Imported Upstream version 3.6.0

Former-commit-id: da6be194a6b1221998fc28233f2503bd61dd9d14

mcs/class/System.Web/System.Web.Security/ActiveDirectoryConnectionProtection.cs

@@ -0,0 +1,40 @@
+//
+// System.Web.Security.ActiveDirectoryConnectionProtection enum
+//
+// Author:
+//	Sebastien Pouliot  <sebastien@ximian.com>
+//
+// Copyright (C) 2005 Novell, Inc (http://www.novell.com)
+//
+// Permission is hereby granted, free of charge, to any person obtaining
+// a copy of this software and associated documentation files (the
+// "Software"), to deal in the Software without restriction, including
+// without limitation the rights to use, copy, modify, merge, publish,
+// distribute, sublicense, and/or sell copies of the Software, and to
+// permit persons to whom the Software is furnished to do so, subject to
+// the following conditions:
+// 
+// The above copyright notice and this permission notice shall be
+// included in all copies or substantial portions of the Software.
+// 
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+// EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+// NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+// LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+//
+
+#if NET_2_0
+
+namespace System.Web.Security {
+
+	public enum ActiveDirectoryConnectionProtection {
+		None,
+		Ssl,
+		SignAndSeal
+	}
+}
+
+#endif

mcs/class/System.Web/System.Web.Security/ActiveDirectoryMembershipProvider.cs

@@ -0,0 +1,221 @@
+//
+// System.Web.Security.ActiveDirectoryMembershipProvider
+//
+// Authors:
+//	Ben Maurer (bmaurer@users.sourceforge.net)
+//	Lluis Sanchez Gual (lluis@novell.com)
+//
+// (C) 2003 Ben Maurer
+// Copyright (c) 2005 Novell, Inc (http://www.novell.com)
+//
+// Permission is hereby granted, free of charge, to any person obtaining
+// a copy of this software and associated documentation files (the
+// "Software"), to deal in the Software without restriction, including
+// without limitation the rights to use, copy, modify, merge, publish,
+// distribute, sublicense, and/or sell copies of the Software, and to
+// permit persons to whom the Software is furnished to do so, subject to
+// the following conditions:
+// 
+// The above copyright notice and this permission notice shall be
+// included in all copies or substantial portions of the Software.
+// 
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+// EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+// NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+// LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+//
+
+#if NET_2_0
+
+using System.Collections.Specialized;
+
+namespace System.Web.Security {
+
+	[MonoTODO ("that's only a stub")]
+	public class ActiveDirectoryMembershipProvider : MembershipProvider {
+		
+		[MonoTODO ("Not implemented")]
+		public override bool ChangePassword (string username, string oldPwd, string newPwd)
+		{
+			throw new NotImplementedException ();
+		}
+		
+		[MonoTODO ("Not implemented")]
+		public override bool ChangePasswordQuestionAndAnswer (string username, string password, string newPwdQuestion, string newPwdAnswer)
+		{
+			throw new NotImplementedException ();
+		}
+		
+		[MonoTODO ("Not implemented")]
+		public override MembershipUser CreateUser (string username, string password, string email, string pwdQuestion, string pwdAnswer, bool isApproved, object providerUserKey, out MembershipCreateStatus status)
+		{
+			throw new NotImplementedException ();
+		}
+		
+		[MonoTODO ("Not implemented")]
+		public override bool DeleteUser (string username, bool deleteAllRelatedData)
+		{
+			throw new NotImplementedException ();
+		}
+		
+		[MonoTODO ("Not implemented")]
+		public virtual string GeneratePassword ()
+		{
+			throw new NotImplementedException ();
+		}
+		
+		[MonoTODO ("Not implemented")]
+		public override MembershipUserCollection FindUsersByEmail (string emailToMatch, int pageIndex, int pageSize, out int totalRecords)
+		{
+			throw new NotImplementedException ();
+		}
+		
+		[MonoTODO ("Not implemented")]
+		public override MembershipUserCollection FindUsersByName (string nameToMatch, int pageIndex, int pageSize, out int totalRecords)
+		{
+			throw new NotImplementedException ();
+		}
+		
+		[MonoTODO ("Not implemented")]
+		public override MembershipUserCollection GetAllUsers (int pageIndex, int pageSize, out int totalRecords)
+		{
+			throw new NotImplementedException ();
+		}
+		
+		[MonoTODO ("Not implemented")]
+		public override int GetNumberOfUsersOnline ()
+		{
+			throw new NotImplementedException ();
+		}
+		
+		[MonoTODO("Not implemented")]
+		public override string GetPassword (string username, string answer)
+		{
+			throw new NotImplementedException ();
+		}
+		
+		[MonoTODO("Not implemented")]
+		public override MembershipUser GetUser (string username, bool userIsOnline)
+		{
+			throw new NotImplementedException ();
+		}
+		
+		[MonoTODO("Not implemented")]
+		public override MembershipUser GetUser (object providerUserKey, bool userIsOnline)
+		{
+			throw new NotImplementedException ();
+		}
+		
+		[MonoTODO("Not implemented")]
+		public override string GetUserNameByEmail (string email)
+		{
+			throw new NotImplementedException ();
+		}
+		
+		[MonoTODO("Not implemented")]
+		public override void Initialize (string name, NameValueCollection config)
+		{
+			throw new NotImplementedException ();
+		}
+		
+		[MonoTODO("Not implemented")]
+		public override string ResetPassword (string username, string answer)
+		{
+			throw new NotImplementedException ();
+		}
+		
+		[MonoTODO("Not implemented")]
+		public override void UpdateUser (MembershipUser user)
+		{
+			throw new NotImplementedException ();
+		}
+		
+		[MonoTODO("Not implemented")]
+		public override bool ValidateUser (string username, string password)
+		{
+			throw new NotImplementedException ();
+		}
+		
+		[MonoTODO("Not implemented")]
+		public override bool UnlockUser (string userName)
+		{
+			throw new NotImplementedException ();
+		}
+		
+		[MonoTODO("Not implemented")]
+		public override string ApplicationName {
+			get { throw new NotImplementedException (); }
+			set { throw new NotImplementedException (); }
+		}
+
+		[MonoTODO("Not implemented")]
+		public ActiveDirectoryConnectionProtection CurrentConnectionProtection {
+			get { throw new NotImplementedException (); }
+		}
+		
+		[MonoTODO("Not implemented")]
+		public override bool EnablePasswordReset {
+			get { throw new NotImplementedException (); }
+		}
+		
+		[MonoTODO("Not implemented")]
+		public override bool EnablePasswordRetrieval {
+			get { throw new NotImplementedException (); }
+		}
+
+		[MonoTODO("Not implemented")]
+		public bool EnableSearchMethods {
+			get { throw new NotImplementedException (); }
+		}
+		
+		[MonoTODO("Not implemented")]
+		public override MembershipPasswordFormat PasswordFormat {
+			get { throw new NotImplementedException (); }
+		}
+		
+		[MonoTODO("Not implemented")]
+		public override bool RequiresQuestionAndAnswer {
+			get { throw new NotImplementedException (); }
+		}
+		
+		[MonoTODO("Not implemented")]
+		public override bool RequiresUniqueEmail {
+			get { throw new NotImplementedException (); }
+		}
+		
+		[MonoTODO("Not implemented")]
+		public override int MaxInvalidPasswordAttempts {
+			get { throw new NotImplementedException (); }
+		}
+		
+		[MonoTODO("Not implemented")]
+		public override int MinRequiredNonAlphanumericCharacters {
+			get { throw new NotImplementedException (); }
+		}
+		
+		[MonoTODO("Not implemented")]
+		public override int MinRequiredPasswordLength {
+			get { throw new NotImplementedException (); }
+		}
+		
+		[MonoTODO("Not implemented")]
+		public override int PasswordAttemptWindow {
+			get { throw new NotImplementedException (); }
+		}
+
+		[MonoTODO("Not implemented")]
+		public int PasswordAnswerAttemptLockoutDuration {
+			get { throw new NotImplementedException (); }
+		}
+		
+		[MonoTODO("Not implemented")]
+		public override string PasswordStrengthRegularExpression {
+			get { throw new NotImplementedException (); }
+		}
+	}
+}
+#endif
+

mcs/class/System.Web/System.Web.Security/AnonymousIdentificationEventArgs.cs

@@ -0,0 +1,51 @@
+//
+// System.Web.Security.AnonymousIdentificationEventArgs
+//
+// Authors:
+//	Ben Maurer (bmaurer@users.sourceforge.net)
+//
+// (C) 2003 Ben Maurer
+// Copyright (c) 2005 Novell, Inc (http://www.novell.com)
+//
+// Permission is hereby granted, free of charge, to any person obtaining
+// a copy of this software and associated documentation files (the
+// "Software"), to deal in the Software without restriction, including
+// without limitation the rights to use, copy, modify, merge, publish,
+// distribute, sublicense, and/or sell copies of the Software, and to
+// permit persons to whom the Software is furnished to do so, subject to
+// the following conditions:
+// 
+// The above copyright notice and this permission notice shall be
+// included in all copies or substantial portions of the Software.
+// 
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+// EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+// NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+// LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+//
+
+#if NET_2_0
+namespace System.Web.Security {
+	public sealed class AnonymousIdentificationEventArgs : EventArgs {
+		public AnonymousIdentificationEventArgs (HttpContext context)
+		{
+			this.context = context;
+		}
+		
+		HttpContext context;
+		public HttpContext Context {
+			get { return context; }
+		}
+		
+		string anonymousId;
+		public string AnonymousID {
+			get { return anonymousId; }
+			set { anonymousId = value; }
+		}
+	}
+}
+#endif
+

mcs/class/System.Web/System.Web.Security/AnonymousIdentificationEventHandler.cs

@@ -0,0 +1,36 @@
+//
+// System.Web.Security.AnonymousIdentificationEventHandler
+//
+// Authors:
+//	Ben Maurer (bmaurer@users.sourceforge.net)
+//
+// (C) 2003 Ben Maurer
+//
+
+//
+// Permission is hereby granted, free of charge, to any person obtaining
+// a copy of this software and associated documentation files (the
+// "Software"), to deal in the Software without restriction, including
+// without limitation the rights to use, copy, modify, merge, publish,
+// distribute, sublicense, and/or sell copies of the Software, and to
+// permit persons to whom the Software is furnished to do so, subject to
+// the following conditions:
+// 
+// The above copyright notice and this permission notice shall be
+// included in all copies or substantial portions of the Software.
+// 
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+// EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+// NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+// LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+//
+
+#if NET_2_0
+namespace System.Web.Security {
+	public delegate void AnonymousIdentificationEventHandler (object sender, AnonymousIdentificationEventArgs e);
+}
+#endif
+

mcs/class/System.Web/System.Web.Security/AnonymousIdentificationModule.cs

@@ -0,0 +1,140 @@
+//
+// System.Web.Security.AnonymousIdentificationModule
+//
+// Authors:
+//	Ben Maurer (bmaurer@users.sourceforge.net)
+//	Chris Toshok (toshok@ximian.com)
+//
+// (C) 2003 Ben Maurer
+// Copyright (c) 2005 Novell, Inc (http://www.novell.com)
+//
+// Permission is hereby granted, free of charge, to any person obtaining
+// a copy of this software and associated documentation files (the
+// "Software"), to deal in the Software without restriction, including
+// without limitation the rights to use, copy, modify, merge, publish,
+// distribute, sublicense, and/or sell copies of the Software, and to
+// permit persons to whom the Software is furnished to do so, subject to
+// the following conditions:
+// 
+// The above copyright notice and this permission notice shall be
+// included in all copies or substantial portions of the Software.
+// 
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+// EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+// NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+// LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+//
+
+#if NET_2_0
+
+using System;
+using System.ComponentModel;
+using System.Web;
+using System.Web.Configuration;
+using System.Text;
+
+namespace System.Web.Security {
+
+	public sealed class AnonymousIdentificationModule : IHttpModule {
+		static readonly object creatingEvent = new object ();
+		
+		HttpApplication app;
+		EventHandlerList events = new EventHandlerList ();
+		
+		public event AnonymousIdentificationEventHandler Creating  {
+			add { events.AddHandler (creatingEvent, value); }
+			remove { events.RemoveHandler (creatingEvent, value); }
+		}
+
+		public static void ClearAnonymousIdentifier ()
+		{
+			if (Config == null || !Config.Enabled)
+				/* XXX The user for the current request is anonymous */
+				throw new NotSupportedException ();
+		}
+
+		public void Dispose ()
+		{
+			app.PostAuthenticateRequest -= OnEnter;
+			app = null;
+		}
+		
+		public void Init (HttpApplication app)
+		{
+			this.app = app;
+			app.PostAuthenticateRequest += OnEnter;
+		}
+
+		[MonoTODO ("cookieless userid")]
+		void OnEnter (object source, EventArgs eventArgs)
+		{
+			if (!Enabled)
+				return;
+
+			string anonymousID = null;
+
+			HttpCookie cookie = app.Request.Cookies [Config.CookieName];
+			if (cookie != null && (cookie.Expires == DateTime.MinValue || cookie.Expires > DateTime.Now)) {
+				try {
+					anonymousID = Encoding.Unicode.GetString (Convert.FromBase64String (cookie.Value));
+				}
+				catch { }
+			}
+
+			if (anonymousID == null) {
+				AnonymousIdentificationEventHandler eh = events [creatingEvent] as AnonymousIdentificationEventHandler;
+				if (eh != null) {
+					AnonymousIdentificationEventArgs e = new AnonymousIdentificationEventArgs (HttpContext.Current);
+					eh (this, e);
+
+					anonymousID = e.AnonymousID;
+				}
+
+				if (anonymousID == null)
+					anonymousID = Guid.NewGuid ().ToString ();
+
+				HttpCookie newCookie = new HttpCookie (Config.CookieName);
+				newCookie.Path = app.Request.ApplicationPath;
+				newCookie.Expires = DateTime.Now + Config.CookieTimeout;
+				newCookie.Value = Convert.ToBase64String (Encoding.Unicode.GetBytes (anonymousID));
+				app.Response.AppendCookie (newCookie);
+			}
+			app.Request.AnonymousID = anonymousID;
+		}
+
+		public static bool Enabled {
+			get {
+				if (Config == null)
+					return false;
+
+				return Config.Enabled;
+			}
+		}
+
+#if TARGET_JVM
+		static AnonymousIdentificationSection Config
+		{
+			get
+			{
+				AnonymousIdentificationSection config = (AnonymousIdentificationSection) AppDomain.CurrentDomain.GetData ("Anonymous.Config");
+				if (config == null) {
+					lock (typeof (AnonymousIdentificationModule)) {
+						config = (AnonymousIdentificationSection) AppDomain.CurrentDomain.GetData ("Anonymous.Config");
+						if (config == null)
+							config = (AnonymousIdentificationSection) WebConfigurationManager.GetSection ("system.web/anonymousIdentification");
+						AppDomain.CurrentDomain.SetData ("Anonymous.Config", config);
+					}
+				}
+				return config;
+			}
+		}
+#else
+		static AnonymousIdentificationSection Config = (AnonymousIdentificationSection) WebConfigurationManager.GetSection ("system.web/anonymousIdentification");
+#endif
+	}
+}
+#endif
+

mcs/class/System.Web/System.Web.Security/AspNetDBSchemaChecker.cs

@@ -0,0 +1,89 @@
+//
+// System.Web.Security.SqlMembershipProvider
+//
+// Authors:
+//  Vladimir Krasnov (vladimirk@mainsoft.com)
+//
+// (C) 2003 Ben Maurer
+// Copyright (c) 2005,2006 Novell, Inc (http://www.novell.com)
+//
+// Permission is hereby granted, free of charge, to any person obtaining
+// a copy of this software and associated documentation files (the
+// "Software"), to deal in the Software without restriction, including
+// without limitation the rights to use, copy, modify, merge, publish,
+// distribute, sublicense, and/or sell copies of the Software, and to
+// permit persons to whom the Software is furnished to do so, subject to
+// the following conditions:
+// 
+// The above copyright notice and this permission notice shall be
+// included in all copies or substantial portions of the Software.
+// 
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+// EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+// NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+// LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+//
+
+#if NET_2_0
+using System;
+using System.Collections.Generic;
+using System.Text;
+using System.Data.Common;
+using System.Data;
+using System.Configuration.Provider;
+
+namespace System.Web.Security
+{
+	internal static class AspNetDBSchemaChecker
+	{
+		static DbConnection CreateConnection (DbProviderFactory factory, string connStr)
+		{
+			DbConnection connection = factory.CreateConnection ();
+			connection.ConnectionString = connStr;
+
+			connection.Open ();
+			return connection;
+		}
+
+		public static bool CheckMembershipSchemaVersion (DbProviderFactory factory, string connStr, string feature, string compatibleVersion)
+		{
+			using (DbConnection connection = CreateConnection (factory, connStr)) {
+				DbCommand command = factory.CreateCommand ();
+				command.Connection = connection;
+				command.CommandText = @"aspnet_CheckSchemaVersion";
+				command.CommandType = CommandType.StoredProcedure;
+
+				AddParameter (factory, command, "@Feature", ParameterDirection.Input, feature);
+				AddParameter (factory, command, "@CompatibleSchemaVersion", ParameterDirection.Input, compatibleVersion);
+				DbParameter returnValue = AddParameter (factory, command, "@ReturnVal", ParameterDirection.ReturnValue, null);
+
+				try {
+					command.ExecuteNonQuery ();
+				}
+				catch (Exception) {
+					throw new ProviderException ("ASP.NET Membership schema not installed.");
+				}
+
+				if ((int) (returnValue.Value ?? -1) == 0)
+					return true;
+
+				return false;
+			}
+		}
+
+		static DbParameter AddParameter (DbProviderFactory factory, DbCommand command, string parameterName, ParameterDirection direction, object parameterValue)
+		{
+			DbParameter dbp = command.CreateParameter ();
+			dbp.ParameterName = parameterName;
+			dbp.Value = parameterValue;
+			dbp.Direction = direction;
+			command.Parameters.Add (dbp);
+			return dbp;
+		}
+
+	}
+}
+#endif

mcs/class/System.Web/System.Web.Security/CookieProtection.cs

@@ -0,0 +1,41 @@
+//
+// System.Web.Security.CookieProtection
+//
+// Authors:
+//	Ben Maurer (bmaurer@users.sourceforge.net)
+//
+// (C) 2003 Ben Maurer
+//
+
+//
+// Permission is hereby granted, free of charge, to any person obtaining
+// a copy of this software and associated documentation files (the
+// "Software"), to deal in the Software without restriction, including
+// without limitation the rights to use, copy, modify, merge, publish,
+// distribute, sublicense, and/or sell copies of the Software, and to
+// permit persons to whom the Software is furnished to do so, subject to
+// the following conditions:
+// 
+// The above copyright notice and this permission notice shall be
+// included in all copies or substantial portions of the Software.
+// 
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+// EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+// NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+// LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+//
+
+#if NET_2_0
+namespace System.Web.Security {
+	public enum CookieProtection {
+		None = 0,
+		Validation = 1,
+		Encryption = 2,
+		All = 3
+	}
+}
+#endif
+

mcs/class/System.Web/System.Web.Security/DefaultAuthenticationEventArgs.cs

@@ -0,0 +1,52 @@
+//
+// System.Web.Security.DefaultAuthenticationEventArgs
+//
+// Authors:
+//	Gonzalo Paniagua Javier (gonzalo@ximian.com)
+//
+// (C) 2002 Ximian, Inc (http://www.ximian.com)
+// Copyright (C) 2005 Novell, Inc (http://www.novell.com)
+//
+// Permission is hereby granted, free of charge, to any person obtaining
+// a copy of this software and associated documentation files (the
+// "Software"), to deal in the Software without restriction, including
+// without limitation the rights to use, copy, modify, merge, publish,
+// distribute, sublicense, and/or sell copies of the Software, and to
+// permit persons to whom the Software is furnished to do so, subject to
+// the following conditions:
+// 
+// The above copyright notice and this permission notice shall be
+// included in all copies or substantial portions of the Software.
+// 
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+// EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+// NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+// LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+//
+
+using System.Security.Permissions;
+
+namespace System.Web.Security {
+
+	// CAS - no InheritanceDemand here as the class is sealed
+	[AspNetHostingPermission (SecurityAction.LinkDemand, Level = AspNetHostingPermissionLevel.Minimal)]
+	public sealed class DefaultAuthenticationEventArgs : EventArgs {
+
+		HttpContext _context;
+
+		public DefaultAuthenticationEventArgs (HttpContext context)
+		{
+			if (context == null)
+				throw new ArgumentNullException ("context");
+
+			_context = context;
+		}
+
+		public HttpContext Context {
+			get { return _context; }
+		}
+	}
+}

mcs/class/System.Web/System.Web.Security/DefaultAuthenticationEventHandler.cs

@@ -0,0 +1,36 @@
+//
+// System.Web.Security.DefaultAuthenticationEventHandler
+//
+// Authors:
+//	Gonzalo Paniagua Javier (gonzalo@ximian.com)
+//
+// (C) 2002 Ximian, Inc (http://www.ximian.com)
+//
+
+//
+// Permission is hereby granted, free of charge, to any person obtaining
+// a copy of this software and associated documentation files (the
+// "Software"), to deal in the Software without restriction, including
+// without limitation the rights to use, copy, modify, merge, publish,
+// distribute, sublicense, and/or sell copies of the Software, and to
+// permit persons to whom the Software is furnished to do so, subject to
+// the following conditions:
+// 
+// The above copyright notice and this permission notice shall be
+// included in all copies or substantial portions of the Software.
+// 
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+// EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+// NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+// LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+//
+
+namespace System.Web.Security
+{
+	public delegate void DefaultAuthenticationEventHandler (object sender,
+								DefaultAuthenticationEventArgs e);
+}
+

mcs/class/System.Web/System.Web.Security/DefaultAuthenticationModule.cs

@@ -0,0 +1,83 @@
+//
+// System.Web.Security.DefaultAuthenticationModule
+//
+// Authors:
+//	Gonzalo Paniagua Javier (gonzalo@ximian.com)
+//
+// (C) 2002 Ximian, Inc (http://www.ximian.com)
+// Copyright (C) 2005 Novell, Inc (http://www.novell.com)
+//
+// Permission is hereby granted, free of charge, to any person obtaining
+// a copy of this software and associated documentation files (the
+// "Software"), to deal in the Software without restriction, including
+// without limitation the rights to use, copy, modify, merge, publish,
+// distribute, sublicense, and/or sell copies of the Software, and to
+// permit persons to whom the Software is furnished to do so, subject to
+// the following conditions:
+// 
+// The above copyright notice and this permission notice shall be
+// included in all copies or substantial portions of the Software.
+// 
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+// EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+// NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+// LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+//
+
+using System.ComponentModel;
+using System.Security.Permissions;
+using System.Security.Principal;
+using System.Threading;
+
+// more info on the workings of this class can be found in Shackow, p. 55
+//
+namespace System.Web.Security
+{
+	// CAS - no InheritanceDemand here as the class is sealed
+	[AspNetHostingPermission (SecurityAction.LinkDemand, Level = AspNetHostingPermissionLevel.Minimal)]
+	public sealed class DefaultAuthenticationModule : IHttpModule
+	{
+		static readonly object authenticateEvent = new object ();
+		static IPrincipal generic_principal = new GenericPrincipal (new GenericIdentity ("", ""), new string [0]);
+
+		EventHandlerList events = new EventHandlerList ();
+		
+		public event DefaultAuthenticationEventHandler Authenticate {
+			add { events.AddHandler (authenticateEvent, value); }
+			remove { events.RemoveHandler (authenticateEvent, value); }
+		}
+		
+		[SecurityPermission (SecurityAction.Demand, UnmanagedCode = true)]
+		public DefaultAuthenticationModule ()
+		{
+		}
+
+		public void Dispose ()
+		{
+		}
+
+		public void Init (HttpApplication app)
+		{
+			app.DefaultAuthentication += new EventHandler (OnDefaultAuthentication);
+		}
+
+		void OnDefaultAuthentication (object sender, EventArgs args)
+		{
+			HttpApplication app = (HttpApplication) sender;
+			HttpContext context = app.Context;
+
+			DefaultAuthenticationEventHandler eh = events [authenticateEvent] as DefaultAuthenticationEventHandler;
+			if (context.User == null && eh != null)
+				eh (this, new DefaultAuthenticationEventArgs (context));
+
+			if (context.User == null)
+				context.User = generic_principal;
+
+			Thread.CurrentPrincipal = context.User;
+		}
+	}
+}
+

mcs/class/System.Web/System.Web.Security/FileAuthorizationModule.cs

@@ -0,0 +1,62 @@
+//
+// System.Web.Security.FileAuthorizationModule
+//
+// Authors:
+//	Gonzalo Paniagua Javier (gonzalo@ximian.com)
+//
+// (C) 2002 Ximian, Inc (http://www.ximian.com)
+// Copyright (c) 2005 Novell, Inc (http://www.novell.com)
+//
+// Permission is hereby granted, free of charge, to any person obtaining
+// a copy of this software and associated documentation files (the
+// "Software"), to deal in the Software without restriction, including
+// without limitation the rights to use, copy, modify, merge, publish,
+// distribute, sublicense, and/or sell copies of the Software, and to
+// permit persons to whom the Software is furnished to do so, subject to
+// the following conditions:
+// 
+// The above copyright notice and this permission notice shall be
+// included in all copies or substantial portions of the Software.
+// 
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+// EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+// NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+// LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+//
+
+using System.Security.Permissions;
+
+namespace System.Web.Security
+{
+	[MonoTODO ("that's only a stub")]
+	// CAS - no InheritanceDemand here as the class is sealed
+	[AspNetHostingPermission (SecurityAction.LinkDemand, Level = AspNetHostingPermissionLevel.Minimal)]
+	public sealed class FileAuthorizationModule : IHttpModule
+	{
+		[SecurityPermission (SecurityAction.Demand, UnmanagedCode = true)]
+		public FileAuthorizationModule ()
+		{
+		}
+
+		public void Dispose ()
+		{
+		}
+
+		[MonoTODO ("Not implemented")]
+		public void Init (HttpApplication app)
+		{
+			throw new NotImplementedException ();
+		}
+
+#if NET_2_0
+		[MonoTODO ("Not implemented")]
+		public static bool CheckFileAccessForUser (string virtualPath, IntPtr token, string verb)
+		{
+			throw new NotImplementedException ();
+		}
+#endif
+	}
+}

mcs/class/System.Web/System.Web.Security/FormsAuthenticationEventArgs.cs

@@ -0,0 +1,67 @@
+//
+// System.Web.Security.FormsAuthenticationEventArgs
+//
+// Authors:
+//	Gonzalo Paniagua Javier (gonzalo@ximian.com)
+//
+// (C) 2002 Ximian, Inc (http://www.ximian.com)
+// Copyright (C) 2005 Novell, Inc (http://www.novell.com)
+//
+// Permission is hereby granted, free of charge, to any person obtaining
+// a copy of this software and associated documentation files (the
+// "Software"), to deal in the Software without restriction, including
+// without limitation the rights to use, copy, modify, merge, publish,
+// distribute, sublicense, and/or sell copies of the Software, and to
+// permit persons to whom the Software is furnished to do so, subject to
+// the following conditions:
+// 
+// The above copyright notice and this permission notice shall be
+// included in all copies or substantial portions of the Software.
+// 
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+// EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+// NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+// LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+//
+
+using System.Security.Permissions;
+using System.Security.Principal;
+
+namespace System.Web.Security
+{
+	// CAS - no InheritanceDemand here as the class is sealed
+	[AspNetHostingPermission (SecurityAction.LinkDemand, Level = AspNetHostingPermissionLevel.Minimal)]
+	public sealed class FormsAuthenticationEventArgs : EventArgs
+	{
+		IPrincipal user;
+		HttpContext context;
+
+		public FormsAuthenticationEventArgs (HttpContext context)
+		{
+			this.context = context;
+		}
+
+		public HttpContext Context
+		{
+			get {
+				return context;
+			}
+		}
+
+		public IPrincipal User
+		{
+			get {
+				return user;
+			}
+
+			[SecurityPermission (SecurityAction.Demand, ControlPrincipal = true)]
+			set {
+				user = value;
+			}
+		}
+	}
+}
+

mcs/class/System.Web/System.Web.Security/FormsAuthenticationEventHandler.cs

@@ -0,0 +1,35 @@
+//
+// System.Web.Security.FormsAuthenticationEventHandler
+//
+// Authors:
+//	Gonzalo Paniagua Javier (gonzalo@ximian.com)
+//
+// (C) 2002 Ximian, Inc (http://www.ximian.com)
+//
+
+//
+// Permission is hereby granted, free of charge, to any person obtaining
+// a copy of this software and associated documentation files (the
+// "Software"), to deal in the Software without restriction, including
+// without limitation the rights to use, copy, modify, merge, publish,
+// distribute, sublicense, and/or sell copies of the Software, and to
+// permit persons to whom the Software is furnished to do so, subject to
+// the following conditions:
+// 
+// The above copyright notice and this permission notice shall be
+// included in all copies or substantial portions of the Software.
+// 
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+// EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+// NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+// LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+//
+
+namespace System.Web.Security
+{
+	public delegate void FormsAuthenticationEventHandler (object sender, FormsAuthenticationEventArgs e);
+}
+

mcs/class/System.Web/System.Web.Security/FormsAuthenticationModule.cs

@@ -0,0 +1,200 @@
+//
+// System.Web.Security.FormsAuthenticationModule
+//
+// Authors:
+//	Gonzalo Paniagua Javier (gonzalo@ximian.com)
+//
+// (C) 2002 Ximian, Inc (http://www.ximian.com)
+// Copyright (C) 2005 Novell, Inc (http://www.novell.com)
+//
+// Permission is hereby granted, free of charge, to any person obtaining
+// a copy of this software and associated documentation files (the
+// "Software"), to deal in the Software without restriction, including
+// without limitation the rights to use, copy, modify, merge, publish,
+// distribute, sublicense, and/or sell copies of the Software, and to
+// permit persons to whom the Software is furnished to do so, subject to
+// the following conditions:
+// 
+// The above copyright notice and this permission notice shall be
+// included in all copies or substantial portions of the Software.
+// 
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+// EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+// NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+// LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+//
+
+using System.ComponentModel;
+using System.Globalization;
+using System.Security.Permissions;
+using System.Security.Principal;
+using System.Text;
+using System.Web.Configuration;
+using System.Web.Util;
+
+namespace System.Web.Security
+{
+	// CAS - no InheritanceDemand here as the class is sealed
+	[AspNetHostingPermission (SecurityAction.LinkDemand, Level = AspNetHostingPermissionLevel.Minimal)]
+	public sealed class FormsAuthenticationModule : IHttpModule
+	{
+		static readonly object authenticateEvent = new object ();
+		
+#if NET_2_0
+		AuthenticationSection _config = null;
+#else
+		AuthConfig _config = null;
+#endif
+		bool isConfigInitialized = false;
+		EventHandlerList events = new EventHandlerList ();
+		
+		public event FormsAuthenticationEventHandler Authenticate {
+			add { events.AddHandler (authenticateEvent, value); }
+			remove { events.RemoveHandler (authenticateEvent, value); }
+		}
+		
+		void InitConfig (HttpContext context)
+		{
+			if(isConfigInitialized)
+				return;
+#if NET_2_0
+			_config = (AuthenticationSection) WebConfigurationManager.GetSection ("system.web/authentication");
+#else
+			_config = (AuthConfig) context.GetConfig ("system.web/authentication");
+#endif
+			isConfigInitialized = true;
+		}
+
+		[SecurityPermission (SecurityAction.Demand, UnmanagedCode = true)]
+		public FormsAuthenticationModule ()
+		{
+		}
+
+		public void Dispose ()
+		{
+		}
+
+		public void Init (HttpApplication app)
+		{
+			app.AuthenticateRequest += new EventHandler (OnAuthenticateRequest);
+			app.EndRequest += new EventHandler (OnEndRequest);
+		}
+
+		void OnAuthenticateRequest (object sender, EventArgs args)
+		{
+			HttpApplication app = (HttpApplication) sender;
+			HttpContext context = app.Context;
+
+			string cookieName;
+			string cookiePath;
+			string loginPage;
+			bool slidingExpiration;
+
+			InitConfig (context);
+			if (_config == null || _config.Mode != AuthenticationMode.Forms) {
+				return;
+			}
+
+#if NET_2_0
+			cookieName = _config.Forms.Name;
+			cookiePath = _config.Forms.Path;
+			loginPage = _config.Forms.LoginUrl;
+			slidingExpiration = _config.Forms.SlidingExpiration;
+#else
+			cookieName = _config.CookieName;
+			cookiePath = _config.CookiePath;
+			loginPage = _config.LoginUrl;
+			slidingExpiration = _config.SlidingExpiration;
+#endif
+
+			if (!VirtualPathUtility.IsRooted (loginPage))
+				loginPage = "~/" + loginPage;
+
+			string reqPath = String.Empty;
+			string loginPath = null;
+			try {
+				reqPath = context.Request.PhysicalPath;
+				loginPath = context.Request.MapPath (loginPage);
+			} catch {} // ignore
+
+			context.SkipAuthorization = String.Compare (reqPath, loginPath, RuntimeHelpers.CaseInsensitive, Helpers.InvariantCulture) == 0;
+			
+#if NET_2_0
+			//TODO: need to check that the handler is System.Web.Handlers.AssemblyResourceLoader type
+			string filePath = context.Request.FilePath;
+			if (filePath.Length > 15 && String.CompareOrdinal ("WebResource.axd", 0, filePath, filePath.Length - 15, 15) == 0)
+				context.SkipAuthorization = true;
+#endif
+
+			FormsAuthenticationEventArgs formArgs = new FormsAuthenticationEventArgs (context);
+			FormsAuthenticationEventHandler eh = events [authenticateEvent] as FormsAuthenticationEventHandler;
+			if (eh != null)
+				eh (this, formArgs);
+
+			bool contextUserNull = (context.User == null);
+			if (formArgs.User != null || !contextUserNull) {
+				if (contextUserNull)
+					context.User = formArgs.User;
+				return;
+			}
+				
+			HttpCookie cookie = context.Request.Cookies [cookieName];
+			if (cookie == null || (cookie.Expires != DateTime.MinValue && cookie.Expires < DateTime.Now))
+				return;
+
+			FormsAuthenticationTicket ticket = null;
+			try {
+				ticket = FormsAuthentication.Decrypt (cookie.Value);
+			}
+			catch (ArgumentException) {
+				// incorrect cookie value, suppress the exception
+				return;
+			}
+			if (ticket == null || (!ticket.IsPersistent && ticket.Expired))
+				return;
+
+			FormsAuthenticationTicket oldticket = ticket;
+			if (slidingExpiration)
+				ticket = FormsAuthentication.RenewTicketIfOld (ticket);
+
+			context.User = new GenericPrincipal (new FormsIdentity (ticket), new string [0]);
+
+			if (cookie.Expires == DateTime.MinValue && oldticket == ticket) 
+				return;
+
+			cookie.Value = FormsAuthentication.Encrypt (ticket);
+			cookie.Path = cookiePath;
+			if (ticket.IsPersistent)
+				cookie.Expires = ticket.Expiration;
+
+			context.Response.Cookies.Add (cookie);
+		}
+
+		void OnEndRequest (object sender, EventArgs args)
+		{
+			HttpApplication app = (HttpApplication) sender;
+			HttpContext context = app.Context;
+			if (context.Response.StatusCode != 401 || context.Request.QueryString ["ReturnUrl"] != null)
+				return;
+
+			string loginPage;
+			InitConfig (context);
+#if NET_2_0
+			loginPage = _config.Forms.LoginUrl;
+#else
+			loginPage = _config.LoginUrl;
+#endif
+			if (_config == null || _config.Mode != AuthenticationMode.Forms)
+				return;
+
+			StringBuilder login = new StringBuilder ();
+			login.Append (UrlUtils.Combine (context.Request.ApplicationPath, loginPage));
+			login.AppendFormat ("?ReturnUrl={0}", HttpUtility.UrlEncode (context.Request.RawUrl));
+			context.Response.Redirect (login.ToString (), false);
+		}
+	}
+}
+

mcs/class/System.Web/System.Web.Security/FormsAuthenticationTicket.cs

@@ -0,0 +1,214 @@
+//
+// System.Web.Security.FormsAuthenticationTicket
+//
+// Authors:
+//	Gonzalo Paniagua Javier (gonzalo@ximian.com)
+//
+// (C) 2002 Ximian, Inc (http://www.ximian.com)
+// Copyright (c) 2005 Novell, Inc (http://www.novell.com)
+//
+
+//
+// Permission is hereby granted, free of charge, to any person obtaining
+// a copy of this software and associated documentation files (the
+// "Software"), to deal in the Software without restriction, including
+// without limitation the rights to use, copy, modify, merge, publish,
+// distribute, sublicense, and/or sell copies of the Software, and to
+// permit persons to whom the Software is furnished to do so, subject to
+// the following conditions:
+// 
+// The above copyright notice and this permission notice shall be
+// included in all copies or substantial portions of the Software.
+// 
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+// EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+// NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+// LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+//
+
+using System.IO;
+using System.Security.Permissions;
+
+namespace System.Web.Security
+{
+	// CAS - no InheritanceDemand here as the class is sealed
+	[AspNetHostingPermission (SecurityAction.LinkDemand, Level = AspNetHostingPermissionLevel.Minimal)]
+	// attributes
+	[Serializable]
+	public sealed class FormsAuthenticationTicket
+	{
+		int version;
+		bool persistent;
+		DateTime issue_date;
+		DateTime expiration;
+		string name;
+		string cookie_path;
+		string user_data;
+
+		/*
+		internal void ToStr ()
+		{
+			Console.WriteLine ("version: {0}", version);
+			Console.WriteLine ("persistent: {0}", persistent);
+			Console.WriteLine ("issue_date: {0}", issue_date);
+			Console.WriteLine ("expiration: {0}", expiration);
+			Console.WriteLine ("name: {0}", name);
+			Console.WriteLine ("cookie_path: {0}", cookie_path);
+			Console.WriteLine ("user_data: {0}", user_data);
+		}
+		*/
+
+		internal byte [] ToByteArray ()
+		{
+			MemoryStream ms = new MemoryStream ();
+			BinaryWriter writer = new BinaryWriter (ms);
+			writer.Write (version);
+			writer.Write (persistent);
+			writer.Write (issue_date.Ticks);
+			writer.Write (expiration.Ticks);
+			writer.Write (name != null);
+			if (name != null)
+				writer.Write (name);
+
+			writer.Write (cookie_path != null);
+			if (cookie_path != null)
+				writer.Write (cookie_path);
+
+			writer.Write (user_data != null);
+			if (user_data != null)
+				writer.Write (user_data);
+
+			writer.Flush ();
+			return ms.ToArray ();
+		}
+
+		internal static FormsAuthenticationTicket FromByteArray (byte [] bytes)
+		{
+			if (bytes == null)
+				throw new ArgumentNullException ("bytes");
+			
+			MemoryStream ms = new MemoryStream (bytes);
+			BinaryReader reader = new BinaryReader (ms);
+			FormsAuthenticationTicket ticket = new FormsAuthenticationTicket ();
+			ticket.version = reader.ReadInt32 ();
+			ticket.persistent = reader.ReadBoolean ();
+			ticket.issue_date = new DateTime (reader.ReadInt64 ());
+			ticket.expiration = new DateTime (reader.ReadInt64 ());
+			if (reader.ReadBoolean ())
+				ticket.name = reader.ReadString ();
+
+			if (reader.ReadBoolean ())
+				ticket.cookie_path = reader.ReadString ();
+
+			if (reader.ReadBoolean ())
+				ticket.user_data = reader.ReadString ();
+
+			return ticket;
+		}
+
+		FormsAuthenticationTicket ()
+		{
+		}
+
+		public FormsAuthenticationTicket (int version,
+						  string name,
+						  DateTime issueDate,
+						  DateTime expiration,
+						  bool isPersistent,
+						  string userData)
+		{
+			this.version = version;
+			this.name = name;
+			this.issue_date = issueDate;
+			this.expiration = expiration;
+			this.persistent = isPersistent;
+			this.user_data = userData;
+			this.cookie_path = "/";
+		}
+
+		public FormsAuthenticationTicket (int version,
+						  string name,
+						  DateTime issueDate,
+						  DateTime expiration,
+						  bool isPersistent,
+						  string userData,
+						  string cookiePath)
+		{
+			this.version = version;
+			this.name = name;
+			this.issue_date = issueDate;
+			this.expiration = expiration;
+			this.persistent = isPersistent;
+			this.user_data = userData;
+			this.cookie_path = cookiePath;
+		}
+
+		public FormsAuthenticationTicket (string name, bool isPersistent, int timeout)
+		{
+			this.version = 1;
+			this.name = name;
+			this.issue_date = DateTime.Now;
+			this.persistent = isPersistent;
+			if (persistent)
+				expiration = issue_date.AddYears (50);
+			else
+				expiration = issue_date.AddMinutes ((double) timeout);
+
+			this.user_data = "";
+			this.cookie_path = "/";
+		}
+
+		internal void SetDates (DateTime issue_date, DateTime expiration)
+		{
+			this.issue_date = issue_date;
+			this.expiration = expiration;
+		}
+		
+		internal FormsAuthenticationTicket Clone ()
+		{
+			return new FormsAuthenticationTicket   (version,
+								name,
+								issue_date,
+								expiration,
+								persistent,
+								user_data,
+								cookie_path);
+		}
+
+		public string CookiePath {
+			get { return cookie_path; }
+		}
+
+		public DateTime Expiration {
+			get { return expiration; }
+		}
+
+		public bool Expired {
+			get { return DateTime.Now > expiration; }
+		}
+
+		public bool IsPersistent {
+			get { return persistent; }
+		}
+
+		public DateTime IssueDate {
+			get { return issue_date; }
+		}
+
+		public string Name {
+			get { return name; }
+		}
+
+		public string UserData {
+			get { return user_data; }
+		}
+
+		public int Version {
+			get { return version; }
+		}
+	}
+}
+

mcs/class/System.Web/System.Web.Security/FormsIdentity.cs

@@ -0,0 +1,82 @@
+//
+// System.Web.Security.FormsIdentity
+//
+// Authors:
+//	Gonzalo Paniagua Javier (gonzalo@ximian.com)
+//
+// (C) 2002 Ximian, Inc (http://www.ximian.com)
+// Copyright (c) 2005 Novell, Inc (http://www.novell.com)
+//
+// Permission is hereby granted, free of charge, to any person obtaining
+// a copy of this software and associated documentation files (the
+// "Software"), to deal in the Software without restriction, including
+// without limitation the rights to use, copy, modify, merge, publish,
+// distribute, sublicense, and/or sell copies of the Software, and to
+// permit persons to whom the Software is furnished to do so, subject to
+// the following conditions:
+// 
+// The above copyright notice and this permission notice shall be
+// included in all copies or substantial portions of the Software.
+// 
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+// EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+// NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+// LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+//
+
+using System.Security.Permissions;
+using System.Security.Principal;
+
+namespace System.Web.Security
+{
+	// CAS - no InheritanceDemand here as the class is sealed
+	[AspNetHostingPermission (SecurityAction.LinkDemand, Level = AspNetHostingPermissionLevel.Minimal)]
+	// attributes
+	[Serializable]
+#if NET_4_0
+	public
+#else
+	public sealed
+#endif
+	class FormsIdentity : IIdentity
+	{
+		FormsAuthenticationTicket ticket;
+
+		public FormsIdentity (FormsAuthenticationTicket ticket)
+		{
+			this.ticket = ticket;
+		}
+
+		public string AuthenticationType
+		{
+			get {
+				return "Forms";
+			}
+		}
+
+		public bool IsAuthenticated
+		{
+			get {
+				return true;
+			}
+		}
+
+		public string Name
+		{
+			get {
+				return ticket.Name;
+			}
+		}
+
+		public FormsAuthenticationTicket Ticket
+		{
+			get {
+				return ticket;
+			}
+		}
+	}
+}
+

mcs/class/System.Web/System.Web.Security/MachineKey.cs

@@ -0,0 +1,108 @@
+//
+// Authors:
+//   Marek Habersack <grendel@twistedcode.net>
+//
+// (C) 2011 Novell, Inc (http://novell.com/)
+//
+
+//
+// Permission is hereby granted, free of charge, to any person obtaining
+// a copy of this software and associated documentation files (the
+// "Software"), to deal in the Software without restriction, including
+// without limitation the rights to use, copy, modify, merge, publish,
+// distribute, sublicense, and/or sell copies of the Software, and to
+// permit persons to whom the Software is furnished to do so, subject to
+// the following conditions:
+// 
+// The above copyright notice and this permission notice shall be
+// included in all copies or substantial portions of the Software.
+// 
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+// EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+// NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+// LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+//
+
+using System;
+using System.Web;
+using System.Web.Configuration;
+using System.Web.Util;
+
+namespace System.Web.Security 
+{
+	public static class MachineKey
+	{
+		public static byte[] Decode (string encodedData, MachineKeyProtection protectionOption)
+		{
+			if (encodedData == null)
+				throw new ArgumentNullException ("encodedData");
+
+			int dlen = encodedData.Length;
+			if (dlen == 0 || dlen % 2 == 1)
+				throw new ArgumentException ("encodedData");
+
+			byte[] data = MachineKeySectionUtils.GetBytes (encodedData, dlen);
+			if (data == null || data.Length == 0)
+				throw new ArgumentException ("encodedData");
+			
+			var config = WebConfigurationManager.GetWebApplicationSection ("system.web/machineKey") as MachineKeySection;
+			byte[] result = null;
+			Exception ex = null;
+			try {
+				switch (protectionOption) {
+					case MachineKeyProtection.All:
+						result = MachineKeySectionUtils.VerifyDecrypt (config, data);
+						break;
+
+					case MachineKeyProtection.Encryption:
+						result = MachineKeySectionUtils.Decrypt (config, data);
+						break;
+
+					case MachineKeyProtection.Validation:
+						result = MachineKeySectionUtils.Verify (config, data);
+						break;
+
+					default:
+						return MachineKeySectionUtils.GetBytes (encodedData, dlen);
+				}
+			} catch (Exception e) {
+				ex = e;
+			}
+			
+			if (result == null || ex != null)
+				throw new HttpException ("Unable to verify passed data.", ex);
+			
+			return result;
+		}
+
+		public static string Encode (byte[] data, MachineKeyProtection protectionOption)
+		{
+			if (data == null)
+				throw new ArgumentNullException ("data");
+
+			var config = WebConfigurationManager.GetWebApplicationSection ("system.web/machineKey") as MachineKeySection;
+			byte[] result;
+			switch (protectionOption) {
+				case MachineKeyProtection.All:
+					result = MachineKeySectionUtils.EncryptSign (config, data);
+					break;
+
+				case MachineKeyProtection.Encryption:
+					result = MachineKeySectionUtils.Encrypt (config, data);
+					break;
+
+				case MachineKeyProtection.Validation:
+					result = MachineKeySectionUtils.Sign (config, data);
+					break;
+
+				default:
+					return String.Empty;
+			}
+			
+			return MachineKeySectionUtils.GetHexString (result);
+		}
+	}
+}

mcs/class/System.Web/System.Web.Security/MachineKeyProtection.cs

@@ -0,0 +1,41 @@
+//
+// Authors:
+//   Marek Habersack <grendel@twistedcode.net>
+//
+// (C) 2011 Novell, Inc (http://novell.com/)
+//
+
+//
+// Permission is hereby granted, free of charge, to any person obtaining
+// a copy of this software and associated documentation files (the
+// "Software"), to deal in the Software without restriction, including
+// without limitation the rights to use, copy, modify, merge, publish,
+// distribute, sublicense, and/or sell copies of the Software, and to
+// permit persons to whom the Software is furnished to do so, subject to
+// the following conditions:
+// 
+// The above copyright notice and this permission notice shall be
+// included in all copies or substantial portions of the Software.
+// 
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+// EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+// NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+// LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+//
+
+using System;
+
+namespace System.Web.Security 
+{
+	public enum MachineKeyProtection
+	{
+		All,
+		Encryption,
+		Validation
+	}
+}
+
+