//public override int MaxInvalidPasswordAttempts
//{
// get { return WebSettings.MaxInvalidPasswordAttempts; }
//}
//public override int MinRequiredNonAlphanumericCharacters
//{
// get { return WebSettings.MinRequiredNonAlphanumericCharacters; }
//}
//public override int MinRequiredPasswordLength
//{
// get { return WebSettings.MinRequiredPasswordLength; }
//}
//public override int PasswordAttemptWindow
//{
// get { return WebSettings.PasswordAttemptWindow; }
//}
//public override MembershipPasswordFormat PasswordFormat
//{
// get { return MembershipPasswordFormat.Hashed; }
//}
//public override string PasswordStrengthRegularExpression
//{
// get { return WebSettings.PasswordStrengthRegularExpression; }
//}
//public override bool RequiresQuestionAndAnswer
//{
// get { return _requiresQuestionAndAnswer; }
//}
//public override bool RequiresUniqueEmail
//{
// get { return true; }
//}
public override string ResetPassword(string username, string answer)
{
if (!EnablePasswordReset)
{
throw new NotSupportedException("Password reset is not enabled.");
}
DbEntryMembershipUser u = DbEntryMembershipUser.FindOne(p => p.UserName == username);
if (answer == null && RequiresQuestionAndAnswer)
{
UpdateFailureCount(u, "passwordAnswer");
throw new ProviderException("Password answer required for password reset.");
}
string newPassword =
System.Web.Security.Membership.GeneratePassword(NewPasswordLength, MinRequiredNonAlphanumericCharacters);
// var u = DbEntryMembershipUser.FindOne(CK.K["UserName"] == username);
if (u != null)
{
if (!RequiresQuestionAndAnswer || this.CheckPassword(u.PasswordAnswer, u)) //还有错误
{
u.Password = this.EncodePassword(newPassword, u.PasswordFormat, u.PasswordSalt); ////StringHelper.Hash(p);
u.Save();
return(newPassword);
}
}
return(null);
}
public override MembershipUser CreateUser(string username, string password, string email, string passwordQuestion, string passwordAnswer, bool isApproved, object providerUserKey, out MembershipCreateStatus status)
{
var args = new ValidatePasswordEventArgs(username, password, true);
OnValidatingPassword(args);
if (args.Cancel)
{
status = MembershipCreateStatus.InvalidPassword;
return(null);
}
if (RequiresUniqueEmail && !string.IsNullOrWhiteSpace(GetUserNameByEmail(email)))
{
status = MembershipCreateStatus.DuplicateEmail;
return(null);
}
MembershipUser u = GetUser(username, false);
if (u == null)
{
DateTime createDate = DateTime.Now;
passwordQuestion = string.IsNullOrWhiteSpace(passwordQuestion) ? string.Empty : passwordQuestion;
passwordAnswer = string.IsNullOrWhiteSpace(passwordAnswer) ? string.Empty : passwordAnswer;
string salt = GenerateSalt();
var user = new DbEntryMembershipUser
{
UserName = username,
Password = EncodePassword(password, (int)this.PasswordFormat, salt),
PasswordFormat = PasswordFormat.GetHashCode(),
PasswordSalt = salt,
Email = email,
LoweredEmail = email == null ? string.Empty : email.ToLowerInvariant(),
PasswordQuestion = passwordQuestion,
PasswordAnswer = passwordAnswer,
IsApproved = isApproved,
IsLockedOut = false,
LastLoginDate = createDate,
LastPasswordChangedDate = createDate,
LastLockoutDate = createDate,
FailedCount = 0,
FailedStart = createDate,
FailedAnswerCount = 0,
FailedAnswerStart = createDate,
LastActivityDate = createDate,
Comment = string.Empty
};
//.Init(username, password, email, passwordQuestion, passwordAnswer, isApproved, null);
// user.CreateDate = createDate;
user.Save();
status = MembershipCreateStatus.Success;
return(GetUser(username, false));
}
status = MembershipCreateStatus.DuplicateUserName;
return(null);
}
/// <summary>
/// 快速重置密码
/// </summary>
/// <param name="username">用户名</param>
/// <param name="password"> </param>
/// <returns>成功返回true,否则返回false</returns>
public bool ResetPasswordX(string username, string password)
{
DbEntryMembershipUser u = DbEntryMembershipUser.FindOne(p => p.UserName == username);
if (u != null)
{
u.Password = this.EncodePassword(password, u.PasswordFormat, u.PasswordSalt); ////StringHelper.Hash(p);
u.Save();
return(true);
}
return(false);
}
/// <summary>
/// 快速重置密码
/// </summary>
/// <param name="username">用户名</param>
/// <returns>新密码</returns>
public string ResetPassword(string username)
{
DbEntryMembershipUser u = DbEntryMembershipUser.FindOne(p => p.UserName == username);
string newPassword =
System.Web.Security.Membership.GeneratePassword(NewPasswordLength, MinRequiredNonAlphanumericCharacters);
if (u != null)
{
u.Password = this.EncodePassword(newPassword, u.PasswordFormat, u.PasswordSalt); ////StringHelper.Hash(p);
u.Save();
return(newPassword);
}
return(null);
}
private void UpdateFailureCount(DbEntryMembershipUser user, string failureType)
{
var windowStart = new DateTime();
int failureCount = 0;
if (failureType == "password")
{
failureCount = user.FailedCount;
try
{
windowStart = user.FailedStart;
}
catch
{
windowStart = DateTime.Now;
}
}
if (failureType == "passwordAnswer")
{
failureCount = user.FailedAnswerCount;
windowStart = user.FailedAnswerStart;
}
var windowEnd = windowStart.AddMinutes(PasswordAttemptWindow);
var utcNow = DateTime.Now;
if (failureCount == 0 || utcNow > windowEnd)
{
if (failureType == "password")
{
user.FailedCount = 1;
user.FailedStart = DateTime.Now;
user.Save();
}
if (failureType == "passwordAnswer")
{
user.FailedAnswerCount = 1;
user.FailedAnswerStart = DateTime.Now;
user.Save();
}
}
else
{
if (failureCount++ >= MaxInvalidPasswordAttempts)
{
user.IsLockedOut = true;
user.LastLockoutDate = DateTime.Now;
user.Save();
}
else
{
if (failureType == "password")
{
user.FailedCount = failureCount;
}
if (failureType == "passwordAnswer")
{
user.FailedAnswerCount = failureCount;
}
user.Save();
}
}
}