Professional Documents
Culture Documents
y Membership Service
y Role Management Service
y Custom membership service
Membership Service
y Manages users and credentials
y Declarative access via WS Admin Tool
y Programmatic access via Membership API
y Simplifies forms authentication
y Provides logic for validating user names and passwords,
creating users.
y Manages data store for credentials, e‐mail addresses, and
other membership data
y Provider‐based for flexible data storage
Membership Schema
Controls Other
Other
Login
Login LoginStatus
LoginStatus LoginView
LoginView Controls
Controls
Membership API
Membership
Membership MembershipUser
MembershipUser
Membership Providers
SqlMembershipProvider
SqlMembershipProvider
Membership
Data
SQL Server
SQL Server Express
The Membership Class
y Provides static methods for performing key
membership tasks
y Creating and deleting users
y Retrieving information about users
y Generating random passwords
y Validating logins
y Includes read‐only static properties for acquiring data
about provider settings
The MembershipUser Class
y Represents individual users registered in the
membership data store
y Includes numerous properties for getting and setting
user info
y Includes methods for retrieving, changing, and
resetting passwords
y Returned by Membership methods such as GetUser
and CreateUser
Key Membership Methods
Name Description
case MembershipCreateStatus.DuplicateUsername:
...
case MembershipCreateStatus.DuplicateEmail:
...
case MembershipCreateStatus.InvalidPassword:
...
default:
...
}
}
Validating Logins
if (Membership.ValidateUser (UserName.Text, Password.Text))
FormsAuthentication.RedirectFromLoginPage (UserName.Text,
RememberMe.Checked);
Key MembershipUser Properties
Name Description
LastPassword-
Date user's password was last changed
ChangedDate
if (user != null) {
if (user.IsLockedOut) {
user.UnlockUser ();
}
}
Aspnet_regsql.exe
y Tool for creating database used by
SqlMembershipProvider and other SQL Server
providers
(C:\WINDOWS\Microsoft.NET\Framework\v2.0.5072
7\Aspnet_regsql.exe)
Using the Login Control
<html>
<body>
<form runat="server">
<asp:Login RunAt="server" />
</form>
</body>
</html>
Configuring the Membership
Service
<membership defaultProvider="AspNetSqlMembershipProvider"
userIsOnlineTimeWindow = "00:15:00"
hashAlgorithmType = "[SHA1|MD5]"
>
<providers>
...
</providers>
</membership>
Membership Providers
y Membership is provider‐based
y Provider provides interface between Membership
service and data store
y Ships with one membership provider
y SqlMembershipProvider (SQL Server and SQL Server
Express)
y Use custom providers for other Membership data
stores
Configuring
SqlMembershipProvider
<membership defaultProvider="AspNetSqlMembershipProvider">
<providers>
<add name="AspNetSqlMembershipProvider"
connectionStringName="LocalSqlServer"
enablePasswordRetrieval="[true|false]"
enablePasswordReset="[true|false]"
requiresQuestionAndAnswer="[true|false]"
applicationName="/"
requiresUniqueEmail="[true|false]"
passwordFormat="[Clear|Encrypted|Hashed]"
maxInvalidPasswordAttempts="5"
passwordAttemptWindow="10"
passwordStrengthRegularExpression=""
minRequiredPasswordLength="7"
minRequiredNonalphanumericCharacters="1"
type="System.Web.Security.SqlMembershipProvider,
System.Web, ..."
/>
</providers>
</membership>
Login Controls
Name Description
Roles API
Roles
Roles
Role Providers
SqlRoleProvider
SqlRoleProvider Other Role Providers
Other Role Providers
Roles Data
SQL Server Other
SQL Server
Express Data Stores
The Roles Class
y Gateway to the Role Management API
y Provides static methods for performing key role
management tasks
y Creating and deleting roles
y Adding users to roles
y Removing users from roles and more
y Includes read‐only static properties for acquiring data
about provider settings
Key Roles Methods
Name Description
<configuration>
<system.web>
<roleManager enabled="true" />
</system.web>
</configuration>
Configuring the Role Manager
<roleManager enabled="[true|false]"
defaultProvider="AspNetSqlRoleProvider"
createPersistentCookie="[true|false]"
cacheRolesInCookie="[true|false]"
cookieName=".ASPXROLES"
cookieTimeout="00:30:00"
cookiePath="/"
cookieRequireSSL="[true|false]"
cookieSlidingExpiration="[true|true]"
cookieProtection="[None|Validation|Encryption|All]"
domain=""
maxCachedResults="25"
>
<providers>
...
</providers>
</roleManager>
Configuring SqlRoleProvider
<roleManager defaultProvider="AspNetSqlRoleProvider" ...>
<providers>
<add applicationName="/"
connectionStringName="LocalSqlServer"
name="AspNetSqlRoleProvider"
type="System.Web.Security.SqlRoleProvider, System.Web,
..."
/>
</providers>
</roleManager>
custom membership provider
Custom membership provider is to create a class that extends the
MembershipProvider class.
y This class has a long set of methods.
y 3 methods and 2 properties ‐ one to validate a user.
y one to find a user by username and one to register a new user and the
properties to return the minimum password length and whether
duplicate email is allowed.
y To get started, create a new ASP.NET MVC 2 project (not an empty
project) and name it CustomMembershipProvider. Then in your
Models folder, create a class called CustomMembershipProvider.
y This class will be extending the abstract MembershipProvider class.
Given below is the CustomMembershipProvider provider class, with
only the 3 methods we require being listed. MembershipProvider is
included in the System.Web.Security and so you may have to add a
reference to that namespace.
Example for CustomMembership
user
public class CustomMembershipProvider : MembershipProvider
{
public override MembershipUser CreateUser(string username, string password, string email, string passwordQuestion, string passwordAnswer, bool isApproved, object
providerUserKey, out MembershipCreateStatus status)
{
throw new NotImplementedException();
}
public override MembershipUser GetUser(string username, bool userIsOnline)
{ throw new NotImplementedException();
}
public override bool ValidateUser(string username, string password)
{
throw new NotImplementedException();
}
public override int MinRequiredPasswordLength
{
get
{
throw new NotImplementedException();
}
}
public override bool RequiresUniqueEmail
{
Get
{
throw new NotImplementedException();
}
}
}
Web.config
y <connectionStrings> <add name="ApplicationServices"
connectionString="Server=your_server;Database=your_db;
Uid=your_user_name;Pwd=your_password;"
providerName="System.Data.SqlClient" /> </connectionStrings>
<authentication mode="Forms"> <forms loginUrl="~/Account/LogOn"
timeout="2880" /> </authentication> <membership
defaultProvider="CustomMembershipProvider"> <providers> <clear/>
<add name="CustomMembershipProvider"
type="CustomMembership.Models.CustomMembershipProvider"
connectionStringName="AppDb" enablePasswordRetrieval="false"
enablePasswordReset="true" requiresQuestionAndAnswer="false"
requiresUniqueEmail="false" maxInvalidPasswordAttempts="5"
minRequiredPasswordLength="6"
minRequiredNonalphanumericCharacters="0"
passwordAttemptWindow="10" applicationName="/" /> </providers>
Managing Creation/Validation
of Users
public class User
{
private Table<UserObj> usersTable;
private DataContext context;
public User()
{ string connectionString = ConfigurationManager.ConnectionStrings["AppDb"].ConnectionString; context = new DataContext(connectionString);
usersTable = context.GetTable<UserObj>();
}
public UserObj GetUserObjByUserName(string userName, string passWord)
{
UserObj user = usersTable.SingleOrDefault( u => u.UserName == userName && u.Password == passWord);
return user;
}
public UserObj GetUserObjByUserName(string userName)
{
UserObj user = usersTable.SingleOrDefault(u => u.UserName == userName);
return user;
}
public IEnumerable<UserObj> GetAllUsers()
{
return usersTable.AsEnumerable(); }
}
public static string GetMD5Hash(string value)
{ MD5 md5Hasher = MD5.Create();
byte[] data = md5Hasher.ComputeHash(Encoding.Default.GetBytes(value));
StringBuilder sBuilder = new StringBuilder();
for (int i = 0; i < data.Length; i++)
{
sBuilder.Append(data[i].ToString("x2"));
}
return sBuilder.ToString();
}
}
Thank You