[mono.git] / mcs / class / System.Web / System.Web.Security / ChangeLog

2010-06-19  Marek Habersack  <mhabersack@novell.com>

        * FormsAuthentication.cs: Authenticate must compare stored and
        newly hashed passwords case-insensitively. Fixes bug #601727

2010-04-29  Marek Habersack  <mhabersack@novell.com>

        * FormsAuthentication.cs: set authentication/expiry cookie
        domain. Fixes bug #600740. Patch from Stuart Siegrist
        <stuart@cbtnuggets.com>, thanks!

2010-04-28  Marek Habersack  <mhabersack@novell.com>

        * RolePrincipal.cs: class is not sealed in 4.0

        * MembershipUser.cs: type forwarded to
        System.Web.ApplicationServices in 4.0.
        In the 4.0 profile, a MembershipHelper instance is created using
        reflection, so that the Membership class and password
        encryption/decryption services can be accessed without referencing
        System.Web

        * MembershipProvider.cs: type forwarded to
        System.Web.ApplicationServices in 4.0.
        {Encrypt,Decrypt}Password implementations moved to
        MembershipHelper.
        Added new EncryptPassword overload for 4.0

        * MembershipHelper.cs: a helper class to handle password
        encryption/decryption and to forward requests for certain
        Membership properties in 4.0. It is used also in 2.0 to keep code
        cleaner. System.Web.ApplicationServices uses it to access the
        Membership class without having to reference System.Web

        * MembershipCreateStatus.cs, MembershipCreateUserException.cs,
        MembershipPasswordException.cs, MembershipPasswordFormat.cs,
        MembershipProviderCollection.cs, MembershipUserCollection.cs,
        MembershipValidatePasswordEventHandler.cs, RoleProvider.cs,
        ValidatePasswordEventArgs.cs:
        types forwarded to System.Web.ApplicationServices in 4.0

        * FormsIdentity.cs: class is not sealed in 4.0

2010-02-11  Marek Habersack  <mhabersack@novell.com>

        * Roles.cs: IsUserInRole checks if username is null or empty
        before attempting to use it. Patch from Tiaan Geldenhuys
        <tagdev@gmail.com>. thanks!

2009-09-22  Sebastien Pouliot  <sebastien@ximian.com>

        * MembershipProvider.cs: Ensure password decryption is always
        possible.
        [Fix bug #538406]

2009-07-09 Gonzalo Paniagua Javier <gonzalo@novell.com>

        * SqliteMembershipProvider.cs:
        * UrlAuthorizationModule.cs: use GetSection instead of
        OpenWebConfiguration+GetSection.

2009-05-28  Marek Habersack  <mhabersack@novell.com>

        * FormsAuthenticationModule.cs: if forms authentication login URL
        is not rooted, make it relative to the application root, so that
        MapPath maps it correctly.
        Use String.Compare for checking whether requested URL matches the
        login URL - be case-insensitive when running on Windows or with
        IOMAP in effect.

2009-03-10  Marek Habersack  <mhabersack@novell.com>

        * UrlAuthorizationModule.cs: OnAuthorizeRequest must use the
        configuration from <location> elements in the config. Fixes bug
        #467221

2009-02-28 Gonzalo Paniagua Javier <gonzalo@novell.com>

        * FormsAuthentication.cs: use GetWebApplication instead of GetSection
        for application level configuration.

2009-01-12  Marek Habersack  <mhabersack@novell.com>

        * MembershipUserCollection.cs: CopyTo overloads use store.Values
        as the copy source. Fixes bug #464783. Patch from Christian
        Prochnow <cproch@seculogix.de>

2008-12-25 Gonzalo Paniagua Javier <gonzalo@novell.com>

        * SqlRoleProvider.cs:
        * SqlMembershipProvider.cs: use IndexOf (char) instead of
        IndexOf (string).

2008-08-20  Marek Habersack  <mhabersack@novell.com>

        * Membership.cs: implemented the HashAlgorithmType property. Fixes
        bug #418458

2008-06-30  Marek Habersack  <mhabersack@novell.com>

        * SqliteMembershipProvider.cs, SqliteRoleProvider.cs: remove
        unused method

        * SqlRoleProvider.cs, AspNetDBSchemaChecker.cs: hush the warnings

2008-05-30  Marek Habersack  <mhabersack@novell.com>

        * AnonymousIdentificationModule.cs, FormsAuthenticationModule.cs,
        DefaultAuthenticationModule.cs, MembershipProvider.cs,
        WindowsAuthenticationModule.cs, PassportAuthenticationModule.cs,
        RoleManagerModule.cs: do not use synthetized event accessors (to
        avoid locks).

2008-05-07  Marek Habersack  <mhabersack@novell.com>

        * RolePrincipal.cs: fix:
                - Reloading the roles cache from the provider when expired
                - Update issue & expiry date for expired tickets
                - Incrementing the cookie expiry date
                - Obey Roles.MaxCachedResults
          Fixes bug #385877. Patch from Ivan Hamilton
                <ivan@chimerical.com.au>, thanks!

2008-03-10  Marek Habersack  <mhabersack@novell.com>

        * RoleManagerModule.cs: initialize _config before adding event
        handlers and account for the fact that _config might still be null
        in the methods that use it.

2007-12-30  Vladimir Krasnov  <vladimirk@mainsoft.com>

        * SqliteMembershipProvider.cs, SqlRoleProvider.cs: added chema checking
        * added AspNetDBSchemaChecker.cs: schema checker helper class

2007-12-11  Vladimir Krasnov  <vladimirk@mainsoft.com>

        * Roles.cs: fixed Providers property to be thread safe

2007-12-08  Marek Habersack  <mhabersack@novell.com>

        * SqliteRoleProvider.cs: added - a Role Provider for
        Sqlite, based on PostgreSQL Role Provider code from Daniel
        Nauck <dna@informatik.uni-kiel.de>

        * SqliteMembershipProvider.cs: added - a Membership Provider for
        Sqlite, based on PostgreSQL Membership Provider code from Daniel
        Nauck <dna@informatik.uni-kiel.de>

2007-11-28  Marek Habersack  <mhabersack@novell.com>

        * SqlMembershipProvider.cs: handle situation when there is no
        connection string configured for the SQL Membership Provider.

2007-11-01  Marek Habersack  <mhabersack@novell.com>

        * RolePrincipal.cs, MembershipProvider.cs: use the new
        MachineKeySectionUtils class wherever necessary.

        * FormsAuthentication.cs: use the new MachineKeySectionUtils class
        wherever necessary.
        GetHexString is a private method again.

2007-10-31  Marek Habersack  <mhabersack@novell.com>

        * FormsAuthentication.cs: made GetHexString an internal method -
        it is used in the AssemblyResourceLoader.cs

2007-08-14  Marek Habersack  <mhabersack@novell.com>

        * Roles.cs: remove unused field.

        * SqlMembershipProvider.cs: remove unused variable.

2007-08-13 Vladimir Krasnov <vladimirk@mainsoft.com>

        * SqlRoleProvider.cs: fixed ApplicationName initialization

2007-06-24 Vladimir Krasnov <vladimirk@mainsoft.com>

        * FormsAuthentication.cs: improved performance of GetHexString()

2007-05-17 Vladimir Krasnov <vladimirk@mainsoft.com>

        * SqlMembershipProvider.cs: fixed DeleteUser, fixed parameter name

2007-05-14 Igor Zelmanovich <igorz@mainsoft.com>

        * SqlMembershipProvider.cs: Fix parameter binding to stored procedures.

2007-05-09 Igor Zelmanovich <igorz@mainsoft.com>

        * PassportIdentity.cs:
        added MonoNotSupported attribute.       

2007-05-02  Marek Habersack  <mhabersack@novell.com>

        * FormsAuthentication.cs: user names are stored in lowercase in
        the credentials database.

2007-04-29 Igor Zelmanovich <igorz@mainsoft.com>

        * FormsAuthenticationModule.cs: 
        Redirect to login page doesn't cause thread abort.      

2007-04-19 Igor Zelmanovich <igorz@mainsoft.com>

        * SqlMembershipProvider.cs:
        ChangePassword throws exception if new password has invalid format.     

2007-04-17 Igor Zelmanovich <igorz@mainsoft.com>

        * Membership.cs:
        * Roles.cs:
        if default provider was not found ConfigurationErrorsException is thrown.

2007-04-12  Marek Habersack  <mhabersack@novell.com>

        * RoleManagerModule.cs: do not try to decrypt encryption tickets
        from cookies with empty values.

2007-04-04 Juraj Skripsky <js@hotfeet.ch>

        * FormsAuthenticationModule.cs: Move initialization of _config out
        of Init() as app.Context is null in that method when a session is
        about to be terminated.

2007-03-21 Vladimir Krasnov <vladimirk@mainsoft.com>

        * AnonymousIdentificationModule.cs: optimized Config property

2007-03-21 Vladimir Krasnov <vladimirk@mainsoft.com>

        * AnonymousIdentificationModule.cs: added configuration section caching
        to AppDomain for TARGET_JVM
        * RoleManagerModule.cs:
        * UrlAuthorizationModule.cs:
        * FormsAuthenticationModule.cs: refactored configuration section to be
        a member of a class

2007-03-20  Marek Habersack  <mhabersack@novell.com>

        * FormsAuthentication.cs, Roles.cs: remove roles cookie on sign
        out. Fixes bug #81195. Patch from Mike Morano <mmorano@mikeandwan.us>.

2007-03-12  Marek Habersack  <mhabersack@novell.com>

        * RolePrincipal.cs: decrypt the roles ticket properly. Makes role
        caching in cookies work. Fixes bug #81117. Patch from Mike Morano
        <mmorano@mikeandwan.us>

2007-03-02  Marek Habersack  <mhabersack@novell.com>

        * SqlMembershipProvider.cs: cast PasswordFormat to int, so that
        the parameter code can infer the sql type. Makes user creation,
        password reset etc. work.

2007-02-28  Andreia Gaita  <avidigal@novell.com>

        * SqlRoleProvider.cs: Fix parameter binding to stored procedures.
        * SqlMembershipProvider.cs: Fix parameter binding to stored procedures.
        CreateUser() doesn't use transactions in MS asp.net, so removed the 
        transaction calls.

2007-02-19 Vladimir Krasnov <vladimirk@mainsoft.com>

        * RoleManagerModule.cs: fixed role chaching in OnEndRequest and
        OnPostAuthenticateRequest
        * RolePrincipal.cs: implemented ToEncryptedTicket, implemented caching
        role functionality
        * Roles.cs: implemented DeleteCookie, fixed CookieProtectionValue to
        get it's value from configuration

2007-02-08  Marek Habersack  <grendello@gmail.com>

        * FormsAuthenticationModule.cs: Expire auth tickets properly.

        * MembershipProvider.cs: Do not clear the password before
        encrypting it. 

2007-01-20  Miguel de Icaza  <miguel@novell.com>

        * SqlRoleProvider.cs: comment out unused code.

        * SqlMembershipProvider.cs: Removed unused variables.
        Remove unused variable.

        * AnonymousIdentificationModule.cs (ClearAnonymousIdentifier):
        remove unused variable.   This might be a real bug.

2007-01-16 Vladimir Krasnov <vladimirk@mainsoft.com>

        * RoleManagerModule.cs: fixed OnPostAuthenticateRequest,
        CacheRolesInCookie not supported yet
        * Roles.cs: fixed DeleteCookie, CacheRolesInCookie not supported yet

2007-01-11 Adar Wesley <adarw@mainsoft.com>

        * MembershipProvider.cs: fixed EncryptPassword to use password buffer length

2007-01-04 Vladimir Krasnov <vladimirk@mainsoft.com>

        * AnonymousIdentificationModule.cs: fixed OnEnter, fixed failure on
        incorrect cookie value that browser may hold

2006-12-27 Vladimir Krasnov <vladimirk@mainsoft.com>

        * FormsAuthentication.cs: added internal ReturnUrl property,
        GetRedirectUrl added usage of ReturnUrl

2006-12-12 Vladimir Krasnov <vladimirk@mainsoft.com>

        * FormsAuthentication.cs: TARGET_J2EE define for static members

2006-12-06 Vladimir Krasnov <vladimirk@mainsoft.com>

        * FormsAuthenticationModule.cs: fixed OnAuthenticateRequest, suppress
        exception on wrong ticket

2006-12-03 Igor Zelmanovich <igorz@mainsoft.com>

        * FormsAuthenticationModule.cs: 
        set SkipAuthorization=true for WebResource.axd

2006-11-27 Vladimir Krasnov <vladimirk@mainsoft.com>

        * SqlMembershipProvider.cs: typo bug

2006-11-21 Vladimir Krasnov <vladimirk@mainsoft.com>

        * SqlMembershipProvider.cs: fixed fixed exception type in GetPassword
        checks user lockout

2006-11-20 Igor Zelmanovich <igorz@mainsoft.com>

        * SqlMembershipProvider.cs: fixed: UpdateUser works properly.

2006-11-15 Igor Zelmanovich <igorz@mainsoft.com>

        * SqlMembershipProvider.cs: fixed: name is used for ReturnValue parameter.

2006-11-05 Vladimir Krasnov <vladimirk@mainsoft.com>

        * AnonymousIdentificationModule.cs: fixed anonymous id cookie

2006-11-05 Vladimir Krasnov <vladimirk@mainsoft.com>

        * MembershipProvider.cs, SqlMembershipProvider.cs:
        refactoring of DecryptPassword and EncryptPassword methods according
        to documentation

2006-09-10 Konstantin Triger <kostat@mainsoft.com>

        * SqlRoleProvider.cs: throw on empty connection string.

2006-09-26 Vladimir Krasnov <vladimirk@mainsoft.com>

        * Membership.cs: fixed GetAllUsers, typo bug
        * SqlRoleProvider.cs, SqlMembershipProvider.cs: refactored to use
        aspnetdb built in stored procedures,
        fixed application name and membership relation,
        improved exception handling

2006-09-03 Igor Zelmanovich <igorz@mainsoft.com>

        * RolePrincipal.cs: refactoring: instance can be serialized.

2006-09-03 Igor Zelmanovich <igorz@mainsoft.com>

        * SqlMembershipProvider.cs: fixed GetUser,
        when username is String.Empty methods returns null.

2006-08-31 Konstantin Triger <kostat@mainsoft.com>

        * SqlRoleProvider.cs: fixed initialization.

2006-08-31 Igor Zelmanovich <igorz@mainsoft.com>

        * SqlMembershipProvider.cs: fixed CreateUser,
        password is checked, properties MinRequiredPasswordLength and 
        MinRequiredNonAlphanumericCharacters are considered.

2006-08-29 Konstantin Triger <kostat@mainsoft.com>

        * SqlMembershipProvider.cs: fix dispose order of reader vs connection.

2006-08-28 Igor Zelmanovich <igorz@mainsoft.com>

        * SqlMembershipProvider.cs: fixed CreateUser, parameter isApproved is
                considered.

2006-08-28 Konstantin Triger <kostat@mainsoft.com>

        * SqlMembershipProvider.cs: ensure GetUser() returns null if it cannot
                retrieve user information.

2006-08-28 Konstantin Triger <kostat@mainsoft.com>

        * SqlRoleProvider.cs, SqlMembershipProvider.cs:
                "use SqlClientFactory in case the ProviderName is not specified.

2006-08-27 Konstantin Triger <kostat@mainsoft.com>

        * SqlRoleProvider.cs: enable concurrent usage, refactoring.

2006-08-27 Konstantin Triger <kostat@mainsoft.com>

        * SqlMembershipProvider.cs: enable concurrent usage, refactoring.

2006-08-27 Vladimir Krasnov <vladimirk@mainsoft.com>

        * SqlMembershipProvider.cs: fixed ValidateUser, bug when user
        not exists

2006-08-14 Gonzalo Paniagua Javier <gonzalo@ximian.com>

        * FormsAuthentication.cs: set the Secure attribute of the authentication
        cookie when required.

2006-07-06      Konstantin Triger <kostat@mainsoft.com>

        * FormsAuthentication.cs: Ensure initialized, fix url mapping.

2006-05-03  Chris Toshok  <toshok@ximian.com>

        * SqlMembershipProvider.cs (GetAlg): move this here for the time
        being, as it's the only class that uses it.
        (HashAndBase64Encode): nuke.
        (EncryptAndBase64Encode): nuke.
        (Base64DecodeAndDecrypt): nuke.
        (DecryptPassword): new function.
        (EncryptPassword): new function.
        (ChangePassword): replace the switch with a call to
        EncodePassword.
        (ChangePasswordQuestionAndAnswer): same.
        (CreateUser): same.
        (ResetPassword): same.
        (ValidateUsingPassword): same.
        (ValidateUsingPasswordAnswer): same.
        (GetPassword): same, and throw MembershipPasswordException if the
        password answer is incorrect.

        * MembershipProvider.cs (InitVector): nuke this.  it's actually
        the salt from the database (for the sql provider, anyway).
        (EncodePassword): based on the password format, password, and
        salt, encode it.  Makes use of EncryptPassword.
        (DecodePassword): likewise for decoding, makes use of
        DecryptPassword.
        (DecryptPassword): revert this to throwing
        NotImplementedException, as the sql provideroverrides it to
        perform the actual decryption.
        (EncryptPassword): same.

2006-05-02  Chris Toshok  <toshok@ximian.com>

        * SqlMembershipProvider.cs: 85% complete, maybe more.  The major
        functionality should work.  Password retrieval (and encrypted
        passwords in general) is untested.

2006-05-01  Chris Toshok  <toshok@ximian.com>

        * Membership.cs (GeneratePassword): don't include quotes (',",`)
        in the set of characters in the generated passwords.

2006-05-01  Chris Toshok  <toshok@ximian.com>

        * MembershipProvider.cs (GetAlg): switch from Exception to
        ProviderException to match MS behavior (and fix the unit test.)

        * Membership.cs (GeneratePassword): implement.

2006-05-01  Chris Toshok  <toshok@ximian.com>

        * SqlMembershipProvider.cs: lots more work.  checking this in in
        its present state because I don't want to lose it.  It still needs
        work.
        
        * Membership.cs (.cctor): remove the fallback.
        (ValidatingPassword): remove the MonoTODO.

        * MembershipProvider.cs (DecryptPassword): implement.
        (EncryptPassword): implement.
        (GetAlg): helper function for Decrypt/EncryptPassword.
        (InitVector): same.

2006-04-27  Chris Toshok  <toshok@ximian.com>

        * SqlMembershipProvider.cs (GeneratePassword): call
        Membership.GeneratePassword with the configured minimum strength
        requirements.

2006-04-27  Chris Toshok  <toshok@ximian.com>

        * SqlMembershipProvider.cs (UnlockUser): fix sql query, and move
        the CheckPararm call to the top of the method.

2006-04-12  Chris Toshok  <toshok@ximian.com>

        * SqlMembershipProvider.cs: commit initial pass at
        SqlMembershipProvider work.  lots of stuff untested in here.

2006-04-11  Chris Toshok  <toshok@ximian.com>

        * MembershipUser.cs (.ctor): per Shackow's book, all DateTime's
        are converted using ToUniversalTime when passed into this class.
        (UpdateSelf): update ourselves from the passed in MembershipUser,
        swallowing NotSupportedExceptions.
        (UpdateUser): fetch a new MembershipUser from the db and call
        UpdateSelf with it.
        (ChangePassword): call UpdateUser after changing the password.
        (ChangePasswordQuestionAndAnswer): same.
        (ResetPassword): same.
        (UnlockUser): same.  Also, don't explicitly set isLockedOut.
        It'll be updated in UpdateSelf.
        (CreationDate): getter calls ToLocalTime, setter calls
        ToUniversalTime.
        (LastActivityDate): same.
        (LastLoginDate): same.
        (LastPasswordChangedDate): same.
        (LastLockoutDate): same.
        
        * Membership.cs (.cctor): use
        ProvidersHelper.InstantitateProviders, and remove some unnecessary
        #if NET_2_0's.

2006-03-29  Chris Toshok  <toshok@ximian.com>

        * SqlRoleProvider.cs: do the LOWER's in SQL, not in C#.

2006-03-23  Chris Toshok  <toshok@ximian.com>

        * Roles.cs: make this 2.0 configuration aware.

        * SqlRoleProvider.cs: flesh out all the operations.  the only
        things that need dealing with are the Initialize method's handling
        of a few parameters, and the ApplicationName property.

2006-03-23  Chris Toshok  <toshok@ximian.com>

        * DefaultAuthenticationModule.cs (OnDefaultAuthentication): always
        set Thread.CurrentPrincipal, not just if we set it to the
        GenericPrincipal.

2006-03-22  Chris Toshok  <toshok@ximian.com>

        * RoleManagerModule.cs: implement using info in Shackow's book.

        * RolePrincipal.cs: flesh this out a bit more.

        * DefaultAuthenticationModule.cs (OnDefaultAuthentication):
        according to Shackow's book, this sets Thread.CurrentPrincipal as
        well as HttpContext.Current.User.

2006-02-28  Chris Toshok  <toshok@ximian.com>

        * FormsAuthentication.cs: corcompare work.

        * MembershipCreateUserException.cs: same.

        * MembershipPasswordException.cs: same.

        * AnonymousIdentificationModule.cs: same.

2006-02-01  Chris Toshok  <toshok@ximian.com>

        * FormsAuthentication.cs, Membership.cs,
        FormsAuthenticationModule.cs, UrlAuthorizationModule.cs: oops,
        replace GetWebApplicationSection with GetSection.
        
2006-02-01  Chris Toshok  <toshok@ximian.com>

        * FormsAuthentication.cs: CONFIGURATION_2_0 => NET_2_0.
        simplifies the ifdef mess quite a bit.

        * Membership.cs: same.

        * FormsAuthenticationModule.cs: same.

        * UrlAuthorizationModule.cs: same.

2006-01-04  Chris Toshok  <toshok@ximian.com>

        * FormsAuthentication.cs (Authenticate): add CONFIGURATION_2_0
        code.
        (Decrypt2): same.
        (Decrypt): same.
        (Encrypt): same.
        (Initialize): same.

2006-01-04  Chris Toshok  <toshok@ximian.com>

        * Membership.cs (.cctor): enable the code here under
        CONFIGURATION_2_0.

2006-01-03  Chris Toshok  <toshok@ximian.com>

        * UrlAuthorizationModule.cs (OnAuthorizeRequest): add
        CONFIGURATION_2_0 code here.

2005-12-22 Gonzalo Paniagua Javier <gonzalo@ximian.com>

        * FormsAuthentication.cs: don't end the request in
        RedirectFromLoginPage.

2005-12-22 Gonzalo Paniagua Javier <gonzalo@ximian.com>

        * FormsAuthenticationModule.cs: expire the cookie. Fixes bug #77043.
        Patch by Cyrille Colin.

2005-12-13 Gonzalo Paniagua Javier <gonzalo@ximian.com>

        * FormsAuthenticationModule.cs: ignore any exception thrown when mapping
        the provided virtual path to the physical one. Patch by Cyrille Colin.

2005-11-28  Chris Toshok  <toshok@ximian.com>

        * FormsAuthenticationModule.cs (OnAuthenticateRequest):
        CONFIGURATION_2_0 work.
        (OnEndRequest): same.

2005-09-09  Sebastien Pouliot  <sebastien@ximian.com>

        * DefaultAuthenticationEventArgs.cs: Added LinkDemand for Minimal.
        * DefaultAuthenticationModule.cs: Added LinkDemand for Minimal. Added
        Demand for UnmanagedCode on constructor.
        * FileAuthorizationModule.cs: Added LinkDemand for Minimal. Added 
        Demand for UnmanagedCode on constructor.
        * FormsAuthentication.cs: Added LinkDemand for Minimal.
        * FormsAuthenticationEventArgs.cs: Added LinkDemand for Minimal.
        * FormsAuthenticationModule.cs: Added LinkDemand for Minimal. Added 
        Demand for UnmanagedCode on constructor.
        * FormsAuthenticationTicket.cs: Added LinkDemand for Minimal.
        * FormsIdentity.cs: Added LinkDemand for Minimal.
        * PassportAuthenticationEventArgs.cs: Added LinkDemand for Minimal.
        * PassportAuthenticationModule.cs: Added LinkDemand for Minimal. Added
        Demand for UnmanagedCode on constructor.
        * PassportIdentity.cs: Added LinkDemand for Minimal. Added Demand for
        UnmanagedCode on constructor.
        * UrlAuthorizationModule.cs: Added LinkDemand for Minimal. Added 
        Demand for UnmanagedCode on constructor.
        * WindowsAuthenticationEventArgs.cs: Added LinkDemand for Minimal.
        * WindowsAuthenticationModule.cs: Added LinkDemand for Minimal. Added
        Demand for UnmanagedCode on constructor.

2005-09-01  Sebastien Pouliot  <sebastien@ximian.com>

        * FormsAuthenticationEventArgs.cs: Ensure the setter for User is 
        protected by a demand for ControlPrincipal.
        * PassportAuthenticationEventArgs.cs: Ensure the setter for User is
        protected by a demand for ControlPrincipal.
        * WindowsAuthenticationEventArgs.cs: Ensure the setter for User is 
        protected by a demand for ControlPrincipal.

2005-08-25  Sebastien Pouliot  <sebastien@ximian.com> 
 
        * FormsAuthentication.cs: With 2.0 we can get the default properties 
        and call Initialize without a NRE.

2005-08-25  Sebastien Pouliot  <sebastien@ximian.com>

        * ActiveDirectoryConnectionProtection.cs: New (2.0) enum.
        * ActiveDirectoryMembershipProvider.cs: Fixed 2.0 API.
        * AnonymousIdentificationEventArgs.cs: Fixed AnonymousID property case.
        * AnonymousIdentificationModule.cs: Fixed 2.0 API.
        * FileAuthorizationModule.cs: Added static CheckFileAccessForUser in 
        2.0 profile (TODO).
        * FormsAuthentication.cs: Added missing 2.0 properties with their 
        default values.
        * MembershipCreateStatus.cs: Fixed enum values/names.
        * MembershipProvider.cs: Added stub for [Decrypt|Encrypt]Password. Both
        methods don't seems to work without an active provider.
        * PassportIdentity.cs: Added IDispose for 2.0 profile.
        * Roles.cs: Added missing beta2 bits and default values (which are the
        only things working without a role provider (web.config).
        * RolePrincipal.cs: Fixed 2.0 API. Implemented a few bits.
        * SqlRoleProvider.cs: Fixed 2.0 API.
        * UrlAuthorizationModule.cs: Added static CheckUrlAccessForPrincipal in
        2.0 profile (TODO).

2005-08-24  Sebastien Pouliot  <sebastien@ximian.com>

        * MembershipUserCollection.cs: Fix exceptions.

2005-08-22  Sebastien Pouliot  <sebastien@ximian.com>

        * FormsAuthentication.cs: Add some 2.0 stuff required for Login* 
        controls to compile.

2005-08-18  Sebastien Pouliot  <sebastien@ximian.com>

        * Membership.cs: Commented unworking parts of the .cctor to allow 
        testing the Login control.
        * MembershipProviderCollection.cs: Fixed exception handling.
        * SqlMembershipProvider.cs: Don't throw NotImplementedException 
        everywhere so Membership's .cctor (somewhat) works. Removed 
        Description property (not in beta2).

2005-07-28 Gonzalo Paniagua Javier <gonzalo@ximian.com>

        * FormsAuthentication.cs: allow hardware acceleration support if
        available. Sebastien dixit.

2005-07-26 Gonzalo Paniagua Javier <gonzalo@ximian.com>

        * FormsAuthentication.cs: the init_vector must be the same accross
        restarts, otherwise the cookie does not work even when a decryption
        key is provided. Initialize it to the bytes of the cookie name. Fixes
        bug #75635.

2005-07-25  Eyal Alaluf <eyala@mainsoft.com>

        * FormsAuthenticationModule.cs: Check for null config

2005-07-25  Miguel de Icaza  <miguel@novell.com>

        * FormsAuthentication.cs (SignOut): Force the cookie to have it
        expire in the past.

2005-07-25 Gonzalo Paniagua Javier <gonzalo@ximian.com>

        * FormsAuthentication.cs: my previous patch missed a "small" detail: it
        didn't include the verification key when computing/checking the
        validation hash. Now this is really a MAC or HMAC or...

2005-07-25 Gonzalo Paniagua Javier <gonzalo@ximian.com>

        * FormsAuthentication.cs:
        * FormsAuthenticationTicket.cs: added support for validation and
        encryption of the auth. cookie and improved serialization of the ticket.

2005-07-01  Lluis Sanchez Gual <lluis@novell.com>

        * Membership.cs: Read provider info from the config file.

2005-06-10 Lluis Sanchez Gual <lluis@novell.com>

        * MembershipUserCollection.cs:
        * MembershipPasswordException.cs:
        * RoleProviderCollection.cs:
        * ActiveDirectoryMembershipProvider.cs:
        * SqlMembershipProvider.cs:
        * MembershipProvider.cs:
        * SqlRoleProvider.cs:
        * Membership.cs:
        * MembershipUser.cs:
        * MembershipProviderCollection.cs:
        * Roles.cs:.
        * RoleProvider.cs: Track api changes in ASP.NET 2.0. Implemented
        some missing methods.
        
        * AccessRoleProvider.cs:
        * AccessMembershipProvider.cs: Removed.
        
        * MembershipCreateUserException.cs:
        * MembershipValidatePasswordEventHandler.cs:
        * ValidatePasswordEventArgs.cs: Implemented.

2005-05-21  Sebastien Pouliot  <sebastien@ximian.com>

        * FormsAuthentication.cs: Hash the UTF8 representation of the password
        strings (to be compatible with Microsoft implementation).

2005-04-20 Gonzalo Paniagua Javier <gonzalo@ximian.com>

        * FormsAuthentication.cs:
        * PassportAuthenticationModule.cs:
        * WindowsAuthenticationModule.cs: removed warnings.

2005-03-11 Gonzalo Paniagua Javier <gonzalo@ximian.com>

        * FormsAuthenticationModule.cs: fix for bug 73545, which caused
        authentication not to work when the cookie was not persistent.
        Patch by Ilya Kharmatsky (Mainsoft).

2005-02-23 Gonzalo Paniagua Javier <gonzalo@ximian.com>

        * FormsAuthentication.cs: make the string to be stored in a config.
        file uppercase... See bug #72557.

2005-02-06 Gonzalo Paniagua Javier <gonzalo@ximian.com>

        * FormsAuthentication.cs: fixed typo when getting the hash for the 
        password in SHA1 and MD5. Thanks to Tadas Dailyda.
        Lock on a static object instead of typeof(FormsAuthentication).

2004-11-18 Lluis Sanchez Gual <lluis@novell.com>

        * RoleProvider.cs, Roles.cs, SqlRoleProvider.cs, RoleProviderCollection.cs,
        AccessRoleProvider.cs: IRoleProvider has been renamed to ProviderBase.
        * IMembershipProvider.cs: Deleted.
        * MembershipProvider.cs, AccessMembershipProvider.cs, MembershipUser.cs,
        Membership.cs, ADMembershipProvider.cs, SqlMembershipProvider.cs
        MembershipProviderCollection.cs: MembershipProvider has been deleted
        and replaced by the abstract class MembershipProvider.
        * MembershipProviderCollection.cs: Minor fixes.
        * ADMembershipProvider.cs: Renamed to ActiveDirectoryMembershipProvider.cs.

2004-11-15 Lluis Sanchez Gual <lluis@novell.com>

        * RoleProviderCollection.cs, MembershipProviderCollection.cs: 
        Fixed warnings.

2004-08-23 Gonzalo Paniagua Javier <gonzalo@ximian.com>

        * FormsAuthentication.cs: patch by Jim Pease to fix the date on renewal.

2004-08-22 Gonzalo Paniagua Javier <gonzalo@ximian.com>

        * FormsAuthenticationModule.cs: don't renew expired cookies. Only renew
        the cookie if SlidingExpiration is set. Thanks to Jim Pease.

2004-08-03  Sanjay Gupta <gsanjay@novell.com>

        * MembershipSortOptions.cs:
        * MembershipPasswordFormat.cs:
        * MembershipOnlineStatus.cs:
        * MembershipCreateStatus.cs:
        * CookieProtection.cs: minor modifications.

2004-06-12  Pedro Martnez Juli  <yoros@wanadoo.es>

        * FormsAuthentication.cs: Undo last change.

2004-06-12  Pedro Martnez Juli  <yoros@wanadoo.es>

        * FormsAuthentication.cs: go to loginUrl from web.config settings
        before try with the default ones.

2004-06-11  Gonzalo Paniagua Javier <gonzalo@ximian.com>

        * DefaultAuthenticationModule.cs: set the IPrincipal for this thread
        once we have a user. Fixes bug #59683.

2004-04-21  Gonzalo Paniagua Javier <gonzalo@ximian.com>

        * FormsAuthenticationModule.cs: re-read configuration files if needed
        when determining if forms auth. is used.

2004-01-23  Gonzalo Paniagua Javier <gonzalo@ximian.com>

        * FormsAuthentication.cs: added RequireSSL and SlidingExpiration.

2004-01-11  Andreas Nahr <ClassDevelopment@A-SoftTech.com>

        * PassportIdentity.cs: Added v 1.1 members

2003-11-25 Ben Maurer  <bmaurer@users.sourceforge.net>
        
        * AccessMembershipProvider.cs: New v2 file
        * AccessRoleProvider.cs: New v2 file
        * ADMembershipProvider.cs: New v2 file
        * AnonymousIdentificationEventArgs.cs: New v2 file
        * AnonymousIdentificationEventHandler.cs: New v2 file
        * AnonymousIdentificationModule.cs: New v2 file
        * CookieProtection.cs: New v2 file
        * IMembershipProvider.cs: New v2 file
        * IRoleProvider.cs: New v2 file
        * Membership.cs: New v2 file
        * MembershipCreateStatus.cs: New v2 file
        * MembershipCreateUserException.cs: New v2 file
        * MembershipOnlineStatus.cs: New v2 file
        * MembershipPasswordException.cs: New v2 file
        * MembershipPasswordFormat.cs: New v2 file
        * MembershipProviderCollection.cs: New v2 file
        * MembershipSortOptions.cs: New v2 file
        * MembershipUser.cs: New v2 file
        * MembershipUserCollection.cs: New v2 file
        * RoleManagerEventArgs.cs: New v2 file
        * RoleManagerEventHandler.cs: New v2 file
        * RoleManagerModule.cs: New v2 file
        * RolePrincipal.cs: New v2 file
        * RoleProviderCollection.cs: New v2 file
        * Roles.cs: New v2 file
        * SqlMembershipProvider.cs: New v2 file
        * SqlRoleProvider.cs: New v2 file

2003-11-05  Gonzalo Paniagua Javier <gonzalo@ximian.com>

        * FormsAuthentication.cs: encoding updates.

2003-10-04  Gonzalo Paniagua Javier <gonzalo@ximian.com>

        * FormsAuthenticationModule.cs: fixed for applications other than /.

2003-08-27  Gonzalo Paniagua Javier <gonzalo@ximian.com>

        * UrlAuthorizationModule.cs: fixed description for status code.

2003-07-31  Gonzalo Paniagua Javier <gonzalo@ximian.com>

        * FormsAuthenticationModule.cs: really renew the ticket. Thanks to
        Jens Thiel <Jens@Thiel.DE>.

2003-02-13  Gonzalo Paniagua Javier <gonzalo@ximian.com>

        * UrlAuthorizationModule.cs: tell the application not to run any other
        step apart from EndRequest.

2003-02-12  Gonzalo Paniagua Javier <gonzalo@ximian.com>

        * FormsAuthentication.cs: implemented RedirectFromLoginPage and
        GetRedirectUrl.
        
        * FormsAuthenticationModule.cs: redirect to the login page when a 401
        error happens.

        * UrlAuthorizationModule.cs: check for valid user or render error page.

2003-01-04  Gonzalo Paniagua Javier <gonzalo@ximian.com>

        * DefaultAuthenticationModule.cs: implemented. It just create a default 
        unauthenticated user when no one else provided one.

        * FormsAuthenticationModule.cs: removed debug output.

2002-12-20  Gonzalo Paniagua Javier <gonzalo@ximian.com>

        * FormsAuthenticationModule.cs: remove debug lines.

2002-12-19  Gonzalo Paniagua Javier <gonzalo@ximian.com>

        * FormsAuthentication.cs: return a null ticket when an exception is
        thrown creating it. Implemented RenewTicketIfOld.

        * FormsAuthenticationModule.cs: implemented event handlers for
        AuthenticateRequest and EndRequest.

        * FormsAuthenticationTicket.cs: implemented SetDates and Clone methods.

2002-12-18  Gonzalo Paniagua Javier <gonzalo@ximian.com>

        * FormsAuthentication.cs: implemented GetAuthCookie, SetAuthCookie,
        SignOut, FormsCookieName and FormsCookiePath.

2002-12-17  Gonzalo Paniagua Javier <gonzalo@ximian.com>

        * FormsAuthentication.cs: implemented Authenticate, unencrypted Encrypt
        and Decrypt, HashPasswordForStoringInConfigFile and Initialize.

        * FormsAuthenticationTicket.cs: set cookiePath to the default when no
        other provided.

2002-08-26  Gonzalo Paniagua Javier <gonzalo@ximian.com>

        * DefaultAuthenticationEventHandler.cs:
        * DefaultAuthenticationModule.cs:
        * FileAuthorizationModule.cs:
        * FormsAuthentication.cs:
        * FormsAuthenticationEventArgs.cs:
        * FormsAuthenticationEventHandler.cs:
        * FormsAuthenticationModule.cs:
        * FormsAuthenticationTicket.cs:
        * FormsIdentity.cs:
        * PassportAuthenticationEventArgs.cs:
        * PassportAuthenticationEventHandler.cs:
        * PassportAuthenticationModule.cs:
        * PassportIdentity.cs:
        * UrlAuthorizationModule.cs:
        * WindowsAuthenticationEventArgs.cs:
        * WindowsAuthenticationEventHandler.cs:
        * WindowsAuthenticationModule.cs: new files. Some of them implemented,
        some others stubbed out.

2002-06-03  Gonzalo Paniagua Javier <gonzalo@ximian.com>

        * DefaultAuthenticationEventArgs.cs: added file.