SecUtility.ValidateParameter C# (CSharp) примеры использования

Пример #1

0

Показать файл

Файл: FRACMembershipProvider.cs Проект: ucdavis/Recruitments

        /// <summary>
        /// Validates a user by making sure their username and password are correct in the system.  Regardless of the web.config settings,
        /// the password information (salt, format) are taken from the database and then compared
        /// </summary>
        /// <param name="username">Unique username</param>
        /// <param name="password">Password to be compared against database.</param>
        /// <returns>true if user entered valid information</returns>
        public override bool ValidateUser(string username, string password)
        {
            //Validate the username and password being entered
            if (!SecUtility.ValidateParameter(ref username,
                                              true,
                                              true,
                                              false,
                                              255))
            {
                return(false);
            }

            if (!SecUtility.ValidateParameter(ref password,
                                              true,
                                              true,
                                              false,
                                              128))
            {
                return(false);
            }

            int status;

            return(CheckPassword(username, password, out status));
        }

Пример #2

0

Показать файл

 public static MembershipUser CreateUser(string username, string password, string email, string passwordQuestion, string passwordAnswer, bool isApproved, object providerUserKey, out MembershipCreateStatus status)
 {
     if (!SecUtility.ValidateParameter(ref username, true, true, true, 0))
     {
         status = MembershipCreateStatus.InvalidUserName;
         return(null);
     }
     if (!SecUtility.ValidatePasswordParameter(ref password, 0))
     {
         status = MembershipCreateStatus.InvalidPassword;
         return(null);
     }
     if (!SecUtility.ValidateParameter(ref email, false, false, false, 0))
     {
         status = MembershipCreateStatus.InvalidEmail;
         return(null);
     }
     if (!SecUtility.ValidateParameter(ref passwordQuestion, false, true, false, 0))
     {
         status = MembershipCreateStatus.InvalidQuestion;
         return(null);
     }
     if (!SecUtility.ValidateParameter(ref passwordAnswer, false, true, false, 0))
     {
         status = MembershipCreateStatus.InvalidAnswer;
         return(null);
     }
     return(Provider.CreateUser(username, password, email, passwordQuestion, passwordAnswer, isApproved, providerUserKey, out status));
 }

Пример #3

0

Показать файл

        /// <summary>
        ///     Adds a new role to the data source for the configured applicationName.
        /// </summary>
        /// <param name="roleName">The name of the role to create.</param>
        public override void CreateRole(string roleName)
        {
            if (roleName.IndexOf(',') > 0)
            {
                throw new ArgumentException("Role names cannot contain commas.");
            }

            if (RoleExists(roleName))
            {
                throw new ProviderException("Role name already exists.");
            }

            if (!SecUtility.ValidateParameter(ref roleName, true, true, false, MAX_ROLENAME_LENGTH))
            {
                throw new ProviderException(
                          String.Format("The role name is too long: it must not exceed {0} chars in length.",
                                        MAX_ROLENAME_LENGTH));
            }

            SQLiteConnection cn = GetDbConnectionForRole();

            try
            {
                using (SQLiteCommand cmd = cn.CreateCommand())
                {
                    cmd.CommandText = "INSERT INTO " + ROLE_TB_NAME
                                      + " (RoleId, RoleName, LoweredRoleName, ApplicationId) "
                                      + " Values ($RoleId, $RoleName, $LoweredRoleName, $ApplicationId)";

                    cmd.Parameters.AddWithValue("$RoleId", Guid.NewGuid().ToString());
                    cmd.Parameters.AddWithValue("$RoleName", roleName);
                    cmd.Parameters.AddWithValue("$LoweredRoleName", roleName.ToLowerInvariant());
                    cmd.Parameters.AddWithValue("$ApplicationId", _applicationId);

                    if (cn.State == ConnectionState.Closed)
                    {
                        cn.Open();
                    }

                    cmd.ExecuteNonQuery();
                }
            }
            finally
            {
                if (!IsTransactionInProgress())
                {
                    cn.Dispose();
                }
            }
        }

Пример #4

0

Показать файл

Файл: MyMembershipProvider.cs Проект: zhenghua75/ynhrMemberManage

 public override bool ValidateUser(string username, string password)
 {
     if (SecUtility.ValidateParameter(ref username, true, true, true, 256) &&
         SecUtility.ValidateParameter(ref password, true, true, false, 128) &&
         CheckPassword(username, password, true))
     {
         // Comment out perf counters in sample: PerfCounters.IncrementCounter(AppPerfCounter.MEMBER_SUCCESS);
         // Comment out events in sample: WebBaseEvent.RaiseSystemEvent(null, WebEventCodes.AuditMembershipAuthenticationSuccess, username);
         return(true);
     }
     else
     {
         // Comment out perf counters in sample: PerfCounters.IncrementCounter(AppPerfCounter.MEMBER_FAIL);
         // Comment out events in sample: WebBaseEvent.RaiseSystemEvent(null, WebEventCodes.AuditMembershipAuthenticationFailure, username);
         return(false);
     }
 }

Пример #5

0

Показать файл

Файл: FRACMembershipProvider.cs Проект: ucdavis/Recruitments

        /// <summary>
        /// Creates a user from the given parameters and settings in the web.config (under the membership section)
        /// </summary>
        /// <param name="username">Kerberos LoginID of the user who created the account (or string.empty)</param>
        /// <param name="password">Password -- complexity determined by web.config settings</param>
        /// <param name="email">Email entered by user</param>
        /// <param name="passwordQuestion"></param>
        /// <param name="passwordAnswer"></param>
        /// <param name="isApproved"></param>
        /// <param name="providerUserKey">Not used since username is always unique, we can look up with UserID when necessary</param>
        /// <param name="status"></param>
        /// <returns>A representation of the current user's membership information</returns>
        public override MembershipUser CreateUser(string username, string password, string email, string passwordQuestion, string passwordAnswer, bool isApproved, object providerUserKey, out MembershipCreateStatus status)
        {
            //if the username is SELFCREATED, set it to empty so that we know it was not created on a Kerberos user's behalf
            if (username == "SELFCREATED")
            {
                username = string.Empty;
            }

            //Make sure the password is non-null or empty (excluding white space)
            if (!SecUtility.ValidateParameter(ref password, true, true, false, 0))
            {
                //If the password is invalid, return the correct status
                status = MembershipCreateStatus.InvalidPassword;
                return(null);
            }

            //Check that the password meets all requirements laid out in the web.config
            if (password.Length < MinRequiredPasswordLength)
            {
                status = MembershipCreateStatus.InvalidPassword;
                return(null);
            }

            int count = 0;

            for (int i = 0; i < password.Length; i++)
            {
                if (!char.IsLetterOrDigit(password, i))
                {
                    count++;
                }
            }

            if (count < MinRequiredNonAlphanumericCharacters)
            {
                status = MembershipCreateStatus.InvalidPassword;
                return(null);
            }

            if (PasswordStrengthRegularExpression.Length > 0)
            {
                if (!Regex.IsMatch(password, PasswordStrengthRegularExpression))
                {
                    status = MembershipCreateStatus.InvalidPassword;
                    return(null);
                }
            }

            //Validate with email as the username
            ValidatePasswordEventArgs e = new ValidatePasswordEventArgs(email, password, true);

            OnValidatingPassword(e);

            if (e.Cancel)
            {
                status = MembershipCreateStatus.InvalidPassword;
                return(null);
            }

            //Generate a salt of length SALT_SIZE_IN_BYTES
            string salt = GenerateSalt();

            //Encodes the password using the method defined in the web.config membership section (clear, hashed, or encrypted)
            //If method = hashed, then the algortihm defined by the HashAlgorithmType key is used
            string encodedPassword = EncodePassword(password, (int)_PasswordFormat, salt);

            //Make sure the password isn't too long (if it is, it will not fit in the database
            if (encodedPassword.Length > 128)
            {
                status = MembershipCreateStatus.InvalidPassword;
                return(null);
            }

            //Check the email, question, answer (only the last two if they are required in the web.config)
            //if (!SecUtility.ValidateParameter(ref username, true, true, true, 255))
            //{
            //    status = MembershipCreateStatus.InvalidUserName;
            //    return null;
            //}

            if (!SecUtility.ValidateParameter(ref email,
                                              RequiresUniqueEmail,
                                              RequiresUniqueEmail,
                                              false,
                                              128))
            {
                status = MembershipCreateStatus.InvalidEmail;
                return(null);
            }

            if (!SecUtility.ValidateParameter(ref passwordQuestion,
                                              RequiresQuestionAndAnswer,
                                              true,
                                              false,
                                              255))
            {
                status = MembershipCreateStatus.InvalidQuestion;
                return(null);
            }

            if (!SecUtility.ValidateParameter(ref passwordAnswer,
                                              RequiresQuestionAndAnswer,
                                              true,
                                              false,
                                              128))
            {
                status = MembershipCreateStatus.InvalidAnswer;
                return(null);
            }

            _dops.ResetDops();
            _dops.Sproc = "usp_InsertAccount";

            _dops.SetParameter("@LoginID", username, "IN"); //KerberosID of user that created this account (null if created by applicant)
            _dops.SetParameter("@Email", email, "IN");
            _dops.SetParameter("@Password", encodedPassword, "IN");
            _dops.SetParameter("@PasswordFormat", (int)PasswordFormat, "IN");
            _dops.SetParameter("@PasswordSalt", salt, "IN");
            _dops.SetParameter("@PasswordQuestion", passwordQuestion, "IN");
            _dops.SetParameter("@PasswordAnswer", passwordAnswer, "IN");
            _dops.SetParameter("@CreateStatus", string.Empty, "OUT");
            _dops.SetParameter("RETURN_VALUE", string.Empty, "RETURN");

            try
            {
                _dops.Execute_Sql();
            }
            catch (SqlException)
            {
                status = MembershipCreateStatus.ProviderError;
                return(null);
            }

            //If the return value is not 0 (success), inspect the error and return it to the user
            if ((int)_dops.GetOutputVariable("RETURN_VALUE") != 0)
            {
                switch ((string)_dops.GetOutputVariable("@CreateStatus"))
                {
                case "InvalidLogin":
                    status = MembershipCreateStatus.DuplicateUserName;
                    break;

                case "InvalidEmail":
                    status = MembershipCreateStatus.DuplicateEmail;
                    break;

                default:
                    status = MembershipCreateStatus.ProviderError;
                    break;
                }

                return(null);
            }
            else
            {
                //No error, so go ahead and return success
                DateTime dt = DateTime.Now;

                status = MembershipCreateStatus.Success;
                return(new MembershipUser(this.Name,
                                          username,
                                          null,
                                          email,
                                          passwordQuestion,
                                          string.Empty,
                                          isApproved,
                                          false,
                                          dt,
                                          dt,
                                          dt,
                                          dt,
                                          DateTime.MinValue));
            }
        }

Пример #6

0

Показать файл

Файл: MyMembershipProvider.cs Проект: zhenghua75/ynhrMemberManage

        public string CreateUser(Oper oper)
        {
            string password = oper.cnvcPwd;
            string username = oper.cnvcOperName;

            if (!SecUtility.ValidateParameter(ref password, true, true, false, 128))
            {
                return(MyMembershipCreateStatus.InvalidPassword);
            }

            //string salt = GenerateSalt();
            string pass = EncodePassword(oper.cnvcPwd);

            if (pass.Length > 128)
            {
                return(MyMembershipCreateStatus.InvalidPassword);
            }

            if (!SecUtility.ValidateParameter(ref username, true, true, true, 256))
            {
                return(MyMembershipCreateStatus.InvalidUserName);
            }

            if (oper.cnvcPwd.Length < MinRequiredPasswordLength)
            {
                return(MyMembershipCreateStatus.InvalidPassword);
            }

            int count = 0;

            for (int i = 0; i < oper.cnvcPwd.Length; i++)
            {
                if (!char.IsLetterOrDigit(oper.cnvcPwd, i))
                {
                    count++;
                }
            }

            if (count < MinRequiredNonAlphanumericCharacters)
            {
                return(MyMembershipCreateStatus.InvalidPassword);
            }

            if (PasswordStrengthRegularExpression.Length > 0)
            {
                if (!Regex.IsMatch(oper.cnvcPwd, PasswordStrengthRegularExpression))
                {
                    return(MyMembershipCreateStatus.InvalidPassword);
                }
            }
            oper.cnvcPwd = pass;
            DataTable dtOper = SqlHelper.ExecuteDataTable(CommandType.Text, "select * from tbOper where cnvcOperName = '" + oper.cnvcOperName + "'");

            if (dtOper.Rows.Count > 0)
            {
                return(MyMembershipCreateStatus.DuplicateUserName);
            }
            if (oper.cnvcCardNo.Length > 0)
            {
                DataTable dtCard = SqlHelper.ExecuteDataTable(CommandType.Text, "select * from tbOper where cnvcCardNo = 'aaa" + oper.cnvcCardNo + "'");
                if (dtCard.Rows.Count > 0)
                {
                    return(MyMembershipCreateStatus.DuplicateCardNo);
                }
                CardM1 m1        = new CardM1();
                string strReturn = m1.PutOutCard("aaa" + oper.cnvcCardNo);
                if (strReturn.Equals("OPSUCCESS"))
                {
                    oper.cnvcCardNo = "aaa" + oper.cnvcCardNo;
                    EntityMapping.Create(oper);
                }
                else
                {
                    return(MyMembershipCreateStatus.CardOperException);
                }
            }
            else
            {
                EntityMapping.Create(oper);
            }

            return(MyMembershipCreateStatus.Success);
        }

C# (CSharp) SecUtility.ValidateParameter примеры использования