1 2006-09-03 Igor Zelmanovich <igorz@mainsoft.com>
3 * SqlMembershipProvider.cs: fixed GetUser,
4 when username is String.Empty methods returns null.
6 2006-08-31 Konstantin Triger <kostat@mainsoft.com>
8 * SqlRoleProvider.cs: fixed initialization.
10 2006-08-31 Igor Zelmanovich <igorz@mainsoft.com>
12 * SqlMembershipProvider.cs: fixed CreateUser,
13 password is checked, properties MinRequiredPasswordLength and
14 MinRequiredNonAlphanumericCharacters are considered.
16 2006-08-29 Konstantin Triger <kostat@mainsoft.com>
18 * SqlMembershipProvider.cs: fix dispose order of reader vs connection.
20 2006-08-28 Igor Zelmanovich <igorz@mainsoft.com>
22 * SqlMembershipProvider.cs: fixed CreateUser, parameter isApproved is
25 2006-08-28 Konstantin Triger <kostat@mainsoft.com>
27 * SqlMembershipProvider.cs: ensure GetUser() returns null if it cannot
28 retrieve user information.
30 2006-08-28 Konstantin Triger <kostat@mainsoft.com>
32 * SqlRoleProvider.cs, SqlMembershipProvider.cs:
33 "use SqlClientFactory in case the ProviderName is not specified.
35 2006-08-27 Konstantin Triger <kostat@mainsoft.com>
37 * SqlRoleProvider.cs: enable concurrent usage, refactoring.
39 2006-08-27 Konstantin Triger <kostat@mainsoft.com>
41 * SqlMembershipProvider.cs: enable concurrent usage, refactoring.
43 2006-08-27 Vladimir Krasnov <vladimirk@mainsoft.com>
45 * SqlMembershipProvider.cs: fixed ValidateUser, bug when user
48 2006-08-14 Gonzalo Paniagua Javier <gonzalo@ximian.com>
50 * FormsAuthentication.cs: set the Secure attribute of the authentication
53 2006-07-06 Konstantin Triger <kostat@mainsoft.com>
55 * FormsAuthentication.cs: Ensure initialized, fix url mapping.
57 2006-05-03 Chris Toshok <toshok@ximian.com>
59 * SqlMembershipProvider.cs (GetAlg): move this here for the time
60 being, as it's the only class that uses it.
61 (HashAndBase64Encode): nuke.
62 (EncryptAndBase64Encode): nuke.
63 (Base64DecodeAndDecrypt): nuke.
64 (DecryptPassword): new function.
65 (EncryptPassword): new function.
66 (ChangePassword): replace the switch with a call to
68 (ChangePasswordQuestionAndAnswer): same.
70 (ResetPassword): same.
71 (ValidateUsingPassword): same.
72 (ValidateUsingPasswordAnswer): same.
73 (GetPassword): same, and throw MembershipPasswordException if the
74 password answer is incorrect.
76 * MembershipProvider.cs (InitVector): nuke this. it's actually
77 the salt from the database (for the sql provider, anyway).
78 (EncodePassword): based on the password format, password, and
79 salt, encode it. Makes use of EncryptPassword.
80 (DecodePassword): likewise for decoding, makes use of
82 (DecryptPassword): revert this to throwing
83 NotImplementedException, as the sql provideroverrides it to
84 perform the actual decryption.
85 (EncryptPassword): same.
87 2006-05-02 Chris Toshok <toshok@ximian.com>
89 * SqlMembershipProvider.cs: 85% complete, maybe more. The major
90 functionality should work. Password retrieval (and encrypted
91 passwords in general) is untested.
93 2006-05-01 Chris Toshok <toshok@ximian.com>
95 * Membership.cs (GeneratePassword): don't include quotes (',",`)
96 in the set of characters in the generated passwords.
98 2006-05-01 Chris Toshok <toshok@ximian.com>
100 * MembershipProvider.cs (GetAlg): switch from Exception to
101 ProviderException to match MS behavior (and fix the unit test.)
103 * Membership.cs (GeneratePassword): implement.
105 2006-05-01 Chris Toshok <toshok@ximian.com>
107 * SqlMembershipProvider.cs: lots more work. checking this in in
108 its present state because I don't want to lose it. It still needs
111 * Membership.cs (.cctor): remove the fallback.
112 (ValidatingPassword): remove the MonoTODO.
114 * MembershipProvider.cs (DecryptPassword): implement.
115 (EncryptPassword): implement.
116 (GetAlg): helper function for Decrypt/EncryptPassword.
119 2006-04-27 Chris Toshok <toshok@ximian.com>
121 * SqlMembershipProvider.cs (GeneratePassword): call
122 Membership.GeneratePassword with the configured minimum strength
125 2006-04-27 Chris Toshok <toshok@ximian.com>
127 * SqlMembershipProvider.cs (UnlockUser): fix sql query, and move
128 the CheckPararm call to the top of the method.
130 2006-04-12 Chris Toshok <toshok@ximian.com>
132 * SqlMembershipProvider.cs: commit initial pass at
133 SqlMembershipProvider work. lots of stuff untested in here.
135 2006-04-11 Chris Toshok <toshok@ximian.com>
137 * MembershipUser.cs (.ctor): per Shackow's book, all DateTime's
138 are converted using ToUniversalTime when passed into this class.
139 (UpdateSelf): update ourselves from the passed in MembershipUser,
140 swallowing NotSupportedExceptions.
141 (UpdateUser): fetch a new MembershipUser from the db and call
143 (ChangePassword): call UpdateUser after changing the password.
144 (ChangePasswordQuestionAndAnswer): same.
145 (ResetPassword): same.
146 (UnlockUser): same. Also, don't explicitly set isLockedOut.
147 It'll be updated in UpdateSelf.
148 (CreationDate): getter calls ToLocalTime, setter calls
150 (LastActivityDate): same.
151 (LastLoginDate): same.
152 (LastPasswordChangedDate): same.
153 (LastLockoutDate): same.
155 * Membership.cs (.cctor): use
156 ProvidersHelper.InstantitateProviders, and remove some unnecessary
159 2006-03-29 Chris Toshok <toshok@ximian.com>
161 * SqlRoleProvider.cs: do the LOWER's in SQL, not in C#.
163 2006-03-23 Chris Toshok <toshok@ximian.com>
165 * Roles.cs: make this 2.0 configuration aware.
167 * SqlRoleProvider.cs: flesh out all the operations. the only
168 things that need dealing with are the Initialize method's handling
169 of a few parameters, and the ApplicationName property.
171 2006-03-23 Chris Toshok <toshok@ximian.com>
173 * DefaultAuthenticationModule.cs (OnDefaultAuthentication): always
174 set Thread.CurrentPrincipal, not just if we set it to the
177 2006-03-22 Chris Toshok <toshok@ximian.com>
179 * RoleManagerModule.cs: implement using info in Shackow's book.
181 * RolePrincipal.cs: flesh this out a bit more.
183 * DefaultAuthenticationModule.cs (OnDefaultAuthentication):
184 according to Shackow's book, this sets Thread.CurrentPrincipal as
185 well as HttpContext.Current.User.
187 2006-02-28 Chris Toshok <toshok@ximian.com>
189 * FormsAuthentication.cs: corcompare work.
191 * MembershipCreateUserException.cs: same.
193 * MembershipPasswordException.cs: same.
195 * AnonymousIdentificationModule.cs: same.
197 2006-02-01 Chris Toshok <toshok@ximian.com>
199 * FormsAuthentication.cs, Membership.cs,
200 FormsAuthenticationModule.cs, UrlAuthorizationModule.cs: oops,
201 replace GetWebApplicationSection with GetSection.
203 2006-02-01 Chris Toshok <toshok@ximian.com>
205 * FormsAuthentication.cs: CONFIGURATION_2_0 => NET_2_0.
206 simplifies the ifdef mess quite a bit.
208 * Membership.cs: same.
210 * FormsAuthenticationModule.cs: same.
212 * UrlAuthorizationModule.cs: same.
214 2006-01-04 Chris Toshok <toshok@ximian.com>
216 * FormsAuthentication.cs (Authenticate): add CONFIGURATION_2_0
223 2006-01-04 Chris Toshok <toshok@ximian.com>
225 * Membership.cs (.cctor): enable the code here under
228 2006-01-03 Chris Toshok <toshok@ximian.com>
230 * UrlAuthorizationModule.cs (OnAuthorizeRequest): add
231 CONFIGURATION_2_0 code here.
233 2005-12-22 Gonzalo Paniagua Javier <gonzalo@ximian.com>
235 * FormsAuthentication.cs: don't end the request in
236 RedirectFromLoginPage.
238 2005-12-22 Gonzalo Paniagua Javier <gonzalo@ximian.com>
240 * FormsAuthenticationModule.cs: expire the cookie. Fixes bug #77043.
241 Patch by Cyrille Colin.
243 2005-12-13 Gonzalo Paniagua Javier <gonzalo@ximian.com>
245 * FormsAuthenticationModule.cs: ignore any exception thrown when mapping
246 the provided virtual path to the physical one. Patch by Cyrille Colin.
248 2005-11-28 Chris Toshok <toshok@ximian.com>
250 * FormsAuthenticationModule.cs (OnAuthenticateRequest):
251 CONFIGURATION_2_0 work.
252 (OnEndRequest): same.
254 2005-09-09 Sebastien Pouliot <sebastien@ximian.com>
256 * DefaultAuthenticationEventArgs.cs: Added LinkDemand for Minimal.
257 * DefaultAuthenticationModule.cs: Added LinkDemand for Minimal. Added
258 Demand for UnmanagedCode on constructor.
259 * FileAuthorizationModule.cs: Added LinkDemand for Minimal. Added
260 Demand for UnmanagedCode on constructor.
261 * FormsAuthentication.cs: Added LinkDemand for Minimal.
262 * FormsAuthenticationEventArgs.cs: Added LinkDemand for Minimal.
263 * FormsAuthenticationModule.cs: Added LinkDemand for Minimal. Added
264 Demand for UnmanagedCode on constructor.
265 * FormsAuthenticationTicket.cs: Added LinkDemand for Minimal.
266 * FormsIdentity.cs: Added LinkDemand for Minimal.
267 * PassportAuthenticationEventArgs.cs: Added LinkDemand for Minimal.
268 * PassportAuthenticationModule.cs: Added LinkDemand for Minimal. Added
269 Demand for UnmanagedCode on constructor.
270 * PassportIdentity.cs: Added LinkDemand for Minimal. Added Demand for
271 UnmanagedCode on constructor.
272 * UrlAuthorizationModule.cs: Added LinkDemand for Minimal. Added
273 Demand for UnmanagedCode on constructor.
274 * WindowsAuthenticationEventArgs.cs: Added LinkDemand for Minimal.
275 * WindowsAuthenticationModule.cs: Added LinkDemand for Minimal. Added
276 Demand for UnmanagedCode on constructor.
278 2005-09-01 Sebastien Pouliot <sebastien@ximian.com>
280 * FormsAuthenticationEventArgs.cs: Ensure the setter for User is
281 protected by a demand for ControlPrincipal.
282 * PassportAuthenticationEventArgs.cs: Ensure the setter for User is
283 protected by a demand for ControlPrincipal.
284 * WindowsAuthenticationEventArgs.cs: Ensure the setter for User is
285 protected by a demand for ControlPrincipal.
287 2005-08-25 Sebastien Pouliot <sebastien@ximian.com>
289 * FormsAuthentication.cs: With 2.0 we can get the default properties
290 and call Initialize without a NRE.
292 2005-08-25 Sebastien Pouliot <sebastien@ximian.com>
294 * ActiveDirectoryConnectionProtection.cs: New (2.0) enum.
295 * ActiveDirectoryMembershipProvider.cs: Fixed 2.0 API.
296 * AnonymousIdentificationEventArgs.cs: Fixed AnonymousID property case.
297 * AnonymousIdentificationModule.cs: Fixed 2.0 API.
298 * FileAuthorizationModule.cs: Added static CheckFileAccessForUser in
300 * FormsAuthentication.cs: Added missing 2.0 properties with their
302 * MembershipCreateStatus.cs: Fixed enum values/names.
303 * MembershipProvider.cs: Added stub for [Decrypt|Encrypt]Password. Both
304 methods don't seems to work without an active provider.
305 * PassportIdentity.cs: Added IDispose for 2.0 profile.
306 * Roles.cs: Added missing beta2 bits and default values (which are the
307 only things working without a role provider (web.config).
308 * RolePrincipal.cs: Fixed 2.0 API. Implemented a few bits.
309 * SqlRoleProvider.cs: Fixed 2.0 API.
310 * UrlAuthorizationModule.cs: Added static CheckUrlAccessForPrincipal in
313 2005-08-24 Sebastien Pouliot <sebastien@ximian.com>
315 * MembershipUserCollection.cs: Fix exceptions.
317 2005-08-22 Sebastien Pouliot <sebastien@ximian.com>
319 * FormsAuthentication.cs: Add some 2.0 stuff required for Login*
322 2005-08-18 Sebastien Pouliot <sebastien@ximian.com>
324 * Membership.cs: Commented unworking parts of the .cctor to allow
325 testing the Login control.
326 * MembershipProviderCollection.cs: Fixed exception handling.
327 * SqlMembershipProvider.cs: Don't throw NotImplementedException
328 everywhere so Membership's .cctor (somewhat) works. Removed
329 Description property (not in beta2).
331 2005-07-28 Gonzalo Paniagua Javier <gonzalo@ximian.com>
333 * FormsAuthentication.cs: allow hardware acceleration support if
334 available. Sebastien dixit.
336 2005-07-26 Gonzalo Paniagua Javier <gonzalo@ximian.com>
338 * FormsAuthentication.cs: the init_vector must be the same accross
339 restarts, otherwise the cookie does not work even when a decryption
340 key is provided. Initialize it to the bytes of the cookie name. Fixes
343 2005-07-25 Eyal Alaluf <eyala@mainsoft.com>
345 * FormsAuthenticationModule.cs: Check for null config
347 2005-07-25 Miguel de Icaza <miguel@novell.com>
349 * FormsAuthentication.cs (SignOut): Force the cookie to have it
352 2005-07-25 Gonzalo Paniagua Javier <gonzalo@ximian.com>
354 * FormsAuthentication.cs: my previous patch missed a "small" detail: it
355 didn't include the verification key when computing/checking the
356 validation hash. Now this is really a MAC or HMAC or...
358 2005-07-25 Gonzalo Paniagua Javier <gonzalo@ximian.com>
360 * FormsAuthentication.cs:
361 * FormsAuthenticationTicket.cs: added support for validation and
362 encryption of the auth. cookie and improved serialization of the ticket.
364 2005-07-01 Lluis Sanchez Gual <lluis@novell.com>
366 * Membership.cs: Read provider info from the config file.
368 2005-06-10 Lluis Sanchez Gual <lluis@novell.com>
370 * MembershipUserCollection.cs:
371 * MembershipPasswordException.cs:
372 * RoleProviderCollection.cs:
373 * ActiveDirectoryMembershipProvider.cs:
374 * SqlMembershipProvider.cs:
375 * MembershipProvider.cs:
376 * SqlRoleProvider.cs:
379 * MembershipProviderCollection.cs:
381 * RoleProvider.cs: Track api changes in ASP.NET 2.0. Implemented
382 some missing methods.
384 * AccessRoleProvider.cs:
385 * AccessMembershipProvider.cs: Removed.
387 * MembershipCreateUserException.cs:
388 * MembershipValidatePasswordEventHandler.cs:
389 * ValidatePasswordEventArgs.cs: Implemented.
391 2005-05-21 Sebastien Pouliot <sebastien@ximian.com>
393 * FormsAuthentication.cs: Hash the UTF8 representation of the password
394 strings (to be compatible with Microsoft implementation).
396 2005-04-20 Gonzalo Paniagua Javier <gonzalo@ximian.com>
398 * FormsAuthentication.cs:
399 * PassportAuthenticationModule.cs:
400 * WindowsAuthenticationModule.cs: removed warnings.
402 2005-03-11 Gonzalo Paniagua Javier <gonzalo@ximian.com>
404 * FormsAuthenticationModule.cs: fix for bug 73545, which caused
405 authentication not to work when the cookie was not persistent.
406 Patch by Ilya Kharmatsky (Mainsoft).
408 2005-02-23 Gonzalo Paniagua Javier <gonzalo@ximian.com>
410 * FormsAuthentication.cs: make the string to be stored in a config.
411 file uppercase... See bug #72557.
413 2005-02-06 Gonzalo Paniagua Javier <gonzalo@ximian.com>
415 * FormsAuthentication.cs: fixed typo when getting the hash for the
416 password in SHA1 and MD5. Thanks to Tadas Dailyda.
417 Lock on a static object instead of typeof(FormsAuthentication).
419 2004-11-18 Lluis Sanchez Gual <lluis@novell.com>
421 * RoleProvider.cs, Roles.cs, SqlRoleProvider.cs, RoleProviderCollection.cs,
422 AccessRoleProvider.cs: IRoleProvider has been renamed to ProviderBase.
423 * IMembershipProvider.cs: Deleted.
424 * MembershipProvider.cs, AccessMembershipProvider.cs, MembershipUser.cs,
425 Membership.cs, ADMembershipProvider.cs, SqlMembershipProvider.cs
426 MembershipProviderCollection.cs: MembershipProvider has been deleted
427 and replaced by the abstract class MembershipProvider.
428 * MembershipProviderCollection.cs: Minor fixes.
429 * ADMembershipProvider.cs: Renamed to ActiveDirectoryMembershipProvider.cs.
431 2004-11-15 Lluis Sanchez Gual <lluis@novell.com>
433 * RoleProviderCollection.cs, MembershipProviderCollection.cs:
436 2004-08-23 Gonzalo Paniagua Javier <gonzalo@ximian.com>
438 * FormsAuthentication.cs: patch by Jim Pease to fix the date on renewal.
440 2004-08-22 Gonzalo Paniagua Javier <gonzalo@ximian.com>
442 * FormsAuthenticationModule.cs: don't renew expired cookies. Only renew
443 the cookie if SlidingExpiration is set. Thanks to Jim Pease.
445 2004-08-03 Sanjay Gupta <gsanjay@novell.com>
447 * MembershipSortOptions.cs:
448 * MembershipPasswordFormat.cs:
449 * MembershipOnlineStatus.cs:
450 * MembershipCreateStatus.cs:
451 * CookieProtection.cs: minor modifications.
453 2004-06-12 Pedro Martnez Juli <yoros@wanadoo.es>
455 * FormsAuthentication.cs: Undo last change.
457 2004-06-12 Pedro Martnez Juli <yoros@wanadoo.es>
459 * FormsAuthentication.cs: go to loginUrl from web.config settings
460 before try with the default ones.
462 2004-06-11 Gonzalo Paniagua Javier <gonzalo@ximian.com>
464 * DefaultAuthenticationModule.cs: set the IPrincipal for this thread
465 once we have a user. Fixes bug #59683.
467 2004-04-21 Gonzalo Paniagua Javier <gonzalo@ximian.com>
469 * FormsAuthenticationModule.cs: re-read configuration files if needed
470 when determining if forms auth. is used.
472 2004-01-23 Gonzalo Paniagua Javier <gonzalo@ximian.com>
474 * FormsAuthentication.cs: added RequireSSL and SlidingExpiration.
476 2004-01-11 Andreas Nahr <ClassDevelopment@A-SoftTech.com>
478 * PassportIdentity.cs: Added v 1.1 members
480 2003-11-25 Ben Maurer <bmaurer@users.sourceforge.net>
482 * AccessMembershipProvider.cs: New v2 file
483 * AccessRoleProvider.cs: New v2 file
484 * ADMembershipProvider.cs: New v2 file
485 * AnonymousIdentificationEventArgs.cs: New v2 file
486 * AnonymousIdentificationEventHandler.cs: New v2 file
487 * AnonymousIdentificationModule.cs: New v2 file
488 * CookieProtection.cs: New v2 file
489 * IMembershipProvider.cs: New v2 file
490 * IRoleProvider.cs: New v2 file
491 * Membership.cs: New v2 file
492 * MembershipCreateStatus.cs: New v2 file
493 * MembershipCreateUserException.cs: New v2 file
494 * MembershipOnlineStatus.cs: New v2 file
495 * MembershipPasswordException.cs: New v2 file
496 * MembershipPasswordFormat.cs: New v2 file
497 * MembershipProviderCollection.cs: New v2 file
498 * MembershipSortOptions.cs: New v2 file
499 * MembershipUser.cs: New v2 file
500 * MembershipUserCollection.cs: New v2 file
501 * RoleManagerEventArgs.cs: New v2 file
502 * RoleManagerEventHandler.cs: New v2 file
503 * RoleManagerModule.cs: New v2 file
504 * RolePrincipal.cs: New v2 file
505 * RoleProviderCollection.cs: New v2 file
506 * Roles.cs: New v2 file
507 * SqlMembershipProvider.cs: New v2 file
508 * SqlRoleProvider.cs: New v2 file
510 2003-11-05 Gonzalo Paniagua Javier <gonzalo@ximian.com>
512 * FormsAuthentication.cs: encoding updates.
514 2003-10-04 Gonzalo Paniagua Javier <gonzalo@ximian.com>
516 * FormsAuthenticationModule.cs: fixed for applications other than /.
518 2003-08-27 Gonzalo Paniagua Javier <gonzalo@ximian.com>
520 * UrlAuthorizationModule.cs: fixed description for status code.
522 2003-07-31 Gonzalo Paniagua Javier <gonzalo@ximian.com>
524 * FormsAuthenticationModule.cs: really renew the ticket. Thanks to
525 Jens Thiel <Jens@Thiel.DE>.
527 2003-02-13 Gonzalo Paniagua Javier <gonzalo@ximian.com>
529 * UrlAuthorizationModule.cs: tell the application not to run any other
530 step apart from EndRequest.
532 2003-02-12 Gonzalo Paniagua Javier <gonzalo@ximian.com>
534 * FormsAuthentication.cs: implemented RedirectFromLoginPage and
537 * FormsAuthenticationModule.cs: redirect to the login page when a 401
540 * UrlAuthorizationModule.cs: check for valid user or render error page.
542 2003-01-04 Gonzalo Paniagua Javier <gonzalo@ximian.com>
544 * DefaultAuthenticationModule.cs: implemented. It just create a default
545 unauthenticated user when no one else provided one.
547 * FormsAuthenticationModule.cs: removed debug output.
549 2002-12-20 Gonzalo Paniagua Javier <gonzalo@ximian.com>
551 * FormsAuthenticationModule.cs: remove debug lines.
553 2002-12-19 Gonzalo Paniagua Javier <gonzalo@ximian.com>
555 * FormsAuthentication.cs: return a null ticket when an exception is
556 thrown creating it. Implemented RenewTicketIfOld.
558 * FormsAuthenticationModule.cs: implemented event handlers for
559 AuthenticateRequest and EndRequest.
561 * FormsAuthenticationTicket.cs: implemented SetDates and Clone methods.
563 2002-12-18 Gonzalo Paniagua Javier <gonzalo@ximian.com>
565 * FormsAuthentication.cs: implemented GetAuthCookie, SetAuthCookie,
566 SignOut, FormsCookieName and FormsCookiePath.
568 2002-12-17 Gonzalo Paniagua Javier <gonzalo@ximian.com>
570 * FormsAuthentication.cs: implemented Authenticate, unencrypted Encrypt
571 and Decrypt, HashPasswordForStoringInConfigFile and Initialize.
573 * FormsAuthenticationTicket.cs: set cookiePath to the default when no
576 2002-08-26 Gonzalo Paniagua Javier <gonzalo@ximian.com>
578 * DefaultAuthenticationEventHandler.cs:
579 * DefaultAuthenticationModule.cs:
580 * FileAuthorizationModule.cs:
581 * FormsAuthentication.cs:
582 * FormsAuthenticationEventArgs.cs:
583 * FormsAuthenticationEventHandler.cs:
584 * FormsAuthenticationModule.cs:
585 * FormsAuthenticationTicket.cs:
587 * PassportAuthenticationEventArgs.cs:
588 * PassportAuthenticationEventHandler.cs:
589 * PassportAuthenticationModule.cs:
590 * PassportIdentity.cs:
591 * UrlAuthorizationModule.cs:
592 * WindowsAuthenticationEventArgs.cs:
593 * WindowsAuthenticationEventHandler.cs:
594 * WindowsAuthenticationModule.cs: new files. Some of them implemented,
595 some others stubbed out.
597 2002-06-03 Gonzalo Paniagua Javier <gonzalo@ximian.com>
599 * DefaultAuthenticationEventArgs.cs: added file.