Advertisement
Guest User

Untitled

a guest
Jul 29th, 2017
159
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 38.77 KB | None | 0 0
  1. using System;
  2. using System.Configuration;
  3. using System.Collections.Specialized;
  4. using System.Configuration.Provider;
  5. using System.Data;
  6. using System.Data.SqlClient;
  7. using System.Security.Cryptography;
  8. using System.Text;
  9. using System.Web.Configuration;
  10. using System.Web.Security;
  11.  
  12. namespace HDI.AspNet.Membership
  13. {
  14.  
  15. public sealed class HDIMembershipProvider : MembershipProvider
  16. {
  17.  
  18. #region Class Variables
  19.  
  20. private int newPasswordLength = 8;
  21. private string connectionString;
  22. private string applicationName;
  23. private bool enablePasswordReset;
  24. private bool enablePasswordRetrieval;
  25. private bool requiresQuestionAndAnswer;
  26. private bool requiresUniqueEmail;
  27. private int maxInvalidPasswordAttempts;
  28. private int passwordAttemptWindow;
  29. private MembershipPasswordFormat passwordFormat;
  30. private int minRequiredNonAlphanumericCharacters;
  31. private int minRequiredPasswordLength;
  32. private string passwordStrengthRegularExpression;
  33. private MachineKeySection machineKey; //Used when determining encryption key values.
  34.  
  35. #endregion
  36.  
  37. #region Enums
  38.  
  39. private enum FailureType
  40. {
  41. Password = 1,
  42. PasswordAnswer = 2
  43. }
  44.  
  45. #endregion
  46.  
  47. #region Properties
  48.  
  49. public override string ApplicationName
  50. {
  51. get
  52. {
  53. return applicationName;
  54. }
  55. set
  56. {
  57. applicationName = value;
  58. }
  59. }
  60.  
  61. public override bool EnablePasswordReset
  62. {
  63. get
  64. {
  65. return enablePasswordReset;
  66. }
  67. }
  68.  
  69. public override bool EnablePasswordRetrieval
  70. {
  71. get
  72. {
  73. return enablePasswordRetrieval;
  74. }
  75. }
  76.  
  77. public override bool RequiresQuestionAndAnswer
  78. {
  79. get
  80. {
  81. return requiresQuestionAndAnswer;
  82. }
  83. }
  84.  
  85. public override bool RequiresUniqueEmail
  86. {
  87. get
  88. {
  89. return requiresUniqueEmail;
  90. }
  91. }
  92.  
  93. public override int MaxInvalidPasswordAttempts
  94. {
  95. get
  96. {
  97. return maxInvalidPasswordAttempts;
  98. }
  99. }
  100.  
  101. public override int PasswordAttemptWindow
  102. {
  103. get
  104. {
  105. return passwordAttemptWindow;
  106. }
  107. }
  108.  
  109. public override MembershipPasswordFormat PasswordFormat
  110. {
  111. get
  112. {
  113. return passwordFormat;
  114. }
  115. }
  116.  
  117. public override int MinRequiredNonAlphanumericCharacters
  118. {
  119. get
  120. {
  121. return minRequiredNonAlphanumericCharacters;
  122. }
  123. }
  124.  
  125. public override int MinRequiredPasswordLength
  126. {
  127. get
  128. {
  129. return minRequiredPasswordLength;
  130. }
  131. }
  132.  
  133. public override string PasswordStrengthRegularExpression
  134. {
  135. get
  136. {
  137. return passwordStrengthRegularExpression;
  138. }
  139. }
  140.  
  141. #endregion
  142.  
  143. #region Initialization
  144.  
  145. public override void Initialize(string name, NameValueCollection config)
  146. {
  147. if (config == null)
  148. {
  149. throw new ArgumentNullException("config");
  150. }
  151.  
  152. if (name == null || name.Length == 0)
  153. {
  154. name = "HDIMembershipProvider";
  155. }
  156.  
  157. if (String.IsNullOrEmpty(config["description"]))
  158. {
  159. config.Remove("description");
  160. config.Add("description", "How Do I: Sample Membership provider");
  161. }
  162.  
  163. //Initialize the abstract base class.
  164. base.Initialize(name, config);
  165.  
  166. applicationName = GetConfigValue(config["applicationName"], System.Web.Hosting.HostingEnvironment.ApplicationVirtualPath);
  167. maxInvalidPasswordAttempts = Convert.ToInt32(GetConfigValue(config["maxInvalidPasswordAttempts"], "5"));
  168. passwordAttemptWindow = Convert.ToInt32(GetConfigValue(config["passwordAttemptWindow"], "10"));
  169. minRequiredNonAlphanumericCharacters = Convert.ToInt32(GetConfigValue(config["minRequiredAlphaNumericCharacters"], "1"));
  170. minRequiredPasswordLength = Convert.ToInt32(GetConfigValue(config["minRequiredPasswordLength"], "7"));
  171. passwordStrengthRegularExpression = Convert.ToString(GetConfigValue(config["passwordStrengthRegularExpression"], String.Empty));
  172. enablePasswordReset = Convert.ToBoolean(GetConfigValue(config["enablePasswordReset"], "true"));
  173. enablePasswordRetrieval = Convert.ToBoolean(GetConfigValue(config["enablePasswordRetrieval"], "true"));
  174. requiresQuestionAndAnswer = Convert.ToBoolean(GetConfigValue(config["requiresQuestionAndAnswer"], "false"));
  175. requiresUniqueEmail = Convert.ToBoolean(GetConfigValue(config["requiresUniqueEmail"], "true"));
  176.  
  177. string temp_format = config["passwordFormat"];
  178. if (temp_format == null)
  179. {
  180. temp_format = "Hashed";
  181. }
  182.  
  183. switch (temp_format)
  184. {
  185. case "Hashed":
  186. passwordFormat = MembershipPasswordFormat.Hashed;
  187. break;
  188. case "Encrypted":
  189. passwordFormat = MembershipPasswordFormat.Encrypted;
  190. break;
  191. case "Clear":
  192. passwordFormat = MembershipPasswordFormat.Clear;
  193. break;
  194. default:
  195. throw new ProviderException("Password format not supported.");
  196. }
  197.  
  198. ConnectionStringSettings ConnectionStringSettings = ConfigurationManager.ConnectionStrings[config["connectionStringName"]];
  199.  
  200. if ((ConnectionStringSettings == null) || (ConnectionStringSettings.ConnectionString.Trim() == String.Empty))
  201. {
  202. throw new ProviderException("Connection string cannot be blank.");
  203. }
  204.  
  205. connectionString = ConnectionStringSettings.ConnectionString;
  206.  
  207. //Get encryption and decryption key information from the configuration.
  208. System.Configuration.Configuration cfg = WebConfigurationManager.OpenWebConfiguration(System.Web.Hosting.HostingEnvironment.ApplicationVirtualPath);
  209. machineKey = cfg.GetSection("system.web/machineKey") as MachineKeySection;
  210.  
  211. if (machineKey.ValidationKey.Contains("AutoGenerate"))
  212. {
  213. if (PasswordFormat != MembershipPasswordFormat.Clear)
  214. {
  215. throw new ProviderException("Hashed or Encrypted passwords are not supported with auto-generated keys.");
  216. }
  217. }
  218. }
  219.  
  220. private string GetConfigValue(string configValue, string defaultValue)
  221. {
  222. if (String.IsNullOrEmpty(configValue))
  223. {
  224. return defaultValue;
  225. }
  226.  
  227. return configValue;
  228. }
  229.  
  230. #endregion
  231.  
  232. #region Implemented Abstract Methods from MembershipProvider
  233.  
  234. /// <summary>
  235. /// Change the user password.
  236. /// </summary>
  237. /// <param name="username">UserName</param>
  238. /// <param name="oldPwd">Old password.</param>
  239. /// <param name="newPwd">New password.</param>
  240. /// <returns>T/F if password was changed.</returns>
  241. public override bool ChangePassword(string username, string oldPwd, string newPwd)
  242. {
  243.  
  244. if (!ValidateUser(username, oldPwd))
  245. {
  246. return false;
  247. }
  248.  
  249. ValidatePasswordEventArgs args = new ValidatePasswordEventArgs(username, newPwd, true);
  250.  
  251. OnValidatingPassword(args);
  252.  
  253. if (args.Cancel)
  254. {
  255. if (args.FailureInformation != null)
  256. {
  257. throw args.FailureInformation;
  258. }
  259. else
  260. {
  261. throw new Exception("Change password canceled due to new password validation failure.");
  262. }
  263. }
  264.  
  265. SqlConnection sqlConnection = new SqlConnection(connectionString);
  266. SqlCommand sqlCommand = new SqlCommand("User_ChangePassword", sqlConnection);
  267.  
  268. sqlCommand.CommandType = CommandType.StoredProcedure;
  269. sqlCommand.Parameters.Add("@password", SqlDbType.NVarChar, 255).Value = EncodePassword(newPwd);
  270. sqlCommand.Parameters.Add("@username", SqlDbType.NVarChar, 255).Value = username;
  271. sqlCommand.Parameters.Add("@applicationName", SqlDbType.NVarChar, 255).Value = applicationName;
  272.  
  273. try
  274. {
  275. sqlConnection.Open();
  276. sqlCommand.ExecuteNonQuery();
  277. }
  278. catch (SqlException e)
  279. {
  280. //Add exception handling here.
  281. return false;
  282. }
  283. finally
  284. {
  285. sqlConnection.Close();
  286. }
  287.  
  288. return true;
  289.  
  290. }
  291.  
  292. /// <summary>
  293. /// Change the question and answer for a password validation.
  294. /// </summary>
  295. /// <param name="username">User name.</param>
  296. /// <param name="password">Password.</param>
  297. /// <param name="newPwdQuestion">New question text.</param>
  298. /// <param name="newPwdAnswer">New answer text.</param>
  299. /// <returns></returns>
  300. /// <remarks></remarks>
  301. public override bool ChangePasswordQuestionAndAnswer(
  302. string username,
  303. string password,
  304. string newPwdQuestion,
  305. string newPwdAnswer)
  306. {
  307.  
  308. if (!ValidateUser(username, password))
  309. {
  310. return false;
  311. }
  312.  
  313. SqlConnection sqlConnection = new SqlConnection(connectionString);
  314. SqlCommand sqlCommand = new SqlCommand("User_ChangePasswordQuestionAnswer", sqlConnection);
  315.  
  316. sqlCommand.CommandType = CommandType.StoredProcedure;
  317. sqlCommand.Parameters.Add("@returnValue", SqlDbType.Int, 0).Direction = ParameterDirection.ReturnValue;
  318. sqlCommand.Parameters.Add("@question", SqlDbType.NVarChar, 255).Value = newPwdQuestion;
  319. sqlCommand.Parameters.Add("@answer", SqlDbType.NVarChar, 255).Value = EncodePassword(newPwdAnswer);
  320. sqlCommand.Parameters.Add("@username", SqlDbType.NVarChar, 255).Value = username; ;
  321. sqlCommand.Parameters.Add("@applicationName", SqlDbType.NVarChar, 255).Value = applicationName;
  322.  
  323. try
  324. {
  325. sqlConnection.Open();
  326. sqlCommand.ExecuteNonQuery();
  327. if ((int)sqlCommand.Parameters["@returnValue"].Value != 0)
  328. {
  329. return false;
  330. }
  331. }
  332. catch (SqlException e)
  333. {
  334. //Add exception handling here.
  335. return false;
  336. }
  337. finally
  338. {
  339. sqlConnection.Close();
  340. }
  341.  
  342. return true;
  343.  
  344. }
  345. /// <summary>
  346. /// Create a new user.
  347. /// </summary>
  348. /// <param name="username">User name.</param>
  349. /// <param name="password">Password.</param>
  350. /// <param name="email">Email address.</param>
  351. /// <param name="passwordQuestion">Security quesiton for password.</param>
  352. /// <param name="passwordAnswer">Security quesiton answer for password.</param>
  353. /// <param name="isApproved"></param>
  354. /// <param name="userID">User ID</param>
  355. /// <param name="status"></param>
  356. /// <returns>MembershipUser</returns>
  357.  
  358. public override MembershipUser CreateUser(string username, string password, string email, string passwordQuestion, string passwordAnswer, bool isApproved, object providerUserKey, out MembershipCreateStatus status)
  359. {
  360.  
  361. ValidatePasswordEventArgs args = new ValidatePasswordEventArgs(username, password, true);
  362.  
  363. OnValidatingPassword(args);
  364.  
  365. if (args.Cancel)
  366. {
  367. status = MembershipCreateStatus.InvalidPassword;
  368. return null;
  369. }
  370.  
  371. if ((RequiresUniqueEmail && (GetUserNameByEmail(email) != String.Empty)))
  372. {
  373. status = MembershipCreateStatus.DuplicateEmail;
  374. return null;
  375. }
  376.  
  377. MembershipUser membershipUser = GetUser(username, false);
  378.  
  379. if (membershipUser == null)
  380. {
  381. System.DateTime createDate = DateTime.Now;
  382.  
  383. SqlConnection sqlConnection = new SqlConnection(connectionString);
  384. SqlCommand sqlCommand = new SqlCommand("User_Ins", sqlConnection);
  385.  
  386. sqlCommand.CommandType = CommandType.StoredProcedure;
  387. sqlCommand.Parameters.Add("@returnValue", SqlDbType.Int, 0).Direction = ParameterDirection.ReturnValue;
  388. sqlCommand.Parameters.Add("@username", SqlDbType.NVarChar, 255).Value = username; ;
  389. sqlCommand.Parameters.Add("@applicationName", SqlDbType.NVarChar, 255).Value = applicationName;
  390. sqlCommand.Parameters.Add("@password", SqlDbType.NVarChar, 255).Value = EncodePassword(password);
  391. sqlCommand.Parameters.Add("@email", SqlDbType.NVarChar, 128).Value = email;
  392. sqlCommand.Parameters.Add("@passwordQuestion", SqlDbType.NVarChar, 255).Value = passwordQuestion;
  393. sqlCommand.Parameters.Add("@passwordAnswer", SqlDbType.NVarChar, 255).Value = EncodePassword(passwordAnswer);
  394. sqlCommand.Parameters.Add("@isApproved", SqlDbType.Bit).Value = isApproved;
  395. sqlCommand.Parameters.Add("@comment", SqlDbType.NVarChar, 255).Value = String.Empty;
  396.  
  397. try
  398. {
  399. sqlConnection.Open();
  400.  
  401. sqlCommand.ExecuteNonQuery();
  402. if ((int)sqlCommand.Parameters["@returnValue"].Value == 0)
  403. {
  404.  
  405. status = MembershipCreateStatus.Success;
  406. }
  407. else
  408. {
  409. status = MembershipCreateStatus.UserRejected;
  410. }
  411. }
  412. catch (SqlException e)
  413. {
  414. //Add exception handling here.
  415.  
  416. status = MembershipCreateStatus.ProviderError;
  417. }
  418. finally
  419. {
  420. sqlConnection.Close();
  421. }
  422.  
  423. return GetUser(username, false);
  424. }
  425. else
  426. {
  427. status = MembershipCreateStatus.DuplicateUserName;
  428. }
  429.  
  430. return null;
  431. }
  432. /// <summary>
  433. /// Delete a user.
  434. /// </summary>
  435. /// <param name="username">User name.</param>
  436. /// <param name="deleteAllRelatedData">Whether to delete all related data.</param>
  437. /// <returns>T/F if the user was deleted.</returns>
  438. public override bool DeleteUser(
  439. string username,
  440. bool deleteAllRelatedData
  441. )
  442. {
  443.  
  444. SqlConnection sqlConnection = new SqlConnection(connectionString);
  445. SqlCommand sqlCommand = new SqlCommand("User_Del", sqlConnection);
  446.  
  447. sqlCommand.CommandType = CommandType.StoredProcedure;
  448. sqlCommand.Parameters.Add("@returnValue", SqlDbType.Int, 0).Direction = ParameterDirection.ReturnValue;
  449. sqlCommand.Parameters.Add("@username", SqlDbType.NVarChar, 255).Value = username; ;
  450. sqlCommand.Parameters.Add("@applicationName", SqlDbType.NVarChar, 255).Value = applicationName;
  451.  
  452. try
  453. {
  454. sqlConnection.Open();
  455. sqlCommand.ExecuteNonQuery();
  456. if ((int)sqlCommand.Parameters["@returnValue"].Value == 0)
  457. {
  458. if (deleteAllRelatedData)
  459. {
  460. //Process commands to delete all data for the user in the database.
  461. }
  462. }
  463. else
  464. {
  465. return false;
  466. }
  467. }
  468. catch (SqlException e)
  469. {
  470. //Add exception handling here.
  471. }
  472. finally
  473. {
  474. sqlConnection.Close();
  475. }
  476.  
  477. return true;
  478.  
  479. }
  480. /// <summary>
  481. /// Get a collection of users.
  482. /// </summary>
  483. /// <param name="pageIndex">Page index.</param>
  484. /// <param name="pageSize">Page size.</param>
  485. /// <param name="totalRecords">Total # of records to retrieve.</param>
  486. /// <returns>Collection of MembershipUser objects.</returns>
  487.  
  488. public override MembershipUserCollection GetAllUsers(int pageIndex, int pageSize, out int totalRecords)
  489. {
  490.  
  491. SqlConnection sqlConnection = new SqlConnection(connectionString);
  492. SqlCommand sqlCommand = new SqlCommand("Users_Sel", sqlConnection);
  493.  
  494. sqlCommand.CommandType = CommandType.StoredProcedure;
  495. sqlCommand.Parameters.Add("@applicationName", SqlDbType.NVarChar, 255).Value = applicationName;
  496.  
  497. MembershipUserCollection users = new MembershipUserCollection();
  498.  
  499. SqlDataReader sqlDataReader = null;
  500. totalRecords = 0;
  501.  
  502. try
  503. {
  504. sqlConnection.Open();
  505. sqlDataReader = sqlCommand.ExecuteReader(CommandBehavior.CloseConnection);
  506.  
  507. int counter = 0;
  508. int startIndex = pageSize * pageIndex;
  509. int endIndex = startIndex + pageSize - 1;
  510.  
  511. while (sqlDataReader.Read())
  512. {
  513. if (counter >= startIndex)
  514. {
  515. users.Add(GetUserFromReader(sqlDataReader));
  516. }
  517.  
  518. if (counter >= endIndex) { sqlCommand.Cancel(); }
  519. counter += 1;
  520. }
  521. }
  522. catch (SqlException e)
  523. {
  524. //Add exception handling here.
  525. }
  526. finally
  527. {
  528. if (sqlDataReader != null)
  529. {
  530. sqlDataReader.Close();
  531. }
  532. }
  533.  
  534. return users;
  535.  
  536. }
  537. /// <summary>
  538. /// Gets the number of users currently on-line.
  539. /// </summary>
  540. /// <returns> /// # of users on-line.</returns>
  541. public override int GetNumberOfUsersOnline()
  542. {
  543.  
  544. TimeSpan onlineSpan = new TimeSpan(0, System.Web.Security.Membership.UserIsOnlineTimeWindow, 0);
  545. DateTime compareTime = DateTime.Now.Subtract(onlineSpan);
  546.  
  547. SqlConnection sqlConnection = new SqlConnection(connectionString);
  548. SqlCommand sqlCommand = new SqlCommand("Users_NumberOnline", sqlConnection);
  549.  
  550. sqlCommand.CommandType = CommandType.StoredProcedure;
  551. sqlCommand.Parameters.Add("@applicationName", SqlDbType.NVarChar, 255).Value = applicationName;
  552. sqlCommand.Parameters.Add("@compareDate", SqlDbType.DateTime).Value = compareTime;
  553.  
  554. int numOnline = 0;
  555.  
  556. try
  557. {
  558. sqlConnection.Open();
  559.  
  560. numOnline = Convert.ToInt32(sqlCommand.ExecuteScalar());
  561. }
  562. catch (SqlException e)
  563. {
  564. //Add exception handling here.
  565. }
  566. finally
  567. {
  568. sqlConnection.Close();
  569. }
  570.  
  571. return numOnline;
  572.  
  573. }
  574. /// <summary>
  575. /// Get the password for a user.
  576. /// </summary>
  577. /// <param name="username">User name.</param>
  578. /// <param name="answer">Answer to security question.</param>
  579. /// <returns>Password for the user.</returns>
  580. public override string GetPassword(
  581. string username,
  582. string answer
  583. )
  584. {
  585.  
  586. if (!EnablePasswordRetrieval)
  587. {
  588. throw new ProviderException("Password Retrieval Not Enabled.");
  589. }
  590.  
  591. if (PasswordFormat == MembershipPasswordFormat.Hashed)
  592. {
  593. throw new ProviderException("Cannot retrieve Hashed passwords.");
  594. }
  595.  
  596. SqlConnection sqlConnection = new SqlConnection(connectionString);
  597. SqlCommand sqlCommand = new SqlCommand("User_GetPassword", sqlConnection);
  598.  
  599. sqlCommand.CommandType = CommandType.StoredProcedure;
  600. sqlCommand.Parameters.Add("@username", SqlDbType.NVarChar, 255).Value = username;
  601. sqlCommand.Parameters.Add("@applicationName", SqlDbType.NVarChar, 255).Value = applicationName;
  602.  
  603. string password = String.Empty;
  604. string passwordAnswer = String.Empty;
  605. SqlDataReader sqlDataReader = null;
  606.  
  607. try
  608. {
  609. sqlConnection.Open();
  610.  
  611. sqlDataReader = sqlCommand.ExecuteReader(CommandBehavior.SingleRow & CommandBehavior.CloseConnection);
  612.  
  613. if (sqlDataReader.HasRows)
  614. {
  615. sqlDataReader.Read();
  616.  
  617. if (sqlDataReader.GetBoolean(2))
  618. {
  619. throw new MembershipPasswordException("The supplied user is locked out.");
  620. }
  621.  
  622. password = sqlDataReader.GetString(0);
  623. passwordAnswer = sqlDataReader.GetString(1);
  624. }
  625. else
  626. {
  627. throw new MembershipPasswordException("The supplied user name is not found.");
  628. }
  629. }
  630. catch (SqlException e)
  631. {
  632. //Add exception handling here.
  633. }
  634. finally
  635. {
  636. if (sqlDataReader != null) { sqlDataReader.Close(); }
  637. }
  638.  
  639. if (RequiresQuestionAndAnswer && !CheckPassword(answer, passwordAnswer))
  640. {
  641. UpdateFailureCount(username, FailureType.PasswordAnswer);
  642.  
  643. throw new MembershipPasswordException("Incorrect password answer.");
  644. }
  645.  
  646. if (PasswordFormat == MembershipPasswordFormat.Encrypted)
  647. {
  648. password = UnEncodePassword(password);
  649. }
  650.  
  651. return password;
  652. }
  653.  
  654. public override MembershipUser GetUser(
  655. string username,
  656. bool userIsOnline
  657. )
  658. {
  659.  
  660. SqlConnection sqlConnection = new SqlConnection(connectionString);
  661. SqlCommand sqlCommand = new SqlCommand("User_Sel", sqlConnection);
  662.  
  663. sqlCommand.CommandType = CommandType.StoredProcedure;
  664. sqlCommand.Parameters.Add("@username", SqlDbType.NVarChar, 255).Value = username;
  665. sqlCommand.Parameters.Add("@applicationName", SqlDbType.NVarChar, 255).Value = applicationName;
  666.  
  667. MembershipUser membershipUser = null;
  668. SqlDataReader sqlDataReader = null;
  669.  
  670. try
  671. {
  672. sqlConnection.Open();
  673.  
  674. sqlDataReader = sqlCommand.ExecuteReader(CommandBehavior.CloseConnection);
  675.  
  676. if (sqlDataReader.HasRows)
  677. {
  678. sqlDataReader.Read();
  679. membershipUser = GetUserFromReader(sqlDataReader);
  680.  
  681. if (userIsOnline)
  682. {
  683. SqlCommand sqlUpdateCommand = new SqlCommand("User_UpdateActivityDate_ByUserName", sqlConnection);
  684.  
  685. sqlUpdateCommand.CommandType = CommandType.StoredProcedure;
  686. sqlUpdateCommand.Parameters.Add("@username", SqlDbType.NVarChar, 255).Value = username;
  687. sqlUpdateCommand.Parameters.Add("@applicationName", SqlDbType.NVarChar, 255).Value = applicationName;
  688. sqlUpdateCommand.ExecuteNonQuery();
  689. }
  690. }
  691. }
  692. catch (SqlException e)
  693. {
  694. //Add exception handling here.
  695. }
  696. finally
  697. {
  698. if (sqlDataReader != null) { sqlDataReader.Close(); }
  699. }
  700.  
  701. return membershipUser;
  702. }
  703. /// <summary>
  704. /// Get a user based upon provider key and if they are on-line.
  705. /// </summary>
  706. /// <param name="userID">Provider key.</param>
  707. /// <param name="userIsOnline">T/F whether the user is on-line.</param>
  708. /// <returns></returns>
  709. public override MembershipUser GetUser(
  710. object userID,
  711. bool userIsOnline
  712. )
  713. {
  714.  
  715. SqlConnection sqlConnection = new SqlConnection(connectionString);
  716. SqlCommand sqlCommand = new SqlCommand("User_SelByUserID", sqlConnection);
  717.  
  718. sqlCommand.CommandType = CommandType.StoredProcedure;
  719. sqlCommand.Parameters.Add("@userID", SqlDbType.UniqueIdentifier).Value = userID;
  720.  
  721. MembershipUser membershipUser = null;
  722. SqlDataReader sqlDataReader = null;
  723.  
  724. try
  725. {
  726. sqlConnection.Open();
  727.  
  728. sqlDataReader = sqlCommand.ExecuteReader(CommandBehavior.CloseConnection);
  729.  
  730. if (sqlDataReader.HasRows)
  731. {
  732. sqlDataReader.Read();
  733. membershipUser = GetUserFromReader(sqlDataReader);
  734.  
  735. if (userIsOnline)
  736. {
  737. SqlCommand sqlUpdateCommand = new SqlCommand("User_UpdateActivityDate_ByUserID", sqlConnection);
  738.  
  739. sqlUpdateCommand.CommandType = CommandType.StoredProcedure;
  740. sqlUpdateCommand.Parameters.Add("@userID", SqlDbType.NVarChar, 255).Value = userID;
  741. sqlUpdateCommand.Parameters.Add("@applicationName", SqlDbType.NVarChar, 255).Value = applicationName;
  742. sqlUpdateCommand.ExecuteNonQuery();
  743. }
  744. }
  745. }
  746. catch (SqlException e)
  747. {
  748. //Add exception handling here.
  749. }
  750. finally
  751. {
  752. if (sqlDataReader != null) { sqlDataReader.Close(); }
  753. }
  754.  
  755. return membershipUser;
  756.  
  757. }
  758.  
  759. /// <summary>
  760. /// Unlock a user.
  761. /// </summary>
  762. /// <param name="username">User name.</param>
  763. /// <returns>T/F if unlocked.</returns>
  764. public override bool UnlockUser(
  765. string username
  766. )
  767. {
  768.  
  769. SqlConnection sqlConnection = new SqlConnection(connectionString);
  770. SqlCommand sqlCommand = new SqlCommand("User_Unlock", sqlConnection);
  771.  
  772. sqlCommand.CommandType = CommandType.StoredProcedure;
  773. sqlCommand.Parameters.Add("@returnValue", SqlDbType.Int, 0).Direction = ParameterDirection.ReturnValue;
  774. sqlCommand.Parameters.Add("@username", SqlDbType.NVarChar, 255).Value = username;
  775. sqlCommand.Parameters.Add("@applicationName", SqlDbType.NVarChar, 255).Value = applicationName;
  776.  
  777. int rowsAffected = 0;
  778.  
  779. try
  780. {
  781. sqlConnection.Open();
  782.  
  783. sqlCommand.ExecuteNonQuery();
  784. if ((int)sqlCommand.Parameters["@returnValue"].Value == 0)
  785. {
  786. return false;
  787. }
  788. }
  789. catch (SqlException e)
  790. {
  791. //Add exception handling here.
  792. return false;
  793. }
  794. finally
  795. {
  796. sqlConnection.Close();
  797. }
  798.  
  799. return true;
  800.  
  801. }
  802.  
  803.  
  804. public override string GetUserNameByEmail(string email)
  805. {
  806. SqlConnection sqlConnection = new SqlConnection(connectionString);
  807. SqlCommand sqlCommand = new SqlCommand("UserName_Sel_ByEmail", sqlConnection);
  808.  
  809. sqlCommand.CommandType = CommandType.StoredProcedure;
  810. sqlCommand.Parameters.Add("@email", SqlDbType.NVarChar, 128).Value = email;
  811. sqlCommand.Parameters.Add("@applicationName", SqlDbType.NVarChar, 255).Value = applicationName;
  812.  
  813. string username = String.Empty;
  814.  
  815. try
  816. {
  817. sqlConnection.Open();
  818. username = Convert.ToString(sqlCommand.ExecuteScalar());
  819. }
  820. catch (SqlException e)
  821. {
  822. //Add exception handling here.
  823. }
  824. finally
  825. {
  826. sqlConnection.Close();
  827. }
  828.  
  829. if (username == null)
  830. {
  831. return String.Empty;
  832. }
  833. else
  834. {
  835. username.Trim();
  836. }
  837.  
  838. return username;
  839.  
  840. }
  841. /// <summary>
  842. /// Reset the user password.
  843. /// </summary>
  844. /// <param name="username">User name.</param>
  845. /// <param name="answer">Answer to security question.</param>
  846. /// <returns></returns>
  847. /// <remarks></remarks>
  848. public override string ResetPassword(
  849. string username,
  850. string answer
  851. )
  852. {
  853.  
  854. if (!EnablePasswordReset)
  855. {
  856. throw new NotSupportedException("Password Reset is not enabled.");
  857. }
  858.  
  859. if ((answer == null) && (RequiresQuestionAndAnswer))
  860. {
  861. UpdateFailureCount(username, FailureType.PasswordAnswer);
  862.  
  863. throw new ProviderException("Password answer required for password Reset.");
  864. }
  865.  
  866. string newPassword =
  867. System.Web.Security.Membership.GeneratePassword(
  868. newPasswordLength,
  869. MinRequiredNonAlphanumericCharacters
  870. );
  871.  
  872. ValidatePasswordEventArgs args = new ValidatePasswordEventArgs(username, newPassword, true);
  873.  
  874. OnValidatingPassword(args);
  875.  
  876. if (args.Cancel)
  877. {
  878. if (args.FailureInformation != null)
  879. {
  880. throw args.FailureInformation;
  881. }
  882. else
  883. {
  884. throw new MembershipPasswordException("Reset password canceled due to password validation failure.");
  885. }
  886. }
  887.  
  888. SqlConnection sqlConnection = new SqlConnection(connectionString);
  889. SqlCommand sqlCommand = new SqlCommand("User_GetPasswordAnswer", sqlConnection);
  890.  
  891. sqlCommand.CommandType = CommandType.StoredProcedure;
  892. sqlCommand.Parameters.Add("@username", SqlDbType.NVarChar, 255).Value = username;
  893. sqlCommand.Parameters.Add("@applicationName", SqlDbType.NVarChar, 255).Value = applicationName;
  894.  
  895. int rowsAffected = 0;
  896. string passwordAnswer = String.Empty;
  897. SqlDataReader sqlDataReader = null;
  898.  
  899. try
  900. {
  901. sqlConnection.Open();
  902.  
  903. sqlDataReader = sqlCommand.ExecuteReader(CommandBehavior.SingleRow & CommandBehavior.CloseConnection);
  904.  
  905. if (sqlDataReader.HasRows)
  906. {
  907. sqlDataReader.Read();
  908.  
  909. if (sqlDataReader.GetBoolean(1))
  910. {
  911. throw new MembershipPasswordException("The supplied user is locked out.");
  912. }
  913.  
  914. passwordAnswer = sqlDataReader.GetString(0);
  915. }
  916. else
  917. {
  918. throw new MembershipPasswordException("The supplied user name is not found.");
  919. }
  920.  
  921. if (RequiresQuestionAndAnswer && (!CheckPassword(answer, passwordAnswer)))
  922. {
  923. UpdateFailureCount(username, FailureType.PasswordAnswer);
  924.  
  925. throw new MembershipPasswordException("Incorrect password answer.");
  926. }
  927.  
  928. SqlCommand sqlUpdateCommand = new SqlCommand("User_UpdatePassword", sqlConnection);
  929.  
  930. sqlUpdateCommand.CommandType = CommandType.StoredProcedure;
  931. sqlUpdateCommand.Parameters.Add("@password", SqlDbType.NVarChar, 255).Value = EncodePassword(newPassword);
  932. sqlUpdateCommand.Parameters.Add("@username", SqlDbType.NVarChar, 255).Value = username;
  933. sqlUpdateCommand.Parameters.Add("@applicationName", SqlDbType.NVarChar, 255).Value = applicationName;
  934. rowsAffected = sqlUpdateCommand.ExecuteNonQuery();
  935. }
  936. catch (SqlException e)
  937. {
  938. //Add exception handling here.
  939. }
  940. finally
  941. {
  942. if (sqlDataReader != null) { sqlDataReader.Close(); }
  943. }
  944.  
  945. if (rowsAffected > 0)
  946. {
  947. return newPassword;
  948. }
  949. else
  950. {
  951. throw new MembershipPasswordException("User not found, or user is locked out. Password not Reset.");
  952. }
  953. }
  954.  
  955. /// <summary>
  956. /// Update the user information.
  957. /// </summary>
  958. /// <param name="_membershipUser">MembershipUser object containing data.</param>
  959. public override void UpdateUser(MembershipUser membershipUser)
  960. {
  961.  
  962. SqlConnection sqlConnection = new SqlConnection(connectionString);
  963. SqlCommand sqlCommand = new SqlCommand("User_Upd", sqlConnection);
  964.  
  965. sqlCommand.CommandType = CommandType.StoredProcedure;
  966. sqlCommand.Parameters.Add("@email", SqlDbType.NVarChar, 128).Value = membershipUser.Email;
  967. sqlCommand.Parameters.Add("@comment", SqlDbType.NVarChar, 255).Value = membershipUser.Comment;
  968. sqlCommand.Parameters.Add("@isApproved", SqlDbType.Bit).Value = membershipUser.IsApproved;
  969. sqlCommand.Parameters.Add("@username", SqlDbType.NVarChar, 255).Value = membershipUser.UserName;
  970. sqlCommand.Parameters.Add("@applicationName", SqlDbType.NVarChar, 255).Value = applicationName;
  971.  
  972. try
  973. {
  974. sqlConnection.Open();
  975. sqlCommand.ExecuteNonQuery();
  976. }
  977. catch (SqlException e)
  978. {
  979. //Add exception handling here.
  980. }
  981. finally
  982. {
  983. sqlConnection.Close();
  984. }
  985. }
  986.  
  987. /// <summary>
  988. /// Validate the user based upon username and password.
  989. /// </summary>
  990. /// <param name="username">User name.</param>
  991. /// <param name="password">Password.</param>
  992. /// <returns>T/F if the user is valid.</returns>
  993. public override bool ValidateUser(
  994. string username,
  995. string password
  996. )
  997. {
  998.  
  999. bool isValid = false;
  1000.  
  1001. SqlConnection sqlConnection = new SqlConnection(connectionString);
  1002. SqlCommand sqlCommand = new SqlCommand("User_Validate", sqlConnection);
  1003.  
  1004. sqlCommand.CommandType = CommandType.StoredProcedure;
  1005. sqlCommand.Parameters.Add("@username", SqlDbType.NVarChar, 255).Value = username;
  1006. sqlCommand.Parameters.Add("@applicationName", SqlDbType.NVarChar, 255).Value = applicationName;
  1007.  
  1008. SqlDataReader sqlDataReader = null;
  1009. bool isApproved = false;
  1010. string storedPassword = String.Empty;
  1011.  
  1012. try
  1013. {
  1014. sqlConnection.Open();
  1015. sqlDataReader = sqlCommand.ExecuteReader(CommandBehavior.SingleRow);
  1016.  
  1017. if (sqlDataReader.HasRows)
  1018. {
  1019. sqlDataReader.Read();
  1020. storedPassword = sqlDataReader.GetString(0);
  1021. isApproved = sqlDataReader.GetBoolean(1);
  1022. }
  1023. else
  1024. {
  1025. return false;
  1026. }
  1027.  
  1028. sqlDataReader.Close();
  1029.  
  1030. if (CheckPassword(password, storedPassword))
  1031. {
  1032. if (isApproved)
  1033. {
  1034. isValid = true;
  1035.  
  1036. SqlCommand sqlUpdateCommand = new SqlCommand("User_UpdateLoginDate", sqlConnection);
  1037.  
  1038. sqlUpdateCommand.CommandType = CommandType.StoredProcedure;
  1039. sqlUpdateCommand.Parameters.Add("@username", SqlDbType.NVarChar, 255).Value = username;
  1040. sqlUpdateCommand.Parameters.Add("@applicationName", SqlDbType.NVarChar, 255).Value = applicationName;
  1041. sqlUpdateCommand.ExecuteNonQuery();
  1042. }
  1043. }
  1044. else
  1045. {
  1046. sqlConnection.Close();
  1047. UpdateFailureCount(username, FailureType.Password);
  1048. }
  1049. }
  1050. catch (SqlException e)
  1051. {
  1052. //Add exception handling here.
  1053. }
  1054. finally
  1055. {
  1056. if (sqlDataReader != null) { sqlDataReader.Close(); }
  1057. if ((sqlConnection != null) && (sqlConnection.State == ConnectionState.Open)) { sqlConnection.Close(); }
  1058. }
  1059.  
  1060. return isValid;
  1061. }
  1062. /// <summary>
  1063. /// Find all users matching a search string.
  1064. /// </summary>
  1065. /// <param name="usernameToMatch">Search string of user name to match.</param>
  1066. /// <param name="pageIndex"></param>
  1067. /// <param name="pageSize"></param>
  1068. /// <param name="totalRecords">Total records found.</param>
  1069. /// <returns>Collection of MembershipUser objects.</returns>
  1070.  
  1071. public override MembershipUserCollection FindUsersByName(string usernameToMatch, int pageIndex, int pageSize, out int totalRecords)
  1072. {
  1073. SqlConnection sqlConnection = new SqlConnection(connectionString);
  1074. SqlCommand sqlCommand = new SqlCommand("Users_Sel_ByUserName", sqlConnection);
  1075.  
  1076. sqlCommand.CommandType = CommandType.StoredProcedure;
  1077. sqlCommand.Parameters.Add("@username", SqlDbType.NVarChar, 255).Value = usernameToMatch;
  1078. sqlCommand.Parameters.Add("@applicationName", SqlDbType.NVarChar, 255).Value = applicationName;
  1079.  
  1080. MembershipUserCollection membershipUsers = new MembershipUserCollection();
  1081. SqlDataReader sqlDataReader = null;
  1082. int counter = 0;
  1083.  
  1084. try
  1085. {
  1086. sqlConnection.Open();
  1087. sqlDataReader = sqlCommand.ExecuteReader(CommandBehavior.CloseConnection);
  1088.  
  1089. int startIndex = pageSize * pageIndex;
  1090. int endIndex = startIndex + pageSize - 1;
  1091.  
  1092. while (sqlDataReader.Read())
  1093. {
  1094. if (counter >= startIndex)
  1095. {
  1096. MembershipUser membershipUser = GetUserFromReader(sqlDataReader);
  1097. membershipUsers.Add(membershipUser);
  1098. }
  1099.  
  1100. if (counter >= endIndex) { sqlCommand.Cancel(); }
  1101.  
  1102. counter += 1;
  1103. }
  1104. }
  1105. catch (SqlException e)
  1106. {
  1107. //Add exception handling here.
  1108. }
  1109. finally
  1110. {
  1111. if (sqlDataReader != null) { sqlDataReader.Close(); }
  1112. }
  1113.  
  1114. totalRecords = counter;
  1115.  
  1116. return membershipUsers;
  1117. }
  1118.  
  1119. /// <summary>
  1120. /// Find all users matching a search string of their email.
  1121. /// </summary>
  1122. /// <param name="emailToMatch">Search string of email to match.</param>
  1123. /// <param name="pageIndex"></param>
  1124. /// <param name="pageSize"></param>
  1125. /// <param name="totalRecords">Total records found.</param>
  1126. /// <returns>Collection of MembershipUser objects.</returns>
  1127.  
  1128. public override MembershipUserCollection FindUsersByEmail(string emailToMatch, int pageIndex, int pageSize, out int totalRecords)
  1129. {
  1130. SqlConnection sqlConnection = new SqlConnection(connectionString);
  1131. SqlCommand sqlCommand = new SqlCommand("Users_Sel_ByUserName", sqlConnection);
  1132.  
  1133. sqlCommand.CommandType = CommandType.StoredProcedure;
  1134. sqlCommand.Parameters.Add("@email", SqlDbType.NVarChar, 255).Value = emailToMatch;
  1135. sqlCommand.Parameters.Add("@applicationName", SqlDbType.NVarChar, 255).Value = applicationName;
  1136.  
  1137. MembershipUserCollection membershipUsers = new MembershipUserCollection();
  1138. SqlDataReader sqlDataReader = null;
  1139. int counter = 0;
  1140.  
  1141. try
  1142. {
  1143. sqlConnection.Open();
  1144. sqlDataReader = sqlCommand.ExecuteReader(CommandBehavior.CloseConnection);
  1145.  
  1146. int startIndex = pageSize * pageIndex;
  1147. int endIndex = startIndex + pageSize - 1;
  1148.  
  1149. while (sqlDataReader.Read())
  1150. {
  1151. if (counter >= startIndex)
  1152. {
  1153. MembershipUser membershipUser = GetUserFromReader(sqlDataReader);
  1154. membershipUsers.Add(membershipUser);
  1155. }
  1156.  
  1157. if (counter >= endIndex) { sqlCommand.Cancel(); }
  1158.  
  1159. counter += 1;
  1160. }
  1161. }
  1162. catch (SqlException e)
  1163. {
  1164. //Add exception handling here.
  1165. }
  1166. finally
  1167. {
  1168. if (sqlDataReader != null) { sqlDataReader.Close(); }
  1169. }
  1170.  
  1171. totalRecords = counter;
  1172.  
  1173. return membershipUsers;
  1174. }
  1175.  
  1176. #endregion
  1177.  
  1178. #region "Utility Functions"
  1179. /// <summary>
  1180. /// Create a MembershipUser object from a data reader.
  1181. /// </summary>
  1182. /// <param name="sqlDataReader">Data reader.</param>
  1183. /// <returns>MembershipUser object.</returns>
  1184. private MembershipUser GetUserFromReader(
  1185. SqlDataReader sqlDataReader
  1186. )
  1187. {
  1188.  
  1189. object userID = sqlDataReader.GetValue(0);
  1190. string username = sqlDataReader.GetString(1);
  1191. string email = sqlDataReader.GetString(2);
  1192.  
  1193. string passwordQuestion = String.Empty;
  1194. if (sqlDataReader.GetValue(3) != DBNull.Value)
  1195. {
  1196. passwordQuestion = sqlDataReader.GetString(3);
  1197. }
  1198.  
  1199. string comment = String.Empty;
  1200. if (sqlDataReader.GetValue(4) != DBNull.Value)
  1201. {
  1202. comment = sqlDataReader.GetString(4);
  1203. }
  1204.  
  1205. bool isApproved = sqlDataReader.GetBoolean(5);
  1206. bool isLockedOut = sqlDataReader.GetBoolean(6);
  1207. DateTime creationDate = sqlDataReader.GetDateTime(7);
  1208.  
  1209. DateTime lastLoginDate = new DateTime();
  1210. if (sqlDataReader.GetValue(8) != DBNull.Value)
  1211. {
  1212. lastLoginDate = sqlDataReader.GetDateTime(8);
  1213. }
  1214.  
  1215. DateTime lastActivityDate = sqlDataReader.GetDateTime(9);
  1216. DateTime lastPasswordChangedDate = sqlDataReader.GetDateTime(10);
  1217.  
  1218. DateTime lastLockedOutDate = new DateTime();
  1219. if (sqlDataReader.GetValue(11) != DBNull.Value)
  1220. {
  1221. lastLockedOutDate = sqlDataReader.GetDateTime(11);
  1222. }
  1223.  
  1224. MembershipUser membershipUser = new MembershipUser(
  1225. this.Name,
  1226. username,
  1227. userID,
  1228. email,
  1229. passwordQuestion,
  1230. comment,
  1231. isApproved,
  1232. isLockedOut,
  1233. creationDate,
  1234. lastLoginDate,
  1235. lastActivityDate,
  1236. lastPasswordChangedDate,
  1237. lastLockedOutDate
  1238. );
  1239.  
  1240. return membershipUser;
  1241.  
  1242. }
  1243.  
  1244. /// <summary>
  1245. /// Converts a hexadecimal string to a byte array. Used to convert encryption key values from the configuration
  1246. /// </summary>
  1247. /// <param name="hexString"></param>
  1248. /// <returns></returns>
  1249. /// <remarks></remarks>
  1250. private byte[] HexToByte(string hexString)
  1251. {
  1252. byte[] returnBytes = new byte[hexString.Length / 2];
  1253. for (int i = 0; i < returnBytes.Length; i++)
  1254. returnBytes[i] = Convert.ToByte(hexString.Substring(i * 2, 2), 16);
  1255. return returnBytes;
  1256. }
  1257.  
  1258. /// <summary>
  1259. /// Update password and answer failure information.
  1260. /// </summary>
  1261. /// <param name="username">User name.</param>
  1262. /// <param name="failureType">Type of failure</param>
  1263. /// <remarks></remarks>
  1264. private void UpdateFailureCount(string username, FailureType failureType)
  1265. {
  1266.  
  1267. SqlConnection sqlConnection = new SqlConnection(connectionString);
  1268. SqlCommand sqlCommand = new SqlCommand("Users_Sel_ByUserName", sqlConnection);
  1269.  
  1270. sqlCommand.CommandType = CommandType.StoredProcedure;
  1271. sqlCommand.Parameters.Add("@failureType", SqlDbType.Int, 0).Value = failureType;
  1272. sqlCommand.Parameters.Add("@passwordAttempWindow", SqlDbType.DateTime, 0).Value = passwordAttemptWindow;
  1273. sqlCommand.Parameters.Add("@maxInvalidPasswordAttempts", SqlDbType.Int, 0).Value = maxInvalidPasswordAttempts;
  1274. sqlCommand.Parameters.Add("@userName", SqlDbType.NVarChar, 255).Value = username;
  1275. sqlCommand.Parameters.Add("@applicationName", SqlDbType.NVarChar, 255).Value = applicationName;
  1276.  
  1277. try
  1278. {
  1279. sqlConnection.Open();
  1280. sqlCommand.ExecuteNonQuery();
  1281. }
  1282. catch (Exception ex)
  1283. {
  1284. //Add exception handling here.
  1285. }
  1286.  
  1287. }
  1288. /// <summary>
  1289. /// Check the password format based upon the MembershipPasswordFormat.
  1290. /// </summary>
  1291. /// <param name="password">Password</param>
  1292. /// <param name="dbpassword"></param>
  1293. /// <returns></returns>
  1294. /// <remarks></remarks>
  1295. private bool CheckPassword(string password, string dbpassword)
  1296. {
  1297. string pass1 = password;
  1298. string pass2 = dbpassword;
  1299.  
  1300. switch (PasswordFormat)
  1301. {
  1302. case MembershipPasswordFormat.Encrypted:
  1303. pass2 = UnEncodePassword(dbpassword);
  1304. break;
  1305. case MembershipPasswordFormat.Hashed:
  1306. pass1 = EncodePassword(password);
  1307. break;
  1308. default:
  1309. break;
  1310. }
  1311.  
  1312. if (pass1 == pass2)
  1313. {
  1314. return true;
  1315. }
  1316.  
  1317. return false;
  1318. }
  1319.  
  1320. /// <summary>
  1321. /// Encode password.
  1322. /// </summary>
  1323. /// <param name="password">Password.</param>
  1324. /// <returns>Encoded password.</returns>
  1325. private string EncodePassword(string password)
  1326. {
  1327. string encodedPassword = password;
  1328.  
  1329. switch (PasswordFormat)
  1330. {
  1331. case MembershipPasswordFormat.Clear:
  1332. break;
  1333. case MembershipPasswordFormat.Encrypted:
  1334. encodedPassword =
  1335. Convert.ToBase64String(EncryptPassword(Encoding.Unicode.GetBytes(password)));
  1336. break;
  1337. case MembershipPasswordFormat.Hashed:
  1338. HMACSHA1 hash = new HMACSHA1();
  1339. hash.Key = HexToByte(machineKey.ValidationKey);
  1340. encodedPassword =
  1341. Convert.ToBase64String(hash.ComputeHash(Encoding.Unicode.GetBytes(password)));
  1342. break;
  1343. default:
  1344. throw new ProviderException("Unsupported password format.");
  1345. }
  1346.  
  1347. return encodedPassword;
  1348. }
  1349.  
  1350. /// <summary>
  1351. /// UnEncode password.
  1352. /// </summary>
  1353. /// <param name="encodedPassword">Password.</param>
  1354. /// <returns>Unencoded password.</returns>
  1355. private string UnEncodePassword(string encodedPassword)
  1356. {
  1357. string password = encodedPassword;
  1358.  
  1359. switch (PasswordFormat)
  1360. {
  1361. case MembershipPasswordFormat.Clear:
  1362. break;
  1363. case MembershipPasswordFormat.Encrypted:
  1364. password =
  1365. Encoding.Unicode.GetString(DecryptPassword(Convert.FromBase64String(password)));
  1366. break;
  1367. case MembershipPasswordFormat.Hashed:
  1368. throw new ProviderException("Cannot unencode a hashed password.");
  1369. default:
  1370. throw new ProviderException("Unsupported password format.");
  1371. }
  1372.  
  1373. return password;
  1374. }
  1375.  
  1376. #endregion
  1377.  
  1378. }
  1379. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement