public UserCredentialSaveReply CredentialUpdate(UserCredentialSaveRequest request)
{
throw new NotImplementedException("This method is intended to specific VAR/OEM applications and is not currently implemented for the open source version");
}
/// <summary>
/// Change user's credentials. Use non-null/non-empty value to indicate credential property to change
/// </summary>
/// <param name="request">New credentials to update</param>
/// <returns>ActionStatus.OK and re/activation key</returns>
public UserCredentialSaveReply UserCredentialSave(UserCredentialSaveRequest request)
{
UserCredentialSaveReply response = new UserCredentialSaveReply();
try
{
//-------------------------------------------------------
// verify original username and password exists
//-------------------------------------------------------
bool verifyUserResult = _membership.ValidateUser(request.OriginalIdentityName, request.OriginalPassword);
if (verifyUserResult == false)
{
response.Status = ActionStatus.Forbidden;
response.Messages.Add(ActionStatus.Forbidden, "Could not verify credentials for: '{0}'. Account must be active and in good standing to change it's credentials", request.OriginalIdentityName);
return(response);
}
response.Messages.Add("User '{0}' validated", request.OriginalIdentityName);
//-------------------------------------------------------
// change password
//-------------------------------------------------------
if (string.IsNullOrEmpty(request.NewPassword) == false)
{
bool changePasswordResult = _membership.ChangePassword(request.OriginalIdentityName, request.OriginalPassword, request.NewPassword);
if (changePasswordResult == false)
{
response.Status = ActionStatus.Forbidden;
response.Messages.Add(ActionStatus.Forbidden, "Could not change password for: '{0}'. Account must be active and in good standing to change it's credentials", request.OriginalIdentityName);
return(response);
}
response.Messages.Add("Password updated");
}
//-------------------------------------------------------
// change password question & answer
//-------------------------------------------------------
bool changeQAResult = _membership.ChangePasswordQuestionAndAnswer(request.OriginalIdentityName, request.OriginalPassword, request.ChallengeQuestion, request.ChallengeAnswer);
if (string.IsNullOrEmpty(request.ChallengeQuestion) == false && string.IsNullOrEmpty(request.ChallengeAnswer) == false)
{
if (changeQAResult == false)
{
response.Status = ActionStatus.Forbidden;
response.Messages.Add(ActionStatus.Forbidden, "Could not change challenge question/answer for: '{0}'. Account must be active and in good standing to change it's credentials", request.OriginalIdentityName);
return(response);
}
response.Messages.Add("Challenge question updated");
}
//-------------------------------------------------------
// verify username doesn't already exist
//-------------------------------------------------------
string activationKey = Guid.NewGuid().ToString();
if (string.IsNullOrEmpty(request.NewIdentityName) == false)
{
var tmpUser = _membership.GetUser(request.NewIdentityName, false);
if (tmpUser != null)
{
response.Status = ActionStatus.Conflict;
response.Messages.Add(ActionStatus.Conflict, "Requested identity '{0}' already exists.", request.OriginalIdentityName);
return(response);
}
//-------------------------------------------------------
// now update username. NOTE: make ADO calls since
// SQL membership provider does not have capability to
// change username
//-------------------------------------------------------
//string sql = "UPDATE aspnet_Users SET username = @user1, loweredUserName = @user2 WHERE userId = @userId;UPDATE aspnet_Membership SET email=@user1, loweredEMail=@user2,IsApproved=0,Comment=@comment where USERID = @userId";
//using (SqlConnection cn = new SqlConnection(_membership.dbConnectionString))
//{
// using (SqlCommand cmd = cn.CreateCommand())
// {
// cmd.CommandText = sql;
// cmd.CommandType = CommandType.Text;
// cmd.Parameters.AddWithValue("user1", request.NewIdentityName);
// cmd.Parameters.AddWithValue("user2", request.NewIdentityName.ToLower());
// cmd.Parameters.AddWithValue("comment", activationKey);
// throw new NotImplementedException("Need to set @userid");
// cn.Open();
// cmd.ExecuteNonQuery();
// cn.Close();
// }
//}
//response.Messages.Add("LoginName updated");
}
//-------------------------------------------------------
// all changes where successful so "deactivate" account so
// it can be "reactivated". Credential changes always
// force a "reactivation".
//-------------------------------------------------------
var user = _membership.GetUser(request.OriginalIdentityName, true);
user.Comment = Guid.NewGuid().ToString();
user.IsApproved = false;
_membership.UpdateUser(user);
response.Messages.Add("Account has been de-verified due to succssful credential change and must be reverified");
response.ActivationKey = activationKey;
response.Status = ActionStatus.OK;
return(response);
}
catch (Exception ex)
{
response.Status = ActionStatus.InternalError;
response.Messages.Add(ex);
return(response);
}
}
