1 2006-08-28 Konstantin Triger <kostat@mainsoft.com>
3 * SqlRoleProvider.cs, SqlMembershipProvider.cs:
4 "use SqlClientFactory in case the ProviderName is not specified.
6 2006-08-27 Konstantin Triger <kostat@mainsoft.com>
8 * SqlRoleProvider.cs: enable concurrent usage, refactoring.
10 2006-08-27 Konstantin Triger <kostat@mainsoft.com>
12 * SqlMembershipProvider.cs: enable concurrent usage, refactoring.
14 2006-08-27 Vladimir Krasnov <vladimirk@mainsoft.com>
16 * SqlMembershipProvider.cs: fixed ValidateUser, bug when user
19 2006-08-14 Gonzalo Paniagua Javier <gonzalo@ximian.com>
21 * FormsAuthentication.cs: set the Secure attribute of the authentication
24 2006-07-06 Konstantin Triger <kostat@mainsoft.com>
26 * FormsAuthentication.cs: Ensure initialized, fix url mapping.
28 2006-05-03 Chris Toshok <toshok@ximian.com>
30 * SqlMembershipProvider.cs (GetAlg): move this here for the time
31 being, as it's the only class that uses it.
32 (HashAndBase64Encode): nuke.
33 (EncryptAndBase64Encode): nuke.
34 (Base64DecodeAndDecrypt): nuke.
35 (DecryptPassword): new function.
36 (EncryptPassword): new function.
37 (ChangePassword): replace the switch with a call to
39 (ChangePasswordQuestionAndAnswer): same.
41 (ResetPassword): same.
42 (ValidateUsingPassword): same.
43 (ValidateUsingPasswordAnswer): same.
44 (GetPassword): same, and throw MembershipPasswordException if the
45 password answer is incorrect.
47 * MembershipProvider.cs (InitVector): nuke this. it's actually
48 the salt from the database (for the sql provider, anyway).
49 (EncodePassword): based on the password format, password, and
50 salt, encode it. Makes use of EncryptPassword.
51 (DecodePassword): likewise for decoding, makes use of
53 (DecryptPassword): revert this to throwing
54 NotImplementedException, as the sql provideroverrides it to
55 perform the actual decryption.
56 (EncryptPassword): same.
58 2006-05-02 Chris Toshok <toshok@ximian.com>
60 * SqlMembershipProvider.cs: 85% complete, maybe more. The major
61 functionality should work. Password retrieval (and encrypted
62 passwords in general) is untested.
64 2006-05-01 Chris Toshok <toshok@ximian.com>
66 * Membership.cs (GeneratePassword): don't include quotes (',",`)
67 in the set of characters in the generated passwords.
69 2006-05-01 Chris Toshok <toshok@ximian.com>
71 * MembershipProvider.cs (GetAlg): switch from Exception to
72 ProviderException to match MS behavior (and fix the unit test.)
74 * Membership.cs (GeneratePassword): implement.
76 2006-05-01 Chris Toshok <toshok@ximian.com>
78 * SqlMembershipProvider.cs: lots more work. checking this in in
79 its present state because I don't want to lose it. It still needs
82 * Membership.cs (.cctor): remove the fallback.
83 (ValidatingPassword): remove the MonoTODO.
85 * MembershipProvider.cs (DecryptPassword): implement.
86 (EncryptPassword): implement.
87 (GetAlg): helper function for Decrypt/EncryptPassword.
90 2006-04-27 Chris Toshok <toshok@ximian.com>
92 * SqlMembershipProvider.cs (GeneratePassword): call
93 Membership.GeneratePassword with the configured minimum strength
96 2006-04-27 Chris Toshok <toshok@ximian.com>
98 * SqlMembershipProvider.cs (UnlockUser): fix sql query, and move
99 the CheckPararm call to the top of the method.
101 2006-04-12 Chris Toshok <toshok@ximian.com>
103 * SqlMembershipProvider.cs: commit initial pass at
104 SqlMembershipProvider work. lots of stuff untested in here.
106 2006-04-11 Chris Toshok <toshok@ximian.com>
108 * MembershipUser.cs (.ctor): per Shackow's book, all DateTime's
109 are converted using ToUniversalTime when passed into this class.
110 (UpdateSelf): update ourselves from the passed in MembershipUser,
111 swallowing NotSupportedExceptions.
112 (UpdateUser): fetch a new MembershipUser from the db and call
114 (ChangePassword): call UpdateUser after changing the password.
115 (ChangePasswordQuestionAndAnswer): same.
116 (ResetPassword): same.
117 (UnlockUser): same. Also, don't explicitly set isLockedOut.
118 It'll be updated in UpdateSelf.
119 (CreationDate): getter calls ToLocalTime, setter calls
121 (LastActivityDate): same.
122 (LastLoginDate): same.
123 (LastPasswordChangedDate): same.
124 (LastLockoutDate): same.
126 * Membership.cs (.cctor): use
127 ProvidersHelper.InstantitateProviders, and remove some unnecessary
130 2006-03-29 Chris Toshok <toshok@ximian.com>
132 * SqlRoleProvider.cs: do the LOWER's in SQL, not in C#.
134 2006-03-23 Chris Toshok <toshok@ximian.com>
136 * Roles.cs: make this 2.0 configuration aware.
138 * SqlRoleProvider.cs: flesh out all the operations. the only
139 things that need dealing with are the Initialize method's handling
140 of a few parameters, and the ApplicationName property.
142 2006-03-23 Chris Toshok <toshok@ximian.com>
144 * DefaultAuthenticationModule.cs (OnDefaultAuthentication): always
145 set Thread.CurrentPrincipal, not just if we set it to the
148 2006-03-22 Chris Toshok <toshok@ximian.com>
150 * RoleManagerModule.cs: implement using info in Shackow's book.
152 * RolePrincipal.cs: flesh this out a bit more.
154 * DefaultAuthenticationModule.cs (OnDefaultAuthentication):
155 according to Shackow's book, this sets Thread.CurrentPrincipal as
156 well as HttpContext.Current.User.
158 2006-02-28 Chris Toshok <toshok@ximian.com>
160 * FormsAuthentication.cs: corcompare work.
162 * MembershipCreateUserException.cs: same.
164 * MembershipPasswordException.cs: same.
166 * AnonymousIdentificationModule.cs: same.
168 2006-02-01 Chris Toshok <toshok@ximian.com>
170 * FormsAuthentication.cs, Membership.cs,
171 FormsAuthenticationModule.cs, UrlAuthorizationModule.cs: oops,
172 replace GetWebApplicationSection with GetSection.
174 2006-02-01 Chris Toshok <toshok@ximian.com>
176 * FormsAuthentication.cs: CONFIGURATION_2_0 => NET_2_0.
177 simplifies the ifdef mess quite a bit.
179 * Membership.cs: same.
181 * FormsAuthenticationModule.cs: same.
183 * UrlAuthorizationModule.cs: same.
185 2006-01-04 Chris Toshok <toshok@ximian.com>
187 * FormsAuthentication.cs (Authenticate): add CONFIGURATION_2_0
194 2006-01-04 Chris Toshok <toshok@ximian.com>
196 * Membership.cs (.cctor): enable the code here under
199 2006-01-03 Chris Toshok <toshok@ximian.com>
201 * UrlAuthorizationModule.cs (OnAuthorizeRequest): add
202 CONFIGURATION_2_0 code here.
204 2005-12-22 Gonzalo Paniagua Javier <gonzalo@ximian.com>
206 * FormsAuthentication.cs: don't end the request in
207 RedirectFromLoginPage.
209 2005-12-22 Gonzalo Paniagua Javier <gonzalo@ximian.com>
211 * FormsAuthenticationModule.cs: expire the cookie. Fixes bug #77043.
212 Patch by Cyrille Colin.
214 2005-12-13 Gonzalo Paniagua Javier <gonzalo@ximian.com>
216 * FormsAuthenticationModule.cs: ignore any exception thrown when mapping
217 the provided virtual path to the physical one. Patch by Cyrille Colin.
219 2005-11-28 Chris Toshok <toshok@ximian.com>
221 * FormsAuthenticationModule.cs (OnAuthenticateRequest):
222 CONFIGURATION_2_0 work.
223 (OnEndRequest): same.
225 2005-09-09 Sebastien Pouliot <sebastien@ximian.com>
227 * DefaultAuthenticationEventArgs.cs: Added LinkDemand for Minimal.
228 * DefaultAuthenticationModule.cs: Added LinkDemand for Minimal. Added
229 Demand for UnmanagedCode on constructor.
230 * FileAuthorizationModule.cs: Added LinkDemand for Minimal. Added
231 Demand for UnmanagedCode on constructor.
232 * FormsAuthentication.cs: Added LinkDemand for Minimal.
233 * FormsAuthenticationEventArgs.cs: Added LinkDemand for Minimal.
234 * FormsAuthenticationModule.cs: Added LinkDemand for Minimal. Added
235 Demand for UnmanagedCode on constructor.
236 * FormsAuthenticationTicket.cs: Added LinkDemand for Minimal.
237 * FormsIdentity.cs: Added LinkDemand for Minimal.
238 * PassportAuthenticationEventArgs.cs: Added LinkDemand for Minimal.
239 * PassportAuthenticationModule.cs: Added LinkDemand for Minimal. Added
240 Demand for UnmanagedCode on constructor.
241 * PassportIdentity.cs: Added LinkDemand for Minimal. Added Demand for
242 UnmanagedCode on constructor.
243 * UrlAuthorizationModule.cs: Added LinkDemand for Minimal. Added
244 Demand for UnmanagedCode on constructor.
245 * WindowsAuthenticationEventArgs.cs: Added LinkDemand for Minimal.
246 * WindowsAuthenticationModule.cs: Added LinkDemand for Minimal. Added
247 Demand for UnmanagedCode on constructor.
249 2005-09-01 Sebastien Pouliot <sebastien@ximian.com>
251 * FormsAuthenticationEventArgs.cs: Ensure the setter for User is
252 protected by a demand for ControlPrincipal.
253 * PassportAuthenticationEventArgs.cs: Ensure the setter for User is
254 protected by a demand for ControlPrincipal.
255 * WindowsAuthenticationEventArgs.cs: Ensure the setter for User is
256 protected by a demand for ControlPrincipal.
258 2005-08-25 Sebastien Pouliot <sebastien@ximian.com>
260 * FormsAuthentication.cs: With 2.0 we can get the default properties
261 and call Initialize without a NRE.
263 2005-08-25 Sebastien Pouliot <sebastien@ximian.com>
265 * ActiveDirectoryConnectionProtection.cs: New (2.0) enum.
266 * ActiveDirectoryMembershipProvider.cs: Fixed 2.0 API.
267 * AnonymousIdentificationEventArgs.cs: Fixed AnonymousID property case.
268 * AnonymousIdentificationModule.cs: Fixed 2.0 API.
269 * FileAuthorizationModule.cs: Added static CheckFileAccessForUser in
271 * FormsAuthentication.cs: Added missing 2.0 properties with their
273 * MembershipCreateStatus.cs: Fixed enum values/names.
274 * MembershipProvider.cs: Added stub for [Decrypt|Encrypt]Password. Both
275 methods don't seems to work without an active provider.
276 * PassportIdentity.cs: Added IDispose for 2.0 profile.
277 * Roles.cs: Added missing beta2 bits and default values (which are the
278 only things working without a role provider (web.config).
279 * RolePrincipal.cs: Fixed 2.0 API. Implemented a few bits.
280 * SqlRoleProvider.cs: Fixed 2.0 API.
281 * UrlAuthorizationModule.cs: Added static CheckUrlAccessForPrincipal in
284 2005-08-24 Sebastien Pouliot <sebastien@ximian.com>
286 * MembershipUserCollection.cs: Fix exceptions.
288 2005-08-22 Sebastien Pouliot <sebastien@ximian.com>
290 * FormsAuthentication.cs: Add some 2.0 stuff required for Login*
293 2005-08-18 Sebastien Pouliot <sebastien@ximian.com>
295 * Membership.cs: Commented unworking parts of the .cctor to allow
296 testing the Login control.
297 * MembershipProviderCollection.cs: Fixed exception handling.
298 * SqlMembershipProvider.cs: Don't throw NotImplementedException
299 everywhere so Membership's .cctor (somewhat) works. Removed
300 Description property (not in beta2).
302 2005-07-28 Gonzalo Paniagua Javier <gonzalo@ximian.com>
304 * FormsAuthentication.cs: allow hardware acceleration support if
305 available. Sebastien dixit.
307 2005-07-26 Gonzalo Paniagua Javier <gonzalo@ximian.com>
309 * FormsAuthentication.cs: the init_vector must be the same accross
310 restarts, otherwise the cookie does not work even when a decryption
311 key is provided. Initialize it to the bytes of the cookie name. Fixes
314 2005-07-25 Eyal Alaluf <eyala@mainsoft.com>
316 * FormsAuthenticationModule.cs: Check for null config
318 2005-07-25 Miguel de Icaza <miguel@novell.com>
320 * FormsAuthentication.cs (SignOut): Force the cookie to have it
323 2005-07-25 Gonzalo Paniagua Javier <gonzalo@ximian.com>
325 * FormsAuthentication.cs: my previous patch missed a "small" detail: it
326 didn't include the verification key when computing/checking the
327 validation hash. Now this is really a MAC or HMAC or...
329 2005-07-25 Gonzalo Paniagua Javier <gonzalo@ximian.com>
331 * FormsAuthentication.cs:
332 * FormsAuthenticationTicket.cs: added support for validation and
333 encryption of the auth. cookie and improved serialization of the ticket.
335 2005-07-01 Lluis Sanchez Gual <lluis@novell.com>
337 * Membership.cs: Read provider info from the config file.
339 2005-06-10 Lluis Sanchez Gual <lluis@novell.com>
341 * MembershipUserCollection.cs:
342 * MembershipPasswordException.cs:
343 * RoleProviderCollection.cs:
344 * ActiveDirectoryMembershipProvider.cs:
345 * SqlMembershipProvider.cs:
346 * MembershipProvider.cs:
347 * SqlRoleProvider.cs:
350 * MembershipProviderCollection.cs:
352 * RoleProvider.cs: Track api changes in ASP.NET 2.0. Implemented
353 some missing methods.
355 * AccessRoleProvider.cs:
356 * AccessMembershipProvider.cs: Removed.
358 * MembershipCreateUserException.cs:
359 * MembershipValidatePasswordEventHandler.cs:
360 * ValidatePasswordEventArgs.cs: Implemented.
362 2005-05-21 Sebastien Pouliot <sebastien@ximian.com>
364 * FormsAuthentication.cs: Hash the UTF8 representation of the password
365 strings (to be compatible with Microsoft implementation).
367 2005-04-20 Gonzalo Paniagua Javier <gonzalo@ximian.com>
369 * FormsAuthentication.cs:
370 * PassportAuthenticationModule.cs:
371 * WindowsAuthenticationModule.cs: removed warnings.
373 2005-03-11 Gonzalo Paniagua Javier <gonzalo@ximian.com>
375 * FormsAuthenticationModule.cs: fix for bug 73545, which caused
376 authentication not to work when the cookie was not persistent.
377 Patch by Ilya Kharmatsky (Mainsoft).
379 2005-02-23 Gonzalo Paniagua Javier <gonzalo@ximian.com>
381 * FormsAuthentication.cs: make the string to be stored in a config.
382 file uppercase... See bug #72557.
384 2005-02-06 Gonzalo Paniagua Javier <gonzalo@ximian.com>
386 * FormsAuthentication.cs: fixed typo when getting the hash for the
387 password in SHA1 and MD5. Thanks to Tadas Dailyda.
388 Lock on a static object instead of typeof(FormsAuthentication).
390 2004-11-18 Lluis Sanchez Gual <lluis@novell.com>
392 * RoleProvider.cs, Roles.cs, SqlRoleProvider.cs, RoleProviderCollection.cs,
393 AccessRoleProvider.cs: IRoleProvider has been renamed to ProviderBase.
394 * IMembershipProvider.cs: Deleted.
395 * MembershipProvider.cs, AccessMembershipProvider.cs, MembershipUser.cs,
396 Membership.cs, ADMembershipProvider.cs, SqlMembershipProvider.cs
397 MembershipProviderCollection.cs: MembershipProvider has been deleted
398 and replaced by the abstract class MembershipProvider.
399 * MembershipProviderCollection.cs: Minor fixes.
400 * ADMembershipProvider.cs: Renamed to ActiveDirectoryMembershipProvider.cs.
402 2004-11-15 Lluis Sanchez Gual <lluis@novell.com>
404 * RoleProviderCollection.cs, MembershipProviderCollection.cs:
407 2004-08-23 Gonzalo Paniagua Javier <gonzalo@ximian.com>
409 * FormsAuthentication.cs: patch by Jim Pease to fix the date on renewal.
411 2004-08-22 Gonzalo Paniagua Javier <gonzalo@ximian.com>
413 * FormsAuthenticationModule.cs: don't renew expired cookies. Only renew
414 the cookie if SlidingExpiration is set. Thanks to Jim Pease.
416 2004-08-03 Sanjay Gupta <gsanjay@novell.com>
418 * MembershipSortOptions.cs:
419 * MembershipPasswordFormat.cs:
420 * MembershipOnlineStatus.cs:
421 * MembershipCreateStatus.cs:
422 * CookieProtection.cs: minor modifications.
424 2004-06-12 Pedro Martnez Juli <yoros@wanadoo.es>
426 * FormsAuthentication.cs: Undo last change.
428 2004-06-12 Pedro Martnez Juli <yoros@wanadoo.es>
430 * FormsAuthentication.cs: go to loginUrl from web.config settings
431 before try with the default ones.
433 2004-06-11 Gonzalo Paniagua Javier <gonzalo@ximian.com>
435 * DefaultAuthenticationModule.cs: set the IPrincipal for this thread
436 once we have a user. Fixes bug #59683.
438 2004-04-21 Gonzalo Paniagua Javier <gonzalo@ximian.com>
440 * FormsAuthenticationModule.cs: re-read configuration files if needed
441 when determining if forms auth. is used.
443 2004-01-23 Gonzalo Paniagua Javier <gonzalo@ximian.com>
445 * FormsAuthentication.cs: added RequireSSL and SlidingExpiration.
447 2004-01-11 Andreas Nahr <ClassDevelopment@A-SoftTech.com>
449 * PassportIdentity.cs: Added v 1.1 members
451 2003-11-25 Ben Maurer <bmaurer@users.sourceforge.net>
453 * AccessMembershipProvider.cs: New v2 file
454 * AccessRoleProvider.cs: New v2 file
455 * ADMembershipProvider.cs: New v2 file
456 * AnonymousIdentificationEventArgs.cs: New v2 file
457 * AnonymousIdentificationEventHandler.cs: New v2 file
458 * AnonymousIdentificationModule.cs: New v2 file
459 * CookieProtection.cs: New v2 file
460 * IMembershipProvider.cs: New v2 file
461 * IRoleProvider.cs: New v2 file
462 * Membership.cs: New v2 file
463 * MembershipCreateStatus.cs: New v2 file
464 * MembershipCreateUserException.cs: New v2 file
465 * MembershipOnlineStatus.cs: New v2 file
466 * MembershipPasswordException.cs: New v2 file
467 * MembershipPasswordFormat.cs: New v2 file
468 * MembershipProviderCollection.cs: New v2 file
469 * MembershipSortOptions.cs: New v2 file
470 * MembershipUser.cs: New v2 file
471 * MembershipUserCollection.cs: New v2 file
472 * RoleManagerEventArgs.cs: New v2 file
473 * RoleManagerEventHandler.cs: New v2 file
474 * RoleManagerModule.cs: New v2 file
475 * RolePrincipal.cs: New v2 file
476 * RoleProviderCollection.cs: New v2 file
477 * Roles.cs: New v2 file
478 * SqlMembershipProvider.cs: New v2 file
479 * SqlRoleProvider.cs: New v2 file
481 2003-11-05 Gonzalo Paniagua Javier <gonzalo@ximian.com>
483 * FormsAuthentication.cs: encoding updates.
485 2003-10-04 Gonzalo Paniagua Javier <gonzalo@ximian.com>
487 * FormsAuthenticationModule.cs: fixed for applications other than /.
489 2003-08-27 Gonzalo Paniagua Javier <gonzalo@ximian.com>
491 * UrlAuthorizationModule.cs: fixed description for status code.
493 2003-07-31 Gonzalo Paniagua Javier <gonzalo@ximian.com>
495 * FormsAuthenticationModule.cs: really renew the ticket. Thanks to
496 Jens Thiel <Jens@Thiel.DE>.
498 2003-02-13 Gonzalo Paniagua Javier <gonzalo@ximian.com>
500 * UrlAuthorizationModule.cs: tell the application not to run any other
501 step apart from EndRequest.
503 2003-02-12 Gonzalo Paniagua Javier <gonzalo@ximian.com>
505 * FormsAuthentication.cs: implemented RedirectFromLoginPage and
508 * FormsAuthenticationModule.cs: redirect to the login page when a 401
511 * UrlAuthorizationModule.cs: check for valid user or render error page.
513 2003-01-04 Gonzalo Paniagua Javier <gonzalo@ximian.com>
515 * DefaultAuthenticationModule.cs: implemented. It just create a default
516 unauthenticated user when no one else provided one.
518 * FormsAuthenticationModule.cs: removed debug output.
520 2002-12-20 Gonzalo Paniagua Javier <gonzalo@ximian.com>
522 * FormsAuthenticationModule.cs: remove debug lines.
524 2002-12-19 Gonzalo Paniagua Javier <gonzalo@ximian.com>
526 * FormsAuthentication.cs: return a null ticket when an exception is
527 thrown creating it. Implemented RenewTicketIfOld.
529 * FormsAuthenticationModule.cs: implemented event handlers for
530 AuthenticateRequest and EndRequest.
532 * FormsAuthenticationTicket.cs: implemented SetDates and Clone methods.
534 2002-12-18 Gonzalo Paniagua Javier <gonzalo@ximian.com>
536 * FormsAuthentication.cs: implemented GetAuthCookie, SetAuthCookie,
537 SignOut, FormsCookieName and FormsCookiePath.
539 2002-12-17 Gonzalo Paniagua Javier <gonzalo@ximian.com>
541 * FormsAuthentication.cs: implemented Authenticate, unencrypted Encrypt
542 and Decrypt, HashPasswordForStoringInConfigFile and Initialize.
544 * FormsAuthenticationTicket.cs: set cookiePath to the default when no
547 2002-08-26 Gonzalo Paniagua Javier <gonzalo@ximian.com>
549 * DefaultAuthenticationEventHandler.cs:
550 * DefaultAuthenticationModule.cs:
551 * FileAuthorizationModule.cs:
552 * FormsAuthentication.cs:
553 * FormsAuthenticationEventArgs.cs:
554 * FormsAuthenticationEventHandler.cs:
555 * FormsAuthenticationModule.cs:
556 * FormsAuthenticationTicket.cs:
558 * PassportAuthenticationEventArgs.cs:
559 * PassportAuthenticationEventHandler.cs:
560 * PassportAuthenticationModule.cs:
561 * PassportIdentity.cs:
562 * UrlAuthorizationModule.cs:
563 * WindowsAuthenticationEventArgs.cs:
564 * WindowsAuthenticationEventHandler.cs:
565 * WindowsAuthenticationModule.cs: new files. Some of them implemented,
566 some others stubbed out.
568 2002-06-03 Gonzalo Paniagua Javier <gonzalo@ximian.com>
570 * DefaultAuthenticationEventArgs.cs: added file.