Class MySQLMembershipProvider

Manages storage of membership information for an ASP.NET application in a MySQL database.

Inheritance

System.Object

System.Configuration.Provider.ProviderBase

System.Web.Security.MembershipProvider

MySQLMembershipProvider

Namespace: MySql.Web.Security

Assembly: MySql.Web.dll

Version: 9.3.0

Syntax

public sealed class MySQLMembershipProvider : MembershipProvider

Remarks

This class is used by the System.Web.Security.Membership and System.Web.Security.MembershipUser classes to provide membership services for ASP.NET applications using a MySQL database.

Examples

configuration>
  connectionStrings>
    add name = "LocalMySqlService" connectionString="server=localhost;user id=myuser;password=mypass;database=test" />
  /connectionStrings>
  system.web>
    authentication mode = "Forms" >
      forms loginUrl="login.aspx" name=".ASPXFORMSAUTH" />
    /authentication>
    authorization>
      deny users = "?" />
    /authorization>
    membership defaultProvider="MySQLProvider" userIsOnlineTimeWindow="15">
      providers>
        add
          name = "MySQLProvider"
          type="MySql.Web.Security.MySQLMembershipProvider"
          connectionStringName="LocalMySqlService"
          applicationName="MyApplication"
          enablePasswordRetrieval="false"
          enablePasswordReset="true"
          requiresQuestionAndAnswer="true"
          requiresUniqueEmail="false"
          passwordFormat="Hashed"
          maxInvalidPasswordAttempts="5"
          passwordAttemptWindow="10" />
      /providers>
    /membership>
  /system.web>
/configuration>

Properties

ApplicationName

The name of the application using the MySQL membership provider.

Declaration

public override string ApplicationName { get; set; }

Property Value

Type	Description
System.String	The name of the application using the MySQL membership provider. The default is the application virtual path.

Overrides

System.Web.Security.MembershipProvider.ApplicationName

Remarks

The ApplicationName is used by the MySqlMembershipProvider to separate membership information for multiple applications. Using different application names, applications can use the same membership database. Likewise, multiple applications can make use of the same membership data by simply using the same application name. Caution should be taken with multiple applications as the ApplicationName property is not thread safe during writes.

Examples

The following example shows the membership element being used in an applications web.config file. The application name setting is being used.

membership defaultProvider="MySQLMembershipProvider">
  providers>
      add name="MySqlMembershipProvider"
          type="MySql.Web.Security.MySQLMembershipProvider"
          connectionStringName="LocalMySqlServer"
          enablePasswordRetrieval="true"
          enablePasswordReset="false"
          requiresQuestionAndAnswer="true"
          requiresUniqueEmail="false" 
          passwordFormat="Encrypted"
          maxInvalidPasswordAttempts="3" 
          passwordAttemptWindow="20" 
          minRequiredNonAlphanumericCharacters="1" 
          minRequiredPasswordLength="11" 
          applicationName="MyApplication" />
  /providers>
/membership>

EnablePasswordReset

Indicates whether the membership provider is configured to allow users to reset their passwords.

Declaration

public override bool EnablePasswordReset { get; }

Property Value

Type	Description
System.Boolean	true if the membership provider supports password reset; otherwise, false. The default is true.

Overrides

System.Web.Security.MembershipProvider.EnablePasswordReset

Remarks

Allows the user to replace their password with a new, randomly generated password.
This can be especially handy when using hashed passwords since hashed passwords cannot be retrieved.

Examples

The following example shows the membership element being used in an applications web.config file.

membership defaultProvider="MySQLMembershipProvider">
  providers>
      add name="MySqlMembershipProvider"
          type="MySql.Web.Security.MySQLMembershipProvider"
          connectionStringName="LocalMySqlServer"
          enablePasswordRetrieval="true"
          enablePasswordReset="false"
          requiresQuestionAndAnswer="true"
          requiresUniqueEmail="false" 
          passwordFormat="Encrypted"
          maxInvalidPasswordAttempts="3" 
          passwordAttemptWindow="20" 
          minRequiredNonAlphanumericCharacters="1" 
          minRequiredPasswordLength="11" 
          applicationName="MyApplication" />
  /providers>
/membership>

EnablePasswordRetrieval

Indicates whether the membership provider is configured to allow users to retrieve their passwords.

Declaration

public override bool EnablePasswordRetrieval { get; }

Property Value

Type	Description
System.Boolean	true if the membership provider is configured to support password retrieval; otherwise, false. The default is false.

Overrides

System.Web.Security.MembershipProvider.EnablePasswordRetrieval

Remarks

If the system is configured to use hashed passwords, then retrieval is not possible.
If the user attempts to initialize the provider with hashed passwords and enable password retrieval set to true then a System.Configuration.Provider.ProviderException is thrown.

Examples

The following example shows the membership element being used in an applications web.config file.

membership defaultProvider="MySQLMembershipProvider">
  providers>
      add name="MySqlMembershipProvider"
          type="MySql.Web.Security.MySQLMembershipProvider"
          connectionStringName="LocalMySqlServer"
          enablePasswordRetrieval="true"
          enablePasswordReset="false"
          requiresQuestionAndAnswer="true"
          requiresUniqueEmail="false" 
          passwordFormat="Encrypted"
          maxInvalidPasswordAttempts="3" 
          passwordAttemptWindow="20" 
          minRequiredNonAlphanumericCharacters="1" 
          minRequiredPasswordLength="11" 
          applicationName="MyApplication" />
  /providers>
/membership>

MaxInvalidPasswordAttempts

Gets the number of invalid password or password-answer attempts allowed before the membership user is locked out.

Declaration

public override int MaxInvalidPasswordAttempts { get; }

Property Value

Type	Description
System.Int32	The number of invalid password or password-answer attempts allowed before the membership user is locked out.

Overrides

System.Web.Security.MembershipProvider.MaxInvalidPasswordAttempts

Examples

The following example shows the membership element being used in an applications web.config file.

membership defaultProvider="MySQLMembershipProvider">
  providers>
      add name="MySqlMembershipProvider"
          type="MySql.Web.Security.MySQLMembershipProvider"
          connectionStringName="LocalMySqlServer"
          enablePasswordRetrieval="true"
          enablePasswordReset="false"
          requiresQuestionAndAnswer="true"
          requiresUniqueEmail="false" 
          passwordFormat="Encrypted"
          maxInvalidPasswordAttempts="3" 
          passwordAttemptWindow="20" 
          minRequiredNonAlphanumericCharacters="1" 
          minRequiredPasswordLength="11" 
          applicationName="MyApplication" />
  /providers>
/membership>

MinRequiredNonAlphanumericCharacters

Gets the minimum number of special characters that must be present in a valid password.

Declaration

public override int MinRequiredNonAlphanumericCharacters { get; }

Property Value

Type	Description
System.Int32	The minimum number of special characters that must be present in a valid password.

Overrides

System.Web.Security.MembershipProvider.MinRequiredNonAlphanumericCharacters

Examples

The following example shows the membership element being used in an applications web.config file.

membership defaultProvider="MySQLMembershipProvider">
  providers>
      add name="MySqlMembershipProvider"
          type="MySql.Web.Security.MySQLMembershipProvider"
          connectionStringName="LocalMySqlServer"
          enablePasswordRetrieval="true"
          enablePasswordReset="false"
          requiresQuestionAndAnswer="true"
          requiresUniqueEmail="false" 
          passwordFormat="Encrypted"
          maxInvalidPasswordAttempts="3" 
          passwordAttemptWindow="20" 
          minRequiredNonAlphanumericCharacters="1" 
          minRequiredPasswordLength="11" 
          applicationName="MyApplication" />
  /providers>
/membership>

MinRequiredPasswordLength

Gets the minimum length required for a password.

Declaration

public override int MinRequiredPasswordLength { get; }

Property Value

Type	Description
System.Int32	The minimum length required for a password.

Overrides

System.Web.Security.MembershipProvider.MinRequiredPasswordLength

Examples

The following example shows the membership element being used in an applications web.config file.

membership defaultProvider="MySQLMembershipProvider">
  providers>
      add name="MySqlMembershipProvider"
          type="MySql.Web.Security.MySQLMembershipProvider"
          connectionStringName="LocalMySqlServer"
          enablePasswordRetrieval="true"
          enablePasswordReset="false"
          requiresQuestionAndAnswer="true"
          requiresUniqueEmail="false" 
          passwordFormat="Encrypted"
          maxInvalidPasswordAttempts="3" 
          passwordAttemptWindow="20" 
          minRequiredNonAlphanumericCharacters="1" 
          minRequiredPasswordLength="11" 
          applicationName="MyApplication" />
  /providers>
/membership>

PasswordAttemptWindow

Gets the number of minutes in which a maximum number of invalid password or password-answer attempts are allowed before the membership user is locked out.

Declaration

public override int PasswordAttemptWindow { get; }

Property Value

Type	Description
System.Int32	The number of minutes in which a maximum number of invalid password or password-answer attempts are allowed before the membership user is locked out.

Overrides

System.Web.Security.MembershipProvider.PasswordAttemptWindow

Examples

The following example shows the membership element being used in an applications web.config file.

membership defaultProvider="MySQLMembershipProvider">
  providers>
      add name="MySqlMembershipProvider"
          type="MySql.Web.Security.MySQLMembershipProvider"
          connectionStringName="LocalMySqlServer"
          enablePasswordRetrieval="true"
          enablePasswordReset="false"
          requiresQuestionAndAnswer="true"
          requiresUniqueEmail="false" 
          passwordFormat="Encrypted"
          maxInvalidPasswordAttempts="3" 
          passwordAttemptWindow="20" 
          minRequiredNonAlphanumericCharacters="1" 
          minRequiredPasswordLength="11" 
          applicationName="MyApplication" />
  /providers>
/membership>

PasswordFormat

Gets a value indicating the format for storing passwords in the membership data store.

Declaration

public override MembershipPasswordFormat PasswordFormat { get; }

Property Value

Type	Description
System.Web.Security.MembershipPasswordFormat	One of the System.Web.Security.MembershipPasswordFormat values indicating the format for storing passwords in the data store.

Overrides

System.Web.Security.MembershipProvider.PasswordFormat

Examples

The following example shows the membership element being used in an applications web.config file.

membership defaultProvider="MySQLMembershipProvider">
  providers>
      add name="MySqlMembershipProvider"
          type="MySql.Web.Security.MySQLMembershipProvider"
          connectionStringName="LocalMySqlServer"
          enablePasswordRetrieval="true"
          enablePasswordReset="false"
          requiresQuestionAndAnswer="true"
          requiresUniqueEmail="false" 
          passwordFormat="Encrypted"
          maxInvalidPasswordAttempts="3" 
          passwordAttemptWindow="20" 
          minRequiredNonAlphanumericCharacters="1" 
          minRequiredPasswordLength="11" 
          applicationName="MyApplication" />
  /providers>
/membership>

PasswordStrengthRegularExpression

Declaration

public override string PasswordStrengthRegularExpression { get; }

Property Value

Type	Description
System.String

Overrides

System.Web.Security.MembershipProvider.PasswordStrengthRegularExpression

RequiresQuestionAndAnswer

Gets a value indicating whether the membership provider is configured to require the user to answer a password question for password reset and retrieval.

Declaration

public override bool RequiresQuestionAndAnswer { get; }

Property Value

Type	Description
System.Boolean	true if a password answer is required for password reset and retrieval; otherwise, false. The default is false.

Overrides

System.Web.Security.MembershipProvider.RequiresQuestionAndAnswer

Examples

The following example shows the membership element being used in an applications web.config file.

membership defaultProvider="MySQLMembershipProvider">
  providers>
      add name="MySqlMembershipProvider"
          type="MySql.Web.Security.MySQLMembershipProvider"
          connectionStringName="LocalMySqlServer"
          enablePasswordRetrieval="true"
          enablePasswordReset="false"
          requiresQuestionAndAnswer="true"
          requiresUniqueEmail="false" 
          passwordFormat="Encrypted"
          maxInvalidPasswordAttempts="3" 
          passwordAttemptWindow="20" 
          minRequiredNonAlphanumericCharacters="1" 
          minRequiredPasswordLength="11" 
          applicationName="MyApplication" />
  /providers>
/membership>

RequiresUniqueEmail

Gets a value indicating whether the membership provider is configured to require a unique e-mail address for each user name.

Declaration

public override bool RequiresUniqueEmail { get; }

Property Value

Type	Description
System.Boolean	true if the membership provider requires a unique e-mail address; otherwise, false. The default is true.

Overrides

System.Web.Security.MembershipProvider.RequiresUniqueEmail

Examples

The following example shows the membership element being used in an applications web.config file.

membership defaultProvider="MySQLMembershipProvider">
  providers>
      add name="MySqlMembershipProvider"
          type="MySql.Web.Security.MySQLMembershipProvider"
          connectionStringName="LocalMySqlServer"
          enablePasswordRetrieval="true"
          enablePasswordReset="false"
          requiresQuestionAndAnswer="true"
          requiresUniqueEmail="false" 
          passwordFormat="Encrypted"
          maxInvalidPasswordAttempts="3" 
          passwordAttemptWindow="20" 
          minRequiredNonAlphanumericCharacters="1" 
          minRequiredPasswordLength="11" 
          applicationName="MyApplication" />
  /providers>
/membership>

WriteExceptionsToEventLog

Gets or sets a value indicating whether exceptions are written to the event log.

Declaration

public bool WriteExceptionsToEventLog { get; set; }

Property Value

Type	Description
System.Boolean	`true` if exceptions should be written to the log; otherwise, `false`.

Methods

ChangePassword(String, String, String)

Changes the password.

Declaration

public override bool ChangePassword(string username, string oldPassword, string newPassword)

Parameters

Type	Name	Description
System.String	username	The username.
System.String	oldPassword	The old password.
System.String	newPassword	The new password.

Returns

Type	Description
System.Boolean	`true` if the password was updated successfully; `false` if the supplied old password is invalid, the user is locked out, or the user does not exist in the database.

Overrides

System.Web.Security.MembershipProvider.ChangePassword(System.String, System.String, System.String)

ChangePasswordQuestionAndAnswer(String, String, String, String)

Changes the password question and answer.

Declaration

public override bool ChangePasswordQuestionAndAnswer(string username, string password, string newPwdQuestion, string newPwdAnswer)

Parameters

Type	Name	Description
System.String	username	The user name.
System.String	password	The password.
System.String	newPwdQuestion	The new password question.
System.String	newPwdAnswer	The new password answer.

Returns

Type	Description
System.Boolean	`true` if the update was successful; otherwise, `false`. A value of `false` is also returned if the password is incorrect, the user is locked out, or the user does not exist in the database.

Overrides

System.Web.Security.MembershipProvider.ChangePasswordQuestionAndAnswer(System.String, System.String, System.String, System.String)

CreateUser(String, String, String, String, String, Boolean, Object, out MembershipCreateStatus)

Adds a new membership user to the data source.

Declaration

public override MembershipUser CreateUser(string username, string password, string email, string passwordQuestion, string passwordAnswer, bool isApproved, object providerUserKey, out MembershipCreateStatus status)

Parameters

Type	Name	Description
System.String	username	The user name for the new user.
System.String	password	The password for the new user.
System.String	email	The e-mail address for the new user.
System.String	passwordQuestion	The password question for the new user.
System.String	passwordAnswer	The password answer for the new user
System.Boolean	isApproved	Whether or not the new user is approved to be validated.
System.Object	providerUserKey	The unique identifier from the membership data source for the user.
System.Web.Security.MembershipCreateStatus	status	A System.Web.Security.MembershipCreateStatus enumeration value indicating whether the user was created successfully.

Returns

Type	Description
System.Web.Security.MembershipUser	A System.Web.Security.MembershipUser object populated with the information for the newly created user.

Overrides

System.Web.Security.MembershipProvider.CreateUser(System.String, System.String, System.String, System.String, System.String, System.Boolean, System.Object, System.Web.Security.MembershipCreateStatus)

DeleteUser(String, Boolean)

Removes a user from the membership data source.

Declaration

public override bool DeleteUser(string username, bool deleteAllRelatedData)

Parameters

Type	Name	Description
System.String	username	The name of the user to delete.
System.Boolean	deleteAllRelatedData	`true` to delete data related to the user from the database; `false` to leave data related to the user in the database.

Returns

Type	Description
System.Boolean	`true` if the user was successfully deleted; otherwise, `false`.

Overrides

System.Web.Security.MembershipProvider.DeleteUser(System.String, System.Boolean)

FindUsersByEmail(String, Int32, Int32, out Int32)

Gets a collection of membership users where the e-mail address contains the specified e-mail address to match.

Declaration

public override MembershipUserCollection FindUsersByEmail(string emailToMatch, int pageIndex, int pageSize, out int totalRecords)

Parameters

Type	Name	Description
System.String	emailToMatch	The e-mail address to search for.
System.Int32	pageIndex	The index of the page of results to return. `pageIndex` is zero-based.
System.Int32	pageSize	The size of the page of results to return.
System.Int32	totalRecords	The total number of matched users.

Returns

Type	Description
System.Web.Security.MembershipUserCollection	A System.Web.Security.MembershipUserCollection collection that contains a page of `pageSize`System.Web.Security.MembershipUser objects beginning at the page specified by `pageIndex`.

Overrides

System.Web.Security.MembershipProvider.FindUsersByEmail(System.String, System.Int32, System.Int32, System.Int32)

FindUsersByName(String, Int32, Int32, out Int32)

Gets a collection of membership users where the user name contains the specified user name to match.

Declaration

public override MembershipUserCollection FindUsersByName(string usernameToMatch, int pageIndex, int pageSize, out int totalRecords)

Parameters

Type	Name	Description
System.String	usernameToMatch	The user name to search for.
System.Int32	pageIndex	The index of the page of results to return. `pageIndex` is zero-based.
System.Int32	pageSize	The size of the page of results to return.
System.Int32	totalRecords	The total number of matched users.

Returns

Type	Description
System.Web.Security.MembershipUserCollection	A System.Web.Security.MembershipUserCollection collection that contains a page of `pageSize`System.Web.Security.MembershipUser objects beginning at the page specified by `pageIndex`.

Overrides

System.Web.Security.MembershipProvider.FindUsersByName(System.String, System.Int32, System.Int32, System.Int32)

GetAllUsers(Int32, Int32, out Int32)

Gets a collection of all the users in the data source in pages of data.

Declaration

public override MembershipUserCollection GetAllUsers(int pageIndex, int pageSize, out int totalRecords)

Parameters

Type	Name	Description
System.Int32	pageIndex	The index of the page of results to return. `pageIndex` is zero-based.
System.Int32	pageSize	The size of the page of results to return.
System.Int32	totalRecords	The total number of matched users.

Returns

Type	Description
System.Web.Security.MembershipUserCollection	A System.Web.Security.MembershipUserCollection collection that contains a page of System.Web.Security.MembershipUser objects beginning at the page specified by `pageIndex`.

Overrides

System.Web.Security.MembershipProvider.GetAllUsers(System.Int32, System.Int32, System.Int32)

GetNumberOfUsersOnline()

Gets the number of users currently accessing the application.

Declaration

public override int GetNumberOfUsersOnline()

Returns

Type	Description
System.Int32	The number of users currently accessing the application.

Overrides

System.Web.Security.MembershipProvider.GetNumberOfUsersOnline()

GetPassword(String, String)

Gets the password for the specified user name from the data source.

Declaration

public override string GetPassword(string username, string answer)

Parameters

Type	Name	Description
System.String	username	The user to retrieve the password for.
System.String	answer	The password answer for the user.

Returns

Type	Description
System.String	The password for the specified user name.

Overrides

System.Web.Security.MembershipProvider.GetPassword(System.String, System.String)

GetUser(Object, Boolean)

Gets user information from the data source based on the unique identifier for the membership user. Provides an option to update the last-activity date/time stamp for the user.

Declaration

public override MembershipUser GetUser(object providerUserKey, bool userIsOnline)

Parameters

Type	Name	Description
System.Object	providerUserKey	The unique identifier for the membership user to get information for.
System.Boolean	userIsOnline	`true` to update the last-activity date/time stamp for the user; `false` to return user information without updating the last-activity date/time stamp for the user.

Returns

Type	Description
System.Web.Security.MembershipUser	A System.Web.Security.MembershipUser object populated with the specified user's information from the data source.

Overrides

System.Web.Security.MembershipProvider.GetUser(System.Object, System.Boolean)

GetUser(String, Boolean)

Gets information from the data source for a user. Provides an option to update the last-activity date/time stamp for the user.

Declaration

public override MembershipUser GetUser(string username, bool userIsOnline)

Parameters

Type	Name	Description
System.String	username	The name of the user to get information for.
System.Boolean	userIsOnline	`true` to update the last-activity date/time stamp for the user; `false` to return user information without updating the last-activity date/time stamp for the user.

Returns

Type	Description
System.Web.Security.MembershipUser	A System.Web.Security.MembershipUser object populated with the specified user's information from the data source.

Overrides

System.Web.Security.MembershipProvider.GetUser(System.String, System.Boolean)

GetUserNameByEmail(String)

Gets the user name associated with the specified e-mail address.

Declaration

public override string GetUserNameByEmail(string email)

Parameters

Type	Name	Description
System.String	email	The e-mail address to search for.

Returns

Type	Description
System.String	The user name associated with the specified e-mail address. If no match is found, return null.

Overrides

System.Web.Security.MembershipProvider.GetUserNameByEmail(System.String)

Initialize(String, NameValueCollection)

Initializes the MySQL membership provider with the property values specified in the ASP.NET application's configuration file. This method is not intended to be used directly from your code.

Declaration

public override void Initialize(string name, NameValueCollection config)

Parameters

Type	Name	Description
System.String	name	The name of the MySQLMembershipProvider instance to initialize.
System.Collections.Specialized.NameValueCollection	config	A collection of the name/value pairs representing the provider-specific attributes specified in the configuration for this provider.

Overrides

System.Configuration.Provider.ProviderBase.Initialize(System.String, System.Collections.Specialized.NameValueCollection)

Exceptions

Type	Condition
System.ArgumentNullException	config is a null reference.
System.InvalidOperationException	An attempt is made to call System.Configuration.Provider.ProviderBase.Initialize(System.String, System.Collections.Specialized.NameValueCollection) on a provider after the provider has already been initialized.
System.Configuration.Provider.ProviderException

ResetPassword(String, String)

Resets a user's password to a new, automatically generated password.

Declaration

public override string ResetPassword(string username, string answer)

Parameters

Type	Name	Description
System.String	username	The user to reset the password for.
System.String	answer	The password answer for the specified user.

Returns

Type	Description
System.String	The new password for the specified user.

Overrides

System.Web.Security.MembershipProvider.ResetPassword(System.String, System.String)

UnlockUser(String)

Unlocks the user.

Declaration

public override bool UnlockUser(string username)

Parameters

Type	Name	Description
System.String	username	The username.

Returns

Type	Description
System.Boolean	`true` if the membership user was successfully unlocked; otherwise, `false`. A value of `false` is also returned if the user does not exist in the database.

Overrides

System.Web.Security.MembershipProvider.UnlockUser(System.String)

UpdateUser(MembershipUser)

Updates information about a user in the data source.

Declaration

public override void UpdateUser(MembershipUser user)

Parameters

Type	Name	Description
System.Web.Security.MembershipUser	user	A System.Web.Security.MembershipUser object that represents the user to update and the updated information for the user.

Overrides

System.Web.Security.MembershipProvider.UpdateUser(System.Web.Security.MembershipUser)

ValidateUser(String, String)

Verifies that the specified user name and password exist in the data source.

Declaration

public override bool ValidateUser(string username, string password)

Parameters

Type	Name	Description
System.String	username	The name of the user to validate.
System.String	password	The password for the specified user.

Returns

Type	Description
System.Boolean	`true` if the specified username and password are valid; otherwise, `false`.

Overrides

System.Web.Security.MembershipProvider.ValidateUser(System.String, System.String)