public bool ValidateUser(IUnitOfWork unitOfWork, string login, string password, bool allowEmptyPassword = false) { if (String.IsNullOrEmpty(login) || (!allowEmptyPassword && String.IsNullOrEmpty(password))) return false; var user = unitOfWork.GetRepository<User>().Find(u => u.Login.ToUpper() == login.ToUpper()); if (user == null) return false; var passwordCryptographer = new PasswordCryptographer(); return passwordCryptographer.AreEqual(user.Password, password); }
private void _ChangePassword(int id, string oldPass, string newPass, bool verifyOldPass) { #if !DEBUG if (!AppContext.SecurityUser.IsAdmin && id != AppContext.SecurityUser.ID) { throw new Exception("Отказано в доступе"); } #endif using (var unitOfWork = _unitOfWorkFactory.CreateSystem()) { var user = unitOfWork.GetRepository<User>().Find(u => u.ID == id); if (user == null) { throw new Exception("Пользователь не найден"); } var passwordCryptographer = new PasswordCryptographer(); if (verifyOldPass && !String.IsNullOrEmpty(user.Password)) { if (!passwordCryptographer.AreEqual(user.Password, oldPass)) { throw new Exception("Неверный текущий пароль"); } } string validationMessage = ""; if (newPass == null || !IsValidPassword(newPass, out validationMessage)) { throw new Exception(validationMessage); } user.Password = passwordCryptographer.GenerateSaltedPassword(newPass); user.ChangePasswordOnFirstLogon = false; user.ChangePassword = DateTime.Today; unitOfWork.GetRepository<User>().Update(user); unitOfWork.SaveChanges(); } }