public static void ValidateUser(string login, string pass) { umbraco.BusinessLogic.User u = null; if (umbraco.UmbracoSettings.DefaultBackofficeProvider == "UsersMembershipProvider") { u = new User(login); if(u!= null && pass != u.GetPassword()) throw new Umbraco.Courier.Core.Exceptions.UnauthorizedClientException("User: "******" could not be authenticated"); } else { if (Membership.Providers[umbraco.UmbracoSettings.DefaultBackofficeProvider].ValidateUser(login, pass)) u = new User(login); else throw new Umbraco.Courier.Core.Exceptions.UnauthorizedClientException("User: "******" could not be authenticated"); } if(u == null) throw new Umbraco.Courier.Core.Exceptions.UnauthorizedClientException("User: "******" does not exists"); if (u.Disabled) throw new Umbraco.Courier.Core.Exceptions.UnauthorizedClientException("User: "******" is not enabled"); // CLN: Can not compare passwords from membership providers -- Check is done //if (u.GetPassword() != pass) // throw new Umbraco.Courier.Core.Exceptions.UnauthorizedClientException("User: "******" and password: xxx does not match"); if (!Umbraco.Courier.Core.Configuration.Security.AllowAllUsers && Umbraco.Courier.Core.Configuration.Security.DeniedUsers.Contains(u.LoginName)) throw new Umbraco.Courier.Core.Exceptions.UnauthorizedClientException("User: "******" does not have access to courier"); if (u.Applications.Where(x => x.alias.ToLower() == "courier").Count() == 0) throw new Umbraco.Courier.Core.Exceptions.UnauthorizedClientException("User: "******" does not have access to courier."); }
//�Private�Methods�(2) private void getloginAndPass(int userId, ref string login, ref string pass) { //if we have a userID, we will use that... if (UserId >= 0) { var u = new User(UserId); //encrypt login and password login = Encryption.Encrypt(u.LoginName); pass = Encryption.Encrypt(u.GetPassword()); } else { //we will fetch them from the set values login = Encryption.Encrypt(Login); pass = Encryption.Encrypt(encodePassWord(Password) ); } }