/// <internalonly />
protected override void ResetPersonalizationBlob(WebPartManager webPartManager, string path, string userName)
{
SqlConnectionHolder connectionHolder = null;
SqlConnection connection = null;
// Extra try-catch block to prevent elevation of privilege attack via exception filter
try {
try {
connectionHolder = GetConnectionHolder();
connection = connectionHolder.Connection;
CheckSchemaVersion(connection);
ResetPersonalizationState(connection, path, userName);
}
finally {
if (connectionHolder != null)
{
connectionHolder.Close();
connectionHolder = null;
}
}
}
catch {
throw;
}
}
internal void GetConnection(out SqlConnection sqlConn, out SqlCommand sqlCmd)
{
sqlConn = null;
sqlCmd = null;
if (this._sqlConn != null)
{
sqlConn = this._sqlConn;
sqlCmd = this._sqlCmd;
this._sqlConn = null;
this._sqlCmd = null;
}
else
{
SqlConnectionHolder connection = null;
try
{
connection = SqlConnectionHelper.GetConnection(this._connectionString, true);
sqlCmd = new SqlCommand("dbo.AspNet_SqlCachePollingStoredProcedure", connection.Connection);
sqlConn = connection.Connection;
}
catch
{
if (connection != null)
{
connection.Close();
connection = null;
}
sqlCmd = null;
throw;
}
}
}
/////////////////////////////////////////////////////////////////////////////
/////////////////////////////////////////////////////////////////////////////
public override int GetNumberOfInactiveProfiles(ProfileAuthenticationOption authenticationOption, DateTime userInactiveSinceDate)
{
try {
SqlConnectionHolder holder = null;
try
{
holder = SqlConnectionHelper.GetConnection(_sqlConnectionString, true);
CheckSchemaVersion(holder.Connection);
SqlCommand cmd = new SqlCommand("dbo.aspnet_Profile_GetNumberOfInactiveProfiles", holder.Connection);
cmd.CommandTimeout = CommandTimeout;
cmd.CommandType = CommandType.StoredProcedure;
cmd.Parameters.Add(CreateInputParam("@ApplicationName", SqlDbType.NVarChar, ApplicationName));
cmd.Parameters.Add(CreateInputParam("@ProfileAuthOptions", SqlDbType.Int, (int)authenticationOption));
cmd.Parameters.Add(CreateInputParam("@InactiveSinceDate", SqlDbType.DateTime, userInactiveSinceDate.ToUniversalTime()));
object o = cmd.ExecuteScalar();
if (o == null || !(o is int))
{
return(0);
}
return((int)o);
}
finally {
if (holder != null)
{
holder.Close();
holder = null;
}
}
} catch {
throw;
}
}
/// <internalonly />
protected override void LoadPersonalizationBlobs(WebPartManager webPartManager, string path, string userName, ref byte[] sharedDataBlob, ref byte[] userDataBlob)
{
sharedDataBlob = null;
userDataBlob = null;
SqlConnectionHolder connectionHolder = null;
SqlConnection connection = null;
// Extra try-catch block to prevent elevation of privilege attack via exception filter
try {
try {
connectionHolder = GetConnectionHolder();
connection = connectionHolder.Connection;
CheckSchemaVersion(connection);
sharedDataBlob = LoadPersonalizationBlob(connection, path, null);
if (!String.IsNullOrEmpty(userName))
{
userDataBlob = LoadPersonalizationBlob(connection, path, userName);
}
}
finally {
if (connectionHolder != null)
{
connectionHolder.Close();
connectionHolder = null;
}
}
}
catch {
throw;
}
}
protected override void ResetPersonalizationBlob(WebPartManager webPartManager, string path, string userName)
{
SqlConnectionHolder connectionHolder = null;
SqlConnection connection = null;
try
{
try
{
connectionHolder = this.GetConnectionHolder();
connection = connectionHolder.Connection;
this.CheckSchemaVersion(connection);
this.ResetPersonalizationState(connection, path, userName);
}
finally
{
if (connectionHolder != null)
{
connectionHolder.Close();
connectionHolder = null;
}
}
}
catch
{
throw;
}
}
protected override void LoadPersonalizationBlobs(WebPartManager webPartManager, string path, string userName, ref byte[] sharedDataBlob, ref byte[] userDataBlob)
{
sharedDataBlob = null;
userDataBlob = null;
SqlConnectionHolder connectionHolder = null;
SqlConnection connection = null;
try
{
try
{
connectionHolder = this.GetConnectionHolder();
connection = connectionHolder.Connection;
this.CheckSchemaVersion(connection);
sharedDataBlob = this.LoadPersonalizationBlob(connection, path, null);
if (!string.IsNullOrEmpty(userName))
{
userDataBlob = this.LoadPersonalizationBlob(connection, path, userName);
}
}
finally
{
if (connectionHolder != null)
{
connectionHolder.Close();
connectionHolder = null;
}
}
}
catch
{
throw;
}
}
//////////////////////////////////////////////////////////////////////
//////////////////////////////////////////////////////////////////////
//////////////////////////////////////////////////////////////////////
public override bool IsUserInRole(string username, string roleName)
{
SecUtility.CheckParameter(ref roleName, true, true, true, 256, "roleName");
SecUtility.CheckParameter(ref username, true, false, true, 256, "username");
if (username.Length < 1)
{
return(false);
}
try {
SqlConnectionHolder holder = null;
try {
holder = SqlConnectionHelper.GetConnection(_sqlConnectionString, true);
CheckSchemaVersion(holder.Connection);
SqlCommand cmd = new SqlCommand("dbo.aspnet_UsersInRoles_IsUserInRole", holder.Connection);
cmd.CommandType = CommandType.StoredProcedure;
cmd.CommandTimeout = CommandTimeout;
SqlParameter p = new SqlParameter("@ReturnValue", SqlDbType.Int);
p.Direction = ParameterDirection.ReturnValue;
cmd.Parameters.Add(p);
cmd.Parameters.Add(CreateInputParam("@ApplicationName", SqlDbType.NVarChar, ApplicationName));
cmd.Parameters.Add(CreateInputParam("@UserName", SqlDbType.NVarChar, username));
cmd.Parameters.Add(CreateInputParam("@RoleName", SqlDbType.NVarChar, roleName));
cmd.ExecuteNonQuery();
int iStatus = GetReturnValue(cmd);
switch (iStatus)
{
case 0:
return(false);
case 1:
return(true);
case 2:
return(false);
// throw new ProviderException(SR.GetString(SR.Provider_user_not_found));
case 3:
return(false); // throw new ProviderException(SR.GetString(SR.Provider_role_not_found, roleName));
}
throw new ProviderException(SR.GetString(SR.Provider_unknown_failure));
}
finally
{
if (holder != null)
{
holder.Close();
holder = null;
}
}
}
catch
{
throw;
}
}
//////////////////////////////////////////////////////////////////////
//////////////////////////////////////////////////////////////////////
//////////////////////////////////////////////////////////////////////
public override string [] GetAllRoles()
{
try {
SqlConnectionHolder holder = null;
try {
holder = SqlConnectionHelper.GetConnection(_sqlConnectionString, true);
CheckSchemaVersion(holder.Connection);
SqlCommand cmd = new SqlCommand("dbo.aspnet_Roles_GetAllRoles", holder.Connection);
StringCollection sc = new StringCollection();
SqlParameter p = new SqlParameter("@ReturnValue", SqlDbType.Int);
SqlDataReader reader = null;
cmd.CommandType = CommandType.StoredProcedure;
cmd.CommandTimeout = CommandTimeout;
p.Direction = ParameterDirection.ReturnValue;
cmd.Parameters.Add(p);
cmd.Parameters.Add(CreateInputParam("@ApplicationName", SqlDbType.NVarChar, ApplicationName));
try {
reader = cmd.ExecuteReader(CommandBehavior.SequentialAccess);
while (reader.Read())
{
sc.Add(reader.GetString(0));
}
}
catch
{
throw;
}
finally
{
if (reader != null)
{
reader.Close();
}
}
String [] strReturn = new String [sc.Count];
sc.CopyTo(strReturn, 0);
return(strReturn);
}
finally
{
if (holder != null)
{
holder.Close();
holder = null;
}
}
}
catch
{
throw;
}
}
public override string[] GetAllRoles()
{
string[] strArray2;
try
{
SqlConnectionHolder connection = null;
try
{
connection = SqlConnectionHelper.GetConnection(this._sqlConnectionString, true);
this.CheckSchemaVersion(connection.Connection);
SqlCommand command = new SqlCommand("dbo.aspnet_Roles_GetAllRoles", connection.Connection);
StringCollection strings = new StringCollection();
SqlParameter parameter = new SqlParameter("@ReturnValue", SqlDbType.Int);
SqlDataReader reader = null;
command.CommandType = CommandType.StoredProcedure;
command.CommandTimeout = this.CommandTimeout;
parameter.Direction = ParameterDirection.ReturnValue;
command.Parameters.Add(parameter);
command.Parameters.Add(this.CreateInputParam("@ApplicationName", SqlDbType.NVarChar, this.ApplicationName));
try
{
reader = command.ExecuteReader(CommandBehavior.SequentialAccess);
while (reader.Read())
{
strings.Add(reader.GetString(0));
}
}
catch
{
throw;
}
finally
{
if (reader != null)
{
reader.Close();
}
}
string[] array = new string[strings.Count];
strings.CopyTo(array, 0);
strArray2 = array;
}
finally
{
if (connection != null)
{
connection.Close();
connection = null;
}
}
}
catch
{
throw;
}
return(strArray2);
}
private void WriteToSQL(WebBaseEventCollection events, int eventsDiscardedByBuffer, DateTime lastNotificationUtc)
{
if (this._retryDate <= DateTime.UtcNow)
{
try
{
SqlConnectionHolder connection = SqlConnectionHelper.GetConnection(this._sqlConnectionString, true);
SqlCommand sqlCommand = new SqlCommand("dbo.aspnet_WebEvent_LogEvent");
this.CheckSchemaVersion(connection.Connection);
sqlCommand.CommandType = CommandType.StoredProcedure;
sqlCommand.Connection = connection.Connection;
if (this._commandTimeout > -1)
{
sqlCommand.CommandTimeout = this._commandTimeout;
}
this.PrepareParams(sqlCommand);
try
{
connection.Open(null, true);
Interlocked.Increment(ref this._connectionCount);
if (eventsDiscardedByBuffer != 0)
{
WebBaseEvent eventRaised = new WebBaseEvent(System.Web.SR.GetString("Sql_webevent_provider_events_dropped", new object[] { eventsDiscardedByBuffer.ToString(CultureInfo.InstalledUICulture), lastNotificationUtc.ToString("r", CultureInfo.InstalledUICulture) }), null, 0x1771, 0xc47d);
this.FillParams(sqlCommand, eventRaised);
sqlCommand.ExecuteNonQuery();
}
foreach (WebBaseEvent event3 in events)
{
this.FillParams(sqlCommand, event3);
sqlCommand.ExecuteNonQuery();
}
}
finally
{
connection.Close();
Interlocked.Decrement(ref this._connectionCount);
}
try
{
this.EventProcessingComplete(events);
}
catch
{
}
}
catch
{
double num = 30.0;
if (this._commandTimeout > -1)
{
num = this._commandTimeout;
}
this._retryDate = DateTime.UtcNow.AddSeconds(num);
throw;
}
}
}
private int GetCountOfSharedState(string path)
{
SqlConnectionHolder connectionHolder = null;
SqlConnection connection = null;
int count = 0;
// Extra try-catch block to prevent elevation of privilege attack via exception filter
try {
try {
connectionHolder = GetConnectionHolder();
connection = connectionHolder.Connection;
Debug.Assert(connection != null);
CheckSchemaVersion(connection);
SqlCommand command = new SqlCommand("dbo.aspnet_PersonalizationAdministration_GetCountOfState", connection);
SetCommandTypeAndTimeout(command);
SqlParameterCollection parameters = command.Parameters;
SqlParameter parameter = parameters.Add(new SqlParameter("Count", SqlDbType.Int));
parameter.Direction = ParameterDirection.Output;
parameter = parameters.Add(new SqlParameter("AllUsersScope", SqlDbType.Bit));
parameter.Value = true;
parameters.AddWithValue("ApplicationName", ApplicationName);
parameter = parameters.Add("Path", SqlDbType.NVarChar);
if (path != null)
{
parameter.Value = path;
}
parameter = parameters.Add("UserName", SqlDbType.NVarChar);
parameter = parameters.Add("InactiveSinceDate", SqlDbType.DateTime);
command.ExecuteNonQuery();
parameter = command.Parameters[0];
if (parameter != null && parameter.Value != null && parameter.Value is Int32)
{
count = (Int32)parameter.Value;
}
}
finally {
if (connectionHolder != null)
{
connectionHolder.Close();
connectionHolder = null;
}
}
}
catch {
throw;
}
return(count);
}
private int GetCountOfUserState(string path, DateTime inactiveSinceDate, string username)
{
SqlConnectionHolder connectionHolder = null;
SqlConnection connection = null;
int num = 0;
try
{
try
{
connectionHolder = this.GetConnectionHolder();
connection = connectionHolder.Connection;
this.CheckSchemaVersion(connection);
SqlCommand command = new SqlCommand("dbo.aspnet_PersonalizationAdministration_GetCountOfState", connection);
this.SetCommandTypeAndTimeout(command);
SqlParameterCollection parameters = command.Parameters;
parameters.Add(new SqlParameter("Count", SqlDbType.Int)).Direction = ParameterDirection.Output;
parameters.Add(new SqlParameter("AllUsersScope", SqlDbType.Bit)).Value = false;
parameters.AddWithValue("ApplicationName", this.ApplicationName);
SqlParameter parameter = parameters.Add("Path", SqlDbType.NVarChar);
if (path != null)
{
parameter.Value = path;
}
parameter = parameters.Add("UserName", SqlDbType.NVarChar);
if (username != null)
{
parameter.Value = username;
}
parameter = parameters.Add("InactiveSinceDate", SqlDbType.DateTime);
if (inactiveSinceDate != PersonalizationAdministration.DefaultInactiveSinceDate)
{
parameter.Value = inactiveSinceDate.ToUniversalTime();
}
command.ExecuteNonQuery();
parameter = command.Parameters[0];
if (((parameter != null) && (parameter.Value != null)) && (parameter.Value is int))
{
num = (int)parameter.Value;
}
}
finally
{
if (connectionHolder != null)
{
connectionHolder.Close();
connectionHolder = null;
}
}
}
catch
{
throw;
}
return(num);
}
////////////////////////////////////////////////////////////
////////////////////////////////////////////////////////////
////////////////////////////////////////////////////////////
public override void SetPropertyValues(SettingsContext sc, SettingsPropertyValueCollection properties)
{
string username = (string)sc["UserName"];
bool userIsAuthenticated = (bool)sc["IsAuthenticated"];
if (username == null || username.Length < 1 || properties.Count < 1)
{
return;
}
string names = String.Empty;
string values = String.Empty;
byte [] buf = null;
ProfileModule.PrepareDataForSaving(ref names, ref values, ref buf, true, properties, userIsAuthenticated);
if (names.Length == 0)
{
return;
}
try {
SqlConnectionHolder holder = null;
try
{
holder = SqlConnectionHelper.GetConnection(_sqlConnectionString, true);
CheckSchemaVersion(holder.Connection);
SqlCommand cmd = new SqlCommand("dbo.aspnet_Profile_SetProperties", holder.Connection);
cmd.CommandTimeout = CommandTimeout;
cmd.CommandType = CommandType.StoredProcedure;
cmd.Parameters.Add(CreateInputParam("@ApplicationName", SqlDbType.NVarChar, ApplicationName));
cmd.Parameters.Add(CreateInputParam("@UserName", SqlDbType.NVarChar, username));
cmd.Parameters.Add(CreateInputParam("@PropertyNames", SqlDbType.NText, names));
cmd.Parameters.Add(CreateInputParam("@PropertyValuesString", SqlDbType.NText, values));
cmd.Parameters.Add(CreateInputParam("@PropertyValuesBinary", SqlDbType.Image, buf));
cmd.Parameters.Add(CreateInputParam("@IsUserAnonymous", SqlDbType.Bit, !userIsAuthenticated));
cmd.Parameters.Add(CreateInputParam("@CurrentTimeUtc", SqlDbType.DateTime, DateTime.UtcNow));
cmd.ExecuteNonQuery();
}
finally {
if (holder != null)
{
holder.Close();
holder = null;
}
}
} catch {
throw;
}
}
public override bool RoleExists(string roleName)
{
bool flag;
SecUtility.CheckParameter(ref roleName, true, true, true, 0x100, "roleName");
try
{
SqlConnectionHolder connection = null;
try
{
connection = SqlConnectionHelper.GetConnection(this._sqlConnectionString, true);
this.CheckSchemaVersion(connection.Connection);
SqlCommand cmd = new SqlCommand("dbo.aspnet_Roles_RoleExists", connection.Connection)
{
CommandType = CommandType.StoredProcedure,
CommandTimeout = this.CommandTimeout
};
SqlParameter parameter = new SqlParameter("@ReturnValue", SqlDbType.Int)
{
Direction = ParameterDirection.ReturnValue
};
cmd.Parameters.Add(parameter);
cmd.Parameters.Add(this.CreateInputParam("@ApplicationName", SqlDbType.NVarChar, this.ApplicationName));
cmd.Parameters.Add(this.CreateInputParam("@RoleName", SqlDbType.NVarChar, roleName));
cmd.ExecuteNonQuery();
switch (this.GetReturnValue(cmd))
{
case 0:
return(false);
case 1:
return(true);
}
throw new ProviderException(System.Web.SR.GetString("Provider_unknown_failure"));
}
finally
{
if (connection != null)
{
connection.Close();
connection = null;
}
}
}
catch
{
throw;
}
return(flag);
}
public override void SetPropertyValues(SettingsContext sc, SettingsPropertyValueCollection properties)
{
string objValue = (string)sc["UserName"];
bool userIsAuthenticated = (bool)sc["IsAuthenticated"];
if (((objValue != null) && (objValue.Length >= 1)) && (properties.Count >= 1))
{
string allNames = string.Empty;
string allValues = string.Empty;
byte[] buf = null;
ProfileModule.PrepareDataForSaving(ref allNames, ref allValues, ref buf, true, properties, userIsAuthenticated);
if (allNames.Length != 0)
{
try
{
SqlConnectionHolder connection = null;
try
{
connection = SqlConnectionHelper.GetConnection(this._sqlConnectionString, true);
this.CheckSchemaVersion(connection.Connection);
SqlCommand command = new SqlCommand("dbo.aspnet_Profile_SetProperties", connection.Connection)
{
CommandTimeout = this.CommandTimeout,
CommandType = CommandType.StoredProcedure
};
command.Parameters.Add(this.CreateInputParam("@ApplicationName", SqlDbType.NVarChar, this.ApplicationName));
command.Parameters.Add(this.CreateInputParam("@UserName", SqlDbType.NVarChar, objValue));
command.Parameters.Add(this.CreateInputParam("@PropertyNames", SqlDbType.NText, allNames));
command.Parameters.Add(this.CreateInputParam("@PropertyValuesString", SqlDbType.NText, allValues));
command.Parameters.Add(this.CreateInputParam("@PropertyValuesBinary", SqlDbType.Image, buf));
command.Parameters.Add(this.CreateInputParam("@IsUserAnonymous", SqlDbType.Bit, !userIsAuthenticated));
command.Parameters.Add(this.CreateInputParam("@CurrentTimeUtc", SqlDbType.DateTime, DateTime.UtcNow));
command.ExecuteNonQuery();
}
finally
{
if (connection != null)
{
connection.Close();
connection = null;
}
}
}
catch
{
throw;
}
}
}
}
//////////////////////////////////////////////////////////////////////
//////////////////////////////////////////////////////////////////////
//////////////////////////////////////////////////////////////////////
public override void CreateRole(string roleName)
{
SecUtility.CheckParameter(ref roleName, true, true, true, 256, "roleName");
try {
SqlConnectionHolder holder = null;
try {
holder = SqlConnectionHelper.GetConnection(_sqlConnectionString, true);
CheckSchemaVersion(holder.Connection);
SqlCommand cmd = new SqlCommand("dbo.aspnet_Roles_CreateRole", holder.Connection);
cmd.CommandType = CommandType.StoredProcedure;
cmd.CommandTimeout = CommandTimeout;
SqlParameter p = new SqlParameter("@ReturnValue", SqlDbType.Int);
p.Direction = ParameterDirection.ReturnValue;
cmd.Parameters.Add(p);
cmd.Parameters.Add(CreateInputParam("@ApplicationName", SqlDbType.NVarChar, ApplicationName));
cmd.Parameters.Add(CreateInputParam("@RoleName", SqlDbType.NVarChar, roleName));
cmd.ExecuteNonQuery();
int returnValue = GetReturnValue(cmd);
switch (returnValue)
{
case 0:
return;
case 1:
throw new ProviderException(SR.GetString(SR.Provider_role_already_exists, roleName));
default:
throw new ProviderException(SR.GetString(SR.Provider_unknown_failure));
}
}
finally
{
if (holder != null)
{
holder.Close();
holder = null;
}
}
}
catch
{
throw;
}
}
public override bool DeleteRole(string roleName, bool throwOnPopulatedRole)
{
bool flag;
SecUtility.CheckParameter(ref roleName, true, true, true, 0x100, "roleName");
try
{
SqlConnectionHolder connection = null;
try
{
connection = SqlConnectionHelper.GetConnection(this._sqlConnectionString, true);
this.CheckSchemaVersion(connection.Connection);
SqlCommand cmd = new SqlCommand("dbo.aspnet_Roles_DeleteRole", connection.Connection)
{
CommandType = CommandType.StoredProcedure,
CommandTimeout = this.CommandTimeout
};
SqlParameter parameter = new SqlParameter("@ReturnValue", SqlDbType.Int)
{
Direction = ParameterDirection.ReturnValue
};
cmd.Parameters.Add(parameter);
cmd.Parameters.Add(this.CreateInputParam("@ApplicationName", SqlDbType.NVarChar, this.ApplicationName));
cmd.Parameters.Add(this.CreateInputParam("@RoleName", SqlDbType.NVarChar, roleName));
cmd.Parameters.Add(this.CreateInputParam("@DeleteOnlyIfRoleIsEmpty", SqlDbType.Bit, throwOnPopulatedRole ? 1 : 0));
cmd.ExecuteNonQuery();
int returnValue = this.GetReturnValue(cmd);
if (returnValue == 2)
{
throw new ProviderException(System.Web.SR.GetString("Role_is_not_empty"));
}
flag = returnValue == 0;
}
finally
{
if (connection != null)
{
connection.Close();
connection = null;
}
}
}
catch
{
throw;
}
return(flag);
}
//////////////////////////////////////////////////////////////////////
//////////////////////////////////////////////////////////////////////
//////////////////////////////////////////////////////////////////////
public override bool DeleteRole(string roleName, bool throwOnPopulatedRole)
{
SecUtility.CheckParameter(ref roleName, true, true, true, 256, "roleName");
try {
SqlConnectionHolder holder = null;
try {
holder = SqlConnectionHelper.GetConnection(_sqlConnectionString, true);
CheckSchemaVersion(holder.Connection);
SqlCommand cmd = new SqlCommand("dbo.aspnet_Roles_DeleteRole", holder.Connection);
cmd.CommandType = CommandType.StoredProcedure;
cmd.CommandTimeout = CommandTimeout;
SqlParameter p = new SqlParameter("@ReturnValue", SqlDbType.Int);
p.Direction = ParameterDirection.ReturnValue;
cmd.Parameters.Add(p);
cmd.Parameters.Add(CreateInputParam("@ApplicationName", SqlDbType.NVarChar, ApplicationName));
cmd.Parameters.Add(CreateInputParam("@RoleName", SqlDbType.NVarChar, roleName));
cmd.Parameters.Add(CreateInputParam("@DeleteOnlyIfRoleIsEmpty", SqlDbType.Bit, throwOnPopulatedRole ? 1 : 0));
cmd.ExecuteNonQuery();
int returnValue = GetReturnValue(cmd);
if (returnValue == 2)
{
throw new ProviderException(SR.GetString(SR.Role_is_not_empty));
}
return(returnValue == 0);
}
finally
{
if (holder != null)
{
holder.Close();
holder = null;
}
}
}
catch
{
throw;
}
}
/// <devdoc>
/// </devdoc>
internal static SqlConnectionHolder GetConnection(string connectionString, bool revertImpersonation)
{
var holder = new SqlConnectionHolder(connectionString);
var closeConn = true;
try
{
holder.Open(revertImpersonation);
closeConn = false;
}
finally
{
if (closeConn)
{
holder.Close();
holder = null;
}
}
return holder;
}
internal static SqlConnectionHolder GetConnection(string connectionString)
{
var holder = new SqlConnectionHolder(connectionString);
bool closeConn = true;
try
{
holder.Open();
closeConn = false;
}
finally
{
if (closeConn)
{
holder.Close();
holder = null;
}
}
return(holder);
}
public override int DeleteInactiveProfiles(ProfileAuthenticationOption authenticationOption, DateTime userInactiveSinceDate)
{
int num;
try
{
SqlConnectionHolder connection = null;
try
{
connection = SqlConnectionHelper.GetConnection(this._sqlConnectionString, true);
this.CheckSchemaVersion(connection.Connection);
SqlCommand command = new SqlCommand("dbo.aspnet_Profile_DeleteInactiveProfiles", connection.Connection)
{
CommandTimeout = this.CommandTimeout,
CommandType = CommandType.StoredProcedure
};
command.Parameters.Add(this.CreateInputParam("@ApplicationName", SqlDbType.NVarChar, this.ApplicationName));
command.Parameters.Add(this.CreateInputParam("@ProfileAuthOptions", SqlDbType.Int, (int)authenticationOption));
command.Parameters.Add(this.CreateInputParam("@InactiveSinceDate", SqlDbType.DateTime, userInactiveSinceDate.ToUniversalTime()));
object obj2 = command.ExecuteScalar();
if ((obj2 == null) || !(obj2 is int))
{
return(0);
}
num = (int)obj2;
}
finally
{
if (connection != null)
{
connection.Close();
connection = null;
}
}
}
catch
{
throw;
}
return(num);
}
private int ResetAllState(PersonalizationScope scope)
{
SqlConnectionHolder connectionHolder = null;
SqlConnection connection = null;
int num = 0;
try
{
try
{
connectionHolder = this.GetConnectionHolder();
connection = connectionHolder.Connection;
this.CheckSchemaVersion(connection);
SqlCommand command = new SqlCommand("dbo.aspnet_PersonalizationAdministration_DeleteAllState", connection);
this.SetCommandTypeAndTimeout(command);
SqlParameterCollection parameters = command.Parameters;
parameters.Add(new SqlParameter("AllUsersScope", SqlDbType.Bit)).Value = scope == PersonalizationScope.Shared;
parameters.AddWithValue("ApplicationName", this.ApplicationName);
parameters.Add(new SqlParameter("Count", SqlDbType.Int)).Direction = ParameterDirection.Output;
command.ExecuteNonQuery();
SqlParameter parameter = command.Parameters[2];
if (((parameter != null) && (parameter.Value != null)) && (parameter.Value is int))
{
num = (int)parameter.Value;
}
}
finally
{
if (connectionHolder != null)
{
connectionHolder.Close();
connectionHolder = null;
}
}
}
catch
{
throw;
}
return(num);
}
/// <internalonly />
protected override void SavePersonalizationBlob(WebPartManager webPartManager, string path, string userName, byte[] dataBlob)
{
SqlConnectionHolder connectionHolder = null;
SqlConnection connection = null;
// Extra try-catch block to prevent elevation of privilege attack via exception filter
try {
try {
connectionHolder = GetConnectionHolder();
connection = connectionHolder.Connection;
CheckSchemaVersion(connection);
SavePersonalizationState(connection, path, userName, dataBlob);
} catch (SqlException sqlEx) {
// Check if it failed due to duplicate user name
if (userName != null && (sqlEx.Number == 2627 || sqlEx.Number == 2601 || sqlEx.Number == 2512))
{
// Try again, because it failed first time with duplicate user name
SavePersonalizationState(connection, path, userName, dataBlob);
}
else
{
throw;
}
}
finally {
if (connectionHolder != null)
{
connectionHolder.Close();
connectionHolder = null;
}
}
}
catch {
throw;
}
}
protected override void SavePersonalizationBlob(WebPartManager webPartManager, string path, string userName, byte[] dataBlob)
{
SqlConnectionHolder connectionHolder = null;
SqlConnection connection = null;
try
{
try
{
connectionHolder = this.GetConnectionHolder();
connection = connectionHolder.Connection;
this.CheckSchemaVersion(connection);
this.SavePersonalizationState(connection, path, userName, dataBlob);
}
catch (SqlException exception)
{
if ((userName == null) || (((exception.Number != 0xa43) && (exception.Number != 0xa29)) && (exception.Number != 0x9d0)))
{
throw;
}
this.SavePersonalizationState(connection, path, userName, dataBlob);
}
finally
{
if (connectionHolder != null)
{
connectionHolder.Close();
connectionHolder = null;
}
}
}
catch
{
throw;
}
}
public override void RemoveUsersFromRoles(string[] usernames, string[] roleNames)
{
SecUtility.CheckArrayParameter(ref roleNames, true, true, true, 0x100, "roleNames");
SecUtility.CheckArrayParameter(ref usernames, true, true, true, 0x100, "usernames");
bool flag = false;
try
{
SqlConnectionHolder connection = null;
try
{
connection = SqlConnectionHelper.GetConnection(this._sqlConnectionString, true);
this.CheckSchemaVersion(connection.Connection);
int length = usernames.Length;
while (length > 0)
{
string str = usernames[usernames.Length - length];
length--;
int index = usernames.Length - length;
while (index < usernames.Length)
{
if (((str.Length + usernames[index].Length) + 1) >= 0xfa0)
{
break;
}
str = str + "," + usernames[index];
length--;
index++;
}
int num3 = roleNames.Length;
while (num3 > 0)
{
string str2 = roleNames[roleNames.Length - num3];
num3--;
for (index = roleNames.Length - num3; index < roleNames.Length; index++)
{
if (((str2.Length + roleNames[index].Length) + 1) >= 0xfa0)
{
break;
}
str2 = str2 + "," + roleNames[index];
num3--;
}
if (!flag && ((length > 0) || (num3 > 0)))
{
new SqlCommand("BEGIN TRANSACTION", connection.Connection).ExecuteNonQuery();
flag = true;
}
this.RemoveUsersFromRolesCore(connection.Connection, str, str2);
}
}
if (flag)
{
new SqlCommand("COMMIT TRANSACTION", connection.Connection).ExecuteNonQuery();
flag = false;
}
}
catch
{
if (flag)
{
new SqlCommand("ROLLBACK TRANSACTION", connection.Connection).ExecuteNonQuery();
flag = false;
}
throw;
}
finally
{
if (connection != null)
{
connection.Close();
connection = null;
}
}
}
catch
{
throw;
}
}
public override string[] GetUsersInRole(string roleName)
{
string[] strArray2;
SecUtility.CheckParameter(ref roleName, true, true, true, 0x100, "roleName");
try
{
SqlConnectionHolder connection = null;
try
{
connection = SqlConnectionHelper.GetConnection(this._sqlConnectionString, true);
this.CheckSchemaVersion(connection.Connection);
SqlCommand cmd = new SqlCommand("dbo.aspnet_UsersInRoles_GetUsersInRoles", connection.Connection);
SqlDataReader reader = null;
SqlParameter parameter = new SqlParameter("@ReturnValue", SqlDbType.Int);
StringCollection strings = new StringCollection();
cmd.CommandType = CommandType.StoredProcedure;
cmd.CommandTimeout = this.CommandTimeout;
parameter.Direction = ParameterDirection.ReturnValue;
cmd.Parameters.Add(parameter);
cmd.Parameters.Add(this.CreateInputParam("@ApplicationName", SqlDbType.NVarChar, this.ApplicationName));
cmd.Parameters.Add(this.CreateInputParam("@RoleName", SqlDbType.NVarChar, roleName));
try
{
reader = cmd.ExecuteReader(CommandBehavior.SequentialAccess);
while (reader.Read())
{
strings.Add(reader.GetString(0));
}
}
catch
{
throw;
}
finally
{
if (reader != null)
{
reader.Close();
}
}
if (strings.Count < 1)
{
switch (this.GetReturnValue(cmd))
{
case 0:
return(new string[0]);
case 1:
throw new ProviderException(System.Web.SR.GetString("Provider_role_not_found", new object[] { roleName }));
}
throw new ProviderException(System.Web.SR.GetString("Provider_unknown_failure"));
}
string[] array = new string[strings.Count];
strings.CopyTo(array, 0);
strArray2 = array;
}
finally
{
if (connection != null)
{
connection.Close();
connection = null;
}
}
}
catch
{
throw;
}
return(strArray2);
}
private int ResetUserState(ResetUserStateMode mode,
DateTime userInactiveSinceDate,
string[] paths,
string[] usernames)
{
SqlConnectionHolder connectionHolder = null;
SqlConnection connection = null;
int count = 0;
// Extra try-catch block to prevent elevation of privilege attack via exception filter
try {
bool beginTranCalled = false;
try {
connectionHolder = GetConnectionHolder();
connection = connectionHolder.Connection;
Debug.Assert(connection != null);
CheckSchemaVersion(connection);
SqlCommand command = new SqlCommand("dbo.aspnet_PersonalizationAdministration_ResetUserState", connection);
SetCommandTypeAndTimeout(command);
SqlParameterCollection parameters = command.Parameters;
SqlParameter parameter = parameters.Add(new SqlParameter("Count", SqlDbType.Int));
parameter.Direction = ParameterDirection.Output;
parameters.AddWithValue("ApplicationName", ApplicationName);
string firstPath = (paths != null && paths.Length > 0) ? paths[0] : null;
if (mode == ResetUserStateMode.PerInactiveDate)
{
if (userInactiveSinceDate != PersonalizationAdministration.DefaultInactiveSinceDate)
{
// Special note: DateTime object cannot be added to collection
// via AddWithValue for some reason.
parameter = parameters.Add("InactiveSinceDate", SqlDbType.DateTime);
parameter.Value = userInactiveSinceDate.ToUniversalTime();
}
if (firstPath != null)
{
parameters.AddWithValue("Path", firstPath);
}
command.ExecuteNonQuery();
SqlParameter countParam = command.Parameters[0];
if (countParam != null && countParam.Value != null && countParam.Value is Int32)
{
count = (Int32)countParam.Value;
}
}
else if (mode == ResetUserStateMode.PerPaths)
{
Debug.Assert(paths != null);
parameter = parameters.Add("Path", SqlDbType.NVarChar);
foreach (string path in paths)
{
if (!beginTranCalled && paths.Length > 1)
{
(new SqlCommand("BEGIN TRANSACTION", connection)).ExecuteNonQuery();
beginTranCalled = true;
}
parameter.Value = path;
command.ExecuteNonQuery();
SqlParameter countParam = command.Parameters[0];
if (countParam != null && countParam.Value != null && countParam.Value is Int32)
{
count += (Int32)countParam.Value;
}
}
}
else
{
Debug.Assert(mode == ResetUserStateMode.PerUsers);
if (firstPath != null)
{
parameters.AddWithValue("Path", firstPath);
}
parameter = parameters.Add("UserName", SqlDbType.NVarChar);
foreach (string user in usernames)
{
if (!beginTranCalled && usernames.Length > 1)
{
(new SqlCommand("BEGIN TRANSACTION", connection)).ExecuteNonQuery();
beginTranCalled = true;
}
parameter.Value = user;
command.ExecuteNonQuery();
SqlParameter countParam = command.Parameters[0];
if (countParam != null && countParam.Value != null && countParam.Value is Int32)
{
count += (Int32)countParam.Value;
}
}
}
if (beginTranCalled)
{
(new SqlCommand("COMMIT TRANSACTION", connection)).ExecuteNonQuery();
beginTranCalled = false;
}
}
catch {
if (beginTranCalled)
{
(new SqlCommand("ROLLBACK TRANSACTION", connection)).ExecuteNonQuery();
beginTranCalled = false;
}
throw;
}
finally {
if (connectionHolder != null)
{
connectionHolder.Close();
connectionHolder = null;
}
}
}
catch {
throw;
}
return(count);
}
private int ResetSharedState(string[] paths)
{
int resultCount = 0;
if (paths == null)
{
resultCount = ResetAllState(PersonalizationScope.Shared);
}
else
{
SqlConnectionHolder connectionHolder = null;
SqlConnection connection = null;
// Extra try-catch block to prevent elevation of privilege attack via exception filter
try {
bool beginTranCalled = false;
try {
connectionHolder = GetConnectionHolder();
connection = connectionHolder.Connection;
Debug.Assert(connection != null);
CheckSchemaVersion(connection);
SqlCommand command = new SqlCommand("dbo.aspnet_PersonalizationAdministration_ResetSharedState", connection);
SetCommandTypeAndTimeout(command);
SqlParameterCollection parameters = command.Parameters;
SqlParameter parameter = parameters.Add(new SqlParameter("Count", SqlDbType.Int));
parameter.Direction = ParameterDirection.Output;
parameters.AddWithValue("ApplicationName", ApplicationName);
parameter = parameters.Add("Path", SqlDbType.NVarChar);
foreach (string path in paths)
{
if (!beginTranCalled && paths.Length > 1)
{
(new SqlCommand("BEGIN TRANSACTION", connection)).ExecuteNonQuery();
beginTranCalled = true;
}
parameter.Value = path;
command.ExecuteNonQuery();
SqlParameter countParam = command.Parameters[0];
if (countParam != null && countParam.Value != null && countParam.Value is Int32)
{
resultCount += (Int32)countParam.Value;
}
}
if (beginTranCalled)
{
(new SqlCommand("COMMIT TRANSACTION", connection)).ExecuteNonQuery();
beginTranCalled = false;
}
}
catch {
if (beginTranCalled)
{
(new SqlCommand("ROLLBACK TRANSACTION", connection)).ExecuteNonQuery();
beginTranCalled = false;
}
throw;
}
finally {
if (connectionHolder != null)
{
connectionHolder.Close();
connectionHolder = null;
}
}
}
catch {
throw;
}
}
return(resultCount);
}
private PersonalizationStateInfoCollection FindSharedState(string path,
int pageIndex,
int pageSize,
out int totalRecords)
{
SqlConnectionHolder connectionHolder = null;
SqlConnection connection = null;
SqlDataReader reader = null;
totalRecords = 0;
// Extra try-catch block to prevent elevation of privilege attack via exception filter
try {
try {
connectionHolder = GetConnectionHolder();
connection = connectionHolder.Connection;
Debug.Assert(connection != null);
CheckSchemaVersion(connection);
SqlCommand command = new SqlCommand("dbo.aspnet_PersonalizationAdministration_FindState", connection);
SetCommandTypeAndTimeout(command);
SqlParameterCollection parameters = command.Parameters;
SqlParameter parameter = parameters.Add(new SqlParameter("AllUsersScope", SqlDbType.Bit));
parameter.Value = true;
parameters.AddWithValue("ApplicationName", ApplicationName);
parameters.AddWithValue("PageIndex", pageIndex);
parameters.AddWithValue("PageSize", pageSize);
SqlParameter returnValue = new SqlParameter("@ReturnValue", SqlDbType.Int);
returnValue.Direction = ParameterDirection.ReturnValue;
parameters.Add(returnValue);
parameter = parameters.Add("Path", SqlDbType.NVarChar);
if (path != null)
{
parameter.Value = path;
}
parameter = parameters.Add("UserName", SqlDbType.NVarChar);
parameter = parameters.Add("InactiveSinceDate", SqlDbType.DateTime);
reader = command.ExecuteReader(CommandBehavior.SequentialAccess);
PersonalizationStateInfoCollection sharedStateInfoCollection = new PersonalizationStateInfoCollection();
if (reader != null)
{
if (reader.HasRows)
{
while (reader.Read())
{
string returnedPath = reader.GetString(0);
// Data can be null if there is no data associated with the path
DateTime lastUpdatedDate = (reader.IsDBNull(1)) ? DateTime.MinValue :
DateTime.SpecifyKind(reader.GetDateTime(1), DateTimeKind.Utc);
int size = (reader.IsDBNull(2)) ? 0 : reader.GetInt32(2);
int userDataSize = (reader.IsDBNull(3)) ? 0 : reader.GetInt32(3);
int userCount = (reader.IsDBNull(4)) ? 0 : reader.GetInt32(4);
sharedStateInfoCollection.Add(new SharedPersonalizationStateInfo(
returnedPath, lastUpdatedDate, size, userDataSize, userCount));
}
}
// The reader needs to be closed so return value can be accessed
// See MSDN doc for SqlParameter.Direction for details.
reader.Close();
reader = null;
}
// Set the total count at the end after all operations pass
if (returnValue.Value != null && returnValue.Value is int)
{
totalRecords = (int)returnValue.Value;
}
return(sharedStateInfoCollection);
}
finally {
if (reader != null)
{
reader.Close();
}
if (connectionHolder != null)
{
connectionHolder.Close();
connectionHolder = null;
}
}
}
catch {
throw;
}
}
//////////////////////////////////////////////////////////////////////
//////////////////////////////////////////////////////////////////////
//////////////////////////////////////////////////////////////////////
public override void RemoveUsersFromRoles(string[] usernames, string[] roleNames)
{
SecUtility.CheckArrayParameter(ref roleNames, true, true, true, 256, "roleNames");
SecUtility.CheckArrayParameter(ref usernames, true, true, true, 256, "usernames");
bool beginTranCalled = false;
try {
SqlConnectionHolder holder = null;
try
{
holder = SqlConnectionHelper.GetConnection(_sqlConnectionString, true);
CheckSchemaVersion(holder.Connection);
int numUsersRemaing = usernames.Length;
while (numUsersRemaing > 0)
{
int iter;
string allUsers = usernames[usernames.Length - numUsersRemaing];
numUsersRemaing--;
for (iter = usernames.Length - numUsersRemaing; iter < usernames.Length; iter++)
{
if (allUsers.Length + usernames[iter].Length + 1 >= 4000)
{
break;
}
allUsers += "," + usernames[iter];
numUsersRemaing--;
}
int numRolesRemaining = roleNames.Length;
while (numRolesRemaining > 0)
{
string allRoles = roleNames[roleNames.Length - numRolesRemaining];
numRolesRemaining--;
for (iter = roleNames.Length - numRolesRemaining; iter < roleNames.Length; iter++)
{
if (allRoles.Length + roleNames[iter].Length + 1 >= 4000)
{
break;
}
allRoles += "," + roleNames[iter];
numRolesRemaining--;
}
if (!beginTranCalled && (numUsersRemaing > 0 || numRolesRemaining > 0))
{
(new SqlCommand("BEGIN TRANSACTION", holder.Connection)).ExecuteNonQuery();
beginTranCalled = true;
}
RemoveUsersFromRolesCore(holder.Connection, allUsers, allRoles);
}
}
if (beginTranCalled)
{
(new SqlCommand("COMMIT TRANSACTION", holder.Connection)).ExecuteNonQuery();
beginTranCalled = false;
}
} catch {
if (beginTranCalled)
{
(new SqlCommand("ROLLBACK TRANSACTION", holder.Connection)).ExecuteNonQuery();
beginTranCalled = false;
}
throw;
} finally {
if (holder != null)
{
holder.Close();
holder = null;
}
}
} catch {
throw;
}
}
//////////////////////////////////////////////////////////////////////
//////////////////////////////////////////////////////////////////////
//////////////////////////////////////////////////////////////////////
public override string[] FindUsersInRole(string roleName, string usernameToMatch)
{
SecUtility.CheckParameter(ref roleName, true, true, true, 256, "roleName");
SecUtility.CheckParameter(ref usernameToMatch, true, true, false, 256, "usernameToMatch");
try {
SqlConnectionHolder holder = null;
try {
holder = SqlConnectionHelper.GetConnection(_sqlConnectionString, true);
CheckSchemaVersion(holder.Connection);
SqlCommand cmd = new SqlCommand("dbo.aspnet_UsersInRoles_FindUsersInRole", holder.Connection);
SqlDataReader reader = null;
SqlParameter p = new SqlParameter("@ReturnValue", SqlDbType.Int);
StringCollection sc = new StringCollection();
cmd.CommandType = CommandType.StoredProcedure;
cmd.CommandTimeout = CommandTimeout;
p.Direction = ParameterDirection.ReturnValue;
cmd.Parameters.Add(p);
cmd.Parameters.Add(CreateInputParam("@ApplicationName", SqlDbType.NVarChar, ApplicationName));
cmd.Parameters.Add(CreateInputParam("@RoleName", SqlDbType.NVarChar, roleName));
cmd.Parameters.Add(CreateInputParam("@UserNameToMatch", SqlDbType.NVarChar, usernameToMatch));
try {
reader = cmd.ExecuteReader(CommandBehavior.SequentialAccess);
while (reader.Read())
{
sc.Add(reader.GetString(0));
}
}
catch
{
throw;
}
finally
{
if (reader != null)
{
reader.Close();
}
}
if (sc.Count < 1)
{
switch (GetReturnValue(cmd))
{
case 0:
return(new string[0]);
case 1:
throw new ProviderException(SR.GetString(SR.Provider_role_not_found, roleName));
default:
throw new ProviderException(SR.GetString(SR.Provider_unknown_failure));
}
}
String[] strReturn = new String[sc.Count];
sc.CopyTo(strReturn, 0);
return(strReturn);
}
finally
{
if (holder != null)
{
holder.Close();
holder = null;
}
}
}
catch
{
throw;
}
}
