
// null,
// this,
// WebEventCodes.AuditMembershipAuthenticationFailure,
// userName);
//webEvent.Raise();
}
return result;
}