1 2006-08-14 Gonzalo Paniagua Javier <gonzalo@ximian.com>
3 * FormsAuthentication.cs: set the Secure attribute of the authentication
6 2006-07-06 Konstantin Triger <kostat@mainsoft.com>
8 * FormsAuthentication.cs: Ensure initialized, fix url mapping.
10 2006-05-03 Chris Toshok <toshok@ximian.com>
12 * SqlMembershipProvider.cs (GetAlg): move this here for the time
13 being, as it's the only class that uses it.
14 (HashAndBase64Encode): nuke.
15 (EncryptAndBase64Encode): nuke.
16 (Base64DecodeAndDecrypt): nuke.
17 (DecryptPassword): new function.
18 (EncryptPassword): new function.
19 (ChangePassword): replace the switch with a call to
21 (ChangePasswordQuestionAndAnswer): same.
23 (ResetPassword): same.
24 (ValidateUsingPassword): same.
25 (ValidateUsingPasswordAnswer): same.
26 (GetPassword): same, and throw MembershipPasswordException if the
27 password answer is incorrect.
29 * MembershipProvider.cs (InitVector): nuke this. it's actually
30 the salt from the database (for the sql provider, anyway).
31 (EncodePassword): based on the password format, password, and
32 salt, encode it. Makes use of EncryptPassword.
33 (DecodePassword): likewise for decoding, makes use of
35 (DecryptPassword): revert this to throwing
36 NotImplementedException, as the sql provideroverrides it to
37 perform the actual decryption.
38 (EncryptPassword): same.
40 2006-05-02 Chris Toshok <toshok@ximian.com>
42 * SqlMembershipProvider.cs: 85% complete, maybe more. The major
43 functionality should work. Password retrieval (and encrypted
44 passwords in general) is untested.
46 2006-05-01 Chris Toshok <toshok@ximian.com>
48 * Membership.cs (GeneratePassword): don't include quotes (',",`)
49 in the set of characters in the generated passwords.
51 2006-05-01 Chris Toshok <toshok@ximian.com>
53 * MembershipProvider.cs (GetAlg): switch from Exception to
54 ProviderException to match MS behavior (and fix the unit test.)
56 * Membership.cs (GeneratePassword): implement.
58 2006-05-01 Chris Toshok <toshok@ximian.com>
60 * SqlMembershipProvider.cs: lots more work. checking this in in
61 its present state because I don't want to lose it. It still needs
64 * Membership.cs (.cctor): remove the fallback.
65 (ValidatingPassword): remove the MonoTODO.
67 * MembershipProvider.cs (DecryptPassword): implement.
68 (EncryptPassword): implement.
69 (GetAlg): helper function for Decrypt/EncryptPassword.
72 2006-04-27 Chris Toshok <toshok@ximian.com>
74 * SqlMembershipProvider.cs (GeneratePassword): call
75 Membership.GeneratePassword with the configured minimum strength
78 2006-04-27 Chris Toshok <toshok@ximian.com>
80 * SqlMembershipProvider.cs (UnlockUser): fix sql query, and move
81 the CheckPararm call to the top of the method.
83 2006-04-12 Chris Toshok <toshok@ximian.com>
85 * SqlMembershipProvider.cs: commit initial pass at
86 SqlMembershipProvider work. lots of stuff untested in here.
88 2006-04-11 Chris Toshok <toshok@ximian.com>
90 * MembershipUser.cs (.ctor): per Shackow's book, all DateTime's
91 are converted using ToUniversalTime when passed into this class.
92 (UpdateSelf): update ourselves from the passed in MembershipUser,
93 swallowing NotSupportedExceptions.
94 (UpdateUser): fetch a new MembershipUser from the db and call
96 (ChangePassword): call UpdateUser after changing the password.
97 (ChangePasswordQuestionAndAnswer): same.
98 (ResetPassword): same.
99 (UnlockUser): same. Also, don't explicitly set isLockedOut.
100 It'll be updated in UpdateSelf.
101 (CreationDate): getter calls ToLocalTime, setter calls
103 (LastActivityDate): same.
104 (LastLoginDate): same.
105 (LastPasswordChangedDate): same.
106 (LastLockoutDate): same.
108 * Membership.cs (.cctor): use
109 ProvidersHelper.InstantitateProviders, and remove some unnecessary
112 2006-03-29 Chris Toshok <toshok@ximian.com>
114 * SqlRoleProvider.cs: do the LOWER's in SQL, not in C#.
116 2006-03-23 Chris Toshok <toshok@ximian.com>
118 * Roles.cs: make this 2.0 configuration aware.
120 * SqlRoleProvider.cs: flesh out all the operations. the only
121 things that need dealing with are the Initialize method's handling
122 of a few parameters, and the ApplicationName property.
124 2006-03-23 Chris Toshok <toshok@ximian.com>
126 * DefaultAuthenticationModule.cs (OnDefaultAuthentication): always
127 set Thread.CurrentPrincipal, not just if we set it to the
130 2006-03-22 Chris Toshok <toshok@ximian.com>
132 * RoleManagerModule.cs: implement using info in Shackow's book.
134 * RolePrincipal.cs: flesh this out a bit more.
136 * DefaultAuthenticationModule.cs (OnDefaultAuthentication):
137 according to Shackow's book, this sets Thread.CurrentPrincipal as
138 well as HttpContext.Current.User.
140 2006-02-28 Chris Toshok <toshok@ximian.com>
142 * FormsAuthentication.cs: corcompare work.
144 * MembershipCreateUserException.cs: same.
146 * MembershipPasswordException.cs: same.
148 * AnonymousIdentificationModule.cs: same.
150 2006-02-01 Chris Toshok <toshok@ximian.com>
152 * FormsAuthentication.cs, Membership.cs,
153 FormsAuthenticationModule.cs, UrlAuthorizationModule.cs: oops,
154 replace GetWebApplicationSection with GetSection.
156 2006-02-01 Chris Toshok <toshok@ximian.com>
158 * FormsAuthentication.cs: CONFIGURATION_2_0 => NET_2_0.
159 simplifies the ifdef mess quite a bit.
161 * Membership.cs: same.
163 * FormsAuthenticationModule.cs: same.
165 * UrlAuthorizationModule.cs: same.
167 2006-01-04 Chris Toshok <toshok@ximian.com>
169 * FormsAuthentication.cs (Authenticate): add CONFIGURATION_2_0
176 2006-01-04 Chris Toshok <toshok@ximian.com>
178 * Membership.cs (.cctor): enable the code here under
181 2006-01-03 Chris Toshok <toshok@ximian.com>
183 * UrlAuthorizationModule.cs (OnAuthorizeRequest): add
184 CONFIGURATION_2_0 code here.
186 2005-12-22 Gonzalo Paniagua Javier <gonzalo@ximian.com>
188 * FormsAuthentication.cs: don't end the request in
189 RedirectFromLoginPage.
191 2005-12-22 Gonzalo Paniagua Javier <gonzalo@ximian.com>
193 * FormsAuthenticationModule.cs: expire the cookie. Fixes bug #77043.
194 Patch by Cyrille Colin.
196 2005-12-13 Gonzalo Paniagua Javier <gonzalo@ximian.com>
198 * FormsAuthenticationModule.cs: ignore any exception thrown when mapping
199 the provided virtual path to the physical one. Patch by Cyrille Colin.
201 2005-11-28 Chris Toshok <toshok@ximian.com>
203 * FormsAuthenticationModule.cs (OnAuthenticateRequest):
204 CONFIGURATION_2_0 work.
205 (OnEndRequest): same.
207 2005-09-09 Sebastien Pouliot <sebastien@ximian.com>
209 * DefaultAuthenticationEventArgs.cs: Added LinkDemand for Minimal.
210 * DefaultAuthenticationModule.cs: Added LinkDemand for Minimal. Added
211 Demand for UnmanagedCode on constructor.
212 * FileAuthorizationModule.cs: Added LinkDemand for Minimal. Added
213 Demand for UnmanagedCode on constructor.
214 * FormsAuthentication.cs: Added LinkDemand for Minimal.
215 * FormsAuthenticationEventArgs.cs: Added LinkDemand for Minimal.
216 * FormsAuthenticationModule.cs: Added LinkDemand for Minimal. Added
217 Demand for UnmanagedCode on constructor.
218 * FormsAuthenticationTicket.cs: Added LinkDemand for Minimal.
219 * FormsIdentity.cs: Added LinkDemand for Minimal.
220 * PassportAuthenticationEventArgs.cs: Added LinkDemand for Minimal.
221 * PassportAuthenticationModule.cs: Added LinkDemand for Minimal. Added
222 Demand for UnmanagedCode on constructor.
223 * PassportIdentity.cs: Added LinkDemand for Minimal. Added Demand for
224 UnmanagedCode on constructor.
225 * UrlAuthorizationModule.cs: Added LinkDemand for Minimal. Added
226 Demand for UnmanagedCode on constructor.
227 * WindowsAuthenticationEventArgs.cs: Added LinkDemand for Minimal.
228 * WindowsAuthenticationModule.cs: Added LinkDemand for Minimal. Added
229 Demand for UnmanagedCode on constructor.
231 2005-09-01 Sebastien Pouliot <sebastien@ximian.com>
233 * FormsAuthenticationEventArgs.cs: Ensure the setter for User is
234 protected by a demand for ControlPrincipal.
235 * PassportAuthenticationEventArgs.cs: Ensure the setter for User is
236 protected by a demand for ControlPrincipal.
237 * WindowsAuthenticationEventArgs.cs: Ensure the setter for User is
238 protected by a demand for ControlPrincipal.
240 2005-08-25 Sebastien Pouliot <sebastien@ximian.com>
242 * FormsAuthentication.cs: With 2.0 we can get the default properties
243 and call Initialize without a NRE.
245 2005-08-25 Sebastien Pouliot <sebastien@ximian.com>
247 * ActiveDirectoryConnectionProtection.cs: New (2.0) enum.
248 * ActiveDirectoryMembershipProvider.cs: Fixed 2.0 API.
249 * AnonymousIdentificationEventArgs.cs: Fixed AnonymousID property case.
250 * AnonymousIdentificationModule.cs: Fixed 2.0 API.
251 * FileAuthorizationModule.cs: Added static CheckFileAccessForUser in
253 * FormsAuthentication.cs: Added missing 2.0 properties with their
255 * MembershipCreateStatus.cs: Fixed enum values/names.
256 * MembershipProvider.cs: Added stub for [Decrypt|Encrypt]Password. Both
257 methods don't seems to work without an active provider.
258 * PassportIdentity.cs: Added IDispose for 2.0 profile.
259 * Roles.cs: Added missing beta2 bits and default values (which are the
260 only things working without a role provider (web.config).
261 * RolePrincipal.cs: Fixed 2.0 API. Implemented a few bits.
262 * SqlRoleProvider.cs: Fixed 2.0 API.
263 * UrlAuthorizationModule.cs: Added static CheckUrlAccessForPrincipal in
266 2005-08-24 Sebastien Pouliot <sebastien@ximian.com>
268 * MembershipUserCollection.cs: Fix exceptions.
270 2005-08-22 Sebastien Pouliot <sebastien@ximian.com>
272 * FormsAuthentication.cs: Add some 2.0 stuff required for Login*
275 2005-08-18 Sebastien Pouliot <sebastien@ximian.com>
277 * Membership.cs: Commented unworking parts of the .cctor to allow
278 testing the Login control.
279 * MembershipProviderCollection.cs: Fixed exception handling.
280 * SqlMembershipProvider.cs: Don't throw NotImplementedException
281 everywhere so Membership's .cctor (somewhat) works. Removed
282 Description property (not in beta2).
284 2005-07-28 Gonzalo Paniagua Javier <gonzalo@ximian.com>
286 * FormsAuthentication.cs: allow hardware acceleration support if
287 available. Sebastien dixit.
289 2005-07-26 Gonzalo Paniagua Javier <gonzalo@ximian.com>
291 * FormsAuthentication.cs: the init_vector must be the same accross
292 restarts, otherwise the cookie does not work even when a decryption
293 key is provided. Initialize it to the bytes of the cookie name. Fixes
296 2005-07-25 Eyal Alaluf <eyala@mainsoft.com>
298 * FormsAuthenticationModule.cs: Check for null config
300 2005-07-25 Miguel de Icaza <miguel@novell.com>
302 * FormsAuthentication.cs (SignOut): Force the cookie to have it
305 2005-07-25 Gonzalo Paniagua Javier <gonzalo@ximian.com>
307 * FormsAuthentication.cs: my previous patch missed a "small" detail: it
308 didn't include the verification key when computing/checking the
309 validation hash. Now this is really a MAC or HMAC or...
311 2005-07-25 Gonzalo Paniagua Javier <gonzalo@ximian.com>
313 * FormsAuthentication.cs:
314 * FormsAuthenticationTicket.cs: added support for validation and
315 encryption of the auth. cookie and improved serialization of the ticket.
317 2005-07-01 Lluis Sanchez Gual <lluis@novell.com>
319 * Membership.cs: Read provider info from the config file.
321 2005-06-10 Lluis Sanchez Gual <lluis@novell.com>
323 * MembershipUserCollection.cs:
324 * MembershipPasswordException.cs:
325 * RoleProviderCollection.cs:
326 * ActiveDirectoryMembershipProvider.cs:
327 * SqlMembershipProvider.cs:
328 * MembershipProvider.cs:
329 * SqlRoleProvider.cs:
332 * MembershipProviderCollection.cs:
334 * RoleProvider.cs: Track api changes in ASP.NET 2.0. Implemented
335 some missing methods.
337 * AccessRoleProvider.cs:
338 * AccessMembershipProvider.cs: Removed.
340 * MembershipCreateUserException.cs:
341 * MembershipValidatePasswordEventHandler.cs:
342 * ValidatePasswordEventArgs.cs: Implemented.
344 2005-05-21 Sebastien Pouliot <sebastien@ximian.com>
346 * FormsAuthentication.cs: Hash the UTF8 representation of the password
347 strings (to be compatible with Microsoft implementation).
349 2005-04-20 Gonzalo Paniagua Javier <gonzalo@ximian.com>
351 * FormsAuthentication.cs:
352 * PassportAuthenticationModule.cs:
353 * WindowsAuthenticationModule.cs: removed warnings.
355 2005-03-11 Gonzalo Paniagua Javier <gonzalo@ximian.com>
357 * FormsAuthenticationModule.cs: fix for bug 73545, which caused
358 authentication not to work when the cookie was not persistent.
359 Patch by Ilya Kharmatsky (Mainsoft).
361 2005-02-23 Gonzalo Paniagua Javier <gonzalo@ximian.com>
363 * FormsAuthentication.cs: make the string to be stored in a config.
364 file uppercase... See bug #72557.
366 2005-02-06 Gonzalo Paniagua Javier <gonzalo@ximian.com>
368 * FormsAuthentication.cs: fixed typo when getting the hash for the
369 password in SHA1 and MD5. Thanks to Tadas Dailyda.
370 Lock on a static object instead of typeof(FormsAuthentication).
372 2004-11-18 Lluis Sanchez Gual <lluis@novell.com>
374 * RoleProvider.cs, Roles.cs, SqlRoleProvider.cs, RoleProviderCollection.cs,
375 AccessRoleProvider.cs: IRoleProvider has been renamed to ProviderBase.
376 * IMembershipProvider.cs: Deleted.
377 * MembershipProvider.cs, AccessMembershipProvider.cs, MembershipUser.cs,
378 Membership.cs, ADMembershipProvider.cs, SqlMembershipProvider.cs
379 MembershipProviderCollection.cs: MembershipProvider has been deleted
380 and replaced by the abstract class MembershipProvider.
381 * MembershipProviderCollection.cs: Minor fixes.
382 * ADMembershipProvider.cs: Renamed to ActiveDirectoryMembershipProvider.cs.
384 2004-11-15 Lluis Sanchez Gual <lluis@novell.com>
386 * RoleProviderCollection.cs, MembershipProviderCollection.cs:
389 2004-08-23 Gonzalo Paniagua Javier <gonzalo@ximian.com>
391 * FormsAuthentication.cs: patch by Jim Pease to fix the date on renewal.
393 2004-08-22 Gonzalo Paniagua Javier <gonzalo@ximian.com>
395 * FormsAuthenticationModule.cs: don't renew expired cookies. Only renew
396 the cookie if SlidingExpiration is set. Thanks to Jim Pease.
398 2004-08-03 Sanjay Gupta <gsanjay@novell.com>
400 * MembershipSortOptions.cs:
401 * MembershipPasswordFormat.cs:
402 * MembershipOnlineStatus.cs:
403 * MembershipCreateStatus.cs:
404 * CookieProtection.cs: minor modifications.
406 2004-06-12 Pedro Martnez Juli <yoros@wanadoo.es>
408 * FormsAuthentication.cs: Undo last change.
410 2004-06-12 Pedro Martnez Juli <yoros@wanadoo.es>
412 * FormsAuthentication.cs: go to loginUrl from web.config settings
413 before try with the default ones.
415 2004-06-11 Gonzalo Paniagua Javier <gonzalo@ximian.com>
417 * DefaultAuthenticationModule.cs: set the IPrincipal for this thread
418 once we have a user. Fixes bug #59683.
420 2004-04-21 Gonzalo Paniagua Javier <gonzalo@ximian.com>
422 * FormsAuthenticationModule.cs: re-read configuration files if needed
423 when determining if forms auth. is used.
425 2004-01-23 Gonzalo Paniagua Javier <gonzalo@ximian.com>
427 * FormsAuthentication.cs: added RequireSSL and SlidingExpiration.
429 2004-01-11 Andreas Nahr <ClassDevelopment@A-SoftTech.com>
431 * PassportIdentity.cs: Added v 1.1 members
433 2003-11-25 Ben Maurer <bmaurer@users.sourceforge.net>
435 * AccessMembershipProvider.cs: New v2 file
436 * AccessRoleProvider.cs: New v2 file
437 * ADMembershipProvider.cs: New v2 file
438 * AnonymousIdentificationEventArgs.cs: New v2 file
439 * AnonymousIdentificationEventHandler.cs: New v2 file
440 * AnonymousIdentificationModule.cs: New v2 file
441 * CookieProtection.cs: New v2 file
442 * IMembershipProvider.cs: New v2 file
443 * IRoleProvider.cs: New v2 file
444 * Membership.cs: New v2 file
445 * MembershipCreateStatus.cs: New v2 file
446 * MembershipCreateUserException.cs: New v2 file
447 * MembershipOnlineStatus.cs: New v2 file
448 * MembershipPasswordException.cs: New v2 file
449 * MembershipPasswordFormat.cs: New v2 file
450 * MembershipProviderCollection.cs: New v2 file
451 * MembershipSortOptions.cs: New v2 file
452 * MembershipUser.cs: New v2 file
453 * MembershipUserCollection.cs: New v2 file
454 * RoleManagerEventArgs.cs: New v2 file
455 * RoleManagerEventHandler.cs: New v2 file
456 * RoleManagerModule.cs: New v2 file
457 * RolePrincipal.cs: New v2 file
458 * RoleProviderCollection.cs: New v2 file
459 * Roles.cs: New v2 file
460 * SqlMembershipProvider.cs: New v2 file
461 * SqlRoleProvider.cs: New v2 file
463 2003-11-05 Gonzalo Paniagua Javier <gonzalo@ximian.com>
465 * FormsAuthentication.cs: encoding updates.
467 2003-10-04 Gonzalo Paniagua Javier <gonzalo@ximian.com>
469 * FormsAuthenticationModule.cs: fixed for applications other than /.
471 2003-08-27 Gonzalo Paniagua Javier <gonzalo@ximian.com>
473 * UrlAuthorizationModule.cs: fixed description for status code.
475 2003-07-31 Gonzalo Paniagua Javier <gonzalo@ximian.com>
477 * FormsAuthenticationModule.cs: really renew the ticket. Thanks to
478 Jens Thiel <Jens@Thiel.DE>.
480 2003-02-13 Gonzalo Paniagua Javier <gonzalo@ximian.com>
482 * UrlAuthorizationModule.cs: tell the application not to run any other
483 step apart from EndRequest.
485 2003-02-12 Gonzalo Paniagua Javier <gonzalo@ximian.com>
487 * FormsAuthentication.cs: implemented RedirectFromLoginPage and
490 * FormsAuthenticationModule.cs: redirect to the login page when a 401
493 * UrlAuthorizationModule.cs: check for valid user or render error page.
495 2003-01-04 Gonzalo Paniagua Javier <gonzalo@ximian.com>
497 * DefaultAuthenticationModule.cs: implemented. It just create a default
498 unauthenticated user when no one else provided one.
500 * FormsAuthenticationModule.cs: removed debug output.
502 2002-12-20 Gonzalo Paniagua Javier <gonzalo@ximian.com>
504 * FormsAuthenticationModule.cs: remove debug lines.
506 2002-12-19 Gonzalo Paniagua Javier <gonzalo@ximian.com>
508 * FormsAuthentication.cs: return a null ticket when an exception is
509 thrown creating it. Implemented RenewTicketIfOld.
511 * FormsAuthenticationModule.cs: implemented event handlers for
512 AuthenticateRequest and EndRequest.
514 * FormsAuthenticationTicket.cs: implemented SetDates and Clone methods.
516 2002-12-18 Gonzalo Paniagua Javier <gonzalo@ximian.com>
518 * FormsAuthentication.cs: implemented GetAuthCookie, SetAuthCookie,
519 SignOut, FormsCookieName and FormsCookiePath.
521 2002-12-17 Gonzalo Paniagua Javier <gonzalo@ximian.com>
523 * FormsAuthentication.cs: implemented Authenticate, unencrypted Encrypt
524 and Decrypt, HashPasswordForStoringInConfigFile and Initialize.
526 * FormsAuthenticationTicket.cs: set cookiePath to the default when no
529 2002-08-26 Gonzalo Paniagua Javier <gonzalo@ximian.com>
531 * DefaultAuthenticationEventHandler.cs:
532 * DefaultAuthenticationModule.cs:
533 * FileAuthorizationModule.cs:
534 * FormsAuthentication.cs:
535 * FormsAuthenticationEventArgs.cs:
536 * FormsAuthenticationEventHandler.cs:
537 * FormsAuthenticationModule.cs:
538 * FormsAuthenticationTicket.cs:
540 * PassportAuthenticationEventArgs.cs:
541 * PassportAuthenticationEventHandler.cs:
542 * PassportAuthenticationModule.cs:
543 * PassportIdentity.cs:
544 * UrlAuthorizationModule.cs:
545 * WindowsAuthenticationEventArgs.cs:
546 * WindowsAuthenticationEventHandler.cs:
547 * WindowsAuthenticationModule.cs: new files. Some of them implemented,
548 some others stubbed out.
550 2002-06-03 Gonzalo Paniagua Javier <gonzalo@ximian.com>
552 * DefaultAuthenticationEventArgs.cs: added file.