public override bool UnlockUser(string username) { SecUtility.CheckParameter(ref username, true, true, true, 256, "username"); var dbo = new UserRepository(this.Name, _sqlConnectionString, _commandTimeout); var user = dbo.GetUser(username); if (user == null) return false; return dbo.UnlockAccount(username); }
private bool CheckPassword(string username, string password, bool updateLastLoginActivityDate, bool failIfNotApproved, out string salt, out int passwordFormat) { string passwdFromDB; int status; int failedPasswordAttemptCount; int failedPasswordAnswerAttemptCount; bool isApproved; DateTime lastLoginDate, lastActivityDate; GetPasswordWithFormat(username, updateLastLoginActivityDate, out status, out passwdFromDB, out passwordFormat, out salt, out failedPasswordAttemptCount, out failedPasswordAnswerAttemptCount, out isApproved, out lastLoginDate, out lastActivityDate); if (status != 0) return false; if (!isApproved && failIfNotApproved) return false; string encodedPasswd = EncodePassword(password, passwordFormat, salt); bool isPasswordCorrect = passwdFromDB.Equals(encodedPasswd); if (isPasswordCorrect && failedPasswordAttemptCount == 0 && failedPasswordAnswerAttemptCount == 0) return true; var dbo = new UserRepository(this.Name, _sqlConnectionString, _commandTimeout); var user = dbo.GetUser(username); // set out parameters passwordFormat = (int)user.PasswordFormat; salt = user.Salt; if (user.IsLockedOut) return false; DateTime dtNow = DateTime.UtcNow; if (!isPasswordCorrect) { user.FailedPasswordAnswerAttemptWindowStart = user.FailedPasswordAnswerAttemptWindowStart ?? DateTime.UtcNow.AddYears(-2); if (dtNow > user.FailedPasswordAnswerAttemptWindowStart.Value.AddMinutes(_passwordAttemptWindow)) { dbo.PasswordAttemptCountClear(username); } dbo.FailedPasswordAttemptIncrement(username); if (user.FailedPasswordAnswerAttemptCount.GetValueOrDefault() >= failedPasswordAnswerAttemptCount) { dbo.LockAccount(username); } } else { if (user.FailedPasswordAnswerAttemptCount.GetValueOrDefault() > 0 || user.FailedPasswordAnswerAttemptCount.GetValueOrDefault() > 0) { dbo.UnlockAccount(username); } } dbo.UpdateLastActivityDate(username); return isPasswordCorrect; }