/// <summary>
/// 创建一个数据库连接对象
/// </summary>
/// <param name="connectionString"></param>
internal SqlConnectionHolder(string connectionString)
{
try
{
_Connection = new SqlConnection(connectionString);
}
catch (ArgumentException e)
{
throw new ArgumentException(SecurityMessage.GetString(SecurityMessage.SqlError_Connection_String), "connectionString", e);
}
}
internal static void CheckForbiddenAttribute(XmlNode node, string attrib)
{
XmlAttribute attr = node.Attributes[attrib];
if (attr != null)
{
throw new ConfigurationErrorsException(
SecurityMessage.GetString(SecurityMessage.Config_base_unrecognized_attribute, attrib),
attr);
}
}
private void AddUsersToRolesCore(SqlConnection conn, string usernames, string roleNames)
{
SqlCommand cmd = new SqlCommand("dbo.Aspnet_UsersInRoles_AddUsersToRoles", conn);
SqlDataReader reader = null;
SqlParameter p = new SqlParameter("@ReturnValue", SqlDbType.Int);
string s1 = String.Empty, s2 = String.Empty;
cmd.CommandType = CommandType.StoredProcedure;
cmd.CommandTimeout = CommandTimeout;
p.Direction = ParameterDirection.ReturnValue;
cmd.Parameters.Add(p);
cmd.Parameters.Add(CreateInputParam("@ApplicationName", SqlDbType.NVarChar, ApplicationName));
cmd.Parameters.Add(CreateInputParam("@RoleNames", SqlDbType.NVarChar, roleNames));
cmd.Parameters.Add(CreateInputParam("@UserNames", SqlDbType.NVarChar, usernames));
cmd.Parameters.Add(CreateInputParam("@CurrentTimeUtc", SqlDbType.DateTime, DateTime.Now));
try
{
reader = cmd.ExecuteReader(CommandBehavior.SingleRow);
if (reader.Read())
{
if (reader.FieldCount > 0)
{
s1 = reader.GetString(0);
}
if (reader.FieldCount > 1)
{
s2 = reader.GetString(1);
}
}
}
finally
{
if (reader != null)
{
reader.Close();
}
}
switch (GetReturnValue(cmd))
{
case 0:
return;
case 1:
throw new ProviderException(SecurityMessage.GetString(SecurityMessage.Provider_this_user_not_found, s1));
case 2:
throw new ProviderException(SecurityMessage.GetString(SecurityMessage.Provider_role_not_found, s1));
case 3:
throw new ProviderException(SecurityMessage.GetString(SecurityMessage.Provider_this_user_already_in_role, s1, s2));
}
throw new ProviderException(SecurityMessage.GetString(SecurityMessage.Provider_unknown_failure));
}
internal static void CheckUnrecognizedAttributes(NameValueCollection config, string providerName)
{
if (config.Count > 0)
{
string attribUnrecognized = config.GetKey(0);
if (!String.IsNullOrEmpty(attribUnrecognized))
{
throw new ConfigurationErrorsException(
SecurityMessage.GetString(SecurityMessage.Unexpected_provider_attribute, attribUnrecognized, providerName));
}
}
}
internal static void CheckForNonCommentChildNodes(XmlNode node)
{
foreach (XmlNode childNode in node.ChildNodes)
{
if (childNode.NodeType != XmlNodeType.Comment)
{
throw new ConfigurationErrorsException(
SecurityMessage.GetString(SecurityMessage.Config_base_no_child_nodes),
childNode);
}
}
}
private static XmlNode GetAndRemoveNonEmptyStringAttributeInternal(XmlNode node, string attrib, bool fRequired, ref string val)
{
XmlNode a = GetAndRemoveStringAttributeInternal(node, attrib, fRequired, ref val);
if (a != null && val.Length == 0)
{
throw new ConfigurationErrorsException(
SecurityMessage.GetString(SecurityMessage.Empty_attribute, attrib),
a);
}
return(a);
}
public override string[] GetRolesForUser(string username)
{
SecurityUtility.CheckParameter(ref username, true, false, true, 256, "username");
string cmdText = "dbo.Aspnet_UsersInRoles_GetRolesForUser";
SqlParameter[] parms =
{
CreateInputParam("@ApplicationName", SqlDbType.NVarChar, ApplicationName),
CreateInputParam("@UserName", SqlDbType.NVarChar, username),
new SqlParameter("@ReturnValue", SqlDbType.Int)
};
parms[0].Value = ApplicationName;
parms[1].Value = username;
parms[2].Direction = ParameterDirection.ReturnValue;
StringCollection sc = new StringCollection();
using (SqlDataReader reader = SqlHelper.ExecuteReader(SqlHelper.SqlProviderConnString, CommandType.StoredProcedure, cmdText, parms))
{
if (reader != null && reader.HasRows)
{
while (reader.Read())
{
sc.Add(reader.GetString(0));
}
}
}
if (sc.Count > 0)
{
String[] strReturn = new String[sc.Count];
sc.CopyTo(strReturn, 0);
return(strReturn);
}
int returnValue = (int)parms[2].Value;
switch (returnValue)
{
case 0:
return(new string[0]);
case 1:
return(new string[0]);
//throw new ProviderException(SR.GetString(SR.Provider_user_not_found));
default:
throw new ProviderException(SecurityMessage.GetString(SecurityMessage.Provider_unknown_failure));
}
}
private static XmlNode GetAndRemoveAttribute(XmlNode node, string attrib, bool fRequired)
{
XmlNode a = node.Attributes.RemoveNamedItem(attrib);
// If the attribute is required and was not present, throw
if (fRequired && a == null)
{
throw new ConfigurationErrorsException(
SecurityMessage.GetString(SecurityMessage.Missing_required_attribute, attrib, node.Name),
node);
}
return(a);
}
// We don't trim the param before checking with password parameters
internal static void CheckPasswordParameter(ref string param, int maxSize, string paramName)
{
if (param == null)
{
throw new ArgumentNullException(paramName);
}
if (param.Length < 1)
{
throw new ArgumentException(SecurityMessage.GetString(SecurityMessage.Parameter_can_not_be_empty, paramName), paramName);
}
if (maxSize > 0 && param.Length > maxSize)
{
throw new ArgumentException(SecurityMessage.GetString(SecurityMessage.Parameter_too_long, paramName, maxSize.ToString(CultureInfo.InvariantCulture)), paramName);
}
}
public override string[] GetUsersInRole(string roleName)
{
string cmdText = "Aspnet_UsersInRoles_GetUsersInRoles";
SqlParameter[] parms =
{
CreateInputParam("@ApplicationName", SqlDbType.NVarChar, ApplicationName),
CreateInputParam("@RoleName", SqlDbType.NVarChar, roleName),
new SqlParameter("@ReturnValue", SqlDbType.Int)
};
parms[2].Direction = ParameterDirection.ReturnValue;
StringCollection sc = new StringCollection();
using (SqlDataReader reader = SqlHelper.ExecuteReader(SqlHelper.SqlProviderConnString, CommandType.StoredProcedure, cmdText, parms))
{
if (reader != null && reader.HasRows)
{
while (reader.Read())
{
sc.Add(reader.GetString(0));
}
}
}
if (sc.Count < 1)
{
int returnValue = (int)parms[2].Value;
switch (returnValue)
{
case 0:
return(new string[0]);
case 1:
throw new ProviderException(SecurityMessage.GetString(SecurityMessage.Provider_role_not_found, roleName));
}
throw new ProviderException(SecurityMessage.GetString(SecurityMessage.Provider_unknown_failure));
}
String[] strReturn = new String[sc.Count];
sc.CopyTo(strReturn, 0);
return(strReturn);
}
internal static void GetPositiveOrInfiniteAttribute(NameValueCollection config, string attrib, string providerName, ref int val)
{
string s = config.Get(attrib);
int t;
if (s == null)
{
return;
}
if (s == "Infinite")
{
t = Infinite;
}
else
{
try
{
t = Convert.ToInt32(s, CultureInfo.InvariantCulture);
}
catch (Exception e)
{
if (e is ArgumentException || e is FormatException || e is OverflowException)
{
throw new ConfigurationErrorsException(
SecurityMessage.GetString(SecurityMessage.Invalid_provider_positive_attributes, attrib, providerName));
}
else
{
throw;
}
}
if (t < 0)
{
throw new ConfigurationErrorsException(
SecurityMessage.GetString(SecurityMessage.Invalid_provider_positive_attributes, attrib, providerName));
}
}
val = t;
}
internal static bool GetBooleanValue(NameValueCollection config, string valueName, bool defaultValue)
{
string sValue = config[valueName];
if (sValue == null)
{
return(defaultValue);
}
bool result;
if (bool.TryParse(sValue, out result))
{
return(result);
}
else
{
throw new ProviderException(SecurityMessage.GetString(SecurityMessage.Value_must_be_boolean, valueName));
}
}
public override bool IsUserInRole(string username, string roleName)
{
SecurityUtility.CheckParameter(ref roleName, true, true, true, 256, "roleName");
SecurityUtility.CheckParameter(ref username, true, false, true, 256, "username");
if (username.Length < 1)
{
return(false);
}
string cmdText = "dbo.Aspnet_UsersInRoles_IsUserInRole";
SqlParameter[] parms =
{
new SqlParameter("@ReturnValue", SqlDbType.Int),
CreateInputParam("@ApplicationName", SqlDbType.NVarChar,ApplicationName),
CreateInputParam("@UserName", SqlDbType.NVarChar,username),
CreateInputParam("@RoleName", SqlDbType.NVarChar,roleName)
};
parms[0].Direction = ParameterDirection.ReturnValue;
SqlHelper.ExecuteNonQuery(SqlHelper.SqlProviderConnString, CommandType.StoredProcedure, cmdText, parms);
int iStatus = (int)parms[0].Value;
switch (iStatus)
{
case 0:
return(false);
case 1:
return(true);
case 2:
return(false);
// throw new ProviderException(SR.GetString(SR.Provider_user_not_found));
case 3:
return(false); // throw new ProviderException(SR.GetString(SR.Provider_role_not_found, roleName));
}
throw new ProviderException(SecurityMessage.GetString(SecurityMessage.Provider_unknown_failure));
}
internal static int GetIntValue(NameValueCollection config, string valueName, int defaultValue, bool zeroAllowed, int maxValueAllowed)
{
string sValue = config[valueName];
if (sValue == null)
{
return(defaultValue);
}
int iValue;
if (!Int32.TryParse(sValue, out iValue))
{
if (zeroAllowed)
{
throw new ProviderException(SecurityMessage.GetString(SecurityMessage.Value_must_be_non_negative_integer, valueName));
}
throw new ProviderException(SecurityMessage.GetString(SecurityMessage.Value_must_be_positive_integer, valueName));
}
if (zeroAllowed && iValue < 0)
{
throw new ProviderException(SecurityMessage.GetString(SecurityMessage.Value_must_be_non_negative_integer, valueName));
}
if (!zeroAllowed && iValue <= 0)
{
throw new ProviderException(SecurityMessage.GetString(SecurityMessage.Value_must_be_positive_integer, valueName));
}
if (maxValueAllowed > 0 && iValue > maxValueAllowed)
{
throw new ProviderException(SecurityMessage.GetString(SecurityMessage.Value_too_big, valueName, maxValueAllowed.ToString(CultureInfo.InvariantCulture)));
}
return(iValue);
}
// input.Xml cursor must be at a true/false XML attribute
private static XmlNode GetAndRemoveBooleanAttributeInternal(XmlNode node, string attrib, bool fRequired, ref bool val)
{
XmlNode a = GetAndRemoveAttribute(node, attrib, fRequired);
if (a != null)
{
if (a.Value == "true")
{
val = true;
}
else if (a.Value == "false")
{
val = false;
}
else
{
throw new ConfigurationErrorsException(
SecurityMessage.GetString(SecurityMessage.Invalid_boolean_attribute, a.Name),
a);
}
}
return(a);
}
private ProfileInfoCollection GetProfilesForQuery(SqlParameter[] args, ProfileAuthenticationOption authenticationOption, int pageIndex, int pageSize, out int totalRecords)
{
if (pageIndex < 0)
{
throw new ArgumentException(SecurityMessage.GetString(SecurityMessage.PageIndex_bad), "pageIndex");
}
if (pageSize < 1)
{
throw new ArgumentException(SecurityMessage.GetString(SecurityMessage.PageSize_bad), "pageSize");
}
long upperBound = (long)pageIndex * pageSize + pageSize - 1;
if (upperBound > Int32.MaxValue)
{
throw new ArgumentException(SecurityMessage.GetString(SecurityMessage.PageIndex_PageSize_bad), "pageIndex and pageSize");
}
ParamsHelper parms = new ParamsHelper();
parms.Add(CreateInputParam("@ApplicationName", SqlDbType.NVarChar, ApplicationName));
parms.Add(CreateInputParam("@ProfileAuthOptions", SqlDbType.Int, (int)authenticationOption));
parms.Add(CreateInputParam("@PageIndex", SqlDbType.Int, pageIndex));
parms.Add(CreateInputParam("@PageSize", SqlDbType.Int, pageSize));
foreach (SqlParameter arg in args)
{
parms.Add(arg);
}
ProfileInfoCollection profiles = new ProfileInfoCollection();
totalRecords = 0;
using (SqlDataReader reader = SqlHelper.ExecuteReader(SqlHelper.SqlProviderConnString, CommandType.StoredProcedure, "dbo.Aspnet_Profile_GetProfiles", parms.ToArray()))
{
if (reader != null)
{
while (reader.Read())
{
string username;
DateTime dtLastActivity, dtLastUpdated;
bool isAnon;
username = reader.GetString(0);
isAnon = reader.GetBoolean(1);
dtLastActivity = DateTime.SpecifyKind(reader.GetDateTime(2), DateTimeKind.Local);
dtLastUpdated = DateTime.SpecifyKind(reader.GetDateTime(3), DateTimeKind.Local);
int size = reader.GetInt32(4);
profiles.Add(new ProfileInfo(username, isAnon, dtLastActivity, dtLastUpdated, size));
}
totalRecords = profiles.Count;
if (reader.NextResult())
{
if (reader.Read())
{
totalRecords = reader.GetInt32(0);
}
}
}
}
return(profiles);
}
internal static void CheckSchemaVersion(ProviderBase provider, SqlConnection connection, string[] features, string version, ref int schemaVersionCheck)
{
if (connection == null)
{
throw new ArgumentNullException("connection");
}
if (features == null)
{
throw new ArgumentNullException("features");
}
if (version == null)
{
throw new ArgumentNullException("version");
}
if (schemaVersionCheck == -1)
{
throw new ProviderException(SecurityMessage.GetString(SecurityMessage.Provider_Schema_Version_Not_Match, provider.ToString(), version));
}
else if (schemaVersionCheck == 0)
{
lock (provider)
{
if (schemaVersionCheck == -1)
{
throw new ProviderException(SecurityMessage.GetString(SecurityMessage.Provider_Schema_Version_Not_Match, provider.ToString(), version));
}
else if (schemaVersionCheck == 0)
{
int iStatus = 0;
SqlCommand cmd = null;
SqlParameter p = null;
foreach (string feature in features)
{
cmd = new SqlCommand("dbo.aspnet_CheckSchemaVersion", connection);
cmd.CommandType = CommandType.StoredProcedure;
p = new SqlParameter("@Feature", feature);
cmd.Parameters.Add(p);
p = new SqlParameter("@CompatibleSchemaVersion", version);
cmd.Parameters.Add(p);
p = new SqlParameter("@ReturnValue", SqlDbType.Int);
p.Direction = ParameterDirection.ReturnValue;
cmd.Parameters.Add(p);
cmd.ExecuteNonQuery();
iStatus = ((p.Value != null) ? ((int)p.Value) : -1);
if (iStatus != 0)
{
schemaVersionCheck = -1;
throw new ProviderException(SecurityMessage.GetString(SecurityMessage.Provider_Schema_Version_Not_Match, provider.ToString(), version));
}
}
schemaVersionCheck = 1;
}
}
}
}
