Dev GuideAPI Reference
Dev GuideAPI ReferenceUser GuideLegal TermsGitHubDev CommunityOptimizely AcademySubmit a ticketLog In
Dev Guide

IAuthenticationService

Describes IAuthenticationService in Optimizely Configured Commerce.

Code Sample

[DependencyName(nameof(ChangePasswordWithToken))]
public sealed class ChangePasswordWithToken : HandlerBase<UpdateSessionParameter, UpdateSessionResult>
{
    private readonly Lazy<IAuthenticationService> authenticationService;
 
    public ChangePasswordWithToken(Lazy<IAuthenticationService> authenticationService)
    {
        this.authenticationService = authenticationService;
    }
 
    public override int Order => 800;
 
    public override UpdateSessionResult Execute(IUnitOfWork unitOfWork, UpdateSessionParameter parameter, UpdateSessionResult result)
    {
        if (parameter.ResetToken.IsBlank() || parameter.NewPassword.IsBlank())
        {
            return this.NextHandler.Execute(unitOfWork, parameter, result);
        }
 
        if (parameter.UserName.IsBlank())
        {
            return this.CreateErrorServiceResult(result, SubCode.AccountServiceUserProfileNotFound, MessageProvider.Current.User_Not_Found);
        }
 
        if (!this.authenticationService.Value.IsValidPassword(parameter.NewPassword))
        {
            return this.CreateErrorServiceResult(result, SubCode.AccountServicePasswordDoesNotMeetComplexity, MessageProvider.Current.ChangePasswordInfo_Password_Not_Meet_Requirements);
        }
 
        if (!this.authenticationService.Value.ResetPasswordForUser(parameter.UserName, parameter.NewPassword, parameter.ResetToken))
        {
            return this.CreateErrorServiceResult(result, SubCode.AccountServiceUnableToChangePassword, MessageProvider.Current.ChangePasswordInfo_Unable_To_Change_Password);
        }
 
        var userProfile = unitOfWork.GetTypedRepository<IUserProfileRepository>().GetByNaturalKey(parameter.UserName);
        if (userProfile == null)
        {
            return this.CreateErrorServiceResult(result, SubCode.AccountServiceAccountDoesNotExist, MessageProvider.Current.Forgot_Password_Error);
        }
 
        this.authenticationService.Value.UnlockUser(parameter.UserName);
 
        userProfile.PasswordChangedOn = DateTimeProvider.Current.Now;
        userProfile.IsPasswordChangeRequired = false;
        userProfile.ActivationStatus = UserActivationStatus.Activated.ToString();
 
        return this.NextHandler.Execute(unitOfWork, parameter, result);
    }
}

The example below is a handler that password data from a user resetting his or her current password to a new password. A reset token is expected, which is appended to the password reset URL previously generated using the IAuthenticationService.GeneratePasswordResetUrl method.

Example

  • True the supplied reset token is valid.

Returns

  • userName – The username to use when validating the reset token.
  • resetToken – The reset token to validate.

Parameters

bool VerifyPasswordResetTokenForUser(string userName, string resetToken)

Indicates whether or not the supplied reset token is valid.

VerifyPasswordResetTokenForUser(string, string)

  • True if the credentials are valid.

Returns

  • userName – The username to validate.
  • password – The password to validate.

Parameters

bool ValidateUser(string userName, string password)

Validates the specified user credentials.

ValidateUser(string, string)

  • True if the username is already being used by an existing user.

Returns

  • userName – The username to check against existing users.

Parameters

bool UserNameAlreadyExists(string userName)

Checks if a username is already being used by an existing user.

UserNameAlreadyExists(string)

  • An empty string if the update was successful. Otherwise, it returns a comma-delimited string of error messages that resulted from the update.

Returns

  • userName – The username of the user for which the email address should be updated.
  • email – The new email address for the user.

Parameters

string UpdateUser(string userName, string email)

Updates the email address for the user.

UpdateUser(string, string)

  • userName – The username of the user for which the account should be unlocked.

Parameters

void UnlockUser(string userName)

Unlocks the account for the user. The account should be locked out in order for this to work.

UnlockUser(string)

void SignOut()

Ends the currently authenticated user's session.

SignOut()

  • userName – The username of the user to authenticate.

Parameters

void SetUserAsAuthenticated(string userName)

Authenticates the specified user. This is used during impersonation, access token validation, and punchout session initialization.

SetUserAsAuthenticated(string)

  • True if the role exists in the application.

Returns

  • roleName – The name of the role to check for existence.

Parameters

bool RoleExists(string roleName)

Indicates whether or not the role exists in the application.

RoleExists(string)

  • True if the password change was successful.

Returns

  • userName – The username of the user for which the password should be changed.
  • newPassword – The new password to use for the user's account.
  • resetToken – The reset token generated previously for the user to change his or her password.

Parameters

bool ResetPasswordForUser(string userName, string newPassword, string resetToken)

Changes the password for a user, assuming the reset token is valid.

ResetPasswordForUser(string, string, string)

  • The new password for the user's account.

Returns

  • userName – The username of the user for which the password should be reset.

Parameters

string ResetPassword(string userName)

Resets the current user's password to a randomly-generated, valid password.

ResetPassword(string)

  • True if email addresses must be unique among all users.

Returns

bool RequiresUniqueEmail()

In regards to account creation, indicates whether or not email addresses must be unique among all users.

RequiresUniqueEmail()

  • True if a security question and answer are required.

Returns

bool RequiresQuestionAndAnswer()

In regards to account creation, indicates whether or not a security question and answer are required.

RequiresQuestionAndAnswer()

An empty string if the unassignment was successful. Otherwise, it returns a comma-delimited string of error messages that resulted from the unassignment.

Returns

  • userName – The username of the user for which to unassign the role.
  • roleName – The name of the role to unassign from the user.

Parameters

string RemoveUserFromRole(string userName, string roleName)

Unassigns the role from the user.

RemoveUserFromRole(string, string)

  • The minimum number of uppercase characters required for a valid password.

Returns

int MinRequiredUppercaseCharacters()

In regards to password complexity, returns the minimum number of uppercase characters required for a valid password.

MinRequiredUppercaseCharacters()

  • The minimum length required for a valid password.

Returns

int MinRequiredPasswordLength()

In regards to password complexity, returns the minimum length (total number of characters) required for a valid password.

MinRequiredPasswordLength()

  • The minimum number of non-alphanumeric characters required for a valid password.

Returns

int MinRequiredNonAlphanumericCharacters()

In regards to password complexity, returns the minimum number of non-alphanumeric characters required for a valid password.

MinRequiredNonAlphanumericCharacters()

  • The minimum number of lowercase characters required for a valid password.

Returns

int MinRequiredLowercaseCharacters()

In regards to password complexity, returns the minimum number of lowercase characters required for a valid password.

MinRequiredLowercaseCharacters()

  • The minimum number of digits required for a valid password.

Returns

int MinRequiredDigits()

In regards to password complexity, returns the minimum number of digits required for a valid password.

MinRequiredDigits()

  • userName – The username of the user to lock out.

Parameters

void LockUserOut(string userName)

Locks a user out of the application. For Admin Console users, this will apply to the Admin Console. For Storefront users, this will apply to the Storefront.

LockUserOut(string)

  • True if the password meets the complexity requirements.

Returns

  • password – The password to check for validity.

Parameters

bool IsValidPassword(string password)

Check a password to see if it meets complexity requirements.

IsValidPassword(string)

  • True if the role is assigned to the user.

Returns

  • userName – The username of the user for which to check for the role assignment.
  • roleName – The name of the role to check for the role assignment.

Parameters

bool IsUserInRole(string userName, string roleName)

Indicates whether or not the role is assigned to the user.

IsUserInRole(string, string)

  • True if the current user is locked out of the application.

Returns

  • userName – The username of the user for which to check the locked out status.

Parameters

bool IsLockedOut(string userName)

Returns whether or not the current user is locked out of the application. This can check the status of both Admin Console and Storefront users.

IsLockedOut(string)

  • True if the current user is currently authenticated.

Returns

bool IsAuthenticated()

Returns whether or not the current user is currently authenticated.

IsAuthenticated()

  • The roles assigned to a user.

Returns

  • userName – The username of the user for which to return assigned roles.

Parameters

IList<RoleDto> GetRolesForUser(string userName)

Gets the roles assigned to a user.

GetRolesForUser(string)

  • All users who have any of the specified roles assigned.

Returns

  • roles – The collection of rolenames to use when searching for users.

Parameters

IEnumerable<string> GetAllUsersWithRoles(IEnumerable<string> roles)

Returns all users who have any of the specified roles assigned.

GetAllUsersWithRoles(IEnumerable<string>)

Collection of available roles.

Returns

ReadOnlyCollection<RoleDto> GetAllRoles()

Returns all the roles available in the application.

GetAllRoles()

  • A password reset URL that includes a reset token.

Returns

  • userName – The user name of the user for which to generate a password reset URL.
  • isReset – True if the URL is for a password reset operation, otherwise for an account activation operation.

Parameters

string GeneratePasswordResetUrl(string userName, bool isReset)

Generates a password reset URL for the specified user. The user can use the URL to reset his or her account password.

GeneratePasswordResetUrl(string, bool)

  • A valid password.

Returns

string GeneratePassword()

Generates a valid password based on password complexity requirements.

GeneratePassword()

  • True if the email address is already being used.

Returns

  • email – The email address to check against existing users.

Parameters

bool EmailAlreadyExists(string email)

Checks if an email address is already being used by an existing user.

EmailAlreadyExists(string)

  • An empty string if the delete was successful. Otherwise, it returns a comma-delimited string of error messages that resulted from the delete.

Returns

  • userName – The username of the user to delete.

Parameters

string DeleteUser(string userName)

Deletes the specified user.

DeleteUser(string)

  • An empty string if the delete was successful. Otherwise, it returns a comma-delimited string of error messages that resulted from the delete.

Returns

  • roleName – The name of the role to delete.

Parameters

string DeleteRole(string roleName)

Deletes the specified role.

DeleteRole(string)

  • An empty string if the operation was successful. Otherwise, it returns a comma-delimited string of error messages that resulted from the operation.

Returns

  • userName – The username to use when creating the user.
  • email – The email address to use when creating the user.
  • password – The password to be used for the user's account.

Parameters

string CreateUser(string userName, string email, string password)

Creates a new user using the specified password.

CreateUser(string, string, string)

  • An empty string if the operation was successful. Otherwise, it returns a comma-delimited string of error messages that resulted from the operation.

Returns

  • userName – The username to use when creating the user.
  • email – The email address to use when creating the user.

Parameters

string CreateUser(string userName, string email)

Creates a new user without a password.

CreateUser(string, string)

  • An empty string if the assignment was successful. Otherwise, it returns a comma-delimited string of error messages that resulted from the operation.

Returns

  • roleName – The name of the role to create.

Parameters

string CreateRole(string roleName)

Creates a new role with the specified role name.

CreateRole(string)

  • True if the change was successful.

Returns

  • userName – The username of the user whose password should be changed.
  • oldPassword – The user's current password.
  • newPassword – The new password to be used for the user's account.

Parameters

bool ChangePassword(string userName, string oldPassword, string newPassword)

Changes the password for the specified user.

ChangePassword(string, string, string)

  • True if usernames are only allowed to contain alphanumeric characters.

Returns

bool AllowOnlyAlphanumericUserNames()

Indicates whether or not usernames for users are only allowed to contain alphanumeric characters.

AllowOnlyAlphanumericUserNames()

  • An empty string if the assignment was successful. Otherwise, it returns a comma-delimited string of error messages that resulted from the assignment.

Returns

  • userName – The username of the user who should be assigned the role.
  • roleName – The name of the role to assign to the user.

Parameters

string AddUserToRole(string userName, string roleName)

Assigns a role to a user.

AddUserToRole(string, string)

Methods

IIdentity Identity { get; }

Gets the identity for the currently authenticated user.

Identity

Properties

The Authentication abstraction layer.

Description