2 // System.Web.Security.Membership
5 // Ben Maurer (bmaurer@users.sourceforge.net)
6 // Lluis Sanchez Gual (lluis@novell.com)
9 // (C) 2005 Novell, inc.
13 // Permission is hereby granted, free of charge, to any person obtaining
14 // a copy of this software and associated documentation files (the
15 // "Software"), to deal in the Software without restriction, including
16 // without limitation the rights to use, copy, modify, merge, publish,
17 // distribute, sublicense, and/or sell copies of the Software, and to
18 // permit persons to whom the Software is furnished to do so, subject to
19 // the following conditions:
21 // The above copyright notice and this permission notice shall be
22 // included in all copies or substantial portions of the Software.
24 // THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
25 // EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
26 // MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
27 // NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
28 // LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
29 // OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
30 // WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
34 using System.Collections;
35 using System.Collections.Specialized;
37 using System.Web.Configuration;
38 using System.Configuration;
39 using System.Security.Cryptography;
41 namespace System.Web.Security
43 public static class Membership
46 const string Membership_providers = "Membership.providers";
47 static MembershipProviderCollection providers {
49 object o = AppDomain.CurrentDomain.GetData (Membership_providers);
51 lock (AppDomain.CurrentDomain) {
52 o = AppDomain.CurrentDomain.GetData (Membership_providers);
54 MembershipSection section = (MembershipSection) WebConfigurationManager.GetSection ("system.web/membership");
55 MembershipProviderCollection local_providers = new MembershipProviderCollection ();
56 ProvidersHelper.InstantiateProviders (section.Providers, local_providers, typeof (MembershipProvider));
57 AppDomain.CurrentDomain.SetData (Membership_providers, local_providers);
63 return (MembershipProviderCollection) o;
66 static MembershipProvider provider {
68 MembershipSection section = (MembershipSection) WebConfigurationManager.GetSection ("system.web/membership");
69 MembershipProvider p = providers [section.DefaultProvider];
71 throw new ConfigurationErrorsException ("Default Membership Provider could not be found: Cannot instantiate provider: '" + section.DefaultProvider + "'.");
75 static int onlineTimeWindow {
77 MembershipSection section = (MembershipSection) WebConfigurationManager.GetSection ("system.web/membership");
78 return (int) section.UserIsOnlineTimeWindow.TotalMinutes;
82 static MembershipProviderCollection providers;
83 static MembershipProvider provider;
84 static int onlineTimeWindow;
88 MembershipSection section = (MembershipSection) WebConfigurationManager.GetSection ("system.web/membership");
90 providers = new MembershipProviderCollection ();
92 ProvidersHelper.InstantiateProviders (section.Providers, providers, typeof (MembershipProvider));
94 provider = providers[section.DefaultProvider];
96 onlineTimeWindow = (int) section.UserIsOnlineTimeWindow.TotalMinutes;
100 public static MembershipUser CreateUser (string username, string password)
102 return CreateUser (username, password, null);
105 public static MembershipUser CreateUser (string username, string password, string email)
107 MembershipCreateStatus status;
108 MembershipUser usr = CreateUser (username, password, email, null, null, true, out status);
110 throw new MembershipCreateUserException (status);
115 public static MembershipUser CreateUser (string username, string password, string email, string pwdQuestion, string pwdAnswer, bool isApproved, out MembershipCreateStatus status)
117 return Provider.CreateUser (username, password, email, pwdQuestion, pwdAnswer, isApproved, null, out status);
120 public static MembershipUser CreateUser (string username, string password, string email, string pwdQuestion, string pwdAnswer, bool isApproved, object providerUserKey, out MembershipCreateStatus status)
122 return Provider.CreateUser (username, password, email, pwdQuestion, pwdAnswer, isApproved, providerUserKey, out status);
125 public static bool DeleteUser (string username)
127 return Provider.DeleteUser (username, true);
130 public static bool DeleteUser (string username, bool deleteAllRelatedData)
132 return Provider.DeleteUser (username, deleteAllRelatedData);
135 public static string GeneratePassword (int length, int numberOfNonAlphanumericCharacters)
137 RandomNumberGenerator rng = RandomNumberGenerator.Create ();
138 byte[] pass_bytes = new byte[length];
140 int num_nonalpha = 0;
142 rng.GetBytes (pass_bytes);
144 for (i = 0; i < length; i ++) {
145 /* convert the random bytes to ascii values 33-126 */
146 pass_bytes[i] = (byte)(pass_bytes[i] % 93 + 33);
148 /* and count the number of
149 * non-alphanumeric characters we have
151 if ((pass_bytes[i] >= 33 && pass_bytes[i] <= 47)
152 || (pass_bytes[i] >= 58 && pass_bytes[i] <= 64)
153 || (pass_bytes[i] >= 91 && pass_bytes[i] <= 96)
154 || (pass_bytes[i] >= 123 && pass_bytes[i] <= 126))
157 /* get rid of any quotes in the
158 * password, just in case they cause
160 if (pass_bytes[i] == 34 || pass_bytes[i] == 39)
162 else if (pass_bytes[i] == 96)
166 if (num_nonalpha < numberOfNonAlphanumericCharacters) {
167 /* loop over the array, converting the
168 * least number of alphanumeric
169 * characters to non-alpha */
170 for (i = 0; i < length; i ++) {
171 if (num_nonalpha == numberOfNonAlphanumericCharacters)
173 if (pass_bytes[i] >= 48 && pass_bytes[i] <= 57) {
174 pass_bytes[i] = (byte)(pass_bytes[i] - 48 + 33);
177 else if (pass_bytes[i] >= 65 && pass_bytes[i] <= 90) {
178 pass_bytes[i] = (byte)((pass_bytes[i] - 65) % 13 + 33);
181 else if (pass_bytes[i] >= 97 && pass_bytes[i] <= 122) {
182 pass_bytes[i] = (byte)((pass_bytes[i] - 97) % 13 + 33);
186 /* and make sure we don't end up with quote characters */
187 if (pass_bytes[i] == 34 || pass_bytes[i] == 39)
189 else if (pass_bytes[i] == 96)
194 return Encoding.ASCII.GetString (pass_bytes);
197 public static MembershipUserCollection GetAllUsers ()
200 return GetAllUsers (0, int.MaxValue, out total);
203 public static MembershipUserCollection GetAllUsers (int pageIndex, int pageSize, out int totalRecords)
205 return Provider.GetAllUsers (pageIndex, pageSize, out totalRecords);
208 public static int GetNumberOfUsersOnline ()
210 return Provider.GetNumberOfUsersOnline ();
213 public static MembershipUser GetUser ()
215 return GetUser (HttpContext.Current.User.Identity.Name, true);
218 public static MembershipUser GetUser (bool userIsOnline)
220 return GetUser (HttpContext.Current.User.Identity.Name, userIsOnline);
223 public static MembershipUser GetUser (string username)
225 return GetUser (username, false);
228 public static MembershipUser GetUser (string username, bool userIsOnline)
230 return Provider.GetUser (username, userIsOnline);
233 public static MembershipUser GetUser (object providerUserKey)
235 return GetUser (providerUserKey, false);
238 public static MembershipUser GetUser (object providerUserKey, bool userIsOnline)
240 return Provider.GetUser (providerUserKey, userIsOnline);
243 public static string GetUserNameByEmail (string email)
245 return Provider.GetUserNameByEmail (email);
248 public static void UpdateUser (MembershipUser user)
250 Provider.UpdateUser (user);
253 public static bool ValidateUser (string username, string password)
255 return Provider.ValidateUser (username, password);
258 public static MembershipUserCollection FindUsersByEmail (string emailToMatch)
261 return Provider.FindUsersByEmail (emailToMatch, 0, int.MaxValue, out totalRecords);
264 public static MembershipUserCollection FindUsersByEmail (string emailToMatch, int pageIndex, int pageSize, out int totalRecords)
266 return Provider.FindUsersByEmail (emailToMatch, pageIndex, pageSize, out totalRecords);
269 public static MembershipUserCollection FindUsersByName (string nameToMatch)
272 return Provider.FindUsersByName (nameToMatch, 0, int.MaxValue, out totalRecords);
275 public static MembershipUserCollection FindUsersByName (string nameToMatch, int pageIndex, int pageSize, out int totalRecords)
277 return Provider.FindUsersByName (nameToMatch, pageIndex, pageSize, out totalRecords);
280 public static string ApplicationName {
281 get { return Provider.ApplicationName; }
282 set { Provider.ApplicationName = value; }
285 public static bool EnablePasswordReset {
286 get { return Provider.EnablePasswordReset; }
289 public static bool EnablePasswordRetrieval {
290 get { return Provider.EnablePasswordRetrieval; }
293 public static bool RequiresQuestionAndAnswer {
294 get { return Provider.RequiresQuestionAndAnswer; }
297 public static int MaxInvalidPasswordAttempts {
298 get { return Provider.MaxInvalidPasswordAttempts; }
301 public static int MinRequiredNonAlphanumericCharacters {
302 get { return Provider.MinRequiredNonAlphanumericCharacters; }
305 public static int MinRequiredPasswordLength {
306 get { return Provider.MinRequiredPasswordLength; }
309 public static int PasswordAttemptWindow {
310 get { return Provider.PasswordAttemptWindow; }
313 public static string PasswordStrengthRegularExpression {
314 get { return Provider.PasswordStrengthRegularExpression; }
317 public static MembershipProvider Provider {
318 get { return provider; }
321 public static MembershipProviderCollection Providers {
322 get { return providers; }
325 public static int UserIsOnlineTimeWindow {
326 get { return onlineTimeWindow; }
329 public static event MembershipValidatePasswordEventHandler ValidatingPassword {
330 add { Provider.ValidatingPassword += value; }
331 remove { Provider.ValidatingPassword -= value; }