Open PhantomRick opened 12 years ago
I've replaced the SqlParameters with ObjectParameters hopefully this will work without causing security issues. A fairly large update to the Ad-Hoc raw sql is coming soon, hoping to actually push this to straight EF for the caching capabilities on the queries. That or generate Sprocs based on referenced models. either way I'm looking to double performance on this again, and maybe even build a decent OAuth version too.
I'll hopefully release both fixes in a version bump tomorrow afternoon.
Again, thanks for the quick response & no worries. The performance increase sounds great, but having an OAuth version would be a fantastic addition. This was something that I planning on adding to my own work.
Moving to OAuth and releasing it in this library is a giant undertaking, I just had to focus efforts on supporting OAuth2 for our mobile stuff at work, and while it's not hard, the security implications are a nightmare.
I will definitely consider it, but for now I would use DotNetOpenAuth, they recently added much better support for WebApi and .NET 4.5 stuff.
Hi Alicia,
Firstly, this is a great piece of code. Very well written - very flexible without being too complicated.
I'm guessing this issue crept in when porting from v1 to v2.
With a bit of searching, I found that some of your methods create raw sql queries with parameters (e.g. DeleteUser) that passes a System.Data.SqlClient.SqlParameter as an argument to SqlQuery, but doesn't swap to System.Data.SqlServerCe.SqlCeParameter when needed.
I suggest modifying the private method q (where you add the customized user & role table names) to select the correct parameter type. I'm not sure how you would recognize the difference between SQL & SqlCE a that point - possibly an additional CFMembershipSettings attribute isSqlCE defaulted to false?
Cheers, Rick