Dot Net

Syrinx .NET Development Blog
Need help on your project? info@syrinx.com, or toll free (888) 579-7469, press 1

News



Need help with your .NET Development project?

 Syrinx works with clients throughout New England to architect, design, develop, and deploy .NET Applications. Working on fully outsourced projects, as part of your team, helping to train your team, or rescuing projects in trouble, we are comfortable doing it all. Projects from a couple weeks to several months in duration, reference clients available. Contact us today - info@syrinx.com, or toll free (888) 579-7469 and press 1 to speak to someone now!

A Simple Custom Sql Membership Provider Part 2

In A Simple Custom Sql Membership Provider Part 1, I talked about how to create a new Sql Membership Provider in order to modify the behavior of the default provider, without having to write your own provider from scratch. 

In this part, I'll show you how to further extend the provider to give the appearance of case-insensitivity for passwords.  Please note, when passwords are configured to be hashed (not retrievable), you cannot provide true case-insensitivity.

To provide the desired behavior, we can essentially force all passwords to lowercase.  We need to do this when they are set initially, when they are reset, when they are changed, and when they are validated during login.  Any gaps in this logic may result in the inability to login.

Here is the code to do this...

private bool CaseSensitive;

string CaseSensitiveConfig = config["caseSensitive"];
if (CaseSensitiveConfig != null)
{
    // Have to remove the config entry as the provider we are 
    // inheriting from doesn't understand it and will throw an 
    // exception
    config.Remove("caseSensitive");

     if (!bool.TryParse(CaseSensitiveConfig, out CaseSensitive))
    {
        // Have to reset to default as TryParse will set it to 
        // false if the value can't be parsed
        CaseSensitive = true;
    }
}
else
{
    // Default to case sensitive
    CaseSensitive = true;
}


#region Override Password logic for case-insensitive functionality
//Override the default logic for creating users, changing passwords,
//and logging in; in order to give the effect of case-insensitivity.
// For every call that uses password, force the user input to lower case
//as well.
//Although this is configurable via the provider's configuration 
//section, this setting should not be changed after users have been
//live on the system.  If any passwords get into the system with 
//upper case characters, that user will be unable to login.

public override bool ChangePassword(string username, 
    string oldPassword, string newPassword)
 {
    if (!CaseSensitive)
    {
        oldPassword = oldPassword.ToLower();
        newPassword = newPassword.ToLower();
    }
    return base.ChangePassword(username, oldPassword, 
        newPassword);
}

public override MembershipUser CreateUser(string username, 
    string password, string email, string passwordQuestion, 
    string passwordAnswer, bool isApproved, object providerUserKey, 
    out MembershipCreateStatus status)
{
    if (!CaseSensitive)
    {
        password = password.ToLower();
    }
    return base.CreateUser(username, password, email, passwordQuestion, 
        passwordAnswer, isApproved, providerUserKey, out status);
}

public override bool ValidateUser(string username, string password)
{
    if (!CaseSensitive)
    {
        password = password.ToLower();
    }
    return base.ValidateUser(username, password);
}
#endregion
Posted: Feb 25 2008, 02:05 PM by joep | with no comments

Comments

No Comments