/mcs/class/System.Web/Test/standalone/sqlmembershipprovider/SqlMembershipProvider.cs
C# | 1795 lines | 1401 code | 311 blank | 83 comment | 234 complexity | f3af92b66ade79609aaf032f0fa6c2b8 MD5 | raw file
Possible License(s): GPL-2.0, Unlicense, MPL-2.0-no-copyleft-exception, CC-BY-SA-3.0
Large files files are truncated, but you can click here to view the full file
- //
- // System.Web.Security.SqlMembershipProvider
- //
- // Authors:
- // Ben Maurer (bmaurer@users.sourceforge.net)
- // Lluis Sanchez Gual (lluis@novell.com)
- // Chris Toshok (toshok@ximian.com)
- //
- // (C) 2003 Ben Maurer
- // Copyright (c) 2005,2006 Novell, Inc (http://www.novell.com)
- //
- // Permission is hereby granted, free of charge, to any person obtaining
- // a copy of this software and associated documentation files (the
- // "Software"), to deal in the Software without restriction, including
- // without limitation the rights to use, copy, modify, merge, publish,
- // distribute, sublicense, and/or sell copies of the Software, and to
- // permit persons to whom the Software is furnished to do so, subject to
- // the following conditions:
- //
- // The above copyright notice and this permission notice shall be
- // included in all copies or substantial portions of the Software.
- //
- // THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
- // EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
- // MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
- // NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
- // LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
- // OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
- // WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
- //
- #if NET_2_0
- using System;
- using System.Collections;
- using System.Collections.Specialized;
- using System.Configuration;
- using System.Configuration.Provider;
- using System.Data;
- using System.Data.Common;
- using System.Data.SqlClient;
- using System.Text;
- using System.Web.Configuration;
- using System.Security.Cryptography;
- using System.Web.Security;
- namespace Toshok.Web.Security {
- public class SqlMembershipProvider : MembershipProvider {
- const int SALT_BYTES = 16;
- DateTime DefaultDateTime = new DateTime (1754,1,1);
- bool enablePasswordReset;
- bool enablePasswordRetrieval;
- int maxInvalidPasswordAttempts;
- MembershipPasswordFormat passwordFormat;
- bool requiresQuestionAndAnswer;
- bool requiresUniqueEmail;
- int minRequiredNonAlphanumericCharacters;
- int minRequiredPasswordLength;
- int passwordAttemptWindow;
- string passwordStrengthRegularExpression;
- TimeSpan userIsOnlineTimeWindow;
- ConnectionStringSettings connectionString;
- DbProviderFactory factory;
- DbConnection connection;
- string applicationName;
-
- static object lockobj = new object();
- static byte ToHexValue (char c, bool high)
- {
- byte v;
- if (c >= '0' && c <= '9')
- v = (byte) (c - '0');
- else if (c >= 'a' && c <= 'f')
- v = (byte) (c - 'a' + 10);
- else if (c >= 'A' && c <= 'F')
- v = (byte) (c - 'A' + 10);
- else
- throw new ArgumentException ("Invalid hex character");
- if (high)
- v <<= 4;
- return v;
- }
- internal static byte [] GetBytes (string key, int len)
- {
- byte [] result = new byte [len / 2];
- for (int i = 0; i < len; i += 2)
- result [i / 2] = (byte) (ToHexValue (key [i], true) + ToHexValue (key [i + 1], false));
- return result;
- }
- SymmetricAlgorithm GetAlg (out byte[] decryptionKey)
- {
- MachineKeySection section = (MachineKeySection)WebConfigurationManager.GetSection ("system.web/machineKey");
- if (section.DecryptionKey.StartsWith ("AutoGenerate"))
- throw new ProviderException ("You must explicitly specify a decryption key in the <machineKey> section when using encrypted passwords.");
- string alg_type = section.Decryption;
- if (alg_type == "Auto")
- alg_type = "AES";
- SymmetricAlgorithm alg = null;
- if (alg_type == "AES")
- alg = Rijndael.Create ();
- else if (alg_type == "3DES")
- alg = TripleDES.Create ();
- else
- throw new ProviderException (String.Format ("Unsupported decryption attribute '{0}' in <machineKey> configuration section", alg_type));
- decryptionKey = GetBytes (section.DecryptionKey, section.DecryptionKey.Length);
- return alg;
- }
- internal string EncodePassword (string password, MembershipPasswordFormat passwordFormat, string salt)
- {
- byte[] password_bytes;
- byte[] salt_bytes;
- switch (passwordFormat) {
- case MembershipPasswordFormat.Clear:
- return password;
- case MembershipPasswordFormat.Hashed:
- password_bytes = Encoding.Unicode.GetBytes (password);
- salt_bytes = Convert.FromBase64String (salt);
- byte[] hashBytes = new byte[salt_bytes.Length + password_bytes.Length];
- Buffer.BlockCopy (salt_bytes, 0, hashBytes, 0, salt_bytes.Length);
- Buffer.BlockCopy (password_bytes, 0, hashBytes, salt_bytes.Length, password_bytes.Length);
- MembershipSection section = (MembershipSection)WebConfigurationManager.GetSection ("system.web/membership");
- string alg_type = section.HashAlgorithmType;
- if (alg_type == "") {
- MachineKeySection keysection = (MachineKeySection)WebConfigurationManager.GetSection ("system.web/machineKey");
- alg_type = keysection.Validation.ToString ();
- }
- using (HashAlgorithm hash = HashAlgorithm.Create (alg_type)) {
- hash.TransformFinalBlock (hashBytes, 0, hashBytes.Length);
- return Convert.ToBase64String (hash.Hash);
- }
- case MembershipPasswordFormat.Encrypted:
- password_bytes = Encoding.Unicode.GetBytes (password);
- salt_bytes = Convert.FromBase64String (salt);
- byte[] buf = new byte[password_bytes.Length + salt_bytes.Length];
- Array.Copy (salt_bytes, 0, buf, 0, salt_bytes.Length);
- Array.Copy (password_bytes, 0, buf, salt_bytes.Length, password_bytes.Length);
- return Convert.ToBase64String (EncryptPassword (buf));
- default:
- /* not reached.. */
- return null;
- }
- }
- internal string DecodePassword (string password, MembershipPasswordFormat passwordFormat)
- {
- switch (passwordFormat) {
- case MembershipPasswordFormat.Clear:
- return password;
- case MembershipPasswordFormat.Hashed:
- throw new ProviderException ("Hashed passwords cannot be decoded.");
- case MembershipPasswordFormat.Encrypted:
- return Encoding.Unicode.GetString (DecryptPassword (Convert.FromBase64String (password)));
- default:
- /* not reached.. */
- return null;
- }
- }
- internal static DbProviderFactory GetDbProviderFactory (string providerName)
- {
- DbProviderFactory f = null;
- if (providerName != null && providerName != "") {
- try {
- f = DbProviderFactories.GetFactory(providerName);
- }
- catch (Exception e) { Console.WriteLine (e); /* nada */ }
- if (f != null)
- return f;
- }
- return SqlClientFactory.Instance;
- }
- void InitConnection ()
- {
- if (connection == null) {
- lock (lockobj) {
- if (connection != null)
- return;
- factory = GetDbProviderFactory (connectionString.ProviderName);
- connection = factory.CreateConnection();
- connection.ConnectionString = connectionString.ConnectionString;
- connection.Open ();
- }
- }
- }
- void AddParameter (DbCommand command, string parameterName, string parameterValue)
- {
- DbParameter dbp = command.CreateParameter ();
- dbp.ParameterName = parameterName;
- dbp.Value = parameterValue;
- dbp.Direction = ParameterDirection.Input;
- command.Parameters.Add (dbp);
- }
- void CheckParam (string pName, string p, int length)
- {
- if (p == null)
- throw new ArgumentNullException (pName);
- if (p.Length == 0 || p.Length > length || p.IndexOf (",") != -1)
- throw new ArgumentException (String.Format ("invalid format for {0}", pName));
- }
- protected override byte[] DecryptPassword (byte[] encodedPassword)
- {
- byte[] decryptionKey;
- SymmetricAlgorithm alg = GetAlg (out decryptionKey);
- alg.Key = decryptionKey;
- ICryptoTransform decryptor = alg.CreateDecryptor ();
- byte[] buf = decryptor.TransformFinalBlock (encodedPassword, 0, encodedPassword.Length);
- byte[] rv = new byte[buf.Length - SALT_BYTES];
- Array.Copy (buf, 16, rv, 0, buf.Length - 16);
- return rv;
- }
- protected override byte[] EncryptPassword (byte[] password)
- {
- byte[] decryptionKey;
- byte[] iv = new byte[SALT_BYTES];
- Array.Copy (password, 0, iv, 0, SALT_BYTES);
- Array.Clear (password, 0, SALT_BYTES);
- SymmetricAlgorithm alg = GetAlg (out decryptionKey);
- ICryptoTransform encryptor = alg.CreateEncryptor (decryptionKey, iv);
- return encryptor.TransformFinalBlock (password, 0, password.Length);
- }
- public override bool ChangePassword (string username, string oldPwd, string newPwd)
- {
- if (username != null) username = username.Trim ();
- if (oldPwd != null) oldPwd = oldPwd.Trim ();
- if (newPwd != null) newPwd = newPwd.Trim ();
- CheckParam ("username", username, 256);
- CheckParam ("oldPwd", oldPwd, 128);
- CheckParam ("newPwd", newPwd, 128);
- MembershipUser user = GetUser (username, false);
- if (user == null) throw new ProviderException ("could not find user in membership database");
- if (user.IsLockedOut) throw new MembershipPasswordException ("user is currently locked out");
- InitConnection();
- DbTransaction trans = connection.BeginTransaction ();
- string commandText;
- DbCommand command;
- try {
- MembershipPasswordFormat passwordFormat;
- string db_salt;
- bool valid = ValidateUsingPassword (trans, username, oldPwd, out passwordFormat, out db_salt);
- if (valid) {
- EmitValidatingPassword (username, newPwd, false);
- string db_password = EncodePassword (newPwd, passwordFormat, db_salt);
- DateTime now = DateTime.Now.ToUniversalTime ();
- commandText = @"
- UPDATE m
- SET Password = @Password,
- FailedPasswordAttemptCount = 0,
- FailedPasswordAttemptWindowStart = @DefaultDateTime,
- LastPasswordChangedDate = @Now
- FROM dbo.aspnet_Membership m, dbo.aspnet_Users u, dbo.aspnet_Applications a
- WHERE m.ApplicationId = a.ApplicationId
- AND u.ApplicationId = a.ApplicationId
- AND m.UserId = u.UserId
- AND u.LoweredUserName = LOWER(@UserName)
- AND a.LoweredApplicationName = LOWER(@ApplicationName)";
- command = factory.CreateCommand ();
- command.Transaction = trans;
- command.CommandText = commandText;
- command.Connection = connection;
- command.CommandType = CommandType.Text;
- AddParameter (command, "UserName", user.UserName);
- AddParameter (command, "Now", now.ToString ());
- AddParameter (command, "Password", db_password);
- AddParameter (command, "ApplicationName", ApplicationName);
- AddParameter (command, "DefaultDateTime", DefaultDateTime.ToString());
- if (1 != (int)command.ExecuteNonQuery ())
- throw new ProviderException ("failed to update Membership table");
- }
- trans.Commit ();
- return valid;
- }
- catch (ProviderException) {
- trans.Rollback ();
- throw;
- }
- catch (Exception e) {
- trans.Rollback ();
- throw new ProviderException ("error changing password", e);
- }
- }
-
- public override bool ChangePasswordQuestionAndAnswer (string username, string password, string newPwdQuestion, string newPwdAnswer)
- {
- if (username != null) username = username.Trim ();
- if (newPwdQuestion != null) newPwdQuestion = newPwdQuestion.Trim ();
- if (newPwdAnswer != null) newPwdAnswer = newPwdAnswer.Trim ();
- CheckParam ("username", username, 256);
- if (RequiresQuestionAndAnswer)
- CheckParam ("newPwdQuestion", newPwdQuestion, 128);
- if (RequiresQuestionAndAnswer)
- CheckParam ("newPwdAnswer", newPwdAnswer, 128);
- MembershipUser user = GetUser (username, false);
- if (user == null) throw new ProviderException ("could not find user in membership database");
- if (user.IsLockedOut) throw new MembershipPasswordException ("user is currently locked out");
- InitConnection();
- DbTransaction trans = connection.BeginTransaction ();
- string commandText;
- DbCommand command;
- try {
- MembershipPasswordFormat passwordFormat;
- string db_salt;
- bool valid = ValidateUsingPassword (trans, username, password, out passwordFormat, out db_salt);
- if (valid) {
- string db_passwordAnswer = EncodePassword (newPwdAnswer, passwordFormat, db_salt);
- commandText = @"
- UPDATE m
- SET PasswordQuestion = @PasswordQuestion,
- PasswordAnswer = @PasswordAnswer,
- FailedPasswordAttemptCount = 0,
- FailedPasswordAttemptWindowStart = @DefaultDateTime,
- FailedPasswordAnswerAttemptCount = 0,
- FailedPasswordAnswerAttemptWindowStart = @DefaultDateTime
- FROM dbo.aspnet_Membership m, dbo.aspnet_Users u, dbo.aspnet_Applications a
- WHERE m.ApplicationId = a.ApplicationId
- AND u.ApplicationId = a.ApplicationId
- AND m.UserId = u.UserId
- AND u.LoweredUserName = LOWER(@UserName)
- AND a.LoweredApplicationName = LOWER(@ApplicationName)";
- command = factory.CreateCommand ();
- command.Transaction = trans;
- command.CommandText = commandText;
- command.Connection = connection;
- command.CommandType = CommandType.Text;
- AddParameter (command, "UserName", user.UserName);
- AddParameter (command, "PasswordQuestion", newPwdQuestion);
- AddParameter (command, "PasswordAnswer", db_passwordAnswer);
- AddParameter (command, "ApplicationName", ApplicationName);
- AddParameter (command, "DefaultDateTime", DefaultDateTime.ToString());
- if (1 != (int)command.ExecuteNonQuery ())
- throw new ProviderException ("failed to update Membership table");
- }
- trans.Commit ();
- return valid;
- }
- catch (ProviderException) {
- trans.Rollback ();
- throw;
- }
- catch (Exception e) {
- trans.Rollback ();
- throw new ProviderException ("error changing password question and answer", e);
- }
- }
-
- public override MembershipUser CreateUser (string username,
- string password,
- string email,
- string pwdQuestion,
- string pwdAnswer,
- bool isApproved,
- object providerUserKey,
- out MembershipCreateStatus status)
- {
- if (username != null) username = username.Trim ();
- if (password != null) password = password.Trim ();
- if (email != null) email = email.Trim ();
- if (pwdQuestion != null) pwdQuestion = pwdQuestion.Trim ();
- if (pwdAnswer != null) pwdAnswer = pwdAnswer.Trim ();
- /* some initial validation */
- if (username == null || username.Length == 0 || username.Length > 256 || username.IndexOf (",") != -1) {
- status = MembershipCreateStatus.InvalidUserName;
- return null;
- }
- if (password == null || password.Length == 0 || password.Length > 128) {
- status = MembershipCreateStatus.InvalidPassword;
- return null;
- }
- if (RequiresUniqueEmail && (email == null || email.Length == 0)) {
- status = MembershipCreateStatus.InvalidEmail;
- return null;
- }
- if (RequiresQuestionAndAnswer &&
- (pwdQuestion == null ||
- pwdQuestion.Length == 0 || pwdQuestion.Length > 256)) {
- status = MembershipCreateStatus.InvalidQuestion;
- return null;
- }
- if (RequiresQuestionAndAnswer &&
- (pwdAnswer == null ||
- pwdAnswer.Length == 0 || pwdAnswer.Length > 128)) {
- status = MembershipCreateStatus.InvalidAnswer;
- return null;
- }
- if (providerUserKey != null && ! (providerUserKey is Guid)) {
- status = MembershipCreateStatus.InvalidProviderUserKey;
- return null;
- }
- /* encode our password/answer using the
- * "passwordFormat" configuration option */
- string passwordSalt = "";
- RandomNumberGenerator rng = RandomNumberGenerator.Create ();
- byte[] salt = new byte[SALT_BYTES];
- rng.GetBytes (salt);
- passwordSalt = Convert.ToBase64String (salt);
- password = EncodePassword (password, PasswordFormat, passwordSalt);
- if (RequiresQuestionAndAnswer)
- pwdAnswer = EncodePassword (pwdAnswer, PasswordFormat, passwordSalt);
- /* make sure the hashed/encrypted password and
- * answer are still under 128 characters. */
- if (password.Length > 128) {
- status = MembershipCreateStatus.InvalidPassword;
- return null;
- }
- if (RequiresQuestionAndAnswer) {
- if (pwdAnswer.Length > 128) {
- status = MembershipCreateStatus.InvalidAnswer;
- return null;
- }
- }
- InitConnection();
- DbTransaction trans = connection.BeginTransaction ();
- string commandText;
- DbCommand command;
- try {
- Guid applicationId;
- Guid userId;
- /* get the application id since it seems that inside transactions we
- can't insert using subqueries.. */
- commandText = @"
- SELECT ApplicationId
- FROM dbo.aspnet_Applications
- WHERE dbo.aspnet_Applications.LoweredApplicationName = LOWER(@ApplicationName)
- ";
- command = factory.CreateCommand ();
- command.Transaction = trans;
- command.CommandText = commandText;
- command.Connection = connection;
- command.CommandType = CommandType.Text;
- AddParameter (command, "ApplicationName", ApplicationName);
- DbDataReader reader = command.ExecuteReader ();
- reader.Read ();
- applicationId = reader.GetGuid (0);
- reader.Close ();
- /* check for unique username, email and
- * provider user key, if applicable */
- commandText = @"
- SELECT COUNT(*)
- FROM dbo.aspnet_Users u, dbo.aspnet_Applications a
- WHERE u.LoweredUserName = LOWER(@UserName)
- AND u.ApplicationId = a.ApplicationId
- AND a.LoweredApplicationName = LOWER(@ApplicationName)";
- command = factory.CreateCommand ();
- command.Transaction = trans;
- command.CommandText = commandText;
- command.Connection = connection;
- command.CommandType = CommandType.Text;
- AddParameter (command, "UserName", username);
- AddParameter (command, "ApplicationName", ApplicationName);
- if (0 != (int)command.ExecuteScalar()) {
- status = MembershipCreateStatus.DuplicateUserName;
- trans.Rollback ();
- return null;
- }
- if (requiresUniqueEmail) {
- commandText = @"
- SELECT COUNT(*)
- FROM dbo.aspnet_Membership, dbo.aspnet_Applications
- WHERE dbo.aspnet_Membership.Email = @Email
- AND dbo.aspnet_Membership.ApplicationId = dbo.aspnet_Applications.ApplicationId
- AND dbo.aspnet_Applications.LoweredApplicationName = LOWER(@ApplicationName)";
- command = factory.CreateCommand ();
- command.Transaction = trans;
- command.CommandText = commandText;
- command.Connection = connection;
- command.CommandType = CommandType.Text;
- AddParameter (command, "Email", email);
- AddParameter (command, "ApplicationName", ApplicationName);
- if (0 != (int)command.ExecuteScalar()) {
- status = MembershipCreateStatus.DuplicateEmail;
- trans.Rollback ();
- return null;
- }
- }
- if (providerUserKey != null) {
- commandText = @"
- SELECT COUNT(*)
- FROM dbo.aspnet_Membership, dbo.aspnet_Applications
- WHERE dbo.aspnet_Membership.UserId = @ProviderUserKey
- AND dbo.aspnet_Membership.ApplicationId = dbo.aspnet_Applications.ApplicationId
- AND dbo.aspnet_Applications.LoweredApplicationName = LOWER(@ApplicationName)";
- command = factory.CreateCommand ();
- command.Transaction = trans;
- command.CommandText = commandText;
- command.Connection = connection;
- command.CommandType = CommandType.Text;
- AddParameter (command, "Email", email);
- AddParameter (command, "ApplicationName", ApplicationName);
- if (0 != (int)command.ExecuteScalar()) {
- status = MembershipCreateStatus.DuplicateProviderUserKey;
- trans.Rollback ();
- return null;
- }
- }
- /* first into the Users table */
- commandText = @"
- INSERT into dbo.aspnet_Users (ApplicationId, UserId, UserName, LoweredUserName, LastActivityDate)
- VALUES (@ApplicationId, NEWID(), @UserName, LOWER(@UserName), GETDATE())
- ";
- command = factory.CreateCommand ();
- command.Transaction = trans;
- command.CommandText = commandText;
- command.Connection = connection;
- command.CommandType = CommandType.Text;
- AddParameter (command, "UserName", username);
- AddParameter (command, "ApplicationId", applicationId.ToString());
- if (command.ExecuteNonQuery() != 1) {
- status = MembershipCreateStatus.UserRejected; /* XXX */
- trans.Rollback ();
- return null;
- }
- /* then get the newly created userid */
- commandText = @"
- SELECT UserId
- FROM dbo.aspnet_Users
- WHERE dbo.aspnet_Users.LoweredUserName = LOWER(@UserName)
- ";
- command = factory.CreateCommand ();
- command.Transaction = trans;
- command.CommandText = commandText;
- command.Connection = connection;
- command.CommandType = CommandType.Text;
- AddParameter (command, "UserName", username);
- reader = command.ExecuteReader ();
- reader.Read ();
- userId = reader.GetGuid (0);
- reader.Close ();
- /* then insert into the Membership table */
- commandText = String.Format (@"
- INSERT into dbo.aspnet_Membership
- VALUES (@ApplicationId,
- @UserId,
- @Password, @PasswordFormat, @PasswordSalt,
- NULL,
- {0}, {1},
- {2}, {3},
- 0, 0,
- GETDATE(), GETDATE(), @DefaultDateTime,
- @DefaultDateTime,
- 0, @DefaultDateTime, 0, @DefaultDateTime, NULL)",
- email == null ? "NULL" : "@Email",
- email == null ? "NULL" : "LOWER(@Email)",
- pwdQuestion == null ? "NULL" : "@PasswordQuestion",
- pwdAnswer == null ? "NULL" : "@PasswordAnswer");
- command = factory.CreateCommand ();
- command.Transaction = trans;
- command.CommandText = commandText;
- command.Connection = connection;
- command.CommandType = CommandType.Text;
- AddParameter (command, "ApplicationId", applicationId.ToString());
- AddParameter (command, "UserId", userId.ToString());
- if (email != null)
- AddParameter (command, "Email", email);
- AddParameter (command, "Password", password);
- AddParameter (command, "PasswordFormat", ((int)PasswordFormat).ToString());
- AddParameter (command, "PasswordSalt", passwordSalt);
- if (pwdQuestion != null)
- AddParameter (command, "PasswordQuestion", pwdQuestion);
- if (pwdAnswer != null)
- AddParameter (command, "PasswordAnswer", pwdAnswer);
- AddParameter (command, "DefaultDateTime", DefaultDateTime.ToString());
- if (command.ExecuteNonQuery() != 1) {
- status = MembershipCreateStatus.UserRejected; /* XXX */
- return null;
- }
- trans.Commit ();
- status = MembershipCreateStatus.Success;
- return GetUser (username, false);
- }
- catch {
- status = MembershipCreateStatus.ProviderError;
- trans.Rollback ();
- return null;
- }
- }
-
- public override bool DeleteUser (string username, bool deleteAllRelatedData)
- {
- CheckParam ("username", username, 256);
- if (deleteAllRelatedData) {
- /* delete everything from the
- * following features as well:
- *
- * Roles
- * Profile
- * WebParts Personalization
- */
- }
- DbTransaction trans = connection.BeginTransaction ();
- DbCommand command;
- string commandText;
- InitConnection();
- try {
- /* delete from the Membership table */
- commandText = @"
- DELETE dbo.aspnet_Membership
- FROM dbo.aspnet_Membership, dbo.aspnet_Users, dbo.aspnet_Applications
- WHERE dbo.aspnet_Membership.UserId = dbo.aspnet_Users.UserId
- AND dbo.aspnet_Membership.ApplicationId = dbo.aspnet_Applications.ApplicationId
- AND dbo.aspnet_Users.LoweredUserName = LOWER (@UserName)
- AND dbo.aspnet_Users.ApplicationId = dbo.aspnet_Applications.ApplicationId
- AND dbo.aspnet_Applications.LoweredApplicationName = LOWER(@ApplicationName)";
- command = factory.CreateCommand ();
- command.Transaction = trans;
- command.CommandText = commandText;
- command.Connection = connection;
- command.CommandType = CommandType.Text;
- AddParameter (command, "UserName", username);
- AddParameter (command, "ApplicationName", ApplicationName);
- if (1 != command.ExecuteNonQuery())
- throw new ProviderException ("failed to delete from Membership table");
- /* delete from the User table */
- commandText = @"
- DELETE dbo.aspnet_Users
- FROM dbo.aspnet_Users, dbo.aspnet_Applications
- WHERE dbo.aspnet_Users.LoweredUserName = LOWER (@UserName)
- AND dbo.aspnet_Users.ApplicationId = dbo.aspnet_Applications.ApplicationId
- AND dbo.aspnet_Applications.LoweredApplicationName = LOWER(@ApplicationName)";
- command = factory.CreateCommand ();
- command.Transaction = trans;
- command.CommandText = commandText;
- command.Connection = connection;
- command.CommandType = CommandType.Text;
- AddParameter (command, "UserName", username);
- AddParameter (command, "ApplicationName", ApplicationName);
- if (1 != command.ExecuteNonQuery())
- throw new ProviderException ("failed to delete from User table");
- trans.Commit ();
- return true;
- }
- catch {
- trans.Rollback ();
- return false;
- }
- }
-
- public virtual string GeneratePassword ()
- {
- return Membership.GeneratePassword (minRequiredPasswordLength, minRequiredNonAlphanumericCharacters);
- }
-
- public override MembershipUserCollection FindUsersByEmail (string emailToMatch, int pageIndex, int pageSize, out int totalRecords)
- {
- CheckParam ("emailToMatch", emailToMatch, 256);
- if (pageIndex < 0)
- throw new ArgumentException ("pageIndex must be >= 0");
- if (pageSize < 0)
- throw new ArgumentException ("pageSize must be >= 0");
- if (pageIndex * pageSize + pageSize - 1 > Int32.MaxValue)
- throw new ArgumentException ("pageIndex and pageSize are too large");
- string commandText;
- InitConnection();
- commandText = @"
- SELECT u.UserName, m.UserId, m.Email, m.PasswordQuestion, m.Comment, m.IsApproved,
- m.IsLockedOut, m.CreateDate, m.LastLoginDate, u.LastActivityDate,
- m.LastPasswordChangedDate, m.LastLockoutDate
- FROM dbo.aspnet_Membership m, dbo.aspnet_Applications a, dbo.aspnet_Users u
- WHERE m.ApplicationId = a.ApplicationId
- AND u.ApplicationId = a.ApplicationId
- AND m.UserId = u.UserId
- AND m.Email LIKE @Email
- AND a.LoweredApplicationName = LOWER(@ApplicationName)";
- DbCommand command = factory.CreateCommand ();
- command.CommandText = commandText;
- command.Connection = connection;
- command.CommandType = CommandType.Text;
- AddParameter (command, "Email", emailToMatch);
- AddParameter (command, "ApplicationName", ApplicationName);
- MembershipUserCollection c = BuildMembershipUserCollection (command, pageIndex, pageSize, out totalRecords);
- return c;
- }
- public override MembershipUserCollection FindUsersByName (string nameToMatch, int pageIndex, int pageSize, out int totalRecords)
- {
- CheckParam ("nameToMatch", nameToMatch, 256);
- if (pageIndex < 0)
- throw new ArgumentException ("pageIndex must be >= 0");
- if (pageSize < 0)
- throw new ArgumentException ("pageSize must be >= 0");
- if (pageIndex * pageSize + pageSize - 1 > Int32.MaxValue)
- throw new ArgumentException ("pageIndex and pageSize are too large");
- string commandText;
- InitConnection();
- commandText = @"
- SELECT u.UserName, m.UserId, m.Email, m.PasswordQuestion, m.Comment, m.IsApproved,
- m.IsLockedOut, m.CreateDate, m.LastLoginDate, u.LastActivityDate,
- m.LastPasswordChangedDate, m.LastLockoutDate
- FROM dbo.aspnet_Membership m, dbo.aspnet_Applications a, dbo.aspnet_Users u
- WHERE m.ApplicationId = a.ApplicationId
- AND u.ApplicationId = a.ApplicationId
- AND m.UserId = u.UserId
- AND u.UserName LIKE @UserName
- AND a.LoweredApplicationName = LOWER(@ApplicationName)";
- DbCommand command = factory.CreateCommand ();
- command.CommandText = commandText;
- command.Connection = connection;
- command.CommandType = CommandType.Text;
- AddParameter (command, "UserName", nameToMatch);
- AddParameter (command, "ApplicationName", ApplicationName);
- MembershipUserCollection c = BuildMembershipUserCollection (command, pageIndex, pageSize, out totalRecords);
- return c;
- }
-
- public override MembershipUserCollection GetAllUsers (int pageIndex, int pageSize, out int totalRecords)
- {
- if (pageIndex < 0)
- throw new ArgumentException ("pageIndex must be >= 0");
- if (pageSize < 0)
- throw new ArgumentException ("pageSize must be >= 0");
- if (pageIndex * pageSize + pageSize - 1 > Int32.MaxValue)
- throw new ArgumentException ("pageIndex and pageSize are too large");
- string commandText;
- InitConnection();
- commandText = @"
- SELECT u.UserName, m.UserId, m.Email, m.PasswordQuestion, m.Comment, m.IsApproved,
- m.IsLockedOut, m.CreateDate, m.LastLoginDate, u.LastActivityDate,
- m.LastPasswordChangedDate, m.LastLockoutDate
- FROM dbo.aspnet_Membership m, dbo.aspnet_Applications a, dbo.aspnet_Users u
- WHERE m.ApplicationId = a.ApplicationId
- AND u.ApplicationId = a.ApplicationId
- AND m.UserId = u.UserId
- AND a.LoweredApplicationName = LOWER(@ApplicationName)";
- DbCommand command = factory.CreateCommand ();
- command.CommandText = commandText;
- command.Connection = connection;
- command.CommandType = CommandType.Text;
- AddParameter (command, "ApplicationName", ApplicationName);
- MembershipUserCollection c = BuildMembershipUserCollection (command, pageIndex, pageSize, out totalRecords);
- return c;
- }
- MembershipUserCollection BuildMembershipUserCollection (DbCommand command, int pageIndex, int pageSize, out int totalRecords)
- {
- DbDataReader reader = null;
- try {
- int num_read = 0;
- int num_added = 0;
- int num_to_skip = pageIndex * pageSize;
- MembershipUserCollection users = new MembershipUserCollection ();
- reader = command.ExecuteReader ();
- while (reader.Read()) {
- if (num_read >= num_to_skip) {
- if (num_added < pageSize) {
- users.Add (GetUserFromReader (reader));
- num_added ++;
- }
- num_read ++;
- }
- }
- totalRecords = num_read;
- return users;
- }
- catch {
- totalRecords = 0;
- return null; /* should we let the exception through? */
- }
- finally {
- if (reader != null)
- reader.Close();
- }
- }
-
-
- public override int GetNumberOfUsersOnline ()
- {
- string commandText;
- InitConnection();
- DateTime now = DateTime.Now.ToUniversalTime ();
- commandText = String.Format (@"
- SELECT COUNT (*)
- FROM dbo.aspnet_Membership m, dbo.aspnet_Applications a, dbo.aspnet_Users u
- WHERE m.ApplicationId = a.ApplicationId
- AND u.ApplicationId = a.ApplicationId
- AND m.UserId = u.UserId
- AND DATEADD(minute,{0},u.LastActivityDate) >= @Now
- AND a.LoweredApplicationName = LOWER(@ApplicationName)",
- userIsOnlineTimeWindow.Minutes);
- DbCommand command = factory.CreateCommand ();
- command.CommandText = commandText;
- command.Connection = connection;
- command.CommandType = CommandType.Text;
- AddParameter (command, "Now", now.ToString ());
- AddParameter (command, "ApplicationName", ApplicationName);
- try {
- return (int)command.ExecuteScalar ();
- }
- catch (Exception e) {
- Console.WriteLine (e);
- return -1;
- }
- }
-
- public override string GetPassword (string username, string answer)
- {
- if (!enablePasswordRetrieval)
- throw new NotSupportedException ("this provider has not been configured to allow the retrieval of passwords");
- CheckParam ("username", username, 256);
- if (RequiresQuestionAndAnswer)
- CheckParam ("answer", answer, 128);
- MembershipUser user = GetUser (username, false);
- if (user == null) throw new ProviderException ("could not find user in membership database");
- if (user.IsLockedOut) throw new MembershipPasswordException ("user is currently locked out");
- InitConnection();
- DbTransaction trans = connection.BeginTransaction ();
- try {
- MembershipPasswordFormat passwordFormat;
- string salt;
- string password = null;
- if (ValidateUsingPasswordAnswer (trans, username, answer,
- out passwordFormat, out salt)) {
- /* if the validation succeeds:
- set LastLoginDate to DateTime.Now
- set FailedPasswordAnswerAttemptCount to 0
- set FailedPasswordAnswerAttemptWindowStart to DefaultDateTime
- */
- string commandText = @"
- SELECT m.Password
- FROM dbo.aspnet_Membership m, dbo.aspnet_Applications a, dbo.aspnet_Users u
- WHERE m.ApplicationId = a.ApplicationId
- AND u.ApplicationId = a.ApplicationId
- AND m.UserId = u.UserId
- AND u.LoweredUserName = LOWER(@UserName)
- AND a.LoweredApplicationName = LOWER(@ApplicationName)";
- DbCommand command = factory.CreateCommand ();
- command.Transaction = trans;
- command.CommandText = commandText;
- command.Connection = connection;
- command.CommandType = CommandType.Text;
- AddParameter (command, "UserName", username);
- AddParameter (command, "ApplicationName", ApplicationName);
- DbDataReader reader = command.ExecuteReader ();
- reader.Read ();
- password = reader.GetString (0);
- reader.Close();
- password = DecodePassword (password, passwordFormat);
- }
- else {
- throw new MembershipPasswordException ("The password-answer supplied is wrong.");
- }
- trans.Commit ();
- return password;
- }
- catch (MembershipPasswordException) {
- trans.Commit ();
- throw;
- }
- catch {
- trans.Rollback ();
- throw;
- }
- }
- MembershipUser GetUserFromReader (DbDataReader reader)
- {
- return new MembershipUser (this.Name, /* XXX is this right? */
- reader.GetString (0), /* name */
- reader.GetGuid (1), /* providerUserKey */
- reader.IsDBNull (2) ? null : reader.GetString (2), /* email */
- reader.IsDBNull (3) ? null : reader.GetString (3), /* passwordQuestion */
- reader.IsDBNull (4) ? null : reader.GetString (4), /* comment */
- reader.GetBoolean (5), /* isApproved */
- reader.GetBoolean (6), /* isLockedOut */
- reader.GetDateTime (7).ToLocalTime (), /* creationDate */
- reader.GetDateTime (8).ToLocalTime (), /* lastLoginDate */
- reader.GetDateTime (9).ToLocalTime (), /* lastActivityDate */
- reader.GetDateTime (10).ToLocalTime (), /* lastPasswordChangedDate */
- reader.GetDateTime (11).ToLocalTime () /* lastLockoutDate */);
- }
- MembershipUser BuildMembershipUser (DbCommand query, bool userIsOnline)
- {
- DbDataReader reader = null;
- try {
- reader = query.ExecuteReader ();
- if (!reader.Read ())
- return null;
- MembershipUser user = GetUserFromReader (reader);
- if (user != null && userIsOnline) {
- string commandText;
- DbCommand command;
- commandText = @"
- UPDATE dbo.aspnet_Users u, dbo.aspnet_Application a
- SET u.LastActivityDate = GETDATE()
- WHERE u.ApplicationId = a.ApplicationId
- AND u.UserName = @UserName
- AND a.LoweredApplicationName = LOWER(@ApplicationName)";
- command = factory.CreateCommand ();
- command.CommandText = commandText;
- command.Connection = connection;
- command.CommandType = CommandType.Text;
- AddParameter (command, "UserName", user.UserName);
- AddParameter (command, "ApplicationName", ApplicationName);
- command.ExecuteNonQuery();
- }
- return user;
- }
- catch {
- return null; /* should we let the exception through? */
- }
- finally {
- if (reader != null)
- reader.Close ();
- }
- }
- public override MembershipUser GetUser (string username, bool userIsOnline)
- {
- CheckParam ("username", username, 256);
- string commandText;
- DbCommand command;
- InitConnection();
- commandText = @"
- SELECT u.UserName, m.UserId, m.Email, m.PasswordQuestion, m.Comment, m.IsApproved,
- m.IsLockedOut, m.CreateDate, m.LastLoginDate, u.LastActivityDate,
- m.LastPasswordChangedDate, m.LastLockoutDate
- FROM dbo.aspnet_Membership m, dbo.aspnet_Applications a, dbo.aspnet_Users u
- WHERE m.ApplicationId = a.ApplicationId
- AND u.ApplicationId = a.ApplicationId
- AND m.UserId = u.UserId
- AND u.UserName = @UserName
- AND a.LoweredApplicationName = LOWER(@ApplicationName)";
- command = factory.CreateCommand ();
- command.CommandText = commandText;
- command.Connection = connection;
- command.CommandType = CommandType.Text;
- AddParameter (command, "UserName", username);
- AddParameter (command, "ApplicationName", ApplicationName);
- MembershipUser u = BuildMembershipUser (command, userIsOnline);
- return u;
- }
-
- public override MembershipUser GetUser (object providerUserKey, bool userIsOnline)
- {
- string commandText;
- DbCommand command;
- InitConnection();
- commandText = @"
- SELECT u.UserName, m.UserId, m.Email, m.PasswordQuestion, m.Comment, m.IsApproved,
- m.IsLockedOut, m.CreateDate, m.LastLoginDate, u.LastActivityDate,
- m.LastPasswordChangedDate, m.LastLockoutDate
- FROM dbo.aspnet_Membership m, dbo.aspnet_Applications a, dbo.aspnet_Users u
- WHERE m.ApplicationId = a.ApplicationId
- AND u.ApplicationId = a.ApplicationId
- AND m.UserId = u.UserId
- AND u.UserId = @UserKey
- AND a.LoweredApplicationName = LOWER(@ApplicationName)";
- command = factory.CreateCommand ();
- command.CommandText = commandText;
- command.Connection = connection;
- command.CommandType = CommandType.Text;
- AddParameter (command, "UserKey", providerUserKey.ToString());
- AddParameter (command, "ApplicationName", ApplicationName);
- MembershipUser u = BuildMembershipUser (command, userIsOnline);
- return u;
- }
-
- public override string GetUserNameByEmail (string email)
- {
- CheckParam ("email", email, 256);
- string commandText;
- DbCommand command;
- InitConnection();
- commandText = @"
- SELECT u.UserName
- FROM dbo.aspnet_Membership m, dbo.aspnet_Applications a, dbo.aspnet_Users u
- WHERE m.ApplicationId = a.ApplicationId
- AND u.ApplicationId = a.ApplicationId
- AND m.UserId = u.UserId
- AND m.Email = @Email
- AND a.LoweredApplicationName = LOWER(@ApplicationName)";
- command = factory.CreateCommand ();
- command.CommandText = commandText;
- command.Connection = connection;
- command.CommandType = CommandType.Text;
- AddParameter (command, "Email", email);
- AddParameter (command, "ApplicationName", ApplicationName);
- try {
- DbDataReader reader = command.ExecuteReader ();
- string rv = null;
- while (reader.Read())
- rv = reader.GetString(0);
- reader.Close();
- return rv;
- }
- catch {
- return null; /* should we allow the exception through? */
- }
- }
- bool GetBoolConfigValue (NameValueCollection config, string name, bool def)
- {
- bool rv = def;
- string val = config[name];
- if (val != null) {
- try { rv = Boolean.Parse (val); }
- catch (Exception e) {
- throw new ProviderException (String.Format ("{0} must be true or false", name), e); }
- }
- return rv;
- }
- int GetIntConfigValue (NameValueCollection config, string name, int def)
- {
- int rv = def;
- string val = config[name];
- if (val != null) {
- try { rv = Int32.Parse (val); }
- catch (Exception e) {
- throw new ProviderException (String.Format ("{0} must be an integer", name), e); }
- }
- return rv;
- }
- int GetEnumConfigValue (NameValueCollection config, string name, Type enumType, int def)
- {
- int rv = def;
- string val = config[name];
- if (val != null) {
- try { rv = (int)Enum.Parse (enumType, val); }
- catch (Exception e) {
- throw new ProviderException (String.Format ("{0} must be one of the following values: {1}", name, String.Join (",", Enum.GetNames (enumType))), e); }
- }
- return rv;
- }
- string GetStringConfigValue (NameValueCollection config, string name, string def)
- {
- string rv = def;
- string val = config[name];
- if (val != null)
- rv = val;
- return rv;
- }
- void EmitValidatingPassword (string username, string password, bool isNewUser)
- {
- ValidatePasswordEventArgs args = new ValidatePasswordEventArgs (username, password, isNewUser);
- OnValidatingPassword (args);
- /* if we're canceled.. */
- if (args.Cancel) {
- if (args.FailureInformation == null)
- throw new ProviderException ("Password validation canceled");
- else
- throw args.FailureInformation;
- }
- }
- public override void Initialize (string name, NameValueCollection config)
- {
- if (config == null)
- throw new ArgumentNullException ("config");
- base.Initialize (name, config);
- applicationName = GetStringConfigValue (config, "applicationName", "/");
- enablePasswordReset = GetBoolConfigValue (config, "enablePasswordReset", true);
- enablePasswordRetrieval = GetBoolConfigValue (config, "enablePasswordRetrieval", false);
- requiresQuestionAndAnswer = GetBoolConfigValue (config, "requiresQuestionAndAnswer", true);
- requiresUniqueEmail = GetBoolConfigValue (config, "requiresUniqueEmail", false);
- passwordFormat = (MembershipPasswordFormat)GetEnumConfigValue (config, "passwordFormat", typeof (MembershipPasswordFormat),
- (int)MembershipPasswordFormat.Hashed);
- maxInvalidPasswordAttempts = GetIntConfigValue (config, "maxInvalidPasswordAttempts", 5);
- minRequiredPasswordLength = GetIntConfigValue (config, "minRequiredPasswordLength", 7);
- minRequiredNonAlphanumericCharacters = GetIntConfigValue (config, "minRequiredNonAlphanumericCharacters", 1);
- passwordAttemptWindow = GetIntConfigValue (config, "passwordAttemptWindow", 10);
- passwordStrengthRegularExpression = GetStringConfigValue (config, "passwordStrengthRegularExpression", "");
- MembershipSection section = (MembershipSection)WebConfigurationManager.GetSection ("system.web/membership");
-
- userIsOnlineTimeWindow = section.UserIsOnlineTimeWindow;
- /* we can't support password retrieval with hashed passwords */
- if (passwordFormat == MembershipPasswordFormat.Hashed && enablePasswordRetrieval)
- throw new ProviderException ("password retrieval cannot be used with hashed passwords");
- string connectionStringName = config["connectionStringName"];
- if (applicationName.Length > 256)
- throw new ProviderException ("The ApplicationName attribute must be 256 characters long or less.");
- if (connectionStringName == null || connectionStringName.Length == 0)
- throw new ProviderException ("The ConnectionStringName attribute must be present and non-zero length.");
- connectionString = WebConfigurationManager.ConnectionStrings[connectionStringName];
- }
- public override string ResetPassword (string username, string answer)
- {
- if (!enablePasswordReset)
- throw new NotSupportedException ("this provider has not been configured to allow the resetting of passwords");
- CheckParam ("username", username, 256);
- if (RequiresQuestionAndAnswer)
- CheckParam ("answer", answer, 128);
- MembershipUser user = GetUser (username, false);
- if (user == null) throw new ProviderException ("could not find user in membership database");
- if (user.IsLockedOut) throw new MembershipPasswordException ("user is currently locked out");
- InitConnection();
- string commandText;
- DbCommand command;
- DbTransaction trans = connection.BeginTransaction ();
- try {
- MembershipPasswordFormat db_passwordFormat;
- string db_salt;
- string newPassword = null;
- if (ValidateUsingPasswordAnswer (trans, user.UserName, answer, out db_passwordFormat, out db_salt)) {
- newPassword = GeneratePassword ();
- string db_password;
- EmitValidatingPassword (username, newPassword, false);
- /* otherwise update the user's password in the db */
- db_password = EncodePassword (newPassword, db_passwordFormat, db_salt);
- commandText = @"
- UPDATE m
- SET Password = @Password,
- FailedPasswordAnswerAttemptCount = 0,
- FailedPasswordAnswerAttemptWindowStart = @DefaultDateTime
- FROM dbo.aspnet_Membership m, dbo.aspnet_Users u, dbo.aspnet_Applications a
- WHERE m.ApplicationId = a.ApplicationId
- AND u.ApplicationId = a.ApplicationId
- AND m.UserId = u.UserId
- AND u.LoweredUserName = LOWER(@UserName)
- AND a.LoweredApplicationName = LOWER(@ApplicationName)";
- command = factory.CreateCommand ();
- command.Transaction = trans;
- command.CommandText = commandText;
- command.Connection = connection;
- command.CommandType = CommandType.Text;
- AddParameter (command, "UserName", user.UserName);
- AddParameter (command, "Password", db_password);
- AddParameter (command, "ApplicationName", ApplicationName);
- AddParameter (command, "DefaultDateTime", DefaultDateTime.ToString());
- if (1 != (int)command.ExecuteNonQuery ())
- throw new ProviderException ("failed to update Membership table");
- trans.Commit ();
- }
- else {
- throw new MembershipPasswordException ("The password-answer supplied is wrong.");
- }
- return newPassword;
- }
- catch (MembershipPasswordException) {
- trans.Commit ();
- throw;
- }
- catch (ProviderException) {
- trans.Rollback ();
- throw;
- }
- catch (Exception e) {
- trans.Rollback ();
- throw new ProviderException ("Failed to reset password", e);
- }
- }
-
- public override void UpdateUser (MembershipUser user)
- {
- if (user == null) throw new ArgumentNullException ("user");
- if (user.UserName == null) throw new ArgumentNullException ("user.UserName");
- if (RequiresUniqueEmail && user.Email == null) throw new ArgumentNullException ("user.Email");
- CheckParam ("user.UserName", user.UserName, 256);
- if (user.Email.Length > 256 || (RequiresUniqueEmail && user.Email.Length == 0))
- throw new ArgumentException ("invalid format for user.Email");
- DbTransaction trans = connection.BeginTransaction ();
- string commandText;
- DbCommand command;
- InitConnection();
- try {
- DateTime now = DateTime.Now.ToUniversalTime ();
- commandText = String.Format (@"
- UPDATE m
- SET Email = {0},
- Comment = {1},
- IsApproved = @IsApproved,
- LastLoginDate = @Now
- FROM dbo.aspnet_Membership m, dbo.aspnet_Users u, dbo.aspnet_Applications a
- WHERE m.ApplicationId = a.ApplicationId
- AND u.ApplicationId = a.ApplicationId
- AND m.UserId = u.UserId
- AND u.LoweredUserName = LOWER(@UserName)
- AND a.LoweredApplicationName = LOWER(@ApplicationName)",
- user.Email == null ? "NULL" : "@Email",
- user.Comment == null ? "NULL" : "@Comment");
- command = factory.CreateCommand ();
- command.Transaction = trans;
- command.CommandText = commandText;
- command.Connection = connection;
- command.CommandType = CommandType.Text;
- if (user.Email != null)
- AddParameter (command, "Email", user.Email);
- if (user.Comment != null)
- AddParameter (command, "Comment", user.Comment);
- AddParameter (command, "IsApproved", user.IsApproved.ToString());
- AddParameter (command, "UserName", user.UserName);
- AddParameter (command, "ApplicationName", ApplicationName);
- AddParameter (command, "Now", now.ToString ());
- if (0 == command.ExecuteNonQuery())
- throw new ProviderException ("failed to membership table");
- commandText = @"
- UPDATE dbo.aspnet_Users
- SET LastActivityDate = @Now
- FROM dbo.aspnet_Users u, dbo.aspnet_Applications a
- WHERE a.ApplicationId = a.ApplicationId
- AND u.LoweredUserName = LOWER(@UserName)
- AND a.LoweredApplicationName = LOWER(@ApplicationName)";
- command = factory.CreateCommand ();
- command.Transaction = trans;
- command.CommandText = commandText;
- command.Connection = connection;
- command.CommandType = CommandType.Text;
- AddParameter (command, "UserName", user.UserName);
- AddParameter (command, "ApplicationName", ApplicationName);
- AddParameter (command, "Now", now.ToString ());
- if (0 == command.ExecuteNonQuery())
- throw new ProviderException ("failed to user table");
- trans.Commit ();
- }
- catch (ProviderException) {
- trans.Rollback ();
- throw;
- }
- catch (Exception e) {
- trans.Rollback ();
- throw new ProviderException ("failed to update user", e);
- }
- }
-
- public override bool ValidateUser (string username, string password)
- {
- MembershipUser user = GetUser (username, false);
- /* if the user is locked out, return false immediately */
- if (user.IsLockedOut)
- return false;
- /* if the user is not yet approved, return false */
- if (!user.IsApproved)
- return false;
- EmitValidatingPassword (username, password, false);
- InitConnection();
- DbTransaction trans = connection.BeginTransaction ();
- string commandText;
- DbCommand command;
- try {
- MembershipPasswordFormat passwordFormat;
- string salt;
- bool valid = ValidateUsingPassword (trans, username, password, out passwordFormat, out salt);
- if (valid) {
- DateTime now = DateTime.Now.ToUniversalTime ();
- /* if the validation succeeds:
- set LastLoginDate to DateTime.Now
- set FailedPasswordAttemptCount to 0
- set FailedPasswordAttemptWindow to DefaultDateTime
- set FailedPasswordAnswerAttemptCount to 0
- set FailedPasswordAnswerAttemptWindowStart to DefaultDateTime
- */
- commandText = @"
- UPDATE dbo.aspnet_Membership
- SET LastLoginDate = @Now,
- FailedPasswordAttemptCount = 0,
- FailedPasswordAttemptWindowStart = @DefaultDateTime,
- FailedPasswordAnswerAttemptCount = 0,
- FailedPasswordAnswerAttemptWindowStart = @DefaultDateTime
- FROM dbo.aspnet_Membership m, dbo.aspnet_Applications a, dbo.aspnet_Users u
- WHERE m.ApplicationId = a.ApplicationId
- AND u.ApplicationId = a.ApplicationId
- AND m.UserId = u.UserId
- AND u.LoweredUserName = LOWER(@UserName)
- AND a.LoweredApplicationName = LOWER(@ApplicationName)";
- command = factory.CreateCommand ();
- command.Transaction = trans;
- command.CommandText = commandText;
- command.Connection = connection;
- command.CommandType = CommandType.Text;
- AddParameter (command, "UserName", user.UserName);
- AddParameter (command, "ApplicationName", ApplicationName);
- AddParameter (command, "Now", now.ToString ());
- AddParameter (command, "DefaultDateTime",…
Large files files are truncated, but you can click here to view the full file