PasswordResetController Class

Connection string for the database. Can be null.

DbCommandTimeout is applied to SqlCommand objects created using CreateSqlCommand(). The DbCommandTimeout value is (normally) passed on to other controllers created by the controller. If DbCommandTimeout is Zero then the DB default will be used as timeout.

Consider using CreateCommand() instead of accessing DbConnection directly. DbConnection and DbTransaction are either specified when constucting the controller or the controller constructs them itself (by using ConnectionString) when calling DoInConnection or DoInTransaction. If the caller specified DbConnection and DbTransaction when constucting the controller then the caller is responsible for the management of the connection.

Consider using CreateCommand() instead of accessing DbTransaction directly. DbConnection and DbTransaction are either specified when constucting the controller or the controller constructs them itself (by using ConnectionString) when calling DoInConnection or DoInTransaction. If the caller specified DbConnection and DbTransaction when constucting the controller then the caller is responsible for the management of the connection.

Factory class for creating controller instances.

Builds a cache key for use with GetFromCacheIfPresent. The cache key is not hashed because we have experienced a collision using GetHashCode() ie. the cache keys are quite long and there is a price in dictionary size in memory and in dictionary lookups.

Checks for the PASSWORDRESET module key. Throws LicenseException if not present.

Checks that the active user is allowed to perform an CRUD operation on a specific configuration object. (note: except that a Create operation is not for a specific object). Throws a SecurityException if not. Method can be used for all configuration objects that are represented by a ConfigurationObjectType (except those that have a compound key). Method checks auth role security as well as whether it is allowed to modify builtin/feature package objects.

Checks that the active user is allowed to Create a new - or Update an existing configuration object. Throws a SecurityException if not. Method can be used for all configuration objects that are represented by a ConfigurationObjectType (except those that have a compound key). Method checks auth role security as well as whether it is allowed to modify builtin/feature package objects.

Check if the provided password fullfills the requirements of a specific password policy.

Converts the integer id of an object to its transport-safe unique id (UId).

Converts a string representation of an integer or Guid id to an integer id.

Converts the transport-safe unique id (UId) of an object to its integer id.

Converts the transport-safe unique ids (UId) of a number of objects to integer ids.

Converts the integer ids of a number of objects to their transport-safe unique ids (UId).

Create a new SqlBulkCopy instance using the connection, transaction and timeout values from the controller

Executes an action that doesn't return a result. If no current connection exists, it will establish a connection to the database and close it afterwards. An existing connection will be reused. Inside the action, the connection is available as DbConnection.

Executes an action that doesn't return a result. If no current connection exists, it will establish a connection to the database and close it afterwards. Connection and Transaction are passed to delegate, to allow passing to other controllers An existing connection will be reused. Inside the action, the connection is available as DbConnection. To ensure a new connection set forceNew to true.

Executes an action and returns the result. If no current connection exists, it will establish a connection to the database and close it afterwards. An existing connection will be reused. Inside the action, the connection is available as DbConnection.

Executes an action (that doesn't return a result) in a transaction. If no current connection and/or transaction exists, it will establish it and commit and close it afterwards. An existing connection/transaction will be reused. Inside the action, the connection is available as DbConnection and the transaction as DbTransaction.

Executes an action in a transaction and returns the result. If no current connection and/or transaction exists, it will establish it and commit and close it afterwards. An existing connection/transaction will be reused. Inside the action, the connection is available as DbConnection and the transaction as DbTransaction.

Executes an action in a transaction and returns the result. Connection and Transaction are passed to delegate, to allow passing to other controllers If no current connection and/or transaction exists, it will establish it and commit and close it afterwards. An existing connection/transaction will be reused. Set forceNew to true to ensure new connection and transaction Inside the action, the connection is available as DbConnection and the transaction as DbTransaction.

The method can postpone a SQL transaction implemented by action if the method returns a default number, eg. 0. If the the action method throws a SQL transitent error, then the next call to action is also postponed.

The method can postpone a method invocation if the previous call returned a default number, eg. 0.

Executes a query with a scalar result.

Returns all account resources for the systems with pw reset enabled

Returns the identity id, the first name and the last name of the provided identity. Used for the validating passwords if the policy states that those items are not allowed.

Returns the username, the first name and the last name of the provided user Used for the validating passwords if the policy states that those items are not allowed.

Returns all challenge questions as DataObjects

Gets the challenge questions for the password reset process. The function supports that identityId can be 0. Its used when we mimic that we found the identity but did not.

Get question ids and responses for a identity

(Inherited from ControllerBase.)

Retrieves some data from the cache or (if it is not there) executes an action and stores the result in the cache. Caching is not applied if the IgnoreCacheContext is used (depending on the parameter for it). Note: caching should only be used with great care as there are a number of potential issues involved in using it!

Gets the data version of an object.

Generates a SHA512 hash of the provided string for storing in the database. A random 4 byte salt is generated and prepended to the result.

(Inherited from ControllerBase.)

Increments the data version of an entity object. The data version is incremented in the db as well as on the object itself. Method is used to update the data version of an object when an aggregated object is created/modified/deleted. The purpose is to ensure that the id-based cache (in AppIdentity) is updated properly.

Increments the data version of an entity object in the db. Method is used to update the data version of an object when an aggregated object is created/modified/deleted. The purpose is to ensure that the id-based cache (in AppIdentity) is updated properly.

This method is called from the notification services optionally via a WebService

This method is called from the password reset web pages

Creates a temporary db table with a single column and populates it with values.

If the action throws a transient sql error, the exception is eaten. An entry is written to the log with level Information. The entire exception is written to the log with level Debug.

Clears existing challenge responses and adds the provided new ones

Converts/transfers one or more specified uids in a loadoptions object to ids. The purpose is to enable caching as IEntityObjectsLoadOptions.IdList only works with ids (and not uids).

Validates the provided responses. Responses are optionally converted to lowercase and trimmed according to the definition on the question

Validates that the data version of an object corresponds to the data version in the DB. Method is used for validation before saving an object.

Compares a clear text string with stored hash data. The stored hash data is already prepended with the salt and the method copies the salt value from there.

Used by the reset process to verify all the provided answers towards values provided in the enroll process.

The implementation of this delegate must execute the notify the user regarding the password reset result

The implementation of this delegate must execute the password reset for the account of the identity

The implementation of this delegate must send off one time passwords to the identity

The delegate is used to determine if a user is able to present his current password when he wants to change his password.

Converts object to boolean.

Converts object to DateTime.

Converts object to integer.