X-Git-Url: http://wien.tomnetworks.com/gitweb/?a=blobdiff_plain;f=mcs%2Fclass%2FSystem.Web%2FSystem.Web.Security%2FChangeLog;h=1a0ca21ab6532f9f055357810146523a9e9fe7b6;hb=a5e40870bd3bb18e1681afed6c71e7edfdb80534;hp=64924f5cf608d7d9e53a1c1f4075f699773110db;hpb=6b6435d1b3206b0162c37e5ecce8d9a699fe6467;p=mono.git diff --git a/mcs/class/System.Web/System.Web.Security/ChangeLog b/mcs/class/System.Web/System.Web.Security/ChangeLog index 64924f5cf60..1a0ca21ab65 100644 --- a/mcs/class/System.Web/System.Web.Security/ChangeLog +++ b/mcs/class/System.Web/System.Web.Security/ChangeLog @@ -1,3 +1,671 @@ +2008-08-20 Marek Habersack + + * Membership.cs: implemented the HashAlgorithmType property. Fixes + bug #418458 + +2008-06-30 Marek Habersack + + * SqliteMembershipProvider.cs, SqliteRoleProvider.cs: remove + unused method + + * SqlRoleProvider.cs, AspNetDBSchemaChecker.cs: hush the warnings + +2008-05-30 Marek Habersack + + * AnonymousIdentificationModule.cs, FormsAuthenticationModule.cs, + DefaultAuthenticationModule.cs, MembershipProvider.cs, + WindowsAuthenticationModule.cs, PassportAuthenticationModule.cs, + RoleManagerModule.cs: do not use synthetized event accessors (to + avoid locks). + +2008-05-07 Marek Habersack + + * RolePrincipal.cs: fix: + - Reloading the roles cache from the provider when expired + - Update issue & expiry date for expired tickets + - Incrementing the cookie expiry date + - Obey Roles.MaxCachedResults + Fixes bug #385877. Patch from Ivan Hamilton + , thanks! + +2008-03-10 Marek Habersack + + * RoleManagerModule.cs: initialize _config before adding event + handlers and account for the fact that _config might still be null + in the methods that use it. + +2007-12-30 Vladimir Krasnov + + * SqliteMembershipProvider.cs, SqlRoleProvider.cs: added chema checking + * added AspNetDBSchemaChecker.cs: schema checker helper class + +2007-12-11 Vladimir Krasnov + + * Roles.cs: fixed Providers property to be thread safe + +2007-12-08 Marek Habersack + + * SqliteRoleProvider.cs: added - a Role Provider for + Sqlite, based on PostgreSQL Role Provider code from Daniel + Nauck + + * SqliteMembershipProvider.cs: added - a Membership Provider for + Sqlite, based on PostgreSQL Membership Provider code from Daniel + Nauck + +2007-11-28 Marek Habersack + + * SqlMembershipProvider.cs: handle situation when there is no + connection string configured for the SQL Membership Provider. + +2007-11-01 Marek Habersack + + * RolePrincipal.cs, MembershipProvider.cs: use the new + MachineKeySectionUtils class wherever necessary. + + * FormsAuthentication.cs: use the new MachineKeySectionUtils class + wherever necessary. + GetHexString is a private method again. + +2007-10-31 Marek Habersack + + * FormsAuthentication.cs: made GetHexString an internal method - + it is used in the AssemblyResourceLoader.cs + +2007-08-14 Marek Habersack + + * Roles.cs: remove unused field. + + * SqlMembershipProvider.cs: remove unused variable. + +2007-08-13 Vladimir Krasnov + + * SqlRoleProvider.cs: fixed ApplicationName initialization + +2007-06-24 Vladimir Krasnov + + * FormsAuthentication.cs: improved performance of GetHexString() + +2007-05-17 Vladimir Krasnov + + * SqlMembershipProvider.cs: fixed DeleteUser, fixed parameter name + +2007-05-14 Igor Zelmanovich + + * SqlMembershipProvider.cs: Fix parameter binding to stored procedures. + +2007-05-09 Igor Zelmanovich + + * PassportIdentity.cs: + added MonoNotSupported attribute. + +2007-05-02 Marek Habersack + + * FormsAuthentication.cs: user names are stored in lowercase in + the credentials database. + +2007-04-29 Igor Zelmanovich + + * FormsAuthenticationModule.cs: + Redirect to login page doesn't cause thread abort. + +2007-04-19 Igor Zelmanovich + + * SqlMembershipProvider.cs: + ChangePassword throws exception if new password has invalid format. + +2007-04-17 Igor Zelmanovich + + * Membership.cs: + * Roles.cs: + if default provider was not found ConfigurationErrorsException is thrown. + +2007-04-12 Marek Habersack + + * RoleManagerModule.cs: do not try to decrypt encryption tickets + from cookies with empty values. + +2007-04-04 Juraj Skripsky + + * FormsAuthenticationModule.cs: Move initialization of _config out + of Init() as app.Context is null in that method when a session is + about to be terminated. + +2007-03-21 Vladimir Krasnov + + * AnonymousIdentificationModule.cs: optimized Config property + +2007-03-21 Vladimir Krasnov + + * AnonymousIdentificationModule.cs: added configuration section caching + to AppDomain for TARGET_JVM + * RoleManagerModule.cs: + * UrlAuthorizationModule.cs: + * FormsAuthenticationModule.cs: refactored configuration section to be + a member of a class + +2007-03-20 Marek Habersack + + * FormsAuthentication.cs, Roles.cs: remove roles cookie on sign + out. Fixes bug #81195. Patch from Mike Morano . + +2007-03-12 Marek Habersack + + * RolePrincipal.cs: decrypt the roles ticket properly. Makes role + caching in cookies work. Fixes bug #81117. Patch from Mike Morano + + +2007-03-02 Marek Habersack + + * SqlMembershipProvider.cs: cast PasswordFormat to int, so that + the parameter code can infer the sql type. Makes user creation, + password reset etc. work. + +2007-02-28 Andreia Gaita + + * SqlRoleProvider.cs: Fix parameter binding to stored procedures. + * SqlMembershipProvider.cs: Fix parameter binding to stored procedures. + CreateUser() doesn't use transactions in MS asp.net, so removed the + transaction calls. + +2007-02-19 Vladimir Krasnov + + * RoleManagerModule.cs: fixed role chaching in OnEndRequest and + OnPostAuthenticateRequest + * RolePrincipal.cs: implemented ToEncryptedTicket, implemented caching + role functionality + * Roles.cs: implemented DeleteCookie, fixed CookieProtectionValue to + get it's value from configuration + +2007-02-08 Marek Habersack + + * FormsAuthenticationModule.cs: Expire auth tickets properly. + + * MembershipProvider.cs: Do not clear the password before + encrypting it. + +2007-01-20 Miguel de Icaza + + * SqlRoleProvider.cs: comment out unused code. + + * SqlMembershipProvider.cs: Removed unused variables. + Remove unused variable. + + * AnonymousIdentificationModule.cs (ClearAnonymousIdentifier): + remove unused variable. This might be a real bug. + +2007-01-16 Vladimir Krasnov + + * RoleManagerModule.cs: fixed OnPostAuthenticateRequest, + CacheRolesInCookie not supported yet + * Roles.cs: fixed DeleteCookie, CacheRolesInCookie not supported yet + +2007-01-11 Adar Wesley + + * MembershipProvider.cs: fixed EncryptPassword to use password buffer length + +2007-01-04 Vladimir Krasnov + + * AnonymousIdentificationModule.cs: fixed OnEnter, fixed failure on + incorrect cookie value that browser may hold + +2006-12-27 Vladimir Krasnov + + * FormsAuthentication.cs: added internal ReturnUrl property, + GetRedirectUrl added usage of ReturnUrl + +2006-12-12 Vladimir Krasnov + + * FormsAuthentication.cs: TARGET_J2EE define for static members + +2006-12-06 Vladimir Krasnov + + * FormsAuthenticationModule.cs: fixed OnAuthenticateRequest, suppress + exception on wrong ticket + +2006-12-03 Igor Zelmanovich + + * FormsAuthenticationModule.cs: + set SkipAuthorization=true for WebResource.axd + +2006-11-27 Vladimir Krasnov + + * SqlMembershipProvider.cs: typo bug + +2006-11-21 Vladimir Krasnov + + * SqlMembershipProvider.cs: fixed fixed exception type in GetPassword + checks user lockout + +2006-11-20 Igor Zelmanovich + + * SqlMembershipProvider.cs: fixed: UpdateUser works properly. + +2006-11-15 Igor Zelmanovich + + * SqlMembershipProvider.cs: fixed: name is used for ReturnValue parameter. + +2006-11-05 Vladimir Krasnov + + * AnonymousIdentificationModule.cs: fixed anonymous id cookie + +2006-11-05 Vladimir Krasnov + + * MembershipProvider.cs, SqlMembershipProvider.cs: + refactoring of DecryptPassword and EncryptPassword methods according + to documentation + +2006-09-10 Konstantin Triger + + * SqlRoleProvider.cs: throw on empty connection string. + +2006-09-26 Vladimir Krasnov + + * Membership.cs: fixed GetAllUsers, typo bug + * SqlRoleProvider.cs, SqlMembershipProvider.cs: refactored to use + aspnetdb built in stored procedures, + fixed application name and membership relation, + improved exception handling + +2006-09-03 Igor Zelmanovich + + * RolePrincipal.cs: refactoring: instance can be serialized. + +2006-09-03 Igor Zelmanovich + + * SqlMembershipProvider.cs: fixed GetUser, + when username is String.Empty methods returns null. + +2006-08-31 Konstantin Triger + + * SqlRoleProvider.cs: fixed initialization. + +2006-08-31 Igor Zelmanovich + + * SqlMembershipProvider.cs: fixed CreateUser, + password is checked, properties MinRequiredPasswordLength and + MinRequiredNonAlphanumericCharacters are considered. + +2006-08-29 Konstantin Triger + + * SqlMembershipProvider.cs: fix dispose order of reader vs connection. + +2006-08-28 Igor Zelmanovich + + * SqlMembershipProvider.cs: fixed CreateUser, parameter isApproved is + considered. + +2006-08-28 Konstantin Triger + + * SqlMembershipProvider.cs: ensure GetUser() returns null if it cannot + retrieve user information. + +2006-08-28 Konstantin Triger + + * SqlRoleProvider.cs, SqlMembershipProvider.cs: + "use SqlClientFactory in case the ProviderName is not specified. + +2006-08-27 Konstantin Triger + + * SqlRoleProvider.cs: enable concurrent usage, refactoring. + +2006-08-27 Konstantin Triger + + * SqlMembershipProvider.cs: enable concurrent usage, refactoring. + +2006-08-27 Vladimir Krasnov + + * SqlMembershipProvider.cs: fixed ValidateUser, bug when user + not exists + +2006-08-14 Gonzalo Paniagua Javier + + * FormsAuthentication.cs: set the Secure attribute of the authentication + cookie when required. + +2006-07-06 Konstantin Triger + + * FormsAuthentication.cs: Ensure initialized, fix url mapping. + +2006-05-03 Chris Toshok + + * SqlMembershipProvider.cs (GetAlg): move this here for the time + being, as it's the only class that uses it. + (HashAndBase64Encode): nuke. + (EncryptAndBase64Encode): nuke. + (Base64DecodeAndDecrypt): nuke. + (DecryptPassword): new function. + (EncryptPassword): new function. + (ChangePassword): replace the switch with a call to + EncodePassword. + (ChangePasswordQuestionAndAnswer): same. + (CreateUser): same. + (ResetPassword): same. + (ValidateUsingPassword): same. + (ValidateUsingPasswordAnswer): same. + (GetPassword): same, and throw MembershipPasswordException if the + password answer is incorrect. + + * MembershipProvider.cs (InitVector): nuke this. it's actually + the salt from the database (for the sql provider, anyway). + (EncodePassword): based on the password format, password, and + salt, encode it. Makes use of EncryptPassword. + (DecodePassword): likewise for decoding, makes use of + DecryptPassword. + (DecryptPassword): revert this to throwing + NotImplementedException, as the sql provideroverrides it to + perform the actual decryption. + (EncryptPassword): same. + +2006-05-02 Chris Toshok + + * SqlMembershipProvider.cs: 85% complete, maybe more. The major + functionality should work. Password retrieval (and encrypted + passwords in general) is untested. + +2006-05-01 Chris Toshok + + * Membership.cs (GeneratePassword): don't include quotes (',",`) + in the set of characters in the generated passwords. + +2006-05-01 Chris Toshok + + * MembershipProvider.cs (GetAlg): switch from Exception to + ProviderException to match MS behavior (and fix the unit test.) + + * Membership.cs (GeneratePassword): implement. + +2006-05-01 Chris Toshok + + * SqlMembershipProvider.cs: lots more work. checking this in in + its present state because I don't want to lose it. It still needs + work. + + * Membership.cs (.cctor): remove the fallback. + (ValidatingPassword): remove the MonoTODO. + + * MembershipProvider.cs (DecryptPassword): implement. + (EncryptPassword): implement. + (GetAlg): helper function for Decrypt/EncryptPassword. + (InitVector): same. + +2006-04-27 Chris Toshok + + * SqlMembershipProvider.cs (GeneratePassword): call + Membership.GeneratePassword with the configured minimum strength + requirements. + +2006-04-27 Chris Toshok + + * SqlMembershipProvider.cs (UnlockUser): fix sql query, and move + the CheckPararm call to the top of the method. + +2006-04-12 Chris Toshok + + * SqlMembershipProvider.cs: commit initial pass at + SqlMembershipProvider work. lots of stuff untested in here. + +2006-04-11 Chris Toshok + + * MembershipUser.cs (.ctor): per Shackow's book, all DateTime's + are converted using ToUniversalTime when passed into this class. + (UpdateSelf): update ourselves from the passed in MembershipUser, + swallowing NotSupportedExceptions. + (UpdateUser): fetch a new MembershipUser from the db and call + UpdateSelf with it. + (ChangePassword): call UpdateUser after changing the password. + (ChangePasswordQuestionAndAnswer): same. + (ResetPassword): same. + (UnlockUser): same. Also, don't explicitly set isLockedOut. + It'll be updated in UpdateSelf. + (CreationDate): getter calls ToLocalTime, setter calls + ToUniversalTime. + (LastActivityDate): same. + (LastLoginDate): same. + (LastPasswordChangedDate): same. + (LastLockoutDate): same. + + * Membership.cs (.cctor): use + ProvidersHelper.InstantitateProviders, and remove some unnecessary + #if NET_2_0's. + +2006-03-29 Chris Toshok + + * SqlRoleProvider.cs: do the LOWER's in SQL, not in C#. + +2006-03-23 Chris Toshok + + * Roles.cs: make this 2.0 configuration aware. + + * SqlRoleProvider.cs: flesh out all the operations. the only + things that need dealing with are the Initialize method's handling + of a few parameters, and the ApplicationName property. + +2006-03-23 Chris Toshok + + * DefaultAuthenticationModule.cs (OnDefaultAuthentication): always + set Thread.CurrentPrincipal, not just if we set it to the + GenericPrincipal. + +2006-03-22 Chris Toshok + + * RoleManagerModule.cs: implement using info in Shackow's book. + + * RolePrincipal.cs: flesh this out a bit more. + + * DefaultAuthenticationModule.cs (OnDefaultAuthentication): + according to Shackow's book, this sets Thread.CurrentPrincipal as + well as HttpContext.Current.User. + +2006-02-28 Chris Toshok + + * FormsAuthentication.cs: corcompare work. + + * MembershipCreateUserException.cs: same. + + * MembershipPasswordException.cs: same. + + * AnonymousIdentificationModule.cs: same. + +2006-02-01 Chris Toshok + + * FormsAuthentication.cs, Membership.cs, + FormsAuthenticationModule.cs, UrlAuthorizationModule.cs: oops, + replace GetWebApplicationSection with GetSection. + +2006-02-01 Chris Toshok + + * FormsAuthentication.cs: CONFIGURATION_2_0 => NET_2_0. + simplifies the ifdef mess quite a bit. + + * Membership.cs: same. + + * FormsAuthenticationModule.cs: same. + + * UrlAuthorizationModule.cs: same. + +2006-01-04 Chris Toshok + + * FormsAuthentication.cs (Authenticate): add CONFIGURATION_2_0 + code. + (Decrypt2): same. + (Decrypt): same. + (Encrypt): same. + (Initialize): same. + +2006-01-04 Chris Toshok + + * Membership.cs (.cctor): enable the code here under + CONFIGURATION_2_0. + +2006-01-03 Chris Toshok + + * UrlAuthorizationModule.cs (OnAuthorizeRequest): add + CONFIGURATION_2_0 code here. + +2005-12-22 Gonzalo Paniagua Javier + + * FormsAuthentication.cs: don't end the request in + RedirectFromLoginPage. + +2005-12-22 Gonzalo Paniagua Javier + + * FormsAuthenticationModule.cs: expire the cookie. Fixes bug #77043. + Patch by Cyrille Colin. + +2005-12-13 Gonzalo Paniagua Javier + + * FormsAuthenticationModule.cs: ignore any exception thrown when mapping + the provided virtual path to the physical one. Patch by Cyrille Colin. + +2005-11-28 Chris Toshok + + * FormsAuthenticationModule.cs (OnAuthenticateRequest): + CONFIGURATION_2_0 work. + (OnEndRequest): same. + +2005-09-09 Sebastien Pouliot + + * DefaultAuthenticationEventArgs.cs: Added LinkDemand for Minimal. + * DefaultAuthenticationModule.cs: Added LinkDemand for Minimal. Added + Demand for UnmanagedCode on constructor. + * FileAuthorizationModule.cs: Added LinkDemand for Minimal. Added + Demand for UnmanagedCode on constructor. + * FormsAuthentication.cs: Added LinkDemand for Minimal. + * FormsAuthenticationEventArgs.cs: Added LinkDemand for Minimal. + * FormsAuthenticationModule.cs: Added LinkDemand for Minimal. Added + Demand for UnmanagedCode on constructor. + * FormsAuthenticationTicket.cs: Added LinkDemand for Minimal. + * FormsIdentity.cs: Added LinkDemand for Minimal. + * PassportAuthenticationEventArgs.cs: Added LinkDemand for Minimal. + * PassportAuthenticationModule.cs: Added LinkDemand for Minimal. Added + Demand for UnmanagedCode on constructor. + * PassportIdentity.cs: Added LinkDemand for Minimal. Added Demand for + UnmanagedCode on constructor. + * UrlAuthorizationModule.cs: Added LinkDemand for Minimal. Added + Demand for UnmanagedCode on constructor. + * WindowsAuthenticationEventArgs.cs: Added LinkDemand for Minimal. + * WindowsAuthenticationModule.cs: Added LinkDemand for Minimal. Added + Demand for UnmanagedCode on constructor. + +2005-09-01 Sebastien Pouliot + + * FormsAuthenticationEventArgs.cs: Ensure the setter for User is + protected by a demand for ControlPrincipal. + * PassportAuthenticationEventArgs.cs: Ensure the setter for User is + protected by a demand for ControlPrincipal. + * WindowsAuthenticationEventArgs.cs: Ensure the setter for User is + protected by a demand for ControlPrincipal. + +2005-08-25 Sebastien Pouliot + + * FormsAuthentication.cs: With 2.0 we can get the default properties + and call Initialize without a NRE. + +2005-08-25 Sebastien Pouliot + + * ActiveDirectoryConnectionProtection.cs: New (2.0) enum. + * ActiveDirectoryMembershipProvider.cs: Fixed 2.0 API. + * AnonymousIdentificationEventArgs.cs: Fixed AnonymousID property case. + * AnonymousIdentificationModule.cs: Fixed 2.0 API. + * FileAuthorizationModule.cs: Added static CheckFileAccessForUser in + 2.0 profile (TODO). + * FormsAuthentication.cs: Added missing 2.0 properties with their + default values. + * MembershipCreateStatus.cs: Fixed enum values/names. + * MembershipProvider.cs: Added stub for [Decrypt|Encrypt]Password. Both + methods don't seems to work without an active provider. + * PassportIdentity.cs: Added IDispose for 2.0 profile. + * Roles.cs: Added missing beta2 bits and default values (which are the + only things working without a role provider (web.config). + * RolePrincipal.cs: Fixed 2.0 API. Implemented a few bits. + * SqlRoleProvider.cs: Fixed 2.0 API. + * UrlAuthorizationModule.cs: Added static CheckUrlAccessForPrincipal in + 2.0 profile (TODO). + +2005-08-24 Sebastien Pouliot + + * MembershipUserCollection.cs: Fix exceptions. + +2005-08-22 Sebastien Pouliot + + * FormsAuthentication.cs: Add some 2.0 stuff required for Login* + controls to compile. + +2005-08-18 Sebastien Pouliot + + * Membership.cs: Commented unworking parts of the .cctor to allow + testing the Login control. + * MembershipProviderCollection.cs: Fixed exception handling. + * SqlMembershipProvider.cs: Don't throw NotImplementedException + everywhere so Membership's .cctor (somewhat) works. Removed + Description property (not in beta2). + +2005-07-28 Gonzalo Paniagua Javier + + * FormsAuthentication.cs: allow hardware acceleration support if + available. Sebastien dixit. + +2005-07-26 Gonzalo Paniagua Javier + + * FormsAuthentication.cs: the init_vector must be the same accross + restarts, otherwise the cookie does not work even when a decryption + key is provided. Initialize it to the bytes of the cookie name. Fixes + bug #75635. + +2005-07-25 Eyal Alaluf + + * FormsAuthenticationModule.cs: Check for null config + +2005-07-25 Miguel de Icaza + + * FormsAuthentication.cs (SignOut): Force the cookie to have it + expire in the past. + +2005-07-25 Gonzalo Paniagua Javier + + * FormsAuthentication.cs: my previous patch missed a "small" detail: it + didn't include the verification key when computing/checking the + validation hash. Now this is really a MAC or HMAC or... + +2005-07-25 Gonzalo Paniagua Javier + + * FormsAuthentication.cs: + * FormsAuthenticationTicket.cs: added support for validation and + encryption of the auth. cookie and improved serialization of the ticket. + +2005-07-01 Lluis Sanchez Gual + + * Membership.cs: Read provider info from the config file. + +2005-06-10 Lluis Sanchez Gual + + * MembershipUserCollection.cs: + * MembershipPasswordException.cs: + * RoleProviderCollection.cs: + * ActiveDirectoryMembershipProvider.cs: + * SqlMembershipProvider.cs: + * MembershipProvider.cs: + * SqlRoleProvider.cs: + * Membership.cs: + * MembershipUser.cs: + * MembershipProviderCollection.cs: + * Roles.cs:. + * RoleProvider.cs: Track api changes in ASP.NET 2.0. Implemented + some missing methods. + + * AccessRoleProvider.cs: + * AccessMembershipProvider.cs: Removed. + + * MembershipCreateUserException.cs: + * MembershipValidatePasswordEventHandler.cs: + * ValidatePasswordEventArgs.cs: Implemented. + +2005-05-21 Sebastien Pouliot + + * FormsAuthentication.cs: Hash the UTF8 representation of the password + strings (to be compatible with Microsoft implementation). + 2005-04-20 Gonzalo Paniagua Javier * FormsAuthentication.cs: @@ -55,11 +723,11 @@ * MembershipCreateStatus.cs: * CookieProtection.cs: minor modifications. -2004-06-12 Pedro Martínez Juliá +2004-06-12 Pedro Martnez Juli * FormsAuthentication.cs: Undo last change. -2004-06-12 Pedro Martínez Juliá +2004-06-12 Pedro Martnez Juli * FormsAuthentication.cs: go to loginUrl from web.config settings before try with the default ones.