public override MembershipUser CreateUser (string username,
string password,
string email,
string pwdQuestion,
string pwdAnswer,
bool isApproved,
object providerUserKey,
out MembershipCreateStatus status)
{
if (username != null) username = username.Trim ();
if (password != null) password = password.Trim ();
if (email != null) email = email.Trim ();
if (pwdQuestion != null) pwdQuestion = pwdQuestion.Trim ();
if (pwdAnswer != null) pwdAnswer = pwdAnswer.Trim ();
/* some initial validation */
if (username == null || username.Length == 0 || username.Length > 256 || username.IndexOf (',') != -1) {
status = MembershipCreateStatus.InvalidUserName;
return null;
}
if (password == null || password.Length == 0 || password.Length > 128) {
status = MembershipCreateStatus.InvalidPassword;
return null;
}
if (!CheckPassword (password)) {
status = MembershipCreateStatus.InvalidPassword;
return null;
}
EmitValidatingPassword (username, password, true);
if (RequiresUniqueEmail && (email == null || email.Length == 0)) {
status = MembershipCreateStatus.InvalidEmail;
return null;
}
if (RequiresQuestionAndAnswer &&
(pwdQuestion == null ||
pwdQuestion.Length == 0 || pwdQuestion.Length > 256)) {
status = MembershipCreateStatus.InvalidQuestion;
return null;
}
if (RequiresQuestionAndAnswer &&
(pwdAnswer == null ||
pwdAnswer.Length == 0 || pwdAnswer.Length > 128)) {
status = MembershipCreateStatus.InvalidAnswer;
return null;
}
if (providerUserKey != null && !(providerUserKey is Guid)) {
status = MembershipCreateStatus.InvalidProviderUserKey;
return null;
}
if (providerUserKey == null)
providerUserKey = Guid.NewGuid();
/* encode our password/answer using the
* "passwordFormat" configuration option */
string passwordSalt = "";
RandomNumberGenerator rng = RandomNumberGenerator.Create ();
byte [] salt = new byte [SALT_BYTES];
rng.GetBytes (salt);
passwordSalt = Convert.ToBase64String (salt);
password = EncodePassword (password, PasswordFormat, passwordSalt);
if (RequiresQuestionAndAnswer)
pwdAnswer = EncodePassword (pwdAnswer, PasswordFormat, passwordSalt);
/* make sure the hashed/encrypted password and
* answer are still under 128 characters. */
if (password.Length > 128) {
status = MembershipCreateStatus.InvalidPassword;
return null;
}
if (RequiresQuestionAndAnswer) {
if (pwdAnswer.Length > 128) {
status = MembershipCreateStatus.InvalidAnswer;
return null;
}
}
status = MembershipCreateStatus.Success;
using (DbConnection connection = CreateConnection ()) {
try {
DbCommand command = factory.CreateCommand ();
command.Connection = connection;
command.CommandText = @"aspnet_Membership_CreateUser";
command.CommandType = CommandType.StoredProcedure;
DateTime Now = DateTime.UtcNow;
AddParameter (command, "@ApplicationName", ApplicationName);
AddParameter (command, "@UserName", username);
AddParameter (command, "@Password", password);
AddParameter (command, "@PasswordSalt", passwordSalt);
AddParameter (command, "@Email", email);
AddParameter (command, "@PasswordQuestion", pwdQuestion);
AddParameter (command, "@PasswordAnswer", pwdAnswer);
AddParameter (command, "@IsApproved", isApproved);
AddParameter (command, "@CurrentTimeUtc", Now);
AddParameter (command, "@CreateDate", Now);
AddParameter (command, "@UniqueEmail", RequiresUniqueEmail);
AddParameter (command, "@PasswordFormat", (int) PasswordFormat);
AddParameter (command, "@UserId", ParameterDirection.InputOutput, providerUserKey);
DbParameter returnValue = AddParameter (command, "@ReturnVal", ParameterDirection.ReturnValue, DbType.Int32, null);
command.ExecuteNonQuery ();
int st = GetReturnValue (returnValue);
if (st == 0)
return GetUser (username, false);
else if (st == 6)
status = MembershipCreateStatus.DuplicateUserName;
else if (st == 7)
status = MembershipCreateStatus.DuplicateEmail;
else if (st == 10)
status = MembershipCreateStatus.DuplicateProviderUserKey;
else
status = MembershipCreateStatus.ProviderError;
return null;
}
catch (Exception) {
status = MembershipCreateStatus.ProviderError;
return null;
}
}
}