/// <internalonly /> protected override void ResetPersonalizationBlob(WebPartManager webPartManager, string path, string userName) { SqlConnectionHolder connectionHolder = null; SqlConnection connection = null; // Extra try-catch block to prevent elevation of privilege attack via exception filter try { try { connectionHolder = GetConnectionHolder(); connection = connectionHolder.Connection; CheckSchemaVersion(connection); ResetPersonalizationState(connection, path, userName); } finally { if (connectionHolder != null) { connectionHolder.Close(); connectionHolder = null; } } } catch { throw; } }
internal void GetConnection(out SqlConnection sqlConn, out SqlCommand sqlCmd) { sqlConn = null; sqlCmd = null; if (this._sqlConn != null) { sqlConn = this._sqlConn; sqlCmd = this._sqlCmd; this._sqlConn = null; this._sqlCmd = null; } else { SqlConnectionHolder connection = null; try { connection = SqlConnectionHelper.GetConnection(this._connectionString, true); sqlCmd = new SqlCommand("dbo.AspNet_SqlCachePollingStoredProcedure", connection.Connection); sqlConn = connection.Connection; } catch { if (connection != null) { connection.Close(); connection = null; } sqlCmd = null; throw; } } }
///////////////////////////////////////////////////////////////////////////// ///////////////////////////////////////////////////////////////////////////// public override int GetNumberOfInactiveProfiles(ProfileAuthenticationOption authenticationOption, DateTime userInactiveSinceDate) { try { SqlConnectionHolder holder = null; try { holder = SqlConnectionHelper.GetConnection(_sqlConnectionString, true); CheckSchemaVersion(holder.Connection); SqlCommand cmd = new SqlCommand("dbo.aspnet_Profile_GetNumberOfInactiveProfiles", holder.Connection); cmd.CommandTimeout = CommandTimeout; cmd.CommandType = CommandType.StoredProcedure; cmd.Parameters.Add(CreateInputParam("@ApplicationName", SqlDbType.NVarChar, ApplicationName)); cmd.Parameters.Add(CreateInputParam("@ProfileAuthOptions", SqlDbType.Int, (int)authenticationOption)); cmd.Parameters.Add(CreateInputParam("@InactiveSinceDate", SqlDbType.DateTime, userInactiveSinceDate.ToUniversalTime())); object o = cmd.ExecuteScalar(); if (o == null || !(o is int)) { return(0); } return((int)o); } finally { if (holder != null) { holder.Close(); holder = null; } } } catch { throw; } }
/// <internalonly /> protected override void LoadPersonalizationBlobs(WebPartManager webPartManager, string path, string userName, ref byte[] sharedDataBlob, ref byte[] userDataBlob) { sharedDataBlob = null; userDataBlob = null; SqlConnectionHolder connectionHolder = null; SqlConnection connection = null; // Extra try-catch block to prevent elevation of privilege attack via exception filter try { try { connectionHolder = GetConnectionHolder(); connection = connectionHolder.Connection; CheckSchemaVersion(connection); sharedDataBlob = LoadPersonalizationBlob(connection, path, null); if (!String.IsNullOrEmpty(userName)) { userDataBlob = LoadPersonalizationBlob(connection, path, userName); } } finally { if (connectionHolder != null) { connectionHolder.Close(); connectionHolder = null; } } } catch { throw; } }
protected override void ResetPersonalizationBlob(WebPartManager webPartManager, string path, string userName) { SqlConnectionHolder connectionHolder = null; SqlConnection connection = null; try { try { connectionHolder = this.GetConnectionHolder(); connection = connectionHolder.Connection; this.CheckSchemaVersion(connection); this.ResetPersonalizationState(connection, path, userName); } finally { if (connectionHolder != null) { connectionHolder.Close(); connectionHolder = null; } } } catch { throw; } }
protected override void LoadPersonalizationBlobs(WebPartManager webPartManager, string path, string userName, ref byte[] sharedDataBlob, ref byte[] userDataBlob) { sharedDataBlob = null; userDataBlob = null; SqlConnectionHolder connectionHolder = null; SqlConnection connection = null; try { try { connectionHolder = this.GetConnectionHolder(); connection = connectionHolder.Connection; this.CheckSchemaVersion(connection); sharedDataBlob = this.LoadPersonalizationBlob(connection, path, null); if (!string.IsNullOrEmpty(userName)) { userDataBlob = this.LoadPersonalizationBlob(connection, path, userName); } } finally { if (connectionHolder != null) { connectionHolder.Close(); connectionHolder = null; } } } catch { throw; } }
////////////////////////////////////////////////////////////////////// ////////////////////////////////////////////////////////////////////// ////////////////////////////////////////////////////////////////////// public override bool IsUserInRole(string username, string roleName) { SecUtility.CheckParameter(ref roleName, true, true, true, 256, "roleName"); SecUtility.CheckParameter(ref username, true, false, true, 256, "username"); if (username.Length < 1) { return(false); } try { SqlConnectionHolder holder = null; try { holder = SqlConnectionHelper.GetConnection(_sqlConnectionString, true); CheckSchemaVersion(holder.Connection); SqlCommand cmd = new SqlCommand("dbo.aspnet_UsersInRoles_IsUserInRole", holder.Connection); cmd.CommandType = CommandType.StoredProcedure; cmd.CommandTimeout = CommandTimeout; SqlParameter p = new SqlParameter("@ReturnValue", SqlDbType.Int); p.Direction = ParameterDirection.ReturnValue; cmd.Parameters.Add(p); cmd.Parameters.Add(CreateInputParam("@ApplicationName", SqlDbType.NVarChar, ApplicationName)); cmd.Parameters.Add(CreateInputParam("@UserName", SqlDbType.NVarChar, username)); cmd.Parameters.Add(CreateInputParam("@RoleName", SqlDbType.NVarChar, roleName)); cmd.ExecuteNonQuery(); int iStatus = GetReturnValue(cmd); switch (iStatus) { case 0: return(false); case 1: return(true); case 2: return(false); // throw new ProviderException(SR.GetString(SR.Provider_user_not_found)); case 3: return(false); // throw new ProviderException(SR.GetString(SR.Provider_role_not_found, roleName)); } throw new ProviderException(SR.GetString(SR.Provider_unknown_failure)); } finally { if (holder != null) { holder.Close(); holder = null; } } } catch { throw; } }
////////////////////////////////////////////////////////////////////// ////////////////////////////////////////////////////////////////////// ////////////////////////////////////////////////////////////////////// public override string [] GetAllRoles() { try { SqlConnectionHolder holder = null; try { holder = SqlConnectionHelper.GetConnection(_sqlConnectionString, true); CheckSchemaVersion(holder.Connection); SqlCommand cmd = new SqlCommand("dbo.aspnet_Roles_GetAllRoles", holder.Connection); StringCollection sc = new StringCollection(); SqlParameter p = new SqlParameter("@ReturnValue", SqlDbType.Int); SqlDataReader reader = null; cmd.CommandType = CommandType.StoredProcedure; cmd.CommandTimeout = CommandTimeout; p.Direction = ParameterDirection.ReturnValue; cmd.Parameters.Add(p); cmd.Parameters.Add(CreateInputParam("@ApplicationName", SqlDbType.NVarChar, ApplicationName)); try { reader = cmd.ExecuteReader(CommandBehavior.SequentialAccess); while (reader.Read()) { sc.Add(reader.GetString(0)); } } catch { throw; } finally { if (reader != null) { reader.Close(); } } String [] strReturn = new String [sc.Count]; sc.CopyTo(strReturn, 0); return(strReturn); } finally { if (holder != null) { holder.Close(); holder = null; } } } catch { throw; } }
public override string[] GetAllRoles() { string[] strArray2; try { SqlConnectionHolder connection = null; try { connection = SqlConnectionHelper.GetConnection(this._sqlConnectionString, true); this.CheckSchemaVersion(connection.Connection); SqlCommand command = new SqlCommand("dbo.aspnet_Roles_GetAllRoles", connection.Connection); StringCollection strings = new StringCollection(); SqlParameter parameter = new SqlParameter("@ReturnValue", SqlDbType.Int); SqlDataReader reader = null; command.CommandType = CommandType.StoredProcedure; command.CommandTimeout = this.CommandTimeout; parameter.Direction = ParameterDirection.ReturnValue; command.Parameters.Add(parameter); command.Parameters.Add(this.CreateInputParam("@ApplicationName", SqlDbType.NVarChar, this.ApplicationName)); try { reader = command.ExecuteReader(CommandBehavior.SequentialAccess); while (reader.Read()) { strings.Add(reader.GetString(0)); } } catch { throw; } finally { if (reader != null) { reader.Close(); } } string[] array = new string[strings.Count]; strings.CopyTo(array, 0); strArray2 = array; } finally { if (connection != null) { connection.Close(); connection = null; } } } catch { throw; } return(strArray2); }
private void WriteToSQL(WebBaseEventCollection events, int eventsDiscardedByBuffer, DateTime lastNotificationUtc) { if (this._retryDate <= DateTime.UtcNow) { try { SqlConnectionHolder connection = SqlConnectionHelper.GetConnection(this._sqlConnectionString, true); SqlCommand sqlCommand = new SqlCommand("dbo.aspnet_WebEvent_LogEvent"); this.CheckSchemaVersion(connection.Connection); sqlCommand.CommandType = CommandType.StoredProcedure; sqlCommand.Connection = connection.Connection; if (this._commandTimeout > -1) { sqlCommand.CommandTimeout = this._commandTimeout; } this.PrepareParams(sqlCommand); try { connection.Open(null, true); Interlocked.Increment(ref this._connectionCount); if (eventsDiscardedByBuffer != 0) { WebBaseEvent eventRaised = new WebBaseEvent(System.Web.SR.GetString("Sql_webevent_provider_events_dropped", new object[] { eventsDiscardedByBuffer.ToString(CultureInfo.InstalledUICulture), lastNotificationUtc.ToString("r", CultureInfo.InstalledUICulture) }), null, 0x1771, 0xc47d); this.FillParams(sqlCommand, eventRaised); sqlCommand.ExecuteNonQuery(); } foreach (WebBaseEvent event3 in events) { this.FillParams(sqlCommand, event3); sqlCommand.ExecuteNonQuery(); } } finally { connection.Close(); Interlocked.Decrement(ref this._connectionCount); } try { this.EventProcessingComplete(events); } catch { } } catch { double num = 30.0; if (this._commandTimeout > -1) { num = this._commandTimeout; } this._retryDate = DateTime.UtcNow.AddSeconds(num); throw; } } }
private int GetCountOfSharedState(string path) { SqlConnectionHolder connectionHolder = null; SqlConnection connection = null; int count = 0; // Extra try-catch block to prevent elevation of privilege attack via exception filter try { try { connectionHolder = GetConnectionHolder(); connection = connectionHolder.Connection; Debug.Assert(connection != null); CheckSchemaVersion(connection); SqlCommand command = new SqlCommand("dbo.aspnet_PersonalizationAdministration_GetCountOfState", connection); SetCommandTypeAndTimeout(command); SqlParameterCollection parameters = command.Parameters; SqlParameter parameter = parameters.Add(new SqlParameter("Count", SqlDbType.Int)); parameter.Direction = ParameterDirection.Output; parameter = parameters.Add(new SqlParameter("AllUsersScope", SqlDbType.Bit)); parameter.Value = true; parameters.AddWithValue("ApplicationName", ApplicationName); parameter = parameters.Add("Path", SqlDbType.NVarChar); if (path != null) { parameter.Value = path; } parameter = parameters.Add("UserName", SqlDbType.NVarChar); parameter = parameters.Add("InactiveSinceDate", SqlDbType.DateTime); command.ExecuteNonQuery(); parameter = command.Parameters[0]; if (parameter != null && parameter.Value != null && parameter.Value is Int32) { count = (Int32)parameter.Value; } } finally { if (connectionHolder != null) { connectionHolder.Close(); connectionHolder = null; } } } catch { throw; } return(count); }
private int GetCountOfUserState(string path, DateTime inactiveSinceDate, string username) { SqlConnectionHolder connectionHolder = null; SqlConnection connection = null; int num = 0; try { try { connectionHolder = this.GetConnectionHolder(); connection = connectionHolder.Connection; this.CheckSchemaVersion(connection); SqlCommand command = new SqlCommand("dbo.aspnet_PersonalizationAdministration_GetCountOfState", connection); this.SetCommandTypeAndTimeout(command); SqlParameterCollection parameters = command.Parameters; parameters.Add(new SqlParameter("Count", SqlDbType.Int)).Direction = ParameterDirection.Output; parameters.Add(new SqlParameter("AllUsersScope", SqlDbType.Bit)).Value = false; parameters.AddWithValue("ApplicationName", this.ApplicationName); SqlParameter parameter = parameters.Add("Path", SqlDbType.NVarChar); if (path != null) { parameter.Value = path; } parameter = parameters.Add("UserName", SqlDbType.NVarChar); if (username != null) { parameter.Value = username; } parameter = parameters.Add("InactiveSinceDate", SqlDbType.DateTime); if (inactiveSinceDate != PersonalizationAdministration.DefaultInactiveSinceDate) { parameter.Value = inactiveSinceDate.ToUniversalTime(); } command.ExecuteNonQuery(); parameter = command.Parameters[0]; if (((parameter != null) && (parameter.Value != null)) && (parameter.Value is int)) { num = (int)parameter.Value; } } finally { if (connectionHolder != null) { connectionHolder.Close(); connectionHolder = null; } } } catch { throw; } return(num); }
//////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////// public override void SetPropertyValues(SettingsContext sc, SettingsPropertyValueCollection properties) { string username = (string)sc["UserName"]; bool userIsAuthenticated = (bool)sc["IsAuthenticated"]; if (username == null || username.Length < 1 || properties.Count < 1) { return; } string names = String.Empty; string values = String.Empty; byte [] buf = null; ProfileModule.PrepareDataForSaving(ref names, ref values, ref buf, true, properties, userIsAuthenticated); if (names.Length == 0) { return; } try { SqlConnectionHolder holder = null; try { holder = SqlConnectionHelper.GetConnection(_sqlConnectionString, true); CheckSchemaVersion(holder.Connection); SqlCommand cmd = new SqlCommand("dbo.aspnet_Profile_SetProperties", holder.Connection); cmd.CommandTimeout = CommandTimeout; cmd.CommandType = CommandType.StoredProcedure; cmd.Parameters.Add(CreateInputParam("@ApplicationName", SqlDbType.NVarChar, ApplicationName)); cmd.Parameters.Add(CreateInputParam("@UserName", SqlDbType.NVarChar, username)); cmd.Parameters.Add(CreateInputParam("@PropertyNames", SqlDbType.NText, names)); cmd.Parameters.Add(CreateInputParam("@PropertyValuesString", SqlDbType.NText, values)); cmd.Parameters.Add(CreateInputParam("@PropertyValuesBinary", SqlDbType.Image, buf)); cmd.Parameters.Add(CreateInputParam("@IsUserAnonymous", SqlDbType.Bit, !userIsAuthenticated)); cmd.Parameters.Add(CreateInputParam("@CurrentTimeUtc", SqlDbType.DateTime, DateTime.UtcNow)); cmd.ExecuteNonQuery(); } finally { if (holder != null) { holder.Close(); holder = null; } } } catch { throw; } }
public override bool RoleExists(string roleName) { bool flag; SecUtility.CheckParameter(ref roleName, true, true, true, 0x100, "roleName"); try { SqlConnectionHolder connection = null; try { connection = SqlConnectionHelper.GetConnection(this._sqlConnectionString, true); this.CheckSchemaVersion(connection.Connection); SqlCommand cmd = new SqlCommand("dbo.aspnet_Roles_RoleExists", connection.Connection) { CommandType = CommandType.StoredProcedure, CommandTimeout = this.CommandTimeout }; SqlParameter parameter = new SqlParameter("@ReturnValue", SqlDbType.Int) { Direction = ParameterDirection.ReturnValue }; cmd.Parameters.Add(parameter); cmd.Parameters.Add(this.CreateInputParam("@ApplicationName", SqlDbType.NVarChar, this.ApplicationName)); cmd.Parameters.Add(this.CreateInputParam("@RoleName", SqlDbType.NVarChar, roleName)); cmd.ExecuteNonQuery(); switch (this.GetReturnValue(cmd)) { case 0: return(false); case 1: return(true); } throw new ProviderException(System.Web.SR.GetString("Provider_unknown_failure")); } finally { if (connection != null) { connection.Close(); connection = null; } } } catch { throw; } return(flag); }
public override void SetPropertyValues(SettingsContext sc, SettingsPropertyValueCollection properties) { string objValue = (string)sc["UserName"]; bool userIsAuthenticated = (bool)sc["IsAuthenticated"]; if (((objValue != null) && (objValue.Length >= 1)) && (properties.Count >= 1)) { string allNames = string.Empty; string allValues = string.Empty; byte[] buf = null; ProfileModule.PrepareDataForSaving(ref allNames, ref allValues, ref buf, true, properties, userIsAuthenticated); if (allNames.Length != 0) { try { SqlConnectionHolder connection = null; try { connection = SqlConnectionHelper.GetConnection(this._sqlConnectionString, true); this.CheckSchemaVersion(connection.Connection); SqlCommand command = new SqlCommand("dbo.aspnet_Profile_SetProperties", connection.Connection) { CommandTimeout = this.CommandTimeout, CommandType = CommandType.StoredProcedure }; command.Parameters.Add(this.CreateInputParam("@ApplicationName", SqlDbType.NVarChar, this.ApplicationName)); command.Parameters.Add(this.CreateInputParam("@UserName", SqlDbType.NVarChar, objValue)); command.Parameters.Add(this.CreateInputParam("@PropertyNames", SqlDbType.NText, allNames)); command.Parameters.Add(this.CreateInputParam("@PropertyValuesString", SqlDbType.NText, allValues)); command.Parameters.Add(this.CreateInputParam("@PropertyValuesBinary", SqlDbType.Image, buf)); command.Parameters.Add(this.CreateInputParam("@IsUserAnonymous", SqlDbType.Bit, !userIsAuthenticated)); command.Parameters.Add(this.CreateInputParam("@CurrentTimeUtc", SqlDbType.DateTime, DateTime.UtcNow)); command.ExecuteNonQuery(); } finally { if (connection != null) { connection.Close(); connection = null; } } } catch { throw; } } } }
////////////////////////////////////////////////////////////////////// ////////////////////////////////////////////////////////////////////// ////////////////////////////////////////////////////////////////////// public override void CreateRole(string roleName) { SecUtility.CheckParameter(ref roleName, true, true, true, 256, "roleName"); try { SqlConnectionHolder holder = null; try { holder = SqlConnectionHelper.GetConnection(_sqlConnectionString, true); CheckSchemaVersion(holder.Connection); SqlCommand cmd = new SqlCommand("dbo.aspnet_Roles_CreateRole", holder.Connection); cmd.CommandType = CommandType.StoredProcedure; cmd.CommandTimeout = CommandTimeout; SqlParameter p = new SqlParameter("@ReturnValue", SqlDbType.Int); p.Direction = ParameterDirection.ReturnValue; cmd.Parameters.Add(p); cmd.Parameters.Add(CreateInputParam("@ApplicationName", SqlDbType.NVarChar, ApplicationName)); cmd.Parameters.Add(CreateInputParam("@RoleName", SqlDbType.NVarChar, roleName)); cmd.ExecuteNonQuery(); int returnValue = GetReturnValue(cmd); switch (returnValue) { case 0: return; case 1: throw new ProviderException(SR.GetString(SR.Provider_role_already_exists, roleName)); default: throw new ProviderException(SR.GetString(SR.Provider_unknown_failure)); } } finally { if (holder != null) { holder.Close(); holder = null; } } } catch { throw; } }
public override bool DeleteRole(string roleName, bool throwOnPopulatedRole) { bool flag; SecUtility.CheckParameter(ref roleName, true, true, true, 0x100, "roleName"); try { SqlConnectionHolder connection = null; try { connection = SqlConnectionHelper.GetConnection(this._sqlConnectionString, true); this.CheckSchemaVersion(connection.Connection); SqlCommand cmd = new SqlCommand("dbo.aspnet_Roles_DeleteRole", connection.Connection) { CommandType = CommandType.StoredProcedure, CommandTimeout = this.CommandTimeout }; SqlParameter parameter = new SqlParameter("@ReturnValue", SqlDbType.Int) { Direction = ParameterDirection.ReturnValue }; cmd.Parameters.Add(parameter); cmd.Parameters.Add(this.CreateInputParam("@ApplicationName", SqlDbType.NVarChar, this.ApplicationName)); cmd.Parameters.Add(this.CreateInputParam("@RoleName", SqlDbType.NVarChar, roleName)); cmd.Parameters.Add(this.CreateInputParam("@DeleteOnlyIfRoleIsEmpty", SqlDbType.Bit, throwOnPopulatedRole ? 1 : 0)); cmd.ExecuteNonQuery(); int returnValue = this.GetReturnValue(cmd); if (returnValue == 2) { throw new ProviderException(System.Web.SR.GetString("Role_is_not_empty")); } flag = returnValue == 0; } finally { if (connection != null) { connection.Close(); connection = null; } } } catch { throw; } return(flag); }
////////////////////////////////////////////////////////////////////// ////////////////////////////////////////////////////////////////////// ////////////////////////////////////////////////////////////////////// public override bool DeleteRole(string roleName, bool throwOnPopulatedRole) { SecUtility.CheckParameter(ref roleName, true, true, true, 256, "roleName"); try { SqlConnectionHolder holder = null; try { holder = SqlConnectionHelper.GetConnection(_sqlConnectionString, true); CheckSchemaVersion(holder.Connection); SqlCommand cmd = new SqlCommand("dbo.aspnet_Roles_DeleteRole", holder.Connection); cmd.CommandType = CommandType.StoredProcedure; cmd.CommandTimeout = CommandTimeout; SqlParameter p = new SqlParameter("@ReturnValue", SqlDbType.Int); p.Direction = ParameterDirection.ReturnValue; cmd.Parameters.Add(p); cmd.Parameters.Add(CreateInputParam("@ApplicationName", SqlDbType.NVarChar, ApplicationName)); cmd.Parameters.Add(CreateInputParam("@RoleName", SqlDbType.NVarChar, roleName)); cmd.Parameters.Add(CreateInputParam("@DeleteOnlyIfRoleIsEmpty", SqlDbType.Bit, throwOnPopulatedRole ? 1 : 0)); cmd.ExecuteNonQuery(); int returnValue = GetReturnValue(cmd); if (returnValue == 2) { throw new ProviderException(SR.GetString(SR.Role_is_not_empty)); } return(returnValue == 0); } finally { if (holder != null) { holder.Close(); holder = null; } } } catch { throw; } }
/// <devdoc> /// </devdoc> internal static SqlConnectionHolder GetConnection(string connectionString, bool revertImpersonation) { var holder = new SqlConnectionHolder(connectionString); var closeConn = true; try { holder.Open(revertImpersonation); closeConn = false; } finally { if (closeConn) { holder.Close(); holder = null; } } return holder; }
internal static SqlConnectionHolder GetConnection(string connectionString) { var holder = new SqlConnectionHolder(connectionString); bool closeConn = true; try { holder.Open(); closeConn = false; } finally { if (closeConn) { holder.Close(); holder = null; } } return(holder); }
public override int DeleteInactiveProfiles(ProfileAuthenticationOption authenticationOption, DateTime userInactiveSinceDate) { int num; try { SqlConnectionHolder connection = null; try { connection = SqlConnectionHelper.GetConnection(this._sqlConnectionString, true); this.CheckSchemaVersion(connection.Connection); SqlCommand command = new SqlCommand("dbo.aspnet_Profile_DeleteInactiveProfiles", connection.Connection) { CommandTimeout = this.CommandTimeout, CommandType = CommandType.StoredProcedure }; command.Parameters.Add(this.CreateInputParam("@ApplicationName", SqlDbType.NVarChar, this.ApplicationName)); command.Parameters.Add(this.CreateInputParam("@ProfileAuthOptions", SqlDbType.Int, (int)authenticationOption)); command.Parameters.Add(this.CreateInputParam("@InactiveSinceDate", SqlDbType.DateTime, userInactiveSinceDate.ToUniversalTime())); object obj2 = command.ExecuteScalar(); if ((obj2 == null) || !(obj2 is int)) { return(0); } num = (int)obj2; } finally { if (connection != null) { connection.Close(); connection = null; } } } catch { throw; } return(num); }
private int ResetAllState(PersonalizationScope scope) { SqlConnectionHolder connectionHolder = null; SqlConnection connection = null; int num = 0; try { try { connectionHolder = this.GetConnectionHolder(); connection = connectionHolder.Connection; this.CheckSchemaVersion(connection); SqlCommand command = new SqlCommand("dbo.aspnet_PersonalizationAdministration_DeleteAllState", connection); this.SetCommandTypeAndTimeout(command); SqlParameterCollection parameters = command.Parameters; parameters.Add(new SqlParameter("AllUsersScope", SqlDbType.Bit)).Value = scope == PersonalizationScope.Shared; parameters.AddWithValue("ApplicationName", this.ApplicationName); parameters.Add(new SqlParameter("Count", SqlDbType.Int)).Direction = ParameterDirection.Output; command.ExecuteNonQuery(); SqlParameter parameter = command.Parameters[2]; if (((parameter != null) && (parameter.Value != null)) && (parameter.Value is int)) { num = (int)parameter.Value; } } finally { if (connectionHolder != null) { connectionHolder.Close(); connectionHolder = null; } } } catch { throw; } return(num); }
/// <internalonly /> protected override void SavePersonalizationBlob(WebPartManager webPartManager, string path, string userName, byte[] dataBlob) { SqlConnectionHolder connectionHolder = null; SqlConnection connection = null; // Extra try-catch block to prevent elevation of privilege attack via exception filter try { try { connectionHolder = GetConnectionHolder(); connection = connectionHolder.Connection; CheckSchemaVersion(connection); SavePersonalizationState(connection, path, userName, dataBlob); } catch (SqlException sqlEx) { // Check if it failed due to duplicate user name if (userName != null && (sqlEx.Number == 2627 || sqlEx.Number == 2601 || sqlEx.Number == 2512)) { // Try again, because it failed first time with duplicate user name SavePersonalizationState(connection, path, userName, dataBlob); } else { throw; } } finally { if (connectionHolder != null) { connectionHolder.Close(); connectionHolder = null; } } } catch { throw; } }
protected override void SavePersonalizationBlob(WebPartManager webPartManager, string path, string userName, byte[] dataBlob) { SqlConnectionHolder connectionHolder = null; SqlConnection connection = null; try { try { connectionHolder = this.GetConnectionHolder(); connection = connectionHolder.Connection; this.CheckSchemaVersion(connection); this.SavePersonalizationState(connection, path, userName, dataBlob); } catch (SqlException exception) { if ((userName == null) || (((exception.Number != 0xa43) && (exception.Number != 0xa29)) && (exception.Number != 0x9d0))) { throw; } this.SavePersonalizationState(connection, path, userName, dataBlob); } finally { if (connectionHolder != null) { connectionHolder.Close(); connectionHolder = null; } } } catch { throw; } }
public override void RemoveUsersFromRoles(string[] usernames, string[] roleNames) { SecUtility.CheckArrayParameter(ref roleNames, true, true, true, 0x100, "roleNames"); SecUtility.CheckArrayParameter(ref usernames, true, true, true, 0x100, "usernames"); bool flag = false; try { SqlConnectionHolder connection = null; try { connection = SqlConnectionHelper.GetConnection(this._sqlConnectionString, true); this.CheckSchemaVersion(connection.Connection); int length = usernames.Length; while (length > 0) { string str = usernames[usernames.Length - length]; length--; int index = usernames.Length - length; while (index < usernames.Length) { if (((str.Length + usernames[index].Length) + 1) >= 0xfa0) { break; } str = str + "," + usernames[index]; length--; index++; } int num3 = roleNames.Length; while (num3 > 0) { string str2 = roleNames[roleNames.Length - num3]; num3--; for (index = roleNames.Length - num3; index < roleNames.Length; index++) { if (((str2.Length + roleNames[index].Length) + 1) >= 0xfa0) { break; } str2 = str2 + "," + roleNames[index]; num3--; } if (!flag && ((length > 0) || (num3 > 0))) { new SqlCommand("BEGIN TRANSACTION", connection.Connection).ExecuteNonQuery(); flag = true; } this.RemoveUsersFromRolesCore(connection.Connection, str, str2); } } if (flag) { new SqlCommand("COMMIT TRANSACTION", connection.Connection).ExecuteNonQuery(); flag = false; } } catch { if (flag) { new SqlCommand("ROLLBACK TRANSACTION", connection.Connection).ExecuteNonQuery(); flag = false; } throw; } finally { if (connection != null) { connection.Close(); connection = null; } } } catch { throw; } }
public override string[] GetUsersInRole(string roleName) { string[] strArray2; SecUtility.CheckParameter(ref roleName, true, true, true, 0x100, "roleName"); try { SqlConnectionHolder connection = null; try { connection = SqlConnectionHelper.GetConnection(this._sqlConnectionString, true); this.CheckSchemaVersion(connection.Connection); SqlCommand cmd = new SqlCommand("dbo.aspnet_UsersInRoles_GetUsersInRoles", connection.Connection); SqlDataReader reader = null; SqlParameter parameter = new SqlParameter("@ReturnValue", SqlDbType.Int); StringCollection strings = new StringCollection(); cmd.CommandType = CommandType.StoredProcedure; cmd.CommandTimeout = this.CommandTimeout; parameter.Direction = ParameterDirection.ReturnValue; cmd.Parameters.Add(parameter); cmd.Parameters.Add(this.CreateInputParam("@ApplicationName", SqlDbType.NVarChar, this.ApplicationName)); cmd.Parameters.Add(this.CreateInputParam("@RoleName", SqlDbType.NVarChar, roleName)); try { reader = cmd.ExecuteReader(CommandBehavior.SequentialAccess); while (reader.Read()) { strings.Add(reader.GetString(0)); } } catch { throw; } finally { if (reader != null) { reader.Close(); } } if (strings.Count < 1) { switch (this.GetReturnValue(cmd)) { case 0: return(new string[0]); case 1: throw new ProviderException(System.Web.SR.GetString("Provider_role_not_found", new object[] { roleName })); } throw new ProviderException(System.Web.SR.GetString("Provider_unknown_failure")); } string[] array = new string[strings.Count]; strings.CopyTo(array, 0); strArray2 = array; } finally { if (connection != null) { connection.Close(); connection = null; } } } catch { throw; } return(strArray2); }
private int ResetUserState(ResetUserStateMode mode, DateTime userInactiveSinceDate, string[] paths, string[] usernames) { SqlConnectionHolder connectionHolder = null; SqlConnection connection = null; int count = 0; // Extra try-catch block to prevent elevation of privilege attack via exception filter try { bool beginTranCalled = false; try { connectionHolder = GetConnectionHolder(); connection = connectionHolder.Connection; Debug.Assert(connection != null); CheckSchemaVersion(connection); SqlCommand command = new SqlCommand("dbo.aspnet_PersonalizationAdministration_ResetUserState", connection); SetCommandTypeAndTimeout(command); SqlParameterCollection parameters = command.Parameters; SqlParameter parameter = parameters.Add(new SqlParameter("Count", SqlDbType.Int)); parameter.Direction = ParameterDirection.Output; parameters.AddWithValue("ApplicationName", ApplicationName); string firstPath = (paths != null && paths.Length > 0) ? paths[0] : null; if (mode == ResetUserStateMode.PerInactiveDate) { if (userInactiveSinceDate != PersonalizationAdministration.DefaultInactiveSinceDate) { // Special note: DateTime object cannot be added to collection // via AddWithValue for some reason. parameter = parameters.Add("InactiveSinceDate", SqlDbType.DateTime); parameter.Value = userInactiveSinceDate.ToUniversalTime(); } if (firstPath != null) { parameters.AddWithValue("Path", firstPath); } command.ExecuteNonQuery(); SqlParameter countParam = command.Parameters[0]; if (countParam != null && countParam.Value != null && countParam.Value is Int32) { count = (Int32)countParam.Value; } } else if (mode == ResetUserStateMode.PerPaths) { Debug.Assert(paths != null); parameter = parameters.Add("Path", SqlDbType.NVarChar); foreach (string path in paths) { if (!beginTranCalled && paths.Length > 1) { (new SqlCommand("BEGIN TRANSACTION", connection)).ExecuteNonQuery(); beginTranCalled = true; } parameter.Value = path; command.ExecuteNonQuery(); SqlParameter countParam = command.Parameters[0]; if (countParam != null && countParam.Value != null && countParam.Value is Int32) { count += (Int32)countParam.Value; } } } else { Debug.Assert(mode == ResetUserStateMode.PerUsers); if (firstPath != null) { parameters.AddWithValue("Path", firstPath); } parameter = parameters.Add("UserName", SqlDbType.NVarChar); foreach (string user in usernames) { if (!beginTranCalled && usernames.Length > 1) { (new SqlCommand("BEGIN TRANSACTION", connection)).ExecuteNonQuery(); beginTranCalled = true; } parameter.Value = user; command.ExecuteNonQuery(); SqlParameter countParam = command.Parameters[0]; if (countParam != null && countParam.Value != null && countParam.Value is Int32) { count += (Int32)countParam.Value; } } } if (beginTranCalled) { (new SqlCommand("COMMIT TRANSACTION", connection)).ExecuteNonQuery(); beginTranCalled = false; } } catch { if (beginTranCalled) { (new SqlCommand("ROLLBACK TRANSACTION", connection)).ExecuteNonQuery(); beginTranCalled = false; } throw; } finally { if (connectionHolder != null) { connectionHolder.Close(); connectionHolder = null; } } } catch { throw; } return(count); }
private int ResetSharedState(string[] paths) { int resultCount = 0; if (paths == null) { resultCount = ResetAllState(PersonalizationScope.Shared); } else { SqlConnectionHolder connectionHolder = null; SqlConnection connection = null; // Extra try-catch block to prevent elevation of privilege attack via exception filter try { bool beginTranCalled = false; try { connectionHolder = GetConnectionHolder(); connection = connectionHolder.Connection; Debug.Assert(connection != null); CheckSchemaVersion(connection); SqlCommand command = new SqlCommand("dbo.aspnet_PersonalizationAdministration_ResetSharedState", connection); SetCommandTypeAndTimeout(command); SqlParameterCollection parameters = command.Parameters; SqlParameter parameter = parameters.Add(new SqlParameter("Count", SqlDbType.Int)); parameter.Direction = ParameterDirection.Output; parameters.AddWithValue("ApplicationName", ApplicationName); parameter = parameters.Add("Path", SqlDbType.NVarChar); foreach (string path in paths) { if (!beginTranCalled && paths.Length > 1) { (new SqlCommand("BEGIN TRANSACTION", connection)).ExecuteNonQuery(); beginTranCalled = true; } parameter.Value = path; command.ExecuteNonQuery(); SqlParameter countParam = command.Parameters[0]; if (countParam != null && countParam.Value != null && countParam.Value is Int32) { resultCount += (Int32)countParam.Value; } } if (beginTranCalled) { (new SqlCommand("COMMIT TRANSACTION", connection)).ExecuteNonQuery(); beginTranCalled = false; } } catch { if (beginTranCalled) { (new SqlCommand("ROLLBACK TRANSACTION", connection)).ExecuteNonQuery(); beginTranCalled = false; } throw; } finally { if (connectionHolder != null) { connectionHolder.Close(); connectionHolder = null; } } } catch { throw; } } return(resultCount); }
private PersonalizationStateInfoCollection FindSharedState(string path, int pageIndex, int pageSize, out int totalRecords) { SqlConnectionHolder connectionHolder = null; SqlConnection connection = null; SqlDataReader reader = null; totalRecords = 0; // Extra try-catch block to prevent elevation of privilege attack via exception filter try { try { connectionHolder = GetConnectionHolder(); connection = connectionHolder.Connection; Debug.Assert(connection != null); CheckSchemaVersion(connection); SqlCommand command = new SqlCommand("dbo.aspnet_PersonalizationAdministration_FindState", connection); SetCommandTypeAndTimeout(command); SqlParameterCollection parameters = command.Parameters; SqlParameter parameter = parameters.Add(new SqlParameter("AllUsersScope", SqlDbType.Bit)); parameter.Value = true; parameters.AddWithValue("ApplicationName", ApplicationName); parameters.AddWithValue("PageIndex", pageIndex); parameters.AddWithValue("PageSize", pageSize); SqlParameter returnValue = new SqlParameter("@ReturnValue", SqlDbType.Int); returnValue.Direction = ParameterDirection.ReturnValue; parameters.Add(returnValue); parameter = parameters.Add("Path", SqlDbType.NVarChar); if (path != null) { parameter.Value = path; } parameter = parameters.Add("UserName", SqlDbType.NVarChar); parameter = parameters.Add("InactiveSinceDate", SqlDbType.DateTime); reader = command.ExecuteReader(CommandBehavior.SequentialAccess); PersonalizationStateInfoCollection sharedStateInfoCollection = new PersonalizationStateInfoCollection(); if (reader != null) { if (reader.HasRows) { while (reader.Read()) { string returnedPath = reader.GetString(0); // Data can be null if there is no data associated with the path DateTime lastUpdatedDate = (reader.IsDBNull(1)) ? DateTime.MinValue : DateTime.SpecifyKind(reader.GetDateTime(1), DateTimeKind.Utc); int size = (reader.IsDBNull(2)) ? 0 : reader.GetInt32(2); int userDataSize = (reader.IsDBNull(3)) ? 0 : reader.GetInt32(3); int userCount = (reader.IsDBNull(4)) ? 0 : reader.GetInt32(4); sharedStateInfoCollection.Add(new SharedPersonalizationStateInfo( returnedPath, lastUpdatedDate, size, userDataSize, userCount)); } } // The reader needs to be closed so return value can be accessed // See MSDN doc for SqlParameter.Direction for details. reader.Close(); reader = null; } // Set the total count at the end after all operations pass if (returnValue.Value != null && returnValue.Value is int) { totalRecords = (int)returnValue.Value; } return(sharedStateInfoCollection); } finally { if (reader != null) { reader.Close(); } if (connectionHolder != null) { connectionHolder.Close(); connectionHolder = null; } } } catch { throw; } }
////////////////////////////////////////////////////////////////////// ////////////////////////////////////////////////////////////////////// ////////////////////////////////////////////////////////////////////// public override void RemoveUsersFromRoles(string[] usernames, string[] roleNames) { SecUtility.CheckArrayParameter(ref roleNames, true, true, true, 256, "roleNames"); SecUtility.CheckArrayParameter(ref usernames, true, true, true, 256, "usernames"); bool beginTranCalled = false; try { SqlConnectionHolder holder = null; try { holder = SqlConnectionHelper.GetConnection(_sqlConnectionString, true); CheckSchemaVersion(holder.Connection); int numUsersRemaing = usernames.Length; while (numUsersRemaing > 0) { int iter; string allUsers = usernames[usernames.Length - numUsersRemaing]; numUsersRemaing--; for (iter = usernames.Length - numUsersRemaing; iter < usernames.Length; iter++) { if (allUsers.Length + usernames[iter].Length + 1 >= 4000) { break; } allUsers += "," + usernames[iter]; numUsersRemaing--; } int numRolesRemaining = roleNames.Length; while (numRolesRemaining > 0) { string allRoles = roleNames[roleNames.Length - numRolesRemaining]; numRolesRemaining--; for (iter = roleNames.Length - numRolesRemaining; iter < roleNames.Length; iter++) { if (allRoles.Length + roleNames[iter].Length + 1 >= 4000) { break; } allRoles += "," + roleNames[iter]; numRolesRemaining--; } if (!beginTranCalled && (numUsersRemaing > 0 || numRolesRemaining > 0)) { (new SqlCommand("BEGIN TRANSACTION", holder.Connection)).ExecuteNonQuery(); beginTranCalled = true; } RemoveUsersFromRolesCore(holder.Connection, allUsers, allRoles); } } if (beginTranCalled) { (new SqlCommand("COMMIT TRANSACTION", holder.Connection)).ExecuteNonQuery(); beginTranCalled = false; } } catch { if (beginTranCalled) { (new SqlCommand("ROLLBACK TRANSACTION", holder.Connection)).ExecuteNonQuery(); beginTranCalled = false; } throw; } finally { if (holder != null) { holder.Close(); holder = null; } } } catch { throw; } }
////////////////////////////////////////////////////////////////////// ////////////////////////////////////////////////////////////////////// ////////////////////////////////////////////////////////////////////// public override string[] FindUsersInRole(string roleName, string usernameToMatch) { SecUtility.CheckParameter(ref roleName, true, true, true, 256, "roleName"); SecUtility.CheckParameter(ref usernameToMatch, true, true, false, 256, "usernameToMatch"); try { SqlConnectionHolder holder = null; try { holder = SqlConnectionHelper.GetConnection(_sqlConnectionString, true); CheckSchemaVersion(holder.Connection); SqlCommand cmd = new SqlCommand("dbo.aspnet_UsersInRoles_FindUsersInRole", holder.Connection); SqlDataReader reader = null; SqlParameter p = new SqlParameter("@ReturnValue", SqlDbType.Int); StringCollection sc = new StringCollection(); cmd.CommandType = CommandType.StoredProcedure; cmd.CommandTimeout = CommandTimeout; p.Direction = ParameterDirection.ReturnValue; cmd.Parameters.Add(p); cmd.Parameters.Add(CreateInputParam("@ApplicationName", SqlDbType.NVarChar, ApplicationName)); cmd.Parameters.Add(CreateInputParam("@RoleName", SqlDbType.NVarChar, roleName)); cmd.Parameters.Add(CreateInputParam("@UserNameToMatch", SqlDbType.NVarChar, usernameToMatch)); try { reader = cmd.ExecuteReader(CommandBehavior.SequentialAccess); while (reader.Read()) { sc.Add(reader.GetString(0)); } } catch { throw; } finally { if (reader != null) { reader.Close(); } } if (sc.Count < 1) { switch (GetReturnValue(cmd)) { case 0: return(new string[0]); case 1: throw new ProviderException(SR.GetString(SR.Provider_role_not_found, roleName)); default: throw new ProviderException(SR.GetString(SR.Provider_unknown_failure)); } } String[] strReturn = new String[sc.Count]; sc.CopyTo(strReturn, 0); return(strReturn); } finally { if (holder != null) { holder.Close(); holder = null; } } } catch { throw; } }