This is a really noob-like question to ask so apologies in advance!
I have implemented a custom role provider class (by inheriting the RoleProvider class and overriding the methods contained therein) and it works well - in the sense that I can apply a role attribute to a node in my sitemap, and it will disappear to those
not in the role (I have no login functionality yet so what i mean is that is disappears to non-authenticated users [cool] ). Now I want to implement login functionality for the site, and am going to use an existing Users table (with additional username/password
etc columns) to do so.
My question is, do i need to also implement a Membership Provider (custom or otherwise)?
For instance, I know that when the menu control is rendering the menu based on the site-map, somewhere it executes my IsUserInRole(username, rolename) method - but what information does it use to populate those parameters?
My ideal sulotion (as this is not a very big site) is to have a simple 2-textbox approach for username and password and set a sessionID with the UserID to handle login - is this sort of approach going to be compatible with my shiny new role provider?
Thats about enough questions - I hope what im asking is reasonably clear.
Thanks to all in advance!
Role ProviderMembership Providerexisting users table
My question is, do i need to also implement a Membership Provider (custom or otherwise)?
For instance, I know that when the menu control is rendering the menu based on the site-map, somewhere it executes my IsUserInRole(username, rolename) method - but what information does it use to populate those parameters?
My ideal sulotion (as this is not a very big site) is to have a simple 2-textbox approach for username and password and set a sessionID with the UserID to handle login - is this sort of approach going to be compatible with my shiny new role provider?
Hi
I wonder how you implement the AddUsersToRoles(). FindUsersInRole(), IsUserInRole() and RemoveUsersFromRoles() method, If use information is store in your custom datastore, then it's necessary to build a custom membership provider. Please do not use the
SessionID as UserID since sessionID is a random value and will change at the next login.
Best Regards
XiaoYong Dai
Microsoft Online Community Support
Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
Marked as answer by french_duke on May 08, 2008 08:10 PM
I have implemented the role provider using a custom database so it looks like ill have to also implement the membership provider the same way. When I said I was using session id for user authentication, what I meant to say was session variable - sorry for
the confusion.
This is a really noob-like question to ask so apologies in advance!
I have implemented a custom role provider class (by inheriting the RoleProvider class and overriding the methods contained therein) and it works well - in the sense that I can apply a role attribute to a node in my sitemap, and it will disappear to those
not in the role (I have no login functionality yet so what i mean is that is disappears to non-authenticated users ). Now I want to implement login functionality for the site, and am going
to use an existing Users table (with additional username/password etc columns) to do so.
My question is, do i need to also implement a Membership Provider (custom or otherwise)?
For instance, I know that when the menu control is rendering the menu based on the site-map, somewhere it executes my IsUserInRole(username, rolename) method - but what information does it use to populate those parameters?
My ideal sulotion (as this is not a very big site) is to have a simple 2-textbox approach for username and password and set a sessionID with the UserID to handle login - is this sort of approach going to be compatible with my shiny new role provider?
Thats about enough questions - I hope what im asking is reasonably clear.
Thanks to all in advance!
Please Help Me
I Do Not Find User Name And Password In Bellow Code ( Class (cs) file)
using
System;
using
System.Configuration;
using
System.Collections.Specialized;
using
System.Configuration.Provider;
using
System.Data;
using
System.Data.SqlClient;
using
System.Security.Cryptography;
using
System.Text;
using
System.Web.Configuration;
using System.Web.Security;
// This provider works with the following schema for the table of user data.
//Get encryption and decryption key information from the configuration.
System.Configuration.Configuration cfg =
WebConfigurationManager.OpenWebConfiguration(System.Web.Hosting.HostingEnvironment.ApplicationVirtualPath);
machineKey = cfg.GetSection(
"system.web/machineKey")
as MachineKeySection;
if (machineKey.ValidationKey.Contains("AutoGenerate"))
{
if (PasswordFormat !=
MembershipPasswordFormat.Clear)
{
throw new
ProviderException("Hashed or Encrypted passwords are not supported with auto-generated keys.");
if ((int)sqlCommand.Parameters["@returnValue"].Value == 0)
{
status = MembershipCreateStatus.Success;
}
else
{
status = MembershipCreateStatus.UserRejected;
}
}
catch (SqlException e)
{
//Add exception handling here.
status = MembershipCreateStatus.ProviderError;
}
finally
{
sqlConnection.Close();
}
return GetUser(username,
false);
}
else
{
status = MembershipCreateStatus.DuplicateUserName;
}
return null;
}
///
<summary>
/// Delete a user.
///
</summary>
///
<param name="username">User name.</param>
///
<param name="deleteAllRelatedData">Whether to delete all related data.</param>
///
<returns>T/F if the user was deleted.</returns>
public
override bool DeleteUser(
string username,
bool deleteAllRelatedData
)
{
SqlConnection sqlConnection =
new SqlConnection(connectionString);
SqlCommand sqlCommand =
new SqlCommand("User_Del", sqlConnection);
sqlCommand.CommandType = CommandType.StoredProcedure;
if ((int)sqlCommand.Parameters["@returnValue"].Value == 0)
{
if (deleteAllRelatedData)
{
//Process commands to delete all data for the user in the database.
}
}
else
{
return false;
}
}
catch (SqlException e)
{
//Add exception handling here.
}
finally
{
sqlConnection.Close();
}
return true;
}
///
<summary>
/// Get a collection of users.
///
</summary>
///
<param name="pageIndex">Page index.</param>
///
<param name="pageSize">Page size.</param>
///
<param name="totalRecords">Total # of records to retrieve.</param>
///
<returns>Collection of MembershipUser objects.</returns>
public
override MembershipUserCollection GetAllUsers(int pageIndex,
int pageSize,
out int totalRecords)
{
SqlConnection sqlConnection =
new SqlConnection(connectionString);
SqlCommand sqlCommand =
new SqlCommand("Users_Sel", sqlConnection);
sqlCommand.CommandType = CommandType.StoredProcedure;
sqlDataReader = sqlCommand.ExecuteReader(CommandBehavior.CloseConnection);
int counter = 0;
int startIndex = pageSize * pageIndex;
int endIndex = startIndex + pageSize - 1;
while (sqlDataReader.Read())
{
if (counter >= startIndex)
{
users.Add(GetUserFromReader(sqlDataReader));
}
if (counter >= endIndex) { sqlCommand.Cancel(); }
counter += 1;
}
}
catch (SqlException e)
{
//Add exception handling here.
}
finally
{
if (sqlDataReader !=
null)
{
sqlDataReader.Close();
}
}
return users;
}
///
<summary>
/// Gets the number of users currently on-line.
///
</summary>
///
<returns> /// # of users on-line.</returns>
public
override int GetNumberOfUsersOnline()
{
TimeSpan onlineSpan =
new TimeSpan(0, System.Web.Security.Membership.UserIsOnlineTimeWindow, 0);
DateTime compareTime =
DateTime.Now.Subtract(onlineSpan);
SqlConnection sqlConnection =
new SqlConnection(connectionString);
SqlCommand sqlCommand =
new SqlCommand("Users_NumberOnline", sqlConnection);
sqlCommand.CommandType = CommandType.StoredProcedure;
///
<summary>
/// Get the password for a user.
///
</summary>
///
<param name="username">User name.</param>
///
<param name="answer">Answer to security question.</param>
///
<returns>Password for the user.</returns>
public
override string GetPassword(
string username,
string answer
)
{
if (!EnablePasswordRetrieval)
{
throw new
ProviderException("Password Retrieval Not Enabled.");
}
if (PasswordFormat ==
MembershipPasswordFormat.Hashed)
{
throw new
ProviderException("Cannot retrieve Hashed passwords.");
}
SqlConnection sqlConnection =
new SqlConnection(connectionString);
SqlCommand sqlCommand =
new SqlCommand("User_GetPassword", sqlConnection);
sqlCommand.CommandType = CommandType.StoredProcedure;
if (sqlDataReader !=
null) { sqlDataReader.Close(); }
}
return membershipUser;
}
///
<summary>
/// Get a user based upon provider key and if they are on-line.
///
</summary>
///
<param name="userID">Provider key.</param>
///
<param name="userIsOnline">T/F whether the user is on-line.</param>
///
<returns></returns>
public
override MembershipUser GetUser(
object userID,
bool userIsOnline
)
{
SqlConnection sqlConnection =
new SqlConnection(connectionString);
SqlCommand sqlCommand =
new SqlCommand("User_SelByUserID", sqlConnection);
sqlCommand.CommandType = CommandType.StoredProcedure;
///
<summary>
/// Validate the user based upon username and password.
///
</summary>
///
<param name="username">User name.</param>
///
<param name="password">Password.</param>
///
<returns>T/F if the user is valid.</returns>
public
override bool ValidateUser(
string username,
string password
)
{
bool isValid =
false;
SqlConnection sqlConnection =
new SqlConnection(connectionString);
SqlCommand sqlCommand =
new SqlCommand("User_Validate", sqlConnection);
///
<summary>
/// Find all users matching a search string.
///
</summary>
///
<param name="usernameToMatch">Search string of user name to match.</param>
///
<param name="pageIndex"></param>
///
<param name="pageSize"></param>
///
<param name="totalRecords">Total records found.</param>
///
<returns>Collection of MembershipUser objects.</returns>
public
override MembershipUserCollection FindUsersByName(string usernameToMatch,
int pageIndex,
int pageSize, out
int totalRecords)
{
SqlConnection sqlConnection =
new SqlConnection(connectionString);
SqlCommand sqlCommand =
new SqlCommand("Users_Sel_ByUserName", sqlConnection);
sqlCommand.CommandType = CommandType.StoredProcedure;
if (sqlDataReader !=
null) { sqlDataReader.Close(); }
}
totalRecords = counter;
return membershipUsers;
}
///
<summary>
/// Find all users matching a search string of their email.
///
</summary>
///
<param name="emailToMatch">Search string of email to match.</param>
///
<param name="pageIndex"></param>
///
<param name="pageSize"></param>
///
<param name="totalRecords">Total records found.</param>
///
<returns>Collection of MembershipUser objects.</returns>
public
override MembershipUserCollection FindUsersByEmail(string emailToMatch,
int pageIndex,
int pageSize, out
int totalRecords)
{
SqlConnection sqlConnection =
new SqlConnection(connectionString);
SqlCommand sqlCommand =
new SqlCommand("Users_Sel_ByUserName", sqlConnection);
sqlCommand.CommandType = CommandType.StoredProcedure;
MembershipUser membershipUser =
new MembershipUser(this.Name,
username,
userID,
email,
passwordQuestion,
comment,
isApproved,
isLockedOut,
creationDate,
lastLoginDate,
lastActivityDate,
lastPasswordChangedDate,
lastLockedOutDate
);
return membershipUser;
}
///
<summary>
/// Converts a hexadecimal string to a byte array. Used to convert encryption key values from the configuration
///
</summary>
///
<param name="hexString"></param>
///
<returns></returns>
///
<remarks></remarks>
private
byte[] HexToByte(string hexString)
{
byte[] returnBytes =
new byte[hexString.Length / 2];
for (int i = 0; i < returnBytes.Length; i++)
returnBytes[i] = Convert.ToByte(hexString.Substring(i * 2, 2), 16);return returnBytes;
case MembershipPasswordFormat.Clear:
break;case
MembershipPasswordFormat.Encrypted:
encodedPassword =
Convert.ToBase64String(EncryptPassword(Encoding.Unicode.GetBytes(password)));
break;
case MembershipPasswordFormat.Hashed:
HMACSHA1 hash =
new HMACSHA1();
hash.Key = HexToByte(machineKey.ValidationKey);
encodedPassword =
Convert.ToBase64String(hash.ComputeHash(Encoding.Unicode.GetBytes(password)));
break;
default:throw
new ProviderException("Unsupported password format.");
case MembershipPasswordFormat.Clear:
break;case
MembershipPasswordFormat.Encrypted:
password =
Encoding.Unicode.GetString(DecryptPassword(Convert.FromBase64String(password)));
break;
case MembershipPasswordFormat.Hashed:
throw new
ProviderException("Cannot unencode a hashed password.");
default:
throw new
ProviderException("Unsupported password format.");
After starting to implement the custom membership provider I see your (rather concise) point - where indeed is the username property?
So when I set a node in my sitemap to a particular rolename, presumably somewhere in the background the IsUserInRole(username, rolename) method is called... so the same question remains, where does the 'username'
property come from?
If all I want to use is roles for security, should I actually be implementing a Custom MembershipUser class instead?
So when I set a node in my sitemap to a particular rolename, presumably somewhere in the background the IsUserInRole(username, rolename) method is called... so the same question remains, where does the 'username'
property come from?
Hi
The username property comes from the FormsauthenticationTicket. This ticket will append to each request after user has successfully logged in. ASP.NET remember user by decrypt FormsauthenticationTicket and get username from that.
Best Regards
XiaoYong Dai
Microsoft Online Community Support
Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
Marked as answer by french_duke on May 10, 2008 12:30 PM
I need to complete code of inbuilt login control like login, create user wizard, password recovery etc.and how to use with database So, please help me and how i put login control in .aspx page what is write in c# code for different login control
french_duke
Member
196 Points
147 Posts
Custom Role Provider without a Membership Provider?
May 06, 2008 08:37 PM|LINK
Hi guys
This is a really noob-like question to ask so apologies in advance!
I have implemented a custom role provider class (by inheriting the RoleProvider class and overriding the methods contained therein) and it works well - in the sense that I can apply a role attribute to a node in my sitemap, and it will disappear to those not in the role (I have no login functionality yet so what i mean is that is disappears to non-authenticated users [cool] ). Now I want to implement login functionality for the site, and am going to use an existing Users table (with additional username/password etc columns) to do so.
My question is, do i need to also implement a Membership Provider (custom or otherwise)?
For instance, I know that when the menu control is rendering the menu based on the site-map, somewhere it executes my IsUserInRole(username, rolename) method - but what information does it use to populate those parameters?
My ideal sulotion (as this is not a very big site) is to have a simple 2-textbox approach for username and password and set a sessionID with the UserID to handle login - is this sort of approach going to be compatible with my shiny new role provider?
Thats about enough questions - I hope what im asking is reasonably clear.
Thanks to all in advance!
Role Provider Membership Provider existing users table
XiaoYong Dai...
All-Star
38310 Points
4229 Posts
Re: Custom Role Provider without a Membership Provider?
May 08, 2008 05:43 AM|LINK
Hi
I wonder how you implement the AddUsersToRoles(). FindUsersInRole(), IsUserInRole() and RemoveUsersFromRoles() method, If use information is store in your custom datastore, then it's necessary to build a custom membership provider. Please do not use the SessionID as UserID since sessionID is a random value and will change at the next login.
XiaoYong Dai
Microsoft Online Community Support
Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
french_duke
Member
196 Points
147 Posts
Re: Custom Role Provider without a Membership Provider?
May 08, 2008 09:05 AM|LINK
Hey
I have implemented the role provider using a custom database so it looks like ill have to also implement the membership provider the same way. When I said I was using session id for user authentication, what I meant to say was session variable - sorry for the confusion.
Many thanks for the help
minhaj78692
Member
4 Points
2 Posts
Re: Custom Role Provider without a Membership Provider?
May 08, 2008 12:07 PM|LINK
Please Help Me
I Do Not Find User Name And Password In Bellow Code ( Class (cs) file)
using
System;using
System.Configuration;using
System.Collections.Specialized;using
System.Configuration.Provider;using
System.Data;using
System.Data.SqlClient;using
System.Security.Cryptography;using
System.Text;using
System.Web.Configuration; using System.Web.Security;// This provider works with the following schema for the table of user data.
//
//CREATE TABLE [dbo].[Users](
// [UserID] [uniqueidentifier] NOT NULL,
// [Username] [nvarchar](255) NOT NULL,
// [ApplicationName] [nvarchar](255) NOT NULL,
// [Email] [nvarchar](128) NOT NULL,
// [Comment] [nvarchar](255) NULL,
// [Password] [nvarchar](128) NOT NULL,
// [PasswordQuestion] [nvarchar](255) NULL,
// [PasswordAnswer] [nvarchar](255) NULL,
// [IsApproved] [bit] NULL,
// [LastActivityDate] [datetime] NULL,
// [LastLoginDate] [datetime] NULL,
// [LastPasswordChangedDate] [datetime] NULL,
// [CreationDate] [datetime] NULL,
// [IsOnLine] [bit] NULL,
// [IsLockedOut] [bit] NULL,
// [LastLockedOutDate] [datetime] NULL,
// [FailedPasswordAttemptCount] [int] NULL,
// [FailedPasswordAttemptWindowStart] [datetime] NULL,
// [FailedPasswordAnswerAttemptCount] [int] NULL,
// [FailedPasswordAnswerAttemptWindowStart] [datetime] NULL,
//PRIMARY KEY CLUSTERED
//(
// [UserID] ASC
//)WITH (PAD_INDEX = OFF, STATISTICS_NORECOMPUTE = OFF, IGNORE_DUP_KEY = OFF, ALLOW_ROW_LOCKS = ON, ALLOW_PAGE_LOCKS = ON) ON [PRIMARY]
//) ON [PRIMARY]
//
namespace HDI.AspNet.Membership{
public sealed class HDIMembershipProvider : MembershipProvider{
#region Class Variables private int newPasswordLength = 8; private string connectionString; private string applicationName; private bool enablePasswordReset; private bool enablePasswordRetrieval; private bool requiresQuestionAndAnswer; private bool requiresUniqueEmail; private int maxInvalidPasswordAttempts; private int passwordAttemptWindow; private MembershipPasswordFormat passwordFormat; private int minRequiredNonAlphanumericCharacters; private int minRequiredPasswordLength; private string passwordStrengthRegularExpression; private MachineKeySection machineKey; //Used when determining encryption key values.#endregion
#region Enums private enum FailureType{
Password = 1,
PasswordAnswer = 2
}
#endregion
#region Propertiespublic override string ApplicationName{
get{
return applicationName;}
set{
applicationName = value;}
}
public override bool EnablePasswordReset{
get{
return enablePasswordReset;}
}
public override bool EnablePasswordRetrieval{
get{
return enablePasswordRetrieval;}
}
public override bool RequiresQuestionAndAnswer{
get{
return requiresQuestionAndAnswer;}
}
public override bool RequiresUniqueEmail{
get{
return requiresUniqueEmail;}
}
public override int MaxInvalidPasswordAttempts{
get{
return maxInvalidPasswordAttempts;}
}
public override int PasswordAttemptWindow{
get{
return passwordAttemptWindow;}
}
public override MembershipPasswordFormat PasswordFormat{
get{
return passwordFormat;}
}
public override int MinRequiredNonAlphanumericCharacters{
get{
return minRequiredNonAlphanumericCharacters;}
}
public override int MinRequiredPasswordLength{
get{
return minRequiredPasswordLength;}
}
public override string PasswordStrengthRegularExpression{
get{
return passwordStrengthRegularExpression;}
}
#endregion
#region Initializationpublic override void Initialize(string name, NameValueCollection config){
if (config == null){
throw new ArgumentNullException("config");}
if (name == null || name.Length == 0){
name = "HDIMembershipProvider";}
if (String.IsNullOrEmpty(config["description"])){
config.Remove(
"description"); config.Add("description", "How Do I: Sample Membership provider");}
//Initialize the abstract base class. base.Initialize(name, config);applicationName = GetConfigValue(config[
"applicationName"], System.Web.Hosting.HostingEnvironment.ApplicationVirtualPath); maxInvalidPasswordAttempts = Convert.ToInt32(GetConfigValue(config["maxInvalidPasswordAttempts"], "5"));passwordAttemptWindow =
Convert.ToInt32(GetConfigValue(config["passwordAttemptWindow"], "10")); minRequiredNonAlphanumericCharacters = Convert.ToInt32(GetConfigValue(config["minRequiredAlphaNumericCharacters"], "1"));minRequiredPasswordLength =
Convert.ToInt32(GetConfigValue(config["minRequiredPasswordLength"], "7")); passwordStrengthRegularExpression = Convert.ToString(GetConfigValue(config["passwordStrengthRegularExpression"], String.Empty));enablePasswordReset =
Convert.ToBoolean(GetConfigValue(config["enablePasswordReset"], "true")); enablePasswordRetrieval = Convert.ToBoolean(GetConfigValue(config["enablePasswordRetrieval"], "true"));requiresQuestionAndAnswer =
Convert.ToBoolean(GetConfigValue(config["requiresQuestionAndAnswer"], "false")); requiresUniqueEmail = Convert.ToBoolean(GetConfigValue(config["requiresUniqueEmail"], "true")); string temp_format = config["passwordFormat"]; if (temp_format == null){
temp_format = "Hashed";}
switch (temp_format){
case "Hashed":passwordFormat =
MembershipPasswordFormat.Hashed; break; case "Encrypted": passwordFormat = MembershipPasswordFormat.Encrypted; break; case "Clear":passwordFormat =
MembershipPasswordFormat.Clear; break; default: throw new ProviderException("Password format not supported.");}
ConnectionStringSettings ConnectionStringSettings = ConfigurationManager.ConnectionStrings[config["connectionStringName"]];if ((ConnectionStringSettings == null) || (ConnectionStringSettings.ConnectionString.Trim() == String.Empty)){
throw new ProviderException("Connection string cannot be blank.");}
connectionString = ConnectionStringSettings.ConnectionString;
//Get encryption and decryption key information from the configuration. System.Configuration.Configuration cfg = WebConfigurationManager.OpenWebConfiguration(System.Web.Hosting.HostingEnvironment.ApplicationVirtualPath);machineKey = cfg.GetSection(
"system.web/machineKey") as MachineKeySection; if (machineKey.ValidationKey.Contains("AutoGenerate")){
if (PasswordFormat != MembershipPasswordFormat.Clear){
throw new ProviderException("Hashed or Encrypted passwords are not supported with auto-generated keys.");}
}
}
private string GetConfigValue(string configValue, string defaultValue){
if (String.IsNullOrEmpty(configValue)){
return defaultValue;}
return configValue;}
#endregion
#region Implemented Abstract Methods from MembershipProvider /// <summary> /// Change the user password. /// </summary> /// <param name="username">UserName</param> /// <param name="oldPwd">Old password.</param> /// <param name="newPwd">New password.</param> /// <returns>T/F if password was changed.</returns> public override bool ChangePassword(string username, string oldPwd, string newPwd){
if (!ValidateUser(username, oldPwd)){
return false;}
ValidatePasswordEventArgs args = new ValidatePasswordEventArgs(username, newPwd, true);OnValidatingPassword(args);
if (args.Cancel){
if (args.FailureInformation != null){
throw args.FailureInformation;}
else{
throw new Exception("Change password canceled due to new password validation failure.");}
}
SqlConnection sqlConnection = new SqlConnection(connectionString); SqlCommand sqlCommand = new SqlCommand("User_ChangePassword", sqlConnection); sqlCommand.CommandType = CommandType.StoredProcedure;sqlCommand.Parameters.Add(
"@password", SqlDbType.NVarChar, 255).Value = EncodePassword(newPwd); sqlCommand.Parameters.Add("@username", SqlDbType.NVarChar, 255).Value = username;sqlCommand.Parameters.Add(
"@applicationName", SqlDbType.NVarChar, 255).Value = applicationName; try{
sqlConnection.Open();
sqlCommand.ExecuteNonQuery();
}
catch (SqlException e){
//Add exception handling here. return false;}
finally{
sqlConnection.Close();
}
return true;}
/// <summary> /// Change the question and answer for a password validation. /// </summary> /// <param name="username">User name.</param> /// <param name="password">Password.</param> /// <param name="newPwdQuestion">New question text.</param> /// <param name="newPwdAnswer">New answer text.</param> /// <returns></returns> /// <remarks></remarks> public override bool ChangePasswordQuestionAndAnswer(string username, string password, string newPwdQuestion, string newPwdAnswer){
if (!ValidateUser(username, password)){
return false;}
SqlConnection sqlConnection = new SqlConnection(connectionString); SqlCommand sqlCommand = new SqlCommand("User_ChangePasswordQuestionAnswer", sqlConnection); sqlCommand.CommandType = CommandType.StoredProcedure;sqlCommand.Parameters.Add(
"@returnValue", SqlDbType.Int, 0).Direction = ParameterDirection.ReturnValue; sqlCommand.Parameters.Add("@question", SqlDbType.NVarChar, 255).Value = newPwdQuestion;sqlCommand.Parameters.Add(
"@answer", SqlDbType.NVarChar, 255).Value = EncodePassword(newPwdAnswer); sqlCommand.Parameters.Add("@username", SqlDbType.NVarChar, 255).Value = username; ;sqlCommand.Parameters.Add(
"@applicationName", SqlDbType.NVarChar, 255).Value = applicationName; try{
sqlConnection.Open();
sqlCommand.ExecuteNonQuery();
if ((int)sqlCommand.Parameters["@returnValue"].Value != 0){
return false;}
}
catch (SqlException e){
//Add exception handling here. return false;}
finally{
sqlConnection.Close();
}
return true;}
/// <summary> /// Create a new user. /// </summary> /// <param name="username">User name.</param> /// <param name="password">Password.</param> /// <param name="email">Email address.</param> /// <param name="passwordQuestion">Security quesiton for password.</param> /// <param name="passwordAnswer">Security quesiton answer for password.</param> /// <param name="isApproved"></param> /// <param name="userID">User ID</param> /// <param name="status"></param> /// <returns>MembershipUser</returns> public override MembershipUser CreateUser(string username, string password, string email, string passwordQuestion, string passwordAnswer, bool isApproved, object providerUserKey, out MembershipCreateStatus status){
ValidatePasswordEventArgs args = new ValidatePasswordEventArgs(username, password, true);OnValidatingPassword(args);
if (args.Cancel){
status = MembershipCreateStatus.InvalidPassword;return null;}
if ((RequiresUniqueEmail && (GetUserNameByEmail(email) != String.Empty))){
status =
MembershipCreateStatus.DuplicateEmail; return null;}
MembershipUser membershipUser = GetUser(username, false);if (membershipUser == null){
System.
DateTime createDate = DateTime.Now; SqlConnection sqlConnection = new SqlConnection(connectionString); SqlCommand sqlCommand = new SqlCommand("User_Ins", sqlConnection); sqlCommand.CommandType = CommandType.StoredProcedure;sqlCommand.Parameters.Add(
"@returnValue", SqlDbType.Int, 0).Direction = ParameterDirection.ReturnValue; sqlCommand.Parameters.Add("@username", SqlDbType.NVarChar, 255).Value = username; ;sqlCommand.Parameters.Add(
"@applicationName", SqlDbType.NVarChar, 255).Value = applicationName; sqlCommand.Parameters.Add("@password", SqlDbType.NVarChar, 255).Value = EncodePassword(password);sqlCommand.Parameters.Add(
"@email", SqlDbType.NVarChar, 128).Value = email; sqlCommand.Parameters.Add("@passwordQuestion", SqlDbType.NVarChar, 255).Value = passwordQuestion;sqlCommand.Parameters.Add(
"@passwordAnswer", SqlDbType.NVarChar, 255).Value = EncodePassword(passwordAnswer); sqlCommand.Parameters.Add("@isApproved", SqlDbType.Bit).Value = isApproved;sqlCommand.Parameters.Add(
"@comment", SqlDbType.NVarChar, 255).Value = String.Empty; try{
sqlConnection.Open();
sqlCommand.ExecuteNonQuery();
if ((int)sqlCommand.Parameters["@returnValue"].Value == 0){
status = MembershipCreateStatus.Success;}
else{
status = MembershipCreateStatus.UserRejected;}
}
catch (SqlException e){
//Add exception handling here. status = MembershipCreateStatus.ProviderError;}
finally{
sqlConnection.Close();
}
return GetUser(username, false);}
else{
status = MembershipCreateStatus.DuplicateUserName;}
return null;}
/// <summary> /// Delete a user. /// </summary> /// <param name="username">User name.</param> /// <param name="deleteAllRelatedData">Whether to delete all related data.</param> /// <returns>T/F if the user was deleted.</returns> public override bool DeleteUser( string username, bool deleteAllRelatedData)
{
SqlConnection sqlConnection = new SqlConnection(connectionString); SqlCommand sqlCommand = new SqlCommand("User_Del", sqlConnection); sqlCommand.CommandType = CommandType.StoredProcedure;sqlCommand.Parameters.Add(
"@returnValue", SqlDbType.Int, 0).Direction = ParameterDirection.ReturnValue; sqlCommand.Parameters.Add("@username", SqlDbType.NVarChar, 255).Value = username; ;sqlCommand.Parameters.Add(
"@applicationName", SqlDbType.NVarChar, 255).Value = applicationName; try{
sqlConnection.Open();
sqlCommand.ExecuteNonQuery();
if ((int)sqlCommand.Parameters["@returnValue"].Value == 0){
if (deleteAllRelatedData){
//Process commands to delete all data for the user in the database.}
}
else{
return false;}
}
catch (SqlException e){
//Add exception handling here.}
finally{
sqlConnection.Close();
}
return true;}
/// <summary> /// Get a collection of users. /// </summary> /// <param name="pageIndex">Page index.</param> /// <param name="pageSize">Page size.</param> /// <param name="totalRecords">Total # of records to retrieve.</param> /// <returns>Collection of MembershipUser objects.</returns> public override MembershipUserCollection GetAllUsers(int pageIndex, int pageSize, out int totalRecords){
SqlConnection sqlConnection = new SqlConnection(connectionString); SqlCommand sqlCommand = new SqlCommand("Users_Sel", sqlConnection); sqlCommand.CommandType = CommandType.StoredProcedure;sqlCommand.Parameters.Add(
"@applicationName", SqlDbType.NVarChar, 255).Value = applicationName; MembershipUserCollection users = new MembershipUserCollection();SqlDataReader sqlDataReader = null;totalRecords = 0;
try{
sqlConnection.Open();
sqlDataReader = sqlCommand.ExecuteReader(CommandBehavior.CloseConnection); int counter = 0; int startIndex = pageSize * pageIndex; int endIndex = startIndex + pageSize - 1; while (sqlDataReader.Read()){
if (counter >= startIndex){
users.Add(GetUserFromReader(sqlDataReader));
}
if (counter >= endIndex) { sqlCommand.Cancel(); }counter += 1;
}
}
catch (SqlException e){
//Add exception handling here.}
finally{
if (sqlDataReader != null){
sqlDataReader.Close();
}
}
return users;}
/// <summary> /// Gets the number of users currently on-line. /// </summary> /// <returns> /// # of users on-line.</returns> public override int GetNumberOfUsersOnline(){
TimeSpan onlineSpan = new TimeSpan(0, System.Web.Security.Membership.UserIsOnlineTimeWindow, 0); DateTime compareTime = DateTime.Now.Subtract(onlineSpan); SqlConnection sqlConnection = new SqlConnection(connectionString); SqlCommand sqlCommand = new SqlCommand("Users_NumberOnline", sqlConnection); sqlCommand.CommandType = CommandType.StoredProcedure;sqlCommand.Parameters.Add(
"@applicationName", SqlDbType.NVarChar, 255).Value = applicationName; sqlCommand.Parameters.Add("@compareDate", SqlDbType.DateTime).Value = compareTime; int numOnline = 0; try{
sqlConnection.Open();
numOnline = Convert.ToInt32(sqlCommand.ExecuteScalar());}
catch (SqlException e){
//Add exception handling here.}
finally{
sqlConnection.Close();
}
return numOnline;}
/// <summary> /// Get the password for a user. /// </summary> /// <param name="username">User name.</param> /// <param name="answer">Answer to security question.</param> /// <returns>Password for the user.</returns> public override string GetPassword( string username, string answer)
{
if (!EnablePasswordRetrieval){
throw new ProviderException("Password Retrieval Not Enabled.");}
if (PasswordFormat == MembershipPasswordFormat.Hashed){
throw new ProviderException("Cannot retrieve Hashed passwords.");}
SqlConnection sqlConnection = new SqlConnection(connectionString); SqlCommand sqlCommand = new SqlCommand("User_GetPassword", sqlConnection); sqlCommand.CommandType = CommandType.StoredProcedure;sqlCommand.Parameters.Add(
"@username", SqlDbType.NVarChar, 255).Value = username; sqlCommand.Parameters.Add("@applicationName", SqlDbType.NVarChar, 255).Value = applicationName; string password = String.Empty; string passwordAnswer = String.Empty; SqlDataReader sqlDataReader = null; try{
sqlConnection.Open();
sqlDataReader = sqlCommand.ExecuteReader(CommandBehavior.SingleRow & CommandBehavior.CloseConnection);if (sqlDataReader.HasRows){
sqlDataReader.Read();
if (sqlDataReader.GetBoolean(2)){
throw new MembershipPasswordException("The supplied user is locked out.");}
password = sqlDataReader.GetString(0);
passwordAnswer = sqlDataReader.GetString(1);
}
else{
throw new MembershipPasswordException("The supplied user name is not found.");}
}
catch (SqlException e){
//Add exception handling here.}
finally{
if (sqlDataReader != null) { sqlDataReader.Close(); }}
if (RequiresQuestionAndAnswer && !CheckPassword(answer, passwordAnswer)){
UpdateFailureCount(username, FailureType.PasswordAnswer);throw new MembershipPasswordException("Incorrect password answer.");}
if (PasswordFormat == MembershipPasswordFormat.Encrypted){
password = UnEncodePassword(password);
}
return password;}
public override MembershipUser GetUser( string username, bool userIsOnline)
{
SqlConnection sqlConnection = new SqlConnection(connectionString); SqlCommand sqlCommand = new SqlCommand("User_Sel", sqlConnection); sqlCommand.CommandType = CommandType.StoredProcedure;sqlCommand.Parameters.Add(
"@username", SqlDbType.NVarChar, 255).Value = username; sqlCommand.Parameters.Add("@applicationName", SqlDbType.NVarChar, 255).Value = applicationName; MembershipUser membershipUser = null; SqlDataReader sqlDataReader = null; try{
sqlConnection.Open();
sqlDataReader = sqlCommand.ExecuteReader(CommandBehavior.CloseConnection);if (sqlDataReader.HasRows){
sqlDataReader.Read();
membershipUser = GetUserFromReader(sqlDataReader);
if (userIsOnline){
SqlCommand sqlUpdateCommand = new SqlCommand("User_UpdateActivityDate_ByUserName", sqlConnection);sqlUpdateCommand.CommandType =
CommandType.StoredProcedure; sqlUpdateCommand.Parameters.Add("@username", SqlDbType.NVarChar, 255).Value = username;sqlUpdateCommand.Parameters.Add("@applicationName", SqlDbType.NVarChar, 255).Value = applicationName;sqlUpdateCommand.ExecuteNonQuery();
}
}
}
catch (SqlException e){
//Add exception handling here.}
finally{
if (sqlDataReader != null) { sqlDataReader.Close(); }}
return membershipUser;}
/// <summary> /// Get a user based upon provider key and if they are on-line. /// </summary> /// <param name="userID">Provider key.</param> /// <param name="userIsOnline">T/F whether the user is on-line.</param> /// <returns></returns> public override MembershipUser GetUser( object userID, bool userIsOnline)
{
SqlConnection sqlConnection = new SqlConnection(connectionString); SqlCommand sqlCommand = new SqlCommand("User_SelByUserID", sqlConnection); sqlCommand.CommandType = CommandType.StoredProcedure;sqlCommand.Parameters.Add(
"@userID", SqlDbType.UniqueIdentifier).Value = userID; MembershipUser membershipUser = null; SqlDataReader sqlDataReader = null; try{
sqlConnection.Open();
sqlDataReader = sqlCommand.ExecuteReader(CommandBehavior.CloseConnection);if (sqlDataReader.HasRows){
sqlDataReader.Read();
membershipUser = GetUserFromReader(sqlDataReader);
if (userIsOnline){
SqlCommand sqlUpdateCommand = new SqlCommand("User_UpdateActivityDate_ByUserID", sqlConnection);sqlUpdateCommand.CommandType =
CommandType.StoredProcedure; sqlUpdateCommand.Parameters.Add("@userID", SqlDbType.NVarChar, 255).Value = userID;sqlUpdateCommand.Parameters.Add("@applicationName", SqlDbType.NVarChar, 255).Value = applicationName;sqlUpdateCommand.ExecuteNonQuery();
}
}
}
catch (SqlException e){
//Add exception handling here.}
finally{
if (sqlDataReader != null) { sqlDataReader.Close(); }}
return membershipUser;}
/// <summary> /// Unlock a user. /// </summary> /// <param name="username">User name.</param> /// <returns>T/F if unlocked.</returns> public override bool UnlockUser(string username)
{
SqlConnection sqlConnection = new SqlConnection(connectionString); SqlCommand sqlCommand = new SqlCommand("User_Unlock", sqlConnection); sqlCommand.CommandType = CommandType.StoredProcedure;sqlCommand.Parameters.Add(
"@returnValue", SqlDbType.Int, 0).Direction = ParameterDirection.ReturnValue; sqlCommand.Parameters.Add("@username", SqlDbType.NVarChar, 255).Value = username;sqlCommand.Parameters.Add(
"@applicationName", SqlDbType.NVarChar, 255).Value = applicationName; int rowsAffected = 0; try{
sqlConnection.Open();
sqlCommand.ExecuteNonQuery();
if ((int)sqlCommand.Parameters["@returnValue"].Value == 0){
return false;}
}
catch (SqlException e){
//Add exception handling here. return false;}
finally{
sqlConnection.Close();
}
return true;}
public override string GetUserNameByEmail(string email){
SqlConnection sqlConnection = new SqlConnection(connectionString); SqlCommand sqlCommand = new SqlCommand("UserName_Sel_ByEmail", sqlConnection); sqlCommand.CommandType = CommandType.StoredProcedure;sqlCommand.Parameters.Add(
"@email", SqlDbType.NVarChar, 128).Value = email; sqlCommand.Parameters.Add("@applicationName", SqlDbType.NVarChar, 255).Value = applicationName; string username = String.Empty; try{
sqlConnection.Open();
username = Convert.ToString(sqlCommand.ExecuteScalar());}
catch (SqlException e){
//Add exception handling here.}
finally{
sqlConnection.Close();
}
if (username == null){
return String.Empty;}
else{
username.Trim();
}
return username;}
/// <summary> /// Reset the user password. /// </summary> /// <param name="username">User name.</param> /// <param name="answer">Answer to security question.</param> /// <returns></returns> /// <remarks></remarks> public override string ResetPassword( string username, string answer)
{
if (!EnablePasswordReset){
throw new NotSupportedException("Password Reset is not enabled.");}
if ((answer == null) && (RequiresQuestionAndAnswer)){
UpdateFailureCount(username, FailureType.PasswordAnswer);throw new ProviderException("Password answer required for password Reset.");}
string newPassword = System.Web.Security.Membership.GeneratePassword(newPasswordLength,
MinRequiredNonAlphanumericCharacters
);
ValidatePasswordEventArgs args = new ValidatePasswordEventArgs(username, newPassword, true);OnValidatingPassword(args);
if (args.Cancel){
if (args.FailureInformation != null){
throw args.FailureInformation;}
else{
throw new MembershipPasswordException("Reset password canceled due to password validation failure.");}
}
SqlConnection sqlConnection = new SqlConnection(connectionString); SqlCommand sqlCommand = new SqlCommand("User_GetPasswordAnswer", sqlConnection); sqlCommand.CommandType = CommandType.StoredProcedure;sqlCommand.Parameters.Add(
"@username", SqlDbType.NVarChar, 255).Value = username; sqlCommand.Parameters.Add("@applicationName", SqlDbType.NVarChar, 255).Value = applicationName; int rowsAffected = 0; string passwordAnswer = String.Empty; SqlDataReader sqlDataReader = null; try{
sqlConnection.Open();
sqlDataReader = sqlCommand.ExecuteReader(CommandBehavior.SingleRow & CommandBehavior.CloseConnection);if (sqlDataReader.HasRows){
sqlDataReader.Read();
if (sqlDataReader.GetBoolean(1)){
throw new MembershipPasswordException("The supplied user is locked out.");}
passwordAnswer = sqlDataReader.GetString(0);
}
else{
throw new MembershipPasswordException("The supplied user name is not found.");}
if (RequiresQuestionAndAnswer && (!CheckPassword(answer, passwordAnswer))){
UpdateFailureCount(username, FailureType.PasswordAnswer);throw new MembershipPasswordException("Incorrect password answer.");}
SqlCommand sqlUpdateCommand = new SqlCommand("User_UpdatePassword", sqlConnection); sqlUpdateCommand.CommandType = CommandType.StoredProcedure;sqlUpdateCommand.Parameters.Add(
"@password", SqlDbType.NVarChar, 255).Value = EncodePassword(newPassword); sqlUpdateCommand.Parameters.Add("@username", SqlDbType.NVarChar, 255).Value = username;sqlUpdateCommand.Parameters.Add("@applicationName", SqlDbType.NVarChar, 255).Value = applicationName;rowsAffected = sqlUpdateCommand.ExecuteNonQuery();
}
catch (SqlException e){
//Add exception handling here.}
finally{
if (sqlDataReader != null) { sqlDataReader.Close(); }}
if (rowsAffected > 0){
return newPassword;}
else{
throw new MembershipPasswordException("User not found, or user is locked out. Password not Reset.");}
}
/// <summary> /// Update the user information. /// </summary> /// <param name="_membershipUser">MembershipUser object containing data.</param> public override void UpdateUser(MembershipUser membershipUser){
SqlConnection sqlConnection = new SqlConnection(connectionString); SqlCommand sqlCommand = new SqlCommand("User_Upd", sqlConnection); sqlCommand.CommandType = CommandType.StoredProcedure;sqlCommand.Parameters.Add(
"@email", SqlDbType.NVarChar, 128).Value = membershipUser.Email; sqlCommand.Parameters.Add("@comment", SqlDbType.NVarChar, 255).Value = membershipUser.Comment;sqlCommand.Parameters.Add(
"@isApproved", SqlDbType.Bit).Value = membershipUser.IsApproved; sqlCommand.Parameters.Add("@username", SqlDbType.NVarChar, 255).Value = membershipUser.UserName;sqlCommand.Parameters.Add(
"@applicationName", SqlDbType.NVarChar, 255).Value = applicationName; try{
sqlConnection.Open();
sqlCommand.ExecuteNonQuery();
}
catch (SqlException e){
//Add exception handling here.}
finally{
sqlConnection.Close();
}
}
/// <summary> /// Validate the user based upon username and password. /// </summary> /// <param name="username">User name.</param> /// <param name="password">Password.</param> /// <returns>T/F if the user is valid.</returns> public override bool ValidateUser( string username, string password)
{
bool isValid = false; SqlConnection sqlConnection = new SqlConnection(connectionString); SqlCommand sqlCommand = new SqlCommand("User_Validate", sqlConnection);sqlCommand.CommandType =
CommandType.StoredProcedure; sqlCommand.Parameters.Add("@username", SqlDbType.NVarChar, 255).Value = username;sqlCommand.Parameters.Add(
"@applicationName", SqlDbType.NVarChar, 255).Value = applicationName; SqlDataReader sqlDataReader = null; bool isApproved = false; string storedPassword = String.Empty; try{
sqlConnection.Open();
sqlDataReader = sqlCommand.ExecuteReader(CommandBehavior.SingleRow);if (sqlDataReader.HasRows){
sqlDataReader.Read();
storedPassword = sqlDataReader.GetString(0);
isApproved = sqlDataReader.GetBoolean(1);
}
else{
return false;}
sqlDataReader.Close();
if (CheckPassword(password, storedPassword)){
if (isApproved){
isValid = true; SqlCommand sqlUpdateCommand = new SqlCommand("User_UpdateLoginDate", sqlConnection); sqlUpdateCommand.CommandType = CommandType.StoredProcedure;sqlUpdateCommand.Parameters.Add(
"@username", SqlDbType.NVarChar, 255).Value = username; sqlUpdateCommand.Parameters.Add("@applicationName", SqlDbType.NVarChar, 255).Value = applicationName;sqlUpdateCommand.ExecuteNonQuery();
}
}
else{
sqlConnection.Close();
UpdateFailureCount(username, FailureType.Password);}
}
catch (SqlException e){
//Add exception handling here.}
finally{
if (sqlDataReader != null) { sqlDataReader.Close(); }if ((sqlConnection != null) && (sqlConnection.State == ConnectionState.Open)) { sqlConnection.Close(); }}
return isValid;}
/// <summary> /// Find all users matching a search string. /// </summary> /// <param name="usernameToMatch">Search string of user name to match.</param> /// <param name="pageIndex"></param> /// <param name="pageSize"></param> /// <param name="totalRecords">Total records found.</param> /// <returns>Collection of MembershipUser objects.</returns> public override MembershipUserCollection FindUsersByName(string usernameToMatch, int pageIndex, int pageSize, out int totalRecords){
SqlConnection sqlConnection = new SqlConnection(connectionString); SqlCommand sqlCommand = new SqlCommand("Users_Sel_ByUserName", sqlConnection); sqlCommand.CommandType = CommandType.StoredProcedure;sqlCommand.Parameters.Add(
"@username", SqlDbType.NVarChar, 255).Value = usernameToMatch; sqlCommand.Parameters.Add("@applicationName", SqlDbType.NVarChar, 255).Value = applicationName; MembershipUserCollection membershipUsers = new MembershipUserCollection(); SqlDataReader sqlDataReader = null; int counter = 0; try{
sqlConnection.Open();
sqlDataReader = sqlCommand.ExecuteReader(CommandBehavior.CloseConnection); int startIndex = pageSize * pageIndex; int endIndex = startIndex + pageSize - 1;while (sqlDataReader.Read()){
if (counter >= startIndex){
MembershipUser membershipUser = GetUserFromReader(sqlDataReader);membershipUsers.Add(membershipUser);
}
if (counter >= endIndex) { sqlCommand.Cancel(); }counter += 1;
}
}
catch (SqlException e){
//Add exception handling here.}
finally{
if (sqlDataReader != null) { sqlDataReader.Close(); }}
totalRecords = counter;
return membershipUsers;}
/// <summary> /// Find all users matching a search string of their email. /// </summary> /// <param name="emailToMatch">Search string of email to match.</param> /// <param name="pageIndex"></param> /// <param name="pageSize"></param> /// <param name="totalRecords">Total records found.</param> /// <returns>Collection of MembershipUser objects.</returns> public override MembershipUserCollection FindUsersByEmail(string emailToMatch, int pageIndex, int pageSize, out int totalRecords){
SqlConnection sqlConnection = new SqlConnection(connectionString); SqlCommand sqlCommand = new SqlCommand("Users_Sel_ByUserName", sqlConnection); sqlCommand.CommandType = CommandType.StoredProcedure;sqlCommand.Parameters.Add(
"@email", SqlDbType.NVarChar, 255).Value = emailToMatch; sqlCommand.Parameters.Add("@applicationName", SqlDbType.NVarChar, 255).Value = applicationName; MembershipUserCollection membershipUsers = new MembershipUserCollection(); SqlDataReader sqlDataReader = null; int counter = 0; try{
sqlConnection.Open();
sqlDataReader = sqlCommand.ExecuteReader(CommandBehavior.CloseConnection); int startIndex = pageSize * pageIndex; int endIndex = startIndex + pageSize - 1;while (sqlDataReader.Read()){
if (counter >= startIndex){
MembershipUser membershipUser = GetUserFromReader(sqlDataReader);membershipUsers.Add(membershipUser);
}
if (counter >= endIndex) { sqlCommand.Cancel(); }counter += 1;
}
}
catch (SqlException e){
//Add exception handling here.}
finally{
if (sqlDataReader != null) { sqlDataReader.Close(); }}
totalRecords = counter;
return membershipUsers;}
#endregion
#region "Utility Functions" /// <summary> /// Create a MembershipUser object from a data reader. /// </summary> /// <param name="sqlDataReader">Data reader.</param> /// <returns>MembershipUser object.</returns> private MembershipUser GetUserFromReader(SqlDataReader sqlDataReader)
{
object userID = sqlDataReader.GetValue(0); string username = sqlDataReader.GetString(1); string email = sqlDataReader.GetString(2); string passwordQuestion = String.Empty; if (sqlDataReader.GetValue(3) != DBNull.Value){
passwordQuestion = sqlDataReader.GetString(3);
}
string comment = String.Empty;if (sqlDataReader.GetValue(4) != DBNull.Value){
comment = sqlDataReader.GetString(4);
}
bool isApproved = sqlDataReader.GetBoolean(5); bool isLockedOut = sqlDataReader.GetBoolean(6); DateTime creationDate = sqlDataReader.GetDateTime(7); DateTime lastLoginDate = new DateTime(); if (sqlDataReader.GetValue(8) != DBNull.Value){
lastLoginDate = sqlDataReader.GetDateTime(8);
}
DateTime lastActivityDate = sqlDataReader.GetDateTime(9); DateTime lastPasswordChangedDate = sqlDataReader.GetDateTime(10); DateTime lastLockedOutDate = new DateTime();if (sqlDataReader.GetValue(11) != DBNull.Value){
lastLockedOutDate = sqlDataReader.GetDateTime(11);
}
MembershipUser membershipUser = new MembershipUser(this.Name,username,
userID,
email,
passwordQuestion,
comment,
isApproved,
isLockedOut,
creationDate,
lastLoginDate,
lastActivityDate,
lastPasswordChangedDate,
lastLockedOutDate
);
return membershipUser;}
/// <summary> /// Converts a hexadecimal string to a byte array. Used to convert encryption key values from the configuration /// </summary> /// <param name="hexString"></param> /// <returns></returns> /// <remarks></remarks> private byte[] HexToByte(string hexString){
byte[] returnBytes = new byte[hexString.Length / 2]; for (int i = 0; i < returnBytes.Length; i++) returnBytes[i] = Convert.ToByte(hexString.Substring(i * 2, 2), 16);return returnBytes;}
/// <summary> /// Update password and answer failure information. /// </summary> /// <param name="username">User name.</param> /// <param name="failureType">Type of failure</param> /// <remarks></remarks> private void UpdateFailureCount(string username, FailureType failureType){
SqlConnection sqlConnection = new SqlConnection(connectionString); SqlCommand sqlCommand = new SqlCommand("Users_Sel_ByUserName", sqlConnection); sqlCommand.CommandType = CommandType.StoredProcedure;sqlCommand.Parameters.Add(
"@failureType", SqlDbType.Int, 0).Value = failureType; sqlCommand.Parameters.Add("@passwordAttempWindow", SqlDbType.DateTime, 0).Value = passwordAttemptWindow;sqlCommand.Parameters.Add(
"@maxInvalidPasswordAttempts", SqlDbType.Int, 0).Value = maxInvalidPasswordAttempts; sqlCommand.Parameters.Add("@userName", SqlDbType.NVarChar, 255).Value = username;sqlCommand.Parameters.Add(
"@applicationName", SqlDbType.NVarChar, 255).Value = applicationName; try{
sqlConnection.Open();
sqlCommand.ExecuteNonQuery();
}
catch (Exception ex){
//Add exception handling here.}
}
/// <summary> /// Check the password format based upon the MembershipPasswordFormat. /// </summary> /// <param name="password">Password</param> /// <param name="dbpassword"></param> /// <returns></returns> /// <remarks></remarks> private bool CheckPassword(string password, string dbpassword){
string pass1 = password; string pass2 = dbpassword; switch (PasswordFormat){
case MembershipPasswordFormat.Encrypted:pass2 = UnEncodePassword(dbpassword);
break;case MembershipPasswordFormat.Hashed:pass1 = EncodePassword(password);
break; default:break;}
if (pass1 == pass2){
return true;}
return false;}
/// <summary> /// Encode password. /// </summary> /// <param name="password">Password.</param> /// <returns>Encoded password.</returns> private string EncodePassword(string password){
string encodedPassword = password;switch (PasswordFormat){
case MembershipPasswordFormat.Clear: break;case MembershipPasswordFormat.Encrypted:encodedPassword =
Convert.ToBase64String(EncryptPassword(Encoding.Unicode.GetBytes(password))); break; case MembershipPasswordFormat.Hashed: HMACSHA1 hash = new HMACSHA1();hash.Key = HexToByte(machineKey.ValidationKey);
encodedPassword =
Convert.ToBase64String(hash.ComputeHash(Encoding.Unicode.GetBytes(password))); break; default:throw new ProviderException("Unsupported password format.");}
return encodedPassword;}
/// <summary> /// UnEncode password. /// </summary> /// <param name="encodedPassword">Password.</param> /// <returns>Unencoded password.</returns> private string UnEncodePassword(string encodedPassword){
string password = encodedPassword;switch (PasswordFormat){
case MembershipPasswordFormat.Clear: break;case MembershipPasswordFormat.Encrypted:password =
Encoding.Unicode.GetString(DecryptPassword(Convert.FromBase64String(password))); break; case MembershipPasswordFormat.Hashed: throw new ProviderException("Cannot unencode a hashed password."); default: throw new ProviderException("Unsupported password format.");}
return password;}
#endregion
}
}
.net 2.0 security
french_duke
Member
196 Points
147 Posts
Re: Custom Role Provider without a Membership Provider?
May 08, 2008 12:44 PM|LINK
Sorry, what is the problem exactly?
french_duke
Member
196 Points
147 Posts
Re: Custom Role Provider without a Membership Provider?
May 08, 2008 08:59 PM|LINK
Hey
After starting to implement the custom membership provider I see your (rather concise) point - where indeed is the username property?
So when I set a node in my sitemap to a particular rolename, presumably somewhere in the background the IsUserInRole(username, rolename) method is called... so the same question remains, where does the 'username' property come from?
If all I want to use is roles for security, should I actually be implementing a Custom MembershipUser class instead?
XiaoYong Dai...
All-Star
38310 Points
4229 Posts
Re: Custom Role Provider without a Membership Provider?
May 09, 2008 04:06 AM|LINK
Hi
The username property comes from the FormsauthenticationTicket. This ticket will append to each request after user has successfully logged in. ASP.NET remember user by decrypt FormsauthenticationTicket and get username from that.
Here you can get more information about Forms-Based Authentication and FormsauthenticationTicket http://support.microsoft.com/kb/301240/en-us
Hope it helps
XiaoYong Dai
Microsoft Online Community Support
Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
minhaj78692
Member
4 Points
2 Posts
Re: Custom Role Provider without a Membership Provider?
May 09, 2008 04:54 AM|LINK
I need to complete code of inbuilt login control like login, create user wizard, password recovery etc.and how to use with database So, please help me and how i put login control in .aspx page what is write in c# code for different login control
.net 2.0 security
french_duke
Member
196 Points
147 Posts
Re: Custom Role Provider without a Membership Provider?
May 10, 2008 12:25 PM|LINK
Hey
I have checked out that article and it looks awesome.
I'll check it out and no doubt post any questions I may have in a new thread. Many thanks
foluis
Member
33 Points
17 Posts
Re: Custom Role Provider without a Membership Provider?
Feb 24, 2012 01:22 PM|LINK
Hi minhaj78692
Could you please post your stored procedures?