public override bool ChangePassword(string username, string oldPassword, string newPassword) { /* * Takes, as input, a user name, a password (the user's current password), and a * new password and updates the password in the membership data source. * ChangePassword returns true if the password was updated successfully. Otherwise, * it returns false. Before changing a password, ChangePassword calls the provider's * virtual OnValidatingPassword method to validate the new password. It then * changes the password or cancels the action based on the outcome of the call. If the * user name, password, new password, or password answer is not valid, * ChangePassword does not throw an exception; it simply returns false. Following a * successful password change, ChangePassword updates the user's * LastPasswordChangedDate. */ bool result = false; if ( (username == null) || (username == String.Empty) || (oldPassword == null) || (oldPassword == String.Empty) || (newPassword == null) || (newPassword == String.Empty) ) { return result; } SiteSettings siteSettings = GetSiteSettings(); if (siteSettings == null) { return result; } if (newPassword.Length < siteSettings.MinRequiredPasswordLength) { throw new ArgumentException(ResourceHelper.GetMessageTemplate("PasswordNotLongEnoughMessage.config")); } int countNonAlphanumericCharacters = 0; for (int i = 0; i < newPassword.Length; i++) { if (!char.IsLetterOrDigit(newPassword, i)) { countNonAlphanumericCharacters++; } } if (countNonAlphanumericCharacters < siteSettings.MinRequiredNonAlphanumericCharacters) { throw new ArgumentException(ResourceHelper.GetMessageTemplate("PasswordRequiresMoreNonAlphanumericCharactersMessage.config")); } if (siteSettings.PasswordStrengthRegularExpression.Length > 0) { if (!Regex.IsMatch(newPassword, siteSettings.PasswordStrengthRegularExpression)) { throw new ArgumentException( ResourceHelper.GetMessageTemplate("PasswordDoesntMatchRegularExpressionMessage.config")); } } ValidatePasswordEventArgs e = new ValidatePasswordEventArgs(username, newPassword, false); OnValidatingPassword(e); if (e.Cancel) { if (e.FailureInformation != null) { throw e.FailureInformation; } else { throw new ArgumentException("The custom password validation failed."); } } SiteUser siteUser = new SiteUser(siteSettings, username); if (siteUser.UserId == -1) { return result; } if ( ((MembershipPasswordFormat)siteSettings.PasswordFormat == MembershipPasswordFormat.Hashed) && (!siteSettings.UseLdapAuth) ) { if (siteUser.Password == EncodePassword(siteUser.PasswordSalt + oldPassword,MembershipPasswordFormat.Hashed)) { siteUser.PasswordSalt = SiteUser.CreateRandomPassword(128, WebConfigSettings.PasswordGeneratorChars); siteUser.Password = EncodePassword(siteUser.PasswordSalt + newPassword, MembershipPasswordFormat.Hashed); siteUser.MustChangePwd = false; siteUser.PasswordFormat = siteSettings.PasswordFormat; result = siteUser.Save(); } } else if ((MembershipPasswordFormat)siteSettings.PasswordFormat == MembershipPasswordFormat.Encrypted) { if (siteUser.Password == EncodePassword(siteUser.PasswordSalt + oldPassword, MembershipPasswordFormat.Encrypted)) { siteUser.PasswordSalt = SiteUser.CreateRandomPassword(128, WebConfigSettings.PasswordGeneratorChars); siteUser.Password = EncodePassword(siteUser.PasswordSalt + newPassword, MembershipPasswordFormat.Encrypted); siteUser.MustChangePwd = false; siteUser.PasswordFormat = siteSettings.PasswordFormat; result = siteUser.Save(); } } else if ((MembershipPasswordFormat)siteSettings.PasswordFormat == MembershipPasswordFormat.Clear) { if (siteUser.Password == oldPassword) { siteUser.Password = newPassword; siteUser.MustChangePwd = false; siteUser.PasswordFormat = siteSettings.PasswordFormat; result = siteUser.Save(); } } if (result) { if (WebConfigSettings.LogIpAddressForPasswordChanges) { log.Info("password for user " + siteUser.Name + " was changed from ip address " + SiteUtils.GetIP4Address()); } siteUser.UpdateLastPasswordChangeTime(); } return result; }
public override string ResetPassword(string userName, string passwordAnswer) { /* Takes, as input, a user name and a password answer and replaces the user's current password * with a new, random password. ResetPassword then returns the new password. A * convenient mechanism for generating a random password is the * Membership.GeneratePassword method. If the user name is not valid, ResetPassword * throws a ProviderException. ResetPassword also checks the value of the * RequiresQuestionAndAnswer property before resetting a password. If * RequiresQuestionAndAnswer is true, ResetPassword compares the supplied password * answer to the stored password answer and throws a MembershipPasswordException if * the two don't match. Before resetting a password, ResetPassword verifies that * EnablePasswordReset is true. If EnablePasswordReset is false, ResetPassword throws * a NotSupportedException. If the user whose password is being changed is currently * locked out, ResetPassword throws a MembershipPasswordException. Before resetting a * password, ResetPassword calls the provider's virtual OnValidatingPassword method to * validate the new password. It then resets the password or cancels the action based on * the outcome of the call. If the new password is invalid, ResetPassword throws a * ProviderException. Following a successful password reset, ResetPassword updates the * user's LastPasswordChangedDate. */ SiteSettings siteSettings = GetSiteSettings(); if (!siteSettings.AllowPasswordReset) { throw new Exception("The method or operation is not implemented."); } String newPassword = null; if ((userName != null) && (siteSettings != null)) { SiteUser siteUser = new SiteUser(siteSettings, userName); if (siteUser.UserId > -1) { if (siteUser.IsLockedOut) { throw new MembershipPasswordException( ResourceHelper.GetMessageTemplate("UserAccountLockedMessage.config")); } bool okToResetPassword = false; if (siteSettings.RequiresQuestionAndAnswer) { if ((passwordAnswer != null) && (passwordAnswer == siteUser.PasswordAnswer)) { okToResetPassword = true; } else { // if wrong answer or user is locked out throw new MembershipPasswordException(ResourceHelper.GetMessageTemplate("PasswordWrongAnswerToQuestionMessage.config")); } } else { okToResetPassword = true; } if (okToResetPassword) { newPassword = SiteUser.CreateRandomPassword(siteSettings.MinRequiredPasswordLength + 2, WebConfigSettings.PasswordGeneratorChars); switch (PasswordFormat) { case MembershipPasswordFormat.Clear: siteUser.Password = newPassword; break; default: siteUser.PasswordSalt = SiteUser.CreateRandomPassword(128, WebConfigSettings.PasswordGeneratorChars); siteUser.Password = EncodePassword(siteUser.PasswordSalt + newPassword, PasswordFormat); break; } siteUser.MustChangePwd = siteSettings.RequirePasswordChangeOnResetRecover; siteUser.PasswordFormat = siteSettings.PasswordFormat; siteUser.Save(); siteUser.UpdateLastPasswordChangeTime(); } } else { throw new ProviderException(ResourceHelper.GetMessageTemplate("UserNotFoundMessage.config")); } } return newPassword; }