string GetCookieValue(UserAccount account)
{
return(CryptoHelper.Hash(account.ID.ToString(), account.HashedPassword));
}
void SetMobileCode(MobileCodePurpose purpose)
{
this.MobileCode = CryptoHelper.GenerateNumericCode(MobileCodeLength);
this.MobileCodeSent = UtcNow;
this.MobilePurpose = purpose;
}
public void SignInWithLinkedAccount(
string tenant,
string providerName,
string providerAccountID,
IEnumerable <Claim> claims)
{
if (!UserAccountService.Configuration.SecuritySettings.MultiTenant)
{
tenant = UserAccountService.Configuration.SecuritySettings.DefaultTenant;
}
if (String.IsNullOrWhiteSpace(tenant))
{
throw new ArgumentException("tenant");
}
if (String.IsNullOrWhiteSpace(providerName))
{
throw new ArgumentException("providerName");
}
if (String.IsNullOrWhiteSpace(providerAccountID))
{
throw new ArgumentException("providerAccountID");
}
if (claims == null)
{
throw new ArgumentNullException("claims");
}
UserAccount account = null;
var user = ClaimsPrincipal.Current;
if (user.Identity.IsAuthenticated)
{
// already logged in, so use the current user's account
account = this.UserAccountService.GetByID(user.GetUserID());
}
else
{
// see if there's already an account mapped to this provider
account = this.UserAccountService.GetByLinkedAccount(tenant, providerName, providerAccountID);
if (account == null)
{
// no account associated, so create one
// we need email
var email = claims.GetValue(ClaimTypes.Email);
if (String.IsNullOrWhiteSpace(email))
{
throw new ValidationException("Can't create an account because there was no email from the identity provider.");
}
// guess at a name to use
var name = claims.GetValue(ClaimTypes.Name);
if (name == null ||
this.UserAccountService.UsernameExists(tenant, name))
{
name = email;
}
// check to see if email already exists
if (this.UserAccountService.EmailExists(tenant, email))
{
throw new ValidationException("Can't login with this provider because the email is already associated with another account. Please login with your local account and then associate the provider.");
}
// auto-gen a password, they can always reset it later if they want to use the password feature
// this is slightly dangerous if we don't do email account verification, so if email account
// verification is disabled then we need to be very confident that the external provider has
// provided us with a verified email
var pwd = CryptoHelper.GenerateSalt();
account = this.UserAccountService.CreateAccount(tenant, name, pwd, email);
}
}
if (account == null)
{
throw new Exception("Failed to locate account");
}
// add/update the provider with this account
account.AddOrUpdateLinkedAccount(providerName, providerAccountID, claims);
this.UserAccountService.Update(account);
// signin from the account
// if we want to include the provider's claims, then perhaps this
// should be done in the claims transformer
this.SignIn(account, providerName);
}
protected internal virtual bool VerifyHashedPassword(string password)
{
return(CryptoHelper.VerifyHashedPassword(HashedPassword, password));
}
protected internal virtual string HashPassword(string password)
{
return(CryptoHelper.HashPassword(password));
}
protected internal virtual string GenerateSalt()
{
return(CryptoHelper.GenerateSalt());
}
protected internal virtual string Hash(string value)
{
return(CryptoHelper.Hash(value));
}
void IssueMobileCode()
{
this.MobileCode = CryptoHelper.GenerateNumericCode(MembershipRebootConstants.UserAccount.MobileCodeLength);
this.MobileCodeSent = UtcNow;
}
