public override MembershipUser GetUser(string username, bool userIsOnline)
{
string email = null;
AuthenticationSection authSection =
(AuthenticationSection)WebConfigurationManager.GetWebApplicationSection("system.web/authentication");
FormsAuthenticationUser user = authSection.Forms.Credentials.Users[username.ToLower()];
if (user != null)
{
NameValueCollection emailsSection =
(NameValueCollection)System.Configuration.ConfigurationManager.GetSection("emails");
email = emailsSection[user.Name];
return(new MembershipUser(
"FormsProvider",
username,
null,
email,
null,
null,
true,
false,
// do not use DateTime.MinValue because some WebDAV clients may not properly parse it.
new DateTime(2000, 1, 1),
new DateTime(2000, 1, 1),
new DateTime(2000, 1, 1),
new DateTime(2000, 1, 1),
new DateTime(2000, 1, 1)));
}
return(null);
}
public static bool Authenticate(string name, string password)
{
if (name == null || password == null)
{
return(false);
}
Initialize();
HttpContext context = HttpContext.Current;
if (context == null)
{
throw new HttpException("Context is null!");
}
name = name.ToLower(Helpers.InvariantCulture);
#if NET_2_0
AuthenticationSection section = (AuthenticationSection)WebConfigurationManager.GetSection(authConfigPath);
FormsAuthenticationCredentials config = section.Forms.Credentials;
FormsAuthenticationUser user = config.Users[name];
string stored = null;
if (user != null)
{
stored = user.Password;
}
#else
AuthConfig config = context.GetConfig(authConfigPath) as AuthConfig;
Hashtable users = config.CredentialUsers;
string stored = users [name] as string;
#endif
if (stored == null)
{
return(false);
}
bool caseInsensitive = true;
switch (config.PasswordFormat)
{
case FormsAuthPasswordFormat.Clear:
caseInsensitive = false;
/* Do nothing */
break;
case FormsAuthPasswordFormat.MD5:
password = HashPasswordForStoringInConfigFile(password, FormsAuthPasswordFormat.MD5);
break;
case FormsAuthPasswordFormat.SHA1:
password = HashPasswordForStoringInConfigFile(password, FormsAuthPasswordFormat.MD5);
break;
}
#if NET_2_0
return(String.Compare(password, stored, caseInsensitive ? StringComparison.OrdinalIgnoreCase : StringComparison.Ordinal) == 0);
#else
return(String.Compare(password, stored, caseInsensitive, Helpers.InvariantCulture) == 0);
#endif
}
private static bool InternalAuthenticate(string name, string password)
{
AuthenticationSection authentication;
string str;
string str2;
if ((name != null) && (password != null))
{
Initialize();
authentication = RuntimeConfig.GetAppConfig().Authentication;
authentication.ValidateAuthenticationMode();
FormsAuthenticationUserCollection users = authentication.Forms.Credentials.Users;
if (users == null)
{
return(false);
}
FormsAuthenticationUser user = users[name.ToLower(CultureInfo.InvariantCulture)];
if (user == null)
{
return(false);
}
str = user.Password;
if (str == null)
{
return(false);
}
switch (authentication.Forms.Credentials.PasswordFormat)
{
case FormsAuthPasswordFormat.Clear:
str2 = password;
goto Label_00A3;
case FormsAuthPasswordFormat.SHA1:
str2 = HashPasswordForStoringInConfigFile(password, "sha1");
goto Label_00A3;
case FormsAuthPasswordFormat.MD5:
str2 = HashPasswordForStoringInConfigFile(password, "md5");
goto Label_00A3;
}
}
return(false);
Label_00A3:
return(string.Compare(str2, str, (authentication.Forms.Credentials.PasswordFormat != FormsAuthPasswordFormat.Clear) ? StringComparison.OrdinalIgnoreCase : StringComparison.Ordinal) == 0);
}
public override MembershipUserCollection GetAllUsers(int pageIndex, int pageSize, out int totalRecords)
{
AuthenticationSection authSection =
(AuthenticationSection)WebConfigurationManager.GetWebApplicationSection("system.web/authentication");
NameValueCollection emailsSection =
(NameValueCollection)System.Configuration.ConfigurationManager.GetSection("emails");
totalRecords = authSection.Forms.Credentials.Users.Count;
MembershipUserCollection users = new MembershipUserCollection();
for (int i = pageIndex * pageSize;
i < Math.Min(totalRecords, pageIndex * pageSize + pageSize);
i++)
{
FormsAuthenticationUser user = authSection.Forms.Credentials.Users[i];
string email = null;
email = emailsSection[user.Name];
users.Add(new MembershipUser(
"FormsProvider",
user.Name,
null,
email,
null,
null,
true,
false,
// do not use DateTime.MinValue because some WebDAV clients may not properly parse it.
new DateTime(2000, 1, 1),
new DateTime(2000, 1, 1),
new DateTime(2000, 1, 1),
new DateTime(2000, 1, 1),
new DateTime(2000, 1, 1))
);
}
return(users);
}
public static void Main()
{
// <Snippet1>
// Get the Web application configuration.
System.Configuration.Configuration configuration =
WebConfigurationManager.OpenWebConfiguration(
"/aspnet");
// Get the section.
AuthenticationSection authenticationSection =
(AuthenticationSection)configuration.GetSection(
"system.web/authentication");
// Get the users collection.
FormsAuthenticationUserCollection formsAuthenticationUsers =
authenticationSection.Forms.Credentials.Users;
// </Snippet1>
// <Snippet2>
// </Snippet2>
// <Snippet3>
// Define the user name.
string name = "userName";
// Define the encrypted password.
string password =
"******";
// Create a new FormsAuthenticationUser object.
FormsAuthenticationUser newformsAuthenticationUser =
new FormsAuthenticationUser(name, password);
// </Snippet3>
// <Snippet4>
// Using the Password property.
// Get current password.
string currentPassword =
formsAuthenticationUsers[0].Password;
// Set a SHA1 encrypted password.
// This example uses the SHA1 algorithm.
// Due to collision problems with SHA1, Microsoft recommends SHA256 or better.
formsAuthenticationUsers[0].Password =
"******";
// </Snippet4>
// <Snippet5>
// Using the Name property.
// Get current name.
string currentName =
formsAuthenticationUsers[0].Name;
// Set a new name.
formsAuthenticationUsers[0].Name = "userName";
// </Snippet5>
}
public static void Main()
{
// <Snippet1>
// Get the Web application configuration.
System.Configuration.Configuration configuration =
WebConfigurationManager.OpenWebConfiguration("/aspnetTest");
// Get the authentication section.
AuthenticationSection authenticationSection =
(AuthenticationSection)configuration.GetSection(
"system.web/authentication");
// Get the forms credentials collection .
FormsAuthenticationCredentials formsAuthenticationCredentials =
authenticationSection.Forms.Credentials;
// </Snippet1>
// <Snippet2>
// Create a new FormsAuthenticationCredentials object.
FormsAuthenticationCredentials newformsAuthenticationCredentials =
new FormsAuthenticationCredentials();
// </Snippet2>
// <Snippet3>
// Get the current PasswordFormat property value.
FormsAuthPasswordFormat currentPasswordFormat =
formsAuthenticationCredentials.PasswordFormat;
// Set the PasswordFormat property value.
formsAuthenticationCredentials.PasswordFormat =
FormsAuthPasswordFormat.SHA1;
// </Snippet3>
// <Snippet4>
// Create a new FormsAuthenticationUserCollection object.
FormsAuthenticationUserCollection newformsAuthenticationUser =
new FormsAuthenticationUserCollection();
// </Snippet4>
// <Snippet5>
// Display all credentials collection elements.
StringBuilder credentials = new StringBuilder();
for (System.Int32 i = 0;
i < formsAuthenticationCredentials.Users.Count;
i++)
{
credentials.Append("User: "******"Password: "******"5BAA61E4C9B93F3F0682250B6CF8331B7EE68FD8";
// Define the user name.
string userName = "******";
// Create the new user.
FormsAuthenticationUser currentUser =
new FormsAuthenticationUser(userName, password);
// Execute the Add method.
formsAuthenticationCredentials.Users.Add(currentUser);
// Update if not locked
if (!authenticationSection.SectionInformation.IsLocked)
{
configuration.Save();
}
// </Snippet6>
// <Snippet7>
// Using method Clear.
formsAuthenticationCredentials.Users.Clear();
// Update if not locked
if (!authenticationSection.SectionInformation.IsLocked)
{
configuration.Save();
}
// </Snippet7>
// <Snippet9>
// Using method Remove.
// Execute the Remove method.
formsAuthenticationCredentials.Users.Remove("userName");
// Update if not locked
if (!authenticationSection.SectionInformation.IsLocked)
{
configuration.Save();
}
// </Snippet9>
// <Snippet10>
// Using method RemoveAt.
formsAuthenticationCredentials.Users.RemoveAt(0);
if (!authenticationSection.SectionInformation.IsLocked)
{
configuration.Save();
}
// </Snippet10>
// <Snippet11>
// Using method Set.
// Define the SHA1 encrypted password.
string newPassword =
"******";
// Define the user name.
string currentUserName = "******";
// Create the new user.
FormsAuthenticationUser theUser =
new FormsAuthenticationUser(currentUserName, newPassword);
formsAuthenticationCredentials.Users.Set(theUser);
if (!authenticationSection.SectionInformation.IsLocked)
{
configuration.Save();
}
// </Snippet11>
// <Snippet12>
// Get the user with the specified name.
FormsAuthenticationUser storedUser =
formsAuthenticationCredentials.Users.Get("userName");
// </Snippet12>
// <Snippet13>
// Get the user at the specified index.
FormsAuthenticationUser storedUser2 =
formsAuthenticationCredentials.Users.Get(0);
// </Snippet13>
// <Snippet14>
// Get the key at the specified index.
string thisKey = formsAuthenticationCredentials.Users.GetKey(0).ToString();
// </Snippet14>
// <Snippet15>
// Get the user element at the specified index.
FormsAuthenticationUser storedUser3 =
formsAuthenticationCredentials.Users[0];
// </Snippet15>
// <Snippet16>
// Get the user element with the specified name.
FormsAuthenticationUser storedUser4 =
formsAuthenticationCredentials.Users["userName"];
// </Snippet16>
// <Snippet17>
// Get the collection keys.
object [] keys =
formsAuthenticationCredentials.Users.AllKeys;
// </Snippet17>
}
// Methods
public void Add(FormsAuthenticationUser user)
{
}
public void Set(FormsAuthenticationUser user)
{
}
private static bool InternalAuthenticate(String name, String password)
{
//////////////////////////////////////////////////////////////////////
// Step 1: Make sure we are initialized
if (name == null || password == null)
{
return(false);
}
Initialize();
//////////////////////////////////////////////////////////////////////
// Step 2: Get the user database
AuthenticationSection settings = RuntimeConfig.GetAppConfig().Authentication;
settings.ValidateAuthenticationMode();
FormsAuthenticationUserCollection Users = settings.Forms.Credentials.Users;
// Hashtable hTable = settings.Credentials;
if (Users == null)
{
return(false);
}
//////////////////////////////////////////////////////////////////////
// Step 3: Get the (hashed) password for this user
FormsAuthenticationUser u = Users[name.ToLower(CultureInfo.InvariantCulture)];
if (u == null)
{
return(false);
}
String pass = (String)u.Password;
if (pass == null)
{
return(false);
}
//////////////////////////////////////////////////////////////////////
// Step 4: Hash the given password
String encPassword;
#pragma warning disable 618 // HashPasswordForStorignInConfigFile is now obsolete
switch (settings.Forms.Credentials.PasswordFormat)
{
case FormsAuthPasswordFormat.SHA256:
encPassword = HashPasswordForStoringInConfigFile(password, "sha256");
break;
case FormsAuthPasswordFormat.SHA384:
encPassword = HashPasswordForStoringInConfigFile(password, "sha384");
break;
case FormsAuthPasswordFormat.SHA512:
encPassword = HashPasswordForStoringInConfigFile(password, "sha512");
break;
case FormsAuthPasswordFormat.SHA1:
encPassword = HashPasswordForStoringInConfigFile(password, "sha1");
break;
case FormsAuthPasswordFormat.MD5:
encPassword = HashPasswordForStoringInConfigFile(password, "md5");
break;
case FormsAuthPasswordFormat.Clear:
encPassword = password;
break;
default:
return(false);
}
#pragma warning restore 618
//////////////////////////////////////////////////////////////////////
// Step 5: Compare the hashes
return(String.Compare(encPassword,
pass,
((settings.Forms.Credentials.PasswordFormat != FormsAuthPasswordFormat.Clear)
? StringComparison.OrdinalIgnoreCase : StringComparison.Ordinal))
== 0);
}
// Methods
public void Add(FormsAuthenticationUser user) {}
public void Set(FormsAuthenticationUser user) {}
