public override void AddUsersToRoles(string[] usernames, string[] roleNames)
 {
     if (usernames != null && usernames.Length > 0 && roleNames != null && roleNames.Length > 0)
     {
         using (TransactionScope transaction = new TransactionScope(TransactionScopeOption.Required))
         {
             CustomUser user = null;
             CustomRole role = null;
             foreach (String roleName in roleNames)
             {
                 CustomUserDAO userDAO = new CustomUserDAO();
                 CustomRoleDAO roleDAO = new CustomRoleDAO();
                 role = roleDAO.FindByName(roleName, ApplicationName);
                 if (role != null)
                 {
                     foreach (String userName in usernames)
                     {
                         user = userDAO.FindByName(userName, ApplicationName);
                         if (role.Users == null)
                         {
                             role.Users = new HashSet<CustomUser>();
                         }
                         if (!role.Users.Contains(user))
                         {
                             role.Users.Add(user);
                         }
                     }
                     roleDAO.SaveOrUpdate(role);
                 }
             }
             transaction.Complete();
         }
     }
 }
        private void UpdateFailureForPasswordAnswer(String userName)
        {
            CustomUserDAO userDAO = new CustomUserDAO();
            CustomUser user = userDAO.FindByName(userName, ApplicationName);

            if (user != null)
            {
                int failutreCount = user.FailedPasswordAnswerAttemptCount.HasValue ? user.FailedPasswordAnswerAttemptCount.Value : 0;
                DateTime failureWindowStart = user.FailedPasswordAnswerAttemptWindowStart.HasValue ? user.FailedPasswordAnswerAttemptWindowStart.Value : DateTime.Now;
                if (failutreCount == 0 || DateTime.Now > failureWindowStart.AddMinutes(PasswordAttemptWindow))
                {
                    user.FailedPasswordAnswerAttemptCount = 1;
                    user.FailedPasswordAnswerAttemptWindowStart = DateTime.Now;
                }
                else if (failutreCount < MaxInvalidPasswordAttempts)
                {
                    failutreCount++;
                    user.FailedPasswordAnswerAttemptCount = failutreCount;
                }
                else
                {
                    user.IsLockedOut = true;
                    user.LastLockedOutDate = DateTime.Now;
                }
                userDAO.SaveOrUpdate(user);
            }
        }
 public override string[] GetRolesForUser(string username)
 {
     String[] roleNames = new String[0];
     if (username != null)
     {
         CustomUserDAO userDAO = new CustomUserDAO();
         CustomUser user = userDAO.FindByName(username, ApplicationName);
         if (user != null)
         {
             ICollection<CustomRole> roles = user.Roles;
             if (roles != null && roles.Count > 0)
             {
                 roleNames = new String[roles.Count];
                 for (int index = 0; index < roles.Count; index++)
                 {
                     roleNames[index] = roles.ElementAt(index).Name;
                 }
             }
         }
     }
     return roleNames;
 }
        public override void UpdateUser(MembershipUser user)
        {
            if (user == null)
            {
                throw new ArgumentNullException("The user cannot be null");
            }

            CustomUserDAO userDAO = new CustomUserDAO();
            CustomUser customUser = userDAO.FindByName(user.UserName, ApplicationName);
            if (customUser != null)
            {
                customUser.Name = user.UserName;
                customUser.Email = user.Email;
                customUser.Comment = user.Comment;
                customUser.PasswordQuestion = user.PasswordQuestion;
                customUser.IsApproved = user.IsApproved;
                customUser.LastActivityDate = user.LastActivityDate;
                customUser.LastLoginDate = user.LastLoginDate;
                customUser.LastPasswordChangedDate = user.LastPasswordChangedDate;
                customUser.CreationDate = user.CreationDate;
                customUser.IsLockedOut = user.IsLockedOut;
                if (user.LastLockoutDate > DateTime.MinValue)
                {
                    customUser.LastLockedOutDate = user.LastLockoutDate;
                }
                userDAO.SaveOrUpdate(customUser);
            }
        }
        public override bool ValidateUser(string username, string password)
        {
            bool isValid = false;

            if (username == null || username.Trim().Length == 0)
            {
                throw new HttpException("The username cannot be neither null nor empty.");
            }

            if (password != null)
            {
                String hashedEnteredOldPassword = null;
                CustomUserDAO userDAO = new CustomUserDAO();
                CustomUser user = userDAO.FindByName(username, ApplicationName);

                if (user != null)
                {
                    DateTime currentDate = DateTime.Now;

                    // update last activity date
                    user.LastActivityDate = currentDate;
                    userDAO.SaveOrUpdate(user);

                    if ((!user.IsApproved.HasValue || user.IsApproved.Value) && (!user.IsLockedOut.HasValue || !user.IsLockedOut.Value))
                    {
                        // hash entered password
                        hashedEnteredOldPassword = MembershipEncryptionManager.Encrypt(password, PasswordFormat);
                        // validate hashed entered password with the user password
                        isValid = hashedEnteredOldPassword.Equals(user.Password);
                        if (isValid)
                        {
                            // update last login date
                            user.LastLoginDate = currentDate;
                            userDAO.SaveOrUpdate(user);
                        }
                    }
                }
            }

            if (!isValid)
            {
                // 1 more count for failure
                UpdateFailureCount(username, FailureType.PASSWORD);
            }

            return isValid;
        }
        public override string ResetPassword(string username, string answer)
        {
            if (username == null || username.Trim().Length == 0)
            {
                throw new ArgumentException("The username cannot be null nor empty");
            }

            if (!EnablePasswordReset)
            {
                throw new NotSupportedException("The property EnablePasswordReset is false thus the password cannot be reset.");
            }

            CustomUserDAO userDAO = new CustomUserDAO();
            CustomUser user = userDAO.FindByName(username, ApplicationName);

            if (user == null)
            {
                throw new ArgumentException("The entered username does not represent any user.");
            }

            if (RequiresQuestionAndAnswer)
            {
                if (answer == null || user.PasswordAnswer == null || !answer.Equals(user.PasswordAnswer))
                {
                    // 1 more count for failure
                    UpdateFailureCount(username, FailureType.PASSWORD_ANSWER);

                    throw new MembershipPasswordException("The entered password neither is null or does not match the correct one.");
                }
            }

            String newPassword = Membership.GeneratePassword(4, 2);

            bool isPasswordOK = false;
            int counter = 0;
            ValidatePasswordEventArgs args = null;
            while (!isPasswordOK || counter < 50)
            {
                args = new ValidatePasswordEventArgs(username, newPassword, true);
                OnValidatingPassword(new ValidatePasswordEventArgs(username, newPassword, true));
                if (!args.Cancel)
                {
                    isPasswordOK = true;
                }
                counter++;
            }

            if (!isPasswordOK)
            {
                if (args.FailureInformation != null)
                {
                    throw args.FailureInformation;
                }
                else
                {
                    throw new MembershipPasswordException("There could not be created a password according to the defined standerds.");
                }
            }

            user.Password = MembershipEncryptionManager.Encrypt(newPassword, PasswordFormat);
            user.IsLockedOut = false;
            user.LastPasswordChangedDate = DateTime.Now;
            userDAO.SaveOrUpdate(user);

            return newPassword;
        }
 public override bool UnlockUser(string userName)
 {
     bool operationOk = false;
     if (userName != null && userName.Trim().Length > 0)
     {
         CustomUserDAO userDAO = new CustomUserDAO();
         CustomUser user = userDAO.FindByName(userName, ApplicationName);
         if (user != null)
         {
             user.IsLockedOut = false;
             user.LastLockedOutDate = DateTime.Now;
             userDAO.SaveOrUpdate(user);
             operationOk = true;
         }
     }
     return operationOk;
 }
        public override MembershipUser GetUser(string username, bool userIsOnline)
        {
            MembershipUser membershipUser = null;
            if (username != null)
            {
                CustomUserDAO userDAO = new CustomUserDAO();
                CustomUser user = userDAO.FindByName(username, ApplicationName);
                if (user != null)
                {
                    // update last activity date in case the user is to be considered online
                    if (userIsOnline)
                    {
                        user.LastActivityDate = DateTime.Now;
                        userDAO.SaveOrUpdate(user);
                    }

                    membershipUser = CreateMembershipUser(user);
                }
            }
            return membershipUser;
        }
        public override string GetPassword(string username, string answer)
        {
            String passowrd = null;
            if (!EnablePasswordRetrieval)
            {
                throw new NotSupportedException("The property EnablePasswordRetrieval is set to false thus, password retrieval is not allowed.");
            }

            CustomUserDAO userDAO = new CustomUserDAO();
            CustomUser user = userDAO.FindByName(username, ApplicationName);

            if (user == null)
            {
                throw new ArgumentNullException("The entered username does not represent a user");
            }

            if (PasswordFormat == MembershipPasswordFormat.Hashed)
            {
                throw new NotSupportedException("The password format is Hashed thus it cannot be retrieved");
            }

            if (RequiresQuestionAndAnswer)
            {
                if (answer == null || user.PasswordAnswer == null || !answer.Equals(user.PasswordAnswer))
                {
                    // 1 more count for failure
                    UpdateFailureCount(username, FailureType.PASSWORD_ANSWER);
                    throw new MembershipPasswordException("The entered password neither is null or does not match the correct one.");
                }
            }

            passowrd = MembershipEncryptionManager.Decrypt(user.Password, PasswordFormat);

            return passowrd;
        }
        public override MembershipUser CreateUser(string username, string password, string email, string passwordQuestion, string passwordAnswer, bool isApproved, object providerUserKey, out MembershipCreateStatus status)
        {
            bool isValid = true;
            MembershipUser newUser = null;
            status = MembershipCreateStatus.Success;

            DateTime currentDate = DateTime.Now;

            if (username == null || username.Trim().Length == 0)
            {
                status = MembershipCreateStatus.InvalidUserName;
                isValid = false;
            }

            if (isValid && (password == null || password.Trim().Length == 0))
            {
                status = MembershipCreateStatus.InvalidPassword;
                isValid = false;
            }

            // only validate the e-mail format in case it is neither null nor empty
            if (isValid && !String.IsNullOrWhiteSpace(email))
            {
                String strRegex = @"^([a-zA-Z0-9_\-\.]+)@((\[[0-9]{1,3}" +
                                  @"\.[0-9]{1,3}\.[0-9]{1,3}\.)|(([a-zA-Z0-9\-]+\" +
                                  @".)+))([a-zA-Z]{2,4}|[0-9]{1,3})(\]?)$";

                Regex regex = new Regex(strRegex);

                if (!regex.IsMatch(email))
                {
                    status = MembershipCreateStatus.InvalidEmail;
                    isValid = false;
                }
            }

            CustomUserDAO userDAO = new CustomUserDAO();

            /*
             * Validate e-mail for the case where it is required to be unique. Here the
             * API states that if so, there MUST be an e-mail provided, as stated in:
             * http://msdn.microsoft.com/en-us/library/d8t4h2es.aspx
             *
             * You can see that in the following part:
             *
             * "The SqlMembershipProvider provides an option to require a unique e-mail
             * address for each user. If the RequiresUniqueEmail property is true, you
             * will need to use one of the CreateUser overloads that allows you to specify
             * an e-mail address for the user being created. Otherwise, a
             * MembershipCreateUserException will be thrown."
             *
             */
            if (isValid && RequiresUniqueEmail)
            {
                // the e-mail cannot be null nor empty
                if (String.IsNullOrWhiteSpace(email))
                {
                    status = MembershipCreateStatus.InvalidEmail;
                    isValid = false;
                }

                // since the validation above passed, check whether the e-mail is unique
                if (isValid)
                {
                    CustomUser sameEmailUser = userDAO.FindByEmail(email, this.ApplicationName);
                    if (sameEmailUser != null)
                    {
                        status = MembershipCreateStatus.DuplicateEmail;
                        isValid = false;
                    }
                }
            }

            // validates password
            if (isValid)
            {
                ValidatePasswordEventArgs args = new ValidatePasswordEventArgs(username, password, true);
                OnValidatingPassword(new ValidatePasswordEventArgs(username, password, true));
                if (args.Cancel)
                {
                    status = MembershipCreateStatus.InvalidPassword;
                    isValid = false;
                }
            }

            if (providerUserKey == null)
            {
                providerUserKey = Guid.NewGuid();
            }
            else if (!(providerUserKey is Guid))
            {
                status = MembershipCreateStatus.InvalidProviderUserKey;
                isValid = false;
            }

            if (isValid)
            {
                CustomUser sameNameUser = userDAO.FindByName(username, this.appName);
                if (sameNameUser != null)
                {
                    status = MembershipCreateStatus.DuplicateUserName;
                    isValid = false;
                }
            }

            if (isValid)
            {
                CustomUser user = new CustomUser(this.membershipApplication,
                                                 (Guid) providerUserKey,
                                                 username,
                                                 MembershipEncryptionManager.Encrypt(password, PasswordFormat),
                                                 email,
                                                 passwordQuestion,
                                                 passwordAnswer,
                                                 isApproved,
                                                 false,
                                                 currentDate,
                                                 currentDate,
                                                 currentDate,
                                                 currentDate);
                userDAO.SaveOrUpdate(user);
                newUser = CreateMembershipUser(user);
                status = MembershipCreateStatus.Success;
            }
            return newUser;
        }
        public override bool ChangePasswordQuestionAndAnswer(string username, string password, string newPasswordQuestion, string newPasswordAnswer)
        {
            bool changed = false;

            if (username != null && password != null && newPasswordQuestion != null && newPasswordAnswer != null)
            {
                if (ValidateUser(username, password))
                {
                    CustomUserDAO userDAO = new CustomUserDAO();
                    CustomUser user = userDAO.FindByName(username, ApplicationName);
                    if (user != null)
                    {
                        user.PasswordQuestion = newPasswordQuestion;
                        user.PasswordAnswer = newPasswordAnswer;
                        userDAO.SaveOrUpdate(user);
                        changed = true;
                    }
                }
            }

            return changed;
        }
        public override bool ChangePassword(string username, string oldPassword, string newPassword)
        {
            bool hasChanged = false;
            bool isValid = true;
            String hashedNewPassword = String.Empty;
            String hashedEnteredOldPassword = String.Empty;

            isValid = ValidateUser(username, oldPassword);

            if (newPassword == null || newPassword.Trim().Length == 0)
            {
                isValid = false;
            }

            ValidatePasswordEventArgs args = new ValidatePasswordEventArgs(username, newPassword, true);
            OnValidatingPassword(new ValidatePasswordEventArgs(username, newPassword, true));
            if (args.Cancel)
            {
                if (args.FailureInformation != null)
                {
                    throw args.FailureInformation;
                }
                else
                {
                    throw new MembershipPasswordException("The new password does not meet the defined standerds.");
                }
            }

            if (isValid)
            {
                CustomUserDAO userDAO = new CustomUserDAO();
                CustomUser user = userDAO.FindByName(username, ApplicationName);
                if (user != null)
                {
                    // hash entered password
                    hashedEnteredOldPassword = MembershipEncryptionManager.Encrypt(oldPassword, PasswordFormat);
                    // validate hashed entered password (oldpassword) with the user password
                    if (hashedEnteredOldPassword.Equals(user.Password))
                    {
                        // old entered password is valid, thus hash the new one and save the user
                        hashedNewPassword = MembershipEncryptionManager.Encrypt(newPassword, PasswordFormat);
                        user.Password = hashedNewPassword;
                        user.LastPasswordChangedDate = DateTime.Now;
                        userDAO.SaveOrUpdate(user);
                        hasChanged = true;
                    }
                }
            }
            return hasChanged;
        }