CMS.MembershipProvider
Class providing methods for Facebook Connect session management
Constructor
Key of Facebook application
Application secret key
Determines whether the request belongs to validated Facebook user.
Gets a Facebook session info based on cookies from current request.
Removes Facebook Connect cookies.
Active directory membership provider
Initializes the membership provider
Provider name
Configuration
Implementation of Web Authentication and Delegated Authentication
protocol. Also includes trusted sign-in and application
verification sample implementations.
Initialize the WindowsLiveLogin module with the
application ID and secret key.
We recommend that you employ strong measures to protect
the secret key. The secret key should never be
exposed to the Web or other users.
Initialize the WindowsLiveLogin module with the
application ID, secret key, and security algorithm.
We recommend that you employ strong measures to protect
the secret key. The secret key should never be
exposed to the Web or other users.
Initialize the WindowsLiveLogin module with the
forceDelAuthNonProvisioned flag, policy URL, and return URL.
The 'force_delauth_nonprovisioned' flag indicates whether
your application is registered for Delegated Authentication
(that is, whether it uses an application ID and secret key). We
recommend that your Delegated Authentication application always
be registered for enhanced security and functionality.
Policy URL
Return URL
Initialize the WindowsLiveLogin module with the
application ID, secret key, security algorithm and
forceDelAuthNonProvisioned flag.
We recommend that you employ strong measures to protect
the secret key. The secret key should never be
exposed to the Web or other users.
The 'force_delauth_nonprovisioned' flag indicates whether
your application is registered for Delegated Authentication
(that is, whether it uses an application ID and secret key). We
recommend that your Delegated Authentication application always
be registered for enhanced security and functionality.
Initialize the WindowsLiveLogin module with the
application ID, secret key, security algorithm,
forceDelAuthNonProvisioned and policy URL use.
We recommend that you employ strong measures to protect
the secret key. The secret key should never be
exposed to the Web or other users.
The 'force_delauth_nonprovisioned' flag indicates whether
your application is registered for Delegated Authentication
(that is, whether it uses an application ID and secret key). We
recommend that your Delegated Authentication application always
be registered for enhanced security and functionality.
Initialize the WindowsLiveLogin module with the
application ID, secret key, security algorithm,
forceDelAuthNonProvisioned, policy URL and return URL.
We recommend that you employ strong measures to protect
the secret key. The secret key should never be
exposed to the Web or other users.
The 'force_delauth_nonprovisioned' flag indicates whether
your application is registered for Delegated Authentication
(that is, whether it uses an application ID and secret key). We
recommend that your Delegated Authentication application always
be registered for enhanced security and functionality.
Application ID
Secret
Security algorithm
Force delayed authentication
Policy URL
Return URL
Initialize the WindowsLiveLogin module from the
web.config file if loadAppSettings is true. Otherwise,
you will have to manually set the AppId, Secret and
SecurityAlgorithm properties.
In a Delegated Authentication scenario, you may also specify
the return and privacy policy URLs to use, as shown in the
Delegated Authentication samples.
APPID
SECRET
wsignin1.0
http://[your domain]/[your privacy policy]
http://[your domain]/[your return url]
In a Delegated Authentication scenario, you may also specify
'returnurl' and 'policyurl' in the settings file.
We recommend that you store the Windows Live Login settings file
in an area on your server that cannot be accessed through
the Internet. This file contains important confidential
information.
]]>
Returns the sign-in URL to use for the Windows Live Login server.
We recommend that you use the Sign In control instead.
Sign-in URL
Returns the sign-in URL to use for the Windows Live Login server.
We recommend that you use the Sign In control instead.
If you specify it, will be returned as-is in the sign-in
response for site-specific use.
Sign-in URL
Returns the sign-in URL to use for the Windows Live Login server.
We recommend that you use the Sign In control instead.
If you specify it, will be returned as-is in the sign-in
response for site-specific use.
The language in which the sign-in page is
displayed is configured by culture ID (For example, 'fr-fr' or
'en-us') specified in the 'market' parameter.
Sign-in URL
Returns the sign-out URL to use for the Windows Live Login server.
We recommend that you use the Sign In control instead.
Sign-out URL
Returns the sign-out URL to use for the Windows Live Login server.
We recommend that you use the Sign In control instead.
The language in which the sign-in page is
displayed is configured by culture ID (For example, 'fr-fr' or
'en-us') specified in the 'market' parameter.
Sign-out URL
Processes the sign-in response from the Windows Live Login server.
Contains the preprocessed POST query
such as that returned by HttpRequest.Form
The method returns a User object on successful
sign-in; otherwise null.
Decodes and validates a Web Authentication token. Returns a User
object on success.
Decodes and validates a Web Authentication token. Returns a User
object on success. If a context is passed in, it will be
returned as the context field in the User object.
Web Authentication token
If you specify it, will be returned as-is in the sign-in
response for site-specific use.
User object
Returns an appropriate content type and body
response that the application handler can return to
signify a successful sign-out from the application.
When a user signs out of Windows Live or a Windows Live
application, a best-effort attempt is made to sign the user out
from all other Windows Live applications the user might be signed
in to. This is done by calling the handler page for each
application with 'action' parameter set to 'clearcookie' in the query
string. The application handler is then responsible for clearing
any cookies or data associated with the sign-in. After successfully
signing the user out, the handler should return a GIF (any
GIF) as response to the action=clearcookie query.
Returns the consent URL to use for Delegated Authentication for
the given comma-delimited list of offers.
Comma-delimited list of offers.
Consent URL
Returns the consent URL to use for Delegated Authentication for
the given comma-delimited list of offers.
Comma-delimited list of offers.
If you specify it, will be returned as-is in the consent
response for site-specific use.
Consent URL
Returns the consent URL to use for Delegated Authentication for
the given comma-delimited list of offers.
Comma-delimited list of offers.
If you specify it, will be returned as-is in the consent
response for site-specific use.
The registered/configured return URL will be
overridden by 'ru' specified here.
Consent URL
Returns the consent URL to use for Delegated Authentication for
the given comma-delimited list of offers.
Comma-delimited list of offers.
If you specify it, will be returned as-is in the sign-in
response for site-specific use.
The registered/configured return URL will be
overridden by 'ru' specified here.
The language in which the consent page is
displayed is configured by culture ID (For example, 'fr-fr' or
'en-us') specified in the 'market' parameter.
Consent URL
Returns the URL to use to download a new consent token, given the
offers and refresh token.
Comma-delimited list of offers.
Refresh token.
Refresh consent token URL
Returns the URL to use to download a new consent token, given the
offers and refresh token.
Comma-delimited list of offers.
Refresh token.
Refresh consent token URL
The registered/configured return URL will be
overridden by 'ru' specified here.
Refresh consent token URL
Returns the URL for the consent-management user interface.
Manage consent URL
Returns the URL for the consent-management user interface.
The language in which the consent page is
displayed is configured by culture ID (For example, 'fr-fr' or
'en-us') specified in the 'market' parameter.
Manage consent URL
Processes the POST response from the Delegated Authentication
service after a user has granted consent. The processConsent
function extracts the consent token string and returns the result
of invoking the processConsentToken method.
Response from the Delegated Authentication service.
ConsentToken
Processes the consent token string that is returned in the POST
response by the Delegated Authentication service after a
user has granted consent.
Raw token.
ConsentToken
Processes the consent token string that is returned in the POST
response by the Delegated Authentication service after a
user has granted consent.
Raw token.
If you specify it, will be returned as-is in the sign-in
response for site-specific use.
Attempts to obtain a new, refreshed token and return it. The
original token is not modified.
ConsentToken object.
Refreshed ConsentToken object.
Attempts to obtain a new, refreshed token and return it. The
original token is not modified.
ConsentToken object.
The registered/configured return URL will be
overridden by 'ru' specified here.
Refreshed ConsentToken object.
Attempts to obtain a new, refreshed token and return it using
the offers and refresh token. The original token is not modified.
Comma-delimited list of offers.
Refresh token.
Refreshed ConsentToken object.
Attempts to obtain a new, refreshed token and return it using
the offers and refresh token. The original token is not modified.
Comma-delimited list of offers.
Refresh token.
The registered/configured return URL will be
overridden by 'ru' specified here.
Refreshed ConsentToken object.
Stub implementation for logging debug output. You can run
a tool such as 'dbmon' to see the output.
Decodes and validates the raw token.
Decodes and validates the raw token with appropriate crypt key
and sign key.
Raw token.
Crypt key.
Sign key.
Decode the given token. Returns null on failure.
- First, the string is URL unescaped and base64
decoded.
- Second, the IV is extracted from the first 16 bytes
of the string.
- Finally, the string is decrypted by using the
encryption key.
Raw token.
Decoded token.
Decode the given token. Returns null on failure.
- First, the string is URL unescaped and base64
decoded.
- Second, the IV is extracted from the first 16 bytes
of the string.
- Finally, the string is decrypted by using the
encryption key.
Raw token.
Crypt key.
Decoded token.
Creates a signature for the given string.
Creates a signature for the given string by using the
signature key.
Extracts the signature from the token and validates it.
Extracts the signature from the token and validates it by using the
signature key.
Generates an Application Verifier token.
Generates an Application Verifier token. An IP address
can be included in the token.
Returns the URL needed to retrieve the application
security token. The application security token
will be generated for the Windows Live site.
JavaScript Output Notation (JSON) output is returned:
{"token":"<value>"}
Returns the URL needed to retrieve the application
security token.
By default, the application security token will be
generated for the Windows Live site; a specific Site ID
can optionally be specified in 'siteId'.
JSON output is returned:
{"token":"<value>"}
Returns the URL needed to retrieve the application
security token.
By default, the application security token will be
generated for the Windows Live site; a specific Site ID
can optionally be specified in 'siteId'. The IP address
can also optionally be included in 'ip'.
JSON output is returned:
{"token":"<value>"}
Returns the URL needed to retrieve the application
security token.
By default, the application security token will be
generated for the Windows Live site; a specific Site ID
can optionally be specified in 'siteId'. The IP address
can also optionally be included in 'ip'.
If 'js' is false, then JSON output is returned:
{"token":"<value>"}
Otherwise, a JavaScript response is returned. It is assumed
that WLIDResultCallback is a custom function implemented to
handle the token value:
WLIDResultCallback("<tokenvalue>");
Retrieves the application security token for application
verification from the application sign-in URL. The
application security token will be generated for the
Windows Live site.
Retrieves the application security token for application
verification from the application sign-in URL.
By default, the application security token will be
generated for the Windows Live site; a specific Site ID
can optionally be specified in 'siteId'.
Retrieves the application security token for application
verification from the application sign-in URL.
By default, the application security token will be
generated for the Windows Live site; a specific Site ID
can optionally be specified in 'siteId'. The IP address
can also optionally be included in 'ip'.
Implementation note: The application security token is
downloaded from the application sign-in URL in JSON format
{"token":"<value>"}, so we need to extract
<value> from the string and return it as seen here.
Returns a string that can be passed to the GetTrustedParams
function as the 'retcode' parameter. If this is specified as
the 'retcode', then the app will be used as return URL
after it finishes trusted sign-in.
Returns a table of key-value pairs that must be posted to
the sign-in URL for trusted sign-in. Use HTTP POST to do
this. Be aware that the values in the table are neither
URL nor HTML escaped and may have to be escaped if you are
inserting them in code such as an HTML form.
The user to be trusted on the local site is passed in as
string 'user'.
Returns a table of key-value pairs that must be posted to
the sign-in URL for trusted sign-in. Use HTTP POST to do
this. Be aware that the values in the table are neither
URL nor HTML escaped and may have to be escaped if you are
inserting them in code such as an HTML form.
The user to be trusted on the local site is passed in as
string 'user'.
Optionally, 'retcode' specifies the resource to which
successful sign-in is redirected, such as Windows Live Mail,
and is typically a string in the format 'id=2000'. If you
pass in the value from GetAppRetCode instead, sign-in will
be redirected to the application. Otherwise, an HTTP 200
response is returned.
Returns the trusted sign-in token in the format needed by the
trusted sign-in gadget.
User to be trusted on the local site is passed in as string
'user'.
Returns the trusted sign-in URL to use for the Windows Live
Login server.
Returns the trusted sign-out URL to use for the Windows Live
Login server.
Function to parse the settings file.
Derives the key, given the secret key and prefix as described in the
Web Authentication SDK documentation.
Parses query string and return a table representation of
the key and value pairs. Similar to
HttpUtility.ParseQueryString, except that no URL decoding
is done and only the last value is considered in the case
of multiple values with one key.
Generates a timestamp suitable for the application
verifier token.
Base64-encodes and URL-escapes a byte array.
URL-unescapes and Base64-decodes a string.
Fetches the contents given a URL.
Gets or sets the application ID.
Sets your secret key. Use this method if you did not specify
a secret key at initialization.
Sets your old secret key.
Use this property to set your old secret key if you are in the
process of transitioning to a new secret key. You may need this
property because the Windows Live ID servers can take up to
24 hours to propagate a new secret key after you have updated
your application settings.
If an old secret key is specified here and has not expired
(as determined by the OldSecretExpiry setting), it will be used
as a fallback if token decryption fails with the new secret
key.
Sets or gets the expiry time for your old secret key.
After this time has passed, the old secret key will no longer be
used even if token decryption fails with the new secret key.
The old secret expiry time is represented as the number of seconds
elapsed since January 1, 1970.
Sets or gets the version of the security algorithm being used.
Sets or gets a flag that indicates whether Delegated Authentication
is non-provisioned (i.e. does not use an application ID or secret
key).
Sets or gets the privacy policy URL.
Set the property for Delegated Authentication, if you did
not provide one at initialization time.
Sets or gets the return URL--the URL on your site to which the consent
service redirects users (along with the action, consent token,
and application context) after they have successfully provided
consent information for Delegated Authentication.
This value will override the return URL specified during
registration.
Sets or gets the URL to use for the Windows Live Login server.
You should not have to use or change this. Furthermore, we
recommend that you use the Sign In control instead of
the URL methods provided here.
Sets or gets the secure (HTTPS) URL to use for the Windows Live
Login server. You should not have to use or change this
directly.
Sets or gets the URL to use for the Windows Live Consent server. You
should not have to use or change this directly.
Holds the user information after a successful sign-in.
User constructor
Sets the Unix timestamp.
Sets the pairwise unique ID for the user.
User id
Sets the usePersistentCookie flag for the user.
Sets the the Application context.
Sets the the User token.
Returns the timestamp as obtained from the SSO token.
Returns the pairwise unique ID for the user.
Indicates whether the application
is expected to store the user token in a session or
persistent cookie.
Returns the application context that was originally passed
to the sign-in request, if any.
Returns the encrypted Web Authentication token containing
the UID. This can be cached in a cookie and the UID can be
retrieved by calling the ProcessToken method.
Holds the Consent Token object corresponding to consent granted.
Initialize the ConsentToken.
WindowsLiveLogin
Delegation token
Refresh token
Session key
Expiry
Offers
Location ID
Application context
Decoded token
Raw token
Sets the Delegation token.
Delegation token
Sets the refresh token.
Refresh token
Sets the session key.
Session key
Sets the expiry time of delegation token.
Expiry time
Sets the offers/actions for which user granted consent.
Comma-delimited list of offers
Sets the location ID.
Location ID
Sets the application context.
Application context
Sets the decoded token.
Decoded token
Sets the raw token.
Raw token
Indicates whether the delegation token is set and has not expired.
Attempt to refresh the current token and replace it. If operation succeeds
true is returned to signify success.
Makes a copy of the ConsentToken object.
Gets the Delegation token.
Gets the refresh token.
Gets the session key.
Gets the expiry time of delegation token.
Gets the list of offers/actions for which the user granted consent.
Gets the string representation of all the offers/actions for which
the user granted consent.
Gets the location ID.
Returns the application context that was originally passed
to the consent request, if any.
Gets the decoded token.
Gets the raw token.
Helper class providing methods for correct Facebook Connect initialization.
Indicates if Facebook Connect is enabled for specified site.
Site name
Returns api key.
Site name
Returns application secret.
Site name
Indicates if Facebook Connect is availabe/enabled on specified site.
Site name
Return script for Facebook Connect initialization.
Site name
Returns Facebook Connect XML namespace.
Returns Facebook Connect logout script (FB.Connect.logoutAndRedirect()).
Url
Returns Facebook Connect logout script including check whether Facebook cookies
are present (if no cookies found FB.Connect.logoutAndRedirect() is not used).
Url
API key
Additional script (used when Facebook Connect cookie is not found)
Sets Facebook Connect initialization script (considerind current context) to specified
literal and returns logout script for sign out button. Method returns null if Facebook
Connect is disabled or current user is not logged in using Facebook Connect.
Site name
Literal for init script
Checks Facebook Connect session (based on cookies) and returns its parameters.
Site name
Facebook user identificator
Removes Facebook Connect cookies.
Site name
OpenID helper class.
Represents OpenID response "Canceled".
Represents OpenID response "Failed".
Represents OpenID response "SetupRequired".
Represents OpenID response "Authenticated".
Constructor initializes OpenID transfer and connection.
Manually sets OpenID response for this object.
IAuthenticationResponse object
Returns OpenID response as object.
Checks status of current user.
Creates relying party for OpenID.
OpenIdRelyingParty
Send OpenID login request to specified openID provider with user demanded data.
URL of the OpenID provider
Demand level for user birth date
Demand level for user country
Demand level for user e-mail
Demand level for full name
Demand level for user gender
Demand level for user language
Demand level for user nick name
Demand level for user postal code
Demand level for user time zone
Returns NULL if request was sucessful, otherwise returns error message with additional data
Custom OpenID URL validation.
Get integer representation of Gender object
Gender object
1 - Male, 2 - Female
Returns DemandLevel of given parameter.
Name of requested level
Returns DemandLevel
Checks if DotNetOpenId.dll is present in /Bin directory.
Returns true if DotNetOpenId.dll is present
Returns OpenID Claimed Identifier for current user.
Returns OpenID Response as IAuthenticationResponse object.
User birthdate.
User country.
User culture.
User e-mail.
User full name.
Integer code with user gender.
User language.
User mail address.
User nickname
User postal code.
User time zone.
Membership helper
If true, mixed authentication is used
Default AD field to map the user name
Class providing role management.
Initialization.
Name.
Config.
Adds user to role.
User names.
Role names.
Creates role.
Role name.
Deletes specified role.
Role name.
Throw exception on role which is populated
Find all user in specified role.
Role name.
User name to match.
Returns all roles.
Returns all roles for specified user.
User name.
Returns all user in specified role.
Role name.
Determines whether specified user is in specified role.
User name.
Role name.
Removes user from role.
User name.
Role name.
Determines whether specified role exists.
Role name.
Application name.
Description.
Name.
Active directory role provider
Initializes the provider
Name
Configuration
Returns true if the user is in specific role
User name
Role name
Gets the roles for specified user
User name
Adds user to role.
User names.
Role names.
Creates role.
Role name.
Deletes specified role.
Role name.
Throw exception on role which is populated
Find all user in specified role.
Role name.
User name to match.
Returns all roles.
Returns all user in specified role.
Role name.
Removes user from role.
User name.
Role name.
Determines whether specified role exists.
Role name.
Throws not supported exception
Method name
ConnectionString name
Connection user name
Connection password
Attribute to map username
Application name
Description.
Name.
Validation states for Facebook Connect class
Unknow error
No Facebook Connect cookies found
Validation failed
Validation succeeded
User membership.
Contstructor.
UserInfo object.
User info
User name (reflects the UserName field)
Email (reflects the Email field)
Is approved (reflects the Enabled field)
Creation date (reflects the UserCreated field)
Is locked out (reflects the UserEnabled field)
Last activity date (reflects the LastLogon field)
Class providing membership management.
Changes Password of user specified by username.
User name
Old password
New password
As password questions and answers are not implemented in UserInfo, this metod returns true.
Not used
Not used
Not used
Not used
Creates new user.
User name
Password
E-mail
Not used
Not used
'isApproved' parameter is considered as 'Enabled' property in UserInfo;
Not used
If UserInfoProvider's SetUserInfo method throws exception then status is set to 'ProviderError', else it is set to 'Success'
Deletes user specified by username.
User name
Not used
Gets a collection of membership users where the e-mail address contains the specified e-mail address to match
User e-mail
Not used
Not used
Not used
Gets a collection of membership users where the user name contains the specified user name to match
User name
Not used
Not used
Not used
Gets a collection of all the users in DB.
Page index
Page size
Total number of users
Return number of online users. Monitor online users feature must be enabled.
Gets password of user specified by username
User name
Not used
Returns MembershipUser object containing data of user specified by providerUserKey
User key
Not used
Returns MembershipUser object containing data of user specified by his name
User name
Not used
Returns MembershipUser object containing data of user specified by his name
User info
Gets user name of user with given email.
User e-mail
Sets password of user specified by user name to empty string.
User name
Not used
Sets 'Enabled' property of user specified by user name to 'True'
User name
Updates data of specified user
User to update
Checks whether given password matches the password of user specified by username.
User name
Password
Iitializes the provider
Name used to refer to the provider
ignored
Applicaton name.
Description.
Enable password reset.
Enable password retrieval.
Maximum invalid password attempts.
Minimum required nonalphanumeric characters
Minimum required password length.
Name.
Password attempt window.
Password format.
Password strength regular expression.
Required question and aswer.
Requires unique email.