+2010-06-19 Marek Habersack <mhabersack@novell.com>
+
+ * FormsAuthentication.cs: Authenticate must compare stored and
+ newly hashed passwords case-insensitively. Fixes bug #601727
+
+2010-04-29 Marek Habersack <mhabersack@novell.com>
+
+ * FormsAuthentication.cs: set authentication/expiry cookie
+ domain. Fixes bug #600740. Patch from Stuart Siegrist
+ <stuart@cbtnuggets.com>, thanks!
+
+2010-04-28 Marek Habersack <mhabersack@novell.com>
+
+ * RolePrincipal.cs: class is not sealed in 4.0
+
+ * MembershipUser.cs: type forwarded to
+ System.Web.ApplicationServices in 4.0.
+ In the 4.0 profile, a MembershipHelper instance is created using
+ reflection, so that the Membership class and password
+ encryption/decryption services can be accessed without referencing
+ System.Web
+
+ * MembershipProvider.cs: type forwarded to
+ System.Web.ApplicationServices in 4.0.
+ {Encrypt,Decrypt}Password implementations moved to
+ MembershipHelper.
+ Added new EncryptPassword overload for 4.0
+
+ * MembershipHelper.cs: a helper class to handle password
+ encryption/decryption and to forward requests for certain
+ Membership properties in 4.0. It is used also in 2.0 to keep code
+ cleaner. System.Web.ApplicationServices uses it to access the
+ Membership class without having to reference System.Web
+
+ * MembershipCreateStatus.cs, MembershipCreateUserException.cs,
+ MembershipPasswordException.cs, MembershipPasswordFormat.cs,
+ MembershipProviderCollection.cs, MembershipUserCollection.cs,
+ MembershipValidatePasswordEventHandler.cs, RoleProvider.cs,
+ ValidatePasswordEventArgs.cs:
+ types forwarded to System.Web.ApplicationServices in 4.0
+
+ * FormsIdentity.cs: class is not sealed in 4.0
+
+2010-02-11 Marek Habersack <mhabersack@novell.com>
+
+ * Roles.cs: IsUserInRole checks if username is null or empty
+ before attempting to use it. Patch from Tiaan Geldenhuys
+ <tagdev@gmail.com>. thanks!
+
+2009-09-22 Sebastien Pouliot <sebastien@ximian.com>
+
+ * MembershipProvider.cs: Ensure password decryption is always
+ possible.
+ [Fix bug #538406]
+
+2009-07-09 Gonzalo Paniagua Javier <gonzalo@novell.com>
+
+ * SqliteMembershipProvider.cs:
+ * UrlAuthorizationModule.cs: use GetSection instead of
+ OpenWebConfiguration+GetSection.
+
+2009-05-28 Marek Habersack <mhabersack@novell.com>
+
+ * FormsAuthenticationModule.cs: if forms authentication login URL
+ is not rooted, make it relative to the application root, so that
+ MapPath maps it correctly.
+ Use String.Compare for checking whether requested URL matches the
+ login URL - be case-insensitive when running on Windows or with
+ IOMAP in effect.
+
+2009-03-10 Marek Habersack <mhabersack@novell.com>
+
+ * UrlAuthorizationModule.cs: OnAuthorizeRequest must use the
+ configuration from <location> elements in the config. Fixes bug
+ #467221
+
+2009-02-28 Gonzalo Paniagua Javier <gonzalo@novell.com>
+
+ * FormsAuthentication.cs: use GetWebApplication instead of GetSection
+ for application level configuration.
+
+2009-01-12 Marek Habersack <mhabersack@novell.com>
+
+ * MembershipUserCollection.cs: CopyTo overloads use store.Values
+ as the copy source. Fixes bug #464783. Patch from Christian
+ Prochnow <cproch@seculogix.de>
+
+2008-12-25 Gonzalo Paniagua Javier <gonzalo@novell.com>
+
+ * SqlRoleProvider.cs:
+ * SqlMembershipProvider.cs: use IndexOf (char) instead of
+ IndexOf (string).
+
+2008-08-20 Marek Habersack <mhabersack@novell.com>
+
+ * Membership.cs: implemented the HashAlgorithmType property. Fixes
+ bug #418458
+
+2008-06-30 Marek Habersack <mhabersack@novell.com>
+
+ * SqliteMembershipProvider.cs, SqliteRoleProvider.cs: remove
+ unused method
+
+ * SqlRoleProvider.cs, AspNetDBSchemaChecker.cs: hush the warnings
+
+2008-05-30 Marek Habersack <mhabersack@novell.com>
+
+ * AnonymousIdentificationModule.cs, FormsAuthenticationModule.cs,
+ DefaultAuthenticationModule.cs, MembershipProvider.cs,
+ WindowsAuthenticationModule.cs, PassportAuthenticationModule.cs,
+ RoleManagerModule.cs: do not use synthetized event accessors (to
+ avoid locks).
+
+2008-05-07 Marek Habersack <mhabersack@novell.com>
+
+ * RolePrincipal.cs: fix:
+ - Reloading the roles cache from the provider when expired
+ - Update issue & expiry date for expired tickets
+ - Incrementing the cookie expiry date
+ - Obey Roles.MaxCachedResults
+ Fixes bug #385877. Patch from Ivan Hamilton
+ <ivan@chimerical.com.au>, thanks!
+
+2008-03-10 Marek Habersack <mhabersack@novell.com>
+
+ * RoleManagerModule.cs: initialize _config before adding event
+ handlers and account for the fact that _config might still be null
+ in the methods that use it.
+
+2007-12-30 Vladimir Krasnov <vladimirk@mainsoft.com>
+
+ * SqliteMembershipProvider.cs, SqlRoleProvider.cs: added chema checking
+ * added AspNetDBSchemaChecker.cs: schema checker helper class
+
+2007-12-11 Vladimir Krasnov <vladimirk@mainsoft.com>
+
+ * Roles.cs: fixed Providers property to be thread safe
+
+2007-12-08 Marek Habersack <mhabersack@novell.com>
+
+ * SqliteRoleProvider.cs: added - a Role Provider for
+ Sqlite, based on PostgreSQL Role Provider code from Daniel
+ Nauck <dna@informatik.uni-kiel.de>
+
+ * SqliteMembershipProvider.cs: added - a Membership Provider for
+ Sqlite, based on PostgreSQL Membership Provider code from Daniel
+ Nauck <dna@informatik.uni-kiel.de>
+
+2007-11-28 Marek Habersack <mhabersack@novell.com>
+
+ * SqlMembershipProvider.cs: handle situation when there is no
+ connection string configured for the SQL Membership Provider.
+
+2007-11-01 Marek Habersack <mhabersack@novell.com>
+
+ * RolePrincipal.cs, MembershipProvider.cs: use the new
+ MachineKeySectionUtils class wherever necessary.
+
+ * FormsAuthentication.cs: use the new MachineKeySectionUtils class
+ wherever necessary.
+ GetHexString is a private method again.
+
+2007-10-31 Marek Habersack <mhabersack@novell.com>
+
+ * FormsAuthentication.cs: made GetHexString an internal method -
+ it is used in the AssemblyResourceLoader.cs
+
+2007-08-14 Marek Habersack <mhabersack@novell.com>
+
+ * Roles.cs: remove unused field.
+
+ * SqlMembershipProvider.cs: remove unused variable.
+
+2007-08-13 Vladimir Krasnov <vladimirk@mainsoft.com>
+
+ * SqlRoleProvider.cs: fixed ApplicationName initialization
+
+2007-06-24 Vladimir Krasnov <vladimirk@mainsoft.com>
+
+ * FormsAuthentication.cs: improved performance of GetHexString()
+
+2007-05-17 Vladimir Krasnov <vladimirk@mainsoft.com>
+
+ * SqlMembershipProvider.cs: fixed DeleteUser, fixed parameter name
+
+2007-05-14 Igor Zelmanovich <igorz@mainsoft.com>
+
+ * SqlMembershipProvider.cs: Fix parameter binding to stored procedures.
+
+2007-05-09 Igor Zelmanovich <igorz@mainsoft.com>
+
+ * PassportIdentity.cs:
+ added MonoNotSupported attribute.
+
+2007-05-02 Marek Habersack <mhabersack@novell.com>
+
+ * FormsAuthentication.cs: user names are stored in lowercase in
+ the credentials database.
+
+2007-04-29 Igor Zelmanovich <igorz@mainsoft.com>
+
+ * FormsAuthenticationModule.cs:
+ Redirect to login page doesn't cause thread abort.
+
+2007-04-19 Igor Zelmanovich <igorz@mainsoft.com>
+
+ * SqlMembershipProvider.cs:
+ ChangePassword throws exception if new password has invalid format.
+
+2007-04-17 Igor Zelmanovich <igorz@mainsoft.com>
+
+ * Membership.cs:
+ * Roles.cs:
+ if default provider was not found ConfigurationErrorsException is thrown.
+
+2007-04-12 Marek Habersack <mhabersack@novell.com>
+
+ * RoleManagerModule.cs: do not try to decrypt encryption tickets
+ from cookies with empty values.
+
+2007-04-04 Juraj Skripsky <js@hotfeet.ch>
+
+ * FormsAuthenticationModule.cs: Move initialization of _config out
+ of Init() as app.Context is null in that method when a session is
+ about to be terminated.
+
+2007-03-21 Vladimir Krasnov <vladimirk@mainsoft.com>
+
+ * AnonymousIdentificationModule.cs: optimized Config property
+
+2007-03-21 Vladimir Krasnov <vladimirk@mainsoft.com>
+
+ * AnonymousIdentificationModule.cs: added configuration section caching
+ to AppDomain for TARGET_JVM
+ * RoleManagerModule.cs:
+ * UrlAuthorizationModule.cs:
+ * FormsAuthenticationModule.cs: refactored configuration section to be
+ a member of a class
+
+2007-03-20 Marek Habersack <mhabersack@novell.com>
+
+ * FormsAuthentication.cs, Roles.cs: remove roles cookie on sign
+ out. Fixes bug #81195. Patch from Mike Morano <mmorano@mikeandwan.us>.
+
+2007-03-12 Marek Habersack <mhabersack@novell.com>
+
+ * RolePrincipal.cs: decrypt the roles ticket properly. Makes role
+ caching in cookies work. Fixes bug #81117. Patch from Mike Morano
+ <mmorano@mikeandwan.us>
+
+2007-03-02 Marek Habersack <mhabersack@novell.com>
+
+ * SqlMembershipProvider.cs: cast PasswordFormat to int, so that
+ the parameter code can infer the sql type. Makes user creation,
+ password reset etc. work.
+
+2007-02-28 Andreia Gaita <avidigal@novell.com>
+
+ * SqlRoleProvider.cs: Fix parameter binding to stored procedures.
+ * SqlMembershipProvider.cs: Fix parameter binding to stored procedures.
+ CreateUser() doesn't use transactions in MS asp.net, so removed the
+ transaction calls.
+
+2007-02-19 Vladimir Krasnov <vladimirk@mainsoft.com>
+
+ * RoleManagerModule.cs: fixed role chaching in OnEndRequest and
+ OnPostAuthenticateRequest
+ * RolePrincipal.cs: implemented ToEncryptedTicket, implemented caching
+ role functionality
+ * Roles.cs: implemented DeleteCookie, fixed CookieProtectionValue to
+ get it's value from configuration
+
+2007-02-08 Marek Habersack <grendello@gmail.com>
+
+ * FormsAuthenticationModule.cs: Expire auth tickets properly.
+
+ * MembershipProvider.cs: Do not clear the password before
+ encrypting it.
+
+2007-01-20 Miguel de Icaza <miguel@novell.com>
+
+ * SqlRoleProvider.cs: comment out unused code.
+
+ * SqlMembershipProvider.cs: Removed unused variables.
+ Remove unused variable.
+
+ * AnonymousIdentificationModule.cs (ClearAnonymousIdentifier):
+ remove unused variable. This might be a real bug.
+
+2007-01-16 Vladimir Krasnov <vladimirk@mainsoft.com>
+
+ * RoleManagerModule.cs: fixed OnPostAuthenticateRequest,
+ CacheRolesInCookie not supported yet
+ * Roles.cs: fixed DeleteCookie, CacheRolesInCookie not supported yet
+
+2007-01-11 Adar Wesley <adarw@mainsoft.com>
+
+ * MembershipProvider.cs: fixed EncryptPassword to use password buffer length
+
+2007-01-04 Vladimir Krasnov <vladimirk@mainsoft.com>
+
+ * AnonymousIdentificationModule.cs: fixed OnEnter, fixed failure on
+ incorrect cookie value that browser may hold
+
+2006-12-27 Vladimir Krasnov <vladimirk@mainsoft.com>
+
+ * FormsAuthentication.cs: added internal ReturnUrl property,
+ GetRedirectUrl added usage of ReturnUrl
+
2006-12-12 Vladimir Krasnov <vladimirk@mainsoft.com>
* FormsAuthentication.cs: TARGET_J2EE define for static members