Code:
/ Dotnetfx_Vista_SP2 / Dotnetfx_Vista_SP2 / 8.0.50727.4016 / DEVDIV / depot / DevDiv / releases / whidbey / NetFxQFE / ndp / fx / src / xsp / System / Web / Security / IMembershipProvider.cs / 1 / IMembershipProvider.cs
//------------------------------------------------------------------------------ //// Copyright (c) Microsoft Corporation. All rights reserved. // //----------------------------------------------------------------------------- namespace System.Web.Security { using System.Web; using System.Security.Principal; using System.Collections.Specialized; using System.Web.Configuration; using System.Security.Permissions; using System.Globalization; using System.Security.Cryptography; using System.Runtime.Serialization; using System.Configuration.Provider; using System.Text; ////// [AspNetHostingPermission(SecurityAction.LinkDemand, Level=AspNetHostingPermissionLevel.Minimal)] [AspNetHostingPermission(SecurityAction.InheritanceDemand, Level=AspNetHostingPermissionLevel.Minimal)] public abstract class MembershipProvider : ProviderBase { private const int SALT_SIZE_IN_BYTES = 16; // // Property Section // // Public properties public abstract bool EnablePasswordRetrieval { get; } public abstract bool EnablePasswordReset { get; } public abstract bool RequiresQuestionAndAnswer { get; } public abstract string ApplicationName { get; set; } public abstract int MaxInvalidPasswordAttempts { get; } public abstract int PasswordAttemptWindow { get; } public abstract bool RequiresUniqueEmail { get; } public abstract MembershipPasswordFormat PasswordFormat { get; } public abstract int MinRequiredPasswordLength { get; } public abstract int MinRequiredNonAlphanumericCharacters { get; } public abstract string PasswordStrengthRegularExpression { get; } // // Method Section // public abstract MembershipUser CreateUser( string username, string password, string email, string passwordQuestion, string passwordAnswer, bool isApproved, object providerUserKey, out MembershipCreateStatus status ); public abstract bool ChangePasswordQuestionAndAnswer(string username, string password, string newPasswordQuestion, string newPasswordAnswer); public abstract string GetPassword(string username, string answer); public abstract bool ChangePassword(string username, string oldPassword, string newPassword); public abstract string ResetPassword(string username, string answer); public abstract void UpdateUser(MembershipUser user); public abstract bool ValidateUser(string username, string password); public abstract bool UnlockUser( string userName ); public abstract MembershipUser GetUser( object providerUserKey, bool userIsOnline ); public abstract MembershipUser GetUser(string username, bool userIsOnline); // GetUser() can throw 1 type of exception: // 1. ArgumentException is thrown if: // A. Username is null, is empty, contains commas, or is longer than 256 characters internal MembershipUser GetUser(string username, bool userIsOnline, bool throwOnError) { MembershipUser user = null; try { user = GetUser(username, userIsOnline); } catch (ArgumentException) { if (throwOnError) throw; } return user; } public abstract string GetUserNameByEmail(string email); public abstract bool DeleteUser(string username, bool deleteAllRelatedData); public abstract MembershipUserCollection GetAllUsers(int pageIndex, int pageSize, out int totalRecords); public abstract int GetNumberOfUsersOnline(); public abstract MembershipUserCollection FindUsersByName(string usernameToMatch, int pageIndex, int pageSize, out int totalRecords); public abstract MembershipUserCollection FindUsersByEmail(string emailToMatch, int pageIndex, int pageSize, out int totalRecords); protected virtual byte[] EncryptPassword( byte[] password ) { if (MachineKeySection.IsDecryptionKeyAutogenerated) throw new ProviderException(SR.GetString(SR.Can_not_use_encrypted_passwords_with_autogen_keys)); // DevDiv Bugs 137864: Use IVType.None for compatibility with stored passwords even after SP20 compat mode enabled. // This is the ONLY case IVType.None should be used. return MachineKeySection.EncryptOrDecryptData(true, password, null, 0, password.Length, IVType.None); } protected virtual byte[] DecryptPassword( byte[] encodedPassword ) { if (MachineKeySection.IsDecryptionKeyAutogenerated) throw new ProviderException(SR.GetString(SR.Can_not_use_encrypted_passwords_with_autogen_keys)); // DevDiv Bugs 137864: Use IVType.None for compatibility with stored passwords even after SP20 compat mode enabled. // This is the ONLY case IVType.None should be used. return MachineKeySection.EncryptOrDecryptData(false, encodedPassword, null, 0, encodedPassword.Length, IVType.None); } internal string EncodePassword(string pass, int passwordFormat, string salt) { if (passwordFormat == 0) // MembershipPasswordFormat.Clear return pass; byte[] bIn = Encoding.Unicode.GetBytes(pass); byte[] bSalt = Convert.FromBase64String(salt); byte[] bAll = new byte[bSalt.Length + bIn.Length]; byte[] bRet = null; Buffer.BlockCopy(bSalt, 0, bAll, 0, bSalt.Length); Buffer.BlockCopy(bIn, 0, bAll, bSalt.Length, bIn.Length); if (passwordFormat == 1) { // MembershipPasswordFormat.Hashed #if !FEATURE_PAL // FEATURE_PAL does not enable cryptography HashAlgorithm s = HashAlgorithm.Create( Membership.HashAlgorithmType ); // If the hash algorithm is null (and came from config), throw a config exception if (s == null) { if ( Membership.IsHashAlgorithmFromMembershipConfig ) { MembershipSection settings = RuntimeConfig.GetAppConfig().Membership; settings.ThrowHashAlgorithmException(); } } bRet = s.ComputeHash(bAll); #endif // !FEATURE_PAL } else { bRet = EncryptPassword( bAll ); } return Convert.ToBase64String(bRet); } internal string UnEncodePassword(string pass, int passwordFormat) { switch (passwordFormat) { case 0: // MembershipPasswordFormat.Clear: return pass; case 1: // MembershipPasswordFormat.Hashed: throw new ProviderException(SR.GetString(SR.Provider_can_not_decode_hashed_password)); default: byte[] bIn = Convert.FromBase64String(pass); byte[] bRet = DecryptPassword( bIn ); if (bRet == null) return null; return Encoding.Unicode.GetString(bRet, SALT_SIZE_IN_BYTES, bRet.Length - SALT_SIZE_IN_BYTES); } } internal string GenerateSalt() { byte[] buf = new byte[SALT_SIZE_IN_BYTES]; (new RNGCryptoServiceProvider()).GetBytes(buf); return Convert.ToBase64String(buf); } // // Event Section // public event MembershipValidatePasswordEventHandler ValidatingPassword { add { _EventHandler += value; } remove { _EventHandler -= value; } } protected virtual void OnValidatingPassword( ValidatePasswordEventArgs e ) { if( _EventHandler != null ) { _EventHandler( this, e ); } } private MembershipValidatePasswordEventHandler _EventHandler; } } // File provided for Reference Use Only by Microsoft Corporation (c) 2007. //------------------------------------------------------------------------------ //[To be supplied.] ///// Copyright (c) Microsoft Corporation. All rights reserved. // //----------------------------------------------------------------------------- namespace System.Web.Security { using System.Web; using System.Security.Principal; using System.Collections.Specialized; using System.Web.Configuration; using System.Security.Permissions; using System.Globalization; using System.Security.Cryptography; using System.Runtime.Serialization; using System.Configuration.Provider; using System.Text; ////// [AspNetHostingPermission(SecurityAction.LinkDemand, Level=AspNetHostingPermissionLevel.Minimal)] [AspNetHostingPermission(SecurityAction.InheritanceDemand, Level=AspNetHostingPermissionLevel.Minimal)] public abstract class MembershipProvider : ProviderBase { private const int SALT_SIZE_IN_BYTES = 16; // // Property Section // // Public properties public abstract bool EnablePasswordRetrieval { get; } public abstract bool EnablePasswordReset { get; } public abstract bool RequiresQuestionAndAnswer { get; } public abstract string ApplicationName { get; set; } public abstract int MaxInvalidPasswordAttempts { get; } public abstract int PasswordAttemptWindow { get; } public abstract bool RequiresUniqueEmail { get; } public abstract MembershipPasswordFormat PasswordFormat { get; } public abstract int MinRequiredPasswordLength { get; } public abstract int MinRequiredNonAlphanumericCharacters { get; } public abstract string PasswordStrengthRegularExpression { get; } // // Method Section // public abstract MembershipUser CreateUser( string username, string password, string email, string passwordQuestion, string passwordAnswer, bool isApproved, object providerUserKey, out MembershipCreateStatus status ); public abstract bool ChangePasswordQuestionAndAnswer(string username, string password, string newPasswordQuestion, string newPasswordAnswer); public abstract string GetPassword(string username, string answer); public abstract bool ChangePassword(string username, string oldPassword, string newPassword); public abstract string ResetPassword(string username, string answer); public abstract void UpdateUser(MembershipUser user); public abstract bool ValidateUser(string username, string password); public abstract bool UnlockUser( string userName ); public abstract MembershipUser GetUser( object providerUserKey, bool userIsOnline ); public abstract MembershipUser GetUser(string username, bool userIsOnline); // GetUser() can throw 1 type of exception: // 1. ArgumentException is thrown if: // A. Username is null, is empty, contains commas, or is longer than 256 characters internal MembershipUser GetUser(string username, bool userIsOnline, bool throwOnError) { MembershipUser user = null; try { user = GetUser(username, userIsOnline); } catch (ArgumentException) { if (throwOnError) throw; } return user; } public abstract string GetUserNameByEmail(string email); public abstract bool DeleteUser(string username, bool deleteAllRelatedData); public abstract MembershipUserCollection GetAllUsers(int pageIndex, int pageSize, out int totalRecords); public abstract int GetNumberOfUsersOnline(); public abstract MembershipUserCollection FindUsersByName(string usernameToMatch, int pageIndex, int pageSize, out int totalRecords); public abstract MembershipUserCollection FindUsersByEmail(string emailToMatch, int pageIndex, int pageSize, out int totalRecords); protected virtual byte[] EncryptPassword( byte[] password ) { if (MachineKeySection.IsDecryptionKeyAutogenerated) throw new ProviderException(SR.GetString(SR.Can_not_use_encrypted_passwords_with_autogen_keys)); // DevDiv Bugs 137864: Use IVType.None for compatibility with stored passwords even after SP20 compat mode enabled. // This is the ONLY case IVType.None should be used. return MachineKeySection.EncryptOrDecryptData(true, password, null, 0, password.Length, IVType.None); } protected virtual byte[] DecryptPassword( byte[] encodedPassword ) { if (MachineKeySection.IsDecryptionKeyAutogenerated) throw new ProviderException(SR.GetString(SR.Can_not_use_encrypted_passwords_with_autogen_keys)); // DevDiv Bugs 137864: Use IVType.None for compatibility with stored passwords even after SP20 compat mode enabled. // This is the ONLY case IVType.None should be used. return MachineKeySection.EncryptOrDecryptData(false, encodedPassword, null, 0, encodedPassword.Length, IVType.None); } internal string EncodePassword(string pass, int passwordFormat, string salt) { if (passwordFormat == 0) // MembershipPasswordFormat.Clear return pass; byte[] bIn = Encoding.Unicode.GetBytes(pass); byte[] bSalt = Convert.FromBase64String(salt); byte[] bAll = new byte[bSalt.Length + bIn.Length]; byte[] bRet = null; Buffer.BlockCopy(bSalt, 0, bAll, 0, bSalt.Length); Buffer.BlockCopy(bIn, 0, bAll, bSalt.Length, bIn.Length); if (passwordFormat == 1) { // MembershipPasswordFormat.Hashed #if !FEATURE_PAL // FEATURE_PAL does not enable cryptography HashAlgorithm s = HashAlgorithm.Create( Membership.HashAlgorithmType ); // If the hash algorithm is null (and came from config), throw a config exception if (s == null) { if ( Membership.IsHashAlgorithmFromMembershipConfig ) { MembershipSection settings = RuntimeConfig.GetAppConfig().Membership; settings.ThrowHashAlgorithmException(); } } bRet = s.ComputeHash(bAll); #endif // !FEATURE_PAL } else { bRet = EncryptPassword( bAll ); } return Convert.ToBase64String(bRet); } internal string UnEncodePassword(string pass, int passwordFormat) { switch (passwordFormat) { case 0: // MembershipPasswordFormat.Clear: return pass; case 1: // MembershipPasswordFormat.Hashed: throw new ProviderException(SR.GetString(SR.Provider_can_not_decode_hashed_password)); default: byte[] bIn = Convert.FromBase64String(pass); byte[] bRet = DecryptPassword( bIn ); if (bRet == null) return null; return Encoding.Unicode.GetString(bRet, SALT_SIZE_IN_BYTES, bRet.Length - SALT_SIZE_IN_BYTES); } } internal string GenerateSalt() { byte[] buf = new byte[SALT_SIZE_IN_BYTES]; (new RNGCryptoServiceProvider()).GetBytes(buf); return Convert.ToBase64String(buf); } // // Event Section // public event MembershipValidatePasswordEventHandler ValidatingPassword { add { _EventHandler += value; } remove { _EventHandler -= value; } } protected virtual void OnValidatingPassword( ValidatePasswordEventArgs e ) { if( _EventHandler != null ) { _EventHandler( this, e ); } } private MembershipValidatePasswordEventHandler _EventHandler; } } // File provided for Reference Use Only by Microsoft Corporation (c) 2007.[To be supplied.] ///
Link Menu
This book is available now!
Buy at Amazon US or
Buy at Amazon UK
- AddressHeaderCollection.cs
- BaseServiceProvider.cs
- ClientFormsAuthenticationCredentials.cs
- ISAPIWorkerRequest.cs
- DesignerToolboxInfo.cs
- Repeater.cs
- ResourceDictionaryCollection.cs
- BookmarkScopeManager.cs
- SHA256Managed.cs
- SchemaImporterExtensionsSection.cs
- ButtonBaseAdapter.cs
- BooleanConverter.cs
- MethodBuilder.cs
- DefinitionUpdate.cs
- TextTreeUndoUnit.cs
- SapiGrammar.cs
- HierarchicalDataBoundControlAdapter.cs
- XmlArrayAttribute.cs
- LogSwitch.cs
- CodeCompileUnit.cs
- PackageRelationshipCollection.cs
- DataGridViewCellCancelEventArgs.cs
- Debug.cs
- Stroke.cs
- COM2IPerPropertyBrowsingHandler.cs
- InlineObject.cs
- ServiceModelStringsVersion1.cs
- NameSpaceExtractor.cs
- PopupRoot.cs
- DataGridRowDetailsEventArgs.cs
- LayoutEditorPart.cs
- ObjectCache.cs
- StylusShape.cs
- CodeAttributeDeclarationCollection.cs
- ToolStripDropDownButton.cs
- PeerCollaborationPermission.cs
- AmbientLight.cs
- HttpCachePolicy.cs
- DrawingCollection.cs
- BulletedListEventArgs.cs
- HashCodeCombiner.cs
- CodeAssignStatement.cs
- IItemContainerGenerator.cs
- DesignTimeData.cs
- ByteRangeDownloader.cs
- X509Certificate2Collection.cs
- EmbeddedMailObjectsCollection.cs
- KeyGestureConverter.cs
- MemberPath.cs
- KeyNotFoundException.cs
- PageContentCollection.cs
- ResizeGrip.cs
- EntityDataSourceWrapperCollection.cs
- HttpStaticObjectsCollectionBase.cs
- SystemTcpConnection.cs
- UdpTransportSettingsElement.cs
- ListViewDeleteEventArgs.cs
- StatusBarItemAutomationPeer.cs
- FileInfo.cs
- DateTime.cs
- PowerStatus.cs
- Rect3D.cs
- GridViewRowCollection.cs
- DynamicActivityTypeDescriptor.cs
- CodeObject.cs
- ObfuscateAssemblyAttribute.cs
- SqlCommandSet.cs
- PtsContext.cs
- HashMembershipCondition.cs
- BamlBinaryReader.cs
- XamlHostingSection.cs
- ManifestResourceInfo.cs
- CodeEntryPointMethod.cs
- URL.cs
- SharedDp.cs
- PropertyGridEditorPart.cs
- OneOfConst.cs
- DescendentsWalker.cs
- TableLayoutColumnStyleCollection.cs
- SqlDataSourceView.cs
- TypedLocationWrapper.cs
- NavigationWindow.cs
- PagerStyle.cs
- AssemblyBuilder.cs
- MailDefinition.cs
- SerialPort.cs
- UnSafeCharBuffer.cs
- AsyncMethodInvoker.cs
- MethodSignatureGenerator.cs
- PocoEntityKeyStrategy.cs
- unitconverter.cs
- Walker.cs
- SqlCacheDependency.cs
- MbpInfo.cs
- TextTreeUndoUnit.cs
- RotateTransform3D.cs
- WorkflowWebHostingModule.cs
- WindowsGraphics.cs
- WinEventQueueItem.cs
- AttributeQuery.cs