protected override bool CheckPassword(string password, string dbpassword, MembershipPasswordFormat passwordFormat, TrackProtectMembershipProvider provider) { string pass1 = password; string pass2 = dbpassword; switch (passwordFormat) { case MembershipPasswordFormat.Encrypted: pass2 = provider.UnEncodePassword(dbpassword); break; case MembershipPasswordFormat.Hashed: pass2 = provider.EncodePassword(password); break; } return (pass1 == pass2); }
public override string ResetPassword( string username, string applicationname, string answer, string newPassword, int passwordAttemptWindow, bool requiresQuestionAndAnswer, MembershipPasswordFormat passwordFormat, int maxInvalidPasswordAttempts, TrackProtectMembershipProvider provider) { int rowsAffected; using (MySqlConnection conn = new MySqlConnection(GetConnectionString())) { using (MySqlCommand cmd = new MySqlCommand(QRY_GET_USER_CREDENTIALS, conn)) { cmd.Parameters.Add("@username", MySqlDbType.VarChar, 50).Value = username; cmd.Parameters.Add("@applicationname", MySqlDbType.VarChar, 100).Value = applicationname; MySqlDataReader reader = null; try { conn.Open(); reader = cmd.ExecuteReader(CommandBehavior.SingleRow); string passwordAnswer; if (reader.HasRows) { reader.Read(); if (reader.GetBoolean(1)) throw new MembershipPasswordException("The supplied user is locked out."); passwordAnswer = reader.GetString(0); } else { throw new MembershipPasswordException("The supplied user name is not found."); } if (requiresQuestionAndAnswer && !CheckPassword(answer, passwordAnswer, passwordFormat, provider)) { UpdateFailureCount(username, applicationname, "passwordAnswer", passwordAttemptWindow, maxInvalidPasswordAttempts); throw new MembershipPasswordException("Incorrect password answer"); } } catch (MySqlException ex) { if (WriteExceptionsToEventLog) { WriteToEventLog(ex, "ResetPassword"); throw new ProviderException(EXCEPTION_MESSAGE); } else { throw; } } finally { if (reader != null) reader.Close(); conn.Close(); } } using (MySqlCommand cmd = new MySqlCommand(QRY_UPDATE_USER_CREDENTIALS, conn)) { cmd.Parameters.Add("@username", MySqlDbType.VarChar, 50).Value = username; cmd.Parameters.Add("@applicationname", MySqlDbType.VarChar, 100).Value = applicationname; cmd.Parameters.Add("@password", MySqlDbType.VarChar, 200).Value = newPassword; try { conn.Open(); rowsAffected = cmd.ExecuteNonQuery(); } catch (MySqlException ex) { if (WriteExceptionsToEventLog) { WriteToEventLog(ex, "ResetPassword"); throw new ProviderException(EXCEPTION_MESSAGE); } else { throw; } } finally { conn.Close(); } } } if (rowsAffected > 0) return newPassword; throw new MembershipPasswordException("User not found, or user is locked out. Password not reset."); }
public abstract string ResetPassword(string username, string applicationname, string answer, string newPassword, int passwordAttemptWindow, bool requiresQuestionAndAnswer, MembershipPasswordFormat passwordFormat, int maxInvalidPasswordAttempts, TrackProtectMembershipProvider provider);
protected abstract bool CheckPassword(string password, string dbpassword, MembershipPasswordFormat passwordFormat, TrackProtectMembershipProvider provider);
public string ResetPassword( string username, string applicationname, string answer, string newPassword, int passwordAttemptWindow, bool requiresQuestionAndAnswer, MembershipPasswordFormat passwordFormat, int maxInvalidPasswordAttempts, TrackProtectMembershipProvider provider) { int rowsAffected = 0; using (NpgsqlConnection conn = new NpgsqlConnection(GetConnectionString())) { string query = string.Format( QRY_GET_USER_CREDENTIALS, username, applicationname); using (NpgsqlCommand cmd = new NpgsqlCommand(query, conn)) { string passwordAnswer = string.Empty; NpgsqlDataReader reader = null; try { conn.Open(); reader = cmd.ExecuteReader(CommandBehavior.SingleRow); if (reader.HasRows) { reader.Read(); if (reader.GetBoolean(1)) throw new MembershipPasswordException("The supplied user is locked out."); passwordAnswer = reader.GetString(0); } else { throw new MembershipPasswordException("The supplied user name is not found."); } if (requiresQuestionAndAnswer && !CheckPassword(answer, passwordAnswer, passwordFormat, provider)) { UpdateFailureCount(username, applicationname, "passwordAnswer", passwordAttemptWindow, maxInvalidPasswordAttempts); throw new MembershipPasswordException("Incorrect password answer"); } query = string.Format( QRY_UPDATE_USER_CREDENTIALS, newPassword, username, applicationname); using (NpgsqlCommand updateCmd = new NpgsqlCommand(QRY_UPDATE_USER_CREDENTIALS, conn)) { rowsAffected = updateCmd.ExecuteNonQuery(); } } catch (NpgsqlException ex) { if (WriteExceptionsToEventLog) { WriteToEventLog(ex, "ResetPassword"); throw new ProviderException(EXCEPTION_MESSAGE); } else { throw ex; } } finally { if (reader != null) reader.Close(); conn.Close(); } } } if (rowsAffected > 0) return newPassword; throw new MembershipPasswordException("User not found, or user is locked out. Password not reset."); }