Skip to content
This repository has been archived by the owner. It is now read-only.
Choose a tag to compare


Choose a tag to compare

All in all, a lot of changes. Here's the laundry list:

  • Fixed bug with username unique across tenants setting.
  • Require password when confirming account registration from verification key.
  • Shortened expiration on verification tokens.
  • Ensure mobile phones are unique per tenant.
  • Refactored verification key storage for simplicity.
  • Enhanced security of storage of email verification key.
  • Enhanced security of storage of mobile code.
  • Enhanced security of two-factor authentication tokens.
  • Added password reset questions and answers feature.
  • Reworked authentication service to not allow user to be full logged in if password reset is required.
  • SecuritySettings values are now proper properties on MembershipRebootConfiguration.
  • Refactored out all validation messages into .resx files for localization.
  • Reworked samples so that when registration or password reset is confirmed, log the user in.
  • Added migrations back in for EF repository.
  • Added built-in password complexity validator
  • Enhanced username validation.
  • Reworked accounts to allow for email to be optional if require account verification setting is false.
  • Refactored some of the user account events and related email notifications.
  • Reworked the notification system to be more flexible.
  • Reorganized samples folders (sorry).
  • Account Verification has changed semantics
    • setting that indicates if email account verification required
    • email is optional if require false
    • verification means email has been verified
    • can’t use email related settings if account is not verified (reset password, eg)
    • can’t login if account verification required and email not verified
  • AspNetApplicationInformation ctor changed
    • OLD: login url, register confirm, register cancel, password reset url, change email confirm url
    • NEW: login url, confirm email url, cancel email url, password reset url
  • UAS changes
    • ChangeEmailFromKey and VerifyAccount replaced with VerifyEmailFromKey
    • CancelVerificaton still works, but only if user has never logged in
    • SecuirtySettings object removed and individual settings now copied to UAS
  • UserAccount breaking changes
    • changed to pure DTO style
    • all APIs that modify user account removed and moved to UAS
    • query APIs like HasClaim, GetClaimValue(s), RequiresTwoFactorAuthToSignIn and RequiresTwoFactorCertificateToSignIn moved to extension methods