1 2006-05-03 Chris Toshok <toshok@ximian.com>
3 * SqlMembershipProvider.cs (GetAlg): move this here for the time
4 being, as it's the only class that uses it.
5 (HashAndBase64Encode): nuke.
6 (EncryptAndBase64Encode): nuke.
7 (Base64DecodeAndDecrypt): nuke.
8 (DecryptPassword): new function.
9 (EncryptPassword): new function.
10 (ChangePassword): replace the switch with a call to
12 (ChangePasswordQuestionAndAnswer): same.
14 (ResetPassword): same.
15 (ValidateUsingPassword): same.
16 (ValidateUsingPasswordAnswer): same.
17 (GetPassword): same, and throw MembershipPasswordException if the
18 password answer is incorrect.
20 * MembershipProvider.cs (InitVector): nuke this. it's actually
21 the salt from the database (for the sql provider, anyway).
22 (EncodePassword): based on the password format, password, and
23 salt, encode it. Makes use of EncryptPassword.
24 (DecodePassword): likewise for decoding, makes use of
26 (DecryptPassword): revert this to throwing
27 NotImplementedException, as the sql provideroverrides it to
28 perform the actual decryption.
29 (EncryptPassword): same.
31 2006-05-02 Chris Toshok <toshok@ximian.com>
33 * SqlMembershipProvider.cs: 85% complete, maybe more. The major
34 functionality should work. Password retrieval (and encrypted
35 passwords in general) is untested.
37 2006-05-01 Chris Toshok <toshok@ximian.com>
39 * Membership.cs (GeneratePassword): don't include quotes (',",`)
40 in the set of characters in the generated passwords.
42 2006-05-01 Chris Toshok <toshok@ximian.com>
44 * MembershipProvider.cs (GetAlg): switch from Exception to
45 ProviderException to match MS behavior (and fix the unit test.)
47 * Membership.cs (GeneratePassword): implement.
49 2006-05-01 Chris Toshok <toshok@ximian.com>
51 * SqlMembershipProvider.cs: lots more work. checking this in in
52 its present state because I don't want to lose it. It still needs
55 * Membership.cs (.cctor): remove the fallback.
56 (ValidatingPassword): remove the MonoTODO.
58 * MembershipProvider.cs (DecryptPassword): implement.
59 (EncryptPassword): implement.
60 (GetAlg): helper function for Decrypt/EncryptPassword.
63 2006-04-27 Chris Toshok <toshok@ximian.com>
65 * SqlMembershipProvider.cs (GeneratePassword): call
66 Membership.GeneratePassword with the configured minimum strength
69 2006-04-27 Chris Toshok <toshok@ximian.com>
71 * SqlMembershipProvider.cs (UnlockUser): fix sql query, and move
72 the CheckPararm call to the top of the method.
74 2006-04-12 Chris Toshok <toshok@ximian.com>
76 * SqlMembershipProvider.cs: commit initial pass at
77 SqlMembershipProvider work. lots of stuff untested in here.
79 2006-04-11 Chris Toshok <toshok@ximian.com>
81 * MembershipUser.cs (.ctor): per Shackow's book, all DateTime's
82 are converted using ToUniversalTime when passed into this class.
83 (UpdateSelf): update ourselves from the passed in MembershipUser,
84 swallowing NotSupportedExceptions.
85 (UpdateUser): fetch a new MembershipUser from the db and call
87 (ChangePassword): call UpdateUser after changing the password.
88 (ChangePasswordQuestionAndAnswer): same.
89 (ResetPassword): same.
90 (UnlockUser): same. Also, don't explicitly set isLockedOut.
91 It'll be updated in UpdateSelf.
92 (CreationDate): getter calls ToLocalTime, setter calls
94 (LastActivityDate): same.
95 (LastLoginDate): same.
96 (LastPasswordChangedDate): same.
97 (LastLockoutDate): same.
99 * Membership.cs (.cctor): use
100 ProvidersHelper.InstantitateProviders, and remove some unnecessary
103 2006-03-29 Chris Toshok <toshok@ximian.com>
105 * SqlRoleProvider.cs: do the LOWER's in SQL, not in C#.
107 2006-03-23 Chris Toshok <toshok@ximian.com>
109 * Roles.cs: make this 2.0 configuration aware.
111 * SqlRoleProvider.cs: flesh out all the operations. the only
112 things that need dealing with are the Initialize method's handling
113 of a few parameters, and the ApplicationName property.
115 2006-03-23 Chris Toshok <toshok@ximian.com>
117 * DefaultAuthenticationModule.cs (OnDefaultAuthentication): always
118 set Thread.CurrentPrincipal, not just if we set it to the
121 2006-03-22 Chris Toshok <toshok@ximian.com>
123 * RoleManagerModule.cs: implement using info in Shackow's book.
125 * RolePrincipal.cs: flesh this out a bit more.
127 * DefaultAuthenticationModule.cs (OnDefaultAuthentication):
128 according to Shackow's book, this sets Thread.CurrentPrincipal as
129 well as HttpContext.Current.User.
131 2006-02-28 Chris Toshok <toshok@ximian.com>
133 * FormsAuthentication.cs: corcompare work.
135 * MembershipCreateUserException.cs: same.
137 * MembershipPasswordException.cs: same.
139 * AnonymousIdentificationModule.cs: same.
141 2006-02-01 Chris Toshok <toshok@ximian.com>
143 * FormsAuthentication.cs, Membership.cs,
144 FormsAuthenticationModule.cs, UrlAuthorizationModule.cs: oops,
145 replace GetWebApplicationSection with GetSection.
147 2006-02-01 Chris Toshok <toshok@ximian.com>
149 * FormsAuthentication.cs: CONFIGURATION_2_0 => NET_2_0.
150 simplifies the ifdef mess quite a bit.
152 * Membership.cs: same.
154 * FormsAuthenticationModule.cs: same.
156 * UrlAuthorizationModule.cs: same.
158 2006-01-04 Chris Toshok <toshok@ximian.com>
160 * FormsAuthentication.cs (Authenticate): add CONFIGURATION_2_0
167 2006-01-04 Chris Toshok <toshok@ximian.com>
169 * Membership.cs (.cctor): enable the code here under
172 2006-01-03 Chris Toshok <toshok@ximian.com>
174 * UrlAuthorizationModule.cs (OnAuthorizeRequest): add
175 CONFIGURATION_2_0 code here.
177 2005-12-22 Gonzalo Paniagua Javier <gonzalo@ximian.com>
179 * FormsAuthentication.cs: don't end the request in
180 RedirectFromLoginPage.
182 2005-12-22 Gonzalo Paniagua Javier <gonzalo@ximian.com>
184 * FormsAuthenticationModule.cs: expire the cookie. Fixes bug #77043.
185 Patch by Cyrille Colin.
187 2005-12-13 Gonzalo Paniagua Javier <gonzalo@ximian.com>
189 * FormsAuthenticationModule.cs: ignore any exception thrown when mapping
190 the provided virtual path to the physical one. Patch by Cyrille Colin.
192 2005-11-28 Chris Toshok <toshok@ximian.com>
194 * FormsAuthenticationModule.cs (OnAuthenticateRequest):
195 CONFIGURATION_2_0 work.
196 (OnEndRequest): same.
198 2005-09-09 Sebastien Pouliot <sebastien@ximian.com>
200 * DefaultAuthenticationEventArgs.cs: Added LinkDemand for Minimal.
201 * DefaultAuthenticationModule.cs: Added LinkDemand for Minimal. Added
202 Demand for UnmanagedCode on constructor.
203 * FileAuthorizationModule.cs: Added LinkDemand for Minimal. Added
204 Demand for UnmanagedCode on constructor.
205 * FormsAuthentication.cs: Added LinkDemand for Minimal.
206 * FormsAuthenticationEventArgs.cs: Added LinkDemand for Minimal.
207 * FormsAuthenticationModule.cs: Added LinkDemand for Minimal. Added
208 Demand for UnmanagedCode on constructor.
209 * FormsAuthenticationTicket.cs: Added LinkDemand for Minimal.
210 * FormsIdentity.cs: Added LinkDemand for Minimal.
211 * PassportAuthenticationEventArgs.cs: Added LinkDemand for Minimal.
212 * PassportAuthenticationModule.cs: Added LinkDemand for Minimal. Added
213 Demand for UnmanagedCode on constructor.
214 * PassportIdentity.cs: Added LinkDemand for Minimal. Added Demand for
215 UnmanagedCode on constructor.
216 * UrlAuthorizationModule.cs: Added LinkDemand for Minimal. Added
217 Demand for UnmanagedCode on constructor.
218 * WindowsAuthenticationEventArgs.cs: Added LinkDemand for Minimal.
219 * WindowsAuthenticationModule.cs: Added LinkDemand for Minimal. Added
220 Demand for UnmanagedCode on constructor.
222 2005-09-01 Sebastien Pouliot <sebastien@ximian.com>
224 * FormsAuthenticationEventArgs.cs: Ensure the setter for User is
225 protected by a demand for ControlPrincipal.
226 * PassportAuthenticationEventArgs.cs: Ensure the setter for User is
227 protected by a demand for ControlPrincipal.
228 * WindowsAuthenticationEventArgs.cs: Ensure the setter for User is
229 protected by a demand for ControlPrincipal.
231 2005-08-25 Sebastien Pouliot <sebastien@ximian.com>
233 * FormsAuthentication.cs: With 2.0 we can get the default properties
234 and call Initialize without a NRE.
236 2005-08-25 Sebastien Pouliot <sebastien@ximian.com>
238 * ActiveDirectoryConnectionProtection.cs: New (2.0) enum.
239 * ActiveDirectoryMembershipProvider.cs: Fixed 2.0 API.
240 * AnonymousIdentificationEventArgs.cs: Fixed AnonymousID property case.
241 * AnonymousIdentificationModule.cs: Fixed 2.0 API.
242 * FileAuthorizationModule.cs: Added static CheckFileAccessForUser in
244 * FormsAuthentication.cs: Added missing 2.0 properties with their
246 * MembershipCreateStatus.cs: Fixed enum values/names.
247 * MembershipProvider.cs: Added stub for [Decrypt|Encrypt]Password. Both
248 methods don't seems to work without an active provider.
249 * PassportIdentity.cs: Added IDispose for 2.0 profile.
250 * Roles.cs: Added missing beta2 bits and default values (which are the
251 only things working without a role provider (web.config).
252 * RolePrincipal.cs: Fixed 2.0 API. Implemented a few bits.
253 * SqlRoleProvider.cs: Fixed 2.0 API.
254 * UrlAuthorizationModule.cs: Added static CheckUrlAccessForPrincipal in
257 2005-08-24 Sebastien Pouliot <sebastien@ximian.com>
259 * MembershipUserCollection.cs: Fix exceptions.
261 2005-08-22 Sebastien Pouliot <sebastien@ximian.com>
263 * FormsAuthentication.cs: Add some 2.0 stuff required for Login*
266 2005-08-18 Sebastien Pouliot <sebastien@ximian.com>
268 * Membership.cs: Commented unworking parts of the .cctor to allow
269 testing the Login control.
270 * MembershipProviderCollection.cs: Fixed exception handling.
271 * SqlMembershipProvider.cs: Don't throw NotImplementedException
272 everywhere so Membership's .cctor (somewhat) works. Removed
273 Description property (not in beta2).
275 2005-07-28 Gonzalo Paniagua Javier <gonzalo@ximian.com>
277 * FormsAuthentication.cs: allow hardware acceleration support if
278 available. Sebastien dixit.
280 2005-07-26 Gonzalo Paniagua Javier <gonzalo@ximian.com>
282 * FormsAuthentication.cs: the init_vector must be the same accross
283 restarts, otherwise the cookie does not work even when a decryption
284 key is provided. Initialize it to the bytes of the cookie name. Fixes
287 2005-07-25 Eyal Alaluf <eyala@mainsoft.com>
289 * FormsAuthenticationModule.cs: Check for null config
291 2005-07-25 Miguel de Icaza <miguel@novell.com>
293 * FormsAuthentication.cs (SignOut): Force the cookie to have it
296 2005-07-25 Gonzalo Paniagua Javier <gonzalo@ximian.com>
298 * FormsAuthentication.cs: my previous patch missed a "small" detail: it
299 didn't include the verification key when computing/checking the
300 validation hash. Now this is really a MAC or HMAC or...
302 2005-07-25 Gonzalo Paniagua Javier <gonzalo@ximian.com>
304 * FormsAuthentication.cs:
305 * FormsAuthenticationTicket.cs: added support for validation and
306 encryption of the auth. cookie and improved serialization of the ticket.
308 2005-07-01 Lluis Sanchez Gual <lluis@novell.com>
310 * Membership.cs: Read provider info from the config file.
312 2005-06-10 Lluis Sanchez Gual <lluis@novell.com>
314 * MembershipUserCollection.cs:
315 * MembershipPasswordException.cs:
316 * RoleProviderCollection.cs:
317 * ActiveDirectoryMembershipProvider.cs:
318 * SqlMembershipProvider.cs:
319 * MembershipProvider.cs:
320 * SqlRoleProvider.cs:
323 * MembershipProviderCollection.cs:
325 * RoleProvider.cs: Track api changes in ASP.NET 2.0. Implemented
326 some missing methods.
328 * AccessRoleProvider.cs:
329 * AccessMembershipProvider.cs: Removed.
331 * MembershipCreateUserException.cs:
332 * MembershipValidatePasswordEventHandler.cs:
333 * ValidatePasswordEventArgs.cs: Implemented.
335 2005-05-21 Sebastien Pouliot <sebastien@ximian.com>
337 * FormsAuthentication.cs: Hash the UTF8 representation of the password
338 strings (to be compatible with Microsoft implementation).
340 2005-04-20 Gonzalo Paniagua Javier <gonzalo@ximian.com>
342 * FormsAuthentication.cs:
343 * PassportAuthenticationModule.cs:
344 * WindowsAuthenticationModule.cs: removed warnings.
346 2005-03-11 Gonzalo Paniagua Javier <gonzalo@ximian.com>
348 * FormsAuthenticationModule.cs: fix for bug 73545, which caused
349 authentication not to work when the cookie was not persistent.
350 Patch by Ilya Kharmatsky (Mainsoft).
352 2005-02-23 Gonzalo Paniagua Javier <gonzalo@ximian.com>
354 * FormsAuthentication.cs: make the string to be stored in a config.
355 file uppercase... See bug #72557.
357 2005-02-06 Gonzalo Paniagua Javier <gonzalo@ximian.com>
359 * FormsAuthentication.cs: fixed typo when getting the hash for the
360 password in SHA1 and MD5. Thanks to Tadas Dailyda.
361 Lock on a static object instead of typeof(FormsAuthentication).
363 2004-11-18 Lluis Sanchez Gual <lluis@novell.com>
365 * RoleProvider.cs, Roles.cs, SqlRoleProvider.cs, RoleProviderCollection.cs,
366 AccessRoleProvider.cs: IRoleProvider has been renamed to ProviderBase.
367 * IMembershipProvider.cs: Deleted.
368 * MembershipProvider.cs, AccessMembershipProvider.cs, MembershipUser.cs,
369 Membership.cs, ADMembershipProvider.cs, SqlMembershipProvider.cs
370 MembershipProviderCollection.cs: MembershipProvider has been deleted
371 and replaced by the abstract class MembershipProvider.
372 * MembershipProviderCollection.cs: Minor fixes.
373 * ADMembershipProvider.cs: Renamed to ActiveDirectoryMembershipProvider.cs.
375 2004-11-15 Lluis Sanchez Gual <lluis@novell.com>
377 * RoleProviderCollection.cs, MembershipProviderCollection.cs:
380 2004-08-23 Gonzalo Paniagua Javier <gonzalo@ximian.com>
382 * FormsAuthentication.cs: patch by Jim Pease to fix the date on renewal.
384 2004-08-22 Gonzalo Paniagua Javier <gonzalo@ximian.com>
386 * FormsAuthenticationModule.cs: don't renew expired cookies. Only renew
387 the cookie if SlidingExpiration is set. Thanks to Jim Pease.
389 2004-08-03 Sanjay Gupta <gsanjay@novell.com>
391 * MembershipSortOptions.cs:
392 * MembershipPasswordFormat.cs:
393 * MembershipOnlineStatus.cs:
394 * MembershipCreateStatus.cs:
395 * CookieProtection.cs: minor modifications.
397 2004-06-12 Pedro Martnez Juli <yoros@wanadoo.es>
399 * FormsAuthentication.cs: Undo last change.
401 2004-06-12 Pedro Martnez Juli <yoros@wanadoo.es>
403 * FormsAuthentication.cs: go to loginUrl from web.config settings
404 before try with the default ones.
406 2004-06-11 Gonzalo Paniagua Javier <gonzalo@ximian.com>
408 * DefaultAuthenticationModule.cs: set the IPrincipal for this thread
409 once we have a user. Fixes bug #59683.
411 2004-04-21 Gonzalo Paniagua Javier <gonzalo@ximian.com>
413 * FormsAuthenticationModule.cs: re-read configuration files if needed
414 when determining if forms auth. is used.
416 2004-01-23 Gonzalo Paniagua Javier <gonzalo@ximian.com>
418 * FormsAuthentication.cs: added RequireSSL and SlidingExpiration.
420 2004-01-11 Andreas Nahr <ClassDevelopment@A-SoftTech.com>
422 * PassportIdentity.cs: Added v 1.1 members
424 2003-11-25 Ben Maurer <bmaurer@users.sourceforge.net>
426 * AccessMembershipProvider.cs: New v2 file
427 * AccessRoleProvider.cs: New v2 file
428 * ADMembershipProvider.cs: New v2 file
429 * AnonymousIdentificationEventArgs.cs: New v2 file
430 * AnonymousIdentificationEventHandler.cs: New v2 file
431 * AnonymousIdentificationModule.cs: New v2 file
432 * CookieProtection.cs: New v2 file
433 * IMembershipProvider.cs: New v2 file
434 * IRoleProvider.cs: New v2 file
435 * Membership.cs: New v2 file
436 * MembershipCreateStatus.cs: New v2 file
437 * MembershipCreateUserException.cs: New v2 file
438 * MembershipOnlineStatus.cs: New v2 file
439 * MembershipPasswordException.cs: New v2 file
440 * MembershipPasswordFormat.cs: New v2 file
441 * MembershipProviderCollection.cs: New v2 file
442 * MembershipSortOptions.cs: New v2 file
443 * MembershipUser.cs: New v2 file
444 * MembershipUserCollection.cs: New v2 file
445 * RoleManagerEventArgs.cs: New v2 file
446 * RoleManagerEventHandler.cs: New v2 file
447 * RoleManagerModule.cs: New v2 file
448 * RolePrincipal.cs: New v2 file
449 * RoleProviderCollection.cs: New v2 file
450 * Roles.cs: New v2 file
451 * SqlMembershipProvider.cs: New v2 file
452 * SqlRoleProvider.cs: New v2 file
454 2003-11-05 Gonzalo Paniagua Javier <gonzalo@ximian.com>
456 * FormsAuthentication.cs: encoding updates.
458 2003-10-04 Gonzalo Paniagua Javier <gonzalo@ximian.com>
460 * FormsAuthenticationModule.cs: fixed for applications other than /.
462 2003-08-27 Gonzalo Paniagua Javier <gonzalo@ximian.com>
464 * UrlAuthorizationModule.cs: fixed description for status code.
466 2003-07-31 Gonzalo Paniagua Javier <gonzalo@ximian.com>
468 * FormsAuthenticationModule.cs: really renew the ticket. Thanks to
469 Jens Thiel <Jens@Thiel.DE>.
471 2003-02-13 Gonzalo Paniagua Javier <gonzalo@ximian.com>
473 * UrlAuthorizationModule.cs: tell the application not to run any other
474 step apart from EndRequest.
476 2003-02-12 Gonzalo Paniagua Javier <gonzalo@ximian.com>
478 * FormsAuthentication.cs: implemented RedirectFromLoginPage and
481 * FormsAuthenticationModule.cs: redirect to the login page when a 401
484 * UrlAuthorizationModule.cs: check for valid user or render error page.
486 2003-01-04 Gonzalo Paniagua Javier <gonzalo@ximian.com>
488 * DefaultAuthenticationModule.cs: implemented. It just create a default
489 unauthenticated user when no one else provided one.
491 * FormsAuthenticationModule.cs: removed debug output.
493 2002-12-20 Gonzalo Paniagua Javier <gonzalo@ximian.com>
495 * FormsAuthenticationModule.cs: remove debug lines.
497 2002-12-19 Gonzalo Paniagua Javier <gonzalo@ximian.com>
499 * FormsAuthentication.cs: return a null ticket when an exception is
500 thrown creating it. Implemented RenewTicketIfOld.
502 * FormsAuthenticationModule.cs: implemented event handlers for
503 AuthenticateRequest and EndRequest.
505 * FormsAuthenticationTicket.cs: implemented SetDates and Clone methods.
507 2002-12-18 Gonzalo Paniagua Javier <gonzalo@ximian.com>
509 * FormsAuthentication.cs: implemented GetAuthCookie, SetAuthCookie,
510 SignOut, FormsCookieName and FormsCookiePath.
512 2002-12-17 Gonzalo Paniagua Javier <gonzalo@ximian.com>
514 * FormsAuthentication.cs: implemented Authenticate, unencrypted Encrypt
515 and Decrypt, HashPasswordForStoringInConfigFile and Initialize.
517 * FormsAuthenticationTicket.cs: set cookiePath to the default when no
520 2002-08-26 Gonzalo Paniagua Javier <gonzalo@ximian.com>
522 * DefaultAuthenticationEventHandler.cs:
523 * DefaultAuthenticationModule.cs:
524 * FileAuthorizationModule.cs:
525 * FormsAuthentication.cs:
526 * FormsAuthenticationEventArgs.cs:
527 * FormsAuthenticationEventHandler.cs:
528 * FormsAuthenticationModule.cs:
529 * FormsAuthenticationTicket.cs:
531 * PassportAuthenticationEventArgs.cs:
532 * PassportAuthenticationEventHandler.cs:
533 * PassportAuthenticationModule.cs:
534 * PassportIdentity.cs:
535 * UrlAuthorizationModule.cs:
536 * WindowsAuthenticationEventArgs.cs:
537 * WindowsAuthenticationEventHandler.cs:
538 * WindowsAuthenticationModule.cs: new files. Some of them implemented,
539 some others stubbed out.
541 2002-06-03 Gonzalo Paniagua Javier <gonzalo@ximian.com>
543 * DefaultAuthenticationEventArgs.cs: added file.