2 // System.Web.Security.MembershipProvider
5 // Ben Maurer (bmaurer@users.sourceforge.net)
6 // Lluis Sanchez Gual (lluis@novell.com)
9 // Copyright (C) 2005 Novell, Inc (http://www.novell.com)
11 // Permission is hereby granted, free of charge, to any person obtaining
12 // a copy of this software and associated documentation files (the
13 // "Software"), to deal in the Software without restriction, including
14 // without limitation the rights to use, copy, modify, merge, publish,
15 // distribute, sublicense, and/or sell copies of the Software, and to
16 // permit persons to whom the Software is furnished to do so, subject to
17 // the following conditions:
19 // The above copyright notice and this permission notice shall be
20 // included in all copies or substantial portions of the Software.
22 // THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
23 // EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
24 // MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
25 // NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
26 // LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
27 // OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
28 // WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
32 using System.Configuration.Provider;
33 using System.Web.Configuration;
34 using System.Security.Cryptography;
37 namespace System.Web.Security
39 public abstract class MembershipProvider : ProviderBase
41 protected MembershipProvider ()
45 public abstract bool ChangePassword (string name, string oldPwd, string newPwd);
46 public abstract bool ChangePasswordQuestionAndAnswer (string name, string password, string newPwdQuestion, string newPwdAnswer);
47 public abstract MembershipUser CreateUser (string username, string password, string email, string pwdQuestion, string pwdAnswer, bool isApproved, object providerUserKey, out MembershipCreateStatus status);
48 public abstract bool DeleteUser (string name, bool deleteAllRelatedData);
49 public abstract MembershipUserCollection FindUsersByEmail (string emailToMatch, int pageIndex, int pageSize, out int totalRecords);
50 public abstract MembershipUserCollection FindUsersByName (string nameToMatch, int pageIndex, int pageSize, out int totalRecords);
51 public abstract MembershipUserCollection GetAllUsers (int pageIndex, int pageSize, out int totalRecords);
52 public abstract int GetNumberOfUsersOnline ();
53 public abstract string GetPassword (string name, string answer);
54 public abstract MembershipUser GetUser (string name, bool userIsOnline);
55 public abstract MembershipUser GetUser (object providerUserKey, bool userIsOnline);
56 public abstract string GetUserNameByEmail (string email);
57 public abstract string ResetPassword (string name, string answer);
58 public abstract void UpdateUser (MembershipUser user);
59 public abstract bool ValidateUser (string name, string password);
60 public abstract bool UnlockUser (string userName);
62 public abstract string ApplicationName { get; set; }
63 public abstract bool EnablePasswordReset { get; }
64 public abstract bool EnablePasswordRetrieval { get; }
65 public abstract bool RequiresQuestionAndAnswer { get; }
66 public abstract int MaxInvalidPasswordAttempts { get; }
67 public abstract int MinRequiredNonAlphanumericCharacters { get; }
68 public abstract int MinRequiredPasswordLength { get; }
69 public abstract int PasswordAttemptWindow { get; }
70 public abstract MembershipPasswordFormat PasswordFormat { get; }
71 public abstract string PasswordStrengthRegularExpression { get; }
72 public abstract bool RequiresUniqueEmail { get; }
74 protected virtual void OnValidatingPassword (ValidatePasswordEventArgs args)
76 if (ValidatingPassword != null)
77 ValidatingPassword (this, args);
80 protected virtual byte[] DecryptPassword (byte[] encodedPassword)
82 throw new NotImplementedException ();
85 protected virtual byte[] EncryptPassword (byte[] password)
87 throw new NotImplementedException ();
90 public event MembershipValidatePasswordEventHandler ValidatingPassword;
92 internal string EncodePassword (string password, MembershipPasswordFormat passwordFormat, string salt)
94 byte[] password_bytes;
97 switch (passwordFormat) {
98 case MembershipPasswordFormat.Clear:
100 case MembershipPasswordFormat.Hashed:
101 password_bytes = Encoding.Unicode.GetBytes (password);
102 salt_bytes = Convert.FromBase64String (salt);
104 byte[] hashBytes = new byte[salt_bytes.Length + password_bytes.Length];
106 Buffer.BlockCopy (salt_bytes, 0, hashBytes, 0, salt_bytes.Length);
107 Buffer.BlockCopy (password_bytes, 0, hashBytes, salt_bytes.Length, password_bytes.Length);
109 MembershipSection section = (MembershipSection)WebConfigurationManager.GetSection ("system.web/membership");
110 string alg_type = section.HashAlgorithmType;
111 if (alg_type == "") {
112 MachineKeySection keysection = (MachineKeySection)WebConfigurationManager.GetSection ("system.web/machineKey");
113 alg_type = keysection.Validation.ToString ();
115 using (HashAlgorithm hash = HashAlgorithm.Create (alg_type)) {
116 hash.TransformFinalBlock (hashBytes, 0, hashBytes.Length);
117 return Convert.ToBase64String (hash.Hash);
119 case MembershipPasswordFormat.Encrypted:
120 password_bytes = Encoding.Unicode.GetBytes (password);
121 salt_bytes = Convert.FromBase64String (salt);
123 byte[] buf = new byte[password_bytes.Length + salt_bytes.Length];
125 Array.Copy (salt_bytes, 0, buf, 0, salt_bytes.Length);
126 Array.Copy (password_bytes, 0, buf, salt_bytes.Length, password_bytes.Length);
128 return Convert.ToBase64String (EncryptPassword (buf));
135 internal string DecodePassword (string password, MembershipPasswordFormat passwordFormat)
137 switch (passwordFormat) {
138 case MembershipPasswordFormat.Clear:
140 case MembershipPasswordFormat.Hashed:
141 throw new ProviderException ("Hashed passwords cannot be decoded.");
142 case MembershipPasswordFormat.Encrypted:
143 return Encoding.Unicode.GetString (DecryptPassword (Convert.FromBase64String (password)));