internal static bool ValidatePassword(User user, string password) { if (user == null || string.IsNullOrWhiteSpace(password)) return false; byte[] checkHash = GenerateSaltedHash(password, user.Salt); return checkHash.SequenceEqual(user.Password); }
public override MembershipUser CreateUser(string username, string password, string email, string passwordQuestion, string passwordAnswer, bool isApproved, object providerUserKey, out MembershipCreateStatus status) { ValidatePasswordEventArgs args = new ValidatePasswordEventArgs(username, password, true); OnValidatingPassword(args); if (args.Cancel) { status = MembershipCreateStatus.InvalidPassword; return null; } if (RequiresUniqueEmail && !string.IsNullOrEmpty(GetUserNameByEmail(email))) { status = MembershipCreateStatus.DuplicateEmail; return null; } MembershipUser membershipUser = GetUser(username, true); if (membershipUser != null) { status = MembershipCreateStatus.DuplicateUserName; return null; } using (TransactionScope scope = new TransactionScope()) { byte[] passwordSalt = PasswordHelper.CreateSalt(32); byte[] passwordHash = PasswordHelper.GenerateSaltedHash(System.Text.Encoding.UTF8.GetBytes(password), passwordSalt); byte[] answerHash = PasswordHelper.GenerateSaltedHash(System.Text.Encoding.UTF8.GetBytes(passwordAnswer ?? ""),passwordSalt); User user = new User { Username = username, Salt = passwordSalt, Password = passwordHash, Email = email, PasswordQuestion = passwordQuestion, PasswordAnswer = answerHash, IsApproved = isApproved, ProviderUserKey = providerUserKey, Comment = string.Empty, CreationDate = DateTime.Now, IsLockedOut = false, LastActivityDate = DateTime.Now, LastLockoutDate = DateTime.MinValue, LastLoginDate = DateTime.MinValue, LastPasswordChangedDate = DateTime.MinValue, ProviderName = ProviderName }; using (IDocumentSession session = _store.OpenSession()) { session.Store(user); session.SaveChanges(); } status = MembershipCreateStatus.Success; scope.Complete(); return user.ToMembershipUser(); } }