v8.3.0

• added more localization languages
• overloaded authN APIs to indicate authentication result (e.g. locked account, failed credentials, etc)
• on password changes reset failed login count to zero

v8.2.1

• bug: CloseAccount not calling Update

v8.2.0

• fix bug in authenticate related to logging in before account is verified
• re-order operations in change password to prevent potential password leak
• add flag to allow non-unique email

v6.0.0

Updates:

• overloaded create api to make it easier to import accounts from external system
• added formal query API (since the IQueryable was removed in v5)
• username/email changed to 254 length
• improved owin support
• added some configuration extension methods
• html email now supported
• relaxed default username validation (slightly)
• reworked some internals of validate vs. authenticate semantics
• added constants for validation message identifiers for use when customizing validation messages
• reworked cancel verification semantics (and API) to work for password resets as well as new accounts
• added command bus to user account service
• reworked claims mapping to new command bus pattern
• added ability to replace validation messages via command bus

v5.0.0

All in all, a lot of changes. Here's the laundry list:

• Fixed bug with username unique across tenants setting.
• Require password when confirming account registration from verification key.
• Shortened expiration on verification tokens.
• Ensure mobile phones are unique per tenant.
• Refactored verification key storage for simplicity.
• Enhanced security of storage of email verification key.
• Enhanced security of storage of mobile code.
• Enhanced security of two-factor authentication tokens.
• Added password reset questions and answers feature.
• Reworked authentication service to not allow user to be full logged in if password reset is required.
• SecuritySettings values are now proper properties on MembershipRebootConfiguration.
• Refactored out all validation messages into .resx files for localization.
• Reworked samples so that when registration or password reset is confirmed, log the user in.
• Added migrations back in for EF repository.
• Added built-in password complexity validator
• Enhanced username validation.
• Reworked accounts to allow for email to be optional if require account verification setting is false.
• Refactored some of the user account events and related email notifications.
• Reworked the notification system to be more flexible.
• Reorganized samples folders (sorry).
• Account Verification has changed semantics
  • setting that indicates if email account verification required
  • email is optional if require false
  • verification means email has been verified
  • can’t use email related settings if account is not verified (reset password, eg)
  • can’t login if account verification required and email not verified
• AspNetApplicationInformation ctor changed
  • OLD: login url, register confirm, register cancel, password reset url, change email confirm url
  • NEW: login url, confirm email url, cancel email url, password reset url
• UAS changes
  • ChangeEmailFromKey and VerifyAccount replaced with VerifyEmailFromKey
  • CancelVerificaton still works, but only if user has never logged in
  • SecuirtySettings object removed and individual settings now copied to UAS
• UserAccount breaking changes
  • changed to pure DTO style
  • all APIs that modify user account removed and moved to UAS
  • query APIs like HasClaim, GetClaimValue(s), RequiresTwoFactorAuthToSignIn and RequiresTwoFactorCertificateToSignIn moved to extension methods

v.4.0.0 : Owin and EF6 support

This release adds EF6 support as well as reworking the dependencies on System.Web. As part of this refactoring, there are two new packages on NuGet for the host: BrockAllen.MembershipReboot.WebHost for IIS/ASP.NET hosting and BrockAllen.MembershipReboot.Owin for OWIN hosting. Existing users will need to add the WebHost NuGet package and add the new namespace anywhere the classes AspNetApplicationInformation or SamAuthenticationService were being used.

v3.0.1

Changed some access modifiers in entity classes and how the event source APIs are designed to be slightly more NoSQL friendly.

v3.0.0

Features added:

• separate EF code from the main library. there's now a new library that contains the EF-specific persistence code.
• reworked the separation of the membership reboot configuration from the repository. this was necessary due to the EF library refactoring, plus it's now cleaner.
• removed all the deprecated code and classes (mainly to eliminate confusion)
• added support for client certificates. client certificates can be used to either login or can be used as part of two factor authentication (in lieu of mobile sms two factor auth).
• added concept of groups (or group definitions). this doesn't affect how roles (or groups) are associated with user accounts. rather it's just a new entity/table where an application can define what groups the application uses. this was mainly added for scim support (http://www.simplecloud.info/).
• added account-level validation extensibility point. previously there were just username, email and password validators. now an application can register validators that are invoked for specific user account events. this is much like the existing notification events, except the validation events are called prior to the database being updated and are able to cancel the persistence. these validators are keyed off of the same user account event classes as notification.
• enhanced/improved diagnostic tracing in user account and user account service classes
• more user account events (#89) and some more built-in email notifications for these events

Some more reading on this release:

http://brockallen.com/2013/08/14/client-certificates-and-two-factor-authentication-with-client-certificates-in-membershipreboot/