Implementare un custom Membership provider con ASP.NET
Un esempio su come scrivere un custom Membership provider per ASP.NET che consenta di validare correttamente la password nei vari metodi.
In particolare se la password non rispetta i vincoli imposti dal provider, la cosa da fare รจ lanciare un eccezione, che viene poi intercettata dai Login control e viene comunicato all'utente il problema. Bisogna inoltre invocare il metodo OnValidatingPassword, nel caso in cui la password sia corretta, per scatenare l'evento ValidatingPassword del provider.
Qui il codice:
public override bool ChangePassword(string username, string oldPassword, string newPassword)
{
    PasswordCheck passwordCheck = IsValidPassword(newPassword);
    if (passwordCheck == PasswordCheck.MinRequiredPasswordLength)
        throw new ArgumentException("Password does not respects min required lenght.");

    if (passwordCheck == PasswordCheck.NonAlphanumericCharacters)
        throw new ArgumentException("Password does not respects alphanumeric lenght.");

    ValidatePasswordEventArgs e = new ValidatePasswordEventArgs(username, newPassword, false);
    OnValidatingPassword(e);
    return true;
}

public override MembershipUser CreateUser
    (string username, string password, 
     string email, string passwordQuestion, 
     string passwordAnswer, bool isApproved, 
     object providerUserKey, out MembershipCreateStatus status)
{
    if (IsValidPassword(password) != PasswordCheck.Valid) {
        status = MembershipCreateStatus.InvalidPassword;
        return null;
    }

    ValidatePasswordEventArgs e = new ValidatePasswordEventArgs(username, password, true);
    OnValidatingPassword(e);

    DateTime now = DateTime.Now;
    status = MembershipCreateStatus.Success;
    MembershipUser user = new MembershipUser
        (this.GetType().Name, username, Guid.NewGuid(), 
         email, passwordQuestion, string.Empty, true, false, 
         now, now, now, now, now);
    HttpContext.Current.Cache[user.UserName] = user;
    return user;
}

private enum PasswordCheck { 
    Valid = 0,
    NonAlphanumericCharacters = 2,
    MinRequiredPasswordLength = 4
}

private PasswordCheck IsValidPassword(string password) {
    if (password.Length < this.MinRequiredPasswordLength)
        return PasswordCheck.MinRequiredPasswordLength;

    int nonAlphanumericCharacters = 0;
    for (int i = 0; i < password.Length; i++)
    {
        if (!char.IsLetterOrDigit(password, i))
            nonAlphanumericCharacters++;
    }

    if (nonAlphanumericCharacters < this.MinRequiredNonAlphanumericCharacters)
        return PasswordCheck.NonAlphanumericCharacters;

    return PasswordCheck.Valid;
}

public override MembershipUser GetUser(string username, bool userIsOnline)
{
    MembershipUser user = HttpContext.Current.Cache[username] as MembershipUser;
    return user;
}

public override bool ValidateUser(string username, string password)
{
    MembershipUser user = HttpContext.Current.Cache[username] as MembershipUser;
    return ((user != null) && user.GetPassword().Equals(password));
}

Matteo Migliore.

Comments

# re: Implementare un custom Membership provider con ASP.NET
Left by Matteo Migliore on 10/26/2007 9:47 PM
Comments have been closed on this topic.