/// <summary>
/// Sets the confirmed flag for the username if it is correct.
/// </summary>
/// <returns>True if the account could be successfully confirmed. False if the username was not found or the confirmation token is invalid.</returns>
/// <remarks>Inherited from ExtendedMembershipProvider ==> Simple Membership MUST be enabled to use this method</remarks>
public override bool ConfirmAccount(string userName, string accountConfirmationToken)
{
VerifyInitialized();
// We need to compare the token using a case insensitive comparison however it seems tricky to do this uniformly across databases when representing the token as a string.
// Therefore verify the case on the client
//session.ConfirmAccount(userTableName, userNameColumn, userIdColumn);
var row = _session.Users.FirstOrDefault(x => x.ConfirmationToken == accountConfirmationToken && x.UserName == userName);
if (row == null)
{
return(false);
}
string expectedToken = row.ConfirmationToken;
if (String.Equals(accountConfirmationToken, expectedToken, StringComparison.Ordinal))
{
try
{
row.IsConfirmed = true;
_session.Update(row);
}
catch (Exception)
{
return(false);
}
}
return(false);
}
// Inherited from ExtendedMembershipProvider ==> Simple Membership MUST be enabled to use this method
public override bool ResetPasswordWithToken(string token, string newPassword)
{
VerifyInitialized();
if (string.IsNullOrEmpty(newPassword))
{
throw new ArgumentException("Argument_Cannot_Be_Null_Or_Empty", "newPassword");
}
using (var session = new MongoSession(_connectionString))
{
var user = session.Users.FirstOrDefault(x => x.PasswordVerificationToken == token && x.PasswordVerificationTokenExpirationDate > DateTime.UtcNow);
if (user != null)
{
bool success = SetPassword(session, user, newPassword);
if (success)
{
// Clear the Token on success
user.PasswordVerificationToken = null;
user.PasswordVerificationTokenExpirationDate = null;
try
{
session.Update(user);
}
catch (Exception)
{
throw new ProviderException("Database operation failed.");
}
}
return(success);
}
else
{
return(false);
}
}
}
/// <summary>
/// Sets the confirmed flag for the username if it is correct.
/// </summary>
/// <returns>True if the account could be successfully confirmed. False if the username was not found or the confirmation token is invalid.</returns>
/// <remarks>Inherited from ExtendedMembershipProvider ==> Simple Membership MUST be enabled to use this method.
/// There is a tiny possibility where this method fails to work correctly. Two or more users could be assigned the same token but specified using different cases.
/// A workaround for this would be to use the overload that accepts both the user name and confirmation token.
/// </remarks>
public override bool ConfirmAccount(string accountConfirmationToken)
{
VerifyInitialized();
using (var session = new MongoSession(_connectionString))
{
// We need to compare the token using a case insensitive comparison however it seems tricky to do this uniformly across databases when representing the token as a string.
// Therefore verify the case on the client
var rows = session.Users
.Where(x => x.ConfirmationToken == accountConfirmationToken)
.ToList()
.Where(r => ((string)r.ConfirmationToken).Equals(accountConfirmationToken, StringComparison.Ordinal))
.ToList();
Debug.Assert(rows.Count < 2, "By virtue of the fact that the ConfirmationToken is random and unique, we can never have two tokens that are identical.");
if (!rows.Any())
{
return(false);
}
var row = rows.First();
row.IsConfirmed = true;
try
{
session.Update(row);
return(true);
}
catch (Exception)
{
return(false);
}
}
}
//internal void ValidateUserTable()
//{
// using (var session = new MongoSession(_connectionString))
// {
// // GetUser will fail with an exception if the user table isn't set up properly
// try
// {
// GetUserId(db, SafeUserTableName, SafeUserNameColumn, SafeUserIdColumn, "z");
// }
// catch (Exception e)
// {
// throw new InvalidOperationException(String.Format(CultureInfo.InvariantCulture, WebDataResources.Security_FailedToFindUserTable, UserTableName), e);
// }
// }
//}
// Inherited from MembershipProvider ==> Forwarded to previous provider if this provider hasn't been initialized
public override bool ValidateUser(string username, string password)
{
if (!InitializeCalled)
{
return(PreviousProvider.ValidateUser(username, password));
}
if (string.IsNullOrEmpty(username))
{
throw new ArgumentException("Argument_Cannot_Be_Null_Or_Empty", "username");
}
if (string.IsNullOrEmpty(password))
{
throw new ArgumentException("Argument_Cannot_Be_Null_Or_Empty", "password");
}
using (var session = new MongoSession(_connectionString))
{
var user = VerifyUserNameHasConfirmedAccount(session, username, throwException: false);
if (user == null)
{
return(false);
}
else
{
var result = CheckPassword(session, user.UserId, password);
try
{
if (result)
{
user.LastLoginDate = DateTime.Now;
}
else
{
user.LastPasswordFailureDate = DateTime.Now;
}
session.Update(user);
}
catch (Exception ex) { }
return(result);
}
}
}
private static bool SetPassword(MongoSession session, MembershipAccount user, string newPassword)
{
string hashedPassword = Crypto.HashPassword(newPassword);
if (hashedPassword.Length > 128)
{
throw new ArgumentException("The membership password is too long. (Maximum length is 128 characters).");
}
try
{
user.Password = hashedPassword;
user.PasswordSalt = string.Empty;
user.PasswordChangedDate = DateTime.UtcNow;
session.Update(user);
return(true);
}
catch (Exception)
{
return(false);
}
}
// Inherited from ExtendedMembershipProvider ==> Simple Membership MUST be enabled to use this method
public override string CreateAccount(string userName, string password, bool requireConfirmationToken)
{
VerifyInitialized();
if (string.IsNullOrEmpty(password))
{
throw new MembershipCreateUserException(MembershipCreateStatus.InvalidPassword);
}
string hashedPassword = Crypto.HashPassword(password);
if (hashedPassword.Length > 128)
{
throw new MembershipCreateUserException(MembershipCreateStatus.InvalidPassword);
}
if (string.IsNullOrEmpty(userName))
{
throw new MembershipCreateUserException(MembershipCreateStatus.InvalidUserName);
}
// Step 1: Check if the user exists in the Users table
var usr = GetUser(userName);
if (usr == null)
{
// User not found
throw new MembershipCreateUserException(MembershipCreateStatus.ProviderError);
}
using (var session = new MongoSession(_connectionString))
{
// Step 2: Check if the user exists in the Membership table: Error if yes.
var result = session.Users.Count(x => x.UserName == userName);
if (result > 1)
{
throw new MembershipCreateUserException(MembershipCreateStatus.DuplicateUserName);
}
// Step 3: Create user in Membership table
string token = null;
object dbtoken = DBNull.Value;
if (requireConfirmationToken)
{
token = GenerateToken();
dbtoken = token;
}
int defaultNumPasswordFailures = 0;
try
{
var now = DateTime.UtcNow;
usr.Password = hashedPassword;
usr.PasswordSalt = string.Empty;
usr.IsConfirmed = !requireConfirmationToken;
usr.ConfirmationToken = dbtoken as string;
usr.CreationDate = now;
usr.PasswordChangedDate = now;
usr.PasswordFailuresSinceLastSuccess = defaultNumPasswordFailures;
session.Update(usr);
return(token);
}
catch (Exception)
{
throw new MembershipCreateUserException(MembershipCreateStatus.ProviderError);
}
}
}