Exemplo n.º 1
0
        public override bool RoleExists(string roleName)
        {
            SecurityUtility.CheckParameter(ref roleName, true, true, true, 256, "roleName");

            string cmdText = "dbo.Aspnet_Roles_RoleExists";

            SqlParameter[] parms =
            {
                new SqlParameter("@ReturnValue",     SqlDbType.Int),
                CreateInputParam("@ApplicationName", SqlDbType.NVarChar,ApplicationName),
                CreateInputParam("@RoleName",        SqlDbType.NVarChar,roleName)
            };
            parms[0].Direction = ParameterDirection.ReturnValue;

            SqlHelper.ExecuteNonQuery(SqlHelper.SqlProviderConnString, CommandType.StoredProcedure, cmdText, parms);
            int returnValue = (int)parms[0].Value;

            switch (returnValue)
            {
            case 0:
                return(false);

            case 1:
                return(true);
            }
            throw new ProviderException(SecurityMessage.GetString(SecurityMessage.Provider_unknown_failure));
        }
Exemplo n.º 2
0
        internal static void CheckArrayParameter(ref string[] param, bool checkForNull, bool checkIfEmpty, bool checkForCommas, int maxSize, string paramName)
        {
            if (param == null)
            {
                throw new ArgumentNullException(paramName);
            }

            if (param.Length < 1)
            {
                throw new ArgumentException(SecurityMessage.GetString(SecurityMessage.Parameter_array_empty, paramName), paramName);
            }

            Hashtable values = new Hashtable(param.Length);

            for (int i = param.Length - 1; i >= 0; i--)
            {
                SecurityUtility.CheckParameter(ref param[i], checkForNull, checkIfEmpty, checkForCommas, maxSize,
                                               paramName + "[ " + i.ToString(CultureInfo.InvariantCulture) + " ]");
                if (values.Contains(param[i]))
                {
                    throw new ArgumentException(SecurityMessage.GetString(SecurityMessage.Parameter_duplicate_array_element, paramName), paramName);
                }
                else
                {
                    values.Add(param[i], param[i]);
                }
            }
        }
Exemplo n.º 3
0
        public override bool DeleteRole(string roleName, bool throwOnPopulatedRole)
        {
            SecurityUtility.CheckParameter(ref roleName, true, true, true, 256, "roleName");

            string cmdText = "dbo.Aspnet_Roles_DeleteRole";

            SqlParameter[] parms =
            {
                CreateInputParam("@ApplicationName",         SqlDbType.NVarChar, ApplicationName),
                CreateInputParam("@RoleName",                SqlDbType.NVarChar, roleName),
                CreateInputParam("@DeleteOnlyIfRoleIsEmpty", SqlDbType.Bit,      throwOnPopulatedRole ? 1 : 0),
                new SqlParameter("@ReturnValue",             SqlDbType.Int)
            };
            parms[3].Direction = ParameterDirection.ReturnValue;

            SqlHelper.ExecuteNonQuery(SqlHelper.SqlProviderConnString, CommandType.StoredProcedure, cmdText, parms);

            int returnValue = (int)parms[3].Value;

            if (returnValue == 2)
            {
                throw new ProviderException(SecurityMessage.GetString(SecurityMessage.Role_is_not_empty));
            }

            return(returnValue == 0);
        }
Exemplo n.º 4
0
        public override void Initialize(string name, NameValueCollection config)
        {
            // Remove CAS from sample: HttpRuntime.CheckAspNetHostingPermission (AspNetHostingPermissionLevel.Low, SR.Feature_not_supported_at_this_level);
            if (config == null)
            {
                throw new ArgumentNullException("config");
            }

            if (String.IsNullOrEmpty(name))
            {
                name = "SqlRoleProvider";
            }
            if (string.IsNullOrEmpty(config["description"]))
            {
                config.Remove("description");
                config.Add("description", SecurityMessage.GetString(SecurityMessage.RoleSqlProvider_description));
            }
            base.Initialize(name, config);

            _SchemaVersionCheck = 0;

            _CommandTimeout = SecurityUtility.GetIntValue(config, "commandTimeout", 30, true, 0);

            string temp = config["connectionStringName"];

            if (temp == null || temp.Length < 1)
            {
                throw new ProviderException(SecurityMessage.GetString(SecurityMessage.Connection_name_not_specified));
            }
            _sqlConnectionString = SqlConnectionHelper.GetConnectionString(temp, true, true);
            if (_sqlConnectionString == null || _sqlConnectionString.Length < 1)
            {
                throw new ProviderException(SecurityMessage.GetString(SecurityMessage.Connection_string_not_found, temp));
            }

            _AppName = config["applicationName"];
            if (string.IsNullOrEmpty(_AppName))
            {
                _AppName = SecurityUtility.GetDefaultAppName();
            }

            if (_AppName.Length > 256)
            {
                throw new ProviderException(SecurityMessage.GetString(SecurityMessage.Provider_application_name_too_long));
            }

            config.Remove("connectionStringName");
            config.Remove("applicationName");
            config.Remove("commandTimeout");
            if (config.Count > 0)
            {
                string attribUnrecognized = config.GetKey(0);
                if (!String.IsNullOrEmpty(attribUnrecognized))
                {
                    throw new ProviderException(SecurityMessage.GetString(SecurityMessage.Provider_unrecognized_attribute, attribUnrecognized));
                }
            }
        }
Exemplo n.º 5
0
        private void CheckSchemaVersion(SqlConnection connection)
        {
            string[] features = { "Profile" };
            string   version  = "1";

            SecurityUtility.CheckSchemaVersion(this,
                                               connection,
                                               features,
                                               version,
                                               ref _SchemaVersionCheck);
        }
Exemplo n.º 6
0
        public override string[] GetRolesForUser(string username)
        {
            SecurityUtility.CheckParameter(ref username, true, false, true, 256, "username");

            string cmdText = "dbo.Aspnet_UsersInRoles_GetRolesForUser";

            SqlParameter[] parms =
            {
                CreateInputParam("@ApplicationName", SqlDbType.NVarChar, ApplicationName),
                CreateInputParam("@UserName",        SqlDbType.NVarChar, username),
                new SqlParameter("@ReturnValue",     SqlDbType.Int)
            };
            parms[0].Value     = ApplicationName;
            parms[1].Value     = username;
            parms[2].Direction = ParameterDirection.ReturnValue;

            StringCollection sc = new StringCollection();

            using (SqlDataReader reader = SqlHelper.ExecuteReader(SqlHelper.SqlProviderConnString, CommandType.StoredProcedure, cmdText, parms))
            {
                if (reader != null && reader.HasRows)
                {
                    while (reader.Read())
                    {
                        sc.Add(reader.GetString(0));
                    }
                }
            }

            if (sc.Count > 0)
            {
                String[] strReturn = new String[sc.Count];
                sc.CopyTo(strReturn, 0);
                return(strReturn);
            }

            int returnValue = (int)parms[2].Value;

            switch (returnValue)
            {
            case 0:
                return(new string[0]);

            case 1:
                return(new string[0]);

            //throw new ProviderException(SR.GetString(SR.Provider_user_not_found));
            default:
                throw new ProviderException(SecurityMessage.GetString(SecurityMessage.Provider_unknown_failure));
            }
        }
Exemplo n.º 7
0
        public override bool IsUserInRole(string username, string roleName)
        {
            SecurityUtility.CheckParameter(ref roleName, true, true, true, 256, "roleName");
            SecurityUtility.CheckParameter(ref username, true, false, true, 256, "username");
            if (username.Length < 1)
            {
                return(false);
            }

            string cmdText = "dbo.Aspnet_UsersInRoles_IsUserInRole";

            SqlParameter[] parms =
            {
                new SqlParameter("@ReturnValue",     SqlDbType.Int),
                CreateInputParam("@ApplicationName", SqlDbType.NVarChar,ApplicationName),
                CreateInputParam("@UserName",        SqlDbType.NVarChar,username),
                CreateInputParam("@RoleName",        SqlDbType.NVarChar,roleName)
            };
            parms[0].Direction = ParameterDirection.ReturnValue;
            SqlHelper.ExecuteNonQuery(SqlHelper.SqlProviderConnString, CommandType.StoredProcedure, cmdText, parms);
            int iStatus = (int)parms[0].Value;

            switch (iStatus)
            {
            case 0:
                return(false);

            case 1:
                return(true);

            case 2:
                return(false);

            // throw new ProviderException(SR.GetString(SR.Provider_user_not_found));
            case 3:
                return(false);    // throw new ProviderException(SR.GetString(SR.Provider_role_not_found, roleName));
            }
            throw new ProviderException(SecurityMessage.GetString(SecurityMessage.Provider_unknown_failure));
        }
Exemplo n.º 8
0
        public override int DeleteProfiles(string[] usernames)
        {
            SecurityUtility.CheckArrayParameter(ref usernames,
                                                true,
                                                true,
                                                true,
                                                256,
                                                "usernames");

            int  numProfilesDeleted = 0;
            bool beginTranCalled    = false;

            try
            {
                SqlConnectionHolder holder = null;
                try
                {
                    holder = SqlConnectionHelper.GetConnection(_sqlConnectionString, true);
                    //CheckSchemaVersion(holder.Connection);

                    SqlCommand cmd;

                    int numUsersRemaing = usernames.Length;
                    while (numUsersRemaing > 0)
                    {
                        string allUsers = usernames[usernames.Length - numUsersRemaing];
                        numUsersRemaing--;
                        for (int iter = usernames.Length - numUsersRemaing; iter < usernames.Length; iter++)
                        {
                            if (allUsers.Length + usernames[iter].Length + 1 >= 4000)
                            {
                                break;
                            }
                            allUsers += "," + usernames[iter];
                            numUsersRemaing--;
                        }
                        if (!beginTranCalled && numUsersRemaing > 0)
                        {
                            cmd = new SqlCommand("BEGIN TRANSACTION", holder.Connection);
                            cmd.ExecuteNonQuery();
                            beginTranCalled = true;
                        }

                        cmd = new SqlCommand("dbo.Aspnet_Profile_DeleteProfiles", holder.Connection);

                        cmd.CommandTimeout = CommandTimeout;
                        cmd.CommandType    = CommandType.StoredProcedure;
                        cmd.Parameters.Add(CreateInputParam("@ApplicationName", SqlDbType.NVarChar, ApplicationName));
                        cmd.Parameters.Add(CreateInputParam("@UserNames", SqlDbType.NVarChar, allUsers));
                        object o = cmd.ExecuteScalar();
                        if (o != null && o is int)
                        {
                            numProfilesDeleted += (int)o;
                        }
                    }

                    if (beginTranCalled)
                    {
                        cmd = new SqlCommand("COMMIT TRANSACTION", holder.Connection);
                        cmd.ExecuteNonQuery();
                        beginTranCalled = false;
                    }
                }
                catch
                {
                    if (beginTranCalled)
                    {
                        SqlCommand cmd = new SqlCommand("ROLLBACK TRANSACTION", holder.Connection);
                        cmd.ExecuteNonQuery();
                        beginTranCalled = false;
                    }
                    throw;
                }
                finally
                {
                    if (holder != null)
                    {
                        holder.Close();
                        holder = null;
                    }
                }
            }
            catch
            {
                throw;
            }
            return(numProfilesDeleted);
        }
Exemplo n.º 9
0
        public override void AddUsersToRoles(string[] usernames, string[] roleNames)
        {
            SecurityUtility.CheckArrayParameter(ref roleNames, true, true, true, 256, "roleNames");
            SecurityUtility.CheckArrayParameter(ref usernames, true, true, true, 256, "usernames");

            bool beginTranCalled = false;

            try
            {
                SqlConnectionHolder holder = null;
                try
                {
                    holder = SqlConnectionHelper.GetConnection(_sqlConnectionString, true);
                    //CheckSchemaVersion(holder.Connection);
                    int numUsersRemaing = usernames.Length;
                    while (numUsersRemaing > 0)
                    {
                        int    iter;
                        string allUsers = usernames[usernames.Length - numUsersRemaing];
                        numUsersRemaing--;
                        for (iter = usernames.Length - numUsersRemaing; iter < usernames.Length; iter++)
                        {
                            if (allUsers.Length + usernames[iter].Length + 1 >= 4000)
                            {
                                break;
                            }
                            allUsers += "," + usernames[iter];
                            numUsersRemaing--;
                        }

                        int numRolesRemaining = roleNames.Length;
                        while (numRolesRemaining > 0)
                        {
                            string allRoles = roleNames[roleNames.Length - numRolesRemaining];
                            numRolesRemaining--;
                            for (iter = roleNames.Length - numRolesRemaining; iter < roleNames.Length; iter++)
                            {
                                if (allRoles.Length + roleNames[iter].Length + 1 >= 4000)
                                {
                                    break;
                                }
                                allRoles += "," + roleNames[iter];
                                numRolesRemaining--;
                            }
                            //
                            // Note:  ADO.NET 2.0 introduced the TransactionScope class - in your own code you should use TransactionScope
                            //            rather than explicitly managing transactions with the TSQL BEGIN/COMMIT/ROLLBACK statements.
                            //
                            if (!beginTranCalled && (numUsersRemaing > 0 || numRolesRemaining > 0))
                            {
                                (new SqlCommand("BEGIN TRANSACTION", holder.Connection)).ExecuteNonQuery();
                                beginTranCalled = true;
                            }
                            AddUsersToRolesCore(holder.Connection, allUsers, allRoles);
                        }
                    }
                    if (beginTranCalled)
                    {
                        (new SqlCommand("COMMIT TRANSACTION", holder.Connection)).ExecuteNonQuery();
                        beginTranCalled = false;
                    }
                }
                catch
                {
                    if (beginTranCalled)
                    {
                        try
                        {
                            (new SqlCommand("ROLLBACK TRANSACTION", holder.Connection)).ExecuteNonQuery();
                        }
                        catch
                        {
                        }
                        beginTranCalled = false;
                    }
                    throw;
                }
                finally
                {
                    if (holder != null)
                    {
                        holder.Close();
                        holder = null;
                    }
                }
            }
            catch
            {
                throw;
            }
        }