ASP.NET&Spring.NET&NHibernate最佳实践(十七)——第4章权限子系统(10)
用户服务接口
using System;
using System.Collections;
using Guushuuse.SalaryPrj.Security.DomainModel;
using Guushuuse.SalaryPrj.Security.Dao;
using System.Web.Security;
namespace Guushuuse.SalaryPrj.Security.Service
{
/// <summary>
/// 用户服务接口
/// </summary>
public interface IUserService
{
int ChangePasswordQuestionAndAnswer(string applicationName, string username, string newPasswordQuestion, string newPasswordAnswer);
void CreateUser(User user);
void DeleteUser(User user);
int DeleteUser(string applicationName, string username, bool deleteAllRelatedData);
IList FindUsersByEmail(string applicationName, string emailToMatch, int pageIndex, int pageSize, out int totalRecords);
IList FindUsersByName(string applicationName, string usernameToMatch, int pageIndex, int pageSize, out int totalRecords);
IList GetAllUsers(string applicationName, int pageIndex, int pageSize, out long totalRecords);
int GetNumberOfUsersOnline(string applicationName, int minutesSinceLastInActive, DateTime currentTimeUtc);
string GetPassword(string applicationName, string username, string passwordAnswer, bool requiresQuestionAndAnswer, int maxInvalidPasswordAttempts, int passwordAttemptWindow, out MembershipPasswordFormat passwordFormat, out int status, DateTime currentTimeUtc);
User GetUser(int userID);
User GetUserByName(string applicationName, string username, bool updateLastActivity, DateTime currentTimeUtc);
User GetUserByName(string applicationName, string username);
User GetUserByUserID(int userID, bool updateLastActivity, DateTime currentTimeUtc);
IList GetUsersByEmail(string applicationName, string email);
int ResetPassword(string applicationName, string username, string newPassword, int maxInvalidPasswordAttempts, int passwordAttemptWindow, string passwordSalt, MembershipPasswordFormat passwordFormat, string passwordAnswer, DateTime currentTimeUtc);
int UnlockUser(string applicationName, string username);
int UpdatePassword(string applicationName, string username, string newPassword, string passwordSalt, MembershipPasswordFormat passwordFormat, DateTime currentTimeUtc);
int UpdateUser(string applicationName, string username, string email, string comment, bool isApproved, DateTime lastLoginDate, DateTime lastActivityDate, bool uniqueEmail);
void UpdateUser(Guushuuse.SalaryPrj.Security.DomainModel.User user);
int UpdateUserInfo(string applicationName, string username, bool isPasswordCorrect, int passwordAttemptWindow, int maxInvalidPasswordAttempts, bool updateLastLoginActivityDate, DateTime currentTimeUtc);
IUserDao UserDao { get; set; }
}
}
用户服务类(UserService.cs)
using System;
using System.Collections.Generic;
using System.Text;
using Guushuuse.SalaryPrj.Security.Dao;
using Spring.Transaction.Interceptor;
using Guushuuse.SalaryPrj.Security.DomainModel;
using System.Collections;
using System.Web.Security;
namespace Guushuuse.SalaryPrj.Security.Service
{
/// <summary>
/// 用户服务类
/// </summary>
public class UserService : IUserService
{
private IUserDao _userDao;
public IUserDao UserDao
{
get { return _userDao; }
set { _userDao = value; }
}
[Transaction(ReadOnly = false)]
public void CreateUser(User user)
{
_userDao.CreateUser(user);
}
[Transaction(ReadOnly = false)]
public void UpdateUser(User user)
{
_userDao.UpdateUser(user);
}
[Transaction(ReadOnly = false)]
public void DeleteUser(User user)
{
_userDao.DeleteUser(user);
}
public User GetUser(int userID)
{
return _userDao.GetUser(userID);
}
public User GetUserByName(string applicationName, string username)
{
Application application = ServiceLocator.ApplicationService.GetApplication(applicationName);
return _userDao.GetUser(application, username); ;
}
public User GetUserByName(string applicationName, string username, bool updateLastActivity, DateTime currentTimeUtc)
{
Application application = ServiceLocator.ApplicationService.GetApplication(applicationName);
User user = _userDao.GetUser(application, username);
if (user != null)
{
if (updateLastActivity)
{
user.LastActivityDate = currentTimeUtc;
UpdateUser(user);
}
return user;
}
else
{
return null;
}
}
public IList GetUsersByEmail(string applicationName, string email)
{
Application application = ServiceLocator.ApplicationService.GetApplication(applicationName);
return _userDao.GetUsers(application, email);
}
public int UpdatePassword(string applicationName, string username, string newPassword, string passwordSalt,
MembershipPasswordFormat passwordFormat, DateTime currentTimeUtc)
{
Application application = ServiceLocator.ApplicationService.GetApplication(applicationName);
User user = _userDao.GetUser(application, username);
if (user != null)
{
user.Password = newPassword;
user.PasswordSalt = passwordSalt;
user.PasswordFormat = passwordFormat;
user.LastPasswordChangedDate = currentTimeUtc;
UpdateUser(user);
return 0;
}
else
{
return 1;
}
}
public int ResetPassword(string applicationName, string username, string newPassword, int maxInvalidPasswordAttempts,
int passwordAttemptWindow, string passwordSalt, MembershipPasswordFormat passwordFormat, string passwordAnswer, DateTime currentTimeUtc)
{
Application application = ServiceLocator.ApplicationService.GetApplication(applicationName);
User user = _userDao.GetUser(application, username);
if (user != null)
{
if (!user.IsLockedOut)
{
if (passwordAnswer == null || passwordAnswer.ToLower().Equals(user.PasswordAnswer))
{
user.Password = newPassword;
user.PasswordFormat = passwordFormat;
user.PasswordSalt = passwordSalt;
user.LastPasswordChangedDate = currentTimeUtc;
user.FailedPasswordAnswerAttemptCount = 0;
user.FailedPasswordAnswerAttemptWindowStart = new DateTime(1754, 1, 1);
UpdateUser(user);
return 0;
}
else
{
if (currentTimeUtc > user.FailedPasswordAnswerAttemptWindowStart.AddMinutes(passwordAttemptWindow))
{
user.FailedPasswordAnswerAttemptCount = 1;
user.FailedPasswordAnswerAttemptWindowStart = currentTimeUtc;
}
else
{
user.FailedPasswordAnswerAttemptCount++;
user.FailedPasswordAnswerAttemptWindowStart = currentTimeUtc;
}
if (user.FailedPasswordAnswerAttemptCount > maxInvalidPasswordAttempts)
{
user.IsLockedOut = true;
user.LastLockoutDate = currentTimeUtc;
}
UpdateUser(user);
return 3;
}
}
else
{
return 99;
}
}
else
{
return 1;
}
}
public int ChangePasswordQuestionAndAnswer(string applicationName, string username, string newPasswordQuestion,
string newPasswordAnswer)
{
Application application = ServiceLocator.ApplicationService.GetApplication(applicationName);
User user = _userDao.GetUser(application, username);
if (user != null)
{
user.PasswordQuestion = newPasswordQuestion;
user.PasswordAnswer = newPasswordAnswer;
UpdateUser(user);
return 0;
}
else
{
return 1;
}
}
public int DeleteUser(string applicationName, string username, bool deleteAllRelatedData)
{
Application application = ServiceLocator.ApplicationService.GetApplication(applicationName);
User user = _userDao.GetUser(application, username);
if (user != null)
{
DeleteUser(user);
return 0;
}
else
{
return 1;
}
}
public IList FindUsersByEmail(string applicationName, string emailToMatch, int pageIndex, int pageSize, out int totalRecords)
{
Application application = ServiceLocator.ApplicationService.GetApplication(applicationName);
return _userDao.FindUsersByEmail(application, emailToMatch, pageIndex, pageSize, out totalRecords);
}
public IList FindUsersByName(string applicationName, string usernameToMatch, int pageIndex, int pageSize, out int totalRecords)
{
Application application = ServiceLocator.ApplicationService.GetApplication(applicationName);
return _userDao.FindUsersByName(application, usernameToMatch, pageIndex, pageSize, out totalRecords);
}
public IList GetAllUsers(string applicationName, int pageIndex, int pageSize, out long totalRecords)
{
Application application = ServiceLocator.ApplicationService.GetApplication(applicationName);
return _userDao.GetUsers(application, pageIndex, pageSize, out totalRecords);
}
public int GetNumberOfUsersOnline(string applicationName, int minutesSinceLastInActive, DateTime currentTimeUtc)
{
Application application = ServiceLocator.ApplicationService.GetApplication(applicationName);
DateTime activeDate = currentTimeUtc.AddMinutes(-minutesSinceLastInActive);
return _userDao.GetActiveUsersCount(application, activeDate);
}
public User GetUserByUserID(int userID, bool updateLastActivity, DateTime currentTimeUtc)
{
User user = _userDao.GetUser(userID);
if (user != null)
{
if (updateLastActivity)
{
user.LastActivityDate = currentTimeUtc;
UpdateUser(user);
}
return user;
}
else
{
return null;
}
}
public int UnlockUser(string applicationName, string username)
{
Application application = ServiceLocator.ApplicationService.GetApplication(applicationName);
User user = _userDao.GetUser(application, username);
if (user != null)
{
user.LastLockoutDate = new DateTime(1754, 1, 1);
user.FailedPasswordAttemptCount = 0;
user.FailedPasswordAttemptWindowStart = new DateTime(1754, 1, 1);
user.FailedPasswordAnswerAttemptCount = 0;
user.FailedPasswordAnswerAttemptWindowStart = new DateTime(1754, 1, 1);
UpdateUser(user);
return 0;
}
else
{
return 1;
}
}
public int UpdateUser(string applicationName, string username, string email, string comment, bool isApproved,
DateTime lastLoginDate, DateTime lastActivityDate, bool uniqueEmail)
{
Application application = ServiceLocator.ApplicationService.GetApplication(applicationName);
User user = _userDao.GetUser(application, username);
if (user != null)
{
if (uniqueEmail)
{
IList users = _userDao.GetUsers(application, email);
if (users.Count > 1)
{
return 7;
}
if (users.Count == 1 && ((User)users[0]).ID != user.ID)
{
return 7;
}
}
user.Email = email;
user.IsApproved = isApproved;
user.LastActivityDate = lastActivityDate;
user.LastLoginDate = lastLoginDate;
user.Comment = comment;
UpdateUser(user);
return 0;
}
else
{
return 1;
}
}
public int UpdateUserInfo(string applicationName, string username, bool isPasswordCorrect, int passwordAttemptWindow,
int maxInvalidPasswordAttempts, bool updateLastLoginActivityDate, DateTime currentTimeUtc)
{
Application application = ServiceLocator.ApplicationService.GetApplication(applicationName);
User user = _userDao.GetUser(application, username);
if (user != null)
{
if (!user.IsLockedOut)
{
if (!isPasswordCorrect)
{
if (currentTimeUtc > user.FailedPasswordAttemptWindowStart.AddMinutes(passwordAttemptWindow))
{
user.FailedPasswordAttemptCount = 1;
user.FailedPasswordAttemptWindowStart = currentTimeUtc;
}
else
{
user.FailedPasswordAttemptCount++;
user.FailedPasswordAttemptWindowStart = currentTimeUtc;
}
if (user.FailedPasswordAttemptCount > maxInvalidPasswordAttempts)
{
user.IsLockedOut = true;
user.LastLockoutDate = currentTimeUtc;
}
UpdateUser(user);
return 2;
}
else
{
user.LastLockoutDate = new DateTime(1754, 1, 1);
user.FailedPasswordAttemptCount = 0;
user.FailedPasswordAttemptWindowStart = new DateTime(1754, 1, 1);
user.FailedPasswordAnswerAttemptCount = 0;
user.FailedPasswordAnswerAttemptWindowStart = new DateTime(1754, 1, 1);
if (updateLastLoginActivityDate)
{
user.LastActivityDate = DateTime.UtcNow;
user.LastLoginDate = DateTime.UtcNow;
}
UpdateUser(user);
return 0;
}
}
else
{
return 99;
}
}
else
{
return 1;
}
}
public string GetPassword(string applicationName, string username, string passwordAnswer, bool requiresQuestionAndAnswer,
int maxInvalidPasswordAttempts, int passwordAttemptWindow, out MembershipPasswordFormat passwordFormat, out int status,
DateTime currentTimeUtc)
{
Application application = ServiceLocator.ApplicationService.GetApplication(applicationName);
User user = _userDao.GetUser(application, username);
if (user != null)
{
if (!user.IsLockedOut)
{
if (requiresQuestionAndAnswer)
{
if (passwordAnswer == null || (!passwordAnswer.ToLower().Equals(user.PasswordAnswer)))
{
if (currentTimeUtc > user.FailedPasswordAnswerAttemptWindowStart.AddMinutes(passwordAttemptWindow))
{
user.FailedPasswordAnswerAttemptCount = 1;
user.FailedPasswordAnswerAttemptWindowStart = currentTimeUtc;
}
else
{
user.FailedPasswordAnswerAttemptCount++;
user.FailedPasswordAnswerAttemptWindowStart = currentTimeUtc;
}
if (user.FailedPasswordAnswerAttemptCount > maxInvalidPasswordAttempts)
{
user.IsLockedOut = true;
user.LastLockoutDate = currentTimeUtc;
}
status = 3;
UpdateUser(user);
}
else
{
user.FailedPasswordAnswerAttemptCount = 0;
user.FailedPasswordAnswerAttemptWindowStart = new DateTime(1754, 1, 1);
UpdateUser(user);
status = 0;
passwordFormat = user.PasswordFormat;
return user.Password;
}
}
else
{
status = 0;
passwordFormat = user.PasswordFormat;
return user.Password;
}
}
else
{
status = 99;
}
}
else
{
status = 1;
}
passwordFormat = MembershipPasswordFormat.Clear;
return null;
}
}
}
using System;using System.Collections;using Guushuuse.SalaryPrj.Security.DomainModel;using Guushuuse.SalaryPrj.Security.Dao;using System.Web.Security;namespace Guushuuse.SalaryPrj.Security.Service{
/// <summary>
/// 用户服务接口 /// </summary> public interface IUserService { int ChangePasswordQuestionAndAnswer(string applicationName, string username, string newPasswordQuestion, string newPasswordAnswer); void CreateUser(User user); void DeleteUser(User user); int DeleteUser(string applicationName, string username, bool deleteAllRelatedData); IList FindUsersByEmail(string applicationName, string emailToMatch, int pageIndex, int pageSize, out int totalRecords); IList FindUsersByName(string applicationName, string usernameToMatch, int pageIndex, int pageSize, out int totalRecords); IList GetAllUsers(string applicationName, int pageIndex, int pageSize, out long totalRecords); int GetNumberOfUsersOnline(string applicationName, int minutesSinceLastInActive, DateTime currentTimeUtc); string GetPassword(string applicationName, string username, string passwordAnswer, bool requiresQuestionAndAnswer, int maxInvalidPasswordAttempts, int passwordAttemptWindow, out MembershipPasswordFormat passwordFormat, out int status, DateTime currentTimeUtc); User GetUser(int userID); User GetUserByName(string applicationName, string username, bool updateLastActivity, DateTime currentTimeUtc); User GetUserByName(string applicationName, string username); User GetUserByUserID(int userID, bool updateLastActivity, DateTime currentTimeUtc); IList GetUsersByEmail(string applicationName, string email); int ResetPassword(string applicationName, string username, string newPassword, int maxInvalidPasswordAttempts, int passwordAttemptWindow, string passwordSalt, MembershipPasswordFormat passwordFormat, string passwordAnswer, DateTime currentTimeUtc); int UnlockUser(string applicationName, string username); int UpdatePassword(string applicationName, string username, string newPassword, string passwordSalt, MembershipPasswordFormat passwordFormat, DateTime currentTimeUtc); int UpdateUser(string applicationName, string username, string email, string comment, bool isApproved, DateTime lastLoginDate, DateTime lastActivityDate, bool uniqueEmail); void UpdateUser(Guushuuse.SalaryPrj.Security.DomainModel.User user); int UpdateUserInfo(string applicationName, string username, bool isPasswordCorrect, int passwordAttemptWindow, int maxInvalidPasswordAttempts, bool updateLastLoginActivityDate, DateTime currentTimeUtc); IUserDao UserDao { get; set; } }}用户服务类(UserService.cs)
using System;using System.Collections.Generic;using System.Text;using Guushuuse.SalaryPrj.Security.Dao;using Spring.Transaction.Interceptor;using Guushuuse.SalaryPrj.Security.DomainModel;using System.Collections;using System.Web.Security;namespace Guushuuse.SalaryPrj.Security.Service{ /// <summary> /// 用户服务类 /// </summary> public class UserService : IUserService { private IUserDao _userDao; public IUserDao UserDao { get { return _userDao; } set { _userDao = value; } } [Transaction(ReadOnly = false)] public void CreateUser(User user) { _userDao.CreateUser(user); } [Transaction(ReadOnly = false)] public void UpdateUser(User user) { _userDao.UpdateUser(user); } [Transaction(ReadOnly = false)] public void DeleteUser(User user) { _userDao.DeleteUser(user); } public User GetUser(int userID) { return _userDao.GetUser(userID); } public User GetUserByName(string applicationName, string username) { Application application = ServiceLocator.ApplicationService.GetApplication(applicationName); return _userDao.GetUser(application, username); ; } public User GetUserByName(string applicationName, string username, bool updateLastActivity, DateTime currentTimeUtc) { Application application = ServiceLocator.ApplicationService.GetApplication(applicationName); User user = _userDao.GetUser(application, username); if (user != null) { if (updateLastActivity) { user.LastActivityDate = currentTimeUtc; UpdateUser(user); } return user; } else { return null; } } public IList GetUsersByEmail(string applicationName, string email) { Application application = ServiceLocator.ApplicationService.GetApplication(applicationName); return _userDao.GetUsers(application, email); } public int UpdatePassword(string applicationName, string username, string newPassword, string passwordSalt, MembershipPasswordFormat passwordFormat, DateTime currentTimeUtc) { Application application = ServiceLocator.ApplicationService.GetApplication(applicationName); User user = _userDao.GetUser(application, username); if (user != null) { user.Password = newPassword; user.PasswordSalt = passwordSalt; user.PasswordFormat = passwordFormat; user.LastPasswordChangedDate = currentTimeUtc; UpdateUser(user); return 0; } else { return 1; } } public int ResetPassword(string applicationName, string username, string newPassword, int maxInvalidPasswordAttempts, int passwordAttemptWindow, string passwordSalt, MembershipPasswordFormat passwordFormat, string passwordAnswer, DateTime currentTimeUtc) { Application application = ServiceLocator.ApplicationService.GetApplication(applicationName); User user = _userDao.GetUser(application, username); if (user != null) { if (!user.IsLockedOut) { if (passwordAnswer == null || passwordAnswer.ToLower().Equals(user.PasswordAnswer)) { user.Password = newPassword; user.PasswordFormat = passwordFormat; user.PasswordSalt = passwordSalt; user.LastPasswordChangedDate = currentTimeUtc; user.FailedPasswordAnswerAttemptCount = 0; user.FailedPasswordAnswerAttemptWindowStart = new DateTime(1754, 1, 1); UpdateUser(user); return 0; } else { if (currentTimeUtc > user.FailedPasswordAnswerAttemptWindowStart.AddMinutes(passwordAttemptWindow)) { user.FailedPasswordAnswerAttemptCount = 1; user.FailedPasswordAnswerAttemptWindowStart = currentTimeUtc; } else { user.FailedPasswordAnswerAttemptCount++; user.FailedPasswordAnswerAttemptWindowStart = currentTimeUtc; } if (user.FailedPasswordAnswerAttemptCount > maxInvalidPasswordAttempts) { user.IsLockedOut = true; user.LastLockoutDate = currentTimeUtc; } UpdateUser(user); return 3; } } else { return 99; } } else { return 1; } } public int ChangePasswordQuestionAndAnswer(string applicationName, string username, string newPasswordQuestion, string newPasswordAnswer) { Application application = ServiceLocator.ApplicationService.GetApplication(applicationName); User user = _userDao.GetUser(application, username); if (user != null) { user.PasswordQuestion = newPasswordQuestion; user.PasswordAnswer = newPasswordAnswer; UpdateUser(user); return 0; } else { return 1; } } public int DeleteUser(string applicationName, string username, bool deleteAllRelatedData) { Application application = ServiceLocator.ApplicationService.GetApplication(applicationName); User user = _userDao.GetUser(application, username); if (user != null) { DeleteUser(user); return 0; } else { return 1; } } public IList FindUsersByEmail(string applicationName, string emailToMatch, int pageIndex, int pageSize, out int totalRecords) { Application application = ServiceLocator.ApplicationService.GetApplication(applicationName); return _userDao.FindUsersByEmail(application, emailToMatch, pageIndex, pageSize, out totalRecords); } public IList FindUsersByName(string applicationName, string usernameToMatch, int pageIndex, int pageSize, out int totalRecords) { Application application = ServiceLocator.ApplicationService.GetApplication(applicationName); return _userDao.FindUsersByName(application, usernameToMatch, pageIndex, pageSize, out totalRecords); } public IList GetAllUsers(string applicationName, int pageIndex, int pageSize, out long totalRecords) { Application application = ServiceLocator.ApplicationService.GetApplication(applicationName); return _userDao.GetUsers(application, pageIndex, pageSize, out totalRecords); } public int GetNumberOfUsersOnline(string applicationName, int minutesSinceLastInActive, DateTime currentTimeUtc) { Application application = ServiceLocator.ApplicationService.GetApplication(applicationName); DateTime activeDate = currentTimeUtc.AddMinutes(-minutesSinceLastInActive); return _userDao.GetActiveUsersCount(application, activeDate); } public User GetUserByUserID(int userID, bool updateLastActivity, DateTime currentTimeUtc) { User user = _userDao.GetUser(userID); if (user != null) { if (updateLastActivity) { user.LastActivityDate = currentTimeUtc; UpdateUser(user); } return user; } else { return null; } } public int UnlockUser(string applicationName, string username) { Application application = ServiceLocator.ApplicationService.GetApplication(applicationName); User user = _userDao.GetUser(application, username); if (user != null) { user.LastLockoutDate = new DateTime(1754, 1, 1); user.FailedPasswordAttemptCount = 0; user.FailedPasswordAttemptWindowStart = new DateTime(1754, 1, 1); user.FailedPasswordAnswerAttemptCount = 0; user.FailedPasswordAnswerAttemptWindowStart = new DateTime(1754, 1, 1); UpdateUser(user); return 0; } else { return 1; } } public int UpdateUser(string applicationName, string username, string email, string comment, bool isApproved, DateTime lastLoginDate, DateTime lastActivityDate, bool uniqueEmail) { Application application = ServiceLocator.ApplicationService.GetApplication(applicationName); User user = _userDao.GetUser(application, username); if (user != null) { if (uniqueEmail) { IList users = _userDao.GetUsers(application, email); if (users.Count > 1) { return 7; } if (users.Count == 1 && ((User)users[0]).ID != user.ID) { return 7; } } user.Email = email; user.IsApproved = isApproved; user.LastActivityDate = lastActivityDate; user.LastLoginDate = lastLoginDate; user.Comment = comment; UpdateUser(user); return 0; } else { return 1; } } public int UpdateUserInfo(string applicationName, string username, bool isPasswordCorrect, int passwordAttemptWindow, int maxInvalidPasswordAttempts, bool updateLastLoginActivityDate, DateTime currentTimeUtc) { Application application = ServiceLocator.ApplicationService.GetApplication(applicationName); User user = _userDao.GetUser(application, username); if (user != null) { if (!user.IsLockedOut) { if (!isPasswordCorrect) { if (currentTimeUtc > user.FailedPasswordAttemptWindowStart.AddMinutes(passwordAttemptWindow)) { user.FailedPasswordAttemptCount = 1; user.FailedPasswordAttemptWindowStart = currentTimeUtc; } else { user.FailedPasswordAttemptCount++; user.FailedPasswordAttemptWindowStart = currentTimeUtc; } if (user.FailedPasswordAttemptCount > maxInvalidPasswordAttempts) { user.IsLockedOut = true; user.LastLockoutDate = currentTimeUtc; } UpdateUser(user); return 2; } else { user.LastLockoutDate = new DateTime(1754, 1, 1); user.FailedPasswordAttemptCount = 0; user.FailedPasswordAttemptWindowStart = new DateTime(1754, 1, 1); user.FailedPasswordAnswerAttemptCount = 0; user.FailedPasswordAnswerAttemptWindowStart = new DateTime(1754, 1, 1); if (updateLastLoginActivityDate) { user.LastActivityDate = DateTime.UtcNow; user.LastLoginDate = DateTime.UtcNow; } UpdateUser(user); return 0; } } else { return 99; } } else { return 1; } } public string GetPassword(string applicationName, string username, string passwordAnswer, bool requiresQuestionAndAnswer, int maxInvalidPasswordAttempts, int passwordAttemptWindow, out MembershipPasswordFormat passwordFormat, out int status, DateTime currentTimeUtc) { Application application = ServiceLocator.ApplicationService.GetApplication(applicationName); User user = _userDao.GetUser(application, username); if (user != null) { if (!user.IsLockedOut) { if (requiresQuestionAndAnswer) { if (passwordAnswer == null || (!passwordAnswer.ToLower().Equals(user.PasswordAnswer))) { if (currentTimeUtc > user.FailedPasswordAnswerAttemptWindowStart.AddMinutes(passwordAttemptWindow)) { user.FailedPasswordAnswerAttemptCount = 1; user.FailedPasswordAnswerAttemptWindowStart = currentTimeUtc; } else { user.FailedPasswordAnswerAttemptCount++; user.FailedPasswordAnswerAttemptWindowStart = currentTimeUtc; } if (user.FailedPasswordAnswerAttemptCount > maxInvalidPasswordAttempts) { user.IsLockedOut = true; user.LastLockoutDate = currentTimeUtc; } status = 3; UpdateUser(user); } else { user.FailedPasswordAnswerAttemptCount = 0; user.FailedPasswordAnswerAttemptWindowStart = new DateTime(1754, 1, 1); UpdateUser(user); status = 0; passwordFormat = user.PasswordFormat; return user.Password; } } else { status = 0; passwordFormat = user.PasswordFormat; return user.Password; } } else { status = 99; } } else { status = 1; } passwordFormat = MembershipPasswordFormat.Clear; return null; } }}