--- ---

Gio trnh

ASP.NET nng cao

Gio trnh ASP.NET nng cao

phn 1: Cc iu khin nng cao trong asp.net Chng 1: S dng iu khin Login 1.1 Tng quan v cc iu khin Login 1.2 S dng iu khin Login 1.3 S dng iu khin LoginStatus 1.4 S dng iu khin ChangePassword 1.5 S dng iu khin PasswordRecovery Chng 2: ASP.NET Menbership 2.1 Cu hnh Authentication 2.2 Cu hnh Authorization 2.3 S dng ASP.NET Menbership 2.4 S dung Role Manager Chng 3: Global Resource v Local Resource 3.1 Thit lp Current Culture 3.2 S dng lp CulterInfo 3.3 To Local Resources 3.4 To Global Resources 3.5 S dng iu khin Localize Chng 4: S dng cc iu khin iu hng 4.1 Tng quan v Site Map 4.2 S dng iu khin SiteMapPath 4.3 S dng iu khin Menu 4.4 S dng iu khin TreeView Chng 5: Xy dng v s dng cc iu khin do ngi dng to ra 5.1 Tng quan v xy dng cc iu khin 5.2 ViewState v ControlState 5.3 X l s kin v D liu tr v Chng 6: ASP.NET v AJAX Phn 2: Xy dng ng dng Vi ASP.NET (Mc tiu: Xy dng website thng mi in t, bn my tnh trc tuyn.) Chng 8: Gii thiu v h thng thng mi in t Chng 9: M hnh kinh doanh 9.1 Thu thp yu cu 9.2 Phn tch hiu qu 9.3 Nghin cu v qun l ri do Chng 10: M hnh ha v xy dng giao din ng dng 10.1 M hnh ha h thng 10.2 Thit k d liu vi sqlServer 2005 Chng 11: Thit k kin trc 11.1 Xy dng kin trc h thng

11.2 To cc i tng dng chung 11.3 To tng truy cp d liu 11.4 To tng x l nghip v 11.5 La chn tch hp cho ng dng 11.6 To tng trnh by Chng 12: Xy dng ng dng 12.1 Pht trin danh mc sn phm 12.2 Xy dng Gi hng 12.3 Tch hp thanh ton trc tuyn 12.4 Ci t X l kim tra 12.5 Xy dng cc iu khin qun tr. 12.6 Xy dng ti khon khch hng Chng 13: trin khai v bo tr ng dng

Ni Dung

Chng 1. S dng cc iu khin login

Bn c th s dng cc iu khin Login ca ASP.NET xy dng cc h thng ng k ngi s dng cho wensite ca mnh, Bn c th s dng cc Login Control to form ng nhp, ng k, thay i mt khu hay ghi nh mt khu trn Form. Trong chng ny chng ta s hc chi tit cc iu khin Login: Cho php hin th Form ng nhp ngi s dng. CreateUserWizard: Cho php hin th Form ng k ngi s dng LoginStatus: Hin th trng thi Login hay Logout ph thuc vo trng thi kim chng ngi s dng LoginName: Hin th tn ngi ng k hin ti ChangePassword: Hin th Form cho php ngi s dng thay i mt khu PasswordRecovery: Cho php ngi s dng khi phc password, password ny s c gi vo mail cho ngi s dng. LoginView: hin th cc ni dung khc nhau ti mi ngi s dng phc thuc thuc vo authentication hoc role. 1.1 Tng quan v cc iu khin login Gi s bn c mt trang web nh sau: Listing 1.1 Baomat/Secret.aspx <%@ Page Language="C#" AutoEventWireup="true" CodeFile="Secret.aspx.cs" Inherits="_Default" %> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" > <head runat="server"> <title>Bao mat</title> </head> <body> <form id="form1" runat="server">

<div> y l trang web c bo mt </div> </form> </body> </html> Khi chy, trang s hin th dng ch y l trang web c bo mt bo mt cho trang web ny bn cn thit lp hai cu hnh trn ng dng ca bn, cn cu hnh c authentication v authorization. u tin bn cn thit lp authentication v mode=Forms trong file web.config trong th mc gc. Listing 1.2 web.config <system.web> <authentication mode="Forms" /> </system.web> Bi mc nh tt c mi ngi c th truy cp vo website, nu bn ngn cn ngi s dng truy cp vo th mc no bn cu hnh authortization cho th mc , trong Listing 1.3 sau s ngn cn ngi s dng truy cp vo th mc Baomat. Listing 1.3 Baomat/web.config <configuration> <system.web> <authorization> <deny users="?"/> </authorization> </system.web> </configuration> Khi bn thit lp hai cu hnh trn th khi website ca bn yu cu ti trang Secret.aspx th ng website s t ng chuyn v trang login.aspx Listing 1.4 Login.aspx <%@ Page Language="C#" AutoEventWireup="true" CodeFile="Login.aspx.cs" Inherits="Login" %> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" > <head runat="server"> <title>Trang dang nhap</title> </head> <body> <form id="form1" runat="server"> <div> <asp:Login ID="loginVidu" CreateUserUrl="~/Register.aspx" CreateUserText="ng k" runat="server">

</asp:Login> </div> </form> </body> </html> Giao din trang Login.aspx (Hnh 1) Trong Listing 1.4 bn iu khin Login c hai thuc tnh CreateUserText, CreateUserUrl N s a ra mt link vi Text l ng k v mt a ch URL dn ti trang ng k trong trng hp ny l trang Register.aspx. Tp tin nh km:

1.2 S dng iu khin Login

iu khin Login a ra mt form ng nhp tiu chun. Mc nh iu khin Login s dng ASP.NET MenberShip kim chng ngi s dng, tuy nhin bn c th ty chnh kiu kim chng ngi s dng vi iu khin Login. iu khin Login h tr rt nhiu thuc tnh cho php bn ty chnh cch hin th v ng x ca iu khin nh Listing 1.5 sau: Listing 1.5 showLogin.aspx M: <%@ Page Language="C#" AutoEventWireup="true" CodeFile="showLogin.aspx.cs" Inherits="showLogin" %> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" > <head runat="server"> <title>Hin th Form ng nhp</title> <style type="text/css">

.login { width:250px; font:14px Verdana,Sans-Serif; background-color:lightblue; border:solid 3px black; padding:4px; } .login_title { background-color:darkblue; color:white; font-weight:bold; } .login_instructions { font-size:12px; text-align:left; padding:10px; } .login_button { border:solid 1px black; padding:3px; } </style> </head> <body> <form id="form1" runat="server"> <div> <asp:Login ID="Login1" InstructionText="Bn cn nhp tn ng nhp v mt khu ng nhp" TitleText="ng nhp" TextLayout="TextOnTop" LoginButtonText="ng nhp" CssClass="login" TitleTextStyle-CssClass="login_title" InstructionTextStyle-CssClass="login_instructions" LoginButtonStyle-CssClass="login_button" runat="server"> </asp:Login> </div> </form> </body> </html> Kt xut ca chng trnh trn

Hnh 2 1.2.1 T ng chuyn trang ti mt trang ch nh Nu bn yu cu 1 trang m bn cha c kim chng, ASP.NET s t ng chuyn bn ti trang Login.aspx. Sau khi bn ng nhp thnh cng, n s chuyn bn ngc li ti trang yu cu. Khi bn b chuyn sang trang Login.aspx, mt chui truy vn tham s t tn l ReturnUrl c t ng thm vo trang yu cu, Chui truy vn ny s cha ng ng dn ca trang yu cu, iu khin Login s s dng tham s ReturnUrl ny chuyn trang tr li trang ngun. 1.2.2 T ng n iu khin Login khi kim chng ngi s dng Mt vi website hin th iu khin trn nh tt c cc trang, khi ngi s dng ng nhp thnh cng th iu khin ny t ng n i. lm iu ny tht n gin trn ASP.NET, bn ch cn thm vo mt iu khin Login trn MasterPage, v iu khin login ny c th hin th trn tt c cc trang c s dng MasterPage. Bn c th s dng thuc tnh Orientation hin th iu khin Login ny theo chiu ngang hoc chiu dc nh v d sau: Listing 1.6 Main.master M: <%@ Master Language="C#" AutoEventWireup="true" CodeFile="Main.master.cs" Inherits="Main" %> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" > <head runat="server"> <title>iu khin Login</title> <style type="text/css"> body { background-color:#e5e5e5; } .content { margin:auto; width:650px; border:solid 1px black; background-color:white; padding:10px; } .login { font:10px Arial,Sans-Serif; margin-left:auto;

} .login input { } </style> </head> <body> <form id="form1" runat="server"> <div id="content"> <asp:Login id="loginVidu" Orientation="Horizontal" VisibleWhenLoggedIn="false" DisplayRememberMe="false" TitleText="" CssClass="login" Runat="server" /> <hr /> <asp:contentplaceholder id="ContentPlaceHolder1" runat="server"> </asp:contentplaceholder> </div> </form> </body> </html> Trang loginMaster.aspx <%@ Page Language="C#" MasterPageFile="~/Main.master" AutoEventWireup="true" CodeFile="loginMaster.aspx.cs" Inherits="loginMaster" Title="Untitled Page" %> <asp:Content ID="Content1" ContentPlaceHolderID="ContentPlaceHolder1" Runat="Server"> <h1>Cho mng bn n vi website ca chng ti</h1> </asp:Content> Kt xut ca chng trnh Hnh 3 1.2.3 S dng Templete iu khin Login bao gm thuc tnh LayoutTemplate cho php bn ty chnh cch th hin ca iu khin Login. Khi bn thm vo mt mu hin th, bn cn thm vo iu khin v Temple cc ID sau: UserName Password RememberMe FailureText

V bn cn thm vo mt thuc tnh CommandName vi gi tr Login Listing 1.7 LoginTemplete.aspx M: <%@ Page Language="C#" AutoEventWireup="true" CodeFile="LoginTemplate.aspx.cs" Inherits="LoginTemplate" %> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" > <head runat="server"> <title>Trang ng nhp</title> </head> <body> <form id="form1" runat="server"> <div> <asp:Login ID="Login1" runat="server"> <LayoutTemplate> <asp:Label ID="lblusername" runat="server" Text="Tn ng nhp"></asp:Label><br /> <asp:TextBox ID="UserName" runat="server"></asp:TextBox><br /> <asp:Label ID="lblpass" runat="server" Text="Mt khu"></asp:Label><br /> <asp:TextBox ID="Password" runat="server"></asp:TextBox><br /><br /> <asp:Button ID="btnLogin" CommandName="Login" Text="ng nhp" runat="server" /> </LayoutTemplate> </asp:Login> </div> </form> </body> </html> Kt xut ca chng trnh Hnh 4 1.2.4 Thc hin ty chnh kim chng vi iu khin Login Mc nh, iu khin Login s dng ASP.NET MenberShip kim chng tn s dng v mt khu. Nu bn cn thay i ng xa mc nh bn c th iu khin s kin Authenticate ca iu khin Login nh v d di y. Listing 1.8 Web.config M: <configuration> <appSettings/> <connectionStrings/> <system.web>

<authentication mode="Forms"> <forms> <credentials passwordFormat="Clear"> <user name="Thietke" password="itechpro"/> <user name="Daotao" password="itechpro"/> </credentials> </forms> </authentication> </system.web> </configuration> Trang LoginCustom.aspx M: <%@ Page Language="C#" AutoEventWireup="true" CodeFile="LoginCustom.aspx.cs" Inherits="LoginCustom" %> <script runat="server"> protected void loginCustom_Authenticate(object sender, AuthenticateEventArgs e) { string userName = loginCustom.UserName; string Password = loginCustom.Password; e.Authenticated = FormsAuthentication.Authenticate(userName, Password); } </script> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" > <head runat="server"> <title>Login Custom</title> </head> <body> <form id="form1" runat="server"> <div> <asp:Login ID="loginCustom" OnAuthenticate="loginCustom_Authenticate" runat="server"> </asp:Login> </div> </form> </body> </html>

1.3 S dng iu khin CreateUserWizard

iu khin CreateUserWizard a ra mt Form ng k ngi s dng, Mt ngi ng k thnh cng, ngi ng k mi s c thm vo website ca bn. iu khin

CreateUserWizard s dng ASP.NET MenberShip to mt ngi s dng mi. iu khin CreatUserWizsrd h tr rt nhiu thuc tnh cho php bn ty chnh cch hin th v ng x nh v d sau: Listing 1.9 showCreateUserWizard.aspx M: <%@ Page Language="C#" AutoEventWireup="true" CodeFile="showCreateUserWizard.aspx.cs" Inherits="showCreateUserWizard" %> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" > <head runat="server"> <title>Hin th Form ng k ngi s dng</title> <style type="text/css"> .createUser { width:350px; font:14px Verdana,Sans-Serif; background-color:lightblue; border:solid 3px black; padding:4px; } .createUser_title { background-color:darkblue; color:white; font-weight:bold; } .createUser_instructions { font-size:12px; text-align:left; padding:10px; } .createUser_button { border:solid 1px black; padding:3px; } </style> </head> <body> <form id="form1" runat="server"> <div> <asp:CreateUserWizard

id="CreateUserWizard1" ContinueDestinationPageUrl="~/Default.aspx" InstructionText="Please complete the following form to register at this Website." CompleteSuccessText="Your new account has been created. Thank you for registering." CssClass="createUser" TitleTextStyle-CssClass="createUser_title" InstructionTextStyle-CssClass="createUser_instructions" CreateUserButtonStyle-CssClass="createUser_button" ContinueButtonStyle-CssClass="createUser_button" Runat="server" /> </div> </form> </body> </html> Kt xut ca chng trnh Hnh 5 1.3.1 Gi Email thng bo ti ngi s dng Bn c th thit lp cho php iu khin CreateUserWizard gi th t ng n ngi s dng khi ng k thnh cng mt ti khon mi trn website ca mnh V d bn c th gi mt mail cha ng thng tin v ti khon v mt khu ca ngi s dng v ti khon email ca ngi ny. Listing 1.10 CreateUserWizardEmail.aspx M: <%@ Page Language="C#" AutoEventWireup="true" CodeFile="CreateUserWizardEmail.aspx.cs" Inherits="CreateUserWizardEmail" %> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" > <head runat="server"> <title>Send Email</title> </head> <body> <form id="form1" runat="server"> <div> <asp:CreateUserWizard id="CreateUserWizard1" Runat="server"> <MailDefinition BodyFileName="Register.txt" Subject="Xc nhn ng k"

From="Admin@YourSite.com" /> </asp:CreateUserWizard> </div> </form> </body> </html> Lp MailDefinition h tr cc thuc tnh sau: BodyFileName: ch nh ng dn cha ni dung th CC: Cho php gi mt bn copy ti hm th khc EmbeddedObjects: Cho php gi km cc file khc nh l nh, doc From: a ch hm th gi. IsBodyHtml: Cho php gi nh dng Html Priority: Cho php bn ch nh u tin ca th, n c th c cc gi tr sau: High, Low, v Normal Subject: Ch nh tiu ca th. Lp MailDefinition s dng mail server c cu hnh bi thnh phn SMTP trong file Web.config nh v d sau: Listing 1.11 Web.config M: <configuration> <system.net> <mailSettings> <smtp deliveryMethod="PickupDirectoryFromIis"></smtp> </mailSettings> </system.net> </configuration> Vi v d trn l bn dng mail server t my cc b, bn cng c th thit lp mail server t mt my ch khc bng vic ch nh cc mail host, username v Passwword Listing 1.12 Web.config M: <configuration> <system.net> <mailSettings> <smtp> <network host="mail.yourdomain.com" userName="admin" password="secret"/> </smtp> </mailSettings> </system.net> </configuration> 1.3.2 Chuyn ngi s dng sang mt trang khc t ng Khi bn ng nhp thnh cng trn trang Login.aspx, trang t ng chuyn li trang ngi s dng va yu cu. Vi iu khin CreateUserWizard khng t ng lm vic

ny cho chng ta, n c th lm vic ging vi iu khin Login chng ta cn vit thm mt t code. iu khin login trong Listing 1.12 sau bao gm mt ng ngi s dng chuyn n trang ng k s dng c t tn l CreateUserWizardReturn.aspx. Trong s kin Page_Load(). Gi tr ca chui truy vn c thm vo trang ng k. Listing 1.13 LoginReturn.aspx M: <%@ Page Language="C#" AutoEventWireup="true" CodeFile="LoginReturn.aspx.cs" Inherits="LoginReturn" %> <script runat="server"> protected void Page_Load(object sender, EventArgs e) { if (!Page.IsPostBack) { string dest = Request.QueryString["ReturnUrl"]; Login1.CreateUserUrl = "~/CreateUserWizardReturn.aspx?ReturnUrl=" + Server.UrlEncode(dest); } } </script> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" > <head runat="server"> <title>ng nhp</title> </head> <body> <form id="form1" runat="server"> <div> <asp:Login id="Login1" CreateUserText="Register" CreateUserUrl="~/CreateUserWizardReturn.aspx" Runat="server" /> </div> </form> </body> </html> Trc khi s dng Listing 1.13 bn cn thay i tn trang LoginReturn.aspx thnh trang Login.aspx. Nu ngi s dng yu cu n mt trang yu cu phi kim chng, ngi s dng s t ng chuyn ti trang Login.aspx. Tham s ReturnUrl s c gn vo

trang Login ny. Trong Listing 1.14 sau cha ng mt iu khin CreateUserWizard. Trang ny ch cha ng mt iu khin s kin Page_Load(). Gi tr ca tham s ReturnUrl c s dng a ngi s dng tr v trang m ngi s dng yu cu. Listing 1.14 CreateUserWizardReturn.aspx M: <%@ Page Language="C#" AutoEventWireup="true" CodeFile="CreateUserWizardReturn.aspx.cs" Inherits="CreateUserWizardReturn" %> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <script runat="server"> void Page_Load() { if (!Page.IsPostBack) { string dest = "~/Default.aspx"; if (!String.IsNullOrEmpty(Request.QueryString["ReturnURL"])) dest = Request.QueryString["ReturnURL"]; CreateUserWizard1.ContinueDestinationPageUrl = dest; } } </script> <html xmlns="http://www.w3.org/1999/xhtml" > <head runat="server"> <title>Gi li trang CreateUserWizardReturn.aspx</title> </head> <body> <form id="form1" runat="server"> <div> <asp:CreateUserWizard ID="CreateUserWizard1" runat="server" /> </div> </form> </body> </html> 1.3.3 Sinh Password t ng Mt vi website khi bn ng k s dng, n ch yu cu bn nhp cc thng tin c nhn cn mt khu website s t sinh ra v gi v hm th ca bn. sau khi ng nhp ln u bn c th thay i mt khu ny. Nu bn cn s dng kch bn ny cho website ca bn khi ngi s dng ng k s dng, bn cn lm c 3 thuc tnh sau ca iu khin CreateUserWizard AutoGeneratePassword: Cho php t sinh ra mt password t ng DisableCreatedUser: Cho php v hiu ha to ti khon mi t iu khin CreateUserWizard. LoginCreatedUser: Cho php bn ngn cn ngi s dng mi s c ng nhp t

ng Bn c th gi hai kiu mail xc nhn. u tin bn c th sinh password t ng v gi Password vo hm th ca ngi s dng. Trong tng hp ny bn s cho php thuc tnh AutoGeneratePassword v v hiu ha thuc tnh LoginCreatedUser. Trng hp th 2, bn c th cho php mt ngi s dng nhp mt khu v gi m xc nhn n hm th xc nhn Trong trng hp ny bn s cho php thuc tnh DisableCreatedUser v v hiu ha thuc tnh LoginCreatedUser. Listing 1.15 cha ng mt iu khin CreateUserWizard m khng yu cu nhp mt khu. iu khin ny cho php thuc tnh AutoGeneratePassword v v hiu ha thuc tnh LoginCreatedUser Listing 1.15 CreateUserWizardPasswordConfirmation.aspx M: <%@ Page Language="C#" AutoEventWireup="true" CodeFile="CreateUserWizardPasswordConfirmation.aspx.cs" Inherits="CreateUserWizardPasswordConfirmation" %> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" > <head runat="server"> <title>T ng sinh Password</title> </head> <body> <form id="form1" runat="server"> <div> <asp:CreateUserWizard id="CreateUserWizard1" CompleteSuccessText="A confirmation email containing your new password has been sent to your email address." AutoGeneratePassword="true" LoginCreatedUser="false" ContinueDestinationPageUrl="~/Login.aspx" Runat="server"> <MailDefinition From="Admin@YourSite.com" BodyFileName="PasswordConfirmation.htm" IsBodyHtml="true" Subject="Registration Confirmation" /> </asp:CreateUserWizard> </div> </form> </body> </html>

iu khin CreateUserWizard gi th cha ng nh trong Listing 1.16 Listing 1.16 PasswordConfirmation.htm M: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" > <head> <title>Ni dung xc nhn mt khu</title> </head> <body> Ni dung xc nhn mt khu Your new password is <% Password %>. </body> </html> Khi to ti khon thnh cng trong mail cha ng mt khu t sinh ra. Ngi s dng s dng mt khu ny ng nhp trn website. Trong kch bn th 2, ngi s dng c th s dng password m ngi chn. Tuy nhin ti khon ny s b v hiu ha cho n khi ngi ny nhp m xc nhn. iu khin CreateUserWizard trong Listing 1.17 cho php thuc tnh DisableCreateUser v v hiu ha thuc tnh LoginCreatedUser. Listing 1.17 CreateUserWizardCodeConfirmation.aspx M: <%@ Page Language="C#" AutoEventWireup="true" CodeFile="CreateUserWizardCodeConfirmation.aspx.cs" Inherits="CreateUserWizardCodeConfirmation" %> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <script runat="server"> protected void CreateUserWizard1_SendingMail(object sender, MailMessageEventArgs e) { MembershipUser user = Membership.GetUser(CreateUserWizard1.UserName); string code = user.ProviderUserKey.ToString(); e.Message.Body = e.Message.Body.Replace("<%ConfirmationCode%>", code); } </script> <html xmlns="http://www.w3.org/1999/xhtml" > <head runat="server"> <title>To form ng k yu cu xc nhn m</title> </head> <body> <form id="form1" runat="server">

<div> <asp:CreateUserWizard id="CreateUserWizard1" CompleteSuccessText="A confirmation email containing your new password has been sent to your email address." DisableCreatedUser="true" ContinueDestinationPageUrl="~/ConfirmCode.aspx" OnSendingMail="CreateUserWizard1_SendingMail" Runat="server"> <MailDefinition From="Admin@YourSite.com" BodyFileName="CodeConfirmation.htm" IsBodyHtml="true" Subject="Registration Confirmation" /> </asp:CreateUserWizard> </div> </form> </body> </html> Trong Listing 1.17 gm mt iu khin s kin SendingMail. M s dng l mt kha duy nht gi ti ngi s dng bi MenberShip Provider. M xc nhn c trnh trong mail trc khi mail c gi. Mail ny c cha ng trong Listing 1.18 Listing 1.18 M: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" > <head> <title>Untitled Page</title> </head> <body> <div> <%UserName%>, M xc nhn ca bn l <%ConfirmationCode%> </div> </body> </html> Sau khi hon thnh Form a ra bi CreateUserWizard bn nhn vo nt Continue m trang ConfirmCode.aspx. Listing 1.19 ConfirmCode.aspx M: <%@ Page Language="C#" AutoEventWireup="true" CodeFile="ConfirmCode.aspx.cs" Inherits="ConfirmCode" %>

<script runat="server"> protected void btnConfirm_Click(object sender, EventArgs e) { MembershipUser user = Membership.GetUser(txtUserName.Text); if (user == null) { lblError.Text = "Tn s dng khng ng"; } else { string providerCode = user.ProviderUserKey.ToString(); string userCode = txtConfirmationCode.Text.Trim(); if (providerCode != userCode) { lblError.Text = "Sai m cc nhn"; } else { user.IsApproved = true; Membership.UpdateUser(user); Response.Redirect("~/Baomat/Secret.aspx"); } } } </script> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" > <head runat="server"> <title>kim tra xc nhn</title> </head> <body> <form id="form1" runat="server"> <div> <p> Nhp m xc nhn m bn c gi t mail. </p> <asp:Label id="lblError" EnableViewState="false" ForeColor="Red" Runat="server" /> <br /><br /> <asp:Label id="lblUserName" Text="tn s dng:" AssociatedControlID="txtUserName" Runat="server" /> <br /> <asp:TextBox id="txtUserName" Runat="server" />

<br /><br /> <asp:Label id="lblConfirmationCode" Text="M xc nhn:" AssociatedControlID="txtConfirmationCode" Runat="server" /> <br /> <asp:TextBox id="txtConfirmationCode" Columns="50" Runat="server" /> <asp:Button id="btnConfirm" Text="Xc nhn" OnClick="btnConfirm_Click" Runat="server" /> </div> </form> </body> </html>

1.4 S dng iu khin LoginStatus

iu khin LoginStatus hin th trng thi lin kt Login hoc Logout, ph thuc vo trng thi kim chng ca bn. Khi bn nhn vo lin kt Link, bn c chuyn n trang Login.aspx. Khi nhn vo lin kt Logout bn s ng xut khi website. Listing 1.20 ShowLoginStatus.aspx M: <%@ Page Language="C#" AutoEventWireup="true" CodeFile="ShowLoginStatus.aspx.cs" Inherits="ShowLoginStatus" %> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" > <head runat="server"> <title>hin th LoginStatus</title> </head> <body> <form id="form1" runat="server"> <div> <asp:loginstatus ID="Loginstatus1" runat="server"></asp:loginstatus> </div> </form> </body> </html> LoginStatus h tr cc thuc tnh sau: LoginImageUrl: nh ngha mt nh cho Login Link. LoginText: nh ngha Text cho Login Link. LogoutAction: cho php bn iu khin vic g s xy ra khi bn nhn vo Logout Link. C th l cc gi tr sau:Redirect, RedirectToLoginPage,Refresh. LogoutImageUrl: cho php bn nh ngha nh cho Logout Link. LogoutPageUrl: nh ngha trang m ngi s dng s chuyn n khi h ng xut. Thuc tnh ny mc nh s b b qua tr khi bn thit lp thuc tnh LogoutAction c gi tr l Redirect.

 LogoutText:nh ngha ni dung cho Logout Link. LoginStatus h tr hai s kin sau: LoggingOut: Xy ra trc khi ngi s dng ng xut LoggedOut: Xy ra sau khi ngi s dng ng xut

1.5 S dng iu khin LoginName

S dng iu khin LoginName bn c th cho php hin th tn ngi s dng c ng k. Nu ngi s dng hin ti khng c kim chng iu khin LoginName s a ra gi tr rng. Listing 1.21 ShowLoginName.aspx M: <%@ Page Language="C#" AutoEventWireup="true" CodeFile="ShowLoginName.aspx.cs" Inherits="ShowLoginName" %> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" > <head runat="server"> <title>hin th LoginName</title> </head> <body> <form id="form1" runat="server"> <div> <asp:LoginName id="LoginName1" FormatString="{0} /" Runat="server" /> <asp:LoginStatus id="LoginStatus1" Runat="server" /> </div> </form> </body> </html> Trong Listing 1.21 trn bn thy rng iu khin LoginName c cha ng thuc tnh FormatString N cho php bn nh dng tn ngi s dng khi tn ngi s dng c a ra.

1.6 S dng iu khin ChangePassword

iu khin ChangePassword cho php ngi s dng hay ngi qun tr c th thay i mt khu ca mnh Listing 1.22 ShowChangePassword.aspx M: <%@ Page Language="C#" AutoEventWireup="true" CodeFile="ShowChangePassword.aspx.cs" Inherits="ShowChangePassword" %>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" > <head runat="server"> <title>hin th thay i mt khu</title> <style type="text/css"> .changePassword { font:14px Verdana,Sans-Serif; background-color:lightblue; border:solid 3px black; padding:4px; } .changePassword_title { background-color:darkblue; color:white; font-weight:bold; } .changePassword_instructions { font-size:12px; text-align:left; padding:10px; } .changePassword_button { border:solid 1px black; padding:3px; } </style> </head> <body> <form id="form1" runat="server"> <div> <asp:LoginName ID="LoginName1" runat="server" /> <asp:ChangePassword id="ChangePassword1" InstructionText="Complete this form to create a new password." DisplayUserName="true" ContinueDestinationPageUrl="~/Default.aspx" CancelDestinationPageUrl="~/Default.aspx" CssClass="changePassword" TitleTextStyle-CssClass="changePassword_title" InstructionTextStyle-CssClass="changePassword_instructions"

ChangePasswordButtonStyle-CssClass="changePassword_button" CancelButtonStyle-CssClass="changePassword_button" ContinueButtonStyle-CssClass="changePassword_button" Runat="server" /> </div> </form> </body> </html> Kt xut ca chng trnh Hnh 6 1.6.1 Gi mt Email thay i Password Sau khi ngi s dng thay i mt khu thnh cng, bn c th s dng iu khin ChangePassword t ng gi mt email ti ngi s dng vi ni dung cha km mt khu mi ca ngi . Listing 1.23 ChangePasswordEmail.aspx M: <%@ Page Language="C#" AutoEventWireup="true" CodeFile="ChangePasswordEmail.aspx.cs" Inherits="ChangePasswordEmail" %> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" > <head runat="server"> <title>Thay i mt khu</title> </head> <body> <form id="form1" runat="server"> <div> <asp:ChangePassword id="ChangePassword1" DisplayUserName="true" Runat="server"> <MailDefinition From="Admin@YourSite.com" BodyFileName="ChangePassword.txt" Subject="Your New Password" /> </asp:ChangePassword> </div> </form> </body> </html>

Trong ni dung file ChangePassword.txt c ni dung nh sau <%UserName%>, your new password is <%Password%>. 1.6.2 S dng Templetes vi iu khin ChangePassword Nu bn cn ty chnh cch xut hin ca iu khin ChangePassword bn c th s dng templetes nh dng iu khin. iu khin ChangePassword h tr c hai ChangePasswordTemplate v SuccessTemplate. V d sau s hng dn bn s dng c hai temples ny. Listing 1.24 ChangePasswordTemplate.aspx M: <%@ Page Language="C#" AutoEventWireup="true" CodeFile="ChangePasswordTemplate.aspx.cs" Inherits="ChangePasswordTemplate" %> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" > <head runat="server"> <title>S dng templete vi ChangePassword</title> </head> <body> <form id="form1" runat="server"> <div> <asp:ChangePassword id="ChangePassword1" DisplayUserName="true" Runat="server"> <ChangePasswordTemplate> <h1>Thay i mt khu</h1> <asp:Label id="FailureText" EnableViewState="false" ForeColor="Red" Runat="server" /> <br /> <asp:Label id="lblUserName" Text="Tn s dng:" AssociatedControlID="UserName" Runat="server" /> <br /> <asp:TextBox id="UserName" Runat="server" /> <br /><br /> <asp:Label id="lblCurrentPassword" Text="Mt khu hin ti:" AssociatedControlID="CurrentPassword" Runat="server" /> <br /> <asp:TextBox id="CurrentPassword" TextMode="Password" Runat="server" /> <br /><br /> <asp:Label id="lblNewPassword" Text="Mt khu mi:" AssociatedControlID="NewPassword" Runat="server" /> <br />

<asp:TextBox id="NewPassword" TextMode="Password" Runat="server" /> <br /><br /> <asp:Button id="btnChangePassword" Text="Change Password" CommandName="ChangePassword" Runat="server" /> </ChangePasswordTemplate> <SuccessTemplate> Your password has been changed! </SuccessTemplate> </asp:ChangePassword> </div> </form> </body> </html> Kt xut ca chng trnh Hnh 7 Khi s dng Templetes bn vi iu khin ChangePassword bn cn thm vo cc ID km theo UserName CurrentPassword ConfirmPassword NewPassword FailureText Bn ch c th thm vo cc iu khin Button theo cc gi tr cho thuc tnh CommandName: ChangePassword Cancel Continue

1.7 S dng iu khin PasswordRecovery

Nu ngi s dng qun mt khu ca mnh, ngi c th s dng iu khin PasswwordRecovery khi phc mt khu, iu khin PasswordRecovery s gi li mt khu ban u hoc to mt mt khu mi v gi ti cho ngi s dng. Listing 1.25 showPasswordRecovery.aspx M: <%@ Page Language="C#" AutoEventWireup="true" %> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" > <head runat="server">

<title>show Password Recovery</title> <style type="text/css"> .passwordRecovery { font:14px Verdana,Sans-Serif; background-color:lightblue; border:solid 3px black; padding:4px; } .passwordRecovery_title { background-color:darkblue; color:white; font-weight:bold; } .passwordRecovery_instructions { font-size:12px; text-align:left; padding:10px; } .passwordRecovery_button { border:solid 1px black; padding:3px; } </style> </head> <body> <form id="form1" runat="server"> <div> <asp:PasswordRecovery id="PasswordRecovery1" CssClass="passwordRecovery" TitleTextStyle-CssClass="passwordRecovery_title" InstructionTextStyle-CssClass="passwordRecovery_instructions" SubmitButtonStyle-CssClass="passwordRecovery_button" Runat="server"> <MailDefinition From="Admin@YourSite.com" Subject="Password Reminder" /> </asp:PasswordRecovery> </div> </form> </body> </html>

Khi chy chng trnh trn u tin bn s b yu cu nhp tn s dng, tip theo bn phi nhp cu tr li b mt m bn s dng trong lc ng k, cui cng mt khu s c gi n ti khon email ca ngi ng k. Bi mc nh iu khin PasswordRecovery s khi to mt khu v gi n ngi s dng. 1.7.1 Gi mt khu ban u Bi mc nh iu khin PasswordRecovery khng gi mt khu c ca ngi s dng, nu bn khng mun iu khin PasswordRecovery khi ta li password ca ngi s dng trc khi gi n bn phi thay i cu hnh MenberShip Provider, Ba thit lp cu hnh chnh passwordFormat, enablePasswordRetrieval, v enablePasswordReset. Bi mc nh thuc tnh passwordFormat c gi tr l Hashed. Khi mt khu c Hashed, iu khin PasswordRecovery khng th gi mt khu gc ban u ca ngi s dng, Nu bn mun ngi s dng nhn c password c ca mnh bn cn thit lp thuc tnh passwordFormat v cc gi tr Clear hoc Encrypted. Mc nh thuc tnh enablePasswordRetrieval c gi tr l false, nu bn mun ngi s dng nhn c mt khu c bn phi thit lp cho php thuc tnh ny trong file web.config. Cui cng, mc nh thuc tnh enablePasswordReset c gi tr l true, N khng ch n gi tr ca PasswordFormat hay enablePasswordRetrieval, bn c th lun lun khi to li mt khu ca ngi s dng Listing 1.26 sau cha ng nhng cu hnh cn thit cho php gi mt khu c n ngi s dng. Listing 1.26 Web.config M: <?xml version="1.0"?> <configuration> <appSettings/> <connectionStrings/> <system.web> <authentication mode="Windows" /> <membership defaultProvider="MyMenberShip"> <providers> <add name="MyMembership" type="System.Web.Security.SqlMembershipProvider" connectionStringName="LocalSqlServer" passwordFormat="Clear" enablePasswordRetrieval="true" /> </providers> </membership> </system.web> </configuration> 1.7.2 Yu cu cu hi bo mt v tr li Khi bn s dng CreateUserWizard to form ng k, bn b yu cu nhp cu hi bo

mt v cu tr li cho cu hi , iu khin PasswordRecovery hin th mt form cha ng cu hi bo mt, nu bn khng nhp vo ng cu tr li bo mt ca bn, mt khu ca bn s khng c gi. Nu bn khng mun ngi s dng phi nhp cu hi bo mt khi khi phc mt khu, bn c th chnh sa cu hnh ca menbership, listing 1.27 sau s gn gi tr l false cho thuc tnh requiresQuestionAndAnswer. Listing 1.27 M: <?xml version="1.0"?> <configuration> <system.web> <authentication mode="Forms" /> <membership defaultProvider="MyMembership"> <providers> <add name="MyMembership" type="System.Web.Security.SqlMembershipProvider" connectionStringName="LocalSqlServer" requiresQuestionAndAnswer="false" /> </providers> </membership> </system.web> </configuration>

Chng 2. S dng ASP.NET MenberShip

Trong chng trc, bn c hc cch s dng iu khin login to form ng k ngi s dng vi h thng. Trong chng ny chng ta cng khm ph v gii ngha bo mt framework trn cc iu khin Login. ASP.NET Framework bao gm 4 khung quan h bo mt: ASP.NET Authentication: Cho php nh ngha ngi s dng. ASP.NET Authorization: Cho php bn y nhim quyn truy xut d liu cho ngi s dng. ASP.NET Membership: cho php bn din t ngi s dng v chnh sa cc thuc tnh n. Role Manager: a ra vai tr ca ngi s dng v chnh s cc thuc tnh ca n.

2.1 Cu hnh Authentication

ng dng ch dn x l xc nh bn l ai. ASP.NET Framework h tr 3 kiu ca xc thc. Windows Authentication .NET Passport Authentication Forms Authentication Mt ng dng ring ch c th p dng mt kiu xc thc. bn khng th ap dng ng thi nhiu kiu. Mc nh Windows authentication c cho php, Khi windows authentication c cho

php cc tn ti khon Micosoft Windows ca h. Vai tr ph hp vi nhm Micisoft Windows. Windows authentication y quyn chu trch nhim nh danh ngi s dng trn IIS. IIS c th s dng cu hnh Basic, Intergrated Windows, hoc Digest authentication. Kim chng .NET Passport ging vi kim chng website ca Microsofts nh l MSN hay Hotmail. Nu bn mun ngi s dng ng nhp trong ng dng ca bn bi cc ti khon Hotmail tn ti, bn c th cho php kim chng .Net PassPort. Cui cng l kiu kim chng Form Authentication. Khi Form Authentication c cho php, Cc ngi s dng c nh ngha bi mt cookie. Khi ngi s dng c kim chng. Mt cookie m ha c thm vo trnh duyt ca ngi s dng. Khi Form Authentication c cho php, ngi s dng v v thng tin vai tr c lu tr trong mt kho d liu ty bin. V d bn c th lu tr tn ngi s dng v mt khu trong mt file XML, database, hay mt file Text c bn.

2.1.1 Cu hinh Form Authentication

Cc la chn cu hnh ring c ch nh n Form Authentication Cookieless: Cho php bn s dng s kin Form authentication khi trnh duyt khng h tr Cookie, c th l cc gi tr: UseCookies, UseUri, AutoDetect, v UseDeviceProfile. Mc nh gi tr l UseDeviceProfile. defaultUrl: Cho php bn ch nh trang m sau khi ngi s dng c kim chng chuyn ti. mc nh l gi tr Default.aspx. domain: cho php bn ch nh domain c kt hp mi kim chng Cookie, gi tr mc nh l rng. enableCrossAppRedirects: Cho php ngi s dng kim chng qua ng dng bng cch th xc thc trong mt chui truy vn.. Gi tr mc nh l fasle. loginUrl: Cho php bn ch nh ng dn ti trang Login. Gi tr mc nh l Login.aspx name: Cho php bn ch nh tn ca cookie kim chng. gi tr mc nh l .ASPXAUTH. path: Cho php bn ch nh ng dn kt hp vi cookie kim chng mc nh gi tr l /. Protection: cho php bn ch nh cookie kim chng c m ha nh th no. Gi tr c th l All, Encryption, None v Validation, gi tr mc nh l All. requiresSSL: Cho php bn yu cu mt SSL(Secure Sockets Layer) kt ni khi truyn cookie kim chng. mc nh gi tr l false. slidingExpiration: Cho php bn ngn cn cookie xc thc ht hn nh l ngi s dng tip tc to mt yu cu trong mt khong thi gian, c th c gi tr l False hoc True, mc nh l Fasle. timeout: Cho php bn ch nh mt lng thi gian ht hn ca cookie xc thc tnh bi pht. Gi tr mc nh l 30. V d sau s thay i tn ca cookie authentication. Listing 2.1 web1.config M: <?xml version="1.0"?> <configuration> <appSettings/>

<connectionStrings/> <system.web> <authentication mode="Forms" > <forms name="MyApp" /> </authentication> </system.web> </configuration>

2.1.2 S dng kim chng Cookieless Forms.

Bnh thng, kim chng Form s dng mt cookie xc nh ngi s dng, tuy nhin Forms authentication h tr mt thuc tnh t tn l cookieless authentication. Khi cookieless authentication c cho php, mt ngi s dng c th c nh danh ngoi cookie ca trnh duyt. Bi vic thm vo kim chng cookieless, bn c th s dng Forms Authentication v ASP.NET Menbership kim chng ngi s dng, mt ngi s dng c th c nh ngha bi mt th duy nht c thm vo a ch URL. Nu ngi s dng s dng cc URL quan h ti ng dn t trang ny ti trang khc, sau th ny c truyn qua gia cc trang t ng v ngi s dng c th c nh danh trn nhiu trang. Khi bn gi mt trang m yu cu xc thc v xc thc cookieless c cho php, a ch URL trn trnh duyt nhn ging nh sau: http://localhost:2500/Original/(F(WfAne ... VllOKdQkRk tOqV7cfcrgUJ2NKxNhH9dTA7fgzZ-cZwyr4ojyU6EnarC-bbf8g4sl6m4k5kk6Nmcsg1)) /SecretFiles/Secret2.aspx Bn cu hnh kim chng cookieless bi vic gn mt gi tr ca thnh phn form trong file web.config. thuc tnh cookieless chp nhn mt vi thuc tnh sau: UseCookies: lun lun s dng cookie xc thc. UseUri: Khng bao gi s dng cookie xc thc. AutoDetect: t ng pht hin s dng cookie xc thc. UseDeviceProfile: s dng profile nh r khi no s dng cookie xc thc. Mc nh l gi tr UseDeviceProfile. Bi mc nh ASP.NET Framework l mt cookie ch khi no mt kiu ring ca thit b h tr cookie. ASP.NET Framework duy tr mt c s d liu ty thuc kh nng thit b trong thit lp ca cc file cha ng theo ng dn sau: \WINDOWS\Microsoft.NET\Framework\v2.0.50727\CONFIG\Browsers Bi mc nh ASP.NET Framework khng bao gi s dng xc thc cookieless vi mt trnh duyt nh l IE. Nu bn mun ASP.NET Framework t ng pht hin trnh duyt c h tr cookie hay khng th bn thit lp thuc tnh cookieless c gi tr l AutoDetect. Listing 2.2 M: <configuration> <system.web> <authentication mode="Forms" > <forms cookieless="AutoDetect"></forms>

</authentication> </system.web> </configuration>

2.1.3 S dng s ht hn trt vi Forms Authentication

Bi mc nh Forms Authentication s dng cc hgii quyt trt ht hn, Ngi s dng khng yu cu trang trong vng 30 pht, trang s t ng ng xut. Nu bn c yu cu bo mt ng n, bn c th s dng gii php thi hn tuyt i thay cho trt thi hn. Trong trng hp ny, bn c th hiu lc mt ngi s dng ng nhp li sau mt khong thi gian ring. Listing 2.3 M: <?xml version="1.0"?> <configuration> <appSettings/> <connectionStrings/> <system.web> <authentication mode="Forms" > <forms slidingExpiration="false" timeout="1" /> </authentication> </system.web> </configuration>

2.1.4 S dng Forms authentication ngang qua ng dng

Trong phn trc bn c hc chia s xc thc cookie qua cc ng dng khc nhau trong cng server hoc server khc nhau, trong phn ny bn s hc cch chia s xc thc cookie qua nh domain. Mt cookie trnh duyt lun quan h vi domain, Vi d website Amazon khng th c cookie thit lp bi website itechpro hoc vietnamnet. Tuy nhin bn c th khm ph rng bn cn chia s thng tin xc thc qua nhiu website vi nhiu domain khc nhau. Bn c th lm vic quanh vn ny bi vic truyn th xc thc trong mt chui truy vn hn l trong mt cookie Khng c g ngn cn bn truyn tham s qua cc domain khc nhau. c th cho php trong ng cnh ny, bn phi cu hnh ng dng ca bn chp nhn th xc thc c truyn trong chui truy vn, nh v d sau: Listing 2.4 web4.config M: <configuration> <system.web> <authentication mode="Forms" > <forms enableCrossAppRedirects="true" /> </authentication> <machineKey decryption="AES" validation="SHA1" decryptionKey="306C1FA852AB3B0115150DD8BA30821CDFD125538A0C606DAC

A53DBB3C3E0AD2" validationKey="61A8E04A146AFFAB81B6AD19654F99EA7370807F18F5002725DA B98B8EFD19C711337E26948E26D1D174B159973EA0BE8CC9CAA6AAF513BF84E 44B2247792265" /> </system.web> </configuration> Nu bn cu hnh nh Listing 2.4 cho php hai ng dng khc nhau nh v trn cc domain khc nhau, hai ng dng khc nhau c th chia s th kim chng khc nhau. Khi bn lin kt hoc chuyn san trang t mt trang khc bn phi truyn th kim chng ny trong chui tham s truy vn Listing 2.5 QueryStringAuthenticate.aspx M: <%@ Page Language="C#" AutoEventWireup="true" CodeFile="QueryStringAuthenticate.aspx.cs" Inherits="QueryStringAuthenticate" %> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <script runat="server"> void Page_Load() { string cookieName = FormsAuthentication.FormsCookieName; string cookieValue = FormsAuthentication.GetAuthCookie(User.Identity.Name, false).Value; lnkOtherDomain.NavigateUrl += String.Format("?{0}={1}", cookieName, cookieValue); } </script> <html xmlns="http://www.w3.org/1999/xhtml" > <head runat="server"> <title>Untitled Page</title> </head> <body> <form id="form1" runat="server"> <div> <asp:HyperLink id="lnkOtherDomain" Text="lin kt ti Domain khc" NavigateUrl="http://www.OtherDomain.com/Secret.aspx" Runat="server" /> </div> </form> </body> </html>

2.1.5 S dng Lp FormsAuthentication

Giao tip lp trnh ng dng chnh cho tng tc vi kim chng Forms l lp FormsAuthentication Lp ny h tr cc thuc tinh sau: CookieDomain: Tr v domain kt hp vi cookie xc thc CookieMode: Tr v kiu xc thc cookieless. C th l cc gi tr: AutoDetect, UseCookies, UseDeviceProfile, and UseUri. CookiesSupported: Tr v ng khi trnh duyt h tr cookie v xc thc Forms c cu hnh s dng cookies. DefaultUrl: Tr v URL ca trang m ngi s dng c chuyn ti sau khi c kim chng. EnableCrossAppRedirects: Tr v true khi th kim chng c th g b t chui truy vn FormsCookieName: tr v tn ca cookie xc thc FormsCookiePath: Tr v ng dn kt hp vi cookie kim chng. LoginUrl: tr v URL ca trang m ngi s dng c chuyn ti khi s c kim chng. RequireSSL: Tr v ng khi cookie kim chng phi c truyn thng vi SSL. SlidingExpiration: Tr v True khi cookie kim chng s dng chnh sch trt qu hn. Cc thuc tnh ny tr v cc thit lp cu hnh trong file web.config Lp FormsAuthentication h tr cc phng thc sau: Authenticate: Cho php bn kim tra li UserName v Password da vo mt danh sch UserName v Password c lu tr trong file web.config. Decrypt: cho php bn gii m mt cookie xc thc GetAuthCookie: Cho php bn ly thng tin cookie xc thc. GetRedirectUrl: Cho php bn ly thng tin ng dn trang ban u gy ra chuyn ti trang Login.aspx. HashPasswordForStoringInConfigFile: Cho php bn lu tr mt mt khu m n c th c lu tr trong file web.config. RedirectFromLoginPage: Cho php bn chuyn ngi s dng quay tr li trang ban u c yu cu trc khi ngi s dng c chuyn ti trang Login.aspx. RedirectToLoginPage: cho php chuyn ngi s dng ti trang Login.aspx RenewTicketIfOld: Cho php bn cp nht thi gian ht hn ca cookie kim chng. SetAuthCookie: Cho php bn to v a ra mt cookie kim chng. SignOut: Cho php bn g b mt cookie kim chng v ng xut ngi s dng. Bn c th s dng cc phng thc v thuc tnh ca lp FormsAuthentication xy dng ngi ng k s dng v h thng kim chng ngoi vic s dng ASP.NET Menbership. V d Listing 2.6 cha ng mt danh sch tn s dng v mt khu Listing 2.6 web6.config M: <configuration> <system.web> <authentication mode="Forms"> <forms> <credentials passwordFormat="Clear"> <user name="Bill" password="secret" />

<user name="Jane" password="secret" /> <user name="Fred" password="secret" /> </credentials> </forms> </authentication> </system.web> </configuration> Listing 2.6 cha ng thnh phn forms m cha ng thnh phn credentials. credentials bao gm mt danh sch UserName v Password. Ch rng thnh phn credentials cha mt thuc tnh PasswordFormatm c thit lp vi gi tr Clear, Nu bn thch lu tr mt khu trong Text hn bn c th lu tr mt khu trong cc gi tr hash, Vi con ng th bt c ai trn webserver khng th nhn thy mt khu ca ngi khc. Trng hp 2 gi tr ca PasswordFormat c th l MD5 v SHA1. Listing 2.7 FormsLogin.aspx M: <%@ Page Language="C#" AutoEventWireup="true" CodeFile="FormsLogin.aspx.cs" Inherits="FormsLogin" %> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <script runat="server"> protected void btnLogin_Click(object sender, EventArgs e) { if (FormsAuthentication.Authenticate(txtUserName.Text,txtPassword.Text)) FormsAuthentication.RedirectFromLoginPage(txtUserName.Text, chkRememberMe.Checked); else lblError.Text = "Invalid user name/password"; } </script> <html xmlns="http://www.w3.org/1999/xhtml" > <head runat="server"> <title>ng nhp h thng</title> </head> <body> <form id="form1" runat="server"> <div> <asp:Label id="lblError" EnableViewState="false" ForeColor="Red" Runat="server" /> <br /><br /> <asp:Label id="lblUserName" Text="User Name:" AssociatedControlID="txtUserName" Runat="server" /> <br />

<asp:TextBox id="txtUserName" Runat="server" /> <br /><br /> <asp:Label id="lblPassword" Text="Password:" AssociatedControlID="txtPassword" Runat="server" /> <br /> <asp:TextBox id="txtPassword" TextMode="Password" Runat="server" /> <br /><br /> <asp:CheckBox id="chkRememberMe" Text="Remember Me" Runat="server" /> <br /><br /> <asp:Button id="btnLogin" Text="Login" OnClick="btnLogin_Click" Runat="server" /> </div> </form> </body> </html> Khi bn nhn vo nt Button Login, hm btnLogin_Click() c thc thi v phng thc FormsAuthentication.Authenticate() c s dng kim tra tn s dng v mt khu nhp trong Textbox c trong fike web.config khng. Nu ngi s dng xc thc thnh cng th phng thc FormsAuthentication.RedirectFromLoginPage() c gi. Phng thc RedirectFromLoginPage() lm hai vic: thm mt cookie xc thc vo trnh duyt ca ngi s dng v chuyn ngi s dng ti trang u tin b chuyn sang trang Login.aspx. Nu ngi s dng yu cu trc tip trang Login.aspx th n s chuyn v trang Default.aspx. Tham s th 2 truyn ti phng thc RedirectFromLoginPage() cho bit c bn c mun s dng mt session hay mt persistent cookie hay khng. Nu bn to mt persistent cookie th bn khng cn phi ng nhp trang web khi bn tr li trong mt thi gian sau .

2.1.6 S dng lp User

Bn c th s dng thuc tnh Page.User hoc HttpContext.User ly thng tin v ngi s dng hin ti. Thuc tnh Page.User a ra mt i tng Principal m h tr phng thc sau: IsInRole: Cho php kim tra ngi s dng c phi l mt thnh vin ca Role ring hay khng. V d Khi Windows Authentication c cho php, bn c th s dng phng thc IsInRole kim tra ngi s dng c phi l thnh vin ca nhm ring trong MS Windows nh l nhm BUILTIN\Administrators hay khng? if (User.IsInRole(BUILTIN\Administrators)) { // thc hin cng vic ca qun tr vin h iu hnh } i tng Principal ch bao gm mt thuc tnh Identity cho php bn ly thng tin v c tnh ca ngi s dng hin ti. i tng Indentity h tr ba thuc tnh sau: AuthenticationType: cho php bn xc nh ngi s dng c kim chng nh th no c th l cc gi tr: Forms, Basic, v NTLM.

IsAuthenticated: cho php bn xc nh ngi s dng c c kim chng hay khng. Name: cho php ly thng tin tn ca ngi s dng.

Chng 2. S dng ASP.NET MenberShip

Trong chng trc, bn c hc cch s dng iu khin login to form ng k ngi s dng vi h thng. Trong chng ny chng ta cng khm ph v gii ngha bo mt framework trn cc iu khin Login. ASP.NET Framework bao gm 4 khung quan h bo mt: ASP.NET Authentication: Cho php nh ngha ngi s dng. ASP.NET Authorization: Cho php bn y nhim quyn truy xut d liu cho ngi s dng. ASP.NET Membership: cho php bn din t ngi s dng v chnh sa cc thuc tnh n. Role Manager: a ra vai tr ca ngi s dng v chnh s cc thuc tnh ca n.

2.1 Cu hnh Authentication

ng dng ch dn x l xc nh bn l ai. ASP.NET Framework h tr 3 kiu ca xc thc. Windows Authentication .NET Passport Authentication Forms Authentication Mt ng dng ring ch c th p dng mt kiu xc thc. bn khng th ap dng ng thi nhiu kiu. Mc nh Windows authentication c cho php, Khi windows authentication c cho php cc tn ti khon Micosoft Windows ca h. Vai tr ph hp vi nhm Micisoft Windows. Windows authentication y quyn chu trch nhim nh danh ngi s dng trn IIS. IIS c th s dng cu hnh Basic, Intergrated Windows, hoc Digest authentication. Kim chng .NET Passport ging vi kim chng website ca Microsofts nh l MSN hay Hotmail. Nu bn mun ngi s dng ng nhp trong ng dng ca bn bi cc ti khon Hotmail tn ti, bn c th cho php kim chng .Net PassPort. Cui cng l kiu kim chng Form Authentication. Khi Form Authentication c cho php, Cc ngi s dng c nh ngha bi mt cookie. Khi ngi s dng c kim chng. Mt cookie m ha c thm vo trnh duyt ca ngi s dng. Khi Form Authentication c cho php, ngi s dng v v thng tin vai tr c lu tr trong mt kho d liu ty bin. V d bn c th lu tr tn ngi s dng v mt khu trong mt file XML, database, hay mt file Text c bn.

2.1.1 Cu hinh Form Authentication

Cc la chn cu hnh ring c ch nh n Form Authentication Cookieless: Cho php bn s dng s kin Form authentication khi trnh duyt khng h tr Cookie, c th l cc gi tr: UseCookies, UseUri, AutoDetect, v UseDeviceProfile. Mc nh gi tr l UseDeviceProfile. defaultUrl: Cho php bn ch nh trang m sau khi ngi s dng c kim chng chuyn ti. mc nh l gi tr Default.aspx. domain: cho php bn ch nh domain c kt hp mi kim chng Cookie, gi tr

mc nh l rng. enableCrossAppRedirects: Cho php ngi s dng kim chng qua ng dng bng cch th xc thc trong mt chui truy vn.. Gi tr mc nh l fasle. loginUrl: Cho php bn ch nh ng dn ti trang Login. Gi tr mc nh l Login.aspx name: Cho php bn ch nh tn ca cookie kim chng. gi tr mc nh l .ASPXAUTH. path: Cho php bn ch nh ng dn kt hp vi cookie kim chng mc nh gi tr l /. Protection: cho php bn ch nh cookie kim chng c m ha nh th no. Gi tr c th l All, Encryption, None v Validation, gi tr mc nh l All. requiresSSL: Cho php bn yu cu mt SSL(Secure Sockets Layer) kt ni khi truyn cookie kim chng. mc nh gi tr l false. slidingExpiration: Cho php bn ngn cn cookie xc thc ht hn nh l ngi s dng tip tc to mt yu cu trong mt khong thi gian, c th c gi tr l False hoc True, mc nh l Fasle. timeout: Cho php bn ch nh mt lng thi gian ht hn ca cookie xc thc tnh bi pht. Gi tr mc nh l 30. V d sau s thay i tn ca cookie authentication. Listing 2.1 web1.config M: <?xml version="1.0"?> <configuration> <appSettings/> <connectionStrings/> <system.web> <authentication mode="Forms" > <forms name="MyApp" /> </authentication> </system.web> </configuration>

2.1.2 S dng kim chng Cookieless Forms.

Bnh thng, kim chng Form s dng mt cookie xc nh ngi s dng, tuy nhin Forms authentication h tr mt thuc tnh t tn l cookieless authentication. Khi cookieless authentication c cho php, mt ngi s dng c th c nh danh ngoi cookie ca trnh duyt. Bi vic thm vo kim chng cookieless, bn c th s dng Forms Authentication v ASP.NET Menbership kim chng ngi s dng, mt ngi s dng c th c nh ngha bi mt th duy nht c thm vo a ch URL. Nu ngi s dng s dng cc URL quan h ti ng dn t trang ny ti trang khc, sau th ny c truyn qua gia cc trang t ng v ngi s dng c th c nh danh trn nhiu trang. Khi bn gi mt trang m yu cu xc thc v xc thc cookieless c cho php, a ch URL trn trnh duyt nhn ging nh sau: http://localhost:2500/Original/(F(WfAne ... VllOKdQkRk

tOqV7cfcrgUJ2NKxNhH9dTA7fgzZ-cZwyr4ojyU6EnarC-bbf8g4sl6m4k5kk6Nmcsg1)) /SecretFiles/Secret2.aspx Bn cu hnh kim chng cookieless bi vic gn mt gi tr ca thnh phn form trong file web.config. thuc tnh cookieless chp nhn mt vi thuc tnh sau: UseCookies: lun lun s dng cookie xc thc. UseUri: Khng bao gi s dng cookie xc thc. AutoDetect: t ng pht hin s dng cookie xc thc. UseDeviceProfile: s dng profile nh r khi no s dng cookie xc thc. Mc nh l gi tr UseDeviceProfile. Bi mc nh ASP.NET Framework l mt cookie ch khi no mt kiu ring ca thit b h tr cookie. ASP.NET Framework duy tr mt c s d liu ty thuc kh nng thit b trong thit lp ca cc file cha ng theo ng dn sau: \WINDOWS\Microsoft.NET\Framework\v2.0.50727\CONFIG\Browsers Bi mc nh ASP.NET Framework khng bao gi s dng xc thc cookieless vi mt trnh duyt nh l IE. Nu bn mun ASP.NET Framework t ng pht hin trnh duyt c h tr cookie hay khng th bn thit lp thuc tnh cookieless c gi tr l AutoDetect. Listing 2.2 M: <configuration> <system.web> <authentication mode="Forms" > <forms cookieless="AutoDetect"></forms> </authentication> </system.web> </configuration>

2.1.3 S dng s ht hn trt vi Forms Authentication

Bi mc nh Forms Authentication s dng cc hgii quyt trt ht hn, Ngi s dng khng yu cu trang trong vng 30 pht, trang s t ng ng xut. Nu bn c yu cu bo mt ng n, bn c th s dng gii php thi hn tuyt i thay cho trt thi hn. Trong trng hp ny, bn c th hiu lc mt ngi s dng ng nhp li sau mt khong thi gian ring. Listing 2.3 M: <?xml version="1.0"?> <configuration> <appSettings/> <connectionStrings/> <system.web> <authentication mode="Forms" > <forms slidingExpiration="false" timeout="1" /> </authentication>

</system.web> </configuration>

2.1.4 S dng Forms authentication ngang qua ng dng

Trong phn trc bn c hc chia s xc thc cookie qua cc ng dng khc nhau trong cng server hoc server khc nhau, trong phn ny bn s hc cch chia s xc thc cookie qua nh domain. Mt cookie trnh duyt lun quan h vi domain, Vi d website Amazon khng th c cookie thit lp bi website itechpro hoc vietnamnet. Tuy nhin bn c th khm ph rng bn cn chia s thng tin xc thc qua nhiu website vi nhiu domain khc nhau. Bn c th lm vic quanh vn ny bi vic truyn th xc thc trong mt chui truy vn hn l trong mt cookie Khng c g ngn cn bn truyn tham s qua cc domain khc nhau. c th cho php trong ng cnh ny, bn phi cu hnh ng dng ca bn chp nhn th xc thc c truyn trong chui truy vn, nh v d sau: Listing 2.4 web4.config M: <configuration> <system.web> <authentication mode="Forms" > <forms enableCrossAppRedirects="true" /> </authentication> <machineKey decryption="AES" validation="SHA1" decryptionKey="306C1FA852AB3B0115150DD8BA30821CDFD125538A0C606DAC A53DBB3C3E0AD2" validationKey="61A8E04A146AFFAB81B6AD19654F99EA7370807F18F5002725DA B98B8EFD19C711337E26948E26D1D174B159973EA0BE8CC9CAA6AAF513BF84E 44B2247792265" /> </system.web> </configuration> Nu bn cu hnh nh Listing 2.4 cho php hai ng dng khc nhau nh v trn cc domain khc nhau, hai ng dng khc nhau c th chia s th kim chng khc nhau. Khi bn lin kt hoc chuyn san trang t mt trang khc bn phi truyn th kim chng ny trong chui tham s truy vn Listing 2.5 QueryStringAuthenticate.aspx M: <%@ Page Language="C#" AutoEventWireup="true" CodeFile="QueryStringAuthenticate.aspx.cs" Inherits="QueryStringAuthenticate" %> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<script runat="server"> void Page_Load() { string cookieName = FormsAuthentication.FormsCookieName; string cookieValue = FormsAuthentication.GetAuthCookie(User.Identity.Name, false).Value; lnkOtherDomain.NavigateUrl += String.Format("?{0}={1}", cookieName, cookieValue); } </script> <html xmlns="http://www.w3.org/1999/xhtml" > <head runat="server"> <title>Untitled Page</title> </head> <body> <form id="form1" runat="server"> <div> <asp:HyperLink id="lnkOtherDomain" Text="lin kt ti Domain khc" NavigateUrl="http://www.OtherDomain.com/Secret.aspx" Runat="server" /> </div> </form> </body> </html>

2.1.5 S dng Lp FormsAuthentication

Giao tip lp trnh ng dng chnh cho tng tc vi kim chng Forms l lp FormsAuthentication Lp ny h tr cc thuc tinh sau: CookieDomain: Tr v domain kt hp vi cookie xc thc CookieMode: Tr v kiu xc thc cookieless. C th l cc gi tr: AutoDetect, UseCookies, UseDeviceProfile, and UseUri. CookiesSupported: Tr v ng khi trnh duyt h tr cookie v xc thc Forms c cu hnh s dng cookies. DefaultUrl: Tr v URL ca trang m ngi s dng c chuyn ti sau khi c kim chng. EnableCrossAppRedirects: Tr v true khi th kim chng c th g b t chui truy vn FormsCookieName: tr v tn ca cookie xc thc FormsCookiePath: Tr v ng dn kt hp vi cookie kim chng. LoginUrl: tr v URL ca trang m ngi s dng c chuyn ti khi s c kim chng. RequireSSL: Tr v ng khi cookie kim chng phi c truyn thng vi SSL. SlidingExpiration: Tr v True khi cookie kim chng s dng chnh sch trt qu hn. Cc thuc tnh ny tr v cc thit lp cu hnh trong file web.config Lp FormsAuthentication h tr cc phng thc sau:

 Authenticate: Cho php bn kim tra li UserName v Password da vo mt danh sch UserName v Password c lu tr trong file web.config. Decrypt: cho php bn gii m mt cookie xc thc GetAuthCookie: Cho php bn ly thng tin cookie xc thc. GetRedirectUrl: Cho php bn ly thng tin ng dn trang ban u gy ra chuyn ti trang Login.aspx. HashPasswordForStoringInConfigFile: Cho php bn lu tr mt mt khu m n c th c lu tr trong file web.config. RedirectFromLoginPage: Cho php bn chuyn ngi s dng quay tr li trang ban u c yu cu trc khi ngi s dng c chuyn ti trang Login.aspx. RedirectToLoginPage: cho php chuyn ngi s dng ti trang Login.aspx RenewTicketIfOld: Cho php bn cp nht thi gian ht hn ca cookie kim chng. SetAuthCookie: Cho php bn to v a ra mt cookie kim chng. SignOut: Cho php bn g b mt cookie kim chng v ng xut ngi s dng. Bn c th s dng cc phng thc v thuc tnh ca lp FormsAuthentication xy dng ngi ng k s dng v h thng kim chng ngoi vic s dng ASP.NET Menbership. V d Listing 2.6 cha ng mt danh sch tn s dng v mt khu Listing 2.6 web6.config M: <configuration> <system.web> <authentication mode="Forms"> <forms> <credentials passwordFormat="Clear"> <user name="Bill" password="secret" /> <user name="Jane" password="secret" /> <user name="Fred" password="secret" /> </credentials> </forms> </authentication> </system.web> </configuration> Listing 2.6 cha ng thnh phn forms m cha ng thnh phn credentials. credentials bao gm mt danh sch UserName v Password. Ch rng thnh phn credentials cha mt thuc tnh PasswordFormatm c thit lp vi gi tr Clear, Nu bn thch lu tr mt khu trong Text hn bn c th lu tr mt khu trong cc gi tr hash, Vi con ng th bt c ai trn webserver khng th nhn thy mt khu ca ngi khc. Trng hp 2 gi tr ca PasswordFormat c th l MD5 v SHA1. Listing 2.7 FormsLogin.aspx M: <%@ Page Language="C#" AutoEventWireup="true" CodeFile="FormsLogin.aspx.cs" Inherits="FormsLogin" %>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <script runat="server"> protected void btnLogin_Click(object sender, EventArgs e) { if (FormsAuthentication.Authenticate(txtUserName.Text,txtPassword.Text)) FormsAuthentication.RedirectFromLoginPage(txtUserName.Text, chkRememberMe.Checked); else lblError.Text = "Invalid user name/password"; } </script> <html xmlns="http://www.w3.org/1999/xhtml" > <head runat="server"> <title>ng nhp h thng</title> </head> <body> <form id="form1" runat="server"> <div> <asp:Label id="lblError" EnableViewState="false" ForeColor="Red" Runat="server" /> <br /><br /> <asp:Label id="lblUserName" Text="User Name:" AssociatedControlID="txtUserName" Runat="server" /> <br /> <asp:TextBox id="txtUserName" Runat="server" /> <br /><br /> <asp:Label id="lblPassword" Text="Password:" AssociatedControlID="txtPassword" Runat="server" /> <br /> <asp:TextBox id="txtPassword" TextMode="Password" Runat="server" /> <br /><br /> <asp:CheckBox id="chkRememberMe" Text="Remember Me" Runat="server" /> <br /><br /> <asp:Button id="btnLogin" Text="Login" OnClick="btnLogin_Click" Runat="server" /> </div> </form> </body> </html> Khi bn nhn vo nt Button Login, hm btnLogin_Click() c thc thi v phng thc FormsAuthentication.Authenticate() c s dng kim tra tn s dng v mt khu nhp trong Textbox c trong fike web.config khng. Nu ngi s dng xc thc thnh cng th phng thc FormsAuthentication.RedirectFromLoginPage() c gi.

Phng thc RedirectFromLoginPage() lm hai vic: thm mt cookie xc thc vo trnh duyt ca ngi s dng v chuyn ngi s dng ti trang u tin b chuyn sang trang Login.aspx. Nu ngi s dng yu cu trc tip trang Login.aspx th n s chuyn v trang Default.aspx. Tham s th 2 truyn ti phng thc RedirectFromLoginPage() cho bit c bn c mun s dng mt session hay mt persistent cookie hay khng. Nu bn to mt persistent cookie th bn khng cn phi ng nhp trang web khi bn tr li trong mt thi gian sau .

2.1.6 S dng lp User

Bn c th s dng thuc tnh Page.User hoc HttpContext.User ly thng tin v ngi s dng hin ti. Thuc tnh Page.User a ra mt i tng Principal m h tr phng thc sau: IsInRole: Cho php kim tra ngi s dng c phi l mt thnh vin ca Role ring hay khng. V d Khi Windows Authentication c cho php, bn c th s dng phng thc IsInRole kim tra ngi s dng c phi l thnh vin ca nhm ring trong MS Windows nh l nhm BUILTIN\Administrators hay khng? if (User.IsInRole(BUILTIN\Administrators)) { // thc hin cng vic ca qun tr vin h iu hnh } i tng Principal ch bao gm mt thuc tnh Identity cho php bn ly thng tin v c tnh ca ngi s dng hin ti. i tng Indentity h tr ba thuc tnh sau: AuthenticationType: cho php bn xc nh ngi s dng c kim chng nh th no c th l cc gi tr: Forms, Basic, v NTLM. IsAuthenticated: cho php bn xc nh ngi s dng c c kim chng hay khng. Name: cho php ly thng tin tn ca ngi s dng.