Exemple #1
0
 internal static void CheckUnrecognizedAttributes(NameValueCollection config, string providerName)
 {
     if (config.Count > 0)
     {
         string attribUnrecognized = config.GetKey(0);
         if (!String.IsNullOrEmpty(attribUnrecognized))
         {
             throw new ConfigurationErrorsException(
                       SecurityMessage.GetString(SecurityMessage.Unexpected_provider_attribute, attribUnrecognized, providerName));
         }
     }
 }
        private void RemoveUsersFromRolesCore(SqlConnection conn, string usernames, string roleNames)
        {
            SqlCommand    cmd = new SqlCommand("dbo.Aspnet_UsersInRoles_RemoveUsersFromRoles", conn);
            SqlDataReader reader = null;
            SqlParameter  p = new SqlParameter("@ReturnValue", SqlDbType.Int);
            string        s1 = String.Empty, s2 = String.Empty;

            cmd.CommandType    = CommandType.StoredProcedure;
            cmd.CommandTimeout = CommandTimeout;

            p.Direction = ParameterDirection.ReturnValue;
            cmd.Parameters.Add(p);
            cmd.Parameters.Add(CreateInputParam("@ApplicationName", SqlDbType.NVarChar, ApplicationName));
            cmd.Parameters.Add(CreateInputParam("@UserNames", SqlDbType.NVarChar, usernames));
            cmd.Parameters.Add(CreateInputParam("@RoleNames", SqlDbType.NVarChar, roleNames));
            try
            {
                reader = cmd.ExecuteReader(CommandBehavior.SingleRow);
                if (reader.Read())
                {
                    if (reader.FieldCount > 0)
                    {
                        s1 = reader.GetString(0);
                    }
                    if (reader.FieldCount > 1)
                    {
                        s2 = reader.GetString(1);
                    }
                }
            }
            finally
            {
                if (reader != null)
                {
                    reader.Close();
                }
            }
            switch (GetReturnValue(cmd))
            {
            case 0:
                return;

            case 1:
                throw new ProviderException(SecurityMessage.GetString(SecurityMessage.Provider_this_user_not_found, s1));

            case 2:
                throw new ProviderException(SecurityMessage.GetString(SecurityMessage.Provider_role_not_found, s2));

            case 3:
                throw new ProviderException(SecurityMessage.GetString(SecurityMessage.Provider_this_user_already_not_in_role, s1, s2));
            }
            throw new ProviderException(SecurityMessage.GetString(SecurityMessage.Provider_unknown_failure));
        }
Exemple #3
0
 internal static void CheckForNonCommentChildNodes(XmlNode node)
 {
     foreach (XmlNode childNode in node.ChildNodes)
     {
         if (childNode.NodeType != XmlNodeType.Comment)
         {
             throw new ConfigurationErrorsException(
                       SecurityMessage.GetString(SecurityMessage.Config_base_no_child_nodes),
                       childNode);
         }
     }
 }
Exemple #4
0
        private static XmlNode GetAndRemoveNonEmptyStringAttributeInternal(XmlNode node, string attrib, bool fRequired, ref string val)
        {
            XmlNode a = GetAndRemoveStringAttributeInternal(node, attrib, fRequired, ref val);

            if (a != null && val.Length == 0)
            {
                throw new ConfigurationErrorsException(
                          SecurityMessage.GetString(SecurityMessage.Empty_attribute, attrib),
                          a);
            }

            return(a);
        }
        public override string[] GetRolesForUser(string username)
        {
            SecurityUtility.CheckParameter(ref username, true, false, true, 256, "username");

            string cmdText = "dbo.Aspnet_UsersInRoles_GetRolesForUser";

            SqlParameter[] parms =
            {
                CreateInputParam("@ApplicationName", SqlDbType.NVarChar, ApplicationName),
                CreateInputParam("@UserName",        SqlDbType.NVarChar, username),
                new SqlParameter("@ReturnValue",     SqlDbType.Int)
            };
            parms[0].Value     = ApplicationName;
            parms[1].Value     = username;
            parms[2].Direction = ParameterDirection.ReturnValue;

            StringCollection sc = new StringCollection();

            using (SqlDataReader reader = SqlHelper.ExecuteReader(SqlHelper.SqlProviderConnString, CommandType.StoredProcedure, cmdText, parms))
            {
                if (reader != null && reader.HasRows)
                {
                    while (reader.Read())
                    {
                        sc.Add(reader.GetString(0));
                    }
                }
            }

            if (sc.Count > 0)
            {
                String[] strReturn = new String[sc.Count];
                sc.CopyTo(strReturn, 0);
                return(strReturn);
            }

            int returnValue = (int)parms[2].Value;

            switch (returnValue)
            {
            case 0:
                return(new string[0]);

            case 1:
                return(new string[0]);

            //throw new ProviderException(SR.GetString(SR.Provider_user_not_found));
            default:
                throw new ProviderException(SecurityMessage.GetString(SecurityMessage.Provider_unknown_failure));
            }
        }
Exemple #6
0
        private static XmlNode GetAndRemoveAttribute(XmlNode node, string attrib, bool fRequired)
        {
            XmlNode a = node.Attributes.RemoveNamedItem(attrib);

            // If the attribute is required and was not present, throw
            if (fRequired && a == null)
            {
                throw new ConfigurationErrorsException(
                          SecurityMessage.GetString(SecurityMessage.Missing_required_attribute, attrib, node.Name),
                          node);
            }

            return(a);
        }
Exemple #7
0
        // We don't trim the param before checking with password parameters
        internal static void CheckPasswordParameter(ref string param, int maxSize, string paramName)
        {
            if (param == null)
            {
                throw new ArgumentNullException(paramName);
            }

            if (param.Length < 1)
            {
                throw new ArgumentException(SecurityMessage.GetString(SecurityMessage.Parameter_can_not_be_empty, paramName), paramName);
            }

            if (maxSize > 0 && param.Length > maxSize)
            {
                throw new ArgumentException(SecurityMessage.GetString(SecurityMessage.Parameter_too_long, paramName, maxSize.ToString(CultureInfo.InvariantCulture)), paramName);
            }
        }
        public override string[] GetUsersInRole(string roleName)
        {
            string cmdText = "Aspnet_UsersInRoles_GetUsersInRoles";

            SqlParameter[] parms =
            {
                CreateInputParam("@ApplicationName", SqlDbType.NVarChar, ApplicationName),
                CreateInputParam("@RoleName",        SqlDbType.NVarChar, roleName),
                new SqlParameter("@ReturnValue",     SqlDbType.Int)
            };
            parms[2].Direction = ParameterDirection.ReturnValue;

            StringCollection sc = new StringCollection();

            using (SqlDataReader reader = SqlHelper.ExecuteReader(SqlHelper.SqlProviderConnString, CommandType.StoredProcedure, cmdText, parms))
            {
                if (reader != null && reader.HasRows)
                {
                    while (reader.Read())
                    {
                        sc.Add(reader.GetString(0));
                    }
                }
            }

            if (sc.Count < 1)
            {
                int returnValue = (int)parms[2].Value;

                switch (returnValue)
                {
                case 0:
                    return(new string[0]);

                case 1:
                    throw new ProviderException(SecurityMessage.GetString(SecurityMessage.Provider_role_not_found, roleName));
                }
                throw new ProviderException(SecurityMessage.GetString(SecurityMessage.Provider_unknown_failure));
            }

            String[] strReturn = new String[sc.Count];
            sc.CopyTo(strReturn, 0);
            return(strReturn);
        }
Exemple #9
0
        internal static void GetPositiveOrInfiniteAttribute(NameValueCollection config, string attrib, string providerName, ref int val)
        {
            string s = config.Get(attrib);
            int    t;

            if (s == null)
            {
                return;
            }

            if (s == "Infinite")
            {
                t = Infinite;
            }
            else
            {
                try
                {
                    t = Convert.ToInt32(s, CultureInfo.InvariantCulture);
                }
                catch (Exception e)
                {
                    if (e is ArgumentException || e is FormatException || e is OverflowException)
                    {
                        throw new ConfigurationErrorsException(
                                  SecurityMessage.GetString(SecurityMessage.Invalid_provider_positive_attributes, attrib, providerName));
                    }
                    else
                    {
                        throw;
                    }
                }

                if (t < 0)
                {
                    throw new ConfigurationErrorsException(
                              SecurityMessage.GetString(SecurityMessage.Invalid_provider_positive_attributes, attrib, providerName));
                }
            }

            val = t;
        }
Exemple #10
0
        internal static bool GetBooleanValue(NameValueCollection config, string valueName, bool defaultValue)
        {
            string sValue = config[valueName];

            if (sValue == null)
            {
                return(defaultValue);
            }

            bool result;

            if (bool.TryParse(sValue, out result))
            {
                return(result);
            }
            else
            {
                throw new ProviderException(SecurityMessage.GetString(SecurityMessage.Value_must_be_boolean, valueName));
            }
        }
        public override bool IsUserInRole(string username, string roleName)
        {
            SecurityUtility.CheckParameter(ref roleName, true, true, true, 256, "roleName");
            SecurityUtility.CheckParameter(ref username, true, false, true, 256, "username");
            if (username.Length < 1)
            {
                return(false);
            }

            string cmdText = "dbo.Aspnet_UsersInRoles_IsUserInRole";

            SqlParameter[] parms =
            {
                new SqlParameter("@ReturnValue",     SqlDbType.Int),
                CreateInputParam("@ApplicationName", SqlDbType.NVarChar,ApplicationName),
                CreateInputParam("@UserName",        SqlDbType.NVarChar,username),
                CreateInputParam("@RoleName",        SqlDbType.NVarChar,roleName)
            };
            parms[0].Direction = ParameterDirection.ReturnValue;
            SqlHelper.ExecuteNonQuery(SqlHelper.SqlProviderConnString, CommandType.StoredProcedure, cmdText, parms);
            int iStatus = (int)parms[0].Value;

            switch (iStatus)
            {
            case 0:
                return(false);

            case 1:
                return(true);

            case 2:
                return(false);

            // throw new ProviderException(SR.GetString(SR.Provider_user_not_found));
            case 3:
                return(false);    // throw new ProviderException(SR.GetString(SR.Provider_role_not_found, roleName));
            }
            throw new ProviderException(SecurityMessage.GetString(SecurityMessage.Provider_unknown_failure));
        }
Exemple #12
0
        internal static int GetIntValue(NameValueCollection config, string valueName, int defaultValue, bool zeroAllowed, int maxValueAllowed)
        {
            string sValue = config[valueName];

            if (sValue == null)
            {
                return(defaultValue);
            }

            int iValue;

            if (!Int32.TryParse(sValue, out iValue))
            {
                if (zeroAllowed)
                {
                    throw new ProviderException(SecurityMessage.GetString(SecurityMessage.Value_must_be_non_negative_integer, valueName));
                }

                throw new ProviderException(SecurityMessage.GetString(SecurityMessage.Value_must_be_positive_integer, valueName));
            }

            if (zeroAllowed && iValue < 0)
            {
                throw new ProviderException(SecurityMessage.GetString(SecurityMessage.Value_must_be_non_negative_integer, valueName));
            }

            if (!zeroAllowed && iValue <= 0)
            {
                throw new ProviderException(SecurityMessage.GetString(SecurityMessage.Value_must_be_positive_integer, valueName));
            }

            if (maxValueAllowed > 0 && iValue > maxValueAllowed)
            {
                throw new ProviderException(SecurityMessage.GetString(SecurityMessage.Value_too_big, valueName, maxValueAllowed.ToString(CultureInfo.InvariantCulture)));
            }

            return(iValue);
        }
Exemple #13
0
        // input.Xml cursor must be at a true/false XML attribute
        private static XmlNode GetAndRemoveBooleanAttributeInternal(XmlNode node, string attrib, bool fRequired, ref bool val)
        {
            XmlNode a = GetAndRemoveAttribute(node, attrib, fRequired);

            if (a != null)
            {
                if (a.Value == "true")
                {
                    val = true;
                }
                else if (a.Value == "false")
                {
                    val = false;
                }
                else
                {
                    throw new ConfigurationErrorsException(
                              SecurityMessage.GetString(SecurityMessage.Invalid_boolean_attribute, a.Name),
                              a);
                }
            }

            return(a);
        }
        private ProfileInfoCollection GetProfilesForQuery(SqlParameter[] args, ProfileAuthenticationOption authenticationOption, int pageIndex, int pageSize, out int totalRecords)
        {
            if (pageIndex < 0)
            {
                throw new ArgumentException(SecurityMessage.GetString(SecurityMessage.PageIndex_bad), "pageIndex");
            }
            if (pageSize < 1)
            {
                throw new ArgumentException(SecurityMessage.GetString(SecurityMessage.PageSize_bad), "pageSize");
            }

            long upperBound = (long)pageIndex * pageSize + pageSize - 1;

            if (upperBound > Int32.MaxValue)
            {
                throw new ArgumentException(SecurityMessage.GetString(SecurityMessage.PageIndex_PageSize_bad), "pageIndex and pageSize");
            }

            ParamsHelper parms = new ParamsHelper();

            parms.Add(CreateInputParam("@ApplicationName", SqlDbType.NVarChar, ApplicationName));
            parms.Add(CreateInputParam("@ProfileAuthOptions", SqlDbType.Int, (int)authenticationOption));
            parms.Add(CreateInputParam("@PageIndex", SqlDbType.Int, pageIndex));
            parms.Add(CreateInputParam("@PageSize", SqlDbType.Int, pageSize));
            foreach (SqlParameter arg in args)
            {
                parms.Add(arg);
            }

            ProfileInfoCollection profiles = new ProfileInfoCollection();

            totalRecords = 0;

            using (SqlDataReader reader = SqlHelper.ExecuteReader(SqlHelper.SqlProviderConnString, CommandType.StoredProcedure, "dbo.Aspnet_Profile_GetProfiles", parms.ToArray()))
            {
                if (reader != null)
                {
                    while (reader.Read())
                    {
                        string   username;
                        DateTime dtLastActivity, dtLastUpdated;
                        bool     isAnon;

                        username       = reader.GetString(0);
                        isAnon         = reader.GetBoolean(1);
                        dtLastActivity = DateTime.SpecifyKind(reader.GetDateTime(2), DateTimeKind.Local);
                        dtLastUpdated  = DateTime.SpecifyKind(reader.GetDateTime(3), DateTimeKind.Local);
                        int size = reader.GetInt32(4);
                        profiles.Add(new ProfileInfo(username, isAnon, dtLastActivity, dtLastUpdated, size));
                    }

                    totalRecords = profiles.Count;
                    if (reader.NextResult())
                    {
                        if (reader.Read())
                        {
                            totalRecords = reader.GetInt32(0);
                        }
                    }
                }
            }

            return(profiles);
        }
Exemple #15
0
        internal static void CheckSchemaVersion(ProviderBase provider, SqlConnection connection, string[] features, string version, ref int schemaVersionCheck)
        {
            if (connection == null)
            {
                throw new ArgumentNullException("connection");
            }

            if (features == null)
            {
                throw new ArgumentNullException("features");
            }

            if (version == null)
            {
                throw new ArgumentNullException("version");
            }

            if (schemaVersionCheck == -1)
            {
                throw new ProviderException(SecurityMessage.GetString(SecurityMessage.Provider_Schema_Version_Not_Match, provider.ToString(), version));
            }
            else if (schemaVersionCheck == 0)
            {
                lock (provider)
                {
                    if (schemaVersionCheck == -1)
                    {
                        throw new ProviderException(SecurityMessage.GetString(SecurityMessage.Provider_Schema_Version_Not_Match, provider.ToString(), version));
                    }
                    else if (schemaVersionCheck == 0)
                    {
                        int          iStatus = 0;
                        SqlCommand   cmd     = null;
                        SqlParameter p       = null;

                        foreach (string feature in features)
                        {
                            cmd = new SqlCommand("dbo.aspnet_CheckSchemaVersion", connection);

                            cmd.CommandType = CommandType.StoredProcedure;

                            p = new SqlParameter("@Feature", feature);
                            cmd.Parameters.Add(p);

                            p = new SqlParameter("@CompatibleSchemaVersion", version);
                            cmd.Parameters.Add(p);

                            p           = new SqlParameter("@ReturnValue", SqlDbType.Int);
                            p.Direction = ParameterDirection.ReturnValue;
                            cmd.Parameters.Add(p);

                            cmd.ExecuteNonQuery();

                            iStatus = ((p.Value != null) ? ((int)p.Value) : -1);
                            if (iStatus != 0)
                            {
                                schemaVersionCheck = -1;

                                throw new ProviderException(SecurityMessage.GetString(SecurityMessage.Provider_Schema_Version_Not_Match, provider.ToString(), version));
                            }
                        }

                        schemaVersionCheck = 1;
                    }
                }
            }
        }