230 likes | 401 Views
Membership in ASP.Net...if only. Presented by: Patrick Hynds President, CriticalSites Microsoft Regional Director. Agenda. Membership Provider Model Custom Providers SOA based membership example Making a custom provider do what the standard ones won’t (Demo). Membership Service.
E N D
Membership in ASP.Net...if only Presented by: Patrick Hynds President, CriticalSites Microsoft Regional Director
Agenda • Membership • Provider Model • Custom Providers • SOA based membership example • Making a custom provider do what the standard ones won’t (Demo)
Membership Service • Membership API • Included Membership providers • SQL Server (and SQL Express) • Active Directory (Windows) • Access (kind of…) • Installs as a Visual Studio 2005 VSI template • Custom Membership providers • Oracle • MySQL • SQLLite3 • Others + whatever you write yourself…
Membership Service • Service for managing users and credentials • Declarative access via Web Site Admin Tool • Programmatic access via Membership and MembershipUser classes • Membership class provides base services • MembershipUser class represents users and provides additional services • Provider-based for flexible data storage
Membership Service (cont.) • Vastly simplifies forms authentication • Provides logic for validating user names and passwords, creating accounts, and more • Provides data store for storing credentials, e-mail addresses, and other membership data
Membership Schema Controls Login LoginStatus LoginView Other Membership API Membership MembershipUser Membership Providers SqlMembershipProvider ActiveDirectory-MembershipProvider Other Providers Membership Data SQL Server Active Directory Other Data Stores
LoginView <asp:LoginView ID="LoginView1" Runat="server"> <AnonymousTemplate> <!-- Content seen by unauthenticated users --> </AnonymousTemplate> <LoggedInTemplate> <!-- Content seen by authenticated users --> </LoggedInTemplate> <RoleGroups> <asp:RoleGroup Roles="Administrators"> <ContentTemplate> <!-- Content seen by administrators --> </ContentTemplate> </asp:RoleGroup> ... </RoleGroups> </asp:LoginView>
The Membership Class • Provides static methods for performing key membership tasks • Creating and deleting users • Retrieving information about users • Generating random passwords • Validating logins • Also includes read-only static properties for acquiring data about provider settings
The MembershipUser Class • Represents individual users registered in the membership data store • Includes numerous properties for getting and setting user info • Includes methods for retrieving, changing, and resetting passwords • Returned by Membership methods such as GetUser and CreateUser
Provider Model • Enable new functionality in a transparent fashion • Enable extensibility for • Web services • Browser based “Atlas” clients • Smart clients • Application services as pluggable building blocks • Decoupled via configuration • Use structural classes for your own features
Static feature class Feature config. Provider instances Provider ModelFeature Lifecycle
Provider Configuration • Membership providers support a number of configuration settings • How should passwords be stored (cleartext, hashed, encrypted)? • Should password recovery be enabled? • Must each user have a unique e-mail address? • Exposed as properties of provider class • Initialized from CONFIG files
Provider ModelFeature Configuration public class QuotationsConfiguration : ConfigurationSection { [ConfigurationProperty("providers")] public ProviderSettingsCollection Providers { get; } [ConfigurationProperty("defaultProvider", DefaultValue = "StaticQuotationProvider")] public string DefaultProvider { get; set; } }
When to Build a Provider • Physical 3-tier deployments • May not allow web server to connect directly to SQL Server • Schema isn’t working for you • Your data isn’t in a supported format or repository • You need that killer feature that isn’t provided by existing providers
Projecting MembershipDesign Issues • Authenticating to the web service • Not all methods should be public • Serialization of MembershipUser • Read-only properties don’t serialize • WebMethod parameter constraints • Collection types and [out] parameters • Selecting from multiple providers • Choosing a non-default provider
Projecting Membership3-Tier Flow Webservice server Web server .asmx Membership wrapper Application code Webservice provider SQL provider
Internet client “login” Application Returns forms ticket pass ticket w/ each request Projecting MembershipAuthenticated Flow Webservice server .asmx Formsuth wrapper .asmx Membership wrapper Validate ticket and roles SQL provider
Summary • Rewrite or enhance features • Project current features onto other platforms via web services or other methods • Use the provider infrastructure for your own features • Don’t screw it up, you can always make life worse – especially in security
Resources Custom Membership Providers • Oracle Provider • Supports Membership, Roles and Personalization • Included in the PetShop sample • http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnbda/html/bdasamppet4.asp • Access Database Provider • Supports Membership, Roles and Personalization • Installs as a Visual Studio 2005 VSI template • http://msdn.microsoft.com/vstudio/eula.aspx?id=96713a8e-b8d4-4d6e-bb8f-027e6c8e15d8
Resources Custom Membership Providers (cont.) • MySQL Provider • Support for ASP.NET Membership and Roles • http://www.codeproject.com/aspnet/ MySQLMembershipProvider.asp • SQLLite3 • Supports Membership and Roles • http://www.eggheadcafe.com/articles/ 20051119.asp