1
//===============================================================================================
2//
3// (c) Copyright Microsoft Corporation.
4// This source is subject to the Microsoft Permissive License.
5// See http://www.microsoft.com/resources/sharedsource/licensingbasics/sharedsourcelicenses.mspx.
6// All other rights reserved.
7//
8//===============================================================================================
9
10using System;
11using System.Collections.Specialized;
12using System.Data;
13using System.Web;
14using System.Web.Security;
15using System.Security.Cryptography;
16using System.IO;
17
18namespace MyWebPagesStarterKit.Providers
19
...{
20
/**//// <summary>
21
/// Specialized MembershipProvider that uses a file (Users.config) to store its data.
22 /// Passwords for the users are always stored as a salted hash (see: http://msdn.microsoft.com/msdnmag/issues/03/08/SecurityBriefs/)
23
/// </summary>
24 public class CustomXmlMembershipProvider : MembershipProvider
25 ...{
26 private string _applicationName;
27 private int _maxInvalidPasswordAttempts;
28 private int _passwordAttemptWindow;
29 private int _minRequiredNonAlphanumericCharacters;
30 private int _minRequiredPasswordLength;
31 private string _passwordStrengthRegularExpression;
32 private bool _enablePasswordReset;
33 private bool _requiresUniqueEmail;
34
35 private DataTable _users;
36
37 private const string _cUserFilename = "Users.config";
38 private const string _cProviderName = "CustomXmlMembershipProvider";
39 private String _path = HttpContext.Current.Server.MapPath(string.Format("~/App_Data/{0}", _cUserFilename));
40
41 public override void Initialize(string name, NameValueCollection config)
42 ...{
43 if (config == null)
44 throw new ArgumentNullException("config");
45
46 name = _cProviderName;
47
48 if (String.IsNullOrEmpty(config["description"]))
49 ...{
50 config.Remove("description");
51 config.Add("description", "Xml membership provider");
52 }
53
54 // Initialize the abstract base class.
55 base.Initialize(name, config);
56
57 _applicationName = getConfigValue(config["applicationName"], System.Web.Hosting.HostingEnvironment.ApplicationVirtualPath);
58 _maxInvalidPasswordAttempts = Convert.ToInt32(getConfigValue(config["maxInvalidPasswordAttempts"], "5"));
59 _passwordAttemptWindow = Convert.ToInt32(getConfigValue(config["passwordAttemptWindow"], "10"));
60 _minRequiredNonAlphanumericCharacters = Convert.ToInt32(getConfigValue(config["minRequiredNonAlphanumericCharacters"], "1"));
61 _minRequiredPasswordLength = Convert.ToInt32(getConfigValue(config["minRequiredPasswordLength"], "7"));
62 _passwordStrengthRegularExpression = Convert.ToString(getConfigValue(config["passwordStrengthRegularExpression"], ""));
63 _enablePasswordReset = Convert.ToBoolean(getConfigValue(config["enablePasswordReset"], bool.TrueString));
64 _requiresUniqueEmail = Convert.ToBoolean(getConfigValue(config["requiresUniqueEmail"], bool.TrueString));
65
66 //load/create the usertable
67 if (File.Exists(_path))
68 ...{
69 lock (_path)
70 ...{
71 _users = new DataTable("UserTable");
72 _users.ReadXml(_path);
73 }
74 }
75 else
76 ...{
77 _users = new DataTable("UserTable");
78 _users.Columns.AddRange(new DataColumn[] ...{
79 new DataColumn("PKID", typeof(Guid)),
80 new DataColumn("Username", typeof(string)),
81 new DataColumn("ApplicationName", typeof(string)),
82 new DataColumn("Email", typeof(string)),
83 new DataColumn("Comment", typeof(string)),
84 new DataColumn("Salt", typeof(string)),
85 new DataColumn("Password", typeof(string)),
86 new DataColumn("IsApproved", typeof(bool)),
87 new DataColumn("LastActivityDate", typeof(DateTime)),
88 new DataColumn("LastLoginDate", typeof(DateTime)),
89 new DataColumn("LastPasswordChangedDate", typeof(DateTime)),
90 new DataColumn("CreationDate", typeof(DateTime)),
91 new DataColumn("IsOnLine", typeof(bool)),
92 new DataColumn("IsLockedOut", typeof(bool)),
93 new DataColumn("LastLockedOutDate", typeof(DateTime)),
94 new DataColumn("FailedPasswordAttemptCount", typeof(int)),
95 new DataColumn("FailedPasswordAttemptWindowStart", typeof(DateTime)),
96 new DataColumn("FailedPasswordAnswerAttemptCount", typeof(int)),
97 new DataColumn("FailedPasswordAnswerAttemptWindowStart", typeof(DateTime))
98 }
99 );
100 _users.AcceptChanges();
101 save();
102 }
103 }
104
105
106
107 public override string ApplicationName
108 ...{
109 get ...{ return _applicationName; }
110 set ...{ _applicationName = value; }
111 }
112
113 public override bool ChangePassword(string username, string oldPassword, string newPassword)
114 ...{
115 if (ValidateUser(username, oldPassword))
116 ...{
117 ValidatePasswordEventArgs args = new ValidatePasswordEventArgs(username, newPassword, false);
118 OnValidatingPassword(args);
119 if (args.Cancel)
120 ...{
121 if(args.FailureInformation != null)
122 throw args.FailureInformation;
123 else
124 throw new MembershipPasswordException("Change password canceled due to new password validation failure.");
125 }
126 DataRow row = _users.Select(string.Format("Username='{0}'", username))[0];
127
128 SaltedHash sh = SaltedHash.Create(newPassword);
129 row["Salt"] = sh.Salt;
130 row["Password"] = sh.Hash;
131 row["LastPasswordChangedDate"] = DateTime.Now;
132 row.AcceptChanges();
133 save();
134 return true;
135 }
136 else
137 ...{
138 return false;
139 }
140 }
141
142 public override bool ChangePasswordQuestionAndAnswer(string username, string password, string newPasswordQuestion, string newPasswordAnswer)
143 ...{
144 throw new NotSupportedException();
145 }
146
147 public override MembershipUser CreateUser(string username, string password, string email, string passwordQuestion, string passwordAnswer, bool isApproved, object providerUserKey, out MembershipCreateStatus status)
148 ...{
149 ValidatePasswordEventArgs args = new ValidatePasswordEventArgs(username, password, true);
150 OnValidatingPassword(args);
151 if (args.Cancel)
152 ...{
153 status = MembershipCreateStatus.InvalidPassword;
154 return null;
155 }
156 if (RequiresUniqueEmail && GetUserNameByEmail(email) != null)
157 ...{
158 status = MembershipCreateStatus.DuplicateEmail;
159 return null;
160 }
161
162 SaltedHash sh = SaltedHash.Create(password);
163
164 MembershipUser u = GetUser(username, false);
165 if (u == null)
166 ...{
167 _users.Rows.Add(
168 Guid.NewGuid(), //PKID
169 username, //Username
170 ApplicationName,//ApplicationName
171 email, //Email
172 string.Empty, //Comment
173 sh.Salt, //salt for the password
174 sh.Hash, //password hash
175 true, //IsApproved
176 DateTime.Now, //LastActivityDate
177 DateTime.Now, //LastLoginDate
178 DateTime.Now, //LastPasswordChangedDate
179 DateTime.Now, //CreationDate
180 false, //IsOnLine
181 false, //IsLockedOut
182 DateTime.MinValue, //LastLockedOutDate
183 0, //FailedPasswordAttemptCount
184 DateTime.MinValue, //FailedPasswordAttemptWindowStart
185 0, //FailedPasswordAnswerAttemptCount
186 DateTime.MinValue //FailedPasswordAnswerAttemptWindowStart
187 );
188 _users.AcceptChanges();
189 save();
190 status = MembershipCreateStatus.Success;
191
192 return GetUser(username, false);
193 }
194 else
195 ...{
196 status = MembershipCreateStatus.DuplicateUserName;
197 }
198 return null;
199 }
200
201 public override bool DeleteUser(string username, bool deleteAllRelatedData)
202 ...{
203 DataRow[] rows = _users.Select(string.Format("Username='{0}'", username));
204 if (rows.Length > 0)
205 ...{
206 if (deleteAllRelatedData)
207 ...{
208 string[] roles = Roles.GetRolesForUser(username);
209 if (roles.Length > 0)
210 Roles.RemoveUserFromRoles(username, roles);
211 }
212
213 _users.Rows.Remove(rows[0]);
214 _users.AcceptChanges();
215 save();
216 return true;
217 }
218 else
219 ...{
220 return false;
221 }
222 }
223
224 public override bool EnablePasswordReset
225 ...{
226 get ...{ return _enablePasswordReset; }
227 }
228
229 public override bool EnablePasswordRetrieval
230 ...{
231 get ...{ return false; }
232 }
233
234 public override MembershipUserCollection FindUsersByEmail(string emailToMatch, int pageIndex, int pageSize, out int totalRecords)
235 ...{
236 if (string.IsNullOrEmpty(emailToMatch))
237 throw new ArgumentException("emailToMatch is null or empty", "emailToMatch");
238 if (pageIndex < 0)
239 throw new ArgumentException("pageIndex must be 0 or greater", "pageIndex");
240 if (pageSize < 1)
241 throw new ArgumentException("pageSize must be greater than 0", "pageSize");
242
243 MembershipUserCollection coll = new MembershipUserCollection();
244 DataRow[] rows = _users.Select(string.Format("Email LIKE '{0}'", emailToMatch),"Username ASC");
245
246 for (int i = pageIndex * pageSize; (i < (pageIndex + 1) * pageSize) && (i < rows.Length); i++)
247 ...{
248 coll.Add(createMembershipUser(rows[i]));
249 }
250 totalRecords = rows.Length;
251 return coll;
252 }
253
254 public override MembershipUserCollection FindUsersByName(string usernameToMatch, int pageIndex, int pageSize, out int totalRecords)
255 ...{
256 if (string.IsNullOrEmpty(usernameToMatch))
257 throw new ArgumentException("usernameToMatch is null or empty", "usernameToMatch");
258 if (pageIndex < 0)
259 throw new ArgumentException("pageIndex must be 0 or greater", "pageIndex");
260 if (pageSize < 1)
261 throw new ArgumentException("pageSize must be greater than 0", "pageSize");
262
263 MembershipUserCollection coll = new MembershipUserCollection();
264 DataRow[] rows = _users.Select(string.Format("Username = '{0}'", usernameToMatch), "Username ASC");
265
266 for (int i = pageIndex * pageSize; (i < (pageIndex + 1) * pageSize) && (i < rows.Length); i++)
267 ...{
268 coll.Add(createMembershipUser(rows[i]));
269 }
270 totalRecords = rows.Length;
271 return coll;
272 }
273
274 public override MembershipUserCollection GetAllUsers(int pageIndex, int pageSize, out int totalRecords)
275 ...{
276 if (pageIndex < 0)
277 throw new
