/// <summary> /// Base logic to register a full user, or a guest user. Creates the appropriate records and the proper validation. /// </summary> /// <param name="user">A user with a raw password which is turned into a password hash as part of registration.</param> /// <param name="result">A ExecutionResults instance to add applicable /// warning and error messages to.</param> /// <returns>A boolean indicating success (true) or failure (false).</returns> protected virtual bool RegisterBase(User user, ExecutionResults result) { var password = user.PasswordHash; if (!ValidateName(user.Name, result) || !ValidatePassword(password, result)) { return(false); } var existing = GetUserByName(user.Name); if (existing != null) { //seed user table with deleted users with names you don't want users to have result.AppendError("The name you specified cannot be used."); return(false); } if (user.UserID.Equals(Guid.Empty)) { user.UserID = Guid.NewGuid(); } var hasher = HashManager.SelectProvider(); var salt = new UserSalt { PasswordSalt = hasher.GetSalt(), UserID = user.UserID, HashGroup = new Random(DateTime.Now.Second).Next(HashGroupMinimum, HashGroupMaximum), HashName = hasher.Name }; user.PasswordHash = hasher.Hash(salt.PasswordSalt, password, salt.HashGroup + BaseHashIterations); using (var scope = new System.Transactions.TransactionScope()) { //starts as a lightweight transaction SaveUser(user); //enlists in a full distributed transaction if users and salts have different connection strings SaveUserSalt(salt); scope.Complete(); } return(true); }
protected override void SaveUserSalt(UserSalt salt) { throw new NotImplementedException(); }
/// <summary> /// Saves a user salt, insert or update. /// </summary> /// <param name="salt"></param> protected abstract void SaveUserSalt(UserSalt salt);
/// <summary> /// Base logic to register a full user, or a guest user. Creates the appropriate records and the proper validation. /// </summary> /// <param name="user">A user with a raw password which is turned into a password hash as part of registration.</param> /// <param name="result">A ExecutionResults instance to add applicable /// warning and error messages to.</param> /// <returns>A boolean indicating success (true) or failure (false).</returns> protected virtual bool RegisterBase(User user, ExecutionResults result) { var password = user.PasswordHash; if (!ValidateName(user.Name, result) || !ValidatePassword(password, result)) return false; var existing = GetUserByName(user.Name); if (existing != null) { //seed user table with deleted users with names you don't want users to have result.AppendError("The name you specified cannot be used."); return false; } if (user.UserID.Equals(Guid.Empty)) user.UserID = Guid.NewGuid(); var hasher = HashManager.SelectProvider(); var salt = new UserSalt { PasswordSalt = hasher.GetSalt(), UserID = user.UserID, HashGroup = new Random(DateTime.Now.Second).Next(HashGroupMinimum, HashGroupMaximum), HashName = hasher.Name }; user.PasswordHash = hasher.Hash(salt.PasswordSalt, password, salt.HashGroup + BaseHashIterations); using (var scope = new System.Transactions.TransactionScope()) { //starts as a lightweight transaction SaveUser(user); //enlists in a full distributed transaction if users and salts have different connection strings SaveUserSalt(salt); scope.Complete(); } return true; }
/// <summary> /// Saves a user salt, insert or update depending if RecordId is non-zero. /// </summary> /// <param name="salt"></param> protected override void SaveUserSalt(UserSalt salt) { using (var cn = new SqlConnection(ConnectionStringUserSalt)) { cn.Open(); using (var cmd = new SqlCommand()) { cmd.Connection = cn; cmd.CommandType = System.Data.CommandType.Text; if (salt.RecordID == 0) { cmd.CommandText = @"insert into Security.UserSalt (UserID, PasswordSalt, HashGroup, HashName) Values (@UserID, @PasswordSalt, @HashGroup, @HashName)"; cmd.Parameters.AddWithValue("UserID", salt.UserID); cmd.Parameters.AddWithValue("PasswordSalt", salt.PasswordSalt); cmd.Parameters.AddWithValue("HashGroup", salt.HashGroup); cmd.Parameters.AddWithValue("HashName", salt.HashName); } else { cmd.CommandText = @"update Security.UserSalt set PasswordSalt = @PasswordSalt, ResetCode = @ResetCode, ResetCodeExpiration = @ResetCodeExpiration, HashGroup = @HashGroup, HashName = @HashName where UserID = @UserID"; cmd.Parameters.AddWithValue("PasswordSalt", salt.PasswordSalt); cmd.Parameters.AddWithValue("ResetCode", salt.ResetCode); cmd.Parameters.AddWithValue("ResetCodeExpiration", salt.ResetCodeExpiration); cmd.Parameters.AddWithValue("HashGroup", salt.HashGroup); cmd.Parameters.AddWithValue("HashName", salt.HashName); cmd.Parameters.AddWithValue("UserID", salt.UserID); } cmd.ExecuteNonQuery(); } } }