internal static ClientData GetUserClientData(string username, bool useIsolatedStore) { if (username != _curUserName) { _curUserName = username; _userClientData = ClientData.Load(username, useIsolatedStore); } return _userClientData; }
internal static ClientData GetAppClientData(bool useIsolatedStore) { if (_applicationClientData == null) _applicationClientData = ClientData.Load(null, useIsolatedStore); return _applicationClientData; }
internal static ClientData Load(string username, bool useIsolatedStorage) { ClientData cd = null; string fileName = null; if (useIsolatedStorage) { fileName = _IsolatedDir + "\\" + SqlHelper.GetPartialDBFileName(username, ".clientdata"); try { using(IsolatedStorageFile f = IsolatedStorageFile.GetUserStoreForAssembly()) { using(IsolatedStorageFileStream fs = new IsolatedStorageFileStream(fileName, FileMode.Open, f)) { using (XmlReader xr = XmlReader.Create(fs)) { cd = new ClientData(xr); } } } } catch {} // ignore exceptions } else { fileName = SqlHelper.GetFullDBFileName(username, ".clientdata"); try { if (File.Exists(fileName)) { using (FileStream fs = new FileStream(fileName, FileMode.Open, FileAccess.Read)) { using (XmlReader xr = XmlReader.Create(fs)) { cd = new ClientData(xr); } } } } catch {} // ignore exceptions } if (cd == null) cd = new ClientData(); cd.UsingIsolatedStorage = useIsolatedStorage; cd.FileName = fileName; return cd; }
///////////////////////////////////////////////////////////////////////////////// ///////////////////////////////////////////////////////////////////////////////// ///////////////////////////////////////////////////////////////////////////////// private bool GetRolesFromDBForUser(string username) { _Roles = null; _CacheExpiryDate = DateTime.UtcNow; _CurrentUser = username; // if (MustAssertForSql) // (new PermissionSet(PermissionState.Unrestricted)).Assert(); if (_UsingFileSystemStore || _UsingIsolatedStore) { ClientData cd = ClientDataManager.GetUserClientData(username, _UsingIsolatedStore); if (cd.Roles == null) { return(false); } _Roles = cd.Roles; _CacheExpiryDate = cd.RolesCachedDateUtc.AddMinutes(_CacheTimeout); if (!ConnectivityStatus.IsOffline && _CacheExpiryDate < DateTime.UtcNow) // expired roles { return(false); } return(true); } using (DbConnection conn = SqlHelper.GetConnection(_CurrentUser, _ConnectionString, _ConnectionStringProvider)) { DbTransaction trans = null; try { trans = conn.BeginTransaction(); DbCommand cmd = conn.CreateCommand(); cmd.Transaction = trans; cmd.CommandText = "SELECT PropertyValue FROM UserProperties WHERE PropertyName = @RolesCachedDate"; SqlHelper.AddParameter(conn, cmd, "@RolesCachedDate", "RolesCachedDate_" + _CurrentUser); string date = cmd.ExecuteScalar() as string; if (date == null) // not cached { return(false); } long filetime = long.Parse(date, CultureInfo.InvariantCulture); _CacheExpiryDate = DateTime.FromFileTimeUtc(filetime).AddMinutes(_CacheTimeout); if (!ConnectivityStatus.IsOffline && _CacheExpiryDate < DateTime.UtcNow) // expired roles { return(false); } cmd = conn.CreateCommand(); cmd.Transaction = trans; cmd.CommandText = "SELECT RoleName FROM Roles WHERE UserName = @UserName ORDER BY RoleName"; SqlHelper.AddParameter(conn, cmd, "@UserName", _CurrentUser); ArrayList al = new ArrayList(); using (DbDataReader reader = cmd.ExecuteReader()) { while (reader.Read()) { al.Add(reader.GetString(0)); } } _Roles = new string[al.Count]; for (int iter = 0; iter < al.Count; iter++) { _Roles[iter] = (string)al[iter]; } return(true); } catch { if (trans != null) { trans.Rollback(); trans = null; } throw; } finally { if (trans != null) { trans.Commit(); } } } }
///////////////////////////////////////////////////////////////////////////////// ///////////////////////////////////////////////////////////////////////////////// ///////////////////////////////////////////////////////////////////////////////// private void StoreHashedPasswordInDB(string username, string password) { if (!_SavePasswordHash) { return; } // if (MustAssertForSql) // (new PermissionSet(PermissionState.Unrestricted)).Assert(); byte[] buf = new byte[16]; (new RNGCryptoServiceProvider()).GetBytes(buf); string passwordSalt = Convert.ToBase64String(buf); string passwordHash = EncodePassword(password, buf); if (_UsingFileSystemStore || _UsingIsolatedStore) { ClientData cd = ClientDataManager.GetUserClientData(username, _UsingIsolatedStore); cd.PasswordHash = passwordHash; cd.PasswordSalt = passwordSalt; cd.Save(); return; } using (DbConnection conn = SqlHelper.GetConnection(username, _ConnectionString, _ConnectionStringProvider)) { DbTransaction trans = null; DbCommand cmd = null; try { trans = conn.BeginTransaction(); cmd = conn.CreateCommand(); cmd.CommandText = "DELETE FROM UserProperties WHERE PropertyName = @PasswordHashName"; SqlHelper.AddParameter(conn, cmd, "@PasswordHashName", "PasswordHash_" + username); cmd.Transaction = trans; cmd.ExecuteNonQuery(); cmd = conn.CreateCommand(); cmd.CommandText = "DELETE FROM UserProperties WHERE PropertyName = @PasswordSaltName"; SqlHelper.AddParameter(conn, cmd, "@PasswordSaltName", "PasswordSalt_" + username); cmd.Transaction = trans; cmd.ExecuteNonQuery(); cmd = conn.CreateCommand(); cmd.CommandText = "INSERT INTO UserProperties(PropertyName, PropertyValue) VALUES (@PasswordHashName, @PasswordHashValue)"; SqlHelper.AddParameter(conn, cmd, "@PasswordHashName", "PasswordHash_" + username); SqlHelper.AddParameter(conn, cmd, "@PasswordHashValue", passwordHash); cmd.Transaction = trans; cmd.ExecuteNonQuery(); cmd = conn.CreateCommand(); cmd.CommandText = "INSERT INTO UserProperties(PropertyName, PropertyValue) VALUES (@PasswordSaltName, @PasswordSaltValue)"; SqlHelper.AddParameter(conn, cmd, "@PasswordSaltName", "PasswordSalt_" + username); SqlHelper.AddParameter(conn, cmd, "@PasswordSaltValue", passwordSalt); cmd.Transaction = trans; cmd.ExecuteNonQuery(); } catch { if (trans != null) { trans.Rollback(); trans = null; } throw; } finally { if (trans != null) { trans.Commit(); } } } }
///////////////////////////////////////////////////////////////////////////// ///////////////////////////////////////////////////////////////////////////// ///////////////////////////////////////////////////////////////////////////// private void SetPropertyValuesSQL(SettingsPropertyValueCollection values, bool updateSaveTime) { string username = Thread.CurrentPrincipal.Identity.Name; if (_UsingFileSystemStore || _UsingIsolatedStore) { ClientData cd = ClientDataManager.GetUserClientData(username, _UsingIsolatedStore); cd.SettingsNames = new string[values.Count]; cd.SettingsStoredAs = new string[values.Count]; cd.SettingsValues = new string[values.Count]; int iter = 0; foreach (SettingsPropertyValue value in values) { cd.SettingsNames[iter] = value.Property.Name; object val = value.SerializedValue; if (val == null) { cd.SettingsStoredAs[iter] = "N"; } else if (val is string) { cd.SettingsStoredAs[iter] = "S"; cd.SettingsValues[iter] = (string)val; } else { cd.SettingsStoredAs[iter] = "B"; cd.SettingsValues[iter] = Convert.ToBase64String((byte[])val); } iter++; } if (updateSaveTime) { cd.SettingsCacheIsMoreFresh = true; } cd.Save(); return; } using (DbConnection conn = SqlHelper.GetConnection(username, GetConnectionString(), _ConnectionStringProvider)) { DbTransaction trans = null; try { trans = conn.BeginTransaction(); foreach (SettingsPropertyValue value in values) { DbCommand cmd = conn.CreateCommand(); cmd.Transaction = trans; cmd.CommandText = "DELETE FROM Settings WHERE PropertyName = @PropName"; SqlHelper.AddParameter(conn, cmd, "@PropName", value.Property.Name); cmd.ExecuteNonQuery(); cmd = conn.CreateCommand(); cmd.Transaction = trans; object val = value.SerializedValue; if (val == null) { cmd.CommandText = "INSERT INTO Settings (PropertyName, PropertyStoredAs, PropertyValue) VALUES (@PropName, 'N', '')"; SqlHelper.AddParameter(conn, cmd, "@PropName", value.Property.Name); } else if (val is string) { cmd.CommandText = "INSERT INTO Settings (PropertyName, PropertyStoredAs, PropertyValue) VALUES (@PropName, 'S', @PropVal)"; SqlHelper.AddParameter(conn, cmd, "@PropName", value.Property.Name); SqlHelper.AddParameter(conn, cmd, "@PropVal", (string)val); } else { cmd.CommandText = "INSERT INTO Settings (PropertyName, PropertyStoredAs, PropertyValue) VALUES (@PropName, 'B', @PropVal)"; SqlHelper.AddParameter(conn, cmd, "@PropName", value.Property.Name); SqlHelper.AddParameter(conn, cmd, "@PropVal", Convert.ToBase64String((byte[])val)); } cmd.ExecuteNonQuery(); } } catch { if (trans != null) { trans.Rollback(); trans = null; } throw; } finally { if (trans != null) { trans.Commit(); } } } if (updateSaveTime) { SetIsCacheMoreFresh(true); } }