mcs/class/System.Web/System.Web.Security/Membership.cs

   1 //
   2 // System.Web.Security.Membership
   3 //
   4 // Authors:
   5 //      Ben Maurer (bmaurer@users.sourceforge.net)
   6 //      Lluis Sanchez Gual (lluis@novell.com)
   7 //
   8 // (C) 2003 Ben Maurer
   9 // (C) 2005 Novell, inc.
  10 //
  11
  12 //
  13 // Permission is hereby granted, free of charge, to any person obtaining
  14 // a copy of this software and associated documentation files (the
  15 // "Software"), to deal in the Software without restriction, including
  16 // without limitation the rights to use, copy, modify, merge, publish,
  17 // distribute, sublicense, and/or sell copies of the Software, and to
  18 // permit persons to whom the Software is furnished to do so, subject to
  19 // the following conditions:
  20 //
  21 // The above copyright notice and this permission notice shall be
  22 // included in all copies or substantial portions of the Software.
  23 //
  24 // THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
  25 // EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
  26 // MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
  27 // NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
  28 // LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
  29 // OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
  30 // WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
  31 //
  32
  33 #if NET_2_0
  34 using System.Collections;
  35 using System.Collections.Specialized;
  36 using System.Text;
  37 using System.Web.Configuration;
  38 using System.Configuration;
  39 using System.Security.Cryptography;
  40
  41 namespace System.Web.Security
  42 {
  43         public static class Membership
  44         {
  45 #if TARGET_J2EE
  46                 const string Membership_providers = "Membership.providers";
  47                 static MembershipProviderCollection providers {
  48                         get {
  49                                 object o = AppDomain.CurrentDomain.GetData (Membership_providers);
  50                                 if (o == null) {
  51                                         lock (AppDomain.CurrentDomain) {
  52                                                 o = AppDomain.CurrentDomain.GetData (Membership_providers);
  53                                                 if (o == null) {
  54                                                         MembershipSection section = (MembershipSection) WebConfigurationManager.GetSection ("system.web/membership");
  55                                                         MembershipProviderCollection local_providers = new MembershipProviderCollection ();
  56                                                         ProvidersHelper.InstantiateProviders (section.Providers, local_providers, typeof (MembershipProvider));
  57                                                         AppDomain.CurrentDomain.SetData (Membership_providers, local_providers);
  58                                                         o = local_providers;
  59                                                 }
  60                                         }
  61                                 }
  62
  63                                 return (MembershipProviderCollection) o;
  64                         }
  65                 }
  66                 static MembershipProvider provider {
  67                         get {
  68                                 MembershipSection section = (MembershipSection) WebConfigurationManager.GetSection ("system.web/membership");
  69                                 MembershipProvider p = providers [section.DefaultProvider];
  70                                 if (p == null)
  71                                         throw new ConfigurationErrorsException ("Default Membership Provider could not be found: Cannot instantiate provider: '" + section.DefaultProvider + "'.");
  72                                 return p;
  73                         }
  74                 }
  75                 static int onlineTimeWindow {
  76                         get {
  77                                 MembershipSection section = (MembershipSection) WebConfigurationManager.GetSection ("system.web/membership");
  78                                 return (int) section.UserIsOnlineTimeWindow.TotalMinutes;
  79                         }
  80                 }
  81                 static string hashAlgorithmType {
  82                         get {
  83                                 MembershipSection section = (MembershipSection) WebConfigurationManager.GetSection ("system.web/membership");
  84                                 string ret = section.HashAlgorithmType;
  85
  86                                 if (ret == String.Empty) {
  87                                         MachineKeySection mks = WebConfigurationManager.GetSection ("system.web/machineKey") as MachineKeySection;
  88                                         return mks.Validation;
  89                                 }
  90
  91                                 return ret;
  92                         }
  93                 }
  94
  95 #else
  96                 static MembershipProviderCollection providers;
  97                 static MembershipProvider provider;
  98                 static int onlineTimeWindow;
  99                 static string hashAlgorithmType;
 100
 101                 static Membership ()
 102                 {
 103                         MembershipSection section = (MembershipSection) WebConfigurationManager.GetSection ("system.web/membership");
 104
 105                         providers = new MembershipProviderCollection ();
 106
 107                         ProvidersHelper.InstantiateProviders (section.Providers, providers, typeof (MembershipProvider));
 108
 109                         provider = providers[section.DefaultProvider];
 110
 111                         onlineTimeWindow = (int) section.UserIsOnlineTimeWindow.TotalMinutes;
 112                         hashAlgorithmType = section.HashAlgorithmType;
 113                         if (String.IsNullOrEmpty (hashAlgorithmType)) {
 114                                 MachineKeySection mks = WebConfigurationManager.GetSection ("system.web/machineKey") as MachineKeySection;
 115                                 MachineKeyValidationConverter cvt = new MachineKeyValidationConverter ();
 116                                 hashAlgorithmType = cvt.ConvertTo (null, null, mks.Validation, typeof (string)) as string;
 117                         }
 118
 119                         if (String.IsNullOrEmpty (hashAlgorithmType))
 120                                 hashAlgorithmType = "SHA1";
 121                 }
 122 #endif
 123
 124                 public static MembershipUser CreateUser (string username, string password)
 125                 {
 126                         return CreateUser (username, password, null);
 127                 }
 128
 129                 public static MembershipUser CreateUser (string username, string password, string email)
 130                 {
 131                         MembershipCreateStatus status;
 132                         MembershipUser usr = CreateUser (username, password, email, null, null, true, out status);
 133                         if (usr == null)
 134                                 throw new MembershipCreateUserException (status);
 135
 136                         return usr;
 137                 }
 138
 139                 public static MembershipUser CreateUser (string username, string password, string email, string pwdQuestion, string pwdAnswer, bool isApproved, out MembershipCreateStatus status)
 140                 {
 141                         return CreateUser (username, password, email, pwdQuestion, pwdAnswer, isApproved, null, out status);
 142                 }
 143
 144                 public static MembershipUser CreateUser (string username, string password, string email, string pwdQuestion, string pwdAnswer, bool isApproved, object providerUserKey, out MembershipCreateStatus status)
 145                 {
 146                         if (String.IsNullOrEmpty (username)) {
 147                                 status = MembershipCreateStatus.InvalidUserName;
 148                                 return null;
 149                         }
 150
 151                         if (String.IsNullOrEmpty (password)) {
 152                                 status = MembershipCreateStatus.InvalidPassword;
 153                                 return null;
 154                         }
 155
 156                         return Provider.CreateUser (username, password, email, pwdQuestion, pwdAnswer, isApproved, providerUserKey, out status);
 157                 }
 158
 159                 public static bool DeleteUser (string username)
 160                 {
 161                         return Provider.DeleteUser (username, true);
 162                 }
 163
 164                 public static bool DeleteUser (string username, bool deleteAllRelatedData)
 165                 {
 166                         return Provider.DeleteUser (username, deleteAllRelatedData);
 167                 }
 168
 169                 public static string GeneratePassword (int length, int numberOfNonAlphanumericCharacters)
 170                 {
 171                         RandomNumberGenerator rng = RandomNumberGenerator.Create ();
 172                         byte[] pass_bytes = new byte[length];
 173                         int i;
 174                         int num_nonalpha = 0;
 175
 176                         rng.GetBytes (pass_bytes);
 177
 178                         for (i = 0; i < length; i ++) {
 179                                 /* convert the random bytes to ascii values 33-126 */
 180                                 pass_bytes[i] = (byte)(pass_bytes[i] % 93 + 33);
 181
 182                                 /* and count the number of
 183                                  * non-alphanumeric characters we have
 184                                  * as we go */
 185                                 if ((pass_bytes[i] >= 33 && pass_bytes[i] <= 47)
 186                                     || (pass_bytes[i] >= 58 && pass_bytes[i] <= 64)
 187                                     || (pass_bytes[i] >= 91 && pass_bytes[i] <= 96)
 188                                     || (pass_bytes[i] >= 123 && pass_bytes[i] <= 126))
 189                                         num_nonalpha++;
 190
 191                                 /* get rid of any quotes in the
 192                                  * password, just in case they cause
 193                                  * problems */
 194                                 if (pass_bytes[i] == 34 || pass_bytes[i] == 39)
 195                                         pass_bytes[i] ++;
 196                                 else if (pass_bytes[i] == 96)
 197                                         pass_bytes[i] --;
 198                         }
 199
 200                         if (num_nonalpha < numberOfNonAlphanumericCharacters) {
 201                                 /* loop over the array, converting the
 202                                  * least number of alphanumeric
 203                                  * characters to non-alpha */
 204                                 for (i = 0; i < length; i ++) {
 205                                         if (num_nonalpha == numberOfNonAlphanumericCharacters)
 206                                                 break;
 207                                         if (pass_bytes[i] >= 48 && pass_bytes[i] <= 57) {
 208                                                 pass_bytes[i] = (byte)(pass_bytes[i] - 48 + 33);
 209                                                 num_nonalpha++;
 210                                         }
 211                                         else if (pass_bytes[i] >= 65 && pass_bytes[i] <= 90) {
 212                                                 pass_bytes[i] = (byte)((pass_bytes[i] - 65) % 13 + 33);
 213                                                 num_nonalpha++;
 214                                         }
 215                                         else if (pass_bytes[i] >= 97 && pass_bytes[i] <= 122) {
 216                                                 pass_bytes[i] = (byte)((pass_bytes[i] - 97) % 13 + 33);
 217                                                 num_nonalpha++;
 218                                         }
 219
 220                                         /* and make sure we don't end up with quote characters */
 221                                         if (pass_bytes[i] == 34 || pass_bytes[i] == 39)
 222                                                 pass_bytes[i]++;
 223                                         else if (pass_bytes[i] == 96)
 224                                                 pass_bytes[i] --;
 225                                 }
 226                         }
 227
 228                         return Encoding.ASCII.GetString (pass_bytes);
 229                 }
 230
 231                 public static MembershipUserCollection GetAllUsers ()
 232                 {
 233                         int total;
 234                         return GetAllUsers (0, int.MaxValue, out total);
 235                 }
 236
 237                 public static MembershipUserCollection GetAllUsers (int pageIndex, int pageSize, out int totalRecords)
 238                 {
 239                         return Provider.GetAllUsers (pageIndex, pageSize, out totalRecords);
 240                 }
 241
 242                 public static int GetNumberOfUsersOnline ()
 243                 {
 244                         return Provider.GetNumberOfUsersOnline ();
 245                 }
 246
 247                 public static MembershipUser GetUser ()
 248                 {
 249                         return GetUser (HttpContext.Current.User.Identity.Name, true);
 250                 }
 251
 252                 public static MembershipUser GetUser (bool userIsOnline)
 253                 {
 254                         return GetUser (HttpContext.Current.User.Identity.Name, userIsOnline);
 255                 }
 256
 257                 public static MembershipUser GetUser (string username)
 258                 {
 259                         return GetUser (username, false);
 260                 }
 261
 262                 public static MembershipUser GetUser (string username, bool userIsOnline)
 263                 {
 264                         return Provider.GetUser (username, userIsOnline);
 265                 }
 266
 267                 public static MembershipUser GetUser (object providerUserKey)
 268                 {
 269                         return GetUser (providerUserKey, false);
 270                 }
 271
 272                 public static MembershipUser GetUser (object providerUserKey, bool userIsOnline)
 273                 {
 274                         return Provider.GetUser (providerUserKey, userIsOnline);
 275                 }
 276
 277                 public static string GetUserNameByEmail (string email)
 278                 {
 279                         return Provider.GetUserNameByEmail (email);
 280                 }
 281
 282                 public static void UpdateUser (MembershipUser user)
 283                 {
 284                         Provider.UpdateUser (user);
 285                 }
 286
 287                 public static bool ValidateUser (string username, string password)
 288                 {
 289                         return Provider.ValidateUser (username, password);
 290                 }
 291
 292                 public static MembershipUserCollection FindUsersByEmail (string emailToMatch)
 293                 {
 294                         int totalRecords;
 295                         return Provider.FindUsersByEmail (emailToMatch, 0, int.MaxValue, out totalRecords);
 296                 }
 297
 298                 public static MembershipUserCollection FindUsersByEmail (string emailToMatch, int pageIndex, int pageSize, out int totalRecords)
 299                 {
 300                         return Provider.FindUsersByEmail (emailToMatch, pageIndex, pageSize, out totalRecords);
 301                 }
 302
 303                 public static MembershipUserCollection FindUsersByName (string nameToMatch)
 304                 {
 305                         int totalRecords;
 306                         return Provider.FindUsersByName (nameToMatch, 0, int.MaxValue, out totalRecords);
 307                 }
 308
 309                 public static MembershipUserCollection FindUsersByName (string nameToMatch, int pageIndex, int pageSize, out int totalRecords)
 310                 {
 311                         return Provider.FindUsersByName (nameToMatch, pageIndex, pageSize, out totalRecords);
 312                 }
 313
 314                 public static string ApplicationName {
 315                         get { return Provider.ApplicationName; }
 316                         set { Provider.ApplicationName = value; }
 317                 }
 318
 319                 public static bool EnablePasswordReset {
 320                         get { return Provider.EnablePasswordReset; }
 321                 }
 322
 323                 public static bool EnablePasswordRetrieval {
 324                         get { return Provider.EnablePasswordRetrieval; }
 325                 }
 326
 327                 public static string HashAlgorithmType {
 328                         get { return hashAlgorithmType; }
 329                 }
 330
 331                 public static bool RequiresQuestionAndAnswer {
 332                         get { return Provider.RequiresQuestionAndAnswer; }
 333                 }
 334
 335                 public static int MaxInvalidPasswordAttempts {
 336                         get { return Provider.MaxInvalidPasswordAttempts; }
 337                 }
 338
 339                 public static int MinRequiredNonAlphanumericCharacters {
 340                         get { return Provider.MinRequiredNonAlphanumericCharacters; }
 341                 }
 342
 343                 public static int MinRequiredPasswordLength {
 344                         get { return Provider.MinRequiredPasswordLength; }
 345                 }
 346
 347                 public static int PasswordAttemptWindow {
 348                         get { return Provider.PasswordAttemptWindow; }
 349                 }
 350
 351                 public static string PasswordStrengthRegularExpression {
 352                         get { return Provider.PasswordStrengthRegularExpression; }
 353                 }
 354
 355                 public static MembershipProvider Provider {
 356                         get { return provider; }
 357                 }
 358
 359                 public static MembershipProviderCollection Providers {
 360                         get { return providers; }
 361                 }
 362
 363                 public static int UserIsOnlineTimeWindow {
 364                         get { return onlineTimeWindow; }
 365                 }
 366
 367                 public static event MembershipValidatePasswordEventHandler ValidatingPassword {
 368                         add { Provider.ValidatingPassword += value; }
 369                         remove { Provider.ValidatingPassword -= value; }
 370                 }
 371         }
 372 }
 373 #endif
 374