public override MembershipUser CreateUser(string username, string password, string email, string passwordQuestion, string passwordAnswer, bool isApproved, object providerUserKey, out MembershipCreateStatus status) { if (password.Length < MinRequiredPasswordLength) { status = MembershipCreateStatus.InvalidPassword; return(null); } MembershipUser mu = null; Task <long> dupeUsers = _memberCollection.Find(m => m.UserName.ToLower() == username.ToLower()).CountAsync(); Task <long> dupeEmails = _memberCollection.Find(m => m.EmailAddress.ToLower() == email.ToLower()).CountAsync(); dupeUsers.Wait(); dupeEmails.Wait(); if (dupeUsers.Result > 0) { status = MembershipCreateStatus.DuplicateUserName; } else if (dupeEmails.Result > 0) { status = MembershipCreateStatus.DuplicateEmail; } else { byte[] salt = new byte[24]; byte[] hash = CalculateHash(password, ref salt); MongoMember mm = new MongoMember { Id = Guid.NewGuid(), UserName = username, PassHash = hash, PassSalt = salt, EmailAddress = email, IsApproved = false, IsLockedOut = false, CreationDate = DateTime.Now, LastLoginDate = DateTime.MinValue, LastActivityDate = DateTime.MinValue, LastLockoutDate = DateTime.MinValue }; Task insertTask = _memberCollection.InsertOneAsync(mm); insertTask.Wait(); if (insertTask.Status == TaskStatus.RanToCompletion) { status = MembershipCreateStatus.Success; mu = new MembershipUser(Name, mm.UserName, mm.Id, mm.EmailAddress, "", "", mm.IsApproved, mm.IsLockedOut, mm.CreationDate, mm.LastLoginDate, mm.LastActivityDate, DateTime.MinValue, mm.LastLockoutDate); } else { status = MembershipCreateStatus.ProviderError; } } return(mu); }
public override bool ChangePassword(string username, string oldPassword, string newPassword) { bool isAuthenticated = ValidateUser(username, oldPassword); if (isAuthenticated) { Task <MongoMember> task = _memberCollection.Find(m => m.UserName.ToLower() == username.ToLower()).SingleOrDefaultAsync(); task.Wait(); MongoMember mm = task.Result; if (mm == null) { return(false); } byte[] salt = new byte[24]; byte[] hash = CalculateHash(newPassword, ref salt); mm.PassSalt = salt; mm.PassHash = hash; Task <ReplaceOneResult> replaceTask = _memberCollection.ReplaceOneAsync(m => m.Id == mm.Id, mm); replaceTask.Wait(); return(replaceTask.IsCompleted); } return(false); }
public async Task <bool> ValidateUserFromHash(Guid id, string validate) { MongoMember mm = await _memberCollection.Find(Builders <MongoMember> .Filter.Eq(u => u.Id, id)).FirstOrDefaultAsync(); if (mm == null) { return(false); } using (SHA256 sha = SHA256.Create()) { string content = $"{mm.Id}.{mm.PassSalt}.{ConfigurationManager.AppSettings["data:SecretKey"]}"; byte[] hashBytes = sha.ComputeHash(Encoding.UTF8.GetBytes(content)); string expected = Base32Encoding.ToString(hashBytes); bool success = string.Equals(expected, validate, StringComparison.InvariantCultureIgnoreCase); if (success) { ChangeApproval(id, true); } return(success); } }
public override MembershipUser GetUser(object providerUserKey, bool userIsOnline) { Task <MongoMember> task = _memberCollection.Find(f => f.Id == (Guid)providerUserKey).FirstOrDefaultAsync(); task.Wait(); MongoMember mm = task.Result; return(mm == null ? null : new MembershipUser(Name, mm.UserName, mm.Id, mm.EmailAddress, "", "", mm.IsApproved, mm.IsLockedOut, mm.CreationDate, mm.LastLoginDate, mm.LastActivityDate, DateTime.MinValue, mm.LastLockoutDate)); }
public override MembershipUser GetUser(string username, bool userIsOnline) { Task <MongoMember> task = _memberCollection.Find(f => f.UserName.ToLower() == username.ToLower()).FirstOrDefaultAsync(); task.Wait(); MongoMember mm = task.Result; return(mm == null ? null : new MembershipUser(Name, mm.UserName, mm.Id, mm.EmailAddress, "", "", mm.IsApproved, mm.IsLockedOut, FixupDatesFromMongo(mm.CreationDate), FixupDatesFromMongo(mm.LastLoginDate), FixupDatesFromMongo(mm.LastActivityDate), DateTime.MinValue, FixupDatesFromMongo(mm.LastLockoutDate))); }
public async Task <string> GenerateValidationHash(Guid id) { MongoMember mm = await _memberCollection.Find(Builders <MongoMember> .Filter.Eq(u => u.Id, id)).FirstOrDefaultAsync(); if (mm == null) { return(null); } using (SHA256 sha = SHA256.Create()) { string content = $"{mm.Id}.{mm.PassSalt}.{ConfigurationManager.AppSettings["data:SecretKey"]}"; byte[] hashBytes = sha.ComputeHash(Encoding.UTF8.GetBytes(content)); return(Base32Encoding.ToString(hashBytes)); } }
public override bool ValidateUser(string username, string password) { Task <MongoMember> task = _memberCollection.Find(f => f.UserName.ToLower() == username.ToLower()).FirstOrDefaultAsync(); task.Wait(); MongoMember mm = task.Result; if (mm == null || !(mm.IsApproved && !mm.IsLockedOut)) { return(false); } byte[] salt = mm.PassSalt; byte[] hash = CalculateHash(password, ref salt); bool isFail = false; for (int i = 0; i > hash.Length; i++) { isFail |= hash[i] != mm.PassHash[i]; } if (isFail) { if (mm.LockoutWindowStart == DateTime.MinValue) { mm.LockoutWindowStart = DateTime.Now; mm.LockoutWindowAttempts = 1; } else { if (mm.LockoutWindowStart.AddMinutes(PasswordAttemptWindow) > DateTime.Now) { // still within window mm.LockoutWindowAttempts++; if (mm.LockoutWindowAttempts >= MaxInvalidPasswordAttempts) { mm.IsLockedOut = true; } } else { // outside of window, reset mm.LockoutWindowStart = DateTime.Now; mm.LockoutWindowAttempts = 1; } } } else { mm.LastLoginDate = DateTime.Now; mm.LockoutWindowStart = DateTime.MinValue; mm.LockoutWindowAttempts = 0; } Task <ReplaceOneResult> updTask = _memberCollection.ReplaceOneAsync(Builders <MongoMember> .Filter.Eq(u => u.Id, mm.Id), mm); updTask.Wait(); return(!isFail); }