1 2006-08-29 Konstantin Triger <kostat@mainsoft.com>
3 * SqlMembershipProvider.cs: fix dispose order of reader vs connection.
5 2006-08-28 Igor Zelmanovich <igorz@mainsoft.com>
7 * SqlMembershipProvider.cs: fixed CreateUser, parameter isApproved is
10 2006-08-28 Konstantin Triger <kostat@mainsoft.com>
12 * SqlMembershipProvider.cs: ensure GetUser() returns null if it cannot
13 retrieve user information.
15 2006-08-28 Konstantin Triger <kostat@mainsoft.com>
17 * SqlRoleProvider.cs, SqlMembershipProvider.cs:
18 "use SqlClientFactory in case the ProviderName is not specified.
20 2006-08-27 Konstantin Triger <kostat@mainsoft.com>
22 * SqlRoleProvider.cs: enable concurrent usage, refactoring.
24 2006-08-27 Konstantin Triger <kostat@mainsoft.com>
26 * SqlMembershipProvider.cs: enable concurrent usage, refactoring.
28 2006-08-27 Vladimir Krasnov <vladimirk@mainsoft.com>
30 * SqlMembershipProvider.cs: fixed ValidateUser, bug when user
33 2006-08-14 Gonzalo Paniagua Javier <gonzalo@ximian.com>
35 * FormsAuthentication.cs: set the Secure attribute of the authentication
38 2006-07-06 Konstantin Triger <kostat@mainsoft.com>
40 * FormsAuthentication.cs: Ensure initialized, fix url mapping.
42 2006-05-03 Chris Toshok <toshok@ximian.com>
44 * SqlMembershipProvider.cs (GetAlg): move this here for the time
45 being, as it's the only class that uses it.
46 (HashAndBase64Encode): nuke.
47 (EncryptAndBase64Encode): nuke.
48 (Base64DecodeAndDecrypt): nuke.
49 (DecryptPassword): new function.
50 (EncryptPassword): new function.
51 (ChangePassword): replace the switch with a call to
53 (ChangePasswordQuestionAndAnswer): same.
55 (ResetPassword): same.
56 (ValidateUsingPassword): same.
57 (ValidateUsingPasswordAnswer): same.
58 (GetPassword): same, and throw MembershipPasswordException if the
59 password answer is incorrect.
61 * MembershipProvider.cs (InitVector): nuke this. it's actually
62 the salt from the database (for the sql provider, anyway).
63 (EncodePassword): based on the password format, password, and
64 salt, encode it. Makes use of EncryptPassword.
65 (DecodePassword): likewise for decoding, makes use of
67 (DecryptPassword): revert this to throwing
68 NotImplementedException, as the sql provideroverrides it to
69 perform the actual decryption.
70 (EncryptPassword): same.
72 2006-05-02 Chris Toshok <toshok@ximian.com>
74 * SqlMembershipProvider.cs: 85% complete, maybe more. The major
75 functionality should work. Password retrieval (and encrypted
76 passwords in general) is untested.
78 2006-05-01 Chris Toshok <toshok@ximian.com>
80 * Membership.cs (GeneratePassword): don't include quotes (',",`)
81 in the set of characters in the generated passwords.
83 2006-05-01 Chris Toshok <toshok@ximian.com>
85 * MembershipProvider.cs (GetAlg): switch from Exception to
86 ProviderException to match MS behavior (and fix the unit test.)
88 * Membership.cs (GeneratePassword): implement.
90 2006-05-01 Chris Toshok <toshok@ximian.com>
92 * SqlMembershipProvider.cs: lots more work. checking this in in
93 its present state because I don't want to lose it. It still needs
96 * Membership.cs (.cctor): remove the fallback.
97 (ValidatingPassword): remove the MonoTODO.
99 * MembershipProvider.cs (DecryptPassword): implement.
100 (EncryptPassword): implement.
101 (GetAlg): helper function for Decrypt/EncryptPassword.
104 2006-04-27 Chris Toshok <toshok@ximian.com>
106 * SqlMembershipProvider.cs (GeneratePassword): call
107 Membership.GeneratePassword with the configured minimum strength
110 2006-04-27 Chris Toshok <toshok@ximian.com>
112 * SqlMembershipProvider.cs (UnlockUser): fix sql query, and move
113 the CheckPararm call to the top of the method.
115 2006-04-12 Chris Toshok <toshok@ximian.com>
117 * SqlMembershipProvider.cs: commit initial pass at
118 SqlMembershipProvider work. lots of stuff untested in here.
120 2006-04-11 Chris Toshok <toshok@ximian.com>
122 * MembershipUser.cs (.ctor): per Shackow's book, all DateTime's
123 are converted using ToUniversalTime when passed into this class.
124 (UpdateSelf): update ourselves from the passed in MembershipUser,
125 swallowing NotSupportedExceptions.
126 (UpdateUser): fetch a new MembershipUser from the db and call
128 (ChangePassword): call UpdateUser after changing the password.
129 (ChangePasswordQuestionAndAnswer): same.
130 (ResetPassword): same.
131 (UnlockUser): same. Also, don't explicitly set isLockedOut.
132 It'll be updated in UpdateSelf.
133 (CreationDate): getter calls ToLocalTime, setter calls
135 (LastActivityDate): same.
136 (LastLoginDate): same.
137 (LastPasswordChangedDate): same.
138 (LastLockoutDate): same.
140 * Membership.cs (.cctor): use
141 ProvidersHelper.InstantitateProviders, and remove some unnecessary
144 2006-03-29 Chris Toshok <toshok@ximian.com>
146 * SqlRoleProvider.cs: do the LOWER's in SQL, not in C#.
148 2006-03-23 Chris Toshok <toshok@ximian.com>
150 * Roles.cs: make this 2.0 configuration aware.
152 * SqlRoleProvider.cs: flesh out all the operations. the only
153 things that need dealing with are the Initialize method's handling
154 of a few parameters, and the ApplicationName property.
156 2006-03-23 Chris Toshok <toshok@ximian.com>
158 * DefaultAuthenticationModule.cs (OnDefaultAuthentication): always
159 set Thread.CurrentPrincipal, not just if we set it to the
162 2006-03-22 Chris Toshok <toshok@ximian.com>
164 * RoleManagerModule.cs: implement using info in Shackow's book.
166 * RolePrincipal.cs: flesh this out a bit more.
168 * DefaultAuthenticationModule.cs (OnDefaultAuthentication):
169 according to Shackow's book, this sets Thread.CurrentPrincipal as
170 well as HttpContext.Current.User.
172 2006-02-28 Chris Toshok <toshok@ximian.com>
174 * FormsAuthentication.cs: corcompare work.
176 * MembershipCreateUserException.cs: same.
178 * MembershipPasswordException.cs: same.
180 * AnonymousIdentificationModule.cs: same.
182 2006-02-01 Chris Toshok <toshok@ximian.com>
184 * FormsAuthentication.cs, Membership.cs,
185 FormsAuthenticationModule.cs, UrlAuthorizationModule.cs: oops,
186 replace GetWebApplicationSection with GetSection.
188 2006-02-01 Chris Toshok <toshok@ximian.com>
190 * FormsAuthentication.cs: CONFIGURATION_2_0 => NET_2_0.
191 simplifies the ifdef mess quite a bit.
193 * Membership.cs: same.
195 * FormsAuthenticationModule.cs: same.
197 * UrlAuthorizationModule.cs: same.
199 2006-01-04 Chris Toshok <toshok@ximian.com>
201 * FormsAuthentication.cs (Authenticate): add CONFIGURATION_2_0
208 2006-01-04 Chris Toshok <toshok@ximian.com>
210 * Membership.cs (.cctor): enable the code here under
213 2006-01-03 Chris Toshok <toshok@ximian.com>
215 * UrlAuthorizationModule.cs (OnAuthorizeRequest): add
216 CONFIGURATION_2_0 code here.
218 2005-12-22 Gonzalo Paniagua Javier <gonzalo@ximian.com>
220 * FormsAuthentication.cs: don't end the request in
221 RedirectFromLoginPage.
223 2005-12-22 Gonzalo Paniagua Javier <gonzalo@ximian.com>
225 * FormsAuthenticationModule.cs: expire the cookie. Fixes bug #77043.
226 Patch by Cyrille Colin.
228 2005-12-13 Gonzalo Paniagua Javier <gonzalo@ximian.com>
230 * FormsAuthenticationModule.cs: ignore any exception thrown when mapping
231 the provided virtual path to the physical one. Patch by Cyrille Colin.
233 2005-11-28 Chris Toshok <toshok@ximian.com>
235 * FormsAuthenticationModule.cs (OnAuthenticateRequest):
236 CONFIGURATION_2_0 work.
237 (OnEndRequest): same.
239 2005-09-09 Sebastien Pouliot <sebastien@ximian.com>
241 * DefaultAuthenticationEventArgs.cs: Added LinkDemand for Minimal.
242 * DefaultAuthenticationModule.cs: Added LinkDemand for Minimal. Added
243 Demand for UnmanagedCode on constructor.
244 * FileAuthorizationModule.cs: Added LinkDemand for Minimal. Added
245 Demand for UnmanagedCode on constructor.
246 * FormsAuthentication.cs: Added LinkDemand for Minimal.
247 * FormsAuthenticationEventArgs.cs: Added LinkDemand for Minimal.
248 * FormsAuthenticationModule.cs: Added LinkDemand for Minimal. Added
249 Demand for UnmanagedCode on constructor.
250 * FormsAuthenticationTicket.cs: Added LinkDemand for Minimal.
251 * FormsIdentity.cs: Added LinkDemand for Minimal.
252 * PassportAuthenticationEventArgs.cs: Added LinkDemand for Minimal.
253 * PassportAuthenticationModule.cs: Added LinkDemand for Minimal. Added
254 Demand for UnmanagedCode on constructor.
255 * PassportIdentity.cs: Added LinkDemand for Minimal. Added Demand for
256 UnmanagedCode on constructor.
257 * UrlAuthorizationModule.cs: Added LinkDemand for Minimal. Added
258 Demand for UnmanagedCode on constructor.
259 * WindowsAuthenticationEventArgs.cs: Added LinkDemand for Minimal.
260 * WindowsAuthenticationModule.cs: Added LinkDemand for Minimal. Added
261 Demand for UnmanagedCode on constructor.
263 2005-09-01 Sebastien Pouliot <sebastien@ximian.com>
265 * FormsAuthenticationEventArgs.cs: Ensure the setter for User is
266 protected by a demand for ControlPrincipal.
267 * PassportAuthenticationEventArgs.cs: Ensure the setter for User is
268 protected by a demand for ControlPrincipal.
269 * WindowsAuthenticationEventArgs.cs: Ensure the setter for User is
270 protected by a demand for ControlPrincipal.
272 2005-08-25 Sebastien Pouliot <sebastien@ximian.com>
274 * FormsAuthentication.cs: With 2.0 we can get the default properties
275 and call Initialize without a NRE.
277 2005-08-25 Sebastien Pouliot <sebastien@ximian.com>
279 * ActiveDirectoryConnectionProtection.cs: New (2.0) enum.
280 * ActiveDirectoryMembershipProvider.cs: Fixed 2.0 API.
281 * AnonymousIdentificationEventArgs.cs: Fixed AnonymousID property case.
282 * AnonymousIdentificationModule.cs: Fixed 2.0 API.
283 * FileAuthorizationModule.cs: Added static CheckFileAccessForUser in
285 * FormsAuthentication.cs: Added missing 2.0 properties with their
287 * MembershipCreateStatus.cs: Fixed enum values/names.
288 * MembershipProvider.cs: Added stub for [Decrypt|Encrypt]Password. Both
289 methods don't seems to work without an active provider.
290 * PassportIdentity.cs: Added IDispose for 2.0 profile.
291 * Roles.cs: Added missing beta2 bits and default values (which are the
292 only things working without a role provider (web.config).
293 * RolePrincipal.cs: Fixed 2.0 API. Implemented a few bits.
294 * SqlRoleProvider.cs: Fixed 2.0 API.
295 * UrlAuthorizationModule.cs: Added static CheckUrlAccessForPrincipal in
298 2005-08-24 Sebastien Pouliot <sebastien@ximian.com>
300 * MembershipUserCollection.cs: Fix exceptions.
302 2005-08-22 Sebastien Pouliot <sebastien@ximian.com>
304 * FormsAuthentication.cs: Add some 2.0 stuff required for Login*
307 2005-08-18 Sebastien Pouliot <sebastien@ximian.com>
309 * Membership.cs: Commented unworking parts of the .cctor to allow
310 testing the Login control.
311 * MembershipProviderCollection.cs: Fixed exception handling.
312 * SqlMembershipProvider.cs: Don't throw NotImplementedException
313 everywhere so Membership's .cctor (somewhat) works. Removed
314 Description property (not in beta2).
316 2005-07-28 Gonzalo Paniagua Javier <gonzalo@ximian.com>
318 * FormsAuthentication.cs: allow hardware acceleration support if
319 available. Sebastien dixit.
321 2005-07-26 Gonzalo Paniagua Javier <gonzalo@ximian.com>
323 * FormsAuthentication.cs: the init_vector must be the same accross
324 restarts, otherwise the cookie does not work even when a decryption
325 key is provided. Initialize it to the bytes of the cookie name. Fixes
328 2005-07-25 Eyal Alaluf <eyala@mainsoft.com>
330 * FormsAuthenticationModule.cs: Check for null config
332 2005-07-25 Miguel de Icaza <miguel@novell.com>
334 * FormsAuthentication.cs (SignOut): Force the cookie to have it
337 2005-07-25 Gonzalo Paniagua Javier <gonzalo@ximian.com>
339 * FormsAuthentication.cs: my previous patch missed a "small" detail: it
340 didn't include the verification key when computing/checking the
341 validation hash. Now this is really a MAC or HMAC or...
343 2005-07-25 Gonzalo Paniagua Javier <gonzalo@ximian.com>
345 * FormsAuthentication.cs:
346 * FormsAuthenticationTicket.cs: added support for validation and
347 encryption of the auth. cookie and improved serialization of the ticket.
349 2005-07-01 Lluis Sanchez Gual <lluis@novell.com>
351 * Membership.cs: Read provider info from the config file.
353 2005-06-10 Lluis Sanchez Gual <lluis@novell.com>
355 * MembershipUserCollection.cs:
356 * MembershipPasswordException.cs:
357 * RoleProviderCollection.cs:
358 * ActiveDirectoryMembershipProvider.cs:
359 * SqlMembershipProvider.cs:
360 * MembershipProvider.cs:
361 * SqlRoleProvider.cs:
364 * MembershipProviderCollection.cs:
366 * RoleProvider.cs: Track api changes in ASP.NET 2.0. Implemented
367 some missing methods.
369 * AccessRoleProvider.cs:
370 * AccessMembershipProvider.cs: Removed.
372 * MembershipCreateUserException.cs:
373 * MembershipValidatePasswordEventHandler.cs:
374 * ValidatePasswordEventArgs.cs: Implemented.
376 2005-05-21 Sebastien Pouliot <sebastien@ximian.com>
378 * FormsAuthentication.cs: Hash the UTF8 representation of the password
379 strings (to be compatible with Microsoft implementation).
381 2005-04-20 Gonzalo Paniagua Javier <gonzalo@ximian.com>
383 * FormsAuthentication.cs:
384 * PassportAuthenticationModule.cs:
385 * WindowsAuthenticationModule.cs: removed warnings.
387 2005-03-11 Gonzalo Paniagua Javier <gonzalo@ximian.com>
389 * FormsAuthenticationModule.cs: fix for bug 73545, which caused
390 authentication not to work when the cookie was not persistent.
391 Patch by Ilya Kharmatsky (Mainsoft).
393 2005-02-23 Gonzalo Paniagua Javier <gonzalo@ximian.com>
395 * FormsAuthentication.cs: make the string to be stored in a config.
396 file uppercase... See bug #72557.
398 2005-02-06 Gonzalo Paniagua Javier <gonzalo@ximian.com>
400 * FormsAuthentication.cs: fixed typo when getting the hash for the
401 password in SHA1 and MD5. Thanks to Tadas Dailyda.
402 Lock on a static object instead of typeof(FormsAuthentication).
404 2004-11-18 Lluis Sanchez Gual <lluis@novell.com>
406 * RoleProvider.cs, Roles.cs, SqlRoleProvider.cs, RoleProviderCollection.cs,
407 AccessRoleProvider.cs: IRoleProvider has been renamed to ProviderBase.
408 * IMembershipProvider.cs: Deleted.
409 * MembershipProvider.cs, AccessMembershipProvider.cs, MembershipUser.cs,
410 Membership.cs, ADMembershipProvider.cs, SqlMembershipProvider.cs
411 MembershipProviderCollection.cs: MembershipProvider has been deleted
412 and replaced by the abstract class MembershipProvider.
413 * MembershipProviderCollection.cs: Minor fixes.
414 * ADMembershipProvider.cs: Renamed to ActiveDirectoryMembershipProvider.cs.
416 2004-11-15 Lluis Sanchez Gual <lluis@novell.com>
418 * RoleProviderCollection.cs, MembershipProviderCollection.cs:
421 2004-08-23 Gonzalo Paniagua Javier <gonzalo@ximian.com>
423 * FormsAuthentication.cs: patch by Jim Pease to fix the date on renewal.
425 2004-08-22 Gonzalo Paniagua Javier <gonzalo@ximian.com>
427 * FormsAuthenticationModule.cs: don't renew expired cookies. Only renew
428 the cookie if SlidingExpiration is set. Thanks to Jim Pease.
430 2004-08-03 Sanjay Gupta <gsanjay@novell.com>
432 * MembershipSortOptions.cs:
433 * MembershipPasswordFormat.cs:
434 * MembershipOnlineStatus.cs:
435 * MembershipCreateStatus.cs:
436 * CookieProtection.cs: minor modifications.
438 2004-06-12 Pedro Martnez Juli <yoros@wanadoo.es>
440 * FormsAuthentication.cs: Undo last change.
442 2004-06-12 Pedro Martnez Juli <yoros@wanadoo.es>
444 * FormsAuthentication.cs: go to loginUrl from web.config settings
445 before try with the default ones.
447 2004-06-11 Gonzalo Paniagua Javier <gonzalo@ximian.com>
449 * DefaultAuthenticationModule.cs: set the IPrincipal for this thread
450 once we have a user. Fixes bug #59683.
452 2004-04-21 Gonzalo Paniagua Javier <gonzalo@ximian.com>
454 * FormsAuthenticationModule.cs: re-read configuration files if needed
455 when determining if forms auth. is used.
457 2004-01-23 Gonzalo Paniagua Javier <gonzalo@ximian.com>
459 * FormsAuthentication.cs: added RequireSSL and SlidingExpiration.
461 2004-01-11 Andreas Nahr <ClassDevelopment@A-SoftTech.com>
463 * PassportIdentity.cs: Added v 1.1 members
465 2003-11-25 Ben Maurer <bmaurer@users.sourceforge.net>
467 * AccessMembershipProvider.cs: New v2 file
468 * AccessRoleProvider.cs: New v2 file
469 * ADMembershipProvider.cs: New v2 file
470 * AnonymousIdentificationEventArgs.cs: New v2 file
471 * AnonymousIdentificationEventHandler.cs: New v2 file
472 * AnonymousIdentificationModule.cs: New v2 file
473 * CookieProtection.cs: New v2 file
474 * IMembershipProvider.cs: New v2 file
475 * IRoleProvider.cs: New v2 file
476 * Membership.cs: New v2 file
477 * MembershipCreateStatus.cs: New v2 file
478 * MembershipCreateUserException.cs: New v2 file
479 * MembershipOnlineStatus.cs: New v2 file
480 * MembershipPasswordException.cs: New v2 file
481 * MembershipPasswordFormat.cs: New v2 file
482 * MembershipProviderCollection.cs: New v2 file
483 * MembershipSortOptions.cs: New v2 file
484 * MembershipUser.cs: New v2 file
485 * MembershipUserCollection.cs: New v2 file
486 * RoleManagerEventArgs.cs: New v2 file
487 * RoleManagerEventHandler.cs: New v2 file
488 * RoleManagerModule.cs: New v2 file
489 * RolePrincipal.cs: New v2 file
490 * RoleProviderCollection.cs: New v2 file
491 * Roles.cs: New v2 file
492 * SqlMembershipProvider.cs: New v2 file
493 * SqlRoleProvider.cs: New v2 file
495 2003-11-05 Gonzalo Paniagua Javier <gonzalo@ximian.com>
497 * FormsAuthentication.cs: encoding updates.
499 2003-10-04 Gonzalo Paniagua Javier <gonzalo@ximian.com>
501 * FormsAuthenticationModule.cs: fixed for applications other than /.
503 2003-08-27 Gonzalo Paniagua Javier <gonzalo@ximian.com>
505 * UrlAuthorizationModule.cs: fixed description for status code.
507 2003-07-31 Gonzalo Paniagua Javier <gonzalo@ximian.com>
509 * FormsAuthenticationModule.cs: really renew the ticket. Thanks to
510 Jens Thiel <Jens@Thiel.DE>.
512 2003-02-13 Gonzalo Paniagua Javier <gonzalo@ximian.com>
514 * UrlAuthorizationModule.cs: tell the application not to run any other
515 step apart from EndRequest.
517 2003-02-12 Gonzalo Paniagua Javier <gonzalo@ximian.com>
519 * FormsAuthentication.cs: implemented RedirectFromLoginPage and
522 * FormsAuthenticationModule.cs: redirect to the login page when a 401
525 * UrlAuthorizationModule.cs: check for valid user or render error page.
527 2003-01-04 Gonzalo Paniagua Javier <gonzalo@ximian.com>
529 * DefaultAuthenticationModule.cs: implemented. It just create a default
530 unauthenticated user when no one else provided one.
532 * FormsAuthenticationModule.cs: removed debug output.
534 2002-12-20 Gonzalo Paniagua Javier <gonzalo@ximian.com>
536 * FormsAuthenticationModule.cs: remove debug lines.
538 2002-12-19 Gonzalo Paniagua Javier <gonzalo@ximian.com>
540 * FormsAuthentication.cs: return a null ticket when an exception is
541 thrown creating it. Implemented RenewTicketIfOld.
543 * FormsAuthenticationModule.cs: implemented event handlers for
544 AuthenticateRequest and EndRequest.
546 * FormsAuthenticationTicket.cs: implemented SetDates and Clone methods.
548 2002-12-18 Gonzalo Paniagua Javier <gonzalo@ximian.com>
550 * FormsAuthentication.cs: implemented GetAuthCookie, SetAuthCookie,
551 SignOut, FormsCookieName and FormsCookiePath.
553 2002-12-17 Gonzalo Paniagua Javier <gonzalo@ximian.com>
555 * FormsAuthentication.cs: implemented Authenticate, unencrypted Encrypt
556 and Decrypt, HashPasswordForStoringInConfigFile and Initialize.
558 * FormsAuthenticationTicket.cs: set cookiePath to the default when no
561 2002-08-26 Gonzalo Paniagua Javier <gonzalo@ximian.com>
563 * DefaultAuthenticationEventHandler.cs:
564 * DefaultAuthenticationModule.cs:
565 * FileAuthorizationModule.cs:
566 * FormsAuthentication.cs:
567 * FormsAuthenticationEventArgs.cs:
568 * FormsAuthenticationEventHandler.cs:
569 * FormsAuthenticationModule.cs:
570 * FormsAuthenticationTicket.cs:
572 * PassportAuthenticationEventArgs.cs:
573 * PassportAuthenticationEventHandler.cs:
574 * PassportAuthenticationModule.cs:
575 * PassportIdentity.cs:
576 * UrlAuthorizationModule.cs:
577 * WindowsAuthenticationEventArgs.cs:
578 * WindowsAuthenticationEventHandler.cs:
579 * WindowsAuthenticationModule.cs: new files. Some of them implemented,
580 some others stubbed out.
582 2002-06-03 Gonzalo Paniagua Javier <gonzalo@ximian.com>
584 * DefaultAuthenticationEventArgs.cs: added file.