protected void Page_Load(object sender, EventArgs e)
{
if (!this.IsPostBack)
{
bool defaultPassword = this.IsDefaultFormsAuthPassword();
if (defaultPassword)
{
this.Login1.Visible = false;
this.changePassword.Focus();
}
else
{
this.changePassword.Visible = false;
AuthenticationSection authenticationSection = this.GetFormsAuthConfig();
FormsAuthenticationUserCollection users = authenticationSection.Forms.Credentials.Users;
if (users.Count > 0)
{
this.Login1.UserName = users[0].Name;
}
this.Login1.Focus();
}
}
}
protected FormsAuthenticationUserCollection getUsers()
{
if (_users == null)
{
AuthenticationSection section = getAuthenticationSection();
FormsAuthenticationCredentials creds = section.Forms.Credentials;
_users = section.Forms.Credentials.Users;
}
return(_users);
}
private static bool InternalAuthenticate(string name, string password)
{
AuthenticationSection authentication;
string str;
string str2;
if ((name != null) && (password != null))
{
Initialize();
authentication = RuntimeConfig.GetAppConfig().Authentication;
authentication.ValidateAuthenticationMode();
FormsAuthenticationUserCollection users = authentication.Forms.Credentials.Users;
if (users == null)
{
return(false);
}
FormsAuthenticationUser user = users[name.ToLower(CultureInfo.InvariantCulture)];
if (user == null)
{
return(false);
}
str = user.Password;
if (str == null)
{
return(false);
}
switch (authentication.Forms.Credentials.PasswordFormat)
{
case FormsAuthPasswordFormat.Clear:
str2 = password;
goto Label_00A3;
case FormsAuthPasswordFormat.SHA1:
str2 = HashPasswordForStoringInConfigFile(password, "sha1");
goto Label_00A3;
case FormsAuthPasswordFormat.MD5:
str2 = HashPasswordForStoringInConfigFile(password, "md5");
goto Label_00A3;
}
}
return(false);
Label_00A3:
return(string.Compare(str2, str, (authentication.Forms.Credentials.PasswordFormat != FormsAuthPasswordFormat.Clear) ? StringComparison.OrdinalIgnoreCase : StringComparison.Ordinal) == 0);
}
private bool IsDefaultFormsAuthPassword()
{
AuthenticationSection authenticationSection = this.GetFormsAuthConfig();
if (authenticationSection.Forms.Credentials.PasswordFormat != FormsAuthPasswordFormat.Clear)
{
return(false);
}
FormsAuthenticationUserCollection users = authenticationSection.Forms.Credentials.Users;
if (users.Count != 1 || users[0].Name != "admin")
{
return(false);
}
string password = users[0].Password;
return(password == "1234567");
}
public static void Main()
{
// <Snippet1>
// Get the Web application configuration.
System.Configuration.Configuration configuration =
WebConfigurationManager.OpenWebConfiguration(
"/aspnet");
// Get the section.
AuthenticationSection authenticationSection =
(AuthenticationSection)configuration.GetSection(
"system.web/authentication");
// Get the users collection.
FormsAuthenticationUserCollection formsAuthenticationUsers =
authenticationSection.Forms.Credentials.Users;
// </Snippet1>
// <Snippet2>
// </Snippet2>
// <Snippet3>
// Define the user name.
string name = "userName";
// Define the encrypted password.
string password =
"******";
// Create a new FormsAuthenticationUser object.
FormsAuthenticationUser newformsAuthenticationUser =
new FormsAuthenticationUser(name, password);
// </Snippet3>
// <Snippet4>
// Using the Password property.
// Get current password.
string currentPassword =
formsAuthenticationUsers[0].Password;
// Set a SHA1 encrypted password.
// This example uses the SHA1 algorithm.
// Due to collision problems with SHA1, Microsoft recommends SHA256 or better.
formsAuthenticationUsers[0].Password =
"******";
// </Snippet4>
// <Snippet5>
// Using the Name property.
// Get current name.
string currentName =
formsAuthenticationUsers[0].Name;
// Set a new name.
formsAuthenticationUsers[0].Name = "userName";
// </Snippet5>
}
public static void Main()
{
// <Snippet1>
// Get the Web application configuration.
System.Configuration.Configuration configuration =
WebConfigurationManager.OpenWebConfiguration("/aspnetTest");
// Get the authentication section.
AuthenticationSection authenticationSection =
(AuthenticationSection)configuration.GetSection(
"system.web/authentication");
// Get the forms credentials collection .
FormsAuthenticationCredentials formsAuthenticationCredentials =
authenticationSection.Forms.Credentials;
// </Snippet1>
// <Snippet2>
// Create a new FormsAuthenticationCredentials object.
FormsAuthenticationCredentials newformsAuthenticationCredentials =
new FormsAuthenticationCredentials();
// </Snippet2>
// <Snippet3>
// Get the current PasswordFormat property value.
FormsAuthPasswordFormat currentPasswordFormat =
formsAuthenticationCredentials.PasswordFormat;
// Set the PasswordFormat property value.
formsAuthenticationCredentials.PasswordFormat =
FormsAuthPasswordFormat.SHA1;
// </Snippet3>
// <Snippet4>
// Create a new FormsAuthenticationUserCollection object.
FormsAuthenticationUserCollection newformsAuthenticationUser =
new FormsAuthenticationUserCollection();
// </Snippet4>
// <Snippet5>
// Display all credentials collection elements.
StringBuilder credentials = new StringBuilder();
for (System.Int32 i = 0;
i < formsAuthenticationCredentials.Users.Count;
i++)
{
credentials.Append("User: "******"Password: "******"5BAA61E4C9B93F3F0682250B6CF8331B7EE68FD8";
// Define the user name.
string userName = "******";
// Create the new user.
FormsAuthenticationUser currentUser =
new FormsAuthenticationUser(userName, password);
// Execute the Add method.
formsAuthenticationCredentials.Users.Add(currentUser);
// Update if not locked
if (!authenticationSection.SectionInformation.IsLocked)
{
configuration.Save();
}
// </Snippet6>
// <Snippet7>
// Using method Clear.
formsAuthenticationCredentials.Users.Clear();
// Update if not locked
if (!authenticationSection.SectionInformation.IsLocked)
{
configuration.Save();
}
// </Snippet7>
// <Snippet9>
// Using method Remove.
// Execute the Remove method.
formsAuthenticationCredentials.Users.Remove("userName");
// Update if not locked
if (!authenticationSection.SectionInformation.IsLocked)
{
configuration.Save();
}
// </Snippet9>
// <Snippet10>
// Using method RemoveAt.
formsAuthenticationCredentials.Users.RemoveAt(0);
if (!authenticationSection.SectionInformation.IsLocked)
{
configuration.Save();
}
// </Snippet10>
// <Snippet11>
// Using method Set.
// Define the SHA1 encrypted password.
string newPassword =
"******";
// Define the user name.
string currentUserName = "******";
// Create the new user.
FormsAuthenticationUser theUser =
new FormsAuthenticationUser(currentUserName, newPassword);
formsAuthenticationCredentials.Users.Set(theUser);
if (!authenticationSection.SectionInformation.IsLocked)
{
configuration.Save();
}
// </Snippet11>
// <Snippet12>
// Get the user with the specified name.
FormsAuthenticationUser storedUser =
formsAuthenticationCredentials.Users.Get("userName");
// </Snippet12>
// <Snippet13>
// Get the user at the specified index.
FormsAuthenticationUser storedUser2 =
formsAuthenticationCredentials.Users.Get(0);
// </Snippet13>
// <Snippet14>
// Get the key at the specified index.
string thisKey = formsAuthenticationCredentials.Users.GetKey(0).ToString();
// </Snippet14>
// <Snippet15>
// Get the user element at the specified index.
FormsAuthenticationUser storedUser3 =
formsAuthenticationCredentials.Users[0];
// </Snippet15>
// <Snippet16>
// Get the user element with the specified name.
FormsAuthenticationUser storedUser4 =
formsAuthenticationCredentials.Users["userName"];
// </Snippet16>
// <Snippet17>
// Get the collection keys.
object [] keys =
formsAuthenticationCredentials.Users.AllKeys;
// </Snippet17>
}
private static bool InternalAuthenticate(String name, String password)
{
//////////////////////////////////////////////////////////////////////
// Step 1: Make sure we are initialized
if (name == null || password == null)
{
return(false);
}
Initialize();
//////////////////////////////////////////////////////////////////////
// Step 2: Get the user database
AuthenticationSection settings = RuntimeConfig.GetAppConfig().Authentication;
settings.ValidateAuthenticationMode();
FormsAuthenticationUserCollection Users = settings.Forms.Credentials.Users;
// Hashtable hTable = settings.Credentials;
if (Users == null)
{
return(false);
}
//////////////////////////////////////////////////////////////////////
// Step 3: Get the (hashed) password for this user
FormsAuthenticationUser u = Users[name.ToLower(CultureInfo.InvariantCulture)];
if (u == null)
{
return(false);
}
String pass = (String)u.Password;
if (pass == null)
{
return(false);
}
//////////////////////////////////////////////////////////////////////
// Step 4: Hash the given password
String encPassword;
#pragma warning disable 618 // HashPasswordForStorignInConfigFile is now obsolete
switch (settings.Forms.Credentials.PasswordFormat)
{
case FormsAuthPasswordFormat.SHA256:
encPassword = HashPasswordForStoringInConfigFile(password, "sha256");
break;
case FormsAuthPasswordFormat.SHA384:
encPassword = HashPasswordForStoringInConfigFile(password, "sha384");
break;
case FormsAuthPasswordFormat.SHA512:
encPassword = HashPasswordForStoringInConfigFile(password, "sha512");
break;
case FormsAuthPasswordFormat.SHA1:
encPassword = HashPasswordForStoringInConfigFile(password, "sha1");
break;
case FormsAuthPasswordFormat.MD5:
encPassword = HashPasswordForStoringInConfigFile(password, "md5");
break;
case FormsAuthPasswordFormat.Clear:
encPassword = password;
break;
default:
return(false);
}
#pragma warning restore 618
//////////////////////////////////////////////////////////////////////
// Step 5: Compare the hashes
return(String.Compare(encPassword,
pass,
((settings.Forms.Credentials.PasswordFormat != FormsAuthPasswordFormat.Clear)
? StringComparison.OrdinalIgnoreCase : StringComparison.Ordinal))
== 0);
}
