public override bool RoleExists(string roleName)
{
SecurityUtility.CheckParameter(ref roleName, true, true, true, 256, "roleName");
string cmdText = "dbo.Aspnet_Roles_RoleExists";
SqlParameter[] parms =
{
new SqlParameter("@ReturnValue", SqlDbType.Int),
CreateInputParam("@ApplicationName", SqlDbType.NVarChar,ApplicationName),
CreateInputParam("@RoleName", SqlDbType.NVarChar,roleName)
};
parms[0].Direction = ParameterDirection.ReturnValue;
SqlHelper.ExecuteNonQuery(SqlHelper.SqlProviderConnString, CommandType.StoredProcedure, cmdText, parms);
int returnValue = (int)parms[0].Value;
switch (returnValue)
{
case 0:
return(false);
case 1:
return(true);
}
throw new ProviderException(SecurityMessage.GetString(SecurityMessage.Provider_unknown_failure));
}
internal static void CheckArrayParameter(ref string[] param, bool checkForNull, bool checkIfEmpty, bool checkForCommas, int maxSize, string paramName)
{
if (param == null)
{
throw new ArgumentNullException(paramName);
}
if (param.Length < 1)
{
throw new ArgumentException(SecurityMessage.GetString(SecurityMessage.Parameter_array_empty, paramName), paramName);
}
Hashtable values = new Hashtable(param.Length);
for (int i = param.Length - 1; i >= 0; i--)
{
SecurityUtility.CheckParameter(ref param[i], checkForNull, checkIfEmpty, checkForCommas, maxSize,
paramName + "[ " + i.ToString(CultureInfo.InvariantCulture) + " ]");
if (values.Contains(param[i]))
{
throw new ArgumentException(SecurityMessage.GetString(SecurityMessage.Parameter_duplicate_array_element, paramName), paramName);
}
else
{
values.Add(param[i], param[i]);
}
}
}
public override bool DeleteRole(string roleName, bool throwOnPopulatedRole)
{
SecurityUtility.CheckParameter(ref roleName, true, true, true, 256, "roleName");
string cmdText = "dbo.Aspnet_Roles_DeleteRole";
SqlParameter[] parms =
{
CreateInputParam("@ApplicationName", SqlDbType.NVarChar, ApplicationName),
CreateInputParam("@RoleName", SqlDbType.NVarChar, roleName),
CreateInputParam("@DeleteOnlyIfRoleIsEmpty", SqlDbType.Bit, throwOnPopulatedRole ? 1 : 0),
new SqlParameter("@ReturnValue", SqlDbType.Int)
};
parms[3].Direction = ParameterDirection.ReturnValue;
SqlHelper.ExecuteNonQuery(SqlHelper.SqlProviderConnString, CommandType.StoredProcedure, cmdText, parms);
int returnValue = (int)parms[3].Value;
if (returnValue == 2)
{
throw new ProviderException(SecurityMessage.GetString(SecurityMessage.Role_is_not_empty));
}
return(returnValue == 0);
}
public override void Initialize(string name, NameValueCollection config)
{
// Remove CAS from sample: HttpRuntime.CheckAspNetHostingPermission (AspNetHostingPermissionLevel.Low, SR.Feature_not_supported_at_this_level);
if (config == null)
{
throw new ArgumentNullException("config");
}
if (String.IsNullOrEmpty(name))
{
name = "SqlRoleProvider";
}
if (string.IsNullOrEmpty(config["description"]))
{
config.Remove("description");
config.Add("description", SecurityMessage.GetString(SecurityMessage.RoleSqlProvider_description));
}
base.Initialize(name, config);
_SchemaVersionCheck = 0;
_CommandTimeout = SecurityUtility.GetIntValue(config, "commandTimeout", 30, true, 0);
string temp = config["connectionStringName"];
if (temp == null || temp.Length < 1)
{
throw new ProviderException(SecurityMessage.GetString(SecurityMessage.Connection_name_not_specified));
}
_sqlConnectionString = SqlConnectionHelper.GetConnectionString(temp, true, true);
if (_sqlConnectionString == null || _sqlConnectionString.Length < 1)
{
throw new ProviderException(SecurityMessage.GetString(SecurityMessage.Connection_string_not_found, temp));
}
_AppName = config["applicationName"];
if (string.IsNullOrEmpty(_AppName))
{
_AppName = SecurityUtility.GetDefaultAppName();
}
if (_AppName.Length > 256)
{
throw new ProviderException(SecurityMessage.GetString(SecurityMessage.Provider_application_name_too_long));
}
config.Remove("connectionStringName");
config.Remove("applicationName");
config.Remove("commandTimeout");
if (config.Count > 0)
{
string attribUnrecognized = config.GetKey(0);
if (!String.IsNullOrEmpty(attribUnrecognized))
{
throw new ProviderException(SecurityMessage.GetString(SecurityMessage.Provider_unrecognized_attribute, attribUnrecognized));
}
}
}
private void CheckSchemaVersion(SqlConnection connection)
{
string[] features = { "Profile" };
string version = "1";
SecurityUtility.CheckSchemaVersion(this,
connection,
features,
version,
ref _SchemaVersionCheck);
}
public override string[] GetRolesForUser(string username)
{
SecurityUtility.CheckParameter(ref username, true, false, true, 256, "username");
string cmdText = "dbo.Aspnet_UsersInRoles_GetRolesForUser";
SqlParameter[] parms =
{
CreateInputParam("@ApplicationName", SqlDbType.NVarChar, ApplicationName),
CreateInputParam("@UserName", SqlDbType.NVarChar, username),
new SqlParameter("@ReturnValue", SqlDbType.Int)
};
parms[0].Value = ApplicationName;
parms[1].Value = username;
parms[2].Direction = ParameterDirection.ReturnValue;
StringCollection sc = new StringCollection();
using (SqlDataReader reader = SqlHelper.ExecuteReader(SqlHelper.SqlProviderConnString, CommandType.StoredProcedure, cmdText, parms))
{
if (reader != null && reader.HasRows)
{
while (reader.Read())
{
sc.Add(reader.GetString(0));
}
}
}
if (sc.Count > 0)
{
String[] strReturn = new String[sc.Count];
sc.CopyTo(strReturn, 0);
return(strReturn);
}
int returnValue = (int)parms[2].Value;
switch (returnValue)
{
case 0:
return(new string[0]);
case 1:
return(new string[0]);
//throw new ProviderException(SR.GetString(SR.Provider_user_not_found));
default:
throw new ProviderException(SecurityMessage.GetString(SecurityMessage.Provider_unknown_failure));
}
}
public override bool IsUserInRole(string username, string roleName)
{
SecurityUtility.CheckParameter(ref roleName, true, true, true, 256, "roleName");
SecurityUtility.CheckParameter(ref username, true, false, true, 256, "username");
if (username.Length < 1)
{
return(false);
}
string cmdText = "dbo.Aspnet_UsersInRoles_IsUserInRole";
SqlParameter[] parms =
{
new SqlParameter("@ReturnValue", SqlDbType.Int),
CreateInputParam("@ApplicationName", SqlDbType.NVarChar,ApplicationName),
CreateInputParam("@UserName", SqlDbType.NVarChar,username),
CreateInputParam("@RoleName", SqlDbType.NVarChar,roleName)
};
parms[0].Direction = ParameterDirection.ReturnValue;
SqlHelper.ExecuteNonQuery(SqlHelper.SqlProviderConnString, CommandType.StoredProcedure, cmdText, parms);
int iStatus = (int)parms[0].Value;
switch (iStatus)
{
case 0:
return(false);
case 1:
return(true);
case 2:
return(false);
// throw new ProviderException(SR.GetString(SR.Provider_user_not_found));
case 3:
return(false); // throw new ProviderException(SR.GetString(SR.Provider_role_not_found, roleName));
}
throw new ProviderException(SecurityMessage.GetString(SecurityMessage.Provider_unknown_failure));
}
public override int DeleteProfiles(string[] usernames)
{
SecurityUtility.CheckArrayParameter(ref usernames,
true,
true,
true,
256,
"usernames");
int numProfilesDeleted = 0;
bool beginTranCalled = false;
try
{
SqlConnectionHolder holder = null;
try
{
holder = SqlConnectionHelper.GetConnection(_sqlConnectionString, true);
//CheckSchemaVersion(holder.Connection);
SqlCommand cmd;
int numUsersRemaing = usernames.Length;
while (numUsersRemaing > 0)
{
string allUsers = usernames[usernames.Length - numUsersRemaing];
numUsersRemaing--;
for (int iter = usernames.Length - numUsersRemaing; iter < usernames.Length; iter++)
{
if (allUsers.Length + usernames[iter].Length + 1 >= 4000)
{
break;
}
allUsers += "," + usernames[iter];
numUsersRemaing--;
}
if (!beginTranCalled && numUsersRemaing > 0)
{
cmd = new SqlCommand("BEGIN TRANSACTION", holder.Connection);
cmd.ExecuteNonQuery();
beginTranCalled = true;
}
cmd = new SqlCommand("dbo.Aspnet_Profile_DeleteProfiles", holder.Connection);
cmd.CommandTimeout = CommandTimeout;
cmd.CommandType = CommandType.StoredProcedure;
cmd.Parameters.Add(CreateInputParam("@ApplicationName", SqlDbType.NVarChar, ApplicationName));
cmd.Parameters.Add(CreateInputParam("@UserNames", SqlDbType.NVarChar, allUsers));
object o = cmd.ExecuteScalar();
if (o != null && o is int)
{
numProfilesDeleted += (int)o;
}
}
if (beginTranCalled)
{
cmd = new SqlCommand("COMMIT TRANSACTION", holder.Connection);
cmd.ExecuteNonQuery();
beginTranCalled = false;
}
}
catch
{
if (beginTranCalled)
{
SqlCommand cmd = new SqlCommand("ROLLBACK TRANSACTION", holder.Connection);
cmd.ExecuteNonQuery();
beginTranCalled = false;
}
throw;
}
finally
{
if (holder != null)
{
holder.Close();
holder = null;
}
}
}
catch
{
throw;
}
return(numProfilesDeleted);
}
public override void AddUsersToRoles(string[] usernames, string[] roleNames)
{
SecurityUtility.CheckArrayParameter(ref roleNames, true, true, true, 256, "roleNames");
SecurityUtility.CheckArrayParameter(ref usernames, true, true, true, 256, "usernames");
bool beginTranCalled = false;
try
{
SqlConnectionHolder holder = null;
try
{
holder = SqlConnectionHelper.GetConnection(_sqlConnectionString, true);
//CheckSchemaVersion(holder.Connection);
int numUsersRemaing = usernames.Length;
while (numUsersRemaing > 0)
{
int iter;
string allUsers = usernames[usernames.Length - numUsersRemaing];
numUsersRemaing--;
for (iter = usernames.Length - numUsersRemaing; iter < usernames.Length; iter++)
{
if (allUsers.Length + usernames[iter].Length + 1 >= 4000)
{
break;
}
allUsers += "," + usernames[iter];
numUsersRemaing--;
}
int numRolesRemaining = roleNames.Length;
while (numRolesRemaining > 0)
{
string allRoles = roleNames[roleNames.Length - numRolesRemaining];
numRolesRemaining--;
for (iter = roleNames.Length - numRolesRemaining; iter < roleNames.Length; iter++)
{
if (allRoles.Length + roleNames[iter].Length + 1 >= 4000)
{
break;
}
allRoles += "," + roleNames[iter];
numRolesRemaining--;
}
//
// Note: ADO.NET 2.0 introduced the TransactionScope class - in your own code you should use TransactionScope
// rather than explicitly managing transactions with the TSQL BEGIN/COMMIT/ROLLBACK statements.
//
if (!beginTranCalled && (numUsersRemaing > 0 || numRolesRemaining > 0))
{
(new SqlCommand("BEGIN TRANSACTION", holder.Connection)).ExecuteNonQuery();
beginTranCalled = true;
}
AddUsersToRolesCore(holder.Connection, allUsers, allRoles);
}
}
if (beginTranCalled)
{
(new SqlCommand("COMMIT TRANSACTION", holder.Connection)).ExecuteNonQuery();
beginTranCalled = false;
}
}
catch
{
if (beginTranCalled)
{
try
{
(new SqlCommand("ROLLBACK TRANSACTION", holder.Connection)).ExecuteNonQuery();
}
catch
{
}
beginTranCalled = false;
}
throw;
}
finally
{
if (holder != null)
{
holder.Close();
holder = null;
}
}
}
catch
{
throw;
}
}