1 / 22

Membership in ASP.Net...if only

Membership in ASP.Net...if only. Presented by: Patrick Hynds President, CriticalSites Microsoft Regional Director. Agenda. Membership Provider Model Custom Providers SOA based membership example Making a custom provider do what the standard ones won’t (Demo). Membership Service.

hailey
Download Presentation

Membership in ASP.Net...if only

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Membership in ASP.Net...if only Presented by: Patrick Hynds President, CriticalSites Microsoft Regional Director

  2. Agenda • Membership • Provider Model • Custom Providers • SOA based membership example • Making a custom provider do what the standard ones won’t (Demo)

  3. Membership Service • Membership API • Included Membership providers • SQL Server (and SQL Express) • Active Directory (Windows) • Access (kind of…) • Installs as a Visual Studio 2005 VSI template • Custom Membership providers • Oracle • MySQL • SQLLite3 • Others + whatever you write yourself…

  4. Membership Service • Service for managing users and credentials • Declarative access via Web Site Admin Tool • Programmatic access via Membership and MembershipUser classes • Membership class provides base services • MembershipUser class represents users and provides additional services • Provider-based for flexible data storage

  5. Membership Service (cont.) • Vastly simplifies forms authentication • Provides logic for validating user names and passwords, creating accounts, and more • Provides data store for storing credentials, e-mail addresses, and other membership data

  6. Membership Schema Controls Login LoginStatus LoginView Other Membership API Membership MembershipUser Membership Providers SqlMembershipProvider ActiveDirectory-MembershipProvider Other Providers Membership Data SQL Server Active Directory Other Data Stores

  7. LoginView <asp:LoginView ID="LoginView1" Runat="server"> <AnonymousTemplate> <!-- Content seen by unauthenticated users --> </AnonymousTemplate> <LoggedInTemplate> <!-- Content seen by authenticated users --> </LoggedInTemplate> <RoleGroups> <asp:RoleGroup Roles="Administrators"> <ContentTemplate> <!-- Content seen by administrators --> </ContentTemplate> </asp:RoleGroup> ... </RoleGroups> </asp:LoginView>

  8. The Membership Class • Provides static methods for performing key membership tasks • Creating and deleting users • Retrieving information about users • Generating random passwords • Validating logins • Also includes read-only static properties for acquiring data about provider settings

  9. The MembershipUser Class • Represents individual users registered in the membership data store • Includes numerous properties for getting and setting user info • Includes methods for retrieving, changing, and resetting passwords • Returned by Membership methods such as GetUser and CreateUser

  10. Configuring the SQL Membership Provider

  11. Provider Model • Enable new functionality in a transparent fashion • Enable extensibility for • Web services • Browser based “Atlas” clients • Smart clients • Application services as pluggable building blocks • Decoupled via configuration • Use structural classes for your own features

  12. Static feature class Feature config. Provider instances Provider ModelFeature Lifecycle

  13. Provider Configuration • Membership providers support a number of configuration settings • How should passwords be stored (cleartext, hashed, encrypted)? • Should password recovery be enabled? • Must each user have a unique e-mail address? • Exposed as properties of provider class • Initialized from CONFIG files

  14. Provider ModelFeature Configuration public class QuotationsConfiguration : ConfigurationSection { [ConfigurationProperty("providers")] public ProviderSettingsCollection Providers { get; } [ConfigurationProperty("defaultProvider", DefaultValue = "StaticQuotationProvider")] public string DefaultProvider { get; set; } }

  15. When to Build a Provider • Physical 3-tier deployments • May not allow web server to connect directly to SQL Server • Schema isn’t working for you • Your data isn’t in a supported format or repository • You need that killer feature that isn’t provided by existing providers

  16. Projecting MembershipDesign Issues • Authenticating to the web service • Not all methods should be public • Serialization of MembershipUser • Read-only properties don’t serialize • WebMethod parameter constraints • Collection types and [out] parameters • Selecting from multiple providers • Choosing a non-default provider

  17. Projecting Membership3-Tier Flow Webservice server Web server .asmx Membership wrapper Application code Webservice provider SQL provider

  18. Internet client “login” Application Returns forms ticket pass ticket w/ each request Projecting MembershipAuthenticated Flow Webservice server .asmx Formsuth wrapper .asmx Membership wrapper Validate ticket and roles SQL provider

  19. Creating a Custom Membership Provider

  20. Summary • Rewrite or enhance features • Project current features onto other platforms via web services or other methods • Use the provider infrastructure for your own features • Don’t screw it up, you can always make life worse – especially in security

  21. Resources Custom Membership Providers • Oracle Provider • Supports Membership, Roles and Personalization • Included in the PetShop sample • http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnbda/html/bdasamppet4.asp • Access Database Provider • Supports Membership, Roles and Personalization • Installs as a Visual Studio 2005 VSI template • http://msdn.microsoft.com/vstudio/eula.aspx?id=96713a8e-b8d4-4d6e-bb8f-027e6c8e15d8

  22. Resources Custom Membership Providers (cont.) • MySQL Provider • Support for ASP.NET Membership and Roles • http://www.codeproject.com/aspnet/ MySQLMembershipProvider.asp • SQLLite3 • Supports Membership and Roles • http://www.eggheadcafe.com/articles/ 20051119.asp

More Related