/// <summary>
/// Verifies that the specified user name and password exist in the data source.
/// </summary>
/// <param name="username">The name of the user to validate.</param>
/// <param name="password">The password for the specified user.</param>
/// <returns>
/// true if the specified username and password are valid; otherwise, false.
/// </returns>
public override bool ValidateUser(string username, string password)
{
// we need to wrap this in a try/catch as passing a non existing
// user will throw an exception
try
{
User user = new User(username);
if (user != null && user.Id != -1)
{
if (user.Disabled) return false;
else return user.ValidatePassword(EncodePassword(password));
}
}
catch
{
// nothing to catch here - move on
}
return false;
}
/// <summary>
/// Processes a request to update the password for a membership user.
/// </summary>
/// <param name="username">The user to update the password for.</param>
/// <param name="oldPassword">The current password for the specified user.</param>
/// <param name="newPassword">The new password for the specified user.</param>
/// <returns>
/// true if the password was updated successfully; otherwise, false.
/// </returns>
public override bool ChangePassword(string username, string oldPassword, string newPassword)
{
if (!User.validateCredentials(username, oldPassword))
return false;
ValidatePasswordEventArgs args = new ValidatePasswordEventArgs(username, newPassword, true);
OnValidatingPassword(args);
if (args.Cancel)
if (args.FailureInformation != null)
throw args.FailureInformation;
else
throw new MembershipPasswordException("Change password canceled due to new password validation failure.");
User user = new User(username);
string encodedPassword = EncodePassword(newPassword);
user.Password = encodedPassword;
return (user.ValidatePassword(encodedPassword)) ? true : false;
}