internal static void CheckArrayParameter(ref string[] param, bool checkForNull, bool checkIfEmpty, bool checkForCommas, int maxSize, string paramName)
{
if (param == null)
{
throw new ArgumentNullException(paramName);
}
if (param.Length < 1)
{
throw new ArgumentException(SR.GetString(SR.Parameter_array_empty, paramName), paramName);
}
Hashtable values = new Hashtable(param.Length);
for (int i = param.Length - 1; i >= 0; i--)
{
SecUtility.CheckParameter(ref param[i], checkForNull, checkIfEmpty, checkForCommas, maxSize,
paramName + "[ " + i.ToString(CultureInfo.InvariantCulture) + " ]");
if (values.Contains(param[i]))
{
throw new ArgumentException(SR.GetString(SR.Parameter_duplicate_array_element, paramName), paramName);
}
else
{
values.Add(param[i], param[i]);
}
}
}
private void CheckSchemaVersion(SqlConnection connection)
{
string[] features = { "Common", "Membership" };
string version = "1";
SecUtility.CheckSchemaVersion(this,
connection,
features,
version,
ref _SchemaVersionCheck);
}
public override void Initialize(string name, NameValueCollection config)
{
// Remove CAS from sample: HttpRuntime.CheckAspNetHostingPermission (AspNetHostingPermissionLevel.Low, SR.Feature_not_supported_at_this_level);
if (config == null)
{
throw new ArgumentNullException("config");
}
if (String.IsNullOrEmpty(name))
{
name = "DorisMembershipProvider";
}
if (string.IsNullOrEmpty(config["description"]))
{
config.Remove("description");
config.Add("description", SR.GetString(SR.MembershipSqlProvider_description));
}
base.Initialize(name, config);
_SchemaVersionCheck = 0;
_EnablePasswordRetrieval = SecUtility.GetBooleanValue(config, "enablePasswordRetrieval", false);
_EnablePasswordReset = SecUtility.GetBooleanValue(config, "enablePasswordReset", true);
_RequiresQuestionAndAnswer = SecUtility.GetBooleanValue(config, "requiresQuestionAndAnswer", true);
_RequiresUniqueEmail = SecUtility.GetBooleanValue(config, "requiresUniqueEmail", true);
_MaxInvalidPasswordAttempts = SecUtility.GetIntValue(config, "maxInvalidPasswordAttempts", 5, false, 0);
_PasswordAttemptWindow = SecUtility.GetIntValue(config, "passwordAttemptWindow", 10, false, 0);
_MinRequiredPasswordLength = SecUtility.GetIntValue(config, "minRequiredPasswordLength", 7, false, 128);
_MinRequiredNonalphanumericCharacters = SecUtility.GetIntValue(config, "minRequiredNonalphanumericCharacters", 1, true, 128);
_PasswordStrengthRegularExpression = config["passwordStrengthRegularExpression"];
if (_PasswordStrengthRegularExpression != null)
{
_PasswordStrengthRegularExpression = _PasswordStrengthRegularExpression.Trim();
if (_PasswordStrengthRegularExpression.Length != 0)
{
try
{
Regex regex = new Regex(_PasswordStrengthRegularExpression);
}
catch (ArgumentException e)
{
throw new ProviderException(e.Message, e);
}
}
}
else
{
_PasswordStrengthRegularExpression = string.Empty;
}
if (_MinRequiredNonalphanumericCharacters > _MinRequiredPasswordLength)
{
throw new HttpException(SR.GetString(SR.MinRequiredNonalphanumericCharacters_can_not_be_more_than_MinRequiredPasswordLength));
}
_CommandTimeout = SecUtility.GetIntValue(config, "commandTimeout", 30, true, 0);
_AppName = config["applicationName"];
if (string.IsNullOrEmpty(_AppName))
{
_AppName = SecUtility.GetDefaultAppName();
}
if (_AppName.Length > 256)
{
throw new ProviderException(SR.GetString(SR.Provider_application_name_too_long));
}
string strTemp = config["passwordFormat"];
if (strTemp == null)
{
strTemp = "Hashed";
}
switch (strTemp)
{
case "Clear":
_PasswordFormat = MembershipPasswordFormat.Clear;
break;
case "Encrypted":
_PasswordFormat = MembershipPasswordFormat.Encrypted;
break;
case "Hashed":
_PasswordFormat = MembershipPasswordFormat.Hashed;
break;
default:
throw new ProviderException(SR.GetString(SR.Provider_bad_password_format));
}
if (PasswordFormat == MembershipPasswordFormat.Hashed && EnablePasswordRetrieval)
{
throw new ProviderException(SR.GetString(SR.Provider_can_not_retrieve_hashed_password));
}
//if (_PasswordFormat == MembershipPasswordFormat.Encrypted && MachineKeySection.IsDecryptionKeyAutogenerated)
// throw new ProviderException(SR.GetString(SR.Can_not_use_encrypted_passwords_with_autogen_keys));
string temp = config["connectionStringName"];
if (temp == null || temp.Length < 1)
{
throw new ProviderException(SR.GetString(SR.Connection_name_not_specified));
}
_sqlConnectionString = SqlConnectionHelper.GetConnectionString(temp, true, true);
if (_sqlConnectionString == null || _sqlConnectionString.Length < 1)
{
throw new ProviderException(SR.GetString(SR.Connection_string_not_found, temp));
}
config.Remove("connectionStringName");
config.Remove("enablePasswordRetrieval");
config.Remove("enablePasswordReset");
config.Remove("requiresQuestionAndAnswer");
config.Remove("applicationName");
config.Remove("requiresUniqueEmail");
config.Remove("maxInvalidPasswordAttempts");
config.Remove("passwordAttemptWindow");
config.Remove("commandTimeout");
config.Remove("passwordFormat");
config.Remove("name");
config.Remove("minRequiredPasswordLength");
config.Remove("minRequiredNonalphanumericCharacters");
config.Remove("passwordStrengthRegularExpression");
if (config.Count > 0)
{
string attribUnrecognized = config.GetKey(0);
if (!String.IsNullOrEmpty(attribUnrecognized))
{
throw new ProviderException(SR.GetString(SR.Provider_unrecognized_attribute, attribUnrecognized));
}
}
}
public override MembershipUser CreateUser(string username, string password, string email,
string passwordQuestion, string passwordAnswer,
bool isApproved, object providerUserKey,
out MembershipCreateStatus status)
{
if (!SecUtility.ValidateParameter(ref password, true, true, false, 128))
{
status = MembershipCreateStatus.InvalidPassword;
return(null);
}
string salt = GenerateSalt();
string pass = EncodePassword(password, (int)_PasswordFormat, salt);
if (pass.Length > 128)
{
status = MembershipCreateStatus.InvalidPassword;
return(null);
}
string encodedPasswordAnswer;
if (passwordAnswer != null)
{
passwordAnswer = passwordAnswer.Trim();
}
if (!string.IsNullOrEmpty(passwordAnswer))
{
if (passwordAnswer.Length > 128)
{
status = MembershipCreateStatus.InvalidAnswer;
return(null);
}
encodedPasswordAnswer = EncodePassword(passwordAnswer.ToLower(CultureInfo.InvariantCulture), (int)_PasswordFormat, salt);
}
else
{
encodedPasswordAnswer = passwordAnswer;
}
if (!SecUtility.ValidateParameter(ref encodedPasswordAnswer, RequiresQuestionAndAnswer, true, false, 128))
{
status = MembershipCreateStatus.InvalidAnswer;
return(null);
}
if (!SecUtility.ValidateParameter(ref username, true, true, true, 256))
{
status = MembershipCreateStatus.InvalidUserName;
return(null);
}
if (!SecUtility.ValidateParameter(ref email,
RequiresUniqueEmail,
RequiresUniqueEmail,
false,
256))
{
status = MembershipCreateStatus.InvalidEmail;
return(null);
}
if (!SecUtility.ValidateParameter(ref passwordQuestion, RequiresQuestionAndAnswer, true, false, 256))
{
status = MembershipCreateStatus.InvalidQuestion;
return(null);
}
if (password.Length < MinRequiredPasswordLength)
{
status = MembershipCreateStatus.InvalidPassword;
return(null);
}
int count = 0;
for (int i = 0; i < password.Length; i++)
{
if (!char.IsLetterOrDigit(password, i))
{
count++;
}
}
if (count < MinRequiredNonAlphanumericCharacters)
{
status = MembershipCreateStatus.InvalidPassword;
return(null);
}
if (PasswordStrengthRegularExpression.Length > 0)
{
if (!Regex.IsMatch(password, PasswordStrengthRegularExpression))
{
status = MembershipCreateStatus.InvalidPassword;
return(null);
}
}
ValidatePasswordEventArgs e = new ValidatePasswordEventArgs(username, password, true);
OnValidatingPassword(e);
if (e.Cancel)
{
status = MembershipCreateStatus.InvalidPassword;
return(null);
}
try
{
SqlConnectionHolder holder = null;
try
{
holder = SqlConnectionHelper.GetConnection(_sqlConnectionString, true);
CheckSchemaVersion(holder.Connection);
DateTime dt = RoundToSeconds(DateTime.UtcNow);
SqlCommand cmd = new SqlCommand("dbo.aspnet_Membership_CreateUser", holder.Connection);
cmd.CommandTimeout = CommandTimeout;
cmd.CommandType = CommandType.StoredProcedure;
cmd.Parameters.Add(CreateInputParam("@ApplicationName", SqlDbType.NVarChar, ApplicationName));
cmd.Parameters.Add(CreateInputParam("@UserName", SqlDbType.NVarChar, username));
cmd.Parameters.Add(CreateInputParam("@Password", SqlDbType.NVarChar, pass));
cmd.Parameters.Add(CreateInputParam("@PasswordSalt", SqlDbType.NVarChar, salt));
cmd.Parameters.Add(CreateInputParam("@Email", SqlDbType.NVarChar, email));
cmd.Parameters.Add(CreateInputParam("@PasswordQuestion", SqlDbType.NVarChar, passwordQuestion));
cmd.Parameters.Add(CreateInputParam("@PasswordAnswer", SqlDbType.NVarChar, encodedPasswordAnswer));
cmd.Parameters.Add(CreateInputParam("@IsApproved", SqlDbType.Bit, isApproved));
cmd.Parameters.Add(CreateInputParam("@UniqueEmail", SqlDbType.Int, RequiresUniqueEmail ? 1 : 0));
cmd.Parameters.Add(CreateInputParam("@PasswordFormat", SqlDbType.Int, (int)PasswordFormat));
cmd.Parameters.Add(CreateInputParam("@CurrentTimeUtc", SqlDbType.DateTime, dt));
SqlParameter p = CreateInputParam("@UserId", SqlDbType.Int, providerUserKey);
p.Direction = ParameterDirection.InputOutput;
cmd.Parameters.Add(p);
p = new SqlParameter("@ReturnValue", SqlDbType.Int);
p.Direction = ParameterDirection.ReturnValue;
cmd.Parameters.Add(p);
cmd.ExecuteNonQuery();
int iStatus = ((p.Value != null) ? ((int)p.Value) : -1);
if (iStatus < 0 || iStatus > (int)MembershipCreateStatus.ProviderError)
{
iStatus = (int)MembershipCreateStatus.ProviderError;
}
status = (MembershipCreateStatus)iStatus;
if (iStatus != 0) // !success
{
return(null);
}
providerUserKey = new Guid(cmd.Parameters["@UserId"].Value.ToString());
dt = dt.ToLocalTime();
return(new MembershipUser(this.Name,
username,
providerUserKey,
email,
passwordQuestion,
null,
isApproved,
false,
dt,
dt,
dt,
dt,
new DateTime(1754, 1, 1)));
}
finally
{
if (holder != null)
{
holder.Close();
holder = null;
}
}
}
catch
{
throw;
}
}
