Exemplo n.º 1
0
        public static void ValidateUser(string login, string pass)
        {
            umbraco.BusinessLogic.User u = null;
            if (umbraco.UmbracoSettings.DefaultBackofficeProvider == "UsersMembershipProvider")
            {
                u = new User(login);
                if(u!= null && pass != u.GetPassword())
                    throw new Umbraco.Courier.Core.Exceptions.UnauthorizedClientException("User: "******" could not be authenticated");
            }
            else
            {
                if (Membership.Providers[umbraco.UmbracoSettings.DefaultBackofficeProvider].ValidateUser(login, pass))
                    u = new User(login);
                else
                    throw new Umbraco.Courier.Core.Exceptions.UnauthorizedClientException("User: "******" could not be authenticated");
            }

            if(u == null)
                throw new Umbraco.Courier.Core.Exceptions.UnauthorizedClientException("User: "******" does not exists");

                if (u.Disabled)
                    throw new Umbraco.Courier.Core.Exceptions.UnauthorizedClientException("User: "******" is not enabled");

                // CLN: Can not compare passwords from membership providers  -- Check is done
                //if (u.GetPassword() != pass)
                //    throw new Umbraco.Courier.Core.Exceptions.UnauthorizedClientException("User: "******" and password: xxx does not match");

                if (!Umbraco.Courier.Core.Configuration.Security.AllowAllUsers && Umbraco.Courier.Core.Configuration.Security.DeniedUsers.Contains(u.LoginName))
                    throw new Umbraco.Courier.Core.Exceptions.UnauthorizedClientException("User: "******" does not have access to courier");

                if (u.Applications.Where(x => x.alias.ToLower() == "courier").Count() == 0)
                    throw new Umbraco.Courier.Core.Exceptions.UnauthorizedClientException("User: "******" does not have access to courier.");
        }
        //�Private�Methods�(2)
        private void getloginAndPass(int userId, ref string login, ref string pass)
        {
            //if we have a userID, we will use that...
            if (UserId >= 0)
            {
                var u = new User(UserId);

                //encrypt login and password
                login = Encryption.Encrypt(u.LoginName);
                pass = Encryption.Encrypt(u.GetPassword());
            }
            else
            {
                //we will fetch them from the set values
                login = Encryption.Encrypt(Login);
                pass = Encryption.Encrypt(encodePassWord(Password) );
            }
        }