1 2010-04-29 Marek Habersack <mhabersack@novell.com>
3 * FormsAuthentication.cs: set authentication/expiry cookie
4 domain. Fixes bug #600740. Patch from Stuart Siegrist
5 <stuart@cbtnuggets.com>, thanks!
7 2010-04-28 Marek Habersack <mhabersack@novell.com>
9 * RolePrincipal.cs: class is not sealed in 4.0
11 * MembershipUser.cs: type forwarded to
12 System.Web.ApplicationServices in 4.0.
13 In the 4.0 profile, a MembershipHelper instance is created using
14 reflection, so that the Membership class and password
15 encryption/decryption services can be accessed without referencing
18 * MembershipProvider.cs: type forwarded to
19 System.Web.ApplicationServices in 4.0.
20 {Encrypt,Decrypt}Password implementations moved to
22 Added new EncryptPassword overload for 4.0
24 * MembershipHelper.cs: a helper class to handle password
25 encryption/decryption and to forward requests for certain
26 Membership properties in 4.0. It is used also in 2.0 to keep code
27 cleaner. System.Web.ApplicationServices uses it to access the
28 Membership class without having to reference System.Web
30 * MembershipCreateStatus.cs, MembershipCreateUserException.cs,
31 MembershipPasswordException.cs, MembershipPasswordFormat.cs,
32 MembershipProviderCollection.cs, MembershipUserCollection.cs,
33 MembershipValidatePasswordEventHandler.cs, RoleProvider.cs,
34 ValidatePasswordEventArgs.cs:
35 types forwarded to System.Web.ApplicationServices in 4.0
37 * FormsIdentity.cs: class is not sealed in 4.0
39 2010-02-11 Marek Habersack <mhabersack@novell.com>
41 * Roles.cs: IsUserInRole checks if username is null or empty
42 before attempting to use it. Patch from Tiaan Geldenhuys
43 <tagdev@gmail.com>. thanks!
45 2009-09-22 Sebastien Pouliot <sebastien@ximian.com>
47 * MembershipProvider.cs: Ensure password decryption is always
51 2009-07-09 Gonzalo Paniagua Javier <gonzalo@novell.com>
53 * SqliteMembershipProvider.cs:
54 * UrlAuthorizationModule.cs: use GetSection instead of
55 OpenWebConfiguration+GetSection.
57 2009-05-28 Marek Habersack <mhabersack@novell.com>
59 * FormsAuthenticationModule.cs: if forms authentication login URL
60 is not rooted, make it relative to the application root, so that
61 MapPath maps it correctly.
62 Use String.Compare for checking whether requested URL matches the
63 login URL - be case-insensitive when running on Windows or with
66 2009-03-10 Marek Habersack <mhabersack@novell.com>
68 * UrlAuthorizationModule.cs: OnAuthorizeRequest must use the
69 configuration from <location> elements in the config. Fixes bug
72 2009-02-28 Gonzalo Paniagua Javier <gonzalo@novell.com>
74 * FormsAuthentication.cs: use GetWebApplication instead of GetSection
75 for application level configuration.
77 2009-01-12 Marek Habersack <mhabersack@novell.com>
79 * MembershipUserCollection.cs: CopyTo overloads use store.Values
80 as the copy source. Fixes bug #464783. Patch from Christian
81 Prochnow <cproch@seculogix.de>
83 2008-12-25 Gonzalo Paniagua Javier <gonzalo@novell.com>
86 * SqlMembershipProvider.cs: use IndexOf (char) instead of
89 2008-08-20 Marek Habersack <mhabersack@novell.com>
91 * Membership.cs: implemented the HashAlgorithmType property. Fixes
94 2008-06-30 Marek Habersack <mhabersack@novell.com>
96 * SqliteMembershipProvider.cs, SqliteRoleProvider.cs: remove
99 * SqlRoleProvider.cs, AspNetDBSchemaChecker.cs: hush the warnings
101 2008-05-30 Marek Habersack <mhabersack@novell.com>
103 * AnonymousIdentificationModule.cs, FormsAuthenticationModule.cs,
104 DefaultAuthenticationModule.cs, MembershipProvider.cs,
105 WindowsAuthenticationModule.cs, PassportAuthenticationModule.cs,
106 RoleManagerModule.cs: do not use synthetized event accessors (to
109 2008-05-07 Marek Habersack <mhabersack@novell.com>
111 * RolePrincipal.cs: fix:
112 - Reloading the roles cache from the provider when expired
113 - Update issue & expiry date for expired tickets
114 - Incrementing the cookie expiry date
115 - Obey Roles.MaxCachedResults
116 Fixes bug #385877. Patch from Ivan Hamilton
117 <ivan@chimerical.com.au>, thanks!
119 2008-03-10 Marek Habersack <mhabersack@novell.com>
121 * RoleManagerModule.cs: initialize _config before adding event
122 handlers and account for the fact that _config might still be null
123 in the methods that use it.
125 2007-12-30 Vladimir Krasnov <vladimirk@mainsoft.com>
127 * SqliteMembershipProvider.cs, SqlRoleProvider.cs: added chema checking
128 * added AspNetDBSchemaChecker.cs: schema checker helper class
130 2007-12-11 Vladimir Krasnov <vladimirk@mainsoft.com>
132 * Roles.cs: fixed Providers property to be thread safe
134 2007-12-08 Marek Habersack <mhabersack@novell.com>
136 * SqliteRoleProvider.cs: added - a Role Provider for
137 Sqlite, based on PostgreSQL Role Provider code from Daniel
138 Nauck <dna@informatik.uni-kiel.de>
140 * SqliteMembershipProvider.cs: added - a Membership Provider for
141 Sqlite, based on PostgreSQL Membership Provider code from Daniel
142 Nauck <dna@informatik.uni-kiel.de>
144 2007-11-28 Marek Habersack <mhabersack@novell.com>
146 * SqlMembershipProvider.cs: handle situation when there is no
147 connection string configured for the SQL Membership Provider.
149 2007-11-01 Marek Habersack <mhabersack@novell.com>
151 * RolePrincipal.cs, MembershipProvider.cs: use the new
152 MachineKeySectionUtils class wherever necessary.
154 * FormsAuthentication.cs: use the new MachineKeySectionUtils class
156 GetHexString is a private method again.
158 2007-10-31 Marek Habersack <mhabersack@novell.com>
160 * FormsAuthentication.cs: made GetHexString an internal method -
161 it is used in the AssemblyResourceLoader.cs
163 2007-08-14 Marek Habersack <mhabersack@novell.com>
165 * Roles.cs: remove unused field.
167 * SqlMembershipProvider.cs: remove unused variable.
169 2007-08-13 Vladimir Krasnov <vladimirk@mainsoft.com>
171 * SqlRoleProvider.cs: fixed ApplicationName initialization
173 2007-06-24 Vladimir Krasnov <vladimirk@mainsoft.com>
175 * FormsAuthentication.cs: improved performance of GetHexString()
177 2007-05-17 Vladimir Krasnov <vladimirk@mainsoft.com>
179 * SqlMembershipProvider.cs: fixed DeleteUser, fixed parameter name
181 2007-05-14 Igor Zelmanovich <igorz@mainsoft.com>
183 * SqlMembershipProvider.cs: Fix parameter binding to stored procedures.
185 2007-05-09 Igor Zelmanovich <igorz@mainsoft.com>
187 * PassportIdentity.cs:
188 added MonoNotSupported attribute.
190 2007-05-02 Marek Habersack <mhabersack@novell.com>
192 * FormsAuthentication.cs: user names are stored in lowercase in
193 the credentials database.
195 2007-04-29 Igor Zelmanovich <igorz@mainsoft.com>
197 * FormsAuthenticationModule.cs:
198 Redirect to login page doesn't cause thread abort.
200 2007-04-19 Igor Zelmanovich <igorz@mainsoft.com>
202 * SqlMembershipProvider.cs:
203 ChangePassword throws exception if new password has invalid format.
205 2007-04-17 Igor Zelmanovich <igorz@mainsoft.com>
209 if default provider was not found ConfigurationErrorsException is thrown.
211 2007-04-12 Marek Habersack <mhabersack@novell.com>
213 * RoleManagerModule.cs: do not try to decrypt encryption tickets
214 from cookies with empty values.
216 2007-04-04 Juraj Skripsky <js@hotfeet.ch>
218 * FormsAuthenticationModule.cs: Move initialization of _config out
219 of Init() as app.Context is null in that method when a session is
220 about to be terminated.
222 2007-03-21 Vladimir Krasnov <vladimirk@mainsoft.com>
224 * AnonymousIdentificationModule.cs: optimized Config property
226 2007-03-21 Vladimir Krasnov <vladimirk@mainsoft.com>
228 * AnonymousIdentificationModule.cs: added configuration section caching
229 to AppDomain for TARGET_JVM
230 * RoleManagerModule.cs:
231 * UrlAuthorizationModule.cs:
232 * FormsAuthenticationModule.cs: refactored configuration section to be
235 2007-03-20 Marek Habersack <mhabersack@novell.com>
237 * FormsAuthentication.cs, Roles.cs: remove roles cookie on sign
238 out. Fixes bug #81195. Patch from Mike Morano <mmorano@mikeandwan.us>.
240 2007-03-12 Marek Habersack <mhabersack@novell.com>
242 * RolePrincipal.cs: decrypt the roles ticket properly. Makes role
243 caching in cookies work. Fixes bug #81117. Patch from Mike Morano
244 <mmorano@mikeandwan.us>
246 2007-03-02 Marek Habersack <mhabersack@novell.com>
248 * SqlMembershipProvider.cs: cast PasswordFormat to int, so that
249 the parameter code can infer the sql type. Makes user creation,
250 password reset etc. work.
252 2007-02-28 Andreia Gaita <avidigal@novell.com>
254 * SqlRoleProvider.cs: Fix parameter binding to stored procedures.
255 * SqlMembershipProvider.cs: Fix parameter binding to stored procedures.
256 CreateUser() doesn't use transactions in MS asp.net, so removed the
259 2007-02-19 Vladimir Krasnov <vladimirk@mainsoft.com>
261 * RoleManagerModule.cs: fixed role chaching in OnEndRequest and
262 OnPostAuthenticateRequest
263 * RolePrincipal.cs: implemented ToEncryptedTicket, implemented caching
265 * Roles.cs: implemented DeleteCookie, fixed CookieProtectionValue to
266 get it's value from configuration
268 2007-02-08 Marek Habersack <grendello@gmail.com>
270 * FormsAuthenticationModule.cs: Expire auth tickets properly.
272 * MembershipProvider.cs: Do not clear the password before
275 2007-01-20 Miguel de Icaza <miguel@novell.com>
277 * SqlRoleProvider.cs: comment out unused code.
279 * SqlMembershipProvider.cs: Removed unused variables.
280 Remove unused variable.
282 * AnonymousIdentificationModule.cs (ClearAnonymousIdentifier):
283 remove unused variable. This might be a real bug.
285 2007-01-16 Vladimir Krasnov <vladimirk@mainsoft.com>
287 * RoleManagerModule.cs: fixed OnPostAuthenticateRequest,
288 CacheRolesInCookie not supported yet
289 * Roles.cs: fixed DeleteCookie, CacheRolesInCookie not supported yet
291 2007-01-11 Adar Wesley <adarw@mainsoft.com>
293 * MembershipProvider.cs: fixed EncryptPassword to use password buffer length
295 2007-01-04 Vladimir Krasnov <vladimirk@mainsoft.com>
297 * AnonymousIdentificationModule.cs: fixed OnEnter, fixed failure on
298 incorrect cookie value that browser may hold
300 2006-12-27 Vladimir Krasnov <vladimirk@mainsoft.com>
302 * FormsAuthentication.cs: added internal ReturnUrl property,
303 GetRedirectUrl added usage of ReturnUrl
305 2006-12-12 Vladimir Krasnov <vladimirk@mainsoft.com>
307 * FormsAuthentication.cs: TARGET_J2EE define for static members
309 2006-12-06 Vladimir Krasnov <vladimirk@mainsoft.com>
311 * FormsAuthenticationModule.cs: fixed OnAuthenticateRequest, suppress
312 exception on wrong ticket
314 2006-12-03 Igor Zelmanovich <igorz@mainsoft.com>
316 * FormsAuthenticationModule.cs:
317 set SkipAuthorization=true for WebResource.axd
319 2006-11-27 Vladimir Krasnov <vladimirk@mainsoft.com>
321 * SqlMembershipProvider.cs: typo bug
323 2006-11-21 Vladimir Krasnov <vladimirk@mainsoft.com>
325 * SqlMembershipProvider.cs: fixed fixed exception type in GetPassword
328 2006-11-20 Igor Zelmanovich <igorz@mainsoft.com>
330 * SqlMembershipProvider.cs: fixed: UpdateUser works properly.
332 2006-11-15 Igor Zelmanovich <igorz@mainsoft.com>
334 * SqlMembershipProvider.cs: fixed: name is used for ReturnValue parameter.
336 2006-11-05 Vladimir Krasnov <vladimirk@mainsoft.com>
338 * AnonymousIdentificationModule.cs: fixed anonymous id cookie
340 2006-11-05 Vladimir Krasnov <vladimirk@mainsoft.com>
342 * MembershipProvider.cs, SqlMembershipProvider.cs:
343 refactoring of DecryptPassword and EncryptPassword methods according
346 2006-09-10 Konstantin Triger <kostat@mainsoft.com>
348 * SqlRoleProvider.cs: throw on empty connection string.
350 2006-09-26 Vladimir Krasnov <vladimirk@mainsoft.com>
352 * Membership.cs: fixed GetAllUsers, typo bug
353 * SqlRoleProvider.cs, SqlMembershipProvider.cs: refactored to use
354 aspnetdb built in stored procedures,
355 fixed application name and membership relation,
356 improved exception handling
358 2006-09-03 Igor Zelmanovich <igorz@mainsoft.com>
360 * RolePrincipal.cs: refactoring: instance can be serialized.
362 2006-09-03 Igor Zelmanovich <igorz@mainsoft.com>
364 * SqlMembershipProvider.cs: fixed GetUser,
365 when username is String.Empty methods returns null.
367 2006-08-31 Konstantin Triger <kostat@mainsoft.com>
369 * SqlRoleProvider.cs: fixed initialization.
371 2006-08-31 Igor Zelmanovich <igorz@mainsoft.com>
373 * SqlMembershipProvider.cs: fixed CreateUser,
374 password is checked, properties MinRequiredPasswordLength and
375 MinRequiredNonAlphanumericCharacters are considered.
377 2006-08-29 Konstantin Triger <kostat@mainsoft.com>
379 * SqlMembershipProvider.cs: fix dispose order of reader vs connection.
381 2006-08-28 Igor Zelmanovich <igorz@mainsoft.com>
383 * SqlMembershipProvider.cs: fixed CreateUser, parameter isApproved is
386 2006-08-28 Konstantin Triger <kostat@mainsoft.com>
388 * SqlMembershipProvider.cs: ensure GetUser() returns null if it cannot
389 retrieve user information.
391 2006-08-28 Konstantin Triger <kostat@mainsoft.com>
393 * SqlRoleProvider.cs, SqlMembershipProvider.cs:
394 "use SqlClientFactory in case the ProviderName is not specified.
396 2006-08-27 Konstantin Triger <kostat@mainsoft.com>
398 * SqlRoleProvider.cs: enable concurrent usage, refactoring.
400 2006-08-27 Konstantin Triger <kostat@mainsoft.com>
402 * SqlMembershipProvider.cs: enable concurrent usage, refactoring.
404 2006-08-27 Vladimir Krasnov <vladimirk@mainsoft.com>
406 * SqlMembershipProvider.cs: fixed ValidateUser, bug when user
409 2006-08-14 Gonzalo Paniagua Javier <gonzalo@ximian.com>
411 * FormsAuthentication.cs: set the Secure attribute of the authentication
412 cookie when required.
414 2006-07-06 Konstantin Triger <kostat@mainsoft.com>
416 * FormsAuthentication.cs: Ensure initialized, fix url mapping.
418 2006-05-03 Chris Toshok <toshok@ximian.com>
420 * SqlMembershipProvider.cs (GetAlg): move this here for the time
421 being, as it's the only class that uses it.
422 (HashAndBase64Encode): nuke.
423 (EncryptAndBase64Encode): nuke.
424 (Base64DecodeAndDecrypt): nuke.
425 (DecryptPassword): new function.
426 (EncryptPassword): new function.
427 (ChangePassword): replace the switch with a call to
429 (ChangePasswordQuestionAndAnswer): same.
431 (ResetPassword): same.
432 (ValidateUsingPassword): same.
433 (ValidateUsingPasswordAnswer): same.
434 (GetPassword): same, and throw MembershipPasswordException if the
435 password answer is incorrect.
437 * MembershipProvider.cs (InitVector): nuke this. it's actually
438 the salt from the database (for the sql provider, anyway).
439 (EncodePassword): based on the password format, password, and
440 salt, encode it. Makes use of EncryptPassword.
441 (DecodePassword): likewise for decoding, makes use of
443 (DecryptPassword): revert this to throwing
444 NotImplementedException, as the sql provideroverrides it to
445 perform the actual decryption.
446 (EncryptPassword): same.
448 2006-05-02 Chris Toshok <toshok@ximian.com>
450 * SqlMembershipProvider.cs: 85% complete, maybe more. The major
451 functionality should work. Password retrieval (and encrypted
452 passwords in general) is untested.
454 2006-05-01 Chris Toshok <toshok@ximian.com>
456 * Membership.cs (GeneratePassword): don't include quotes (',",`)
457 in the set of characters in the generated passwords.
459 2006-05-01 Chris Toshok <toshok@ximian.com>
461 * MembershipProvider.cs (GetAlg): switch from Exception to
462 ProviderException to match MS behavior (and fix the unit test.)
464 * Membership.cs (GeneratePassword): implement.
466 2006-05-01 Chris Toshok <toshok@ximian.com>
468 * SqlMembershipProvider.cs: lots more work. checking this in in
469 its present state because I don't want to lose it. It still needs
472 * Membership.cs (.cctor): remove the fallback.
473 (ValidatingPassword): remove the MonoTODO.
475 * MembershipProvider.cs (DecryptPassword): implement.
476 (EncryptPassword): implement.
477 (GetAlg): helper function for Decrypt/EncryptPassword.
480 2006-04-27 Chris Toshok <toshok@ximian.com>
482 * SqlMembershipProvider.cs (GeneratePassword): call
483 Membership.GeneratePassword with the configured minimum strength
486 2006-04-27 Chris Toshok <toshok@ximian.com>
488 * SqlMembershipProvider.cs (UnlockUser): fix sql query, and move
489 the CheckPararm call to the top of the method.
491 2006-04-12 Chris Toshok <toshok@ximian.com>
493 * SqlMembershipProvider.cs: commit initial pass at
494 SqlMembershipProvider work. lots of stuff untested in here.
496 2006-04-11 Chris Toshok <toshok@ximian.com>
498 * MembershipUser.cs (.ctor): per Shackow's book, all DateTime's
499 are converted using ToUniversalTime when passed into this class.
500 (UpdateSelf): update ourselves from the passed in MembershipUser,
501 swallowing NotSupportedExceptions.
502 (UpdateUser): fetch a new MembershipUser from the db and call
504 (ChangePassword): call UpdateUser after changing the password.
505 (ChangePasswordQuestionAndAnswer): same.
506 (ResetPassword): same.
507 (UnlockUser): same. Also, don't explicitly set isLockedOut.
508 It'll be updated in UpdateSelf.
509 (CreationDate): getter calls ToLocalTime, setter calls
511 (LastActivityDate): same.
512 (LastLoginDate): same.
513 (LastPasswordChangedDate): same.
514 (LastLockoutDate): same.
516 * Membership.cs (.cctor): use
517 ProvidersHelper.InstantitateProviders, and remove some unnecessary
520 2006-03-29 Chris Toshok <toshok@ximian.com>
522 * SqlRoleProvider.cs: do the LOWER's in SQL, not in C#.
524 2006-03-23 Chris Toshok <toshok@ximian.com>
526 * Roles.cs: make this 2.0 configuration aware.
528 * SqlRoleProvider.cs: flesh out all the operations. the only
529 things that need dealing with are the Initialize method's handling
530 of a few parameters, and the ApplicationName property.
532 2006-03-23 Chris Toshok <toshok@ximian.com>
534 * DefaultAuthenticationModule.cs (OnDefaultAuthentication): always
535 set Thread.CurrentPrincipal, not just if we set it to the
538 2006-03-22 Chris Toshok <toshok@ximian.com>
540 * RoleManagerModule.cs: implement using info in Shackow's book.
542 * RolePrincipal.cs: flesh this out a bit more.
544 * DefaultAuthenticationModule.cs (OnDefaultAuthentication):
545 according to Shackow's book, this sets Thread.CurrentPrincipal as
546 well as HttpContext.Current.User.
548 2006-02-28 Chris Toshok <toshok@ximian.com>
550 * FormsAuthentication.cs: corcompare work.
552 * MembershipCreateUserException.cs: same.
554 * MembershipPasswordException.cs: same.
556 * AnonymousIdentificationModule.cs: same.
558 2006-02-01 Chris Toshok <toshok@ximian.com>
560 * FormsAuthentication.cs, Membership.cs,
561 FormsAuthenticationModule.cs, UrlAuthorizationModule.cs: oops,
562 replace GetWebApplicationSection with GetSection.
564 2006-02-01 Chris Toshok <toshok@ximian.com>
566 * FormsAuthentication.cs: CONFIGURATION_2_0 => NET_2_0.
567 simplifies the ifdef mess quite a bit.
569 * Membership.cs: same.
571 * FormsAuthenticationModule.cs: same.
573 * UrlAuthorizationModule.cs: same.
575 2006-01-04 Chris Toshok <toshok@ximian.com>
577 * FormsAuthentication.cs (Authenticate): add CONFIGURATION_2_0
584 2006-01-04 Chris Toshok <toshok@ximian.com>
586 * Membership.cs (.cctor): enable the code here under
589 2006-01-03 Chris Toshok <toshok@ximian.com>
591 * UrlAuthorizationModule.cs (OnAuthorizeRequest): add
592 CONFIGURATION_2_0 code here.
594 2005-12-22 Gonzalo Paniagua Javier <gonzalo@ximian.com>
596 * FormsAuthentication.cs: don't end the request in
597 RedirectFromLoginPage.
599 2005-12-22 Gonzalo Paniagua Javier <gonzalo@ximian.com>
601 * FormsAuthenticationModule.cs: expire the cookie. Fixes bug #77043.
602 Patch by Cyrille Colin.
604 2005-12-13 Gonzalo Paniagua Javier <gonzalo@ximian.com>
606 * FormsAuthenticationModule.cs: ignore any exception thrown when mapping
607 the provided virtual path to the physical one. Patch by Cyrille Colin.
609 2005-11-28 Chris Toshok <toshok@ximian.com>
611 * FormsAuthenticationModule.cs (OnAuthenticateRequest):
612 CONFIGURATION_2_0 work.
613 (OnEndRequest): same.
615 2005-09-09 Sebastien Pouliot <sebastien@ximian.com>
617 * DefaultAuthenticationEventArgs.cs: Added LinkDemand for Minimal.
618 * DefaultAuthenticationModule.cs: Added LinkDemand for Minimal. Added
619 Demand for UnmanagedCode on constructor.
620 * FileAuthorizationModule.cs: Added LinkDemand for Minimal. Added
621 Demand for UnmanagedCode on constructor.
622 * FormsAuthentication.cs: Added LinkDemand for Minimal.
623 * FormsAuthenticationEventArgs.cs: Added LinkDemand for Minimal.
624 * FormsAuthenticationModule.cs: Added LinkDemand for Minimal. Added
625 Demand for UnmanagedCode on constructor.
626 * FormsAuthenticationTicket.cs: Added LinkDemand for Minimal.
627 * FormsIdentity.cs: Added LinkDemand for Minimal.
628 * PassportAuthenticationEventArgs.cs: Added LinkDemand for Minimal.
629 * PassportAuthenticationModule.cs: Added LinkDemand for Minimal. Added
630 Demand for UnmanagedCode on constructor.
631 * PassportIdentity.cs: Added LinkDemand for Minimal. Added Demand for
632 UnmanagedCode on constructor.
633 * UrlAuthorizationModule.cs: Added LinkDemand for Minimal. Added
634 Demand for UnmanagedCode on constructor.
635 * WindowsAuthenticationEventArgs.cs: Added LinkDemand for Minimal.
636 * WindowsAuthenticationModule.cs: Added LinkDemand for Minimal. Added
637 Demand for UnmanagedCode on constructor.
639 2005-09-01 Sebastien Pouliot <sebastien@ximian.com>
641 * FormsAuthenticationEventArgs.cs: Ensure the setter for User is
642 protected by a demand for ControlPrincipal.
643 * PassportAuthenticationEventArgs.cs: Ensure the setter for User is
644 protected by a demand for ControlPrincipal.
645 * WindowsAuthenticationEventArgs.cs: Ensure the setter for User is
646 protected by a demand for ControlPrincipal.
648 2005-08-25 Sebastien Pouliot <sebastien@ximian.com>
650 * FormsAuthentication.cs: With 2.0 we can get the default properties
651 and call Initialize without a NRE.
653 2005-08-25 Sebastien Pouliot <sebastien@ximian.com>
655 * ActiveDirectoryConnectionProtection.cs: New (2.0) enum.
656 * ActiveDirectoryMembershipProvider.cs: Fixed 2.0 API.
657 * AnonymousIdentificationEventArgs.cs: Fixed AnonymousID property case.
658 * AnonymousIdentificationModule.cs: Fixed 2.0 API.
659 * FileAuthorizationModule.cs: Added static CheckFileAccessForUser in
661 * FormsAuthentication.cs: Added missing 2.0 properties with their
663 * MembershipCreateStatus.cs: Fixed enum values/names.
664 * MembershipProvider.cs: Added stub for [Decrypt|Encrypt]Password. Both
665 methods don't seems to work without an active provider.
666 * PassportIdentity.cs: Added IDispose for 2.0 profile.
667 * Roles.cs: Added missing beta2 bits and default values (which are the
668 only things working without a role provider (web.config).
669 * RolePrincipal.cs: Fixed 2.0 API. Implemented a few bits.
670 * SqlRoleProvider.cs: Fixed 2.0 API.
671 * UrlAuthorizationModule.cs: Added static CheckUrlAccessForPrincipal in
674 2005-08-24 Sebastien Pouliot <sebastien@ximian.com>
676 * MembershipUserCollection.cs: Fix exceptions.
678 2005-08-22 Sebastien Pouliot <sebastien@ximian.com>
680 * FormsAuthentication.cs: Add some 2.0 stuff required for Login*
683 2005-08-18 Sebastien Pouliot <sebastien@ximian.com>
685 * Membership.cs: Commented unworking parts of the .cctor to allow
686 testing the Login control.
687 * MembershipProviderCollection.cs: Fixed exception handling.
688 * SqlMembershipProvider.cs: Don't throw NotImplementedException
689 everywhere so Membership's .cctor (somewhat) works. Removed
690 Description property (not in beta2).
692 2005-07-28 Gonzalo Paniagua Javier <gonzalo@ximian.com>
694 * FormsAuthentication.cs: allow hardware acceleration support if
695 available. Sebastien dixit.
697 2005-07-26 Gonzalo Paniagua Javier <gonzalo@ximian.com>
699 * FormsAuthentication.cs: the init_vector must be the same accross
700 restarts, otherwise the cookie does not work even when a decryption
701 key is provided. Initialize it to the bytes of the cookie name. Fixes
704 2005-07-25 Eyal Alaluf <eyala@mainsoft.com>
706 * FormsAuthenticationModule.cs: Check for null config
708 2005-07-25 Miguel de Icaza <miguel@novell.com>
710 * FormsAuthentication.cs (SignOut): Force the cookie to have it
713 2005-07-25 Gonzalo Paniagua Javier <gonzalo@ximian.com>
715 * FormsAuthentication.cs: my previous patch missed a "small" detail: it
716 didn't include the verification key when computing/checking the
717 validation hash. Now this is really a MAC or HMAC or...
719 2005-07-25 Gonzalo Paniagua Javier <gonzalo@ximian.com>
721 * FormsAuthentication.cs:
722 * FormsAuthenticationTicket.cs: added support for validation and
723 encryption of the auth. cookie and improved serialization of the ticket.
725 2005-07-01 Lluis Sanchez Gual <lluis@novell.com>
727 * Membership.cs: Read provider info from the config file.
729 2005-06-10 Lluis Sanchez Gual <lluis@novell.com>
731 * MembershipUserCollection.cs:
732 * MembershipPasswordException.cs:
733 * RoleProviderCollection.cs:
734 * ActiveDirectoryMembershipProvider.cs:
735 * SqlMembershipProvider.cs:
736 * MembershipProvider.cs:
737 * SqlRoleProvider.cs:
740 * MembershipProviderCollection.cs:
742 * RoleProvider.cs: Track api changes in ASP.NET 2.0. Implemented
743 some missing methods.
745 * AccessRoleProvider.cs:
746 * AccessMembershipProvider.cs: Removed.
748 * MembershipCreateUserException.cs:
749 * MembershipValidatePasswordEventHandler.cs:
750 * ValidatePasswordEventArgs.cs: Implemented.
752 2005-05-21 Sebastien Pouliot <sebastien@ximian.com>
754 * FormsAuthentication.cs: Hash the UTF8 representation of the password
755 strings (to be compatible with Microsoft implementation).
757 2005-04-20 Gonzalo Paniagua Javier <gonzalo@ximian.com>
759 * FormsAuthentication.cs:
760 * PassportAuthenticationModule.cs:
761 * WindowsAuthenticationModule.cs: removed warnings.
763 2005-03-11 Gonzalo Paniagua Javier <gonzalo@ximian.com>
765 * FormsAuthenticationModule.cs: fix for bug 73545, which caused
766 authentication not to work when the cookie was not persistent.
767 Patch by Ilya Kharmatsky (Mainsoft).
769 2005-02-23 Gonzalo Paniagua Javier <gonzalo@ximian.com>
771 * FormsAuthentication.cs: make the string to be stored in a config.
772 file uppercase... See bug #72557.
774 2005-02-06 Gonzalo Paniagua Javier <gonzalo@ximian.com>
776 * FormsAuthentication.cs: fixed typo when getting the hash for the
777 password in SHA1 and MD5. Thanks to Tadas Dailyda.
778 Lock on a static object instead of typeof(FormsAuthentication).
780 2004-11-18 Lluis Sanchez Gual <lluis@novell.com>
782 * RoleProvider.cs, Roles.cs, SqlRoleProvider.cs, RoleProviderCollection.cs,
783 AccessRoleProvider.cs: IRoleProvider has been renamed to ProviderBase.
784 * IMembershipProvider.cs: Deleted.
785 * MembershipProvider.cs, AccessMembershipProvider.cs, MembershipUser.cs,
786 Membership.cs, ADMembershipProvider.cs, SqlMembershipProvider.cs
787 MembershipProviderCollection.cs: MembershipProvider has been deleted
788 and replaced by the abstract class MembershipProvider.
789 * MembershipProviderCollection.cs: Minor fixes.
790 * ADMembershipProvider.cs: Renamed to ActiveDirectoryMembershipProvider.cs.
792 2004-11-15 Lluis Sanchez Gual <lluis@novell.com>
794 * RoleProviderCollection.cs, MembershipProviderCollection.cs:
797 2004-08-23 Gonzalo Paniagua Javier <gonzalo@ximian.com>
799 * FormsAuthentication.cs: patch by Jim Pease to fix the date on renewal.
801 2004-08-22 Gonzalo Paniagua Javier <gonzalo@ximian.com>
803 * FormsAuthenticationModule.cs: don't renew expired cookies. Only renew
804 the cookie if SlidingExpiration is set. Thanks to Jim Pease.
806 2004-08-03 Sanjay Gupta <gsanjay@novell.com>
808 * MembershipSortOptions.cs:
809 * MembershipPasswordFormat.cs:
810 * MembershipOnlineStatus.cs:
811 * MembershipCreateStatus.cs:
812 * CookieProtection.cs: minor modifications.
814 2004-06-12 Pedro Martnez Juli <yoros@wanadoo.es>
816 * FormsAuthentication.cs: Undo last change.
818 2004-06-12 Pedro Martnez Juli <yoros@wanadoo.es>
820 * FormsAuthentication.cs: go to loginUrl from web.config settings
821 before try with the default ones.
823 2004-06-11 Gonzalo Paniagua Javier <gonzalo@ximian.com>
825 * DefaultAuthenticationModule.cs: set the IPrincipal for this thread
826 once we have a user. Fixes bug #59683.
828 2004-04-21 Gonzalo Paniagua Javier <gonzalo@ximian.com>
830 * FormsAuthenticationModule.cs: re-read configuration files if needed
831 when determining if forms auth. is used.
833 2004-01-23 Gonzalo Paniagua Javier <gonzalo@ximian.com>
835 * FormsAuthentication.cs: added RequireSSL and SlidingExpiration.
837 2004-01-11 Andreas Nahr <ClassDevelopment@A-SoftTech.com>
839 * PassportIdentity.cs: Added v 1.1 members
841 2003-11-25 Ben Maurer <bmaurer@users.sourceforge.net>
843 * AccessMembershipProvider.cs: New v2 file
844 * AccessRoleProvider.cs: New v2 file
845 * ADMembershipProvider.cs: New v2 file
846 * AnonymousIdentificationEventArgs.cs: New v2 file
847 * AnonymousIdentificationEventHandler.cs: New v2 file
848 * AnonymousIdentificationModule.cs: New v2 file
849 * CookieProtection.cs: New v2 file
850 * IMembershipProvider.cs: New v2 file
851 * IRoleProvider.cs: New v2 file
852 * Membership.cs: New v2 file
853 * MembershipCreateStatus.cs: New v2 file
854 * MembershipCreateUserException.cs: New v2 file
855 * MembershipOnlineStatus.cs: New v2 file
856 * MembershipPasswordException.cs: New v2 file
857 * MembershipPasswordFormat.cs: New v2 file
858 * MembershipProviderCollection.cs: New v2 file
859 * MembershipSortOptions.cs: New v2 file
860 * MembershipUser.cs: New v2 file
861 * MembershipUserCollection.cs: New v2 file
862 * RoleManagerEventArgs.cs: New v2 file
863 * RoleManagerEventHandler.cs: New v2 file
864 * RoleManagerModule.cs: New v2 file
865 * RolePrincipal.cs: New v2 file
866 * RoleProviderCollection.cs: New v2 file
867 * Roles.cs: New v2 file
868 * SqlMembershipProvider.cs: New v2 file
869 * SqlRoleProvider.cs: New v2 file
871 2003-11-05 Gonzalo Paniagua Javier <gonzalo@ximian.com>
873 * FormsAuthentication.cs: encoding updates.
875 2003-10-04 Gonzalo Paniagua Javier <gonzalo@ximian.com>
877 * FormsAuthenticationModule.cs: fixed for applications other than /.
879 2003-08-27 Gonzalo Paniagua Javier <gonzalo@ximian.com>
881 * UrlAuthorizationModule.cs: fixed description for status code.
883 2003-07-31 Gonzalo Paniagua Javier <gonzalo@ximian.com>
885 * FormsAuthenticationModule.cs: really renew the ticket. Thanks to
886 Jens Thiel <Jens@Thiel.DE>.
888 2003-02-13 Gonzalo Paniagua Javier <gonzalo@ximian.com>
890 * UrlAuthorizationModule.cs: tell the application not to run any other
891 step apart from EndRequest.
893 2003-02-12 Gonzalo Paniagua Javier <gonzalo@ximian.com>
895 * FormsAuthentication.cs: implemented RedirectFromLoginPage and
898 * FormsAuthenticationModule.cs: redirect to the login page when a 401
901 * UrlAuthorizationModule.cs: check for valid user or render error page.
903 2003-01-04 Gonzalo Paniagua Javier <gonzalo@ximian.com>
905 * DefaultAuthenticationModule.cs: implemented. It just create a default
906 unauthenticated user when no one else provided one.
908 * FormsAuthenticationModule.cs: removed debug output.
910 2002-12-20 Gonzalo Paniagua Javier <gonzalo@ximian.com>
912 * FormsAuthenticationModule.cs: remove debug lines.
914 2002-12-19 Gonzalo Paniagua Javier <gonzalo@ximian.com>
916 * FormsAuthentication.cs: return a null ticket when an exception is
917 thrown creating it. Implemented RenewTicketIfOld.
919 * FormsAuthenticationModule.cs: implemented event handlers for
920 AuthenticateRequest and EndRequest.
922 * FormsAuthenticationTicket.cs: implemented SetDates and Clone methods.
924 2002-12-18 Gonzalo Paniagua Javier <gonzalo@ximian.com>
926 * FormsAuthentication.cs: implemented GetAuthCookie, SetAuthCookie,
927 SignOut, FormsCookieName and FormsCookiePath.
929 2002-12-17 Gonzalo Paniagua Javier <gonzalo@ximian.com>
931 * FormsAuthentication.cs: implemented Authenticate, unencrypted Encrypt
932 and Decrypt, HashPasswordForStoringInConfigFile and Initialize.
934 * FormsAuthenticationTicket.cs: set cookiePath to the default when no
937 2002-08-26 Gonzalo Paniagua Javier <gonzalo@ximian.com>
939 * DefaultAuthenticationEventHandler.cs:
940 * DefaultAuthenticationModule.cs:
941 * FileAuthorizationModule.cs:
942 * FormsAuthentication.cs:
943 * FormsAuthenticationEventArgs.cs:
944 * FormsAuthenticationEventHandler.cs:
945 * FormsAuthenticationModule.cs:
946 * FormsAuthenticationTicket.cs:
948 * PassportAuthenticationEventArgs.cs:
949 * PassportAuthenticationEventHandler.cs:
950 * PassportAuthenticationModule.cs:
951 * PassportIdentity.cs:
952 * UrlAuthorizationModule.cs:
953 * WindowsAuthenticationEventArgs.cs:
954 * WindowsAuthenticationEventHandler.cs:
955 * WindowsAuthenticationModule.cs: new files. Some of them implemented,
956 some others stubbed out.
958 2002-06-03 Gonzalo Paniagua Javier <gonzalo@ximian.com>
960 * DefaultAuthenticationEventArgs.cs: added file.