| |
用了asp.net 2.0权验证提供程序,上传到空间里,由于空间没有创建dbo存储过程的权限,而提供程序里的存储过程调用时都在前面加了dbo所有者,如dbo.procedurename,非常郁闷。要是重写的话,工作量不小,而且业务逻辑很难实现。后台找到sqlMembership等提供程序的源码才解决的,微软上有得下,工程名叫ProviderToolkitSampleProviders。
asp.net2.0自带的Provider源码下载地址:http://download.microsoft.com/download/a/b/3/ab3c284b-dc9a-473d-b7e3-33bacfcc8e98/ProviderToolkitSamples.msi
SqlMembershipProvider
//------------------------------------------------------------------------------
//
// Copyright (c) Microsoft Corporation. All rights reserved.
//
//------------------------------------------------------------------------------
namespace Microsoft.Samples {
using System;
using System.Web.Security;
using System.Web;
using System.Web.Configuration;
using System.Security.Principal;
using System.Security.Permissions;
using System.Globalization;
using System.Runtime.Serialization;
using System.Collections;
using System.Collections.Specialized;
using System.Data;
using System.Data.SqlClient;
using System.Data.SqlTypes;
using System.Security.Cryptography;
using System.Text;
using System.Text.RegularExpressions;
using System.Configuration.Provider;
using System.Configuration;
using System.Web.DataAccess;
using System.Web.Management;
using System.Web.Util;
///
///
///
// Remove CAS from sample: [AspNetHostingPermission(SecurityAction.LinkDemand, Level=AspNetHostingPermissionLevel.Minimal)]
// Remove CAS from sample: [AspNetHostingPermission(SecurityAction.InheritanceDemand, Level=AspNetHostingPermissionLevel.Minimal)]
public class SqlMembershipProvider : MembershipProvider
{
////////////////////////////////////////////////////////////
// Public properties
public override bool EnablePasswordRetrieval { get { return _EnablePasswordRetrieval; } }
public override bool EnablePasswordReset { get { return _EnablePasswordReset; } }
public override bool RequiresQuestionAndAnswer { get { return _RequiresQuestionAndAnswer; } }
public override bool RequiresUniqueEmail { get { return _RequiresUniqueEmail; } }
public override MembershipPasswordFormat PasswordFormat { get { return _PasswordFormat; }}
public override int MaxInvalidPasswordAttempts { get { return _MaxInvalidPasswordAttempts; } }
public override int PasswordAttemptWindow { get { return _PasswordAttemptWindow; } }
public override int MinRequiredPasswordLength
{
get { return _MinRequiredPasswordLength; }
}
public override int MinRequiredNonAlphanumericCharacters
{
get { return _MinRequiredNonalphanumericCharacters; }
}
public override string PasswordStrengthRegularExpression
{
get { return _PasswordStrengthRegularExpression; }
}
public override string ApplicationName
{
get { return _AppName; }
set
{
if (String.IsNullOrEmpty(value))
throw new ArgumentNullException("value");
if (value.Length > 256)
throw new ProviderException( SR.GetString( SR.Provider_application_name_too_long ) );
_AppName = value;
}
}
private string _sqlConnectionString;
private bool _EnablePasswordRetrieval;
private bool _EnablePasswordReset;
private bool _RequiresQuestionAndAnswer;
private string _AppName;
private bool _RequiresUniqueEmail;
private int _MaxInvalidPasswordAttempts;
private int _CommandTimeout;
private int _PasswordAttemptWindow;
private int _MinRequiredPasswordLength;
private int _MinRequiredNonalphanumericCharacters;
private string _PasswordStrengthRegularExpression;
private int _SchemaVersionCheck;
private MembershipPasswordFormat _PasswordFormat;
private const int PASSWORD_SIZE = 14;
//////////////////////////////////////////////////////////////////////
//////////////////////////////////////////////////////////////////////
//////////////////////////////////////////////////////////////////////
public override void Initialize(string name, NameValueCollection config)
{
// Remove CAS from sample: HttpRuntime.CheckAspNetHostingPermission (AspNetHostingPermissionLevel.Low, SR.Feature_not_supported_at_this_level);
if (config == null)
throw new ArgumentNullException("config");
if (String.IsNullOrEmpty(name))
name = "SqlMembershipProvider";
if (string.IsNullOrEmpty(config["description"])) {
config.Remove("description");
config.Add("description", SR.GetString(SR.MembershipSqlProvider_description));
}
base.Initialize(name, config);
_SchemaVersionCheck = 0;
_EnablePasswordRetrieval = SecUtility.GetBooleanValue(config, "enablePasswordRetrieval", false);
_EnablePasswordReset = SecUtility.GetBooleanValue(config, "enablePasswordReset", true);
_RequiresQuestionAndAnswer = SecUtility.GetBooleanValue(config, "requiresQuestionAndAnswer", true);
_RequiresUniqueEmail = SecUtility.GetBooleanValue(config, "requiresUniqueEmail", true);
_MaxInvalidPasswordAttempts = SecUtility.GetIntValue( config, "maxInvalidPasswordAttempts", 5, false, 0 );
_PasswordAttemptWindow = SecUtility.GetIntValue( config, "passwordAttemptWindow", 10, false, 0 );
_MinRequiredPasswordLength = SecUtility.GetIntValue( config, "minRequiredPasswordLength", 7, false, 128 );
_MinRequiredNonalphanumericCharacters = SecUtility.GetIntValue( config, "minRequiredNonalphanumericCharacters", 1, true, 128 );
_PasswordStrengthRegularExpression = config["passwordStrengthRegularExpression"];
if( _PasswordStrengthRegularExpression != null )
{
_PasswordStrengthRegularExpression = _PasswordStrengthRegularExpression.Trim();
if( _PasswordStrengthRegularExpression.Length != 0 )
{
try
{
Regex regex = new Regex( _PasswordStrengthRegularExpression );
}
catch( ArgumentException e )
{
throw new ProviderException( e.Message, e );
}
}
}
else
{
_PasswordStrengthRegularExpression = string.Empty;
}
if (_MinRequiredNonalphanumericCharacters > _MinRequiredPasswordLength)
throw new HttpException(SR.GetString(SR.MinRequiredNonalphanumericCharacters_can_not_be_more_than_MinRequiredPasswordLength));
_CommandTimeout = SecUtility.GetIntValue( config, "commandTimeout", 30, true, 0 );
_AppName = config["applicationName"];
if (string.IsNullOrEmpty(_AppName))
_AppName = SecUtility.GetDefaultAppName();
if( _AppName.Length > 256 )
{
throw new ProviderException(SR.GetString(SR.Provider_application_name_too_long));
}
string strTemp = config["passwordFormat"];
if (strTemp == null)
strTemp = "Hashed";
switch(strTemp)
{
case "Clear":
_PasswordFormat = MembershipPasswordFormat.Clear;
break;
case "Encrypted":
_PasswordFormat = MembershipPasswordFormat.Encrypted;
break;
case "Hashed":
_PasswordFormat = MembershipPasswordFormat.Hashed;
break;
default:
throw new ProviderException(SR.GetString(SR.Provider_bad_password_format));
}
if (PasswordFormat == MembershipPasswordFormat.Hashed && EnablePasswordRetrieval)
throw new ProviderException(SR.GetString(SR.Provider_can_not_retrieve_hashed_password));
//if (_PasswordFormat == MembershipPasswordFormat.Encrypted && MachineKeySection.IsDecryptionKeyAutogenerated)
// throw new ProviderException(SR.GetString(SR.Can_not_use_encrypted_passwords_with_autogen_keys));
string temp = config["connectionStringName"];
if (temp == null || temp.Length < 1)
throw new ProviderException(SR.GetString(SR.Connection_name_not_specified));
_sqlConnectionString = SqlConnectionHelper.GetConnectionString(temp, true, true);
if (_sqlConnectionString == null || _sqlConnectionString.Length < 1) {
throw new ProviderException(SR.GetString(SR.Connection_string_not_found, temp));
}
config.Remove("connectionStringName");
config.Remove("enablePasswordRetrieval");
config.Remove("enablePasswordReset");
config.Remove("requiresQuestionAndAnswer");
config.Remove("applicationName");
config.Remove("requiresUniqueEmail");
config.Remove("maxInvalidPasswordAttempts");
config.Remove("passwordAttemptWindow");
config.Remove("commandTimeout");
config.Remove("passwordFormat");
config.Remove("name");
config.Remove("minRequiredPasswordLength");
config.Remove("minRequiredNonalphanumericCharacters");
config.Remove("passwordStrengthRegularExpression");
if (config.Count > 0) {
string attribUnrecognized = config.GetKey(0);
if (!String.IsNullOrEmpty(attribUnrecognized))
throw new ProviderException(SR.GetString(SR.Provider_unrecognized_attribute, attribUnrecognized));
}
}
private void CheckSchemaVersion( SqlConnection connection )
{
string[] features = { "Common", "Membership" };
string version = "1";
SecUtility.CheckSchemaVersion( this,
connection,
features,
version,
ref _SchemaVersionCheck );
}
private int CommandTimeout
{
get{ return _CommandTimeout; }
}
////////////////////////////////////////////////////////////
////////////////////////////////////////////////////////////
////////////////////////////////////////////////////////////
public override MembershipUser CreateUser( string username,
string password,
string email,
string passwordQuestion,
string passwordAnswer,
bool isApproved,
object providerUserKey,
out MembershipCreateStatus status )
{
if( !SecUtility.ValidateParameter(ref password, true, true, false, 128))
{
status = MembershipCreateStatus.InvalidPassword;
return null;
}
string salt = GenerateSalt();
string pass = EncodePassword(password, (int)_PasswordFormat, salt);
if ( pass.Length > 128 )
{
status = MembershipCreateStatus.InvalidPassword;
return null;
}
string encodedPasswordAnswer;
if( passwordAnswer != null )
{
passwordAnswer = passwordAnswer.Trim();
}
if (!string.IsNullOrEmpty(passwordAnswer)) {
if( passwordAnswer.Length > 128 )
{
status = MembershipCreateStatus.InvalidAnswer;
return null;
}
encodedPasswordAnswer = EncodePassword(passwordAnswer.ToLower(CultureInfo.InvariantCulture), (int)_PasswordFormat, salt);
}
else
encodedPasswordAnswer = passwordAnswer;
if (!SecUtility.ValidateParameter(ref encodedPasswordAnswer, RequiresQuestionAndAnswer, true, false, 128))
{
status = MembershipCreateStatus.InvalidAnswer;
return null;
}
if( !SecUtility.ValidateParameter( ref username,true, true, true, 256))
{
status = MembershipCreateStatus.InvalidUserName;
return null;
}
if( !SecUtility.ValidateParameter( ref email,
RequiresUniqueEmail,
RequiresUniqueEmail,
false,
256 ) )
{
status = MembershipCreateStatus.InvalidEmail;
return null;
}
if( !SecUtility.ValidateParameter( ref passwordQuestion, RequiresQuestionAndAnswer, true, false, 256))
{
status = MembershipCreateStatus.InvalidQuestion;
return null;
}
if( providerUserKey != null )
{
if( !( providerUserKey is Guid ) )
{
status = MembershipCreateStatus.InvalidProviderUserKey;
return null;
}
}
if( password.Length < MinRequiredPasswordLength )
{
status = MembershipCreateStatus.InvalidPassword;
return null;
}
int count = 0;
for( int i = 0; i < password.Length; i++ )
{
if( !char.IsLetterOrDigit( password, i ) )
{
count++;
}
}
if( count < MinRequiredNonAlphanumericCharacters )
{
status = MembershipCreateStatus.InvalidPassword;
return null;
}
if( PasswordStrengthRegularExpression.Length > 0 )
{
if( !Regex.IsMatch( password, PasswordStrengthRegularExpression ) )
{
status = MembershipCreateStatus.InvalidPassword;
return null;
}
}
ValidatePasswordEventArgs e = new ValidatePasswordEventArgs( username, password, true );
OnValidatingPassword( e );
if( e.Cancel )
{
status = MembershipCreateStatus.InvalidPassword;
return null;
}
try
{
SqlConnectionHolder holder = null;
try {
holder = SqlConnectionHelper.GetConnection( _sqlConnectionString, true );
CheckSchemaVersion( holder.Connection );
DateTime dt = RoundToSeconds(DateTime.UtcNow);
SqlCommand cmd = new SqlCommand("aspnet_Membership_CreateUser", holder.Connection);
cmd.CommandTimeout = CommandTimeout;
cmd.CommandType = CommandType.StoredProcedure;
cmd.Parameters.Add(CreateInputParam("@ApplicationName", SqlDbType.NVarChar, ApplicationName));
cmd.Parameters.Add(CreateInputParam("@UserName", SqlDbType.NVarChar, username));
cmd.Parameters.Add(CreateInputParam("@Password", SqlDbType.NVarChar, pass));
cmd.Parameters.Add(CreateInputParam("@PasswordSalt", SqlDbType.NVarChar, salt));
cmd.Parameters.Add(CreateInputParam("@Email", SqlDbType.NVarChar, email));
cmd.Parameters.Add(CreateInputParam("@PasswordQuestion", SqlDbType.NVarChar, passwordQuestion));
cmd.Parameters.Add(CreateInputParam("@PasswordAnswer", SqlDbType.NVarChar, encodedPasswordAnswer));
cmd.Parameters.Add(CreateInputParam("@IsApproved", SqlDbType.Bit, isApproved));
cmd.Parameters.Add(CreateInputParam("@UniqueEmail", SqlDbType.Int, RequiresUniqueEmail ? 1 : 0));
cmd.Parameters.Add(CreateInputParam("@PasswordFormat", SqlDbType.Int, (int)PasswordFormat));
cmd.Parameters.Add(CreateInputParam("@CurrentTimeUtc", SqlDbType.DateTime, dt));
SqlParameter p = CreateInputParam("@UserId", SqlDbType.UniqueIdentifier, providerUserKey);
p.Direction= ParameterDirection.InputOutput;
cmd.Parameters.Add( p );
p = new SqlParameter("@ReturnValue", SqlDbType.Int);
p.Direction = ParameterDirection.ReturnValue;
cmd.Parameters.Add(p);
cmd.ExecuteNonQuery();
int iStatus = ((p.Value!=null) ? ((int) p.Value) : -1);
if (iStatus < 0 || iStatus > (int) MembershipCreateStatus.ProviderError)
iStatus = (int) MembershipCreateStatus.ProviderError;
status = (MembershipCreateStatus) iStatus;
if (iStatus != 0) // !success
return null;
providerUserKey = new Guid( cmd.Parameters[ "@UserId" ].Value.ToString() );
dt = dt.ToLocalTime();
return new MembershipUser( this.Name,
username,
providerUserKey,
email,
passwordQuestion,
null,
isApproved,
false,
dt,
dt,
dt,
dt,
new DateTime( 1754, 1, 1 ) );
}
finally
{
if( holder != null )
{
holder.Close();
holder = null;
}
}
} catch {
throw;
}
}
//////////////////////////////////////////////////////////////////////
//////////////////////////////////////////////////////////////////////
//////////////////////////////////////////////////////////////////////
public override bool ChangePasswordQuestionAndAnswer(string username, string password, string newPasswordQuestion, string newPasswordAnswer)
{
SecUtility.CheckParameter( ref username, true, true, true, 256, "username" );
SecUtility.CheckParameter( ref password, true, true, false, 128, "password" );
string salt;
int passwordFormat;
if (!CheckPassword(username, password, false, false, out salt, out passwordFormat))
return false;
SecUtility.CheckParameter(ref newPasswordQuestion, RequiresQuestionAndAnswer, RequiresQuestionAndAnswer, false, 256, "newPasswordQuestion");
string encodedPasswordAnswer;
if( newPasswordAnswer != null )
{
newPasswordAnswer = newPasswordAnswer.Trim();
}
SecUtility.CheckParameter(ref newPasswordAnswer, RequiresQuestionAndAnswer, RequiresQuestionAndAnswer, false, 128, "newPasswordAnswer");
if (!string.IsNullOrEmpty(newPasswordAnswer)) {
encodedPasswordAnswer = EncodePassword(newPasswordAnswer.ToLower(CultureInfo.InvariantCulture), (int)passwordFormat, salt);
}
else
encodedPasswordAnswer = newPasswordAnswer;
SecUtility.CheckParameter(ref encodedPasswordAnswer, RequiresQuestionAndAnswer, RequiresQuestionAndAnswer, false, 128, "newPasswordAnswer");
try {
SqlConnectionHolder holder = null;
try {
holder = SqlConnectionHelper.GetConnection( _sqlConnectionString, true );
CheckSchemaVersion( holder.Connection );
SqlCommand cmd = new SqlCommand("aspnet_Membership_ChangePasswordQuestionAndAnswer", holder.Connection);
cmd.CommandTimeout = CommandTimeout;
cmd.CommandType = CommandType.StoredProcedure;
cmd.Parameters.Add(CreateInputParam("@ApplicationName", SqlDbType.NVarChar, ApplicationName));
cmd.Parameters.Add(CreateInputParam("@UserName", SqlDbType.NVarChar, username));
cmd.Parameters.Add(CreateInputParam("@NewPasswordQuestion", SqlDbType.NVarChar, newPasswordQuestion));
cmd.Parameters.Add(CreateInputParam("@NewPasswordAnswer", SqlDbType.NVarChar, encodedPasswordAnswer));
SqlParameter p = new SqlParameter("@ReturnValue", SqlDbType.Int);
p.Direction = ParameterDirection.ReturnValue;
cmd.Parameters.Add(p);
cmd.ExecuteNonQuery();
int status = ( ( p.Value != null ) ? ( ( int )p.Value ) : -1 );
if( status != 0 )
{
throw new ProviderException( GetExceptionText( status ) );
}
return ( status == 0 );
}
finally
{
if( holder != null )
{
holder.Close();
holder = null;
}
}
} catch {
throw;
}
}
//////////////////////////////////////////////////////////////////////
//////////////////////////////////////////////////////////////////////
//////////////////////////////////////////////////////////////////////
public override string GetPassword(string username, string passwordAnswer)
{
if ( !EnablePasswordRetrieval )
{
throw new NotSupportedException( SR.GetString( SR.Membership_PasswordRetrieval_not_supported ) );
}
SecUtility.CheckParameter( ref username, true, true, true, 256, "username" );
string encodedPasswordAnswer = GetEncodedPasswordAnswer(username, passwordAnswer);
SecUtility.CheckParameter(ref encodedPasswordAnswer, RequiresQuestionAndAnswer, RequiresQuestionAndAnswer, false, 128, "passwordAnswer");
string errText;
int passwordFormat = 0;
int status = 0;
string pass = GetPasswordFromDB(username, encodedPasswordAnswer, RequiresQuestionAndAnswer, out passwordFormat, out status);
if ( pass == null )
{
errText = GetExceptionText( status );
if ( IsStatusDueToBadPassword( status ) )
{
throw new MembershipPasswordException( errText );
}
else
{
throw new ProviderException( errText );
}
}
return UnEncodePassword( pass, passwordFormat );
}
//////////////////////////////////////////////////////////////////////
//////////////////////////////////////////////////////////////////////
//////////////////////////////////////////////////////////////////////
public override bool ChangePassword(string username, string oldPassword, string newPassword)
{
SecUtility.CheckParameter( ref username, true, true, true, 256, "username" );
SecUtility.CheckParameter( ref oldPassword, true, true, false, 128, "oldPassword" );
SecUtility.CheckParameter( ref newPassword, true, true, false, 128, "newPassword" );
string salt = null;
int passwordFormat;
int status;
if (!CheckPassword( username, oldPassword, false, false, out salt, out passwordFormat))
{
return false;
}
if( newPassword.Length < MinRequiredPasswordLength )
{
throw new ArgumentException(SR.GetString(
SR.Password_too_short,
"newPassword",
MinRequiredPasswordLength.ToString(CultureInfo.InvariantCulture)));
}
int count = 0;
for( int i = 0; i < newPassword.Length; i++ )
{
if( !char.IsLetterOrDigit( newPassword, i ) )
{
count++;
}
}
if( count < MinRequiredNonAlphanumericCharacters )
{
throw new ArgumentException(SR.GetString(
SR.Password_need_more_non_alpha_numeric_chars,
"newPassword",
MinRequiredNonAlphanumericCharacters.ToString(CultureInfo.InvariantCulture)));
}
if( PasswordStrengthRegularExpression.Length > 0 )
{
if( !Regex.IsMatch( newPassword, PasswordStrengthRegularExpression ) )
{
throw new ArgumentException(SR.GetString(SR.Password_does_not_match_regular_expression,
"newPassword"));
}
}
string pass = EncodePassword(newPassword, (int)passwordFormat, salt);
if ( pass.Length > 128 )
{
throw new ArgumentException(SR.GetString(SR.Membership_password_too_long), "newPassword");
}
ValidatePasswordEventArgs e = new ValidatePasswordEventArgs( username, newPassword, false );
OnValidatingPassword( e );
if( e.Cancel )
{
if( e.FailureInformation != null )
{
throw e.FailureInformation;
}
else
{
throw new ArgumentException( SR.GetString( SR.Membership_Custom_Password_Validation_Failure ), "newPassword");
}
}
try {
SqlConnectionHolder holder = null;
try {
holder = SqlConnectionHelper.GetConnection( _sqlConnectionString, true );
CheckSchemaVersion( holder.Connection );
SqlCommand cmd = new SqlCommand( "aspnet_Membership_SetPassword", holder.Connection );
cmd.CommandTimeout = CommandTimeout;
cmd.CommandType = CommandType.StoredProcedure;
cmd.Parameters.Add(CreateInputParam("@ApplicationName", SqlDbType.NVarChar, ApplicationName));
cmd.Parameters.Add(CreateInputParam("@UserName", SqlDbType.NVarChar, username));
cmd.Parameters.Add(CreateInputParam("@NewPassword", SqlDbType.NVarChar, pass));
cmd.Parameters.Add(CreateInputParam("@PasswordSalt", SqlDbType.NVarChar, salt));
cmd.Parameters.Add(CreateInputParam("@PasswordFormat", SqlDbType.Int, passwordFormat));
cmd.Parameters.Add(CreateInputParam("@CurrentTimeUtc", SqlDbType.DateTime, DateTime.UtcNow));
SqlParameter p = new SqlParameter("@ReturnValue", SqlDbType.Int);
p.Direction = ParameterDirection.ReturnValue;
cmd.Parameters.Add(p);
cmd.ExecuteNonQuery();
status = ( ( p.Value != null ) ? ( ( int )p.Value ) : -1 );
if ( status != 0 )
{
string errText = GetExceptionText( status );
if ( IsStatusDueToBadPassword( status ) )
{
throw new MembershipPasswordException( errText );
}
else
{
throw new ProviderException( errText );
}
}
return true;
}
finally
{
if( holder != null )
{
holder.Close();
holder = null;
}
}
} catch {
throw;
}
}
//////////////////////////////////////////////////////////////////////
//////////////////////////////////////////////////////////////////////
//////////////////////////////////////////////////////////////////////
public override string ResetPassword( string username, string passwordAnswer )
{
if ( !EnablePasswordReset )
{
throw new NotSupportedException( SR.GetString( SR.Not_configured_to_support_password_resets ) );
}
SecUtility.CheckParameter( ref username, true, true, true, 256, "username" );
string salt;
int passwordFormat;
string passwdFromDB;
int status;
int failedPasswordAttemptCount;
int failedPasswordAnswerAttemptCount;
bool isApproved;
DateTime lastLoginDate, lastActivityDate;
GetPasswordWithFormat(username, false, out status, out passwdFromDB, out passwordFormat, out salt, out failedPasswordAttemptCount,
out failedPasswordAnswerAttemptCount, out isApproved, out lastLoginDate, out lastActivityDate);
if (status != 0)
{
if (IsStatusDueToBadPassword(status))
{
throw new MembershipPasswordException(GetExceptionText(status));
}
else
{
throw new ProviderException(GetExceptionText(status));
}
}
string encodedPasswordAnswer;
if( passwordAnswer != null )
{
passwordAnswer = passwordAnswer.Trim();
}
if (!string.IsNullOrEmpty(passwordAnswer))
encodedPasswordAnswer = EncodePassword(passwordAnswer.ToLower(CultureInfo.InvariantCulture), passwordFormat, salt);
else
encodedPasswordAnswer = passwordAnswer;
SecUtility.CheckParameter(ref encodedPasswordAnswer, RequiresQuestionAndAnswer, RequiresQuestionAndAnswer, false, 128, "passwordAnswer");
string newPassword = GeneratePassword();
ValidatePasswordEventArgs e = new ValidatePasswordEventArgs( username, newPassword, false );
OnValidatingPassword( e );
if( e.Cancel )
{
if( e.FailureInformation != null )
{
throw e.FailureInformation;
}
else
{
throw new ProviderException( SR.GetString( SR.Membership_Custom_Password_Validation_Failure ) );
}
}
try
{
SqlConnectionHolder holder = null;
try {
holder = SqlConnectionHelper.GetConnection( _sqlConnectionString, true );
CheckSchemaVersion( holder.Connection );
SqlCommand cmd = new SqlCommand("aspnet_Membership_ResetPassword", holder.Connection);
string errText;
cmd.CommandTimeout = CommandTimeout;
cmd.CommandType = CommandType.StoredProcedure;
cmd.Parameters.Add(CreateInputParam("@ApplicationName", SqlDbType.NVarChar, ApplicationName));
cmd.Parameters.Add(CreateInputParam("@UserName", SqlDbType.NVarChar, username));
cmd.Parameters.Add(CreateInputParam("@NewPassword", SqlDbType.NVarChar, EncodePassword(newPassword, (int) passwordFormat, salt)));
cmd.Parameters.Add(CreateInputParam("@MaxInvalidPasswordAttempts", SqlDbType.Int, MaxInvalidPasswordAttempts ) );
cmd.Parameters.Add(CreateInputParam("@PasswordAttemptWindow", SqlDbType.Int, PasswordAttemptWindow ) );
cmd.Parameters.Add(CreateInputParam("@PasswordSalt", SqlDbType.NVarChar, salt));
cmd.Parameters.Add(CreateInputParam("@PasswordFormat", SqlDbType.Int, (int)passwordFormat));
cmd.Parameters.Add(CreateInputParam("@CurrentTimeUtc", SqlDbType.DateTime, DateTime.UtcNow));
if (RequiresQuestionAndAnswer) {
cmd.Parameters.Add(CreateInputParam("@PasswordAnswer", SqlDbType.NVarChar, encodedPasswordAnswer));
}
SqlParameter p = new SqlParameter("@ReturnValue", SqlDbType.Int);
p.Direction = ParameterDirection.ReturnValue;
cmd.Parameters.Add(p);
cmd.ExecuteNonQuery();
status = ( ( p.Value != null ) ? ( ( int )p.Value ) : -1 );
if ( status != 0 )
{
errText = GetExceptionText( status );
if ( IsStatusDueToBadPassword( status ) )
{
throw new MembershipPasswordException( errText );
}
else
{
throw new ProviderException( errText );
}
}
return newPassword;
}
finally
{
if( holder != null )
{
holder.Close();
holder = null;
}
}
} catch {
throw;
}
}
//////////////////////////////////////////////////////////////////////
//////////////////////////////////////////////////////////////////////
//////////////////////////////////////////////////////////////////////
public override void UpdateUser(MembershipUser user)
{
if( user == null )
{
throw new ArgumentNullException( "user" );
}
string temp = user.UserName;
SecUtility.CheckParameter( ref temp, true, true, true, 256, "UserName" );
temp = user.Email;
SecUtility.CheckParameter( ref temp,
RequiresUniqueEmail,
RequiresUniqueEmail,
false,
256,
"Email");
user.Email = temp;
try {
SqlConnectionHolder holder = null;
try {
holder = SqlConnectionHelper.GetConnection( _sqlConnectionString, true );
CheckSchemaVersion( holder.Connection );
SqlCommand cmd = new SqlCommand("aspnet_Membership_UpdateUser", holder.Connection);
cmd.CommandTimeout = CommandTimeout;
cmd.CommandType = CommandType.StoredProcedure;
cmd.Parameters.Add(CreateInputParam("@ApplicationName", SqlDbType.NVarChar, ApplicationName));
cmd.Parameters.Add(CreateInputParam("@UserName", SqlDbType.NVarChar, user.UserName));
cmd.Parameters.Add(CreateInputParam("@Email", SqlDbType.NVarChar, user.Email));
cmd.Parameters.Add(CreateInputParam("@Comment", SqlDbType.NText, user.Comment));
cmd.Parameters.Add(CreateInputParam("@IsApproved", SqlDbType.Bit, user.IsApproved ? 1 : 0));
cmd.Parameters.Add(CreateInputParam("@LastLoginDate", SqlDbType.DateTime, user.LastLoginDate.ToUniversalTime()));
cmd.Parameters.Add(CreateInputParam("@LastActivityDate", SqlDbType.DateTime, user.LastActivityDate.ToUniversalTime()));
cmd.Parameters.Add(CreateInputParam("@UniqueEmail", SqlDbType.Int, RequiresUniqueEmail ? 1 : 0));
cmd.Parameters.Add(CreateInputParam("@CurrentTimeUtc", SqlDbType.DateTime, DateTime.UtcNow));
SqlParameter p = new SqlParameter("@ReturnValue", SqlDbType.Int);
p.Direction = ParameterDirection.ReturnValue;
cmd.Parameters.Add(p);
cmd.ExecuteNonQuery();
int status = ((p.Value!=null) ? ((int) p.Value) : -1);
if (status != 0)
throw new ProviderException(GetExceptionText(status));
return;
}
finally
{
if( holder != null )
{
holder.Close();
holder = null;
}
}
} catch {
throw;
}
}
//////////////////////////////////////////////////////////////////////
//////////////////////////////////////////////////////////////////////
//////////////////////////////////////////////////////////////////////
public override bool ValidateUser(string username, string password)
{
if ( SecUtility.ValidateParameter(ref username, true, true, true, 256) &&
SecUtility.ValidateParameter(ref password, true, true, false, 128) &&
CheckPassword(username, password, true, true))
{
// Comment out perf counters in sample: PerfCounters.IncrementCounter(AppPerfCounter.MEMBER_SUCCESS);
// Comment out events in sample: WebBaseEvent.RaiseSystemEvent(null, WebEventCodes.AuditMembershipAuthenticationSuccess, username);
return true;
} else {
// Comment out perf counters in sample: PerfCounters.IncrementCounter(AppPerfCounter.MEMBER_FAIL);
// Comment out events in sample: WebBaseEvent.RaiseSystemEvent(null, WebEventCodes.AuditMembershipAuthenticationFailure, username);
return false;
}
}
public override bool UnlockUser( string username )
{
SecUtility.CheckParameter(ref username, true, true, true, 256, "username" );
try {
SqlConnectionHolder holder = null;
try {
holder = SqlConnectionHelper.GetConnection( _sqlConnectionString, true );
CheckSchemaVersion(holder.Connection);
SqlCommand cmd = new SqlCommand("aspnet_Membership_UnlockUser", holder.Connection);
cmd.CommandTimeout = CommandTimeout;
cmd.CommandType = CommandType.StoredProcedure;
cmd.Parameters.Add(CreateInputParam("@ApplicationName", SqlDbType.NVarChar, ApplicationName));
cmd.Parameters.Add(CreateInputParam("@UserName", SqlDbType.NVarChar, username));
SqlParameter p = new SqlParameter("@ReturnValue", SqlDbType.Int);
p.Direction = ParameterDirection.ReturnValue;
cmd.Parameters.Add(p);
cmd.ExecuteNonQuery();
int status = ((p.Value != null) ? ((int)p.Value) : -1);
if (status == 0) {
return true;
}
return false;
}
finally {
if( holder != null )
{
holder.Close();
holder = null;
}
}
} catch {
throw;
}
}
public override MembershipUser GetUser( object providerUserKey, bool userIsOnline )
{
if( providerUserKey == null )
{
throw new ArgumentNullException( "providerUserKey" );
}
if ( !( providerUserKey is Guid ) )
{
throw new ArgumentException( SR.GetString( SR.Membership_InvalidProviderUserKey ), "providerUserKey" );
}
SqlDataReader reader = null;
try {
SqlConnectionHolder holder = null;
try {
holder = SqlConnectionHelper.GetConnection( _sqlConnectionString, true );
CheckSchemaVersion( holder.Connection );
SqlCommand cmd = new SqlCommand( "aspnet_Membership_GetUserByUserId", holder.Connection );
cmd.CommandTimeout = CommandTimeout;
cmd.CommandType = CommandType.StoredProcedure;
cmd.Parameters.Add(CreateInputParam("@UserId", SqlDbType.UniqueIdentifier, providerUserKey ) );
cmd.Parameters.Add(CreateInputParam("@UpdateLastActivity", SqlDbType.Bit, userIsOnline));
cmd.Parameters.Add(CreateInputParam("@CurrentTimeUtc", SqlDbType.DateTime, DateTime.UtcNow));
SqlParameter p = new SqlParameter("@ReturnValue", SqlDbType.Int);
p.Direction = ParameterDirection.ReturnValue;
cmd.Parameters.Add(p);
reader = cmd.ExecuteReader();
if ( reader.Read() )
{
string email = GetNullableString(reader, 0);
string passwordQuestion = GetNullableString( reader, 1 );
string comment = GetNullableString(reader, 2);
bool isApproved = reader.GetBoolean(3);
DateTime dtCreate = reader.GetDateTime(4).ToLocalTime();
DateTime dtLastLogin = reader.GetDateTime(5).ToLocalTime();
DateTime dtLastActivity = reader.GetDateTime(6).ToLocalTime();
DateTime dtLastPassChange = reader.GetDateTime(7).ToLocalTime();
string userName = GetNullableString(reader, 8);
bool isLockedOut = reader.GetBoolean(9);
DateTime dtLastLockoutDate = reader.GetDateTime(10).ToLocalTime();
////////////////////////////////////////////////////////////
// Step 4 : Return the result
return new MembershipUser( this.Name,
userName,
providerUserKey,
email,
passwordQuestion,
comment,
isApproved,
isLockedOut,
dtCreate,
dtLastLogin,
dtLastActivity,
&n
