📄 sqlmembershipprovider.cs
字号:
if( !SecUtility.ValidateParameter( ref username,true, true, true, 256))
{
status = MembershipCreateStatus.InvalidUserName;
return null;
}
if( !SecUtility.ValidateParameter( ref email,
RequiresUniqueEmail,
RequiresUniqueEmail,
false,
256 ) )
{
status = MembershipCreateStatus.InvalidEmail;
return null;
}
if( !SecUtility.ValidateParameter( ref passwordQuestion, RequiresQuestionAndAnswer, true, false, 256))
{
status = MembershipCreateStatus.InvalidQuestion;
return null;
}
if( providerUserKey != null )
{
if( !( providerUserKey is Guid ) )
{
status = MembershipCreateStatus.InvalidProviderUserKey;
return null;
}
}
if( password.Length < MinRequiredPasswordLength )
{
status = MembershipCreateStatus.InvalidPassword;
return null;
}
int count = 0;
for( int i = 0; i < password.Length; i++ )
{
if( !char.IsLetterOrDigit( password, i ) )
{
count++;
}
}
if( count < MinRequiredNonAlphanumericCharacters )
{
status = MembershipCreateStatus.InvalidPassword;
return null;
}
if( PasswordStrengthRegularExpression.Length > 0 )
{
if( !Regex.IsMatch( password, PasswordStrengthRegularExpression ) )
{
status = MembershipCreateStatus.InvalidPassword;
return null;
}
}
ValidatePasswordEventArgs e = new ValidatePasswordEventArgs( username, password, true );
OnValidatingPassword( e );
if( e.Cancel )
{
status = MembershipCreateStatus.InvalidPassword;
return null;
}
try
{
SqlConnectionHolder holder = null;
try {
holder = SqlConnectionHelper.GetConnection( _sqlConnectionString, true );
CheckSchemaVersion( holder.Connection );
DateTime dt = RoundToSeconds(DateTime.UtcNow);
SqlCommand cmd = new SqlCommand("dbo.aspnet_Membership_CreateUser", holder.Connection);
cmd.CommandTimeout = CommandTimeout;
cmd.CommandType = CommandType.StoredProcedure;
cmd.Parameters.Add(CreateInputParam("@ApplicationName", SqlDbType.NVarChar, ApplicationName));
cmd.Parameters.Add(CreateInputParam("@UserName", SqlDbType.NVarChar, username));
cmd.Parameters.Add(CreateInputParam("@Password", SqlDbType.NVarChar, pass));
cmd.Parameters.Add(CreateInputParam("@PasswordSalt", SqlDbType.NVarChar, salt));
cmd.Parameters.Add(CreateInputParam("@Email", SqlDbType.NVarChar, email));
cmd.Parameters.Add(CreateInputParam("@PasswordQuestion", SqlDbType.NVarChar, passwordQuestion));
cmd.Parameters.Add(CreateInputParam("@PasswordAnswer", SqlDbType.NVarChar, encodedPasswordAnswer));
cmd.Parameters.Add(CreateInputParam("@IsApproved", SqlDbType.Bit, isApproved));
cmd.Parameters.Add(CreateInputParam("@UniqueEmail", SqlDbType.Int, RequiresUniqueEmail ? 1 : 0));
cmd.Parameters.Add(CreateInputParam("@PasswordFormat", SqlDbType.Int, (int)PasswordFormat));
cmd.Parameters.Add(CreateInputParam("@CurrentTimeUtc", SqlDbType.DateTime, dt));
SqlParameter p = CreateInputParam("@UserId", SqlDbType.UniqueIdentifier, providerUserKey);
p.Direction= ParameterDirection.InputOutput;
cmd.Parameters.Add( p );
p = new SqlParameter("@ReturnValue", SqlDbType.Int);
p.Direction = ParameterDirection.ReturnValue;
cmd.Parameters.Add(p);
cmd.ExecuteNonQuery();
int iStatus = ((p.Value!=null) ? ((int) p.Value) : -1);
if (iStatus < 0 || iStatus > (int) MembershipCreateStatus.ProviderError)
iStatus = (int) MembershipCreateStatus.ProviderError;
status = (MembershipCreateStatus) iStatus;
if (iStatus != 0) // !success
return null;
providerUserKey = new Guid( cmd.Parameters[ "@UserId" ].Value.ToString() );
dt = dt.ToLocalTime();
return new MembershipUser( this.Name,
username,
providerUserKey,
email,
passwordQuestion,
null,
isApproved,
false,
dt,
dt,
dt,
dt,
new DateTime( 1754, 1, 1 ) );
}
finally
{
if( holder != null )
{
holder.Close();
holder = null;
}
}
} catch {
throw;
}
}
//////////////////////////////////////////////////////////////////////
//////////////////////////////////////////////////////////////////////
//////////////////////////////////////////////////////////////////////
public override bool ChangePasswordQuestionAndAnswer(string username, string password, string newPasswordQuestion, string newPasswordAnswer)
{
SecUtility.CheckParameter( ref username, true, true, true, 256, "username" );
SecUtility.CheckParameter( ref password, true, true, false, 128, "password" );
string salt;
int passwordFormat;
if (!CheckPassword(username, password, false, false, out salt, out passwordFormat))
return false;
SecUtility.CheckParameter(ref newPasswordQuestion, RequiresQuestionAndAnswer, RequiresQuestionAndAnswer, false, 256, "newPasswordQuestion");
string encodedPasswordAnswer;
if( newPasswordAnswer != null )
{
newPasswordAnswer = newPasswordAnswer.Trim();
}
SecUtility.CheckParameter(ref newPasswordAnswer, RequiresQuestionAndAnswer, RequiresQuestionAndAnswer, false, 128, "newPasswordAnswer");
if (!string.IsNullOrEmpty(newPasswordAnswer)) {
encodedPasswordAnswer = EncodePassword(newPasswordAnswer.ToLower(CultureInfo.InvariantCulture), (int)passwordFormat, salt);
}
else
encodedPasswordAnswer = newPasswordAnswer;
SecUtility.CheckParameter(ref encodedPasswordAnswer, RequiresQuestionAndAnswer, RequiresQuestionAndAnswer, false, 128, "newPasswordAnswer");
try {
SqlConnectionHolder holder = null;
try {
holder = SqlConnectionHelper.GetConnection( _sqlConnectionString, true );
CheckSchemaVersion( holder.Connection );
SqlCommand cmd = new SqlCommand("dbo.aspnet_Membership_ChangePasswordQuestionAndAnswer", holder.Connection);
cmd.CommandTimeout = CommandTimeout;
cmd.CommandType = CommandType.StoredProcedure;
cmd.Parameters.Add(CreateInputParam("@ApplicationName", SqlDbType.NVarChar, ApplicationName));
cmd.Parameters.Add(CreateInputParam("@UserName", SqlDbType.NVarChar, username));
cmd.Parameters.Add(CreateInputParam("@NewPasswordQuestion", SqlDbType.NVarChar, newPasswordQuestion));
cmd.Parameters.Add(CreateInputParam("@NewPasswordAnswer", SqlDbType.NVarChar, encodedPasswordAnswer));
SqlParameter p = new SqlParameter("@ReturnValue", SqlDbType.Int);
p.Direction = ParameterDirection.ReturnValue;
cmd.Parameters.Add(p);
cmd.ExecuteNonQuery();
int status = ( ( p.Value != null ) ? ( ( int )p.Value ) : -1 );
if( status != 0 )
{
throw new ProviderException( GetExceptionText( status ) );
}
return ( status == 0 );
}
finally
{
if( holder != null )
{
holder.Close();
holder = null;
}
}
} catch {
throw;
}
}
//////////////////////////////////////////////////////////////////////
//////////////////////////////////////////////////////////////////////
//////////////////////////////////////////////////////////////////////
public override string GetPassword(string username, string passwordAnswer)
{
if ( !EnablePasswordRetrieval )
{
throw new NotSupportedException( SR.GetString( SR.Membership_PasswordRetrieval_not_supported ) );
}
SecUtility.CheckParameter( ref username, true, true, true, 256, "username" );
string encodedPasswordAnswer = GetEncodedPasswordAnswer(username, passwordAnswer);
SecUtility.CheckParameter(ref encodedPasswordAnswer, RequiresQuestionAndAnswer, RequiresQuestionAndAnswer, false, 128, "passwordAnswer");
string errText;
int passwordFormat = 0;
int status = 0;
string pass = GetPasswordFromDB(username, encodedPasswordAnswer, RequiresQuestionAndAnswer, out passwordFormat, out status);
if ( pass == null )
{
errText = GetExceptionText( status );
if ( IsStatusDueToBadPassword( status ) )
{
throw new MembershipPasswordException( errText );
}
else
{
throw new ProviderException( errText );
}
}
return UnEncodePassword( pass, passwordFormat );
}
//////////////////////////////////////////////////////////////////////
//////////////////////////////////////////////////////////////////////
//////////////////////////////////////////////////////////////////////
public override bool ChangePassword(string username, string oldPassword, string newPassword)
{
SecUtility.CheckParameter( ref username, true, true, true, 256, "username" );
SecUtility.CheckParameter( ref oldPassword, true, true, false, 128, "oldPassword" );
SecUtility.CheckParameter( ref newPassword, true, true, false, 128, "newPassword" );
string salt = null;
int passwordFormat;
int status;
if (!CheckPassword( username, oldPassword, false, false, out salt, out passwordFormat))
{
return false;
}
if( newPassword.Length < MinRequiredPasswordLength )
{
throw new ArgumentException(SR.GetString(
SR.Password_too_short,
"newPassword",
MinRequiredPasswordLength.ToString(CultureInfo.InvariantCulture)));
}
int count = 0;
for( int i = 0; i < newPassword.Length; i++ )
{
if( !char.IsLetterOrDigit( newPassword, i ) )
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -