/// <summary> /// Verifies that the specified user name and password exist in the data source. /// </summary> /// <param name="username">The name of the user to validate.</param> /// <param name="password">The password for the specified user.</param> /// <returns> /// true if the specified username and password are valid; otherwise, false. /// </returns> public override bool ValidateUser(string username, string password) { // we need to wrap this in a try/catch as passing a non existing // user will throw an exception try { User user = new User(username); if (user != null && user.Id != -1) { if (user.Disabled) return false; else return user.ValidatePassword(EncodePassword(password)); } } catch { // nothing to catch here - move on } return false; }
/// <summary> /// Processes a request to update the password for a membership user. /// </summary> /// <param name="username">The user to update the password for.</param> /// <param name="oldPassword">The current password for the specified user.</param> /// <param name="newPassword">The new password for the specified user.</param> /// <returns> /// true if the password was updated successfully; otherwise, false. /// </returns> public override bool ChangePassword(string username, string oldPassword, string newPassword) { if (!User.validateCredentials(username, oldPassword)) return false; ValidatePasswordEventArgs args = new ValidatePasswordEventArgs(username, newPassword, true); OnValidatingPassword(args); if (args.Cancel) if (args.FailureInformation != null) throw args.FailureInformation; else throw new MembershipPasswordException("Change password canceled due to new password validation failure."); User user = new User(username); string encodedPassword = EncodePassword(newPassword); user.Password = encodedPassword; return (user.ValidatePassword(encodedPassword)) ? true : false; }