2 // System.Web.Security.MembershipProvider
5 // Ben Maurer (bmaurer@users.sourceforge.net)
6 // Lluis Sanchez Gual (lluis@novell.com)
9 // Copyright (C) 2005 Novell, Inc (http://www.novell.com)
11 // Permission is hereby granted, free of charge, to any person obtaining
12 // a copy of this software and associated documentation files (the
13 // "Software"), to deal in the Software without restriction, including
14 // without limitation the rights to use, copy, modify, merge, publish,
15 // distribute, sublicense, and/or sell copies of the Software, and to
16 // permit persons to whom the Software is furnished to do so, subject to
17 // the following conditions:
19 // The above copyright notice and this permission notice shall be
20 // included in all copies or substantial portions of the Software.
22 // THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
23 // EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
24 // MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
25 // NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
26 // LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
27 // OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
28 // WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
32 using System.Configuration.Provider;
33 using System.Web.Configuration;
34 using System.Security.Cryptography;
37 namespace System.Web.Security
39 public abstract class MembershipProvider : ProviderBase
41 protected MembershipProvider ()
45 public abstract bool ChangePassword (string name, string oldPwd, string newPwd);
46 public abstract bool ChangePasswordQuestionAndAnswer (string name, string password, string newPwdQuestion, string newPwdAnswer);
47 public abstract MembershipUser CreateUser (string username, string password, string email, string pwdQuestion, string pwdAnswer, bool isApproved, object providerUserKey, out MembershipCreateStatus status);
48 public abstract bool DeleteUser (string name, bool deleteAllRelatedData);
49 public abstract MembershipUserCollection FindUsersByEmail (string emailToMatch, int pageIndex, int pageSize, out int totalRecords);
50 public abstract MembershipUserCollection FindUsersByName (string nameToMatch, int pageIndex, int pageSize, out int totalRecords);
51 public abstract MembershipUserCollection GetAllUsers (int pageIndex, int pageSize, out int totalRecords);
52 public abstract int GetNumberOfUsersOnline ();
53 public abstract string GetPassword (string name, string answer);
54 public abstract MembershipUser GetUser (string name, bool userIsOnline);
55 public abstract MembershipUser GetUser (object providerUserKey, bool userIsOnline);
56 public abstract string GetUserNameByEmail (string email);
57 public abstract string ResetPassword (string name, string answer);
58 public abstract void UpdateUser (MembershipUser user);
59 public abstract bool ValidateUser (string name, string password);
60 public abstract bool UnlockUser (string userName);
62 public abstract string ApplicationName { get; set; }
63 public abstract bool EnablePasswordReset { get; }
64 public abstract bool EnablePasswordRetrieval { get; }
65 public abstract bool RequiresQuestionAndAnswer { get; }
66 public abstract int MaxInvalidPasswordAttempts { get; }
67 public abstract int MinRequiredNonAlphanumericCharacters { get; }
68 public abstract int MinRequiredPasswordLength { get; }
69 public abstract int PasswordAttemptWindow { get; }
70 public abstract MembershipPasswordFormat PasswordFormat { get; }
71 public abstract string PasswordStrengthRegularExpression { get; }
72 public abstract bool RequiresUniqueEmail { get; }
74 protected virtual void OnValidatingPassword (ValidatePasswordEventArgs args)
76 if (ValidatingPassword != null)
77 ValidatingPassword (this, args);
80 SymmetricAlgorithm GetAlg (out byte [] decryptionKey)
82 MachineKeySection section = (MachineKeySection) WebConfigurationManager.GetSection ("system.web/machineKey");
84 if (section.DecryptionKey.StartsWith ("AutoGenerate"))
85 throw new ProviderException ("You must explicitly specify a decryption key in the <machineKey> section when using encrypted passwords.");
87 string alg_type = section.Decryption;
88 if (alg_type == "Auto")
91 SymmetricAlgorithm alg = null;
92 if (alg_type == "AES")
93 alg = Rijndael.Create ();
94 else if (alg_type == "3DES")
95 alg = TripleDES.Create ();
97 throw new ProviderException (String.Format ("Unsupported decryption attribute '{0}' in <machineKey> configuration section", alg_type));
99 decryptionKey = MachineKeySectionUtils.DecryptionKey192Bits (section);
103 internal const int SALT_BYTES = 16;
104 protected virtual byte [] DecryptPassword (byte [] encodedPassword)
106 byte [] decryptionKey;
108 using (SymmetricAlgorithm alg = GetAlg (out decryptionKey)) {
109 alg.Key = decryptionKey;
111 using (ICryptoTransform decryptor = alg.CreateDecryptor ()) {
113 byte [] buf = decryptor.TransformFinalBlock (encodedPassword, 0, encodedPassword.Length);
114 byte [] rv = new byte [buf.Length - SALT_BYTES];
116 Array.Copy (buf, 16, rv, 0, buf.Length - 16);
122 protected virtual byte[] EncryptPassword (byte[] password)
124 byte [] decryptionKey;
125 byte [] iv = new byte [SALT_BYTES];
127 Array.Copy (password, 0, iv, 0, Math.Min(password.Length, SALT_BYTES));
129 using (SymmetricAlgorithm alg = GetAlg (out decryptionKey)) {
130 using (ICryptoTransform encryptor = alg.CreateEncryptor (decryptionKey, iv)) {
131 return encryptor.TransformFinalBlock (password, 0, password.Length);
136 public event MembershipValidatePasswordEventHandler ValidatingPassword;