+2006-09-10 Konstantin Triger <kostat@mainsoft.com>
+
+ * SqlRoleProvider.cs: throw on empty connection string.
+
+2006-09-26 Vladimir Krasnov <vladimirk@mainsoft.com>
+
+ * Membership.cs: fixed GetAllUsers, typo bug
+ * SqlRoleProvider.cs, SqlMembershipProvider.cs: refactored to use
+ aspnetdb built in stored procedures,
+ fixed application name and membership relation,
+ improved exception handling
+
+2006-09-03 Igor Zelmanovich <igorz@mainsoft.com>
+
+ * RolePrincipal.cs: refactoring: instance can be serialized.
+
+2006-09-03 Igor Zelmanovich <igorz@mainsoft.com>
+
+ * SqlMembershipProvider.cs: fixed GetUser,
+ when username is String.Empty methods returns null.
+
+2006-08-31 Konstantin Triger <kostat@mainsoft.com>
+
+ * SqlRoleProvider.cs: fixed initialization.
+
+2006-08-31 Igor Zelmanovich <igorz@mainsoft.com>
+
+ * SqlMembershipProvider.cs: fixed CreateUser,
+ password is checked, properties MinRequiredPasswordLength and
+ MinRequiredNonAlphanumericCharacters are considered.
+
+2006-08-29 Konstantin Triger <kostat@mainsoft.com>
+
+ * SqlMembershipProvider.cs: fix dispose order of reader vs connection.
+
+2006-08-28 Igor Zelmanovich <igorz@mainsoft.com>
+
+ * SqlMembershipProvider.cs: fixed CreateUser, parameter isApproved is
+ considered.
+
+2006-08-28 Konstantin Triger <kostat@mainsoft.com>
+
+ * SqlMembershipProvider.cs: ensure GetUser() returns null if it cannot
+ retrieve user information.
+
+2006-08-28 Konstantin Triger <kostat@mainsoft.com>
+
+ * SqlRoleProvider.cs, SqlMembershipProvider.cs:
+ "use SqlClientFactory in case the ProviderName is not specified.
+
+2006-08-27 Konstantin Triger <kostat@mainsoft.com>
+
+ * SqlRoleProvider.cs: enable concurrent usage, refactoring.
+
+2006-08-27 Konstantin Triger <kostat@mainsoft.com>
+
+ * SqlMembershipProvider.cs: enable concurrent usage, refactoring.
+
+2006-08-27 Vladimir Krasnov <vladimirk@mainsoft.com>
+
+ * SqlMembershipProvider.cs: fixed ValidateUser, bug when user
+ not exists
+
+2006-08-14 Gonzalo Paniagua Javier <gonzalo@ximian.com>
+
+ * FormsAuthentication.cs: set the Secure attribute of the authentication
+ cookie when required.
+
+2006-07-06 Konstantin Triger <kostat@mainsoft.com>
+
+ * FormsAuthentication.cs: Ensure initialized, fix url mapping.
+
+2006-05-03 Chris Toshok <toshok@ximian.com>
+
+ * SqlMembershipProvider.cs (GetAlg): move this here for the time
+ being, as it's the only class that uses it.
+ (HashAndBase64Encode): nuke.
+ (EncryptAndBase64Encode): nuke.
+ (Base64DecodeAndDecrypt): nuke.
+ (DecryptPassword): new function.
+ (EncryptPassword): new function.
+ (ChangePassword): replace the switch with a call to
+ EncodePassword.
+ (ChangePasswordQuestionAndAnswer): same.
+ (CreateUser): same.
+ (ResetPassword): same.
+ (ValidateUsingPassword): same.
+ (ValidateUsingPasswordAnswer): same.
+ (GetPassword): same, and throw MembershipPasswordException if the
+ password answer is incorrect.
+
+ * MembershipProvider.cs (InitVector): nuke this. it's actually
+ the salt from the database (for the sql provider, anyway).
+ (EncodePassword): based on the password format, password, and
+ salt, encode it. Makes use of EncryptPassword.
+ (DecodePassword): likewise for decoding, makes use of
+ DecryptPassword.
+ (DecryptPassword): revert this to throwing
+ NotImplementedException, as the sql provideroverrides it to
+ perform the actual decryption.
+ (EncryptPassword): same.
+
+2006-05-02 Chris Toshok <toshok@ximian.com>
+
+ * SqlMembershipProvider.cs: 85% complete, maybe more. The major
+ functionality should work. Password retrieval (and encrypted
+ passwords in general) is untested.
+
+2006-05-01 Chris Toshok <toshok@ximian.com>
+
+ * Membership.cs (GeneratePassword): don't include quotes (',",`)
+ in the set of characters in the generated passwords.
+
+2006-05-01 Chris Toshok <toshok@ximian.com>
+
+ * MembershipProvider.cs (GetAlg): switch from Exception to
+ ProviderException to match MS behavior (and fix the unit test.)
+
+ * Membership.cs (GeneratePassword): implement.
+
+2006-05-01 Chris Toshok <toshok@ximian.com>
+
+ * SqlMembershipProvider.cs: lots more work. checking this in in
+ its present state because I don't want to lose it. It still needs
+ work.
+
+ * Membership.cs (.cctor): remove the fallback.
+ (ValidatingPassword): remove the MonoTODO.
+
+ * MembershipProvider.cs (DecryptPassword): implement.
+ (EncryptPassword): implement.
+ (GetAlg): helper function for Decrypt/EncryptPassword.
+ (InitVector): same.
+
+2006-04-27 Chris Toshok <toshok@ximian.com>
+
+ * SqlMembershipProvider.cs (GeneratePassword): call
+ Membership.GeneratePassword with the configured minimum strength
+ requirements.
+
+2006-04-27 Chris Toshok <toshok@ximian.com>
+
+ * SqlMembershipProvider.cs (UnlockUser): fix sql query, and move
+ the CheckPararm call to the top of the method.
+
+2006-04-12 Chris Toshok <toshok@ximian.com>
+
+ * SqlMembershipProvider.cs: commit initial pass at
+ SqlMembershipProvider work. lots of stuff untested in here.
+
+2006-04-11 Chris Toshok <toshok@ximian.com>
+
+ * MembershipUser.cs (.ctor): per Shackow's book, all DateTime's
+ are converted using ToUniversalTime when passed into this class.
+ (UpdateSelf): update ourselves from the passed in MembershipUser,
+ swallowing NotSupportedExceptions.
+ (UpdateUser): fetch a new MembershipUser from the db and call
+ UpdateSelf with it.
+ (ChangePassword): call UpdateUser after changing the password.
+ (ChangePasswordQuestionAndAnswer): same.
+ (ResetPassword): same.
+ (UnlockUser): same. Also, don't explicitly set isLockedOut.
+ It'll be updated in UpdateSelf.
+ (CreationDate): getter calls ToLocalTime, setter calls
+ ToUniversalTime.
+ (LastActivityDate): same.
+ (LastLoginDate): same.
+ (LastPasswordChangedDate): same.
+ (LastLockoutDate): same.
+
+ * Membership.cs (.cctor): use
+ ProvidersHelper.InstantitateProviders, and remove some unnecessary
+ #if NET_2_0's.
+
+2006-03-29 Chris Toshok <toshok@ximian.com>
+
+ * SqlRoleProvider.cs: do the LOWER's in SQL, not in C#.
+
+2006-03-23 Chris Toshok <toshok@ximian.com>
+
+ * Roles.cs: make this 2.0 configuration aware.
+
+ * SqlRoleProvider.cs: flesh out all the operations. the only
+ things that need dealing with are the Initialize method's handling
+ of a few parameters, and the ApplicationName property.
+
+2006-03-23 Chris Toshok <toshok@ximian.com>
+
+ * DefaultAuthenticationModule.cs (OnDefaultAuthentication): always
+ set Thread.CurrentPrincipal, not just if we set it to the
+ GenericPrincipal.
+
+2006-03-22 Chris Toshok <toshok@ximian.com>
+
+ * RoleManagerModule.cs: implement using info in Shackow's book.
+
+ * RolePrincipal.cs: flesh this out a bit more.
+
+ * DefaultAuthenticationModule.cs (OnDefaultAuthentication):
+ according to Shackow's book, this sets Thread.CurrentPrincipal as
+ well as HttpContext.Current.User.
+
+2006-02-28 Chris Toshok <toshok@ximian.com>
+
+ * FormsAuthentication.cs: corcompare work.
+
+ * MembershipCreateUserException.cs: same.
+
+ * MembershipPasswordException.cs: same.
+
+ * AnonymousIdentificationModule.cs: same.
+
+2006-02-01 Chris Toshok <toshok@ximian.com>
+
+ * FormsAuthentication.cs, Membership.cs,
+ FormsAuthenticationModule.cs, UrlAuthorizationModule.cs: oops,
+ replace GetWebApplicationSection with GetSection.
+
+2006-02-01 Chris Toshok <toshok@ximian.com>
+
+ * FormsAuthentication.cs: CONFIGURATION_2_0 => NET_2_0.
+ simplifies the ifdef mess quite a bit.
+
+ * Membership.cs: same.
+
+ * FormsAuthenticationModule.cs: same.
+
+ * UrlAuthorizationModule.cs: same.
+
+2006-01-04 Chris Toshok <toshok@ximian.com>
+
+ * FormsAuthentication.cs (Authenticate): add CONFIGURATION_2_0
+ code.
+ (Decrypt2): same.
+ (Decrypt): same.
+ (Encrypt): same.
+ (Initialize): same.
+
+2006-01-04 Chris Toshok <toshok@ximian.com>
+
+ * Membership.cs (.cctor): enable the code here under
+ CONFIGURATION_2_0.
+
+2006-01-03 Chris Toshok <toshok@ximian.com>
+
+ * UrlAuthorizationModule.cs (OnAuthorizeRequest): add
+ CONFIGURATION_2_0 code here.
+
+2005-12-22 Gonzalo Paniagua Javier <gonzalo@ximian.com>
+
+ * FormsAuthentication.cs: don't end the request in
+ RedirectFromLoginPage.
+
+2005-12-22 Gonzalo Paniagua Javier <gonzalo@ximian.com>
+
+ * FormsAuthenticationModule.cs: expire the cookie. Fixes bug #77043.
+ Patch by Cyrille Colin.
+
+2005-12-13 Gonzalo Paniagua Javier <gonzalo@ximian.com>
+
+ * FormsAuthenticationModule.cs: ignore any exception thrown when mapping
+ the provided virtual path to the physical one. Patch by Cyrille Colin.
+
+2005-11-28 Chris Toshok <toshok@ximian.com>
+
+ * FormsAuthenticationModule.cs (OnAuthenticateRequest):
+ CONFIGURATION_2_0 work.
+ (OnEndRequest): same.
+
+2005-09-09 Sebastien Pouliot <sebastien@ximian.com>
+
+ * DefaultAuthenticationEventArgs.cs: Added LinkDemand for Minimal.
+ * DefaultAuthenticationModule.cs: Added LinkDemand for Minimal. Added
+ Demand for UnmanagedCode on constructor.
+ * FileAuthorizationModule.cs: Added LinkDemand for Minimal. Added
+ Demand for UnmanagedCode on constructor.
+ * FormsAuthentication.cs: Added LinkDemand for Minimal.
+ * FormsAuthenticationEventArgs.cs: Added LinkDemand for Minimal.
+ * FormsAuthenticationModule.cs: Added LinkDemand for Minimal. Added
+ Demand for UnmanagedCode on constructor.
+ * FormsAuthenticationTicket.cs: Added LinkDemand for Minimal.
+ * FormsIdentity.cs: Added LinkDemand for Minimal.
+ * PassportAuthenticationEventArgs.cs: Added LinkDemand for Minimal.
+ * PassportAuthenticationModule.cs: Added LinkDemand for Minimal. Added
+ Demand for UnmanagedCode on constructor.
+ * PassportIdentity.cs: Added LinkDemand for Minimal. Added Demand for
+ UnmanagedCode on constructor.
+ * UrlAuthorizationModule.cs: Added LinkDemand for Minimal. Added
+ Demand for UnmanagedCode on constructor.
+ * WindowsAuthenticationEventArgs.cs: Added LinkDemand for Minimal.
+ * WindowsAuthenticationModule.cs: Added LinkDemand for Minimal. Added
+ Demand for UnmanagedCode on constructor.
+
+2005-09-01 Sebastien Pouliot <sebastien@ximian.com>
+
+ * FormsAuthenticationEventArgs.cs: Ensure the setter for User is
+ protected by a demand for ControlPrincipal.
+ * PassportAuthenticationEventArgs.cs: Ensure the setter for User is
+ protected by a demand for ControlPrincipal.
+ * WindowsAuthenticationEventArgs.cs: Ensure the setter for User is
+ protected by a demand for ControlPrincipal.
+
+2005-08-25 Sebastien Pouliot <sebastien@ximian.com>
+
+ * FormsAuthentication.cs: With 2.0 we can get the default properties
+ and call Initialize without a NRE.
+
+2005-08-25 Sebastien Pouliot <sebastien@ximian.com>
+
+ * ActiveDirectoryConnectionProtection.cs: New (2.0) enum.
+ * ActiveDirectoryMembershipProvider.cs: Fixed 2.0 API.
+ * AnonymousIdentificationEventArgs.cs: Fixed AnonymousID property case.
+ * AnonymousIdentificationModule.cs: Fixed 2.0 API.
+ * FileAuthorizationModule.cs: Added static CheckFileAccessForUser in
+ 2.0 profile (TODO).
+ * FormsAuthentication.cs: Added missing 2.0 properties with their
+ default values.
+ * MembershipCreateStatus.cs: Fixed enum values/names.
+ * MembershipProvider.cs: Added stub for [Decrypt|Encrypt]Password. Both
+ methods don't seems to work without an active provider.
+ * PassportIdentity.cs: Added IDispose for 2.0 profile.
+ * Roles.cs: Added missing beta2 bits and default values (which are the
+ only things working without a role provider (web.config).
+ * RolePrincipal.cs: Fixed 2.0 API. Implemented a few bits.
+ * SqlRoleProvider.cs: Fixed 2.0 API.
+ * UrlAuthorizationModule.cs: Added static CheckUrlAccessForPrincipal in
+ 2.0 profile (TODO).
+
+2005-08-24 Sebastien Pouliot <sebastien@ximian.com>
+
+ * MembershipUserCollection.cs: Fix exceptions.
+
+2005-08-22 Sebastien Pouliot <sebastien@ximian.com>
+
+ * FormsAuthentication.cs: Add some 2.0 stuff required for Login*
+ controls to compile.
+
+2005-08-18 Sebastien Pouliot <sebastien@ximian.com>
+
+ * Membership.cs: Commented unworking parts of the .cctor to allow
+ testing the Login control.
+ * MembershipProviderCollection.cs: Fixed exception handling.
+ * SqlMembershipProvider.cs: Don't throw NotImplementedException
+ everywhere so Membership's .cctor (somewhat) works. Removed
+ Description property (not in beta2).
+
+2005-07-28 Gonzalo Paniagua Javier <gonzalo@ximian.com>
+
+ * FormsAuthentication.cs: allow hardware acceleration support if
+ available. Sebastien dixit.
+
+2005-07-26 Gonzalo Paniagua Javier <gonzalo@ximian.com>
+
+ * FormsAuthentication.cs: the init_vector must be the same accross
+ restarts, otherwise the cookie does not work even when a decryption
+ key is provided. Initialize it to the bytes of the cookie name. Fixes
+ bug #75635.
+
+2005-07-25 Eyal Alaluf <eyala@mainsoft.com>
+
+ * FormsAuthenticationModule.cs: Check for null config
+
+2005-07-25 Miguel de Icaza <miguel@novell.com>
+
+ * FormsAuthentication.cs (SignOut): Force the cookie to have it
+ expire in the past.
+
+2005-07-25 Gonzalo Paniagua Javier <gonzalo@ximian.com>
+
+ * FormsAuthentication.cs: my previous patch missed a "small" detail: it
+ didn't include the verification key when computing/checking the
+ validation hash. Now this is really a MAC or HMAC or...
+
+2005-07-25 Gonzalo Paniagua Javier <gonzalo@ximian.com>
+
+ * FormsAuthentication.cs:
+ * FormsAuthenticationTicket.cs: added support for validation and
+ encryption of the auth. cookie and improved serialization of the ticket.
+
+2005-07-01 Lluis Sanchez Gual <lluis@novell.com>
+
+ * Membership.cs: Read provider info from the config file.
+
+2005-06-10 Lluis Sanchez Gual <lluis@novell.com>
+
+ * MembershipUserCollection.cs:
+ * MembershipPasswordException.cs:
+ * RoleProviderCollection.cs:
+ * ActiveDirectoryMembershipProvider.cs:
+ * SqlMembershipProvider.cs:
+ * MembershipProvider.cs:
+ * SqlRoleProvider.cs:
+ * Membership.cs:
+ * MembershipUser.cs:
+ * MembershipProviderCollection.cs:
+ * Roles.cs:.
+ * RoleProvider.cs: Track api changes in ASP.NET 2.0. Implemented
+ some missing methods.
+
+ * AccessRoleProvider.cs:
+ * AccessMembershipProvider.cs: Removed.
+
+ * MembershipCreateUserException.cs:
+ * MembershipValidatePasswordEventHandler.cs:
+ * ValidatePasswordEventArgs.cs: Implemented.
+
+2005-05-21 Sebastien Pouliot <sebastien@ximian.com>
+
+ * FormsAuthentication.cs: Hash the UTF8 representation of the password
+ strings (to be compatible with Microsoft implementation).
+
2005-04-20 Gonzalo Paniagua Javier <gonzalo@ximian.com>
* FormsAuthentication.cs:
* MembershipCreateStatus.cs:
* CookieProtection.cs: minor modifications.
-2004-06-12 Pedro Martínez Juliá <yoros@wanadoo.es>
+2004-06-12 Pedro Martnez Juli <yoros@wanadoo.es>
* FormsAuthentication.cs: Undo last change.
-2004-06-12 Pedro Martínez Juliá <yoros@wanadoo.es>
+2004-06-12 Pedro Martnez Juli <yoros@wanadoo.es>
* FormsAuthentication.cs: go to loginUrl from web.config settings
before try with the default ones.