Class MembershipProviderBase
A base membership provider class offering much of the underlying functionality for initializing and password encryption/hashing.
Inheritance
Namespace: Umbraco.Core.Security
Assembly: Umbraco.Core.dll
Syntax
public abstract class MembershipProviderBase : MembershipProviderProperties
View SourceAllowManuallyChangingPassword
Providers can override this setting, by default this is false which means that the provider will authenticate the username + password when ChangePassword is called. This property exists purely for backwards compatibility.
Declaration
public virtual bool AllowManuallyChangingPassword { get; }Property Value
| Type | Description |
|---|---|
| System.Boolean |
ApplicationName
The name of the application using the custom membership provider.
Declaration
public override string ApplicationName { get; set; }Property Value
| Type | Description |
|---|---|
| System.String |
DefaultMinNonAlphanumericChars
Providers can override this setting, default is 0
Declaration
public virtual int DefaultMinNonAlphanumericChars { get; }Property Value
| Type | Description |
|---|---|
| System.Int32 |
DefaultMinPasswordLength
Providers can override this setting, default is 10
Declaration
public virtual int DefaultMinPasswordLength { get; }Property Value
| Type | Description |
|---|---|
| System.Int32 |
DefaultUseLegacyEncoding
Providers can override this setting, default is false to use better security
Declaration
public virtual bool DefaultUseLegacyEncoding { get; }Property Value
| Type | Description |
|---|---|
| System.Boolean |
EnablePasswordReset
Indicates whether the membership provider is configured to allow users to reset their passwords.
Declaration
public override bool EnablePasswordReset { get; }Property Value
| Type | Description |
|---|---|
| System.Boolean |
EnablePasswordRetrieval
Indicates whether the membership provider is configured to allow users to retrieve their passwords.
Declaration
public override bool EnablePasswordRetrieval { get; }Property Value
| Type | Description |
|---|---|
| System.Boolean |
MaxInvalidPasswordAttempts
Gets the number of invalid password or password-answer attempts allowed before the membership user is locked out.
Declaration
public override int MaxInvalidPasswordAttempts { get; }Property Value
| Type | Description |
|---|---|
| System.Int32 |
MinRequiredNonAlphanumericCharacters
Gets the minimum number of special characters that must be present in a valid password.
Declaration
public override int MinRequiredNonAlphanumericCharacters { get; }Property Value
| Type | Description |
|---|---|
| System.Int32 |
MinRequiredPasswordLength
Gets the minimum length required for a password.
Declaration
public override int MinRequiredPasswordLength { get; }Property Value
| Type | Description |
|---|---|
| System.Int32 |
PasswordAttemptWindow
Gets the number of minutes in which a maximum number of invalid password or password-answer attempts are allowed before the membership user is locked out.
Declaration
public override int PasswordAttemptWindow { get; }Property Value
| Type | Description |
|---|---|
| System.Int32 |
PasswordFormat
Gets a value indicating the format for storing passwords in the membership data store.
Declaration
public override MembershipPasswordFormat PasswordFormat { get; }Property Value
| Type | Description |
|---|---|
| System.Web.Security.MembershipPasswordFormat |
PasswordStrengthRegularExpression
Gets the regular expression used to evaluate a password.
Declaration
public override string PasswordStrengthRegularExpression { get; }Property Value
| Type | Description |
|---|---|
| System.String |
RequiresQuestionAndAnswer
Gets a value indicating whether the membership provider is configured to require the user to answer a password question for password reset and retrieval.
Declaration
public override bool RequiresQuestionAndAnswer { get; }Property Value
| Type | Description |
|---|---|
| System.Boolean |
RequiresUniqueEmail
Gets a value indicating whether the membership provider is configured to require a unique e-mail address for each user name.
Declaration
public override bool RequiresUniqueEmail { get; }Property Value
| Type | Description |
|---|---|
| System.Boolean |
UseLegacyEncoding
Declaration
public bool UseLegacyEncoding { get; }Property Value
| Type | Description |
|---|---|
| System.Boolean |
Methods
View SourceChangePassword(String, String, String)
Processes a request to update the password for a membership user.
Declaration
public override bool ChangePassword(string username, string oldPassword, string newPassword)Parameters
| Type | Name | Description |
|---|---|---|
| System.String | username | The user to update the password for. |
| System.String | oldPassword | Required to change a user password if the user is not new and AllowManuallyChangingPassword is false |
| System.String | newPassword | The new password for the specified user. |
Returns
| Type | Description |
|---|---|
| System.Boolean | true if the password was updated successfully; otherwise, false. |
Remarks
Checks to ensure the AllowManuallyChangingPassword rule is adhered to
ChangePasswordQuestionAndAnswer(String, String, String, String)
Processes a request to update the password question and answer for a membership user.
Declaration
public override bool ChangePasswordQuestionAndAnswer(string username, string password, string newPasswordQuestion, string newPasswordAnswer)Parameters
| Type | Name | Description |
|---|---|---|
| System.String | username | The user to change the password question and answer for. |
| System.String | password | The password for the specified user. |
| System.String | newPasswordQuestion | The new password question for the specified user. |
| System.String | newPasswordAnswer | The new password answer for the specified user. |
Returns
| Type | Description |
|---|---|
| System.Boolean | true if the password question and answer are updated successfully; otherwise, false. |
Remarks
Performs the basic validation before passing off to PerformChangePasswordQuestionAndAnswer
CheckPassword(String, String)
Checks the password.
Declaration
protected bool CheckPassword(string password, string dbPassword)Parameters
| Type | Name | Description |
|---|---|---|
| System.String | password | The password. |
| System.String | dbPassword | The dbPassword. |
Returns
| Type | Description |
|---|---|
| System.Boolean |
CreateUser(String, String, String, String, String, Boolean, Object, out MembershipCreateStatus)
Adds a new membership user to the data source.
Declaration
public override MembershipUser CreateUser(string username, string password, string email, string passwordQuestion, string passwordAnswer, bool isApproved, object providerUserKey, out MembershipCreateStatus status)Parameters
| Type | Name | Description |
|---|---|---|
| System.String | username | The user name for the new user. |
| System.String | password | The password for the new user. |
| System.String | The e-mail address for the new user. |
|
| System.String | passwordQuestion | The password question for the new user. |
| System.String | passwordAnswer | The password answer for the new user |
| System.Boolean | isApproved | Whether or not the new user is approved to be validated. |
| System.Object | providerUserKey | The unique identifier from the membership data source for the user. |
| System.Web.Security.MembershipCreateStatus | status | A System.Web.Security.MembershipCreateStatus enumeration value indicating whether the user was created successfully. |
Returns
| Type | Description |
|---|---|
| System.Web.Security.MembershipUser | A System.Web.Security.MembershipUser object populated with the information for the newly created user. |
Remarks
Ensures the ValidatingPassword event is executed before executing PerformCreateUser and performs basic membership provider validation of values.
DecryptPassword(String)
Declaration
protected string DecryptPassword(string pass)Parameters
| Type | Name | Description |
|---|---|---|
| System.String | pass |
Returns
| Type | Description |
|---|---|
| System.String |
EncryptOrHashNewPassword(String, out String)
Encrypt/hash a new password with a new salt
Declaration
protected string EncryptOrHashNewPassword(string newPassword, out string salt)Parameters
| Type | Name | Description |
|---|---|---|
| System.String | newPassword | |
| System.String | salt |
Returns
| Type | Description |
|---|---|
| System.String |
EncryptOrHashPassword(String, String)
Declaration
protected string EncryptOrHashPassword(string pass, string salt)Parameters
| Type | Name | Description |
|---|---|---|
| System.String | pass | |
| System.String | salt |
Returns
| Type | Description |
|---|---|
| System.String |
FormatPasswordForStorage(String, String)
If the password format is a hashed keyed algorithm then we will pre-pend the salt used to hash the password to the hashed password itself.
Declaration
protected string FormatPasswordForStorage(string pass, string salt)Parameters
| Type | Name | Description |
|---|---|---|
| System.String | pass | |
| System.String | salt |
Returns
| Type | Description |
|---|---|
| System.String |
GenerateSalt()
Declaration
protected static string GenerateSalt()Returns
| Type | Description |
|---|---|
| System.String |
GetCurrentRequestIpAddress()
Returns the current request IP address for logging if there is one
Declaration
protected string GetCurrentRequestIpAddress()Returns
| Type | Description |
|---|---|
| System.String |
GetHashAlgorithm(String)
Declaration
protected HashAlgorithm GetHashAlgorithm(string password)Parameters
| Type | Name | Description |
|---|---|---|
| System.String | password |
Returns
| Type | Description |
|---|---|
| System.Security.Cryptography.HashAlgorithm |
GetPassword(String, String)
Gets the members password if password retrieval is enabled
Declaration
public override string GetPassword(string username, string answer)Parameters
| Type | Name | Description |
|---|---|---|
| System.String | username | |
| System.String | answer |
Returns
| Type | Description |
|---|---|
| System.String |
GetRawPassword(String)
Returns the raw password value for a given user
Declaration
protected virtual Attempt<string> GetRawPassword(string username)Parameters
| Type | Name | Description |
|---|---|---|
| System.String | username |
Returns
| Type | Description |
|---|---|
| Attempt<System.String> |
Remarks
By default this will return an invalid attempt, inheritors will need to override this to support it
HashPasswordForStorage(String)
Declaration
public string HashPasswordForStorage(string password)Parameters
| Type | Name | Description |
|---|---|---|
| System.String | password |
Returns
| Type | Description |
|---|---|
| System.String |
Initialize(String, NameValueCollection)
Initializes the provider.
Declaration
public override void Initialize(string name, NameValueCollection config)Parameters
| Type | Name | Description |
|---|---|---|
| System.String | name | The friendly name of the provider. |
| System.Collections.Specialized.NameValueCollection | config | A collection of the name/value pairs representing the provider-specific attributes specified in the configuration for this provider. |
Exceptions
| Type | Condition |
|---|---|
| System.ArgumentNullException | The name of the provider is null. |
| System.InvalidOperationException | An attempt is made to call System.Configuration.Provider.ProviderBase.Initialize(System.String, System.Collections.Specialized.NameValueCollection) on a provider after the provider has already been initialized. |
| System.ArgumentException | The name of the provider has a length of zero. |
IsPasswordValid(String, Int32, String, Int32)
Declaration
protected static Attempt<MembershipProviderBase.PasswordValidityError> IsPasswordValid(string password, int minRequiredNonAlphanumericChars, string strengthRegex, int minLength)Parameters
| Type | Name | Description |
|---|---|---|
| System.String | password | |
| System.Int32 | minRequiredNonAlphanumericChars | |
| System.String | strengthRegex | |
| System.Int32 | minLength |
Returns
| Type | Description |
|---|---|
| Attempt<MembershipProviderBase.PasswordValidityError> |
LegacyEncodePassword(String)
Encodes the password.
Declaration
protected string LegacyEncodePassword(string password)Parameters
| Type | Name | Description |
|---|---|---|
| System.String | password | The password. |
Returns
| Type | Description |
|---|---|
| System.String | The encoded password. |
LegacyUnEncodePassword(String)
Unencode password.
Declaration
protected string LegacyUnEncodePassword(string encodedPassword)Parameters
| Type | Name | Description |
|---|---|---|
| System.String | encodedPassword | The encoded password. |
Returns
| Type | Description |
|---|---|
| System.String | The unencoded password. |
OnValidatingPassword(ValidatePasswordEventArgs)
Override this method to ensure the password is valid before raising the event
Declaration
protected override void OnValidatingPassword(ValidatePasswordEventArgs e)Parameters
| Type | Name | Description |
|---|---|---|
| System.Web.Security.ValidatePasswordEventArgs | e |
PerformChangePassword(String, String, String)
Processes a request to update the password for a membership user.
Declaration
protected abstract bool PerformChangePassword(string username, string oldPassword, string newPassword)Parameters
| Type | Name | Description |
|---|---|---|
| System.String | username | The user to update the password for. |
| System.String | oldPassword | This property is ignore for this provider |
| System.String | newPassword | The new password for the specified user. |
Returns
| Type | Description |
|---|---|
| System.Boolean | true if the password was updated successfully; otherwise, false. |
PerformChangePasswordQuestionAndAnswer(String, String, String, String)
Processes a request to update the password question and answer for a membership user.
Declaration
protected abstract bool PerformChangePasswordQuestionAndAnswer(string username, string password, string newPasswordQuestion, string newPasswordAnswer)Parameters
| Type | Name | Description |
|---|---|---|
| System.String | username | The user to change the password question and answer for. |
| System.String | password | The password for the specified user. |
| System.String | newPasswordQuestion | The new password question for the specified user. |
| System.String | newPasswordAnswer | The new password answer for the specified user. |
Returns
| Type | Description |
|---|---|
| System.Boolean | true if the password question and answer are updated successfully; otherwise, false. |
PerformCreateUser(String, String, String, String, String, Boolean, Object, out MembershipCreateStatus)
Adds a new membership user to the data source.
Declaration
protected abstract MembershipUser PerformCreateUser(string username, string password, string email, string passwordQuestion, string passwordAnswer, bool isApproved, object providerUserKey, out MembershipCreateStatus status)Parameters
| Type | Name | Description |
|---|---|---|
| System.String | username | The user name for the new user. |
| System.String | password | The password for the new user. |
| System.String | The e-mail address for the new user. |
|
| System.String | passwordQuestion | The password question for the new user. |
| System.String | passwordAnswer | The password answer for the new user |
| System.Boolean | isApproved | Whether or not the new user is approved to be validated. |
| System.Object | providerUserKey | The unique identifier from the membership data source for the user. |
| System.Web.Security.MembershipCreateStatus | status | A System.Web.Security.MembershipCreateStatus enumeration value indicating whether the user was created successfully. |
Returns
| Type | Description |
|---|---|
| System.Web.Security.MembershipUser | A System.Web.Security.MembershipUser object populated with the information for the newly created user. |
PerformGetPassword(String, String)
Gets the members password if password retrieval is enabled
Declaration
protected abstract string PerformGetPassword(string username, string answer)Parameters
| Type | Name | Description |
|---|---|---|
| System.String | username | |
| System.String | answer |
Returns
| Type | Description |
|---|---|
| System.String |
PerformResetPassword(String, String, String)
Declaration
protected abstract string PerformResetPassword(string username, string answer, string generatedPassword)Parameters
| Type | Name | Description |
|---|---|---|
| System.String | username | |
| System.String | answer | |
| System.String | generatedPassword |
Returns
| Type | Description |
|---|---|
| System.String |
ResetPassword(String, String)
Declaration
public override string ResetPassword(string username, string answer)Parameters
| Type | Name | Description |
|---|---|---|
| System.String | username | |
| System.String | answer |
Returns
| Type | Description |
|---|---|
| System.String |
ToString()
Declaration
public override string ToString()Returns
| Type | Description |
|---|---|
| System.String |
ValidateNewUser(String, String, String, String, String, Boolean, Object)
Performs the validation of the information for creating a new user
Declaration
protected MembershipCreateStatus ValidateNewUser(string username, string password, string email, string passwordQuestion, string passwordAnswer, bool isApproved, object providerUserKey)Parameters
| Type | Name | Description |
|---|---|---|
| System.String | username | |
| System.String | password | |
| System.String | ||
| System.String | passwordQuestion | |
| System.String | passwordAnswer | |
| System.Boolean | isApproved | |
| System.Object | providerUserKey |
Returns
| Type | Description |
|---|---|
| System.Web.Security.MembershipCreateStatus |
VerifyPassword(String, String)
Declaration
public bool VerifyPassword(string password, string hashedPassword)Parameters
| Type | Name | Description |
|---|---|---|
| System.String | password | |
| System.String | hashedPassword |
Returns
| Type | Description |
|---|---|
| System.Boolean |