Пример #1
0
 internal static void CheckArrayParameter(ref string[] param, bool checkForNull, bool checkIfEmpty, bool checkForCommas, int maxSize, string paramName)
 {
     if (param == null)
     {
         throw new ArgumentNullException(paramName);
     }
     if (param.Length < 1)
     {
         throw new ArgumentException("The array parameter '" + paramName + "' should not be empty.", paramName);
     }
     for (int i = param.Length - 1; i >= 0; i--)
     {
         SecUtility.CheckParameter(ref param[i],
                                   checkForNull,
                                   checkIfEmpty,
                                   checkForCommas,
                                   maxSize,
                                   paramName + "[ " + i.ToString(CultureInfo.InvariantCulture) + " ]");
     }
     for (int i = param.Length - 1; i >= 0; i--)
     {
         for (int j = i - 1; j >= 0; j--)
         {
             if (param[i].Equals(param[j]))
             {
                 throw new ArgumentException("The array '" + paramName + "' should not contain duplicate values.", paramName);
             }
         }
     }
 }
Пример #2
0
        public static string[] GetRolesForAuthorization(string authorizationname)
        {
            SecUtility.CheckParameter(ref authorizationname, true, false, true, 255, "authorizationname");
            if (authorizationname.Length < 1)
            {
                return(new string[0]);
            }

            AccessConnectionHolder holder     = AccessConnectionHelper.GetConnection(_DatabaseFileName, true);
            OleDbConnection        connection = holder.Connection;
            OleDbDataReader        reader     = null;

            try
            {
                try
                {
                    int appId           = GetApplicationId(holder);
                    int authorizationId = GetAuthorizationId(connection, appId, authorizationname);
                    if (authorizationId == 0)
                    {
                        return(new string[0]);
                    }
                    OleDbCommand     command;
                    StringCollection sc = new StringCollection();
                    String[]         strReturn;


                    command = new OleDbCommand(@"SELECT RoleName FROM aspnet_AuthorizationsInRoles ar, aspnet_Roles r " +
                                               @"WHERE ar.AuthorizationId = @AuthorizationId AND ar.RoleId = r.RoleId " +
                                               @"ORDER BY RoleName",
                                               connection);
                    command.Parameters.Add(new OleDbParameter("@AuthorizationId", authorizationId));
                    reader = command.ExecuteReader(CommandBehavior.SequentialAccess);
                    while (reader.Read())
                    {
                        sc.Add(reader.GetString(0));
                    }
                    strReturn = new String[sc.Count];
                    sc.CopyTo(strReturn, 0);
                    return(strReturn);
                }
                catch (Exception e)
                {
                    throw AccessConnectionHelper.GetBetterException(e, holder);
                }
                finally
                {
                    if (reader != null)
                    {
                        reader.Close();
                    }
                    holder.Close();
                }
            }
            catch
            {
                throw;
            }
        }
Пример #3
0
        //////////////////////////////////////////////////////////////////////
        //////////////////////////////////////////////////////////////////////
        //////////////////////////////////////////////////////////////////////
        public static string[] FindAuthorizationsInRole(string roleName, string authorizationnameToMatch)
        {
            SecUtility.CheckParameter(ref roleName, true, true, true, 255, "roleName");
            SecUtility.CheckParameter(ref authorizationnameToMatch, true, true, false, 255, "authorizationnameToMatch");

            StringCollection sc = new StringCollection();

            AccessConnectionHolder holder     = AccessConnectionHelper.GetConnection(_DatabaseFileName, true);
            OleDbDataReader        reader     = null;
            OleDbConnection        connection = holder.Connection;

            try
            {
                try
                {
                    int appId  = GetApplicationId(holder);
                    int roleId = GetRoleId(connection, appId, roleName);

                    OleDbCommand command;

                    if (roleId == 0)
                    {
                        throw new ProviderException("Role not found " + roleName);
                    }

                    command = new OleDbCommand(@"SELECT AuthorizationName " +
                                               @"FROM aspnet_AuthorizationsInRoles ar, aspnet_Authorizations a " +
                                               @"WHERE ar.RoleId = @RoleId AND ar.AuthorizationId = a.AuthorizationId AND A.AuthorizationName LIKE '%'+@AuthorizationNameToMatch+'%' " +
                                               @"ORDER BY UserName", connection);
                    command.Parameters.Add(new OleDbParameter("@RoleId", roleId));
                    command.Parameters.Add(new OleDbParameter("@AuthorizationNameToMatch", authorizationnameToMatch));
                    reader = command.ExecuteReader(CommandBehavior.SequentialAccess);
                    while (reader.Read())
                    {
                        sc.Add((string)reader.GetString(0));
                    }
                }
                catch (Exception e)
                {
                    throw AccessConnectionHelper.GetBetterException(e, holder);
                }
                finally
                {
                    if (reader != null)
                    {
                        reader.Close();
                    }
                    holder.Close();
                }
            }
            catch
            {
                throw;
            }
            string[] allUsers = new string[sc.Count];
            sc.CopyTo(allUsers, 0);
            return(allUsers);
        }
Пример #4
0
        public static bool IsRoleInAuthorization(string rolename, string authorizationName)
        {
            SecUtility.CheckParameter(ref rolename, true, false, true, 255, "rolename");
            if (rolename.Length < 1)
            {
                return(false);
            }
            SecUtility.CheckParameter(ref authorizationName, true, true, true, 255, "authorizationName");

            AccessConnectionHolder holder     = AccessConnectionHelper.GetConnection(_DatabaseFileName, true);
            OleDbConnection        connection = holder.Connection;

            try
            {
                try
                {
                    int appId           = GetApplicationId(holder);
                    int roleId          = GetRoleId(connection, appId, rolename);
                    int authorizationId = GetAuthorizationId(connection, appId, authorizationName);

                    OleDbCommand command;

                    if (roleId == 0)
                    {
                        return(false);
                    }

                    if (authorizationId == 0)
                    {
                        return(false);
                    }

                    command = new OleDbCommand(@"SELECT UserId FROM aspnet_UsersInRoles WHERE RoleId = @RoleId AND AuthorizationId = @AuthorizationId", connection);
                    command.Parameters.Add(new OleDbParameter("@RoleId", roleId));
                    command.Parameters.Add(new OleDbParameter("@AuthorizationId", authorizationId));

                    object result = command.ExecuteScalar();

                    if (result == null || !(result is int) || ((int)result) != roleId)
                    {
                        return(false);
                    }
                    return(true);
                }
                catch (Exception e)
                {
                    throw AccessConnectionHelper.GetBetterException(e, holder);
                }
                finally
                {
                    holder.Close();
                }
            }
            catch
            {
                throw;
            }
        }
        ////////////////////////////////////////////////////////////
        // Public properties

        public override void Initialize(string name, NameValueCollection config)
        {
            if (name == null || name.Length < 1)
            {
                name = "AccessProfileProvider";
            }

            if (string.IsNullOrEmpty(config["description"]))
            {
                config.Remove("description");
                config.Add("description", "$safeprojectname$ Profile Provider");
            }
            base.Initialize(name, config);
            if (config == null)
            {
                throw new ArgumentNullException("config");
            }

            _DatabaseFileName = config["connectionStringName"];
            if (_DatabaseFileName == null || _DatabaseFileName.Length < 1)
            {
                throw new ProviderException("Connection name not specified");
            }
            string temp = AccessConnectionHelper.GetFileNameFromConnectionName(_DatabaseFileName, true);

            if (temp == null || temp.Length < 1)
            {
                throw new ProviderException("Connection string not found" + _DatabaseFileName);
            }
            _DatabaseFileName = temp;
            //HandlerBase.CheckAndReadRegistryValue(ref _DatabaseFileName, true);
            AccessConnectionHelper.CheckConnectionString(_DatabaseFileName);

            _AppName = config["applicationName"];
            if (string.IsNullOrEmpty(_AppName))
            {
                _AppName = SecUtility.GetDefaultAppName();
            }

            if (_AppName.Length > 255)
            {
                throw new ProviderException("ApplicationName exceeded max length of " + 255);
            }

            //_Description = config["description"];
            config.Remove("connectionStringName");
            config.Remove("applicationName");
            config.Remove("description");
            if (config.Count > 0)
            {
                string attribUnrecognized = config.GetKey(0);
                if (!String.IsNullOrEmpty(attribUnrecognized))
                {
                    throw new ProviderException("Unrecognized attribute: " + attribUnrecognized);
                }
            }
        }
Пример #6
0
        //////////////////////////////////////////////////////////////////////
        //////////////////////////////////////////////////////////////////////
        //////////////////////////////////////////////////////////////////////

        public override string[] GetUsersInRole(string roleName)
        {
            SecUtility.CheckParameter(ref roleName, true, true, true, 255, "roleName");
            StringCollection sc = new StringCollection();

            String[] strReturn;
            AccessConnectionHolder holder     = AccessConnectionHelper.GetConnection(_DatabaseFileName, true);
            OleDbDataReader        reader     = null;
            OleDbConnection        connection = holder.Connection;

            try
            {
                try
                {
                    int          appId  = GetApplicationId(holder);
                    int          roleId = GetRoleId(connection, appId, roleName);
                    OleDbCommand command;
                    if (roleId == 0)
                    {
                        throw new ProviderException("Role not found: " + roleName);
                    }
                    command = new OleDbCommand(@"SELECT UserName " +
                                               @"FROM aspnet_UsersInRoles ur, aspnet_Users u " +
                                               @"WHERE ur.RoleId = @RoleId AND ur.UserId = u.UserId " +
                                               @"ORDER BY UserName", connection);

                    command.Parameters.Add(new OleDbParameter("@RoleId", roleId));
                    reader = command.ExecuteReader(CommandBehavior.SequentialAccess);
                    while (reader.Read())
                    {
                        sc.Add(reader.GetString(0));
                    }
                }
                catch (Exception e)
                {
                    throw AccessConnectionHelper.GetBetterException(e, holder);
                }
                finally
                {
                    if (reader != null)
                    {
                        reader.Close();
                    }
                    holder.Close();
                }
            }
            catch
            {
                throw;
            }
            strReturn = new String[sc.Count];
            sc.CopyTo(strReturn, 0);
            return(strReturn);
        }
        /////////////////////////////////////////////////////////////////////////////
        /////////////////////////////////////////////////////////////////////////////
        public override ProfileInfoCollection FindProfilesByUserName(ProfileAuthenticationOption authenticationOption, string usernameToMatch, int pageIndex, int pageSize, out int totalRecords)
        {
            SecUtility.CheckParameter(ref usernameToMatch, true, true, false, 255, "username");
            string sqlQuery = @"SELECT u.UserName, u.IsAnonymous, u.LastActivityDate, p.LastUpdatedDate, LEN(p.PropertyNames) + LEN(p.PropertyValuesString) " +
                              @"FROM aspnet_Users u, aspnet_Profile p " +
                              @"WHERE ApplicationId = @AppId AND u.UserId = p.UserId AND u.UserName LIKE '%'+@UserName+'%'" +
                              GetClauseForAuthenticationOptions(authenticationOption);

            OleDbParameter[] args = new OleDbParameter[1];
            args[0] = new OleDbParameter("@UserName", usernameToMatch);
            return(GetProfilesForQuery(sqlQuery, args, pageIndex, pageSize, out totalRecords));
        }
 /////////////////////////////////////////////////////////////////////////////
 /////////////////////////////////////////////////////////////////////////////
 public override int DeleteProfiles(string[] usernames)
 {
     SecUtility.CheckArrayParameter(ref usernames, true, true, true, 255, "usernames");
     try
     {
         AccessConnectionHolder holder = AccessConnectionHelper.GetConnection(_DatabaseFileName, true);
         int  numDeleted        = 0;
         bool fBeginTransCalled = false;
         try
         {
             OleDbCommand cmd = new OleDbCommand("BEGIN TRANSACTION", holder.Connection);
             cmd.ExecuteNonQuery();
             fBeginTransCalled = true;
             int appId = GetApplicationId(holder);
             foreach (string username in usernames)
             {
                 if (DeleteProfile(holder, username, appId))
                 {
                     numDeleted++;
                 }
             }
             cmd = new OleDbCommand("COMMIT TRANSACTION", holder.Connection);
             cmd.ExecuteNonQuery();
             fBeginTransCalled = false;
         }
         catch (Exception e)
         {
             throw AccessConnectionHelper.GetBetterException(e, holder);
         }
         finally
         {
             if (fBeginTransCalled)
             {
                 try
                 {
                     OleDbCommand command = new OleDbCommand("ROLLBACK TRANSACTION", holder.Connection);
                     command.ExecuteNonQuery();
                 }
                 catch { }
             }
             holder.Close();
         }
         return(numDeleted);
     }
     catch
     {
         throw;
     }
 }
        /////////////////////////////////////////////////////////////////////////////
        /////////////////////////////////////////////////////////////////////////////
        private bool DeleteProfile(AccessConnectionHolder holder, string username, int appId)
        {
            SecUtility.CheckParameter(ref username, true, true, true, 255, "username");

            int userId = AccessConnectionHelper.GetUserID(holder.Connection, appId, username, false);

            if (userId == 0)
            {
                return(false);
            }
            OleDbCommand cmd = new OleDbCommand(@"DELETE FROM aspnet_Profile WHERE UserId = @UserId", holder.Connection);

            cmd.Parameters.Add(new OleDbParameter("@UserId", userId));
            return(cmd.ExecuteNonQuery() != 0);
        }
Пример #10
0
        //////////////////////////////////////////////////////////////////////
        //////////////////////////////////////////////////////////////////////
        //////////////////////////////////////////////////////////////////////

        public static bool RoleExists(string authorizationName)
        {
            try
            {
                SecUtility.CheckParameter(ref authorizationName, true, true, true, 255, "authorizationName");
            }
            catch
            {
                return(false);
            }
            AccessConnectionHolder holder     = AccessConnectionHelper.GetConnection(_DatabaseFileName, true);
            OleDbConnection        connection = holder.Connection;

            try
            {
                try
                {
                    int appId           = GetApplicationId(holder);
                    int authorizationId = GetAuthorizationId(connection, appId, authorizationName);

                    return(authorizationId != 0);
                }
                catch (Exception e)
                {
                    throw AccessConnectionHelper.GetBetterException(e, holder);
                }
                finally
                {
                    holder.Close();
                }
            }
            catch
            {
                throw;
            }
        }
Пример #11
0
        //////////////////////////////////////////////////////////////////////
        //////////////////////////////////////////////////////////////////////
        //////////////////////////////////////////////////////////////////////

        public static void RemoveAuthorizationsFromRoles(string[] authorizationnames, string[] roleNames)
        {
            SecUtility.CheckArrayParameter(ref roleNames, true, true, true, 255, "roleNames");
            SecUtility.CheckArrayParameter(ref authorizationnames, true, true, true, 255, "authorizationnames");

            AccessConnectionHolder holder     = AccessConnectionHelper.GetConnection(_DatabaseFileName, true);
            OleDbConnection        connection = holder.Connection;
            bool fBeginTransCalled            = false;

            try
            {
                try
                {
                    int   appId            = GetApplicationId(holder);
                    int[] authorizationIds = new int[authorizationnames.Length];
                    int[] roleIds          = new int[roleNames.Length];

                    OleDbCommand command;
                    command = new OleDbCommand("BEGIN TRANSACTION", connection);
                    command.ExecuteNonQuery();
                    fBeginTransCalled = true;

                    for (int iterA = 0; iterA < authorizationnames.Length; iterA++)
                    {
                        authorizationIds[iterA] = GetAuthorizationId(connection, appId, authorizationnames[iterA]);
                        if (authorizationIds[iterA] == 0)
                        {
                            throw new ProviderException("Authorization not found: " + authorizationnames[iterA]);
                        }
                    }
                    for (int iterR = 0; iterR < roleNames.Length; iterR++)
                    {
                        roleIds[iterR] = GetRoleId(connection, appId, roleNames[iterR]);
                        if (roleIds[iterR] == 0)
                        {
                            throw new ProviderException("Role not found: " + roleNames[iterR]);
                        }
                    }
                    for (int iterA = 0; iterA < authorizationnames.Length; iterA++)
                    {
                        for (int iterR = 0; iterR < roleNames.Length; iterR++)
                        {
                            command = new OleDbCommand(@"SELECT AuthorizationId FROM aspnet_AuthorizationsInRoles WHERE AuthorizationId = @AuthorizationId AND RoleId = @RoleId", connection);
                            command.Parameters.Add(new OleDbParameter("@AuthorizationId", authorizationIds[iterA]));
                            command.Parameters.Add(new OleDbParameter("@RoleId", roleIds[iterR]));

                            object result = command.ExecuteScalar();
                            if (result == null || !(result is int) || ((int)result) != authorizationIds[iterA])
                            { // doesn't exist!
                                throw new ProviderException("The Authorization " + authorizationnames[iterA] + " is already not in role " + roleNames[iterR]);
                            }
                        }
                    }

                    for (int iterA = 0; iterA < authorizationnames.Length; iterA++)
                    {
                        for (int iterR = 0; iterR < roleNames.Length; iterR++)
                        {
                            command = new OleDbCommand(@"DELETE FROM aspnet_AuthorizationsInRoles WHERE AuthorizationId = @AuthorizationId AND RoleId = @RoleId", connection);
                            command.Parameters.Add(new OleDbParameter("@AuthorizationId", authorizationIds[iterA]));
                            command.Parameters.Add(new OleDbParameter("@RoleId", roleIds[iterR]));
                            if (command.ExecuteNonQuery() != 1)
                            {
                                throw new ProviderException("Unknown failure");
                            }
                        }
                    }
                    command = new OleDbCommand("COMMIT TRANSACTION", connection);
                    command.ExecuteNonQuery();
                }
                catch (Exception e)
                {
                    try
                    {
                        if (fBeginTransCalled)
                        {
                            OleDbCommand command = new OleDbCommand("ROLLBACK TRANSACTION", connection);
                            command.ExecuteNonQuery();
                        }
                    }
                    catch { }
                    throw AccessConnectionHelper.GetBetterException(e, holder);
                }
                finally
                {
                    holder.Close();
                }
            }
            catch
            {
                throw;
            }
        }
Пример #12
0
        //////////////////////////////////////////////////////////////////////
        //////////////////////////////////////////////////////////////////////
        //////////////////////////////////////////////////////////////////////

        public static bool DeleteRole(string authorizationName, bool throwOnPopulatedAuthorization)
        {
            SecUtility.CheckParameter(ref authorizationName, true, true, true, 255, "authorizationName");
            AccessConnectionHolder holder     = AccessConnectionHelper.GetConnection(_DatabaseFileName, true);
            OleDbConnection        connection = holder.Connection;
            bool fBeginTransCalled            = false;

            try
            {
                try
                {
                    int          appId = GetApplicationId(holder);
                    OleDbCommand command;
                    int          authorizationId = GetAuthorizationId(connection, appId, authorizationName);

                    if (authorizationId == 0)
                    {
                        return(false);
                    }

                    if (throwOnPopulatedAuthorization)
                    {
                        command = new OleDbCommand(@"SELECT COUNT(*) " +
                                                   @"FROM aspnet_AuthorizationsInRoles ar, aspnet_Authorizations a " +
                                                   @"WHERE ar.AuthorizationId = @AuthorizationId AND ar.AuthorizationId = a.AuthorizationId", connection);

                        command.Parameters.Add(new OleDbParameter("@AuthorizationId", authorizationId));
                        object num = command.ExecuteScalar();
                        if (!(num is int) || ((int)num) != 0)
                        {
                            throw new ProviderException("Authorization is not empty");
                        }
                    }
                    else
                    {
                        command = new OleDbCommand("BEGIN TRANSACTION", connection);
                        command.ExecuteNonQuery();
                        fBeginTransCalled = true;
                        command           = new OleDbCommand(@"DELETE FROM aspnet_AuthorizationsInRoles WHERE AuthorizationId = @AuthorizationId", connection);
                        command.Parameters.Add(new OleDbParameter("@AuthorizationId", authorizationId));
                        /*int returnValue =*/ command.ExecuteNonQuery();
                        command = new OleDbCommand("COMMIT TRANSACTION", connection);
                        command.ExecuteNonQuery();
                        fBeginTransCalled = false;
                    }

                    command = new OleDbCommand("BEGIN TRANSACTION", connection);
                    command.ExecuteNonQuery();
                    fBeginTransCalled = true;
                    command           = new OleDbCommand(@"DELETE FROM aspnet_Authorizations WHERE AuthorizationId = @AuthorizationId", connection);
                    command.Parameters.Add(new OleDbParameter("@AuthorizationId", authorizationId));
                    int returnValue = command.ExecuteNonQuery();
                    command = new OleDbCommand("COMMIT TRANSACTION", connection);
                    command.ExecuteNonQuery();
                    fBeginTransCalled = false;

                    return(returnValue == 1);
                }
                catch (Exception e)
                {
                    if (fBeginTransCalled)
                    {
                        try
                        {
                            OleDbCommand command = new OleDbCommand("ROLLBACK TRANSACTION", connection);
                            command.ExecuteNonQuery();
                        }
                        catch { }
                    }
                    throw AccessConnectionHelper.GetBetterException(e, holder);
                }
                finally
                {
                    holder.Close();
                }
            }
            catch
            {
                throw;
            }
        }
Пример #13
0
        public static void CreateRole(string authorizationName)
        {
            SecUtility.CheckParameter(ref authorizationName, true, true, true, 255, "authorizationName");

            AccessConnectionHolder holder     = AccessConnectionHelper.GetConnection(_DatabaseFileName, true);
            OleDbConnection        connection = holder.Connection;
            bool fBeginTransCalled            = false;

            try
            {
                try
                {
                    int          appId = GetApplicationId(holder);
                    OleDbCommand command;
                    int          authorizationId = GetAuthorizationId(connection, appId, authorizationName);

                    if (authorizationId != 0)
                    {
                        throw new ProviderException("Provider role already exists: " + authorizationName);
                    }

                    command = new OleDbCommand("BEGIN TRANSACTION", connection);
                    command.ExecuteNonQuery();
                    fBeginTransCalled = true;
                    command           = new OleDbCommand(@"INSERT INTO aspnet_Authorizations (ApplicationId, AuthorizationName) VALUES (@AppId, @AName)", connection);
                    command.Parameters.Add(new OleDbParameter("@AppId", appId));
                    command.Parameters.Add(new OleDbParameter("@AName", authorizationName));
                    int returnValue = command.ExecuteNonQuery();
                    command = new OleDbCommand("COMMIT TRANSACTION", connection);
                    command.ExecuteNonQuery();
                    fBeginTransCalled = false;

                    if (returnValue == 1)
                    {
                        return;
                    }
                    throw new ProviderException("Unknown provider failure");
                }
                catch (Exception e)
                {
                    if (fBeginTransCalled)
                    {
                        try
                        {
                            OleDbCommand command = new OleDbCommand("ROLLBACK TRANSACTION", connection);
                            command.ExecuteNonQuery();
                        }
                        catch { }
                    }
                    throw AccessConnectionHelper.GetBetterException(e, holder);
                }
                finally
                {
                    holder.Close();
                }
            }
            catch
            {
                throw;
            }
        }
Пример #14
0
        /////////////////////////////////////////////////////////////////////////////
        /////////////////////////////////////////////////////////////////////////////
        /////////////////////////////////////////////////////////////////////////////
        /////////////////////////////////////////////////////////////////////////////
        // Mangement APIs from ProfileProvider class

        public override int DeleteProfiles(ProfileInfoCollection profiles)
        {
            if (profiles == null)
            {
                throw new ArgumentNullException("profiles");
            }
            if (profiles.Count < 1)
            {
                throw new ArgumentException("Profiles collection is empty", "profiles");
            }
            foreach (ProfileInfo pi in profiles)
            {
                string username = pi.UserName;
                SecUtility.CheckParameter(ref username, true, true, true, 255, "UserName");
            }
            try
            {
                AccessConnectionHolder holder = AccessConnectionHelper.GetConnection(_DatabaseFileName, true);
                bool fBeginTransCalled        = false;
                int  numDeleted = 0;
                try
                {
                    OleDbCommand cmd = new OleDbCommand("BEGIN TRANSACTION", holder.Connection);
                    cmd.ExecuteNonQuery();
                    fBeginTransCalled = true;
                    int appId = GetApplicationId(holder);
                    foreach (ProfileInfo profile in profiles)
                    {
                        if (DeleteProfile(holder, profile.UserName.Trim(), appId))
                        {
                            numDeleted++;
                        }
                    }
                    cmd = new OleDbCommand("COMMIT TRANSACTION", holder.Connection);
                    cmd.ExecuteNonQuery();
                    fBeginTransCalled = false;
                }
                catch (Exception e)
                {
                    throw AccessConnectionHelper.GetBetterException(e, holder);
                }
                finally
                {
                    if (fBeginTransCalled)
                    {
                        try
                        {
                            OleDbCommand command = new OleDbCommand("ROLLBACK TRANSACTION", holder.Connection);
                            command.ExecuteNonQuery();
                        }
                        catch { }
                    }
                    holder.Close();
                }
                return(numDeleted);
            }
            catch
            {
                throw;
            }
        }
Пример #15
0
        //////////////////////////////////////////////////////////////////////
        //////////////////////////////////////////////////////////////////////
        //////////////////////////////////////////////////////////////////////

        public override void AddUsersToRoles(string[] usernames, string[] roleNames)
        {
            SecUtility.CheckArrayParameter(ref roleNames, true, true, true, 255, "roleNames");
            SecUtility.CheckArrayParameter(ref usernames, true, true, true, 255, "usernames");

            AccessConnectionHolder holder     = AccessConnectionHelper.GetConnection(_DatabaseFileName, true);
            OleDbConnection        connection = holder.Connection;
            bool fBeginTransCalled            = false;

            try
            {
                try
                {
                    int   appId   = GetApplicationId(holder);
                    int[] userIds = new int[usernames.Length];
                    int[] roleIds = new int[roleNames.Length];

                    OleDbCommand command;

                    for (int iterR = 0; iterR < roleNames.Length; iterR++)
                    {
                        roleIds[iterR] = GetRoleId(connection, appId, roleNames[iterR]);
                        if (roleIds[iterR] == 0)
                        {
                            throw new ProviderException("Provider role not found: " + roleNames[iterR]);
                        }
                    }
                    for (int iterU = 0; iterU < usernames.Length; iterU++)
                    {
                        userIds[iterU] = AccessConnectionHelper.GetUserID(connection, appId, usernames[iterU], false);
                    }
                    command = new OleDbCommand("BEGIN TRANSACTION", connection);
                    command.ExecuteNonQuery();
                    fBeginTransCalled = true;

                    for (int iterU = 0; iterU < usernames.Length; iterU++)
                    {
                        if (userIds[iterU] == 0)
                        {
                            continue;
                        }
                        for (int iterR = 0; iterR < roleNames.Length; iterR++)
                        {
                            command = new OleDbCommand(@"SELECT UserId FROM aspnet_UsersInRoles WHERE UserId = @UserId AND RoleId = @RoleId", connection);
                            command.Parameters.Add(new OleDbParameter("@UserId", userIds[iterU]));
                            command.Parameters.Add(new OleDbParameter("@RoleId", roleIds[iterR]));

                            object result = command.ExecuteScalar();
                            if (result != null && (result is int) && ((int)result) == userIds[iterU])
                            { // Exists!
                                throw new ProviderException("The user " + usernames[iterU] + " is already in role " + roleNames[iterR]);
                            }
                        }
                    }

                    for (int iterU = 0; iterU < usernames.Length; iterU++)
                    {
                        if (userIds[iterU] == 0)
                        {
                            userIds[iterU] = AccessConnectionHelper.GetUserID(connection, appId, usernames[iterU], true);
                        }
                        if (userIds[iterU] == 0)
                        {
                            throw new ProviderException("User not found: " + usernames[iterU]);
                        }
                    }
                    for (int iterU = 0; iterU < usernames.Length; iterU++)
                    {
                        for (int iterR = 0; iterR < roleNames.Length; iterR++)
                        {
                            command = new OleDbCommand(@"INSERT INTO aspnet_UsersInRoles (UserId, RoleId) VALUES(@UserId, @RoleId)", connection);
                            command.Parameters.Add(new OleDbParameter("@UserId", userIds[iterU]));
                            command.Parameters.Add(new OleDbParameter("@RoleId", roleIds[iterR]));
                            if (command.ExecuteNonQuery() != 1)
                            {
                                throw new ProviderException("Unknown provider failure");
                            }
                        }
                    }
                    command = new OleDbCommand("COMMIT TRANSACTION", connection);
                    command.ExecuteNonQuery();
                }
                catch (Exception e)
                {
                    try
                    {
                        if (fBeginTransCalled)
                        {
                            OleDbCommand command = new OleDbCommand("ROLLBACK TRANSACTION", connection);
                            command.ExecuteNonQuery();
                        }
                    }
                    catch { }
                    throw AccessConnectionHelper.GetBetterException(e, holder);
                }
                finally
                {
                    holder.Close();
                }
            }
            catch
            {
                throw;
            }
        }
Пример #16
0
        //////////////////////////////////////////////////////////////////////
        //////////////////////////////////////////////////////////////////////
        //////////////////////////////////////////////////////////////////////

        public override bool DeleteRole(string roleName, bool throwOnPopulatedRole)
        {
            SecUtility.CheckParameter(ref roleName, true, true, true, 255, "roleName");
            AccessConnectionHolder holder     = AccessConnectionHelper.GetConnection(_DatabaseFileName, true);
            OleDbConnection        connection = holder.Connection;
            bool fBeginTransCalled            = false;

            try
            {
                try
                {
                    int          appId = GetApplicationId(holder);
                    OleDbCommand command;
                    int          roleId = GetRoleId(connection, appId, roleName);

                    if (roleId == 0)
                    {
                        return(false);
                    }

                    if (throwOnPopulatedRole)
                    {
                        command = new OleDbCommand(@"SELECT COUNT(*) " +
                                                   @"FROM aspnet_UsersInRoles ur, aspnet_Users u " +
                                                   @"WHERE ur.RoleId = @RoleId AND ur.UserId = u.UserId", connection);

                        command.Parameters.Add(new OleDbParameter("@RoleId", roleId));
                        object num = command.ExecuteScalar();
                        if (!(num is int) || ((int)num) != 0)
                        {
                            throw new ProviderException("Role is not empty");
                        }
                    }

                    command = new OleDbCommand("BEGIN TRANSACTION", connection);
                    command.ExecuteNonQuery();
                    fBeginTransCalled = true;
                    command           = new OleDbCommand(@"DELETE FROM aspnet_Roles WHERE RoleId = @RoleId", connection);
                    command.Parameters.Add(new OleDbParameter("@RoleId", roleId));
                    int returnValue = command.ExecuteNonQuery();
                    command = new OleDbCommand("COMMIT TRANSACTION", connection);
                    command.ExecuteNonQuery();
                    fBeginTransCalled = false;

                    return(returnValue == 1);
                }
                catch (Exception e)
                {
                    if (fBeginTransCalled)
                    {
                        try
                        {
                            OleDbCommand command = new OleDbCommand("ROLLBACK TRANSACTION", connection);
                            command.ExecuteNonQuery();
                        }
                        catch { }
                    }
                    throw AccessConnectionHelper.GetBetterException(e, holder);
                }
                finally
                {
                    holder.Close();
                }
            }
            catch
            {
                throw;
            }
        }