mono/mcs/class/System.Web/System.Web.Security/ChangeLog

2006-08-14 Gonzalo Paniagua Javier <[email protected]>

	* FormsAuthentication.cs: set the Secure attribute of the authentication
	cookie when required.

2006-07-06	Konstantin Triger <[email protected]>

	* FormsAuthentication.cs: Ensure initialized, fix url mapping.

2006-05-03  Chris Toshok  <[email protected]>

	* SqlMembershipProvider.cs (GetAlg): move this here for the time
	being, as it's the only class that uses it.
	(HashAndBase64Encode): nuke.
	(EncryptAndBase64Encode): nuke.
	(Base64DecodeAndDecrypt): nuke.
	(DecryptPassword): new function.
	(EncryptPassword): new function.
	(ChangePassword): replace the switch with a call to
	EncodePassword.
	(ChangePasswordQuestionAndAnswer): same.
	(CreateUser): same.
	(ResetPassword): same.
	(ValidateUsingPassword): same.
	(ValidateUsingPasswordAnswer): same.
	(GetPassword): same, and throw MembershipPasswordException if the
	password answer is incorrect.

	* MembershipProvider.cs (InitVector): nuke this.  it's actually
	the salt from the database (for the sql provider, anyway).
	(EncodePassword): based on the password format, password, and
	salt, encode it.  Makes use of EncryptPassword.
	(DecodePassword): likewise for decoding, makes use of
	DecryptPassword.
	(DecryptPassword): revert this to throwing
	NotImplementedException, as the sql provideroverrides it to
	perform the actual decryption.
	(EncryptPassword): same.

2006-05-02  Chris Toshok  <[email protected]>

	* SqlMembershipProvider.cs: 85% complete, maybe more.  The major
	functionality should work.  Password retrieval (and encrypted
	passwords in general) is untested.

2006-05-01  Chris Toshok  <[email protected]>

	* Membership.cs (GeneratePassword): don't include quotes (',",`)
	in the set of characters in the generated passwords.

2006-05-01  Chris Toshok  <[email protected]>

	* MembershipProvider.cs (GetAlg): switch from Exception to
	ProviderException to match MS behavior (and fix the unit test.)

	* Membership.cs (GeneratePassword): implement.

2006-05-01  Chris Toshok  <[email protected]>

	* SqlMembershipProvider.cs: lots more work.  checking this in in
	its present state because I don't want to lose it.  It still needs
	work.
	
	* Membership.cs (.cctor): remove the fallback.
	(ValidatingPassword): remove the MonoTODO.

	* MembershipProvider.cs (DecryptPassword): implement.
	(EncryptPassword): implement.
	(GetAlg): helper function for Decrypt/EncryptPassword.
	(InitVector): same.

2006-04-27  Chris Toshok  <[email protected]>

	* SqlMembershipProvider.cs (GeneratePassword): call
	Membership.GeneratePassword with the configured minimum strength
	requirements.

2006-04-27  Chris Toshok  <[email protected]>

	* SqlMembershipProvider.cs (UnlockUser): fix sql query, and move
	the CheckPararm call to the top of the method.

2006-04-12  Chris Toshok  <[email protected]>

	* SqlMembershipProvider.cs: commit initial pass at
	SqlMembershipProvider work.  lots of stuff untested in here.

2006-04-11  Chris Toshok  <[email protected]>

	* MembershipUser.cs (.ctor): per Shackow's book, all DateTime's
	are converted using ToUniversalTime when passed into this class.
	(UpdateSelf): update ourselves from the passed in MembershipUser,
	swallowing NotSupportedExceptions.
	(UpdateUser): fetch a new MembershipUser from the db and call
	UpdateSelf with it.
	(ChangePassword): call UpdateUser after changing the password.
	(ChangePasswordQuestionAndAnswer): same.
	(ResetPassword): same.
	(UnlockUser): same.  Also, don't explicitly set isLockedOut.
	It'll be updated in UpdateSelf.
	(CreationDate): getter calls ToLocalTime, setter calls
	ToUniversalTime.
	(LastActivityDate): same.
	(LastLoginDate): same.
	(LastPasswordChangedDate): same.
	(LastLockoutDate): same.
	
	* Membership.cs (.cctor): use
	ProvidersHelper.InstantitateProviders, and remove some unnecessary
	#if NET_2_0's.

2006-03-29  Chris Toshok  <[email protected]>

	* SqlRoleProvider.cs: do the LOWER's in SQL, not in C#.

2006-03-23  Chris Toshok  <[email protected]>

	* Roles.cs: make this 2.0 configuration aware.

	* SqlRoleProvider.cs: flesh out all the operations.  the only
	things that need dealing with are the Initialize method's handling
	of a few parameters, and the ApplicationName property.

2006-03-23  Chris Toshok  <[email protected]>

	* DefaultAuthenticationModule.cs (OnDefaultAuthentication): always
	set Thread.CurrentPrincipal, not just if we set it to the
	GenericPrincipal.

2006-03-22  Chris Toshok  <[email protected]>

	* RoleManagerModule.cs: implement using info in Shackow's book.

	* RolePrincipal.cs: flesh this out a bit more.

	* DefaultAuthenticationModule.cs (OnDefaultAuthentication):
	according to Shackow's book, this sets Thread.CurrentPrincipal as
	well as HttpContext.Current.User.

2006-02-28  Chris Toshok  <[email protected]>

	* FormsAuthentication.cs: corcompare work.

	* MembershipCreateUserException.cs: same.

	* MembershipPasswordException.cs: same.

	* AnonymousIdentificationModule.cs: same.

2006-02-01  Chris Toshok  <[email protected]>

	* FormsAuthentication.cs, Membership.cs,
	FormsAuthenticationModule.cs, UrlAuthorizationModule.cs: oops,
	replace GetWebApplicationSection with GetSection.
	
2006-02-01  Chris Toshok  <[email protected]>

	* FormsAuthentication.cs: CONFIGURATION_2_0 => NET_2_0.
	simplifies the ifdef mess quite a bit.

	* Membership.cs: same.

	* FormsAuthenticationModule.cs: same.

	* UrlAuthorizationModule.cs: same.

2006-01-04  Chris Toshok  <[email protected]>

	* FormsAuthentication.cs (Authenticate): add CONFIGURATION_2_0
	code.
	(Decrypt2): same.
	(Decrypt): same.
	(Encrypt): same.
	(Initialize): same.

2006-01-04  Chris Toshok  <[email protected]>

	* Membership.cs (.cctor): enable the code here under
	CONFIGURATION_2_0.

2006-01-03  Chris Toshok  <[email protected]>

	* UrlAuthorizationModule.cs (OnAuthorizeRequest): add
	CONFIGURATION_2_0 code here.

2005-12-22 Gonzalo Paniagua Javier <[email protected]>

	* FormsAuthentication.cs: don't end the request in
	RedirectFromLoginPage.

2005-12-22 Gonzalo Paniagua Javier <[email protected]>

	* FormsAuthenticationModule.cs: expire the cookie. Fixes bug #77043.
	Patch by Cyrille Colin.

2005-12-13 Gonzalo Paniagua Javier <[email protected]>

	* FormsAuthenticationModule.cs: ignore any exception thrown when mapping
	the provided virtual path to the physical one. Patch by Cyrille Colin.

2005-11-28  Chris Toshok  <[email protected]>

	* FormsAuthenticationModule.cs (OnAuthenticateRequest):
	CONFIGURATION_2_0 work.
	(OnEndRequest): same.

2005-09-09  Sebastien Pouliot  <[email protected]>

	* DefaultAuthenticationEventArgs.cs: Added LinkDemand for Minimal.
	* DefaultAuthenticationModule.cs: Added LinkDemand for Minimal. Added
	Demand for UnmanagedCode on constructor.
	* FileAuthorizationModule.cs: Added LinkDemand for Minimal. Added 
	Demand for UnmanagedCode on constructor.
	* FormsAuthentication.cs: Added LinkDemand for Minimal.
	* FormsAuthenticationEventArgs.cs: Added LinkDemand for Minimal.
	* FormsAuthenticationModule.cs: Added LinkDemand for Minimal. Added 
	Demand for UnmanagedCode on constructor.
	* FormsAuthenticationTicket.cs: Added LinkDemand for Minimal.
	* FormsIdentity.cs: Added LinkDemand for Minimal.
	* PassportAuthenticationEventArgs.cs: Added LinkDemand for Minimal.
	* PassportAuthenticationModule.cs: Added LinkDemand for Minimal. Added
	Demand for UnmanagedCode on constructor.
	* PassportIdentity.cs: Added LinkDemand for Minimal. Added Demand for
	UnmanagedCode on constructor.
	* UrlAuthorizationModule.cs: Added LinkDemand for Minimal. Added 
	Demand for UnmanagedCode on constructor.
	* WindowsAuthenticationEventArgs.cs: Added LinkDemand for Minimal.
	* WindowsAuthenticationModule.cs: Added LinkDemand for Minimal. Added
	Demand for UnmanagedCode on constructor.

2005-09-01  Sebastien Pouliot  <[email protected]>

	* FormsAuthenticationEventArgs.cs: Ensure the setter for User is 
	protected by a demand for ControlPrincipal.
	* PassportAuthenticationEventArgs.cs: Ensure the setter for User is
	protected by a demand for ControlPrincipal.
	* WindowsAuthenticationEventArgs.cs: Ensure the setter for User is 
	protected by a demand for ControlPrincipal.

2005-08-25  Sebastien Pouliot  <[email protected]> 
 
	* FormsAuthentication.cs: With 2.0 we can get the default properties 
	and call Initialize without a NRE.

2005-08-25  Sebastien Pouliot  <[email protected]>

	* ActiveDirectoryConnectionProtection.cs: New (2.0) enum.
	* ActiveDirectoryMembershipProvider.cs: Fixed 2.0 API.
	* AnonymousIdentificationEventArgs.cs: Fixed AnonymousID property case.
	* AnonymousIdentificationModule.cs: Fixed 2.0 API.
	* FileAuthorizationModule.cs: Added static CheckFileAccessForUser in 
	2.0 profile (TODO).
	* FormsAuthentication.cs: Added missing 2.0 properties with their 
	default values.
	* MembershipCreateStatus.cs: Fixed enum values/names.
	* MembershipProvider.cs: Added stub for [Decrypt|Encrypt]Password. Both
	methods don't seems to work without an active provider.
	* PassportIdentity.cs: Added IDispose for 2.0 profile.
	* Roles.cs: Added missing beta2 bits and default values (which are the
	only things working without a role provider (web.config).
	* RolePrincipal.cs: Fixed 2.0 API. Implemented a few bits.
	* SqlRoleProvider.cs: Fixed 2.0 API.
	* UrlAuthorizationModule.cs: Added static CheckUrlAccessForPrincipal in
	2.0 profile (TODO).

2005-08-24  Sebastien Pouliot  <[email protected]>

	* MembershipUserCollection.cs: Fix exceptions.

2005-08-22  Sebastien Pouliot  <[email protected]>

	* FormsAuthentication.cs: Add some 2.0 stuff required for Login* 
	controls to compile.

2005-08-18  Sebastien Pouliot  <[email protected]>

	* Membership.cs: Commented unworking parts of the .cctor to allow 
	testing the Login control.
	* MembershipProviderCollection.cs: Fixed exception handling.
	* SqlMembershipProvider.cs: Don't throw NotImplementedException 
	everywhere so Membership's .cctor (somewhat) works. Removed 
	Description property (not in beta2).

2005-07-28 Gonzalo Paniagua Javier <[email protected]>

	* FormsAuthentication.cs: allow hardware acceleration support if
	available. Sebastien dixit.

2005-07-26 Gonzalo Paniagua Javier <[email protected]>

	* FormsAuthentication.cs: the init_vector must be the same accross
	restarts, otherwise the cookie does not work even when a decryption
	key is provided. Initialize it to the bytes of the cookie name. Fixes
	bug #75635.

2005-07-25  Eyal Alaluf <[email protected]>

	* FormsAuthenticationModule.cs: Check for null config

2005-07-25  Miguel de Icaza  <[email protected]>

	* FormsAuthentication.cs (SignOut): Force the cookie to have it
	expire in the past.

2005-07-25 Gonzalo Paniagua Javier <[email protected]>

	* FormsAuthentication.cs: my previous patch missed a "small" detail: it
	didn't include the verification key when computing/checking the
	validation hash. Now this is really a MAC or HMAC or...

2005-07-25 Gonzalo Paniagua Javier <[email protected]>

	* FormsAuthentication.cs:
	* FormsAuthenticationTicket.cs: added support for validation and
	encryption of the auth. cookie and improved serialization of the ticket.

2005-07-01  Lluis Sanchez Gual <[email protected]>

	* Membership.cs: Read provider info from the config file.

2005-06-10 Lluis Sanchez Gual <[email protected]>

	* MembershipUserCollection.cs:
	* MembershipPasswordException.cs:
	* RoleProviderCollection.cs:
	* ActiveDirectoryMembershipProvider.cs:
	* SqlMembershipProvider.cs:
	* MembershipProvider.cs:
	* SqlRoleProvider.cs:
	* Membership.cs:
	* MembershipUser.cs:
	* MembershipProviderCollection.cs:
	* Roles.cs:.
	* RoleProvider.cs: Track api changes in ASP.NET 2.0. Implemented
	some missing methods.
	
	* AccessRoleProvider.cs:
	* AccessMembershipProvider.cs: Removed.
	
	* MembershipCreateUserException.cs:
	* MembershipValidatePasswordEventHandler.cs:
	* ValidatePasswordEventArgs.cs: Implemented.

2005-05-21  Sebastien Pouliot  <[email protected]>

	* FormsAuthentication.cs: Hash the UTF8 representation of the password
	strings (to be compatible with Microsoft implementation).

2005-04-20 Gonzalo Paniagua Javier <[email protected]>

	* FormsAuthentication.cs:
	* PassportAuthenticationModule.cs:
	* WindowsAuthenticationModule.cs: removed warnings.

2005-03-11 Gonzalo Paniagua Javier <[email protected]>

	* FormsAuthenticationModule.cs: fix for bug 73545, which caused
	authentication not to work when the cookie was not persistent.
	Patch by Ilya Kharmatsky (Mainsoft).

2005-02-23 Gonzalo Paniagua Javier <[email protected]>

	* FormsAuthentication.cs: make the string to be stored in a config.
	file uppercase... See bug #72557.

2005-02-06 Gonzalo Paniagua Javier <[email protected]>

	* FormsAuthentication.cs: fixed typo when getting the hash for the 
	password in SHA1 and MD5. Thanks to Tadas Dailyda.
	Lock on a static object instead of typeof(FormsAuthentication).

2004-11-18 Lluis Sanchez Gual <[email protected]>

	* RoleProvider.cs, Roles.cs, SqlRoleProvider.cs, RoleProviderCollection.cs,
	AccessRoleProvider.cs: IRoleProvider has been renamed to ProviderBase.
	* IMembershipProvider.cs: Deleted.
	* MembershipProvider.cs, AccessMembershipProvider.cs, MembershipUser.cs,
	Membership.cs, ADMembershipProvider.cs, SqlMembershipProvider.cs
	MembershipProviderCollection.cs: MembershipProvider has been deleted
	and replaced by the abstract class MembershipProvider.
	* MembershipProviderCollection.cs: Minor fixes.
	* ADMembershipProvider.cs: Renamed to ActiveDirectoryMembershipProvider.cs.

2004-11-15 Lluis Sanchez Gual <[email protected]>

	* RoleProviderCollection.cs, MembershipProviderCollection.cs: 
	Fixed warnings.

2004-08-23 Gonzalo Paniagua Javier <[email protected]>

	* FormsAuthentication.cs: patch by Jim Pease to fix the date on renewal.

2004-08-22 Gonzalo Paniagua Javier <[email protected]>

	* FormsAuthenticationModule.cs: don't renew expired cookies. Only renew
	the cookie if SlidingExpiration is set. Thanks to Jim Pease.

2004-08-03  Sanjay Gupta <[email protected]>

	* MembershipSortOptions.cs:
	* MembershipPasswordFormat.cs:
	* MembershipOnlineStatus.cs:
	* MembershipCreateStatus.cs:
	* CookieProtection.cs: minor modifications.

2004-06-12  Pedro Martnez Juli  <[email protected]>

	* FormsAuthentication.cs: Undo last change.

2004-06-12  Pedro Martnez Juli  <[email protected]>

	* FormsAuthentication.cs: go to loginUrl from web.config settings
	before try with the default ones.

2004-06-11  Gonzalo Paniagua Javier <[email protected]>

	* DefaultAuthenticationModule.cs: set the IPrincipal for this thread
	once we have a user. Fixes bug #59683.

2004-04-21  Gonzalo Paniagua Javier <[email protected]>

	* FormsAuthenticationModule.cs: re-read configuration files if needed
	when determining if forms auth. is used.

2004-01-23  Gonzalo Paniagua Javier <[email protected]>

	* FormsAuthentication.cs: added RequireSSL and SlidingExpiration.

2004-01-11  Andreas Nahr <[email protected]>

	* PassportIdentity.cs: Added v 1.1 members

2003-11-25 Ben Maurer  <[email protected]>
	
	* AccessMembershipProvider.cs: New v2 file
	* AccessRoleProvider.cs: New v2 file
	* ADMembershipProvider.cs: New v2 file
	* AnonymousIdentificationEventArgs.cs: New v2 file
	* AnonymousIdentificationEventHandler.cs: New v2 file
	* AnonymousIdentificationModule.cs: New v2 file
	* CookieProtection.cs: New v2 file
	* IMembershipProvider.cs: New v2 file
	* IRoleProvider.cs: New v2 file
	* Membership.cs: New v2 file
	* MembershipCreateStatus.cs: New v2 file
	* MembershipCreateUserException.cs: New v2 file
	* MembershipOnlineStatus.cs: New v2 file
	* MembershipPasswordException.cs: New v2 file
	* MembershipPasswordFormat.cs: New v2 file
	* MembershipProviderCollection.cs: New v2 file
	* MembershipSortOptions.cs: New v2 file
	* MembershipUser.cs: New v2 file
	* MembershipUserCollection.cs: New v2 file
	* RoleManagerEventArgs.cs: New v2 file
	* RoleManagerEventHandler.cs: New v2 file
	* RoleManagerModule.cs: New v2 file
	* RolePrincipal.cs: New v2 file
	* RoleProviderCollection.cs: New v2 file
	* Roles.cs: New v2 file
	* SqlMembershipProvider.cs: New v2 file
	* SqlRoleProvider.cs: New v2 file

2003-11-05  Gonzalo Paniagua Javier <[email protected]>

	* FormsAuthentication.cs: encoding updates.

2003-10-04  Gonzalo Paniagua Javier <[email protected]>

	* FormsAuthenticationModule.cs: fixed for applications other than /.

2003-08-27  Gonzalo Paniagua Javier <[email protected]>

	* UrlAuthorizationModule.cs: fixed description for status code.

2003-07-31  Gonzalo Paniagua Javier <[email protected]>

	* FormsAuthenticationModule.cs: really renew the ticket. Thanks to
	Jens Thiel <[email protected]>.

2003-02-13  Gonzalo Paniagua Javier <[email protected]>

	* UrlAuthorizationModule.cs: tell the application not to run any other
	step apart from EndRequest.

2003-02-12  Gonzalo Paniagua Javier <[email protected]>

	* FormsAuthentication.cs: implemented RedirectFromLoginPage and
	GetRedirectUrl.
	
	* FormsAuthenticationModule.cs: redirect to the login page when a 401
	error happens.

	* UrlAuthorizationModule.cs: check for valid user or render error page.

2003-01-04  Gonzalo Paniagua Javier <[email protected]>

	* DefaultAuthenticationModule.cs: implemented. It just create a default 
	unauthenticated user when no one else provided one.

	* FormsAuthenticationModule.cs: removed debug output.

2002-12-20  Gonzalo Paniagua Javier <[email protected]>

	* FormsAuthenticationModule.cs: remove debug lines.

2002-12-19  Gonzalo Paniagua Javier <[email protected]>

	* FormsAuthentication.cs: return a null ticket when an exception is
	thrown creating it. Implemented RenewTicketIfOld.

	* FormsAuthenticationModule.cs: implemented event handlers for
	AuthenticateRequest and EndRequest.

	* FormsAuthenticationTicket.cs: implemented SetDates and Clone methods.

2002-12-18  Gonzalo Paniagua Javier <[email protected]>

	* FormsAuthentication.cs: implemented GetAuthCookie, SetAuthCookie,
	SignOut, FormsCookieName and FormsCookiePath.

2002-12-17  Gonzalo Paniagua Javier <[email protected]>

	* FormsAuthentication.cs: implemented Authenticate, unencrypted Encrypt
	and Decrypt, HashPasswordForStoringInConfigFile and Initialize.

	* FormsAuthenticationTicket.cs: set cookiePath to the default when no
	other provided.

2002-08-26  Gonzalo Paniagua Javier <[email protected]>

	* DefaultAuthenticationEventHandler.cs:
	* DefaultAuthenticationModule.cs:
	* FileAuthorizationModule.cs:
	* FormsAuthentication.cs:
	* FormsAuthenticationEventArgs.cs:
	* FormsAuthenticationEventHandler.cs:
	* FormsAuthenticationModule.cs:
	* FormsAuthenticationTicket.cs:
	* FormsIdentity.cs:
	* PassportAuthenticationEventArgs.cs:
	* PassportAuthenticationEventHandler.cs:
	* PassportAuthenticationModule.cs:
	* PassportIdentity.cs:
	* UrlAuthorizationModule.cs:
	* WindowsAuthenticationEventArgs.cs:
	* WindowsAuthenticationEventHandler.cs:
	* WindowsAuthenticationModule.cs: new files. Some of them implemented,
	some others stubbed out.

2002-06-03  Gonzalo Paniagua Javier <[email protected]>

	* DefaultAuthenticationEventArgs.cs: added file.