Code Sample
The example below is a handler that password data from a user resetting his or her current password to a new password. A reset token is expected, which is appended to the password reset URL previously generated using the IAuthenticationService.GeneratePasswordResetUrl method.
**Example**
True the supplied reset token is valid.
**Returns**
**userName** – The username to use when validating the reset token.
**resetToken** – The reset token to validate.
**Parameters**
Indicates whether or not the supplied reset token is valid.
## VerifyPasswordResetTokenForUser(string, string)
True if the credentials are valid.
**Returns**
**userName** – The username to validate.
**password** – The password to validate.
**Parameters**
Validates the specified user credentials.
## ValidateUser(string, string)
True if the username is already being used by an existing user.
**Returns**
**userName** – The username to check against existing users.
**Parameters**
Checks if a username is already being used by an existing user.
## UserNameAlreadyExists(string)
An empty string if the update was successful. Otherwise, it returns a comma-delimited string of error messages that resulted from the update.
**Returns**
**userName** – The username of the user for which the email address should be updated.
**email** – The new email address for the user.
**Parameters**
Updates the email address for the user.
## UpdateUser(string, string)
**userName** – The username of the user for which the account should be unlocked.
**Parameters**
Unlocks the account for the user. The account should be locked out in order for this to work.
## UnlockUser(string)
void SignOut()
Ends the currently authenticated user's session.
## SignOut()
**userName** – The username of the user to authenticate.
**Parameters**
Authenticates the specified user. This is used during impersonation, access token validation, and punchout session initialization.
## SetUserAsAuthenticated(string)
True if the role exists in the application.
**Returns**
**roleName** – The name of the role to check for existence.
**Parameters**
Indicates whether or not the role exists in the application.
## RoleExists(string)
True if the password change was successful.
**Returns**
**userName** – The username of the user for which the password should be changed.
**newPassword** – The new password to use for the user's account.
**resetToken** – The reset token generated previously for the user to change his or her password.
**Parameters**
Changes the password for a user, assuming the reset token is valid.
## ResetPasswordForUser(string, string, string)
The new password for the user's account.
**Returns**
**userName** – The username of the user for which the password should be reset.
**Parameters**
Resets the current user's password to a randomly-generated, valid password.
## ResetPassword(string)
True if email addresses must be unique among all users.
**Returns**
In regards to account creation, indicates whether or not email addresses must be unique among all users.
## RequiresUniqueEmail()
True if a security question and answer are required.
**Returns**
In regards to account creation, indicates whether or not a security question and answer are required.
## RequiresQuestionAndAnswer()
An empty string if the unassignment was successful. Otherwise, it returns a comma-delimited string of error messages that resulted from the unassignment.
**Returns**
**userName** – The username of the user for which to unassign the role.
**roleName** – The name of the role to unassign from the user.
**Parameters**
Unassigns the role from the user.
## RemoveUserFromRole(string, string)
The minimum number of uppercase characters required for a valid password.
**Returns**
In regards to password complexity, returns the minimum number of uppercase characters required for a valid password.
## MinRequiredUppercaseCharacters()
The minimum length required for a valid password.
**Returns**
In regards to password complexity, returns the minimum length (total number of characters) required for a valid password.
## MinRequiredPasswordLength()
The minimum number of non-alphanumeric characters required for a valid password.
**Returns**
In regards to password complexity, returns the minimum number of non-alphanumeric characters required for a valid password.
## MinRequiredNonAlphanumericCharacters()
The minimum number of lowercase characters required for a valid password.
**Returns**
In regards to password complexity, returns the minimum number of lowercase characters required for a valid password.
## MinRequiredLowercaseCharacters()
The minimum number of digits required for a valid password.
**Returns**
In regards to password complexity, returns the minimum number of digits required for a valid password.
## MinRequiredDigits()
**userName** – The username of the user to lock out.
**Parameters**
Locks a user out of the application. For Admin Console users, this will apply to the Admin Console. For Storefront users, this will apply to the Storefront.
## LockUserOut(string)
True if the password meets the complexity requirements.
**Returns**
**password** – The password to check for validity.
**Parameters**
Check a password to see if it meets complexity requirements.
## IsValidPassword(string)
True if the role is assigned to the user.
**Returns**
**userName** – The username of the user for which to check for the role assignment.
**roleName** – The name of the role to check for the role assignment.
**Parameters**
Indicates whether or not the role is assigned to the user.
## IsUserInRole(string, string)
True if the current user is locked out of the application.
**Returns**
**userName** – The username of the user for which to check the locked out status.
**Parameters**
Returns whether or not the current user is locked out of the application. This can check the status of both Admin Console and Storefront users.
## IsLockedOut(string)
True if the current user is currently authenticated.
**Returns**
Returns whether or not the current user is currently authenticated.
## IsAuthenticated()
The roles assigned to a user.
**Returns**
**userName** – The username of the user for which to return assigned roles.
**Parameters**
Gets the roles assigned to a user.
## GetRolesForUser(string)
All users who have any of the specified roles assigned.
**Returns**
**roles** – The collection of rolenames to use when searching for users.
**Parameters**
Returns all users who have any of the specified roles assigned.
## GetAllUsersWithRoles(IEnumerable\<string>)
Collection of available roles.
**Returns**
Returns all the roles available in the application.
## GetAllRoles()
A password reset URL that includes a reset token.
**Returns**
**userName** – The user name of the user for which to generate a password reset URL.
**isReset** – True if the URL is for a password reset operation, otherwise for an account activation operation.
**Parameters**
Generates a password reset URL for the specified user. The user can use the URL to reset his or her account password.
## GeneratePasswordResetUrl(string, bool)
A valid password.
**Returns**
Generates a valid password based on password complexity requirements.
## GeneratePassword()
True if the email address is already being used.
**Returns**
**email** – The email address to check against existing users.
**Parameters**
Checks if an email address is already being used by an existing user.
## EmailAlreadyExists(string)
An empty string if the delete was successful. Otherwise, it returns a comma-delimited string of error messages that resulted from the delete.
**Returns**
**userName** – The username of the user to delete.
**Parameters**
Deletes the specified user.
## DeleteUser(string)
An empty string if the delete was successful. Otherwise, it returns a comma-delimited string of error messages that resulted from the delete.
**Returns**
**roleName** – The name of the role to delete.
**Parameters**
Deletes the specified role.
## DeleteRole(string)
An empty string if the operation was successful. Otherwise, it returns a comma-delimited string of error messages that resulted from the operation.
**Returns**
**userName** – The username to use when creating the user.
**email** – The email address to use when creating the user.
**password** – The password to be used for the user's account.
**Parameters**
Creates a new user using the specified password.
## CreateUser(string, string, string)
An empty string if the operation was successful. Otherwise, it returns a comma-delimited string of error messages that resulted from the operation.
**Returns**
**userName** – The username to use when creating the user.
**email** – The email address to use when creating the user.
**Parameters**
Creates a new user without a password.
## CreateUser(string, string)
An empty string if the assignment was successful. Otherwise, it returns a comma-delimited string of error messages that resulted from the operation.
**Returns**
**roleName** – The name of the role to create.
**Parameters**
Creates a new role with the specified role name.
## CreateRole(string)
True if the change was successful.
**Returns**
**userName** – The username of the user whose password should be changed.
**oldPassword** – The user's current password.
**newPassword** – The new password to be used for the user's account.
**Parameters**
Changes the password for the specified user.
## ChangePassword(string, string, string)
True if usernames are only allowed to contain alphanumeric characters.
**Returns**
Indicates whether or not usernames for users are only allowed to contain alphanumeric characters.
## AllowOnlyAlphanumericUserNames()
An empty string if the assignment was successful. Otherwise, it returns a comma-delimited string of error messages that resulted from the assignment.
**Returns**
**userName** – The username of the user who should be assigned the role.
**roleName** – The name of the role to assign to the user.
**Parameters**
Assigns a role to a user.
## AddUserToRole(string, string)
## Methods
Gets the identity for the currently authenticated user.
### Identity
## Properties
The Authentication abstraction layer.