自定义成员资格提供程序(MemberShip Provider)实现与角色提供程序(Role Provider)实现示例

最新推荐文章于 2016-07-01 17:56:00 发布

纪俊

最新推荐文章于 2016-07-01 17:56:00 发布

阅读量5.3k

点赞数

分类专栏：开发技术文章标签： string null email action vb.net object

开发技术专栏收录该内容

39 篇文章 0 订阅

订阅专栏

本文内容转自 MSDN，Junelf 将两篇文章合并为一篇并稍作总结。

ASP.NET 成员资格旨在使您可以轻松地将多个不同的成员资格提供程序与多个不同的角色提供程序用于您的 ASP.NET 应用程序。您可以使用 .NET Framework 中包含的成员资格提供程序，也可以实现自己的提供程序。

在实现自定义成员资格提供程序时，需要继承 MembershipProvider 抽象类；实现自定义角色提供程序时，需要继承 RoleProvider 抽象类。

主要有两个原因需要创建自定义成员资格提供程序与自定义角色提供程序：

需要将成员资格与角色信息存储在一个 .NET Framework 中附带的成员资格提供程序所不支持的数据源中，如 FoxPro 数据库、Oracle 数据库或其他数据源。
需要使用不同于 .NET Framework 附带的提供程序所使用的数据库架构来管理成员资格与角色信息。此类的一个常见的示例是已存在于公司或网站的 SQL Server 数据库中的成员资格数据。

成员资格提供程序实现(C#)：

如果您使用的是 VB.net 请看原文：http://msdn2.microsoft.com/zh-cn/library/6tc47t75(vs.80).aspx

using System.Web.Security;

using System.Configuration.Provider;

using System.Collections.Specialized;

using System;

using System.Data;

using System.Data.Odbc;

using System.Configuration;

using System.Diagnostics;

using System.Web;

using System.Globalization;

using System.Security.Cryptography;

using System.Text;

using System.Web.Configuration;

This provider works with the following schema for the table of user data.

CREATE TABLE Users

(

PKID Guid NOT NULL PRIMARY KEY,

Username Text (255) NOT NULL,

ApplicationName Text (255) NOT NULL,

Email Text (128) NOT NULL,

Comment Text (255),

Password Text (128) NOT NULL,

PasswordQuestion Text (255),

PasswordAnswer Text (255),

IsApproved YesNo,

LastActivityDate DateTime,

LastLoginDate DateTime,

LastPasswordChangedDate DateTime,

CreationDate DateTime,

IsOnLine YesNo,

IsLockedOut YesNo,

LastLockedOutDate DateTime,

FailedPasswordAttemptCount Integer,

FailedPasswordAttemptWindowStart DateTime,

FailedPasswordAnswerAttemptCount Integer,

FailedPasswordAnswerAttemptWindowStart DateTime

)

namespace Samples.AspNet.Membership

{

public sealed class OdbcMembershipProvider: MembershipProvider

{

// Global connection string, generated password length, generic exception message, event log info.

private int newPasswordLength = 8;

private string eventSource = "OdbcMembershipProvider";

private string eventLog = "Application";

private string exceptionMessage = "An exception occurred. Please check the Event Log.";

private string tableName = "Users";

private string connectionString;

// Used when determining encryption key values.

private MachineKeySection machineKey;

// If false, exceptions are thrown to the caller. If true,

// exceptions are written to the event log.

private bool pWriteExceptionsToEventLog;

public bool WriteExceptionsToEventLog

{

get { return pWriteExceptionsToEventLog; }

set { pWriteExceptionsToEventLog = value; }

}

// System.Configuration.Provider.ProviderBase.Initialize Method

public override void Initialize(string name, NameValueCollection config)

{

// Initialize values from web.config.

if (config == null)

throw new ArgumentNullException("config");

if (name == null || name.Length == 0)

name = "OdbcMembershipProvider";

if (String.IsNullOrEmpty(config["description"]))

{

config.Remove("description");

config.Add("description", "Sample ODBC Membership provider");

}

// Initialize the abstract base class.

base.Initialize(name, config);

pApplicationName = GetConfigValue(config["applicationName"],

System.Web.Hosting.HostingEnvironment.ApplicationVirtualPath);

pMaxInvalidPasswordAttempts = Convert.ToInt32(GetConfigValue(config["maxInvalidPasswordAttempts"], "5"));

pPasswordAttemptWindow = Convert.ToInt32(GetConfigValue(config["passwordAttemptWindow"], "10"));

pMinRequiredNonAlphanumericCharacters = Convert.ToInt32(GetConfigValue(config["minRequiredNonAlphanumericCharacters"], "1"));

pMinRequiredPasswordLength = Convert.ToInt32(GetConfigValue(config["minRequiredPasswordLength"], "7"));

pPasswordStrengthRegularExpression = Convert.ToString(GetConfigValue(config["passwordStrengthRegularExpression"], ""));

pEnablePasswordReset = Convert.ToBoolean(GetConfigValue(config["enablePasswordReset"], "true"));

pEnablePasswordRetrieval = Convert.ToBoolean(GetConfigValue(config["enablePasswordRetrieval"], "true"));

pRequiresQuestionAndAnswer = Convert.ToBoolean(GetConfigValue(config["requiresQuestionAndAnswer"], "false"));

pRequiresUniqueEmail = Convert.ToBoolean(GetConfigValue(config["requiresUniqueEmail"], "true"));

pWriteExceptionsToEventLog = Convert.ToBoolean(GetConfigValue(config["writeExceptionsToEventLog"], "true"));

string temp_format = config["passwordFormat"];

if (temp_format == null)

{

temp_format = "Hashed";

}

switch (temp_format)

{

case "Hashed":

pPasswordFormat = MembershipPasswordFormat.Hashed;

break;

case "Encrypted":

pPasswordFormat = MembershipPasswordFormat.Encrypted;

break;

case "Clear":

pPasswordFormat = MembershipPasswordFormat.Clear;

break;

default:

throw new ProviderException("Password format not supported.");

}

// Initialize OdbcConnection.

ConnectionStringSettings ConnectionStringSettings =

ConfigurationManager.ConnectionStrings[config["connectionStringName"]];

if (ConnectionStringSettings == null || ConnectionStringSettings.ConnectionString.Trim() == "")

{

throw new ProviderException("Connection string cannot be blank.");

}

connectionString = ConnectionStringSettings.ConnectionString;

// Get encryption and decryption key information from the configuration.

Configuration cfg =

WebConfigurationManager.OpenWebConfiguration(System.Web.Hosting.HostingEnvironment.ApplicationVirtualPath);

machineKey = (MachineKeySection)cfg.GetSection("system.web/machineKey");

if (machineKey.ValidationKey.Contains("AutoGenerate"))

if (PasswordFormat != MembershipPasswordFormat.Clear)

throw new ProviderException("Hashed or Encrypted passwords " +

"are not supported with auto-generated keys.");

}

// A helper function to retrieve config values from the configuration file.

private string GetConfigValue(string configValue, string defaultValue)

{

if (String.IsNullOrEmpty(configValue))

return defaultValue;

return configValue;

}

// System.Web.Security.MembershipProvider properties.

private string pApplicationName;

private bool pEnablePasswordReset;

private bool pEnablePasswordRetrieval;

private bool pRequiresQuestionAndAnswer;

private bool pRequiresUniqueEmail;

private int pMaxInvalidPasswordAttempts;

private int pPasswordAttemptWindow;

private MembershipPasswordFormat pPasswordFormat;

public override string ApplicationName

{

get { return pApplicationName; }

set { pApplicationName = value; }

}

public override bool EnablePasswordReset

{

get { return pEnablePasswordReset; }

}

public override bool EnablePasswordRetrieval

{

get { return pEnablePasswordRetrieval; }

}

public override bool RequiresQuestionAndAnswer

{

get { return pRequiresQuestionAndAnswer; }

}

public override bool RequiresUniqueEmail

{

get { return pRequiresUniqueEmail; }

}

public override int MaxInvalidPasswordAttempts

{

get { return pMaxInvalidPasswordAttempts; }

}

public override int PasswordAttemptWindow

{

get { return pPasswordAttemptWindow; }

}

public override MembershipPasswordFormat PasswordFormat

{

get { return pPasswordFormat; }

}

private int pMinRequiredNonAlphanumericCharacters;

public override int MinRequiredNonAlphanumericCharacters

{

get { return pMinRequiredNonAlphanumericCharacters; }

}

private int pMinRequiredPasswordLength;

public override int MinRequiredPasswordLength

{

get { return pMinRequiredPasswordLength; }

}

private string pPasswordStrengthRegularExpression;

public override string PasswordStrengthRegularExpression

{

get { return pPasswordStrengthRegularExpression; }

}

// System.Web.Security.MembershipProvider methods.

// MembershipProvider.ChangePassword

public override bool ChangePassword(string username, string oldPwd, string newPwd)

{

if (!ValidateUser(username, oldPwd))

return false;

ValidatePasswordEventArgs args =

new ValidatePasswordEventArgs(username, newPwd, true);

OnValidatingPassword(args);

if (args.Cancel)

if (args.FailureInformation != null)

throw args.FailureInformation;

else

throw new MembershipPasswordException("Change password canceled due to new password validation failure.");

OdbcConnection conn = new OdbcConnection(connectionString);

OdbcCommand cmd = new OdbcCommand("UPDATE [" + tableName + "]" +

" SET Password = ?, LastPasswordChangedDate = ? " +

" WHERE Username = ? AND ApplicationName = ?", conn);

cmd.Parameters.Add("@Password", OdbcType.VarChar, 255).Value = EncodePassword(newPwd);

cmd.Parameters.Add("@LastPasswordChangedDate", OdbcType.DateTime).Value = DateTime.Now;

cmd.Parameters.Add("@Username", OdbcType.VarChar, 255).Value = username;

cmd.Parameters.Add("@ApplicationName", OdbcType.VarChar, 255).Value = pApplicationName;

int rowsAffected = 0;

try

{

conn.Open();

rowsAffected = cmd.ExecuteNonQuery();

}

catch (OdbcException e)

{

if (WriteExceptionsToEventLog)

{

WriteToEventLog(e, "ChangePassword");

throw new ProviderException(exceptionMessage);

}

else

{

throw e;

}

finally

{

conn.Close();

}

if (rowsAffected > 0)

{

return true;

}

return false;

}

// MembershipProvider.ChangePasswordQuestionAndAnswer

public override bool ChangePasswordQuestionAndAnswer(string username,

string password,

string newPwdQuestion,

string newPwdAnswer)

{

if (!ValidateUser(username, password))

return false;

OdbcConnection conn = new OdbcConnection(connectionString);

OdbcCommand cmd = new OdbcCommand("UPDATE [" + tableName + "]" +

" SET PasswordQuestion = ?, PasswordAnswer = ?" +

" WHERE Username = ? AND ApplicationName = ?", conn);

cmd.Parameters.Add("@Question", OdbcType.VarChar, 255).Value = newPwdQuestion;

cmd.Parameters.Add("@Answer", OdbcType.VarChar, 255).Value = EncodePassword(newPwdAnswer);

cmd.Parameters.Add("@Username", OdbcType.VarChar, 255).Value = username;

cmd.Parameters.Add("@ApplicationName", OdbcType.VarChar, 255).Value = pApplicationName;

int rowsAffected = 0;

try

{

conn.Open();

rowsAffected = cmd.ExecuteNonQuery();

}

catch (OdbcException e)

{

if (WriteExceptionsToEventLog)

{

WriteToEventLog(e, "ChangePasswordQuestionAndAnswer");

throw new ProviderException(exceptionMessage);

}

else

{

throw e;

}

finally

{

conn.Close();

}

if (rowsAffected > 0)

{

return true;

}

return false;

}

// MembershipProvider.CreateUser

public override MembershipUser CreateUser(string username,

string password,

string email,

string passwordQuestion,

string passwordAnswer,

bool isApproved,

object providerUserKey,

out MembershipCreateStatus status)

{

ValidatePasswordEventArgs args =

new ValidatePasswordEventArgs(username, password, true);

OnValidatingPassword(args);

if (args.Cancel)

{

status = MembershipCreateStatus.InvalidPassword;

return null;

}

if (RequiresUniqueEmail && GetUserNameByEmail(email) != "")

{

status = MembershipCreateStatus.DuplicateEmail;

return null;

}

MembershipUser u = GetUser(username, false);

if (u == null)

{

DateTime createDate = DateTime.Now;

if (providerUserKey == null)

{

providerUserKey = Guid.NewGuid();

}

else

{

if ( !(providerUserKey is Guid) )

{

status = MembershipCreateStatus.InvalidProviderUserKey;

return null;

}

OdbcConnection conn = new OdbcConnection(connectionString);

OdbcCommand cmd = new OdbcCommand("INSERT INTO [" + tableName + "]" +

" (PKID, Username, Password, Email, PasswordQuestion, " +

" PasswordAnswer, IsApproved," +

" Comment, CreationDate, LastPasswordChangedDate, LastActivityDate," +

" ApplicationName, IsLockedOut, LastLockedOutDate," +

" FailedPasswordAttemptCount, FailedPasswordAttemptWindowStart, " +

" FailedPasswordAnswerAttemptCount, FailedPasswordAnswerAttemptWindowStart)" +

" Values(?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)", conn);

cmd.Parameters.Add("@PKID", OdbcType.UniqueIdentifier).Value = providerUserKey;

cmd.Parameters.Add("@Username", OdbcType.VarChar, 255).Value = username;

cmd.Parameters.Add("@Password", OdbcType.VarChar, 255).Value = EncodePassword(password);

cmd.Parameters.Add("@Email", OdbcType.VarChar, 128).Value = email;

cmd.Parameters.Add("@PasswordQuestion", OdbcType.VarChar, 255).Value = passwordQuestion;

cmd.Parameters.Add("@PasswordAnswer", OdbcType.VarChar, 255).Value = EncodePassword(passwordAnswer);

cmd.Parameters.Add("@IsApproved", OdbcType.Bit).Value = isApproved;

cmd.Parameters.Add("@Comment", OdbcType.VarChar, 255).Value = "";

cmd.Parameters.Add("@CreationDate", OdbcType.DateTime).Value = createDate;

cmd.Parameters.Add("@LastPasswordChangedDate", OdbcType.DateTime).Value = createDate;

cmd.Parameters.Add("@LastActivityDate", OdbcType.DateTime).Value = createDate;

cmd.Parameters.Add("@ApplicationName", OdbcType.VarChar, 255).Value = pApplicationName;

cmd.Parameters.Add("@IsLockedOut", OdbcType.Bit).Value = false;

cmd.Parameters.Add("@LastLockedOutDate", OdbcType.DateTime).Value = createDate;

cmd.Parameters.Add("@FailedPasswordAttemptCount", OdbcType.Int).Value = 0;

cmd.Parameters.Add("@FailedPasswordAttemptWindowStart", OdbcType.DateTime).Value = createDate;

cmd.Parameters.Add("@FailedPasswordAnswerAttemptCount", OdbcType.Int).Value = 0;

cmd.Parameters.Add("@FailedPasswordAnswerAttemptWindowStart", OdbcType.DateTime).Value = createDate;

try

{

conn.Open();

int recAdded = cmd.ExecuteNonQuery();

if (recAdded > 0)

{

status = MembershipCreateStatus.Success;

}

else

{

status = MembershipCreateStatus.UserRejected;

}

catch (OdbcException e)

{

if (WriteExceptionsToEventLog)

{

WriteToEventLog(e, "CreateUser");

}

status = MembershipCreateStatus.ProviderError;

}

finally

{

conn.Close();

}

return GetUser(username, false);

}

else

{

status = MembershipCreateStatus.DuplicateUserName;

}

return null;

}

// MembershipProvider.DeleteUser

public override bool DeleteUser(string username, bool deleteAllRelatedData)

{

OdbcConnection conn = new OdbcConnection(connectionString);

OdbcCommand cmd = new OdbcCommand("DELETE FROM [" + tableName + "]" +

" WHERE Username = ? AND Applicationname = ?", conn);

cmd.Parameters.Add("@Username", OdbcType.VarChar, 255).Value = username;

cmd.Parameters.Add("@ApplicationName", OdbcType.VarChar, 255).Value = pApplicationName;

int rowsAffected = 0;

try

{

conn.Open();

rowsAffected = cmd.ExecuteNonQuery();

if (deleteAllRelatedData)

{

// Process commands to delete all data for the user in the database.

}

catch (OdbcException e)

{

if (WriteExceptionsToEventLog)

{

WriteToEventLog(e, "DeleteUser");

throw new ProviderException(exceptionMessage);

}

else

{

throw e;

}

finally

{

conn.Close();

}

if (rowsAffected > 0)

return true;

return false;

}

// MembershipProvider.GetAllUsers

public override MembershipUserCollection GetAllUsers(int pageIndex, int pageSize, out int totalRecords)

{

OdbcConnection conn = new OdbcConnection(connectionString);

OdbcCommand cmd = new OdbcCommand("SELECT Count(*) FROM [" + tableName + "] " +

"WHERE ApplicationName = ?", conn);

cmd.Parameters.Add("@ApplicationName", OdbcType.VarChar, 255).Value = ApplicationName;

MembershipUserCollection users = new MembershipUserCollection();

OdbcDataReader reader = null;

totalRecords = 0;

try

{

conn.Open();

totalRecords = (int)cmd.ExecuteScalar();

if (totalRecords <= 0) { return users; }

cmd.CommandText = "SELECT PKID, Username, Email, PasswordQuestion," +

" Comment, IsApproved, IsLockedOut, CreationDate, LastLoginDate," +

" LastActivityDate, LastPasswordChangedDate, LastLockedOutDate " +

" FROM [" + tableName + "] " +

" WHERE ApplicationName = ? " +

" ORDER BY Username Asc";

reader = cmd.ExecuteReader();

int counter = 0;

int startIndex = pageSize * pageIndex;

int endIndex = startIndex + pageSize - 1;

while (reader.Read())

{

if (counter >= startIndex)

{

MembershipUser u = GetUserFromReader(reader);

users.Add(u);

}

if (counter >= endIndex) { cmd.Cancel(); }

counter++;

}

catch (OdbcException e)

{

if (WriteExceptionsToEventLog)

{

WriteToEventLog(e, "GetAllUsers");

throw new ProviderException(exceptionMessage);

}

else

{

throw e;

}

finally

{

if (reader != null) { reader.Close(); }

conn.Close();

}

return users;

}

// MembershipProvider.GetNumberOfUsersOnline

public override int GetNumberOfUsersOnline()

{

TimeSpan onlineSpan = new TimeSpan(0, System.Web.Security.Membership.UserIsOnlineTimeWindow, 0);

DateTime compareTime = DateTime.Now.Subtract(onlineSpan);

OdbcConnection conn = new OdbcConnection(connectionString);

OdbcCommand cmd = new OdbcCommand("SELECT Count(*) FROM [" + tableName + "]" +

" WHERE LastActivityDate > ? AND ApplicationName = ?", conn);

cmd.Parameters.Add("@CompareDate", OdbcType.DateTime).Value = compareTime;

cmd.Parameters.Add("@ApplicationName", OdbcType.VarChar, 255).Value = pApplicationName;

int numOnline = 0;

try

{

conn.Open();

numOnline = (int)cmd.ExecuteScalar();

}

catch (OdbcException e)

{

if (WriteExceptionsToEventLog)

{

WriteToEventLog(e, "GetNumberOfUsersOnline");

throw new ProviderException(exceptionMessage);

}

else

{

throw e;

}

finally

{

conn.Close();

}

return numOnline;

}

// MembershipProvider.GetPassword

public override string GetPassword(string username, string answer)

{

if (!EnablePasswordRetrieval)

{

throw new ProviderException("Password Retrieval Not Enabled.");

}

if (PasswordFormat == MembershipPasswordFormat.Hashed)

{

throw new ProviderException("Cannot retrieve Hashed passwords.");

}

OdbcConnection conn = new OdbcConnection(connectionString);

OdbcCommand cmd = new OdbcCommand("SELECT Password, PasswordAnswer, IsLockedOut FROM [" + tableName + "]" +

" WHERE Username = ? AND ApplicationName = ?", conn);

cmd.Parameters.Add("@Username", OdbcType.VarChar, 255).Value = username;

cmd.Parameters.Add("@ApplicationName", OdbcType.VarChar, 255).Value = pApplicationName;

string password = "";

string passwordAnswer = "";

OdbcDataReader reader = null;

try

{

conn.Open();

reader = cmd.ExecuteReader(CommandBehavior.SingleRow);

if (reader.HasRows)

{

reader.Read();

if (reader.GetBoolean(2))

throw new MembershipPasswordException("The supplied user is locked out.");

password = reader.GetString(0);

passwordAnswer = reader.GetString(1);

}

else

{

throw new MembershipPasswordException("The supplied user name is not found.");

}

catch (OdbcException e)

{

if (WriteExceptionsToEventLog)

{

WriteToEventLog(e, "GetPassword");

throw new ProviderException(exceptionMessage);

}

else

{

throw e;

}

finally

{

if (reader != null) { reader.Close(); }

conn.Close();

}

if (RequiresQuestionAndAnswer && !CheckPassword(answer, passwordAnswer))

{

UpdateFailureCount(username, "passwordAnswer");

throw new MembershipPasswordException("Incorrect password answer.");

}

if (PasswordFormat == MembershipPasswordFormat.Encrypted)

{

password = UnEncodePassword(password);

}

return password;

}

// MembershipProvider.GetUser(string, bool)

public override MembershipUser GetUser(string username, bool userIsOnline)

{

OdbcConnection conn = new OdbcConnection(connectionString);

OdbcCommand cmd = new OdbcCommand("SELECT PKID, Username, Email, PasswordQuestion," +

" Comment, IsApproved, IsLockedOut, CreationDate, LastLoginDate," +

" LastActivityDate, LastPasswordChangedDate, LastLockedOutDate" +

" FROM [" + tableName + "] WHERE Username = ? AND ApplicationName = ?", conn);

cmd.Parameters.Add("@Username", OdbcType.VarChar, 255).Value = username;

cmd.Parameters.Add("@ApplicationName", OdbcType.VarChar, 255).Value = pApplicationName;

MembershipUser u = null;

OdbcDataReader reader = null;

try

{

conn.Open();

reader = cmd.ExecuteReader();

if (reader.HasRows)

{

reader.Read();

u = GetUserFromReader(reader);

if (userIsOnline)

{

OdbcCommand updateCmd = new OdbcCommand("UPDATE [" + tableName + "] " +

"SET LastActivityDate = ? " +

"WHERE Username = ? AND Applicationname = ?", conn);

updateCmd.Parameters.Add("@LastActivityDate", OdbcType.DateTime).Value = DateTime.Now;

updateCmd.Parameters.Add("@Username", OdbcType.VarChar, 255).Value = username;

updateCmd.Parameters.Add("@ApplicationName", OdbcType.VarChar, 255).Value = pApplicationName;

updateCmd.ExecuteNonQuery();

}

catch (OdbcException e)

{

if (WriteExceptionsToEventLog)

{

WriteToEventLog(e, "GetUser(String, Boolean)");

throw new ProviderException(exceptionMessage);

}

else

{

throw e;

}

finally

{

if (reader != null) { reader.Close(); }

conn.Close();

}

return u;

}

// MembershipProvider.GetUser(object, bool)

public override MembershipUser GetUser(object providerUserKey, bool userIsOnline)

{

OdbcConnection conn = new OdbcConnection(connectionString);

OdbcCommand cmd = new OdbcCommand("SELECT PKID, Username, Email, PasswordQuestion," +

" Comment, IsApproved, IsLockedOut, CreationDate, LastLoginDate," +

" LastActivityDate, LastPasswordChangedDate, LastLockedOutDate" +

" FROM [" + tableName + "] WHERE PKID = ?", conn);

cmd.Parameters.Add("@PKID", OdbcType.UniqueIdentifier).Value = providerUserKey;

MembershipUser u = null;

OdbcDataReader reader = null;

try

{

conn.Open();

reader = cmd.ExecuteReader();

if (reader.HasRows)

{

reader.Read();

u = GetUserFromReader(reader);

if (userIsOnline)

{

OdbcCommand updateCmd = new OdbcCommand("UPDATE [" + tableName + "] " +

"SET LastActivityDate = ? " +

"WHERE PKID = ?", conn);

updateCmd.Parameters.Add("@LastActivityDate", OdbcType.DateTime).Value = DateTime.Now;

updateCmd.Parameters.Add("@PKID", OdbcType.UniqueIdentifier).Value = providerUserKey;

updateCmd.ExecuteNonQuery();

}

catch (OdbcException e)

{

if (WriteExceptionsToEventLog)

{

WriteToEventLog(e, "GetUser(Object, Boolean)");

throw new ProviderException(exceptionMessage);

}

else

{

throw e;

}

finally

{

if (reader != null) { reader.Close(); }

conn.Close();

}

return u;

}

// GetUserFromReader

// A helper function that takes the current row from the OdbcDataReader

// and hydrates a MembershiUser from the values. Called by the

// MembershipUser.GetUser implementation.

private MembershipUser GetUserFromReader(OdbcDataReader reader)

{

object providerUserKey = reader.GetValue(0);

string username = reader.GetString(1);

string email = reader.GetString(2);

string passwordQuestion = "";

if (reader.GetValue(3) != DBNull.Value)

passwordQuestion = reader.GetString(3);

string comment = "";

if (reader.GetValue(4) != DBNull.Value)

comment = reader.GetString(4);

bool isApproved = reader.GetBoolean(5);

bool isLockedOut = reader.GetBoolean(6);

DateTime creationDate = reader.GetDateTime(7);

DateTime lastLoginDate = new DateTime();

if (reader.GetValue(8) != DBNull.Value)

lastLoginDate = reader.GetDateTime(8);

DateTime lastActivityDate = reader.GetDateTime(9);

DateTime lastPasswordChangedDate = reader.GetDateTime(10);

DateTime lastLockedOutDate = new DateTime();

if (reader.GetValue(11) != DBNull.Value)

lastLockedOutDate = reader.GetDateTime(11);

MembershipUser u = new MembershipUser(this.Name,

username,

providerUserKey,

email,

passwordQuestion,

comment,

isApproved,

isLockedOut,

creationDate,

lastLoginDate,

lastActivityDate,

lastPasswordChangedDate,

lastLockedOutDate);

return u;

}

// MembershipProvider.UnlockUser

public override bool UnlockUser(string username)

{

OdbcConnection conn = new OdbcConnection(connectionString);

OdbcCommand cmd = new OdbcCommand("UPDATE [" + tableName + "] " +

" SET IsLockedOut = False, LastLockedOutDate = ? " +

" WHERE Username = ? AND ApplicationName = ?", conn);

cmd.Parameters.Add("@LastLockedOutDate", OdbcType.DateTime).Value = DateTime.Now;

cmd.Parameters.Add("@Username", OdbcType.VarChar, 255).Value = username;

cmd.Parameters.Add("@ApplicationName", OdbcType.VarChar, 255).Value = pApplicationName;

int rowsAffected = 0;

try

{

conn.Open();

rowsAffected = cmd.ExecuteNonQuery();

}

catch (OdbcException e)

{

if (WriteExceptionsToEventLog)

{

WriteToEventLog(e, "UnlockUser");

throw new ProviderException(exceptionMessage);

}

else

{

throw e;

}

finally

{

conn.Close();

}

if (rowsAffected > 0)

return true;

return false;

}

// MembershipProvider.GetUserNameByEmail

public override string GetUserNameByEmail(string email)

{

OdbcConnection conn = new OdbcConnection(connectionString);

OdbcCommand cmd = new OdbcCommand("SELECT Username" +

" FROM [" + tableName + "] WHERE Email = ? AND ApplicationName = ?", conn);

cmd.Parameters.Add("@Email", OdbcType.VarChar, 128).Value = email;

cmd.Parameters.Add("@ApplicationName", OdbcType.VarChar, 255).Value = pApplicationName;

string username = "";

try

{

conn.Open();

username = (string)cmd.ExecuteScalar();

}

catch (OdbcException e)

{

if (WriteExceptionsToEventLog)

{

WriteToEventLog(e, "GetUserNameByEmail");

throw new ProviderException(exceptionMessage);

}

else

{

throw e;

}

finally

{

conn.Close();

}

if (username == null)

username = "";

return username;

}

// MembershipProvider.ResetPassword

public override string ResetPassword(string username, string answer)

{

if (!EnablePasswordReset)

{

throw new NotSupportedException("Password reset is not enabled.");

}

if (answer == null && RequiresQuestionAndAnswer)

{

UpdateFailureCount(username, "passwordAnswer");

throw new ProviderException("Password answer required for password reset.");

}

string newPassword =

System.Web.Security.Membership.GeneratePassword(newPasswordLength,MinRequiredNonAlphanumericCharacters);

ValidatePasswordEventArgs args =

new ValidatePasswordEventArgs(username, newPassword, true);

OnValidatingPassword(args);

if (args.Cancel)

if (args.FailureInformation != null)

throw args.FailureInformation;

else

throw new MembershipPasswordException("Reset password canceled due to password validation failure.");

OdbcConnection conn = new OdbcConnection(connectionString);

OdbcCommand cmd = new OdbcCommand("SELECT PasswordAnswer, IsLockedOut FROM [" + tableName + "]" +

" WHERE Username = ? AND ApplicationName = ?", conn);

cmd.Parameters.Add("@Username", OdbcType.VarChar, 255).Value = username;

cmd.Parameters.Add("@ApplicationName", OdbcType.VarChar, 255).Value = pApplicationName;

int rowsAffected = 0;

string passwordAnswer = "";

OdbcDataReader reader = null;

try

{

conn.Open();

reader = cmd.ExecuteReader(CommandBehavior.SingleRow);

if (reader.HasRows)

{

reader.Read();

if (reader.GetBoolean(1))

throw new MembershipPasswordException("The supplied user is locked out.");

passwordAnswer = reader.GetString(0);

}

else

{

throw new MembershipPasswordException("The supplied user name is not found.");

}

if (RequiresQuestionAndAnswer && !CheckPassword(answer, passwordAnswer))

{

UpdateFailureCount(username, "passwordAnswer");

throw new MembershipPasswordException("Incorrect password answer.");

}

OdbcCommand updateCmd = new OdbcCommand("UPDATE [" + tableName + "]" +

" SET Password = ?, LastPasswordChangedDate = ?" +

" WHERE Username = ? AND ApplicationName = ? AND IsLockedOut = False", conn);

updateCmd.Parameters.Add("@Password", OdbcType.VarChar, 255).Value = EncodePassword(newPassword);

updateCmd.Parameters.Add("@LastPasswordChangedDate", OdbcType.DateTime).Value = DateTime.Now;

updateCmd.Parameters.Add("@Username", OdbcType.VarChar, 255).Value = username;

updateCmd.Parameters.Add("@ApplicationName", OdbcType.VarChar, 255).Value = pApplicationName;

rowsAffected = updateCmd.ExecuteNonQuery();

}

catch (OdbcException e)

{

if (WriteExceptionsToEventLog)

{

WriteToEventLog(e, "ResetPassword");

throw new ProviderException(exceptionMessage);

}

else

{

throw e;

}

finally

{

if (reader != null) { reader.Close(); }

conn.Close();

}

if (rowsAffected > 0)

{

return newPassword;

}

else

{

throw new MembershipPasswordException("User not found, or user is locked out. Password not Reset.");

}

// MembershipProvider.UpdateUser

public override void UpdateUser(MembershipUser user)

{

OdbcConnection conn = new OdbcConnection(connectionString);

OdbcCommand cmd = new OdbcCommand("UPDATE [" + tableName + "]" +

" SET Email = ?, Comment = ?," +

" IsApproved = ?" +

" WHERE Username = ? AND ApplicationName = ?", conn);

cmd.Parameters.Add("@Email", OdbcType.VarChar, 128).Value = user.Email;

cmd.Parameters.Add("@Comment", OdbcType.VarChar, 255).Value = user.Comment;

cmd.Parameters.Add("@IsApproved", OdbcType.Bit).Value = user.IsApproved;

cmd.Parameters.Add("@Username", OdbcType.VarChar, 255).Value = user.UserName;

cmd.Parameters.Add("@ApplicationName", OdbcType.VarChar, 255).Value = pApplicationName;

try

{

conn.Open();

cmd.ExecuteNonQuery();

}

catch (OdbcException e)

{

if (WriteExceptionsToEventLog)

{

WriteToEventLog(e, "UpdateUser");

throw new ProviderException(exceptionMessage);

}

else

{

throw e;

}

finally

{

conn.Close();

}

// MembershipProvider.ValidateUser

public override bool ValidateUser(string username, string password)

{

bool isValid = false;

OdbcConnection conn = new OdbcConnection(connectionString);

OdbcCommand cmd = new OdbcCommand("SELECT Password, IsApproved FROM [" + tableName + "]" +

" WHERE Username = ? AND ApplicationName = ? AND IsLockedOut = False", conn);

cmd.Parameters.Add("@Username", OdbcType.VarChar, 255).Value = username;

cmd.Parameters.Add("@ApplicationName", OdbcType.VarChar, 255).Value = pApplicationName;

OdbcDataReader reader = null;

bool isApproved = false;

string pwd = "";

try

{

conn.Open();

reader = cmd.ExecuteReader(CommandBehavior.SingleRow);

if (reader.HasRows)

{

reader.Read();

pwd = reader.GetString(0);

isApproved = reader.GetBoolean(1);

}

else

{

return false;

}

reader.Close();

if (CheckPassword(password, pwd))

{

if (isApproved)

{

isValid = true;

OdbcCommand updateCmd = new OdbcCommand("UPDATE [" + tableName + "] SET LastLoginDate = ?" +

" WHERE Username = ? AND ApplicationName = ?", conn);

updateCmd.Parameters.Add("@LastLoginDate", OdbcType.DateTime).Value = DateTime.Now;

updateCmd.Parameters.Add("@Username", OdbcType.VarChar, 255).Value = username;

updateCmd.Parameters.Add("@ApplicationName", OdbcType.VarChar, 255).Value = pApplicationName;

updateCmd.ExecuteNonQuery();

}

else

{

conn.Close();

UpdateFailureCount(username, "password");

}

catch (OdbcException e)

{

if (WriteExceptionsToEventLog)

{

WriteToEventLog(e, "ValidateUser");

throw new ProviderException(exceptionMessage);

}

else

{

throw e;

}

finally

{

if (reader != null) { reader.Close(); }

conn.Close();

}

return isValid;

}

// UpdateFailureCount

// A helper method that performs the checks and updates associated with

// password failure tracking.

private void UpdateFailureCount(string username, string failureType)

{

OdbcConnection conn = new OdbcConnection(connectionString);

OdbcCommand cmd = new OdbcCommand("SELECT FailedPasswordAttemptCount, " +

" FailedPasswordAttemptWindowStart, " +

" FailedPasswordAnswerAttemptCount, " +

" FailedPasswordAnswerAttemptWindowStart " +

" FROM [" + tableName + "] " +

" WHERE Username = ? AND ApplicationName = ?", conn);

cmd.Parameters.Add("@Username", OdbcType.VarChar, 255).Value = username;

cmd.Parameters.Add("@ApplicationName", OdbcType.VarChar, 255).Value = pApplicationName;

OdbcDataReader reader = null;

DateTime windowStart = new DateTime();

int failureCount = 0;

try

{

conn.Open();

reader = cmd.ExecuteReader(CommandBehavior.SingleRow);

if (reader.HasRows)

{

reader.Read();

if (failureType == "password")

{

failureCount = reader.GetInt32(0);

windowStart = reader.GetDateTime(1);

}

if (failureType == "passwordAnswer")

{

failureCount = reader.GetInt32(2);

windowStart = reader.GetDateTime(3);

}

reader.Close();

DateTime windowEnd = windowStart.AddMinutes(PasswordAttemptWindow);

if (failureCount == 0 || DateTime.Now > windowEnd)

{

// First password failure or outside of PasswordAttemptWindow.

// Start a new password failure count from 1 and a new window starting now.

if (failureType == "password")

cmd.CommandText = "UPDATE [" + tableName + "] " +

" SET FailedPasswordAttemptCount = ?, " +

" FailedPasswordAttemptWindowStart = ? " +

" WHERE Username = ? AND ApplicationName = ?";

if (failureType == "passwordAnswer")

cmd.CommandText = "UPDATE [" + tableName + "] " +

" SET FailedPasswordAnswerAttemptCount = ?, " +

" FailedPasswordAnswerAttemptWindowStart = ? " +

" WHERE Username = ? AND ApplicationName = ?";

cmd.Parameters.Clear();

cmd.Parameters.Add("@Count", OdbcType.Int).Value = 1;

cmd.Parameters.Add("@WindowStart", OdbcType.DateTime).Value = DateTime.Now;

cmd.Parameters.Add("@Username", OdbcType.VarChar, 255).Value = username;

cmd.Parameters.Add("@ApplicationName", OdbcType.VarChar, 255).Value = pApplicationName;

if (cmd.ExecuteNonQuery() < 0)

throw new ProviderException("Unable to update failure count and window start.");

}

else

{

if (failureCount++ >= MaxInvalidPasswordAttempts)

{

// Password attempts have exceeded the failure threshold. Lock out

// the user.

cmd.CommandText = "UPDATE [" + tableName + "] " +

" SET IsLockedOut = ?, LastLockedOutDate = ? " +

" WHERE Username = ? AND ApplicationName = ?";

cmd.Parameters.Clear();

cmd.Parameters.Add("@IsLockedOut", OdbcType.Bit).Value = true;

cmd.Parameters.Add("@LastLockedOutDate", OdbcType.DateTime).Value = DateTime.Now;

cmd.Parameters.Add("@Username", OdbcType.VarChar, 255).Value = username;

cmd.Parameters.Add("@ApplicationName", OdbcType.VarChar, 255).Value = pApplicationName;

if (cmd.ExecuteNonQuery() < 0)

throw new ProviderException("Unable to lock out user.");

}

else

{

// Password attempts have not exceeded the failure threshold. Update

// the failure counts. Leave the window the same.

if (failureType == "password")

cmd.CommandText = "UPDATE [" + tableName + "] " +

" SET FailedPasswordAttemptCount = ?" +

" WHERE Username = ? AND ApplicationName = ?";

if (failureType == "passwordAnswer")

cmd.CommandText = "UPDATE [" + tableName + "] " +

" SET FailedPasswordAnswerAttemptCount = ?" +

" WHERE Username = ? AND ApplicationName = ?";

cmd.Parameters.Clear();

cmd.Parameters.Add("@Count", OdbcType.Int).Value = failureCount;

cmd.Parameters.Add("@Username", OdbcType.VarChar, 255).Value = username;

cmd.Parameters.Add("@ApplicationName", OdbcType.VarChar, 255).Value = pApplicationName;

if (cmd.ExecuteNonQuery() < 0)

throw new ProviderException("Unable to update failure count.");

}

catch (OdbcException e)

{

if (WriteExceptionsToEventLog)

{

WriteToEventLog(e, "UpdateFailureCount");

throw new ProviderException(exceptionMessage);

}

else

{

throw e;

}

finally

{

if (reader != null) { reader.Close(); }

conn.Close();

}

// CheckPassword

// Compares password values based on the MembershipPasswordFormat.

private bool CheckPassword(string password, string dbpassword)

{

string pass1 = password;

string pass2 = dbpassword;

switch (PasswordFormat)

{

case MembershipPasswordFormat.Encrypted:

pass2 = UnEncodePassword(dbpassword);

break;

case MembershipPasswordFormat.Hashed:

pass1 = EncodePassword(password);

break;

default:

break;

}

if (pass1 == pass2)

{

return true;

}

return false;

}

// EncodePassword

// Encrypts, Hashes, or leaves the password clear based on the PasswordFormat.

private string EncodePassword(string password)

{

string encodedPassword = password;

switch (PasswordFormat)

{

case MembershipPasswordFormat.Clear:

break;

case MembershipPasswordFormat.Encrypted:

encodedPassword =

Convert.ToBase64String(EncryptPassword(Encoding.Unicode.GetBytes(password)));

break;

case MembershipPasswordFormat.Hashed:

HMACSHA1 hash = new HMACSHA1();

hash.Key = HexToByte(machineKey.ValidationKey);

encodedPassword =

Convert.ToBase64String(hash.ComputeHash(Encoding.Unicode.GetBytes(password)));

break;

default:

throw new ProviderException("Unsupported password format.");

}

return encodedPassword;

}

// UnEncodePassword

// Decrypts or leaves the password clear based on the PasswordFormat.

private string UnEncodePassword(string encodedPassword)

{

string password = encodedPassword;

switch (PasswordFormat)

{

case MembershipPasswordFormat.Clear:

break;

case MembershipPasswordFormat.Encrypted:

password =

Encoding.Unicode.GetString(DecryptPassword(Convert.FromBase64String(password)));

break;

case MembershipPasswordFormat.Hashed:

throw new ProviderException("Cannot unencode a hashed password.");

default:

throw new ProviderException("Unsupported password format.");

}

return password;

}

// HexToByte

// Converts a hexadecimal string to a byte array. Used to convert encryption

// key values from the configuration.

private byte[] HexToByte(string hexString)

{

byte[] returnBytes = new byte[hexString.Length / 2];

for (int i = 0; i < returnBytes.Length; i++)

returnBytes[i] = Convert.ToByte(hexString.Substring(i*2, 2), 16);

return returnBytes;

}

// MembershipProvider.FindUsersByName

public override MembershipUserCollection FindUsersByName(string usernameToMatch, int pageIndex, int pageSize, out int totalRecords)

{

OdbcConnection conn = new OdbcConnection(connectionString);

OdbcCommand cmd = new OdbcCommand("SELECT Count(*) FROM [" + tableName + "] " +

"WHERE Username LIKE ? AND ApplicationName = ?", conn);

cmd.Parameters.Add("@UsernameSearch", OdbcType.VarChar, 255).Value = usernameToMatch;

cmd.Parameters.Add("@ApplicationName", OdbcType.VarChar, 255).Value = pApplicationName;

MembershipUserCollection users = new MembershipUserCollection();

OdbcDataReader reader = null;

try

{

conn.Open();

totalRecords = (int)cmd.ExecuteScalar();

if (totalRecords <= 0) { return users; }

cmd.CommandText = "SELECT PKID, Username, Email, PasswordQuestion," +

" Comment, IsApproved, IsLockedOut, CreationDate, LastLoginDate," +

" LastActivityDate, LastPasswordChangedDate, LastLockedOutDate " +

" FROM [" + tableName + "] " +

" WHERE Username LIKE ? AND ApplicationName = ? " +

" ORDER BY Username Asc";

reader = cmd.ExecuteReader();

int counter = 0;

int startIndex = pageSize * pageIndex;

int endIndex = startIndex + pageSize - 1;

while (reader.Read())

{

if (counter >= startIndex)

{

MembershipUser u = GetUserFromReader(reader);

users.Add(u);

}

if (counter >= endIndex) { cmd.Cancel(); }

counter++;

}

catch (OdbcException e)

{

if (WriteExceptionsToEventLog)

{

WriteToEventLog(e, "FindUsersByName");

throw new ProviderException(exceptionMessage);

}

else

{

throw e;

}

finally

{

if (reader != null) { reader.Close(); }

conn.Close();

}

return users;

}

// MembershipProvider.FindUsersByEmail

public override MembershipUserCollection FindUsersByEmail(string emailToMatch, int pageIndex, int pageSize, out int totalRecords)

{

OdbcConnection conn = new OdbcConnection(connectionString);

OdbcCommand cmd = new OdbcCommand("SELECT Count(*) FROM [" + tableName + "] " +

"WHERE Email LIKE ? AND ApplicationName = ?", conn);

cmd.Parameters.Add("@EmailSearch", OdbcType.VarChar, 255).Value = emailToMatch;

cmd.Parameters.Add("@ApplicationName", OdbcType.VarChar, 255).Value = ApplicationName;

MembershipUserCollection users = new MembershipUserCollection();

OdbcDataReader reader = null;

totalRecords = 0;

try

{

conn.Open();

totalRecords = (int)cmd.ExecuteScalar();

if (totalRecords <= 0) { return users; }

cmd.CommandText = "SELECT PKID, Username, Email, PasswordQuestion," +

" Comment, IsApproved, IsLockedOut, CreationDate, LastLoginDate," +

" LastActivityDate, LastPasswordChangedDate, LastLockedOutDate " +

" FROM [" + tableName + "] " +

" WHERE Email LIKE ? AND ApplicationName = ? " +

" ORDER BY Username Asc";

reader = cmd.ExecuteReader();

int counter = 0;

int startIndex = pageSize * pageIndex;

int endIndex = startIndex + pageSize - 1;

while (reader.Read())

{

if (counter >= startIndex)

{

MembershipUser u = GetUserFromReader(reader);

users.Add(u);

}

if (counter >= endIndex) { cmd.Cancel(); }

counter++;

}

catch (OdbcException e)

{

if (WriteExceptionsToEventLog)

{

WriteToEventLog(e, "FindUsersByEmail");

throw new ProviderException(exceptionMessage);

}

else

{

throw e;

}

finally

{

if (reader != null) { reader.Close(); }

conn.Close();

}

return users;

}

// WriteToEventLog

// A helper function that writes exception detail to the event log. Exceptions

// are written to the event log as a security measure to avoid private database

// details from being returned to the browser. If a method does not return a status

// or boolean indicating the action succeeded or failed, a generic exception is also

// thrown by the caller.

private void WriteToEventLog(Exception e, string action)

{

EventLog log = new EventLog();

log.Source = eventSource;

log.Log = eventLog;

string message = "An exception occurred communicating with the data source. ";

message += "Action: " + action + " ";

message += "Exception: " + e.ToString();

log.WriteEntry(message);

}

角色资格提供程序实现(C#)：

如果您使用的是 VB.net 请看原文：http://msdn2.microsoft.com/zh-cn/library/317sza4k(vs.80).aspx

using System.Web.Security;

using System.Configuration.Provider;

using System.Collections.Specialized;

using System;

using System.Data;

using System.Data.Odbc;

using System.Configuration;

using System.Diagnostics;

using System.Web;

using System.Globalization;

This provider works with the following schema for the tables of role data.

CREATE TABLE Roles

(

Rolename Text (255) NOT NULL,

ApplicationName Text (255) NOT NULL,

CONSTRAINT PKRoles PRIMARY KEY (Rolename, ApplicationName)

)

CREATE TABLE UsersInRoles

(

Username Text (255) NOT NULL,

Rolename Text (255) NOT NULL,

ApplicationName Text (255) NOT NULL,

CONSTRAINT PKUsersInRoles PRIMARY KEY (Username, Rolename, ApplicationName)

)

namespace Samples.AspNet.Roles

{

public sealed class OdbcRoleProvider: RoleProvider

{

// Global connection string, generic exception message, event log info.

private string rolesTable = "Roles";

private string usersInRolesTable = "UsersInRoles";

private string eventSource = "OdbcRoleProvider";

private string eventLog = "Application";

private string exceptionMessage = "An exception occurred. Please check the Event Log.";

private ConnectionStringSettings pConnectionStringSettings;

private string connectionString;

// If false, exceptions are thrown to the caller. If true,

// exceptions are written to the event log.

private bool pWriteExceptionsToEventLog = false;

public bool WriteExceptionsToEventLog

{

get { return pWriteExceptionsToEventLog; }

set { pWriteExceptionsToEventLog = value; }

}

// System.Configuration.Provider.ProviderBase.Initialize Method

public override void Initialize(string name, NameValueCollection config)

{

// Initialize values from web.config.

if (config == null)

throw new ArgumentNullException("config");

if (name == null || name.Length == 0)

name = "OdbcRoleProvider";

if (String.IsNullOrEmpty(config["description"]))

{

config.Remove("description");

config.Add("description", "Sample ODBC Role provider");

}

// Initialize the abstract base class.

base.Initialize(name, config);

if (config["applicationName"] == null || config["applicationName"].Trim() == "")

{

pApplicationName = System.Web.Hosting.HostingEnvironment.ApplicationVirtualPath;

}

else

{

pApplicationName = config["applicationName"];

}

if (config["writeExceptionsToEventLog"] != null)

{

if (config["writeExceptionsToEventLog"].ToUpper() == "TRUE")

{

pWriteExceptionsToEventLog = true;

}

// Initialize OdbcConnection.

pConnectionStringSettings = ConfigurationManager.

ConnectionStrings[config["connectionStringName"]];

if (pConnectionStringSettings == null || pConnectionStringSettings.ConnectionString.Trim() == "")

{

throw new ProviderException("Connection string cannot be blank.");

}

connectionString = pConnectionStringSettings.ConnectionString;

}

// System.Web.Security.RoleProvider properties.

private string pApplicationName;

public override string ApplicationName

{

get { return pApplicationName; }

set { pApplicationName = value; }

}

// System.Web.Security.RoleProvider methods.

// RoleProvider.AddUsersToRoles

public override void AddUsersToRoles(string[] usernames, string[] rolenames)

{

foreach (string rolename in rolenames)

{

if (!RoleExists(rolename))

{

throw new ProviderException("Role name not found.");

}

foreach (string username in usernames)

{

if (username.IndexOf(',') > 0)

{

throw new ArgumentException("User names cannot contain commas.");

}

foreach (string rolename in rolenames)

{

if (IsUserInRole(username, rolename))

{

throw new ProviderException("User is already in role.");

}

OdbcConnection conn = new OdbcConnection(connectionString);

OdbcCommand cmd = new OdbcCommand("INSERT INTO [" + usersInRolesTable + "]" +

" (Username, Rolename, ApplicationName) " +

" Values(?, ?, ?)", conn);

OdbcParameter userParm = cmd.Parameters.Add("@Username", OdbcType.VarChar, 255);

OdbcParameter roleParm = cmd.Parameters.Add("@Rolename", OdbcType.VarChar, 255);

cmd.Parameters.Add("@ApplicationName", OdbcType.VarChar, 255).Value = ApplicationName;

OdbcTransaction tran = null;

try

{

conn.Open();

tran = conn.BeginTransaction();

cmd.Transaction = tran;

foreach (string username in usernames)

{

foreach (string rolename in rolenames)

{

userParm.Value = username;

roleParm.Value = rolename;

cmd.ExecuteNonQuery();

}

tran.Commit();

}

catch (OdbcException e)

{

try

{

tran.Rollback();

}

catch { }

if (WriteExceptionsToEventLog)

{

WriteToEventLog(e, "AddUsersToRoles");

}

else

{

throw e;

}

finally

{

conn.Close();

}

// RoleProvider.CreateRole

public override void CreateRole(string rolename)

{

if (rolename.IndexOf(',') > 0)

{

throw new ArgumentException("Role names cannot contain commas.");

}

if (RoleExists(rolename))

{

throw new ProviderException("Role name already exists.");

}

OdbcConnection conn = new OdbcConnection(connectionString);

OdbcCommand cmd = new OdbcCommand("INSERT INTO [" + rolesTable + "]" +

" (Rolename, ApplicationName) " +

" Values(?, ?)", conn);

cmd.Parameters.Add("@Rolename", OdbcType.VarChar, 255).Value = rolename;

cmd.Parameters.Add("@ApplicationName", OdbcType.VarChar, 255).Value = ApplicationName;

try

{

conn.Open();

cmd.ExecuteNonQuery();

}

catch (OdbcException e)

{

if (WriteExceptionsToEventLog)

{

WriteToEventLog(e, "CreateRole");

}

else

{

throw e;

}

finally

{

conn.Close();

}

// RoleProvider.DeleteRole

public override bool DeleteRole(string rolename, bool throwOnPopulatedRole)

{

if (!RoleExists(rolename))

{

throw new ProviderException("Role does not exist.");

}

if (throwOnPopulatedRole && GetUsersInRole(rolename).Length > 0)

{

throw new ProviderException("Cannot delete a populated role.");

}

OdbcConnection conn = new OdbcConnection(connectionString);

OdbcCommand cmd = new OdbcCommand("DELETE FROM [" + rolesTable + "]" +

" WHERE Rolename = ? AND ApplicationName = ?", conn);

cmd.Parameters.Add("@Rolename", OdbcType.VarChar, 255).Value = rolename;

cmd.Parameters.Add("@ApplicationName", OdbcType.VarChar, 255).Value = ApplicationName;

OdbcCommand cmd2 = new OdbcCommand("DELETE FROM [" + usersInRolesTable + "]" +

" WHERE Rolename = ? AND ApplicationName = ?", conn);

cmd2.Parameters.Add("@Rolename", OdbcType.VarChar, 255).Value = rolename;

cmd2.Parameters.Add("@ApplicationName", OdbcType.VarChar, 255).Value = ApplicationName;

OdbcTransaction tran = null;

try

{

conn.Open();

tran = conn.BeginTransaction();

cmd.Transaction = tran;

cmd2.Transaction = tran;

cmd2.ExecuteNonQuery();

cmd.ExecuteNonQuery();

tran.Commit();

}

catch (OdbcException e)

{

try

{

tran.Rollback();

}

catch { }

if (WriteExceptionsToEventLog)

{

WriteToEventLog(e, "DeleteRole");

return false;

}

else

{

throw e;

}

finally

{

conn.Close();

}

return true;

}

// RoleProvider.GetAllRoles

public override string[] GetAllRoles()

{

string tmpRoleNames = "";

OdbcConnection conn = new OdbcConnection(connectionString);

OdbcCommand cmd = new OdbcCommand("SELECT Rolename FROM [" + rolesTable + "]" +

" WHERE ApplicationName = ?", conn);

cmd.Parameters.Add("@ApplicationName", OdbcType.VarChar, 255).Value = ApplicationName;

OdbcDataReader reader = null;

try

{

conn.Open();

reader = cmd.ExecuteReader();

while (reader.Read())

{

tmpRoleNames += reader.GetString(0) + ",";

}

catch (OdbcException e)

{

if (WriteExceptionsToEventLog)

{

WriteToEventLog(e, "GetAllRoles");

}

else

{

throw e;

}

finally

{

if (reader != null) { reader.Close(); }

conn.Close();

}

if (tmpRoleNames.Length > 0)

{

// Remove trailing comma.

tmpRoleNames = tmpRoleNames.Substring(0, tmpRoleNames.Length - 1);

return tmpRoleNames.Split(',');

}

return new string[0];

}

// RoleProvider.GetRolesForUser

public override string[] GetRolesForUser(string username)

{

string tmpRoleNames = "";

OdbcConnection conn = new OdbcConnection(connectionString);

OdbcCommand cmd = new OdbcCommand("SELECT Rolename FROM [" + usersInRolesTable + "]" +

" WHERE Username = ? AND ApplicationName = ?", conn);

cmd.Parameters.Add("@Username", OdbcType.VarChar, 255).Value = username;

cmd.Parameters.Add("@ApplicationName", OdbcType.VarChar, 255).Value = ApplicationName;

OdbcDataReader reader = null;

try

{

conn.Open();

reader = cmd.ExecuteReader();

while (reader.Read())

{

tmpRoleNames += reader.GetString(0) + ",";

}

catch (OdbcException e)

{

if (WriteExceptionsToEventLog)

{

WriteToEventLog(e, "GetRolesForUser");

}

else

{

throw e;

}

finally

{

if (reader != null) { reader.Close(); }

conn.Close();

}

if (tmpRoleNames.Length > 0)

{

// Remove trailing comma.

tmpRoleNames = tmpRoleNames.Substring(0, tmpRoleNames.Length - 1);

return tmpRoleNames.Split(',');

}

return new string[0];

}

// RoleProvider.GetUsersInRole

public override string[] GetUsersInRole(string rolename)

{

string tmpUserNames = "";

OdbcConnection conn = new OdbcConnection(connectionString);

OdbcCommand cmd = new OdbcCommand("SELECT Username FROM [" + usersInRolesTable + "]" +

" WHERE Rolename = ? AND ApplicationName = ?", conn);

cmd.Parameters.Add("@Rolename", OdbcType.VarChar, 255).Value = rolename;

cmd.Parameters.Add("@ApplicationName", OdbcType.VarChar, 255).Value = ApplicationName;

OdbcDataReader reader = null;

try

{

conn.Open();

reader = cmd.ExecuteReader();

while (reader.Read())

{

tmpUserNames += reader.GetString(0) + ",";

}

catch (OdbcException e)

{

if (WriteExceptionsToEventLog)

{

WriteToEventLog(e, "GetUsersInRole");

}

else

{

throw e;

}

finally

{

if (reader != null) { reader.Close(); }

conn.Close();

}

if (tmpUserNames.Length > 0)

{

// Remove trailing comma.

tmpUserNames = tmpUserNames.Substring(0, tmpUserNames.Length - 1);

return tmpUserNames.Split(',');

}

return new string[0];

}

// RoleProvider.IsUserInRole

public override bool IsUserInRole(string username, string rolename)

{

bool userIsInRole = false;

OdbcConnection conn = new OdbcConnection(connectionString);

OdbcCommand cmd = new OdbcCommand("SELECT COUNT(*) FROM [" + usersInRolesTable + "]" +

" WHERE Username = ? AND Rolename = ? AND ApplicationName = ?", conn);

cmd.Parameters.Add("@Username", OdbcType.VarChar, 255).Value = username;

cmd.Parameters.Add("@Rolename", OdbcType.VarChar, 255).Value = rolename;

cmd.Parameters.Add("@ApplicationName", OdbcType.VarChar, 255).Value = ApplicationName;

try

{

conn.Open();

int numRecs = (int)cmd.ExecuteScalar();

if (numRecs > 0)

{

userIsInRole = true;

}

catch (OdbcException e)

{

if (WriteExceptionsToEventLog)

{

WriteToEventLog(e, "IsUserInRole");

}

else

{

throw e;

}

finally

{

conn.Close();

}

return userIsInRole;

}

// RoleProvider.RemoveUsersFromRoles

public override void RemoveUsersFromRoles(string[] usernames, string[] rolenames)

{

foreach (string rolename in rolenames)

{

if (!RoleExists(rolename))

{

throw new ProviderException("Role name not found.");

}

foreach (string username in usernames)

{

foreach (string rolename in rolenames)

{

if (!IsUserInRole(username, rolename))

{

throw new ProviderException("User is not in role.");

}

OdbcConnection conn = new OdbcConnection(connectionString);

OdbcCommand cmd = new OdbcCommand("DELETE FROM [" + usersInRolesTable + "]" +

" WHERE Username = ? AND Rolename = ? AND ApplicationName = ?", conn);

OdbcParameter userParm = cmd.Parameters.Add("@Username", OdbcType.VarChar, 255);

OdbcParameter roleParm = cmd.Parameters.Add("@Rolename", OdbcType.VarChar, 255);

cmd.Parameters.Add("@ApplicationName", OdbcType.VarChar, 255).Value = ApplicationName;

OdbcTransaction tran = null;

try

{

conn.Open();

tran = conn.BeginTransaction();

cmd.Transaction = tran;

foreach (string username in usernames)

{

foreach (string rolename in rolenames)

{

userParm.Value = username;

roleParm.Value = rolename;

cmd.ExecuteNonQuery();

}

tran.Commit();

}

catch (OdbcException e)

{

try

{

tran.Rollback();

}

catch { }

if (WriteExceptionsToEventLog)

{

WriteToEventLog(e, "RemoveUsersFromRoles");

}

else

{

throw e;

}

finally

{

conn.Close();

}

// RoleProvider.RoleExists

public override bool RoleExists(string rolename)

{

bool exists = false;

OdbcConnection conn = new OdbcConnection(connectionString);

OdbcCommand cmd = new OdbcCommand("SELECT COUNT(*) FROM [" + rolesTable + "]" +

" WHERE Rolename = ? AND ApplicationName = ?", conn);

cmd.Parameters.Add("@Rolename", OdbcType.VarChar, 255).Value = rolename;

cmd.Parameters.Add("@ApplicationName", OdbcType.VarChar, 255).Value = ApplicationName;

try

{

conn.Open();

int numRecs = (int)cmd.ExecuteScalar();

if (numRecs > 0)

{

exists = true;

}

catch (OdbcException e)

{

if (WriteExceptionsToEventLog)

{

WriteToEventLog(e, "RoleExists");

}

else

{

throw e;

}

finally

{

conn.Close();

}

return exists;

}

// RoleProvider.FindUsersInRole

public override string[] FindUsersInRole(string rolename, string usernameToMatch)

{

OdbcConnection conn = new OdbcConnection(connectionString);

OdbcCommand cmd = new OdbcCommand("SELECT Username FROM [" + usersInRolesTable + "] " +

"WHERE Username LIKE ? AND RoleName = ? AND ApplicationName = ?", conn);

cmd.Parameters.Add("@UsernameSearch", OdbcType.VarChar, 255).Value = usernameToMatch;

cmd.Parameters.Add("@RoleName", OdbcType.VarChar, 255).Value = rolename;

cmd.Parameters.Add("@ApplicationName", OdbcType.VarChar, 255).Value = pApplicationName;

string tmpUserNames = "";

OdbcDataReader reader = null;

try

{

conn.Open();

reader = cmd.ExecuteReader();

while (reader.Read())

{

tmpUserNames += reader.GetString(0) + ",";

}

catch (OdbcException e)

{

if (WriteExceptionsToEventLog)

{

WriteToEventLog(e, "FindUsersInRole");

}

else

{

throw e;

}

finally

{

if (reader != null) { reader.Close(); }

conn.Close();

}

if (tmpUserNames.Length > 0)

{

// Remove trailing comma.

tmpUserNames = tmpUserNames.Substring(0, tmpUserNames.Length - 1);

return tmpUserNames.Split(',');

}

return new string[0];

}

// WriteToEventLog

// A helper function that writes exception detail to the event log. Exceptions

// are written to the event log as a security measure to avoid private database

// details from being returned to the browser. If a method does not return a status

// or boolean indicating the action succeeded or failed, a generic exception is also

// thrown by the caller.

private void WriteToEventLog(OdbcException e, string action)

{

EventLog log = new EventLog();

log.Source = eventSource;

log.Log = eventLog;

string message = exceptionMessage + " ";

message += "Action: " + action + " ";

message += "Exception: " + e.ToString();

log.WriteEntry(message);

}

纪俊

关注

0
点赞
踩
1

收藏

觉得还不错? 一键收藏
1
评论
自定义成员资格提供程序(MemberShip Provider)实现与角色提供程序(Role Provider)实现示例

本文内容转自 MSDN，Junelf 将两篇文章合并为一篇并稍作总结。ASP.NET 成员资格旨在使您可以轻松地将多个不同的成员资格提供程序与多个不同的角色提供程序用于您的 ASP.NET 应用程序。您可以使用 .NET Framework 中包含的成员资格提供程序，也可以实现自己的提供程序。在实现自定义成员资格提供程序时，需要继承 MembershipProvider 抽象类；实现自定义
复制链接

扫一扫

专栏目录