internal static void CheckArrayParameter(ref string[] param, bool checkForNull, bool checkIfEmpty, bool checkForCommas, int maxSize, string paramName) { if (param == null) { throw new ArgumentNullException(paramName); } if (param.Length < 1) { throw new ArgumentException(SR.GetString(SR.Parameter_array_empty, paramName), paramName); } Hashtable values = new Hashtable(param.Length); for (int i = param.Length - 1; i >= 0; i--) { SecUtility.CheckParameter(ref param[i], checkForNull, checkIfEmpty, checkForCommas, maxSize, paramName + "[ " + i.ToString(CultureInfo.InvariantCulture) + " ]"); if (values.Contains(param[i])) { throw new ArgumentException(SR.GetString(SR.Parameter_duplicate_array_element, paramName), paramName); } else { values.Add(param[i], param[i]); } } }
public override void Initialize(string name, NameValueCollection config) { // Remove CAS from sample: HttpRuntime.CheckAspNetHostingPermission (AspNetHostingPermissionLevel.Low, SR.Feature_not_supported_at_this_level); if (config == null) { throw new ArgumentNullException("config"); } if (String.IsNullOrEmpty(name)) { name = "SqlRoleProvider"; } if (string.IsNullOrEmpty(config["description"])) { config.Remove("description"); config.Add("description", SR.GetString(SR.RoleSqlProvider_description)); } base.Initialize(name, config); _SchemaVersionCheck = 0; _CommandTimeout = SecUtility.GetIntValue(config, "commandTimeout", 30, true, 0); string temp = config["connectionStringName"]; if (temp == null || temp.Length < 1) { throw new ProviderException(SR.GetString(SR.Connection_name_not_specified)); } _sqlConnectionString = SqlConnectionHelper.GetConnectionString(temp, true, true); if (_sqlConnectionString == null || _sqlConnectionString.Length < 1) { throw new ProviderException(SR.GetString(SR.Connection_string_not_found, temp)); } _AppName = config["applicationName"]; if (string.IsNullOrEmpty(_AppName)) { _AppName = SecUtility.GetDefaultAppName(); } if (_AppName.Length > 256) { throw new ProviderException(SR.GetString(SR.Provider_application_name_too_long)); } config.Remove("connectionStringName"); config.Remove("applicationName"); config.Remove("commandTimeout"); if (config.Count > 0) { string attribUnrecognized = config.GetKey(0); if (!String.IsNullOrEmpty(attribUnrecognized)) { throw new ProviderException(SR.GetString(SR.Provider_unrecognized_attribute, attribUnrecognized)); } } }
private void CheckSchemaVersion(SqlConnection connection) { string[] features = { "Role Manager" }; string version = "1"; SecUtility.CheckSchemaVersion(this, connection, features, version, ref _SchemaVersionCheck); }
public void CreateRole(string roleName, string description) { SecUtility.CheckParameter(ref roleName, true, true, true, 256, "roleName"); try { SqlConnectionHolder holder = null; try { holder = SqlConnectionHelper.GetConnection(_sqlConnectionString, true); CheckSchemaVersion(holder.Connection); SqlCommand cmd = new SqlCommand("dbo.aspnet_Roles_CreateRole", holder.Connection); cmd.CommandType = CommandType.StoredProcedure; cmd.CommandTimeout = CommandTimeout; SqlParameter p = new SqlParameter("@ReturnValue", SqlDbType.Int); p.Direction = ParameterDirection.ReturnValue; cmd.Parameters.Add(p); cmd.Parameters.Add(CreateInputParam("@ApplicationName", SqlDbType.NVarChar, ApplicationName)); cmd.Parameters.Add(CreateInputParam("@RoleName", SqlDbType.NVarChar, roleName)); cmd.Parameters.Add(CreateInputParam("@Description", SqlDbType.NVarChar, description)); cmd.ExecuteNonQuery(); int returnValue = GetReturnValue(cmd); switch (returnValue) { case 0: return; case 1: throw new ProviderException(SR.GetString(SR.Provider_role_already_exists, roleName)); default: throw new ProviderException(SR.GetString(SR.Provider_unknown_failure)); } } finally { if (holder != null) { holder.Close(); holder = null; } } } catch { throw; } }
////////////////////////////////////////////////////////////////////// ////////////////////////////////////////////////////////////////////// ////////////////////////////////////////////////////////////////////// public override bool DeleteRole(string roleName, bool throwOnPopulatedRole) { SecUtility.CheckParameter(ref roleName, true, true, true, 256, "roleName"); try { SqlConnectionHolder holder = null; try { holder = SqlConnectionHelper.GetConnection(_sqlConnectionString, true); CheckSchemaVersion(holder.Connection); SqlCommand cmd = new SqlCommand("dbo.aspnet_Roles_DeleteRole", holder.Connection); cmd.CommandType = CommandType.StoredProcedure; cmd.CommandTimeout = CommandTimeout; SqlParameter p = new SqlParameter("@ReturnValue", SqlDbType.Int); p.Direction = ParameterDirection.ReturnValue; cmd.Parameters.Add(p); cmd.Parameters.Add(CreateInputParam("@ApplicationName", SqlDbType.NVarChar, ApplicationName)); cmd.Parameters.Add(CreateInputParam("@RoleName", SqlDbType.NVarChar, roleName)); cmd.Parameters.Add(CreateInputParam("@DeleteOnlyIfRoleIsEmpty", SqlDbType.Bit, throwOnPopulatedRole ? 1 : 0)); cmd.ExecuteNonQuery(); int returnValue = GetReturnValue(cmd); if (returnValue == 2) { throw new ProviderException(SR.GetString(SR.Role_is_not_empty)); } return(returnValue == 0); } finally { if (holder != null) { holder.Close(); holder = null; } } } catch { throw; } }
////////////////////////////////////////////////////////////////////// ////////////////////////////////////////////////////////////////////// ////////////////////////////////////////////////////////////////////// public override string[] FindUsersInRole(string roleName, string usernameToMatch) { SecUtility.CheckParameter(ref roleName, true, true, true, 256, "roleName"); SecUtility.CheckParameter(ref usernameToMatch, true, true, false, 256, "usernameToMatch"); try { SqlConnectionHolder holder = null; try { holder = SqlConnectionHelper.GetConnection(_sqlConnectionString, true); CheckSchemaVersion(holder.Connection); SqlCommand cmd = new SqlCommand("dbo.aspnet_UsersInRoles_FindUsersInRole", holder.Connection); SqlDataReader reader = null; SqlParameter p = new SqlParameter("@ReturnValue", SqlDbType.Int); StringCollection sc = new StringCollection(); cmd.CommandType = CommandType.StoredProcedure; cmd.CommandTimeout = CommandTimeout; p.Direction = ParameterDirection.ReturnValue; cmd.Parameters.Add(p); cmd.Parameters.Add(CreateInputParam("@ApplicationName", SqlDbType.NVarChar, ApplicationName)); cmd.Parameters.Add(CreateInputParam("@RoleName", SqlDbType.NVarChar, roleName)); cmd.Parameters.Add(CreateInputParam("@UserNameToMatch", SqlDbType.NVarChar, usernameToMatch)); try { reader = cmd.ExecuteReader(CommandBehavior.SequentialAccess); while (reader.Read()) { sc.Add(reader.GetString(0)); } } catch { throw; } finally { if (reader != null) { reader.Close(); } } if (sc.Count < 1) { switch (GetReturnValue(cmd)) { case 0: return(new string[0]); case 1: throw new ProviderException(SR.GetString(SR.Provider_role_not_found, roleName)); default: throw new ProviderException(SR.GetString(SR.Provider_unknown_failure)); } } String[] strReturn = new String[sc.Count]; sc.CopyTo(strReturn, 0); return(strReturn); } finally { if (holder != null) { holder.Close(); holder = null; } } } catch { throw; } }
////////////////////////////////////////////////////////////////////// ////////////////////////////////////////////////////////////////////// ////////////////////////////////////////////////////////////////////// public override void RemoveUsersFromRoles(string[] usernames, string[] roleNames) { SecUtility.CheckArrayParameter(ref roleNames, true, true, true, 256, "roleNames"); SecUtility.CheckArrayParameter(ref usernames, true, true, true, 256, "usernames"); bool beginTranCalled = false; try { SqlConnectionHolder holder = null; try { holder = SqlConnectionHelper.GetConnection(_sqlConnectionString, true); CheckSchemaVersion(holder.Connection); int numUsersRemaing = usernames.Length; while (numUsersRemaing > 0) { int iter; string allUsers = usernames[usernames.Length - numUsersRemaing]; numUsersRemaing--; for (iter = usernames.Length - numUsersRemaing; iter < usernames.Length; iter++) { if (allUsers.Length + usernames[iter].Length + 1 >= 4000) { break; } allUsers += "," + usernames[iter]; numUsersRemaing--; } int numRolesRemaining = roleNames.Length; while (numRolesRemaining > 0) { string allRoles = roleNames[roleNames.Length - numRolesRemaining]; numRolesRemaining--; for (iter = roleNames.Length - numRolesRemaining; iter < roleNames.Length; iter++) { if (allRoles.Length + roleNames[iter].Length + 1 >= 4000) { break; } allRoles += "," + roleNames[iter]; numRolesRemaining--; } // // Note: ADO.NET 2.0 introduced the TransactionScope class - in your own code you should use TransactionScope // rather than explicitly managing transactions with the TSQL BEGIN/COMMIT/ROLLBACK statements. // if (!beginTranCalled && (numUsersRemaing > 0 || numRolesRemaining > 0)) { (new SqlCommand("BEGIN TRANSACTION", holder.Connection)).ExecuteNonQuery(); beginTranCalled = true; } RemoveUsersFromRolesCore(holder.Connection, allUsers, allRoles); } } if (beginTranCalled) { (new SqlCommand("COMMIT TRANSACTION", holder.Connection)).ExecuteNonQuery(); beginTranCalled = false; } } catch { if (beginTranCalled) { (new SqlCommand("ROLLBACK TRANSACTION", holder.Connection)).ExecuteNonQuery(); beginTranCalled = false; } throw; } finally { if (holder != null) { holder.Close(); holder = null; } } } catch { throw; } }
////////////////////////////////////////////////////////////////////// ////////////////////////////////////////////////////////////////////// ////////////////////////////////////////////////////////////////////// public override bool IsUserInRole(string username, string roleName) { SecUtility.CheckParameter(ref roleName, true, true, true, 256, "roleName"); SecUtility.CheckParameter(ref username, true, false, true, 256, "username"); if (username.Length < 1) { return(false); } try { SqlConnectionHolder holder = null; try { holder = SqlConnectionHelper.GetConnection(_sqlConnectionString, true); CheckSchemaVersion(holder.Connection); SqlCommand cmd = new SqlCommand("dbo.aspnet_UsersInRoles_IsUserInRole", holder.Connection); cmd.CommandType = CommandType.StoredProcedure; cmd.CommandTimeout = CommandTimeout; SqlParameter p = new SqlParameter("@ReturnValue", SqlDbType.Int); p.Direction = ParameterDirection.ReturnValue; cmd.Parameters.Add(p); cmd.Parameters.Add(CreateInputParam("@ApplicationName", SqlDbType.NVarChar, ApplicationName)); cmd.Parameters.Add(CreateInputParam("@UserName", SqlDbType.NVarChar, username)); cmd.Parameters.Add(CreateInputParam("@RoleName", SqlDbType.NVarChar, roleName)); cmd.ExecuteNonQuery(); int iStatus = GetReturnValue(cmd); switch (iStatus) { case 0: return(false); case 1: return(true); case 2: return(false); // throw new ProviderException(SR.GetString(SR.Provider_user_not_found)); case 3: return(false); // throw new ProviderException(SR.GetString(SR.Provider_role_not_found, roleName)); } throw new ProviderException(SR.GetString(SR.Provider_unknown_failure)); } finally { if (holder != null) { holder.Close(); holder = null; } } } catch { throw; } }