2006-08-14 Gonzalo Paniagua Javier <gonzalo@ximian.com>

[mono.git] / mcs / class / System.Web / System.Web.Security / ChangeLog

2006-08-14 Gonzalo Paniagua Javier <gonzalo@ximian.com>

        * FormsAuthentication.cs: set the Secure attribute of the authentication
        cookie when required.

2006-07-06      Konstantin Triger <kostat@mainsoft.com>

        * FormsAuthentication.cs: Ensure initialized, fix url mapping.

2006-05-03  Chris Toshok  <toshok@ximian.com>

        * SqlMembershipProvider.cs (GetAlg): move this here for the time
        being, as it's the only class that uses it.
        (HashAndBase64Encode): nuke.
        (EncryptAndBase64Encode): nuke.
        (Base64DecodeAndDecrypt): nuke.
        (DecryptPassword): new function.
        (EncryptPassword): new function.
        (ChangePassword): replace the switch with a call to
        EncodePassword.
        (ChangePasswordQuestionAndAnswer): same.
        (CreateUser): same.
        (ResetPassword): same.
        (ValidateUsingPassword): same.
        (ValidateUsingPasswordAnswer): same.
        (GetPassword): same, and throw MembershipPasswordException if the
        password answer is incorrect.

        * MembershipProvider.cs (InitVector): nuke this.  it's actually
        the salt from the database (for the sql provider, anyway).
        (EncodePassword): based on the password format, password, and
        salt, encode it.  Makes use of EncryptPassword.
        (DecodePassword): likewise for decoding, makes use of
        DecryptPassword.
        (DecryptPassword): revert this to throwing
        NotImplementedException, as the sql provideroverrides it to
        perform the actual decryption.
        (EncryptPassword): same.

2006-05-02  Chris Toshok  <toshok@ximian.com>

        * SqlMembershipProvider.cs: 85% complete, maybe more.  The major
        functionality should work.  Password retrieval (and encrypted
        passwords in general) is untested.

2006-05-01  Chris Toshok  <toshok@ximian.com>

        * Membership.cs (GeneratePassword): don't include quotes (',",`)
        in the set of characters in the generated passwords.

2006-05-01  Chris Toshok  <toshok@ximian.com>

        * MembershipProvider.cs (GetAlg): switch from Exception to
        ProviderException to match MS behavior (and fix the unit test.)

        * Membership.cs (GeneratePassword): implement.

2006-05-01  Chris Toshok  <toshok@ximian.com>

        * SqlMembershipProvider.cs: lots more work.  checking this in in
        its present state because I don't want to lose it.  It still needs
        work.
        
        * Membership.cs (.cctor): remove the fallback.
        (ValidatingPassword): remove the MonoTODO.

        * MembershipProvider.cs (DecryptPassword): implement.
        (EncryptPassword): implement.
        (GetAlg): helper function for Decrypt/EncryptPassword.
        (InitVector): same.

2006-04-27  Chris Toshok  <toshok@ximian.com>

        * SqlMembershipProvider.cs (GeneratePassword): call
        Membership.GeneratePassword with the configured minimum strength
        requirements.

2006-04-27  Chris Toshok  <toshok@ximian.com>

        * SqlMembershipProvider.cs (UnlockUser): fix sql query, and move
        the CheckPararm call to the top of the method.

2006-04-12  Chris Toshok  <toshok@ximian.com>

        * SqlMembershipProvider.cs: commit initial pass at
        SqlMembershipProvider work.  lots of stuff untested in here.

2006-04-11  Chris Toshok  <toshok@ximian.com>

        * MembershipUser.cs (.ctor): per Shackow's book, all DateTime's
        are converted using ToUniversalTime when passed into this class.
        (UpdateSelf): update ourselves from the passed in MembershipUser,
        swallowing NotSupportedExceptions.
        (UpdateUser): fetch a new MembershipUser from the db and call
        UpdateSelf with it.
        (ChangePassword): call UpdateUser after changing the password.
        (ChangePasswordQuestionAndAnswer): same.
        (ResetPassword): same.
        (UnlockUser): same.  Also, don't explicitly set isLockedOut.
        It'll be updated in UpdateSelf.
        (CreationDate): getter calls ToLocalTime, setter calls
        ToUniversalTime.
        (LastActivityDate): same.
        (LastLoginDate): same.
        (LastPasswordChangedDate): same.
        (LastLockoutDate): same.
        
        * Membership.cs (.cctor): use
        ProvidersHelper.InstantitateProviders, and remove some unnecessary
        #if NET_2_0's.

2006-03-29  Chris Toshok  <toshok@ximian.com>

        * SqlRoleProvider.cs: do the LOWER's in SQL, not in C#.

2006-03-23  Chris Toshok  <toshok@ximian.com>

        * Roles.cs: make this 2.0 configuration aware.

        * SqlRoleProvider.cs: flesh out all the operations.  the only
        things that need dealing with are the Initialize method's handling
        of a few parameters, and the ApplicationName property.

2006-03-23  Chris Toshok  <toshok@ximian.com>

        * DefaultAuthenticationModule.cs (OnDefaultAuthentication): always
        set Thread.CurrentPrincipal, not just if we set it to the
        GenericPrincipal.

2006-03-22  Chris Toshok  <toshok@ximian.com>

        * RoleManagerModule.cs: implement using info in Shackow's book.

        * RolePrincipal.cs: flesh this out a bit more.

        * DefaultAuthenticationModule.cs (OnDefaultAuthentication):
        according to Shackow's book, this sets Thread.CurrentPrincipal as
        well as HttpContext.Current.User.

2006-02-28  Chris Toshok  <toshok@ximian.com>

        * FormsAuthentication.cs: corcompare work.

        * MembershipCreateUserException.cs: same.

        * MembershipPasswordException.cs: same.

        * AnonymousIdentificationModule.cs: same.

2006-02-01  Chris Toshok  <toshok@ximian.com>

        * FormsAuthentication.cs, Membership.cs,
        FormsAuthenticationModule.cs, UrlAuthorizationModule.cs: oops,
        replace GetWebApplicationSection with GetSection.
        
2006-02-01  Chris Toshok  <toshok@ximian.com>

        * FormsAuthentication.cs: CONFIGURATION_2_0 => NET_2_0.
        simplifies the ifdef mess quite a bit.

        * Membership.cs: same.

        * FormsAuthenticationModule.cs: same.

        * UrlAuthorizationModule.cs: same.

2006-01-04  Chris Toshok  <toshok@ximian.com>

        * FormsAuthentication.cs (Authenticate): add CONFIGURATION_2_0
        code.
        (Decrypt2): same.
        (Decrypt): same.
        (Encrypt): same.
        (Initialize): same.

2006-01-04  Chris Toshok  <toshok@ximian.com>

        * Membership.cs (.cctor): enable the code here under
        CONFIGURATION_2_0.

2006-01-03  Chris Toshok  <toshok@ximian.com>

        * UrlAuthorizationModule.cs (OnAuthorizeRequest): add
        CONFIGURATION_2_0 code here.

2005-12-22 Gonzalo Paniagua Javier <gonzalo@ximian.com>

        * FormsAuthentication.cs: don't end the request in
        RedirectFromLoginPage.

2005-12-22 Gonzalo Paniagua Javier <gonzalo@ximian.com>

        * FormsAuthenticationModule.cs: expire the cookie. Fixes bug #77043.
        Patch by Cyrille Colin.

2005-12-13 Gonzalo Paniagua Javier <gonzalo@ximian.com>

        * FormsAuthenticationModule.cs: ignore any exception thrown when mapping
        the provided virtual path to the physical one. Patch by Cyrille Colin.

2005-11-28  Chris Toshok  <toshok@ximian.com>

        * FormsAuthenticationModule.cs (OnAuthenticateRequest):
        CONFIGURATION_2_0 work.
        (OnEndRequest): same.

2005-09-09  Sebastien Pouliot  <sebastien@ximian.com>

        * DefaultAuthenticationEventArgs.cs: Added LinkDemand for Minimal.
        * DefaultAuthenticationModule.cs: Added LinkDemand for Minimal. Added
        Demand for UnmanagedCode on constructor.
        * FileAuthorizationModule.cs: Added LinkDemand for Minimal. Added 
        Demand for UnmanagedCode on constructor.
        * FormsAuthentication.cs: Added LinkDemand for Minimal.
        * FormsAuthenticationEventArgs.cs: Added LinkDemand for Minimal.
        * FormsAuthenticationModule.cs: Added LinkDemand for Minimal. Added 
        Demand for UnmanagedCode on constructor.
        * FormsAuthenticationTicket.cs: Added LinkDemand for Minimal.
        * FormsIdentity.cs: Added LinkDemand for Minimal.
        * PassportAuthenticationEventArgs.cs: Added LinkDemand for Minimal.
        * PassportAuthenticationModule.cs: Added LinkDemand for Minimal. Added
        Demand for UnmanagedCode on constructor.
        * PassportIdentity.cs: Added LinkDemand for Minimal. Added Demand for
        UnmanagedCode on constructor.
        * UrlAuthorizationModule.cs: Added LinkDemand for Minimal. Added 
        Demand for UnmanagedCode on constructor.
        * WindowsAuthenticationEventArgs.cs: Added LinkDemand for Minimal.
        * WindowsAuthenticationModule.cs: Added LinkDemand for Minimal. Added
        Demand for UnmanagedCode on constructor.

2005-09-01  Sebastien Pouliot  <sebastien@ximian.com>

        * FormsAuthenticationEventArgs.cs: Ensure the setter for User is 
        protected by a demand for ControlPrincipal.
        * PassportAuthenticationEventArgs.cs: Ensure the setter for User is
        protected by a demand for ControlPrincipal.
        * WindowsAuthenticationEventArgs.cs: Ensure the setter for User is 
        protected by a demand for ControlPrincipal.

2005-08-25  Sebastien Pouliot  <sebastien@ximian.com> 
 
        * FormsAuthentication.cs: With 2.0 we can get the default properties 
        and call Initialize without a NRE.

2005-08-25  Sebastien Pouliot  <sebastien@ximian.com>

        * ActiveDirectoryConnectionProtection.cs: New (2.0) enum.
        * ActiveDirectoryMembershipProvider.cs: Fixed 2.0 API.
        * AnonymousIdentificationEventArgs.cs: Fixed AnonymousID property case.
        * AnonymousIdentificationModule.cs: Fixed 2.0 API.
        * FileAuthorizationModule.cs: Added static CheckFileAccessForUser in 
        2.0 profile (TODO).
        * FormsAuthentication.cs: Added missing 2.0 properties with their 
        default values.
        * MembershipCreateStatus.cs: Fixed enum values/names.
        * MembershipProvider.cs: Added stub for [Decrypt|Encrypt]Password. Both
        methods don't seems to work without an active provider.
        * PassportIdentity.cs: Added IDispose for 2.0 profile.
        * Roles.cs: Added missing beta2 bits and default values (which are the
        only things working without a role provider (web.config).
        * RolePrincipal.cs: Fixed 2.0 API. Implemented a few bits.
        * SqlRoleProvider.cs: Fixed 2.0 API.
        * UrlAuthorizationModule.cs: Added static CheckUrlAccessForPrincipal in
        2.0 profile (TODO).

2005-08-24  Sebastien Pouliot  <sebastien@ximian.com>

        * MembershipUserCollection.cs: Fix exceptions.

2005-08-22  Sebastien Pouliot  <sebastien@ximian.com>

        * FormsAuthentication.cs: Add some 2.0 stuff required for Login* 
        controls to compile.

2005-08-18  Sebastien Pouliot  <sebastien@ximian.com>

        * Membership.cs: Commented unworking parts of the .cctor to allow 
        testing the Login control.
        * MembershipProviderCollection.cs: Fixed exception handling.
        * SqlMembershipProvider.cs: Don't throw NotImplementedException 
        everywhere so Membership's .cctor (somewhat) works. Removed 
        Description property (not in beta2).

2005-07-28 Gonzalo Paniagua Javier <gonzalo@ximian.com>

        * FormsAuthentication.cs: allow hardware acceleration support if
        available. Sebastien dixit.

2005-07-26 Gonzalo Paniagua Javier <gonzalo@ximian.com>

        * FormsAuthentication.cs: the init_vector must be the same accross
        restarts, otherwise the cookie does not work even when a decryption
        key is provided. Initialize it to the bytes of the cookie name. Fixes
        bug #75635.

2005-07-25  Eyal Alaluf <eyala@mainsoft.com>

        * FormsAuthenticationModule.cs: Check for null config

2005-07-25  Miguel de Icaza  <miguel@novell.com>

        * FormsAuthentication.cs (SignOut): Force the cookie to have it
        expire in the past.

2005-07-25 Gonzalo Paniagua Javier <gonzalo@ximian.com>

        * FormsAuthentication.cs: my previous patch missed a "small" detail: it
        didn't include the verification key when computing/checking the
        validation hash. Now this is really a MAC or HMAC or...

2005-07-25 Gonzalo Paniagua Javier <gonzalo@ximian.com>

        * FormsAuthentication.cs:
        * FormsAuthenticationTicket.cs: added support for validation and
        encryption of the auth. cookie and improved serialization of the ticket.

2005-07-01  Lluis Sanchez Gual <lluis@novell.com>

        * Membership.cs: Read provider info from the config file.

2005-06-10 Lluis Sanchez Gual <lluis@novell.com>

        * MembershipUserCollection.cs:
        * MembershipPasswordException.cs:
        * RoleProviderCollection.cs:
        * ActiveDirectoryMembershipProvider.cs:
        * SqlMembershipProvider.cs:
        * MembershipProvider.cs:
        * SqlRoleProvider.cs:
        * Membership.cs:
        * MembershipUser.cs:
        * MembershipProviderCollection.cs:
        * Roles.cs:.
        * RoleProvider.cs: Track api changes in ASP.NET 2.0. Implemented
        some missing methods.
        
        * AccessRoleProvider.cs:
        * AccessMembershipProvider.cs: Removed.
        
        * MembershipCreateUserException.cs:
        * MembershipValidatePasswordEventHandler.cs:
        * ValidatePasswordEventArgs.cs: Implemented.

2005-05-21  Sebastien Pouliot  <sebastien@ximian.com>

        * FormsAuthentication.cs: Hash the UTF8 representation of the password
        strings (to be compatible with Microsoft implementation).

2005-04-20 Gonzalo Paniagua Javier <gonzalo@ximian.com>

        * FormsAuthentication.cs:
        * PassportAuthenticationModule.cs:
        * WindowsAuthenticationModule.cs: removed warnings.

2005-03-11 Gonzalo Paniagua Javier <gonzalo@ximian.com>

        * FormsAuthenticationModule.cs: fix for bug 73545, which caused
        authentication not to work when the cookie was not persistent.
        Patch by Ilya Kharmatsky (Mainsoft).

2005-02-23 Gonzalo Paniagua Javier <gonzalo@ximian.com>

        * FormsAuthentication.cs: make the string to be stored in a config.
        file uppercase... See bug #72557.

2005-02-06 Gonzalo Paniagua Javier <gonzalo@ximian.com>

        * FormsAuthentication.cs: fixed typo when getting the hash for the 
        password in SHA1 and MD5. Thanks to Tadas Dailyda.
        Lock on a static object instead of typeof(FormsAuthentication).

2004-11-18 Lluis Sanchez Gual <lluis@novell.com>

        * RoleProvider.cs, Roles.cs, SqlRoleProvider.cs, RoleProviderCollection.cs,
        AccessRoleProvider.cs: IRoleProvider has been renamed to ProviderBase.
        * IMembershipProvider.cs: Deleted.
        * MembershipProvider.cs, AccessMembershipProvider.cs, MembershipUser.cs,
        Membership.cs, ADMembershipProvider.cs, SqlMembershipProvider.cs
        MembershipProviderCollection.cs: MembershipProvider has been deleted
        and replaced by the abstract class MembershipProvider.
        * MembershipProviderCollection.cs: Minor fixes.
        * ADMembershipProvider.cs: Renamed to ActiveDirectoryMembershipProvider.cs.

2004-11-15 Lluis Sanchez Gual <lluis@novell.com>

        * RoleProviderCollection.cs, MembershipProviderCollection.cs: 
        Fixed warnings.

2004-08-23 Gonzalo Paniagua Javier <gonzalo@ximian.com>

        * FormsAuthentication.cs: patch by Jim Pease to fix the date on renewal.

2004-08-22 Gonzalo Paniagua Javier <gonzalo@ximian.com>

        * FormsAuthenticationModule.cs: don't renew expired cookies. Only renew
        the cookie if SlidingExpiration is set. Thanks to Jim Pease.

2004-08-03  Sanjay Gupta <gsanjay@novell.com>

        * MembershipSortOptions.cs:
        * MembershipPasswordFormat.cs:
        * MembershipOnlineStatus.cs:
        * MembershipCreateStatus.cs:
        * CookieProtection.cs: minor modifications.

2004-06-12  Pedro Martnez Juli  <yoros@wanadoo.es>

        * FormsAuthentication.cs: Undo last change.

2004-06-12  Pedro Martnez Juli  <yoros@wanadoo.es>

        * FormsAuthentication.cs: go to loginUrl from web.config settings
        before try with the default ones.

2004-06-11  Gonzalo Paniagua Javier <gonzalo@ximian.com>

        * DefaultAuthenticationModule.cs: set the IPrincipal for this thread
        once we have a user. Fixes bug #59683.

2004-04-21  Gonzalo Paniagua Javier <gonzalo@ximian.com>

        * FormsAuthenticationModule.cs: re-read configuration files if needed
        when determining if forms auth. is used.

2004-01-23  Gonzalo Paniagua Javier <gonzalo@ximian.com>

        * FormsAuthentication.cs: added RequireSSL and SlidingExpiration.

2004-01-11  Andreas Nahr <ClassDevelopment@A-SoftTech.com>

        * PassportIdentity.cs: Added v 1.1 members

2003-11-25 Ben Maurer  <bmaurer@users.sourceforge.net>
        
        * AccessMembershipProvider.cs: New v2 file
        * AccessRoleProvider.cs: New v2 file
        * ADMembershipProvider.cs: New v2 file
        * AnonymousIdentificationEventArgs.cs: New v2 file
        * AnonymousIdentificationEventHandler.cs: New v2 file
        * AnonymousIdentificationModule.cs: New v2 file
        * CookieProtection.cs: New v2 file
        * IMembershipProvider.cs: New v2 file
        * IRoleProvider.cs: New v2 file
        * Membership.cs: New v2 file
        * MembershipCreateStatus.cs: New v2 file
        * MembershipCreateUserException.cs: New v2 file
        * MembershipOnlineStatus.cs: New v2 file
        * MembershipPasswordException.cs: New v2 file
        * MembershipPasswordFormat.cs: New v2 file
        * MembershipProviderCollection.cs: New v2 file
        * MembershipSortOptions.cs: New v2 file
        * MembershipUser.cs: New v2 file
        * MembershipUserCollection.cs: New v2 file
        * RoleManagerEventArgs.cs: New v2 file
        * RoleManagerEventHandler.cs: New v2 file
        * RoleManagerModule.cs: New v2 file
        * RolePrincipal.cs: New v2 file
        * RoleProviderCollection.cs: New v2 file
        * Roles.cs: New v2 file
        * SqlMembershipProvider.cs: New v2 file
        * SqlRoleProvider.cs: New v2 file

2003-11-05  Gonzalo Paniagua Javier <gonzalo@ximian.com>

        * FormsAuthentication.cs: encoding updates.

2003-10-04  Gonzalo Paniagua Javier <gonzalo@ximian.com>

        * FormsAuthenticationModule.cs: fixed for applications other than /.

2003-08-27  Gonzalo Paniagua Javier <gonzalo@ximian.com>

        * UrlAuthorizationModule.cs: fixed description for status code.

2003-07-31  Gonzalo Paniagua Javier <gonzalo@ximian.com>

        * FormsAuthenticationModule.cs: really renew the ticket. Thanks to
        Jens Thiel <Jens@Thiel.DE>.

2003-02-13  Gonzalo Paniagua Javier <gonzalo@ximian.com>

        * UrlAuthorizationModule.cs: tell the application not to run any other
        step apart from EndRequest.

2003-02-12  Gonzalo Paniagua Javier <gonzalo@ximian.com>

        * FormsAuthentication.cs: implemented RedirectFromLoginPage and
        GetRedirectUrl.
        
        * FormsAuthenticationModule.cs: redirect to the login page when a 401
        error happens.

        * UrlAuthorizationModule.cs: check for valid user or render error page.

2003-01-04  Gonzalo Paniagua Javier <gonzalo@ximian.com>

        * DefaultAuthenticationModule.cs: implemented. It just create a default 
        unauthenticated user when no one else provided one.

        * FormsAuthenticationModule.cs: removed debug output.

2002-12-20  Gonzalo Paniagua Javier <gonzalo@ximian.com>

        * FormsAuthenticationModule.cs: remove debug lines.

2002-12-19  Gonzalo Paniagua Javier <gonzalo@ximian.com>

        * FormsAuthentication.cs: return a null ticket when an exception is
        thrown creating it. Implemented RenewTicketIfOld.

        * FormsAuthenticationModule.cs: implemented event handlers for
        AuthenticateRequest and EndRequest.

        * FormsAuthenticationTicket.cs: implemented SetDates and Clone methods.

2002-12-18  Gonzalo Paniagua Javier <gonzalo@ximian.com>

        * FormsAuthentication.cs: implemented GetAuthCookie, SetAuthCookie,
        SignOut, FormsCookieName and FormsCookiePath.

2002-12-17  Gonzalo Paniagua Javier <gonzalo@ximian.com>

        * FormsAuthentication.cs: implemented Authenticate, unencrypted Encrypt
        and Decrypt, HashPasswordForStoringInConfigFile and Initialize.

        * FormsAuthenticationTicket.cs: set cookiePath to the default when no
        other provided.

2002-08-26  Gonzalo Paniagua Javier <gonzalo@ximian.com>

        * DefaultAuthenticationEventHandler.cs:
        * DefaultAuthenticationModule.cs:
        * FileAuthorizationModule.cs:
        * FormsAuthentication.cs:
        * FormsAuthenticationEventArgs.cs:
        * FormsAuthenticationEventHandler.cs:
        * FormsAuthenticationModule.cs:
        * FormsAuthenticationTicket.cs:
        * FormsIdentity.cs:
        * PassportAuthenticationEventArgs.cs:
        * PassportAuthenticationEventHandler.cs:
        * PassportAuthenticationModule.cs:
        * PassportIdentity.cs:
        * UrlAuthorizationModule.cs:
        * WindowsAuthenticationEventArgs.cs:
        * WindowsAuthenticationEventHandler.cs:
        * WindowsAuthenticationModule.cs: new files. Some of them implemented,
        some others stubbed out.

2002-06-03  Gonzalo Paniagua Javier <gonzalo@ximian.com>

        * DefaultAuthenticationEventArgs.cs: added file.