/// <summary>
/// Base logic to register a full user, or a guest user. Creates the appropriate records and the proper validation.
/// </summary>
/// <param name="user">A user with a raw password which is turned into a password hash as part of registration.</param>
/// <param name="result">A ExecutionResults instance to add applicable
/// warning and error messages to.</param>
/// <returns>A boolean indicating success (true) or failure (false).</returns>
protected virtual bool RegisterBase(User user, ExecutionResults result)
{
var password = user.PasswordHash;
if (!ValidateName(user.Name, result) || !ValidatePassword(password, result))
{
return(false);
}
var existing = GetUserByName(user.Name);
if (existing != null)
{ //seed user table with deleted users with names you don't want users to have
result.AppendError("The name you specified cannot be used.");
return(false);
}
if (user.UserID.Equals(Guid.Empty))
{
user.UserID = Guid.NewGuid();
}
var hasher = HashManager.SelectProvider();
var salt = new UserSalt
{
PasswordSalt = hasher.GetSalt(),
UserID = user.UserID,
HashGroup = new Random(DateTime.Now.Second).Next(HashGroupMinimum, HashGroupMaximum),
HashName = hasher.Name
};
user.PasswordHash = hasher.Hash(salt.PasswordSalt, password,
salt.HashGroup + BaseHashIterations);
using (var scope = new System.Transactions.TransactionScope())
{
//starts as a lightweight transaction
SaveUser(user);
//enlists in a full distributed transaction if users and salts have different connection strings
SaveUserSalt(salt);
scope.Complete();
}
return(true);
}
protected override void SaveUserSalt(UserSalt salt)
{
throw new NotImplementedException();
}
/// <summary> /// Saves a user salt, insert or update. /// </summary> /// <param name="salt"></param> protected abstract void SaveUserSalt(UserSalt salt);
/// <summary>
/// Base logic to register a full user, or a guest user. Creates the appropriate records and the proper validation.
/// </summary>
/// <param name="user">A user with a raw password which is turned into a password hash as part of registration.</param>
/// <param name="result">A ExecutionResults instance to add applicable
/// warning and error messages to.</param>
/// <returns>A boolean indicating success (true) or failure (false).</returns>
protected virtual bool RegisterBase(User user, ExecutionResults result)
{
var password = user.PasswordHash;
if (!ValidateName(user.Name, result) || !ValidatePassword(password, result))
return false;
var existing = GetUserByName(user.Name);
if (existing != null)
{ //seed user table with deleted users with names you don't want users to have
result.AppendError("The name you specified cannot be used.");
return false;
}
if (user.UserID.Equals(Guid.Empty))
user.UserID = Guid.NewGuid();
var hasher = HashManager.SelectProvider();
var salt = new UserSalt
{
PasswordSalt = hasher.GetSalt(),
UserID = user.UserID,
HashGroup = new Random(DateTime.Now.Second).Next(HashGroupMinimum, HashGroupMaximum),
HashName = hasher.Name
};
user.PasswordHash = hasher.Hash(salt.PasswordSalt, password,
salt.HashGroup + BaseHashIterations);
using (var scope = new System.Transactions.TransactionScope())
{
//starts as a lightweight transaction
SaveUser(user);
//enlists in a full distributed transaction if users and salts have different connection strings
SaveUserSalt(salt);
scope.Complete();
}
return true;
}
/// <summary>
/// Saves a user salt, insert or update depending if RecordId is non-zero.
/// </summary>
/// <param name="salt"></param>
protected override void SaveUserSalt(UserSalt salt)
{
using (var cn = new SqlConnection(ConnectionStringUserSalt))
{
cn.Open();
using (var cmd = new SqlCommand())
{
cmd.Connection = cn;
cmd.CommandType = System.Data.CommandType.Text;
if (salt.RecordID == 0)
{
cmd.CommandText = @"insert into Security.UserSalt
(UserID, PasswordSalt, HashGroup, HashName)
Values (@UserID, @PasswordSalt, @HashGroup, @HashName)";
cmd.Parameters.AddWithValue("UserID", salt.UserID);
cmd.Parameters.AddWithValue("PasswordSalt", salt.PasswordSalt);
cmd.Parameters.AddWithValue("HashGroup", salt.HashGroup);
cmd.Parameters.AddWithValue("HashName", salt.HashName);
}
else
{
cmd.CommandText = @"update Security.UserSalt
set PasswordSalt = @PasswordSalt,
ResetCode = @ResetCode,
ResetCodeExpiration = @ResetCodeExpiration,
HashGroup = @HashGroup,
HashName = @HashName
where UserID = @UserID";
cmd.Parameters.AddWithValue("PasswordSalt", salt.PasswordSalt);
cmd.Parameters.AddWithValue("ResetCode", salt.ResetCode);
cmd.Parameters.AddWithValue("ResetCodeExpiration", salt.ResetCodeExpiration);
cmd.Parameters.AddWithValue("HashGroup", salt.HashGroup);
cmd.Parameters.AddWithValue("HashName", salt.HashName);
cmd.Parameters.AddWithValue("UserID", salt.UserID);
}
cmd.ExecuteNonQuery();
}
}
}
/// <summary> /// Saves a user salt, insert or update. /// </summary> /// <param name="salt"></param> protected abstract void SaveUserSalt(UserSalt salt);