View Source

Class MembershipProviderBase

A base membership provider class offering much of the underlying functionality for initializing and password encryption/hashing.

Inheritance

System.Object

System.Configuration.Provider.ProviderBase

System.Web.Security.MembershipProvider

Namespace: Umbraco.Core.Security

Assembly: Umbraco.Core.dll

Syntax

public abstract class MembershipProviderBase : MembershipProvider

Properties

View Source

AllowManuallyChangingPassword

Providers can override this setting, by default this is false which means that the provider will authenticate the username + password when ChangePassword is called. This property exists purely for backwards compatibility.

Declaration

public virtual bool AllowManuallyChangingPassword { get; }

Property Value

Type	Description
System.Boolean

View Source

ApplicationName

The name of the application using the custom membership provider.

Declaration

public override string ApplicationName { get; set; }

Property Value

Type	Description
System.String

View Source

DefaultMinNonAlphanumericChars

Providers can override this setting, default is 0

Declaration

public virtual int DefaultMinNonAlphanumericChars { get; }

Property Value

Type	Description
System.Int32

View Source

DefaultMinPasswordLength

Providers can override this setting, default is 10

Declaration

public virtual int DefaultMinPasswordLength { get; }

Property Value

Type	Description
System.Int32

View Source

DefaultUseLegacyEncoding

Providers can override this setting, default is false to use better security

Declaration

public virtual bool DefaultUseLegacyEncoding { get; }

Property Value

Type	Description
System.Boolean

View Source

EnablePasswordReset

Indicates whether the membership provider is configured to allow users to reset their passwords.

Declaration

public override bool EnablePasswordReset { get; }

Property Value

Type	Description
System.Boolean

View Source

EnablePasswordRetrieval

Indicates whether the membership provider is configured to allow users to retrieve their passwords.

Declaration

public override bool EnablePasswordRetrieval { get; }

Property Value

Type	Description
System.Boolean

View Source

MaxInvalidPasswordAttempts

Gets the number of invalid password or password-answer attempts allowed before the membership user is locked out.

Declaration

public override int MaxInvalidPasswordAttempts { get; }

Property Value

Type	Description
System.Int32

View Source

MinRequiredNonAlphanumericCharacters

Gets the minimum number of special characters that must be present in a valid password.

Declaration

public override int MinRequiredNonAlphanumericCharacters { get; }

Property Value

Type	Description
System.Int32

View Source

MinRequiredPasswordLength

Gets the minimum length required for a password.

Declaration

public override int MinRequiredPasswordLength { get; }

Property Value

Type	Description
System.Int32

View Source

PasswordAttemptWindow

Gets the number of minutes in which a maximum number of invalid password or password-answer attempts are allowed before the membership user is locked out.

Declaration

public override int PasswordAttemptWindow { get; }

Property Value

Type	Description
System.Int32

View Source

PasswordFormat

Gets a value indicating the format for storing passwords in the membership data store.

Declaration

public override MembershipPasswordFormat PasswordFormat { get; }

Property Value

Type	Description
System.Web.Security.MembershipPasswordFormat

View Source

PasswordStrengthRegularExpression

Gets the regular expression used to evaluate a password.

Declaration

public override string PasswordStrengthRegularExpression { get; }

Property Value

Type	Description
System.String

View Source

RequiresQuestionAndAnswer

Gets a value indicating whether the membership provider is configured to require the user to answer a password question for password reset and retrieval.

Declaration

public override bool RequiresQuestionAndAnswer { get; }

Property Value

Type	Description
System.Boolean

View Source

RequiresUniqueEmail

Gets a value indicating whether the membership provider is configured to require a unique e-mail address for each user name.

Declaration

public override bool RequiresUniqueEmail { get; }

Property Value

Type	Description
System.Boolean

View Source

UseLegacyEncoding

Declaration

public bool UseLegacyEncoding { get; }

Property Value

Type	Description
System.Boolean

Methods

View Source

ChangePassword(String, String, String)

Processes a request to update the password for a membership user.

Declaration

public override bool ChangePassword(string username, string oldPassword, string newPassword)

Parameters

Type	Name	Description
System.String	username	The user to update the password for.
System.String	oldPassword	Required to change a user password if the user is not new and AllowManuallyChangingPassword is false
System.String	newPassword	The new password for the specified user.

Returns

Type	Description
System.Boolean	true if the password was updated successfully; otherwise, false.

Remarks

Checks to ensure the AllowManuallyChangingPassword rule is adhered to

View Source

ChangePasswordQuestionAndAnswer(String, String, String, String)

Processes a request to update the password question and answer for a membership user.

Declaration

public override bool ChangePasswordQuestionAndAnswer(string username, string password, string newPasswordQuestion, string newPasswordAnswer)

Parameters

Type	Name	Description
System.String	username	The user to change the password question and answer for.
System.String	password	The password for the specified user.
System.String	newPasswordQuestion	The new password question for the specified user.
System.String	newPasswordAnswer	The new password answer for the specified user.

Returns

Type	Description
System.Boolean	true if the password question and answer are updated successfully; otherwise, false.

Remarks

Performs the basic validation before passing off to PerformChangePasswordQuestionAndAnswer

View Source

CheckPassword(String, String)

Checks the password.

Declaration

protected bool CheckPassword(string password, string dbPassword)

Parameters

Type	Name	Description
System.String	password	The password.
System.String	dbPassword	The dbPassword.

Returns

Type	Description
System.Boolean

View Source

CreateUser(String, String, String, String, String, Boolean, Object, out MembershipCreateStatus)

Adds a new membership user to the data source.

Declaration

public override MembershipUser CreateUser(string username, string password, string email, string passwordQuestion, string passwordAnswer, bool isApproved, object providerUserKey, out MembershipCreateStatus status)

Parameters

Type	Name	Description
System.String	username	The user name for the new user.
System.String	password	The password for the new user.
System.String	email	The e-mail address for the new user.
System.String	passwordQuestion	The password question for the new user.
System.String	passwordAnswer	The password answer for the new user
System.Boolean	isApproved	Whether or not the new user is approved to be validated.
System.Object	providerUserKey	The unique identifier from the membership data source for the user.
System.Web.Security.MembershipCreateStatus	status	A System.Web.Security.MembershipCreateStatus enumeration value indicating whether the user was created successfully.

Returns

Type	Description
System.Web.Security.MembershipUser	A System.Web.Security.MembershipUser object populated with the information for the newly created user.

Remarks

Ensures the ValidatingPassword event is executed before executing PerformCreateUser and performs basic membership provider validation of values.

View Source

DecryptPassword(String)

Declaration

protected string DecryptPassword(string pass)

Parameters

Type	Name	Description
System.String	pass

Returns

Type	Description
System.String

View Source

EncryptOrHashNewPassword(String, out String)

Encrypt/hash a new password with a new salt

Declaration

protected string EncryptOrHashNewPassword(string newPassword, out string salt)

Parameters

Type	Name	Description
System.String	newPassword
System.String	salt

Returns

Type	Description
System.String

View Source

EncryptOrHashPassword(String, String)

Declaration

protected string EncryptOrHashPassword(string pass, string salt)

Parameters

Type	Name	Description
System.String	pass
System.String	salt

Returns

Type	Description
System.String

View Source

FormatPasswordForStorage(String, String)

If the password format is a hashed keyed algorithm then we will pre-pend the salt used to hash the password to the hashed password itself.

Declaration

protected string FormatPasswordForStorage(string pass, string salt)

Parameters

Type	Name	Description
System.String	pass
System.String	salt

Returns

Type	Description
System.String

View Source

GenerateSalt()

Declaration

protected static string GenerateSalt()

Returns

Type	Description
System.String

View Source

GetCurrentRequestIpAddress()

Returns the current request IP address for logging if there is one

Declaration

protected string GetCurrentRequestIpAddress()

Returns

Type	Description
System.String

View Source

GetHashAlgorithm(String)

Declaration

protected HashAlgorithm GetHashAlgorithm(string password)

Parameters

Type	Name	Description
System.String	password

Returns

Type	Description
System.Security.Cryptography.HashAlgorithm

View Source

GetPassword(String, String)

Gets the members password if password retrieval is enabled

Declaration

public override string GetPassword(string username, string answer)

Parameters

Type	Name	Description
System.String	username
System.String	answer

Returns

Type	Description
System.String

View Source

GetRawPassword(String)

Returns the raw password value for a given user

Declaration

protected virtual Attempt<string> GetRawPassword(string username)

Parameters

Type	Name	Description
System.String	username

Returns

Type	Description
Attempt<System.String>

Remarks

By default this will return an invalid attempt, inheritors will need to override this to support it

View Source

HashPasswordForStorage(String)

Declaration

public string HashPasswordForStorage(string password)

Parameters

Type	Name	Description
System.String	password

Returns

Type	Description
System.String

View Source

Initialize(String, NameValueCollection)

Initializes the provider.

Declaration

public override void Initialize(string name, NameValueCollection config)

Parameters

Type	Name	Description
System.String	name	The friendly name of the provider.
System.Collections.Specialized.NameValueCollection	config	A collection of the name/value pairs representing the provider-specific attributes specified in the configuration for this provider.

Exceptions

Type	Condition
System.ArgumentNullException	The name of the provider is null.
System.InvalidOperationException	An attempt is made to call System.Configuration.Provider.ProviderBase.Initialize(System.String, System.Collections.Specialized.NameValueCollection) on a provider after the provider has already been initialized.
System.ArgumentException	The name of the provider has a length of zero.

View Source

IsPasswordValid(String, Int32, String, Int32)

Declaration

protected static Attempt<MembershipProviderBase.PasswordValidityError> IsPasswordValid(string password, int minRequiredNonAlphanumericChars, string strengthRegex, int minLength)

Parameters

Type	Name	Description
System.String	password
System.Int32	minRequiredNonAlphanumericChars
System.String	strengthRegex
System.Int32	minLength

Returns

Type	Description
Attempt<MembershipProviderBase.PasswordValidityError>

View Source

LegacyEncodePassword(String)

Encodes the password.

Declaration

protected string LegacyEncodePassword(string password)

Parameters

Type	Name	Description
System.String	password	The password.

Returns

Type	Description
System.String	The encoded password.

View Source

LegacyUnEncodePassword(String)

Unencode password.

Declaration

protected string LegacyUnEncodePassword(string encodedPassword)

Parameters

Type	Name	Description
System.String	encodedPassword	The encoded password.

Returns

Type	Description
System.String	The unencoded password.

View Source

OnValidatingPassword(ValidatePasswordEventArgs)

Override this method to ensure the password is valid before raising the event

Declaration

protected override void OnValidatingPassword(ValidatePasswordEventArgs e)

Parameters

Type	Name	Description
System.Web.Security.ValidatePasswordEventArgs	e

View Source

PerformChangePassword(String, String, String)

Processes a request to update the password for a membership user.

Declaration

protected abstract bool PerformChangePassword(string username, string oldPassword, string newPassword)

Parameters

Type	Name	Description
System.String	username	The user to update the password for.
System.String	oldPassword	This property is ignore for this provider
System.String	newPassword	The new password for the specified user.

Returns

Type	Description
System.Boolean	true if the password was updated successfully; otherwise, false.

View Source

PerformChangePasswordQuestionAndAnswer(String, String, String, String)

Processes a request to update the password question and answer for a membership user.

Declaration

protected abstract bool PerformChangePasswordQuestionAndAnswer(string username, string password, string newPasswordQuestion, string newPasswordAnswer)

Parameters

Type	Name	Description
System.String	username	The user to change the password question and answer for.
System.String	password	The password for the specified user.
System.String	newPasswordQuestion	The new password question for the specified user.
System.String	newPasswordAnswer	The new password answer for the specified user.

Returns

Type	Description
System.Boolean	true if the password question and answer are updated successfully; otherwise, false.

View Source

PerformCreateUser(String, String, String, String, String, Boolean, Object, out MembershipCreateStatus)

Adds a new membership user to the data source.

Declaration

protected abstract MembershipUser PerformCreateUser(string username, string password, string email, string passwordQuestion, string passwordAnswer, bool isApproved, object providerUserKey, out MembershipCreateStatus status)

Parameters

Type	Name	Description
System.String	username	The user name for the new user.
System.String	password	The password for the new user.
System.String	email	The e-mail address for the new user.
System.String	passwordQuestion	The password question for the new user.
System.String	passwordAnswer	The password answer for the new user
System.Boolean	isApproved	Whether or not the new user is approved to be validated.
System.Object	providerUserKey	The unique identifier from the membership data source for the user.
System.Web.Security.MembershipCreateStatus	status	A System.Web.Security.MembershipCreateStatus enumeration value indicating whether the user was created successfully.

Returns

Type	Description
System.Web.Security.MembershipUser	A System.Web.Security.MembershipUser object populated with the information for the newly created user.

View Source

PerformGetPassword(String, String)

Gets the members password if password retrieval is enabled

Declaration

protected abstract string PerformGetPassword(string username, string answer)

Parameters

Type	Name	Description
System.String	username
System.String	answer

Returns

Type	Description
System.String

View Source

PerformResetPassword(String, String, String)

Declaration

protected abstract string PerformResetPassword(string username, string answer, string generatedPassword)

Parameters

Type	Name	Description
System.String	username
System.String	answer
System.String	generatedPassword

Returns

Type	Description
System.String

View Source

ResetPassword(String, String)

Declaration

public override string ResetPassword(string username, string answer)

Parameters

Type	Name	Description
System.String	username
System.String	answer

Returns

Type	Description
System.String

View Source

ToString()

Declaration

public override string ToString()

Returns

Type	Description
System.String

View Source

ValidateNewUser(String, String, String, String, String, Boolean, Object)

Performs the validation of the information for creating a new user

Declaration

protected MembershipCreateStatus ValidateNewUser(string username, string password, string email, string passwordQuestion, string passwordAnswer, bool isApproved, object providerUserKey)

Parameters

Type	Name	Description
System.String	username
System.String	password
System.String	email
System.String	passwordQuestion
System.String	passwordAnswer
System.Boolean	isApproved
System.Object	providerUserKey

Returns

Type	Description
System.Web.Security.MembershipCreateStatus

View Source

VerifyPassword(String, String)

Declaration

public bool VerifyPassword(string password, string hashedPassword)

Parameters

Type	Name	Description
System.String	password
System.String	hashedPassword

Returns

Type	Description
System.Boolean