/// <summary> /// Change Users password Question and Answer /// </summary> /// <param name="username">Username to change Q&A for</param> /// <param name="password">Password</param> /// <param name="newPasswordQuestion">New question</param> /// <param name="newPasswordAnswer">New answer</param> /// <returns> Boolean depending on whether the change was successful</returns> public override bool ChangePasswordQuestionAndAnswer(string username, string password, string newPasswordQuestion, string newPasswordAnswer) { // Check arguments for null values if ((username == null) || (password == null) || (newPasswordQuestion == null) || (newPasswordAnswer == null)) { throw new ArgumentException("Username, Password, Password Question or Password Answer cannot be null"); } UserPasswordInfo currentPasswordInfo = UserPasswordInfo.CreateInstanceFromDB(this.ApplicationName, username, false, this.UseSalt); newPasswordAnswer = YafMembershipProvider.EncodeString(newPasswordAnswer, currentPasswordInfo.PasswordFormat, currentPasswordInfo.PasswordSalt, this.UseSalt); if (currentPasswordInfo != null && currentPasswordInfo.IsCorrectPassword(password)) { try { DB.ChangePasswordQuestionAndAnswer(this.ApplicationName, username, newPasswordQuestion, newPasswordAnswer); return(true); } catch { // will return false... } } return(false); // Invalid password return false }
/// <summary> /// Reset a users password - * /// </summary> /// <param name="username">User to be found based by Name</param> /// <param name="answer">Verifcation that it is them</param> /// <returns>Username as string</returns> public override string ResetPassword(string username, string answer) { string newPassword = string.Empty, newPasswordEnc = string.Empty, newPasswordSalt = string.Empty, newPasswordAnswer = string.Empty; /// Check Password reset is enabled if (!(this.EnablePasswordReset)) { ExceptionReporter.ThrowNotSupported("MEMBERSHIP", "RESETNOTSUPPORTED"); } // Check arguments for null values if (username == null) { ExceptionReporter.ThrowArgument("MEMBERSHIP", "USERNAMEPASSWORDNULL"); } // get an instance of the current password information class UserPasswordInfo currentPasswordInfo = UserPasswordInfo.CreateInstanceFromDB(this.ApplicationName, username, false, this.UseSalt); if (currentPasswordInfo != null) { if (UseSalt && String.IsNullOrEmpty(currentPasswordInfo.PasswordSalt)) { // get a new password salt... newPasswordSalt = YafMembershipProvider.GenerateSalt(); } else { // use existing salt... newPasswordSalt = currentPasswordInfo.PasswordSalt; } if (!String.IsNullOrEmpty(answer)) { // verify answer is correct... if (!currentPasswordInfo.IsCorrectAnswer(answer)) { return(null); } } // create a new password newPassword = YafMembershipProvider.GeneratePassword(this.MinRequiredPasswordLength, this.MinRequiredNonAlphanumericCharacters); // encode it... newPasswordEnc = YafMembershipProvider.EncodeString(newPassword, ( int )this.PasswordFormat, newPasswordSalt, this.UseSalt); // save to the database DB.ResetPassword(this.ApplicationName, username, newPasswordEnc, newPasswordSalt, ( int )this.PasswordFormat, this.MaxInvalidPasswordAttempts, this.PasswordAttemptWindow); // Return unencrypted password return(newPassword); } return(null); }
/// <summary> /// Checks the password against the one provided for validity /// </summary> /// <param name="passwordToCheck"> /// </param> /// <returns> /// The is correct password. /// </returns> public bool IsCorrectPassword(string passwordToCheck) { return (this.Password.Equals( YafMembershipProvider.EncodeString( passwordToCheck, this.PasswordFormat, this.PasswordSalt, this.UseSalt, this.HashHex, this.hashCase, this.hashRemoveChars, this.msCompliant))); }
/// <summary> /// Change Users password /// </summary> /// <param name="username">Username to change password for</param> /// <param name="oldpassword">Password</param> /// <param name="newPassword">New question</param> /// <returns> Boolean depending on whether the change was successful</returns> public override bool ChangePassword(string username, string oldPassword, string newPassword) { string newPasswordSalt = string.Empty; string newEncPassword = string.Empty; // Clean input // Check password meets requirements as set by Configuration settings if (!(this.IsPasswordCompliant(newPassword))) { return(false); } UserPasswordInfo currentPasswordInfo = UserPasswordInfo.CreateInstanceFromDB(this.ApplicationName, username, false, this.UseSalt); // validate the correct user information was found... if (currentPasswordInfo == null) { return(false); } // validate the correct user password was entered... if (!currentPasswordInfo.IsCorrectPassword(oldPassword)) { return(false); } // generate a salt if desired... if (UseSalt) { newPasswordSalt = YafMembershipProvider.GenerateSalt(); } // encode new password newEncPassword = YafMembershipProvider.EncodeString(newPassword, ( int )this.PasswordFormat, newPasswordSalt, this.UseSalt); // Call SQL Password to Change DB.ChangePassword(this.ApplicationName, username, newEncPassword, newPasswordSalt, ( int )this.PasswordFormat, currentPasswordInfo.PasswordAnswer); // Return True return(true); }
/// <summary> /// Retrieves the Users password (if EnablePasswordRetrieval is true) /// </summary> /// <param name="username">Username to retrieve password for</param> /// <param name="answer">Answer to the Users Membership Question</param> /// <param name="newPasswordQuestion">New question</param> /// <param name="newPasswordAnswer">New answer</param> /// <returns> Password unencrypted</returns> public override string GetPassword(string username, string answer) { if (!this.EnablePasswordRetrieval) { ExceptionReporter.ThrowNotSupported("MEMBERSHIP", "PASSWORDRETRIEVALNOTSUPPORTED"); } // Check for null arguments if ((username == null) || (answer == null)) { ExceptionReporter.ThrowArgument("MEMBERSHIP", "USERNAMEPASSWORDNULL"); } UserPasswordInfo currentPasswordInfo = UserPasswordInfo.CreateInstanceFromDB(this.ApplicationName, username, false, this.UseSalt); if (currentPasswordInfo != null && currentPasswordInfo.IsCorrectAnswer(answer)) { return(YafMembershipProvider.DecodeString(currentPasswordInfo.Password, currentPasswordInfo.PasswordFormat)); } return(null); }
/// <summary> /// Encrypt string to hash method. /// </summary> /// <param name="unencryptedString">String to be encrypted</param> /// <param name="hastMethod">Hash method to be used for encryption</param> /// <param name="salt">Salt to be used in Hash method</param> /// <returns> Encrypted string</returns> internal static string EncodeString(string unencodedString, int encFormat, string salt, bool useSalt) { string encodedPass = string.Empty; MembershipPasswordFormat passwordFormat = ( MembershipPasswordFormat )Enum.ToObject(typeof(MembershipPasswordFormat), encFormat); // Check to ensure string is not null or empty. if (String.IsNullOrEmpty(unencodedString)) { return(String.Empty); } if (useSalt && String.IsNullOrEmpty(salt)) { // not a valid salt so disable... useSalt = false; } if (useSalt && passwordFormat == MembershipPasswordFormat.Encrypted) { // cannot use a salt with encryption useSalt = false; } byte [] unencodedBytes = Encoding.Unicode.GetBytes(unencodedString); // compute total size of new buffer int bufferLength = unencodedBytes.Length; // handle salt buffer byte [] saltBytes = null; if (useSalt) { saltBytes = Encoding.Unicode.GetBytes(Convert.FromBase64String(salt).ToString()); // add salt length to buffer... bufferLength += saltBytes.Length; } // Buffer used for algorithms... byte [] buffer = new byte [bufferLength]; // copy password to hash buffer + salt System.Buffer.BlockCopy(unencodedBytes, 0, buffer, 0, unencodedBytes.Length); if (useSalt) { System.Buffer.BlockCopy(saltBytes, 0, buffer, unencodedBytes.Length - 1, saltBytes.Length); } // Check Encoding format / method switch (passwordFormat) { case MembershipPasswordFormat.Clear: // plain text encodedPass = unencodedString; break; case MembershipPasswordFormat.Hashed: if (useSalt) { encodedPass = Convert.ToBase64String(HashAlgorithm.Create(YafMembershipProvider.HashType()).ComputeHash(buffer)); } else { encodedPass = FormsAuthentication.HashPasswordForStoringInConfigFile(unencodedString, YafMembershipProvider.HashType()); } break; case MembershipPasswordFormat.Encrypted: encodedPass = Convert.ToBase64String((new YafMembershipProvider()).EncryptPassword(buffer)); break; default: encodedPass = FormsAuthentication.HashPasswordForStoringInConfigFile(unencodedString, YafMembershipProvider.HashType()); break; } return(encodedPass); }
/// <summary> /// Create user and add to provider /// </summary> /// <param name="username">Username</param> /// <param name="password">Password</param> /// <param name="email">Email Address</param> /// <param name="passwordQuestion">Password Question</param> /// <param name="passwordAnswer">Password Answer - used for password retrievals.</param> /// <param name="isApproved">Is the User approved?</param> /// <param name="providerUserKey">Provider User Key to identify the User</param> /// <param name="status">Out - MembershipCreateStatus object containing status of the Create User process</param> /// <returns> Boolean depending on whether the deletion was successful</returns> public override MembershipUser CreateUser(string username, string password, string email, string passwordQuestion, string passwordAnswer, bool isApproved, object providerUserKey, out MembershipCreateStatus status) { // ValidatePasswordEventArgs e = new ValidatePasswordEventArgs( username, password, true ); // OnValidatingPassword( e ); // //if ( e.Cancel ) //{ // status = MembershipCreateStatus.InvalidPassword; // return null; //} string salt = string.Empty, pass = string.Empty; // Check password meets requirements as set out in the web.config if (!(this.IsPasswordCompliant(password))) { status = MembershipCreateStatus.InvalidPassword; return(null); } // Check password Question and Answer requirements. if (this.RequiresQuestionAndAnswer) { if (String.IsNullOrEmpty(passwordQuestion)) { status = MembershipCreateStatus.InvalidQuestion; return(null); } if (String.IsNullOrEmpty(passwordAnswer)) { status = MembershipCreateStatus.InvalidAnswer; return(null); } } // Check provider User Key if (!(providerUserKey == null)) { // IS not a duplicate key if (!(this.GetUser(providerUserKey, false) == null)) { status = MembershipCreateStatus.DuplicateProviderUserKey; return(null); } } // Check for unique email if (this.RequiresUniqueEmail) { if (!(String.IsNullOrEmpty(this.GetUserNameByEmail(email)))) { status = MembershipCreateStatus.DuplicateEmail; // Email exists return(null); } } // Check for unique user name if (!(this.GetUser(username, false) == null)) { status = MembershipCreateStatus.DuplicateUserName; // Username exists return(null); } if (UseSalt) { salt = YafMembershipProvider.GenerateSalt(); } pass = YafMembershipProvider.EncodeString(password, ( int )this.PasswordFormat, salt, this.UseSalt); // Encode Password Answer string encodedPasswordAnswer = YafMembershipProvider.EncodeString(passwordAnswer, ( int )this.PasswordFormat, salt, this.UseSalt); // Process database user creation request DB.CreateUser(this.ApplicationName, username, pass, salt, ( int )this.PasswordFormat, email, passwordQuestion, encodedPasswordAnswer, isApproved, providerUserKey); status = MembershipCreateStatus.Success; return(this.GetUser(username, false)); }
/// <summary> /// Check to see if password(string) matches required criteria. /// </summary> /// <param name="password">Password to be checked</param> /// <returns> True/False </returns> private bool IsPasswordCompliant(string passsword) { return(YafMembershipProvider.IsPasswordCompliant(passsword, this.MinRequiredPasswordLength, this.MinRequiredNonAlphanumericCharacters, this.PasswordStrengthRegularExpression)); }