//
// System.Web.Security.MembershipProvider
//
// Authors:
// Ben Maurer (bmaurer@users.sourceforge.net)
// Lluis Sanchez Gual (lluis@novell.com)
//
// (C) 2003 Ben Maurer
// Copyright (C) 2005 Novell, Inc (http://www.novell.com)
//
// Permission is hereby granted, free of charge, to any person obtaining
// a copy of this software and associated documentation files (the
// "Software"), to deal in the Software without restriction, including
// without limitation the rights to use, copy, modify, merge, publish,
// distribute, sublicense, and/or sell copies of the Software, and to
// permit persons to whom the Software is furnished to do so, subject to
// the following conditions:
//
// The above copyright notice and this permission notice shall be
// included in all copies or substantial portions of the Software.
//
// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
// EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
// NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
// LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
//
#if NET_2_0
using System.Configuration.Provider;
using System.Web.Configuration;
using System.Security.Cryptography;
using System.Text;
namespace System.Web.Security
{
public abstract class MembershipProvider : ProviderBase
{
protected MembershipProvider ()
{
}
public abstract bool ChangePassword (string name, string oldPwd, string newPwd);
public abstract bool ChangePasswordQuestionAndAnswer (string name, string password, string newPwdQuestion, string newPwdAnswer);
public abstract MembershipUser CreateUser (string username, string password, string email, string pwdQuestion, string pwdAnswer, bool isApproved, object providerUserKey, out MembershipCreateStatus status);
public abstract bool DeleteUser (string name, bool deleteAllRelatedData);
public abstract MembershipUserCollection FindUsersByEmail (string emailToMatch, int pageIndex, int pageSize, out int totalRecords);
public abstract MembershipUserCollection FindUsersByName (string nameToMatch, int pageIndex, int pageSize, out int totalRecords);
public abstract MembershipUserCollection GetAllUsers (int pageIndex, int pageSize, out int totalRecords);
public abstract int GetNumberOfUsersOnline ();
public abstract string GetPassword (string name, string answer);
public abstract MembershipUser GetUser (string name, bool userIsOnline);
public abstract MembershipUser GetUser (object providerUserKey, bool userIsOnline);
public abstract string GetUserNameByEmail (string email);
public abstract string ResetPassword (string name, string answer);
public abstract void UpdateUser (MembershipUser user);
public abstract bool ValidateUser (string name, string password);
public abstract bool UnlockUser (string userName);
public abstract string ApplicationName { get; set; }
public abstract bool EnablePasswordReset { get; }
public abstract bool EnablePasswordRetrieval { get; }
public abstract bool RequiresQuestionAndAnswer { get; }
public abstract int MaxInvalidPasswordAttempts { get; }
public abstract int MinRequiredNonAlphanumericCharacters { get; }
public abstract int MinRequiredPasswordLength { get; }
public abstract int PasswordAttemptWindow { get; }
public abstract MembershipPasswordFormat PasswordFormat { get; }
public abstract string PasswordStrengthRegularExpression { get; }
public abstract bool RequiresUniqueEmail { get; }
protected virtual void OnValidatingPassword (ValidatePasswordEventArgs args)
{
if (ValidatingPassword != null)
ValidatingPassword (this, args);
}
protected virtual byte[] DecryptPassword (byte[] encodedPassword)
{
throw new NotImplementedException ();
}
protected virtual byte[] EncryptPassword (byte[] password)
{
throw new NotImplementedException ();
}
public event MembershipValidatePasswordEventHandler ValidatingPassword;
internal string EncodePassword (string password, MembershipPasswordFormat passwordFormat, string salt)
{
byte[] password_bytes;
byte[] salt_bytes;
switch (passwordFormat) {
case MembershipPasswordFormat.Clear:
return password;
case MembershipPasswordFormat.Hashed:
password_bytes = Encoding.Unicode.GetBytes (password);
salt_bytes = Convert.FromBase64String (salt);
byte[] hashBytes = new byte[salt_bytes.Length + password_bytes.Length];
Buffer.BlockCopy (salt_bytes, 0, hashBytes, 0, salt_bytes.Length);
Buffer.BlockCopy (password_bytes, 0, hashBytes, salt_bytes.Length, password_bytes.Length);
MembershipSection section = (MembershipSection)WebConfigurationManager.GetSection ("system.web/membership");
string alg_type = section.HashAlgorithmType;
if (alg_type == "") {
MachineKeySection keysection = (MachineKeySection)WebConfigurationManager.GetSection ("system.web/machineKey");
alg_type = keysection.Validation.ToString ();
}
using (HashAlgorithm hash = HashAlgorithm.Create (alg_type)) {
hash.TransformFinalBlock (hashBytes, 0, hashBytes.Length);
return Convert.ToBase64String (hash.Hash);
}
case MembershipPasswordFormat.Encrypted:
password_bytes = Encoding.Unicode.GetBytes (password);
salt_bytes = Convert.FromBase64String (salt);
byte[] buf = new byte[password_bytes.Length + salt_bytes.Length];
Array.Copy (salt_bytes, 0, buf, 0, salt_bytes.Length);
Array.Copy (password_bytes, 0, buf, salt_bytes.Length, password_bytes.Length);
return Convert.ToBase64String (EncryptPassword (buf));
default:
/* not reached.. */
return null;
}
}
internal string DecodePassword (string password, MembershipPasswordFormat passwordFormat)
{
switch (passwordFormat) {
case MembershipPasswordFormat.Clear:
return password;
case MembershipPasswordFormat.Hashed:
throw new ProviderException ("Hashed passwords cannot be decoded.");
case MembershipPasswordFormat.Encrypted:
return Encoding.Unicode.GetString (DecryptPassword (Convert.FromBase64String (password)));
default:
/* not reached.. */
return null;
}
}
}
}
#endif
