2 // System.Web.Security.Membership
5 // Ben Maurer (bmaurer@users.sourceforge.net)
6 // Lluis Sanchez Gual (lluis@novell.com)
9 // (C) 2005 Novell, inc.
13 // Permission is hereby granted, free of charge, to any person obtaining
14 // a copy of this software and associated documentation files (the
15 // "Software"), to deal in the Software without restriction, including
16 // without limitation the rights to use, copy, modify, merge, publish,
17 // distribute, sublicense, and/or sell copies of the Software, and to
18 // permit persons to whom the Software is furnished to do so, subject to
19 // the following conditions:
21 // The above copyright notice and this permission notice shall be
22 // included in all copies or substantial portions of the Software.
24 // THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
25 // EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
26 // MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
27 // NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
28 // LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
29 // OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
30 // WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
33 using System.Collections;
34 using System.Collections.Specialized;
36 using System.Web.Configuration;
37 using System.Configuration;
38 using System.Security.Cryptography;
40 namespace System.Web.Security
42 public static class Membership
44 static MembershipProviderCollection providers;
45 static MembershipProvider provider;
46 static int onlineTimeWindow;
47 static string hashAlgorithmType;
51 MembershipSection section = (MembershipSection) WebConfigurationManager.GetSection ("system.web/membership");
53 providers = new MembershipProviderCollection ();
55 ProvidersHelper.InstantiateProviders (section.Providers, providers, typeof (MembershipProvider));
57 provider = providers[section.DefaultProvider];
59 onlineTimeWindow = (int) section.UserIsOnlineTimeWindow.TotalMinutes;
60 hashAlgorithmType = section.HashAlgorithmType;
61 if (String.IsNullOrEmpty (hashAlgorithmType)) {
62 MachineKeySection mks = WebConfigurationManager.GetSection ("system.web/machineKey") as MachineKeySection;
63 MachineKeyValidationConverter cvt = new MachineKeyValidationConverter ();
64 hashAlgorithmType = cvt.ConvertTo (null, null, mks.Validation, typeof (string)) as string;
67 if (String.IsNullOrEmpty (hashAlgorithmType))
68 hashAlgorithmType = "SHA1";
71 public static MembershipUser CreateUser (string username, string password)
73 return CreateUser (username, password, null);
76 public static MembershipUser CreateUser (string username, string password, string email)
78 MembershipCreateStatus status;
79 MembershipUser usr = CreateUser (username, password, email, null, null, true, out status);
81 throw new MembershipCreateUserException (status);
86 public static MembershipUser CreateUser (string username, string password, string email, string passwordQuestion, string passwordAnswer, bool isApproved, out MembershipCreateStatus status)
88 return CreateUser (username, password, email, passwordQuestion, passwordAnswer, isApproved, null, out status);
91 public static MembershipUser CreateUser (string username, string password, string email, string passwordQuestion, string passwordAnswer, bool isApproved, object providerUserKey, out MembershipCreateStatus status)
93 if (String.IsNullOrEmpty (username)) {
94 status = MembershipCreateStatus.InvalidUserName;
98 if (String.IsNullOrEmpty (password)) {
99 status = MembershipCreateStatus.InvalidPassword;
103 return Provider.CreateUser (username, password, email, passwordQuestion, passwordAnswer, isApproved, providerUserKey, out status);
106 public static bool DeleteUser (string username)
108 return Provider.DeleteUser (username, true);
111 public static bool DeleteUser (string username, bool deleteAllRelatedData)
113 return Provider.DeleteUser (username, deleteAllRelatedData);
116 public static string GeneratePassword (int length, int numberOfNonAlphanumericCharacters)
118 RandomNumberGenerator rng = RandomNumberGenerator.Create ();
119 byte[] pass_bytes = new byte[length];
121 int num_nonalpha = 0;
123 rng.GetBytes (pass_bytes);
125 for (i = 0; i < length; i ++) {
126 /* convert the random bytes to ascii values 33-126 */
127 pass_bytes[i] = (byte)(pass_bytes[i] % 93 + 33);
129 /* and count the number of
130 * non-alphanumeric characters we have
132 if ((pass_bytes[i] >= 33 && pass_bytes[i] <= 47)
133 || (pass_bytes[i] >= 58 && pass_bytes[i] <= 64)
134 || (pass_bytes[i] >= 91 && pass_bytes[i] <= 96)
135 || (pass_bytes[i] >= 123 && pass_bytes[i] <= 126))
138 /* get rid of any quotes in the
139 * password, just in case they cause
141 if (pass_bytes[i] == 34 || pass_bytes[i] == 39)
143 else if (pass_bytes[i] == 96)
147 if (num_nonalpha < numberOfNonAlphanumericCharacters) {
148 /* loop over the array, converting the
149 * least number of alphanumeric
150 * characters to non-alpha */
151 for (i = 0; i < length; i ++) {
152 if (num_nonalpha == numberOfNonAlphanumericCharacters)
154 if (pass_bytes[i] >= 48 && pass_bytes[i] <= 57) {
155 pass_bytes[i] = (byte)(pass_bytes[i] - 48 + 33);
158 else if (pass_bytes[i] >= 65 && pass_bytes[i] <= 90) {
159 pass_bytes[i] = (byte)((pass_bytes[i] - 65) % 13 + 33);
162 else if (pass_bytes[i] >= 97 && pass_bytes[i] <= 122) {
163 pass_bytes[i] = (byte)((pass_bytes[i] - 97) % 13 + 33);
167 /* and make sure we don't end up with quote characters */
168 if (pass_bytes[i] == 34 || pass_bytes[i] == 39)
170 else if (pass_bytes[i] == 96)
175 return Encoding.ASCII.GetString (pass_bytes);
178 public static MembershipUserCollection GetAllUsers ()
181 return GetAllUsers (0, int.MaxValue, out total);
184 public static MembershipUserCollection GetAllUsers (int pageIndex, int pageSize, out int totalRecords)
186 return Provider.GetAllUsers (pageIndex, pageSize, out totalRecords);
189 public static int GetNumberOfUsersOnline ()
191 return Provider.GetNumberOfUsersOnline ();
194 public static MembershipUser GetUser ()
196 return GetUser (HttpContext.Current.User.Identity.Name, true);
199 public static MembershipUser GetUser (bool userIsOnline)
201 return GetUser (HttpContext.Current.User.Identity.Name, userIsOnline);
204 public static MembershipUser GetUser (string username)
206 return GetUser (username, false);
209 public static MembershipUser GetUser (string username, bool userIsOnline)
211 return Provider.GetUser (username, userIsOnline);
214 public static MembershipUser GetUser (object providerUserKey)
216 return GetUser (providerUserKey, false);
219 public static MembershipUser GetUser (object providerUserKey, bool userIsOnline)
221 return Provider.GetUser (providerUserKey, userIsOnline);
224 public static string GetUserNameByEmail (string emailToMatch)
226 return Provider.GetUserNameByEmail (emailToMatch);
229 public static void UpdateUser (MembershipUser user)
231 Provider.UpdateUser (user);
234 public static bool ValidateUser (string username, string password)
236 return Provider.ValidateUser (username, password);
239 public static MembershipUserCollection FindUsersByEmail (string emailToMatch)
242 return Provider.FindUsersByEmail (emailToMatch, 0, int.MaxValue, out totalRecords);
245 public static MembershipUserCollection FindUsersByEmail (string emailToMatch, int pageIndex, int pageSize, out int totalRecords)
247 return Provider.FindUsersByEmail (emailToMatch, pageIndex, pageSize, out totalRecords);
250 public static MembershipUserCollection FindUsersByName (string usernameToMatch)
253 return Provider.FindUsersByName (usernameToMatch, 0, int.MaxValue, out totalRecords);
256 public static MembershipUserCollection FindUsersByName (string usernameToMatch, int pageIndex, int pageSize, out int totalRecords)
258 return Provider.FindUsersByName (usernameToMatch, pageIndex, pageSize, out totalRecords);
261 public static string ApplicationName {
262 get { return Provider.ApplicationName; }
263 set { Provider.ApplicationName = value; }
266 public static bool EnablePasswordReset {
267 get { return Provider.EnablePasswordReset; }
270 public static bool EnablePasswordRetrieval {
271 get { return Provider.EnablePasswordRetrieval; }
274 public static string HashAlgorithmType {
275 get { return hashAlgorithmType; }
278 public static bool RequiresQuestionAndAnswer {
279 get { return Provider.RequiresQuestionAndAnswer; }
282 public static int MaxInvalidPasswordAttempts {
283 get { return Provider.MaxInvalidPasswordAttempts; }
286 public static int MinRequiredNonAlphanumericCharacters {
287 get { return Provider.MinRequiredNonAlphanumericCharacters; }
290 public static int MinRequiredPasswordLength {
291 get { return Provider.MinRequiredPasswordLength; }
294 public static int PasswordAttemptWindow {
295 get { return Provider.PasswordAttemptWindow; }
298 public static string PasswordStrengthRegularExpression {
299 get { return Provider.PasswordStrengthRegularExpression; }
302 public static MembershipProvider Provider {
303 get { return provider; }
306 public static MembershipProviderCollection Providers {
307 get { return providers; }
310 public static int UserIsOnlineTimeWindow {
311 get { return onlineTimeWindow; }
314 public static event MembershipValidatePasswordEventHandler ValidatingPassword {
315 add { Provider.ValidatingPassword += value; }
316 remove { Provider.ValidatingPassword -= value; }