View
223
Download
0
Category
Preview:
Citation preview
Role Management Role Management in .NETin .NET
Shree Shalini PusapatiCS 795
04/21/23 1
AgendaAgenda
Understanding Role Management
Membership Services
Login Control
Role Management Services
Demo
04/21/23 2
IntroductionIntroduction
04/21/23 3
Understanding Role ManagementUnderstanding Role Management
Roles give flexibility to manage permissions
Manage Authorization
Assigning users to Roles
Lets you create Access Rules
Rules independent of individual user
04/21/23 4
Role Management in .NETRole Management in .NET
Define Users – Membership Services
User Identification – Login Control
Define Roles & Assign Members to Roles – Role Management
04/21/23 5
Membership ServicesMembership Services
04/21/23 6
Membership ServicesMembership Services
Manages users and credentials◦Declarative access via WS Admin Tool◦Programmatic access via Membership API
Simplifies forms authentication◦Provides logic for validating user names and
passwords, creating users, and more◦Manages data store for credentials, e-mail
addresses, and other membership data
Provider-based for flexible data storage
04/21/23 7
Membership SchemaMembership Schema04/21/23
Membership API
MembershipData
ControlsLoginLoginLoginLogin LoginStatusLoginStatusLoginStatusLoginStatus LoginViewLoginViewLoginViewLoginView
Other MembershipOther MembershipProvidersProviders
Other MembershipOther MembershipProvidersProviders
Membership Providers
MembershipMembershipMembershipMembership MembershipUserMembershipUserMembershipUserMembershipUser
SqlMembershipProviderSqlMembershipProviderSqlMembershipProviderSqlMembershipProvider
OtherOtherControlsControls
OtherOtherControlsControls
SQL ServerSQL Server OtherOtherData StoresData Stores
SQL ServerSQL ServerExpressExpress
8
The Membership ClassThe Membership Class
Provides static methods for performing key membership tasks◦Creating and deleting users◦Retrieving information about users◦Generating random passwords◦Validating logins
Includes read-only static properties for acquiring data about provider settings
04/21/23 9
Key Membership MethodsKey Membership Methods
Name Description
CreateUser Adds a user to the membership data store
DeleteUser Removes a user from the membership data store
GeneratePassword Generates a random password of a specified length
GetAllUsersRetrieves a collection of MembershipUser objects
representing all currently registered users
GetUser Retrieves a MembershipUser object representing a user
UpdateUser Updates information for a specified user
ValidateUser Validates logins based on user names and passwords
Creating New UserCreating New User04/21/23
try { Membership.CreateUser ("Jeff", "imbatman!", "jeff@microsoft.com");}catch (MembershipCreateUserException e) { // Find out why CreateUser failed switch (e.StatusCode) {
case MembershipCreateStatus.DuplicateUsername: ... case MembershipCreateStatus.DuplicateEmail: ... case MembershipCreateStatus.InvalidPassword: ... default: ... }}
11
The MembershipUser ClassThe MembershipUser Class
Represents individual users registered in the membership data store
Includes numerous properties for getting and setting user info
Includes methods for retrieving, changing, and resetting passwords
Returned by Membership methods such as GetUser and CreateUser
04/21/23 12
Key MembershipUser MethodsKey MembershipUser Methods
Name Description
ChangePassword Changes user's password
ChangePassword-QuestionAndAnswer
Changes question and answer used for password
recovery
GetPassword* Retrieves a password
ResetPassword** Resets a password by setting it to a new random password
UnlockUser Restores suspended login privileges
* Works if Membership.EnablePasswordRetrieval is true** Works if Membership.EnablePasswordReset is true
Membership ProvidersMembership Providers
Membership is provider-based◦Provider provides interface between
Membership service and data store
Ships with one membership provider◦SqlMembershipProvider (SQL Server and SQL
Server Express)
Use custom providers for other Membership data stores
04/21/23 14
Configuring SqlMembershipProviderConfiguring SqlMembershipProvider
04/21/23
<membership defaultProvider="AspNetSqlMembershipProvider"> <providers> <add name="AspNetSqlMembershipProvider" connectionStringName="LocalSqlServer" enablePasswordRetrieval="[true|false]" enablePasswordReset="[true|false]" requiresQuestionAndAnswer="[true|false]" applicationName="/" requiresUniqueEmail="[true|false]" passwordFormat="[Clear|Encrypted|Hashed]" maxInvalidPasswordAttempts="5" passwordAttemptWindow="10" passwordStrengthRegularExpression="" minRequiredPasswordLength="7" minRequiredNonalphanumericCharacters="1" type="System.Web.Security.SqlMembershipProvider, System.Web, ..." /> </providers></membership>
15
Login ControlsLogin Controls
04/21/23 16
Login ControlsLogin Controls
Name Description
ChangePassword UI for changing passwords
CreateUserWizard UI for creating new user accounts
Login UI for entering and validating user names and passwords
LoginName Displays authenticated user names
LoginStatus UI for logging in and logging out
LoginView Displays different views based on login status and roles
PasswordRecovery UI for recovering forgotten passwords
The Login ControlThe Login Control
Standard UI for logging in users
Integrates with Membership service◦Calls ValidateUser automatically◦No-code validation and logins
Also works without Membership service
Incorporates RequiredFieldValidators
Highly customizable UI and behavior
04/21/23 18
Using the Login ControlUsing the Login Control
<html> <body> <form runat="server"> <asp:Login RunAt="server" /> </form> </body></html>
04/21/23 19
Customizing the Login ControlCustomizing the Login Control
<asp:Login ID="LoginControl" RunAt="server" CreateUserText="Create new account" CreateUserUrl="CreateUser.aspx" DisplayRememberMe="false" PasswordRecoveryText="Forgotten your password?" PasswordRecoveryUrl="RecoverPassword.aspx" LoginButtonText="Do It!" TitleText="Please Log In"/>
04/21/23 20
Login Control EventsLogin Control Events
Name Description
LoggingIn
Fired when the user clicks the Log In button. Purpose: to
Prevalidate login credentials (e.g., make sure e-mail
address is well-formed)
Authenticate
Fired when the user clicks the Log In button. Purpose: to
Authenticate the user by validating his or her
login credentials
LoggedIn Fired following a successful login
LoginError Fired when an attempted login fails
The LoginView ControlThe LoginView Control
Displays content differently to different users depending on:◦Whether user is authenticated◦If user is authenticated, the role memberships
he or she is assignedTemplate-driven
◦<AnonymousTemplate>◦<LoggedInTemplate>◦<RoleGroups> and <ContentTemplate>
04/21/23 22
Using LoginViewUsing LoginView
<asp:LoginView ID="LoginView1" Runat="server"> <AnonymousTemplate> <!-- Content seen by unauthenticated users --> </AnonymousTemplate> <LoggedInTemplate> <!-- Content seen by authenticated users --> </LoggedInTemplate> <RoleGroups> <asp:RoleGroup Roles="Administrators"> <ContentTemplate> <!-- Content seen by authenticated users who are administrators --> </ContentTemplate> </asp:RoleGroup> ... </RoleGroups></asp:LoginView>
04/21/23 23
The LoginName ControlThe LoginName Control
Displays authenticated user namesUse optional FormatString property to
control format of output
<asp:LoginView ID="LoginView1" Runat="server"> <AnonymousTemplate> You are not logged in </AnonymousTemplate> <LoggedInTemplate> <asp:LoginName ID="LoginName1" Runat="server" FormatString="You are logged in as {0}" /> </LoggedInTemplate></asp:LoginView>
04/21/23 24
The LoginStatus ControlThe LoginStatus Control
Displays links for logging in and out◦"Login" to unauthenticated users◦"Logout" to authenticated users
UI and logout behavior are customizable
<asp:LoginStatus ID="LoginStatus1" Runat="server" LogoutAction="Redirect" LogoutPageUrl="~/Default.aspx" />
04/21/23 25
LoginStatus PropertiesLoginStatus Properties
Name Description
LoginText Text displayed for login link (default="Login")
LogoutText Text displayed for logout link (default="Logout")
LoginImageUrl URL of image used for login link
LogoutActionAction to take following logout: Redirect,
RedirectToLoginPage, or Refresh (default)
LogOutPageUrl URL of page to go to following logout if LogoutAction="Redirect"
Role ManagementRole Management
04/21/23 27
Role Management ServiceRole Management Service
Role-based security in a box◦Declarative access via WS Admin Tool◦Programmatic access via Roles API
Simplifies adding role-based security to sites that employ forms authentication◦Maps users to roles on each request◦Provides data store for role information
Provider-based for flexible data storage
04/21/23 28
Role Management SchemaRole Management Schema
Roles API
Roles Data
SQL ServerSQL Server OtherOtherData StoresData Stores
ControlsLoginLoginLoginLogin LoginStatusLoginStatusLoginStatusLoginStatus LoginViewLoginViewLoginViewLoginView
Other Role ProvidersOther Role ProvidersOther Role ProvidersOther Role Providers
Role Providers
RolesRolesRolesRoles
SqlRoleProviderSqlRoleProviderSqlRoleProviderSqlRoleProvider
SQL ServerSQL ServerExpressExpress
OtherOtherControlsControls
OtherOtherControlsControls
04/21/23 29
The Roles ClassThe Roles Class
Gateway to the Role Management APIProvides static methods for performing
key role management tasks◦Creating and deleting roles◦Adding users to roles◦Removing users from roles and more
Includes read-only static properties for acquiring data about provider settings
04/21/23 30
Key Roles MethodsKey Roles Methods
Name Description
AddUserToRole Adds a user to a role
CreateRole Creates a new role
DeleteRole Deletes an existing role
GetRulesForUser Gets a collection of roles to which a user belongs
GetUsersInRole Gets a collection of users belonging to a specified role
IsUserInRole Indicates whether a user belongs to a specified role
RemoveUserFromRole Removes a user from the specified role
Creating a New RoleCreating a New Role
if (!Roles.RoleExists ("Developers")) { Roles.CreateRole ("Developers");}
04/21/23 32
Adding a User to a RoleAdding a User to a Role
string name = Membership.GetUser ().Username; // Get current userRoles.AddUserToRole (name, "Developers"); // Add current user to role
04/21/23 33
Enabling the Role ManagerEnabling the Role Manager
Role manager is disabled by defaultEnable it via Web.config:
<configuration> <system.web> <roleManager enabled="true" /> </system.web></configuration>
04/21/23 34
Configuring the Role ManagerConfiguring the Role Manager
<roleManager enabled="[true|false]" defaultProvider="AspNetSqlRoleProvider" createPersistentCookie="[true|false]" cacheRolesInCookie="[true|false]" cookieName=".ASPXROLES" cookieTimeout="00:30:00" cookiePath="/" cookieRequireSSL="[true|false]" cookieSlidingExpiration="[true|true]" cookieProtection="[None|Validation|Encryption|All]" domain="" maxCachedResults="25"> <providers> ... </providers></roleManager>
04/21/23 35
Role Management ProvidersRole Management Providers
Role management is provider-based
Ships with three role providers:◦AuthorizationStoreRoleProvider (Authorization
Manager, or "AzMan")◦SqlRoleProvider (SQL Server)◦WindowsTokenRoleProvider (Windows)
Use custom providers for other data stores
04/21/23 36
Configuring SqlRoleProviderConfiguring SqlRoleProvider
<roleManager defaultProvider="AspNetSqlRoleProvider" ...> <providers> <add applicationName="/" connectionStringName="LocalSqlServer" name="AspNetSqlRoleProvider" type="System.Web.Security.SqlRoleProvider, System.Web, ..." /> </providers></roleManager>
04/21/23 37
DemoDemo
04/21/23 38
Recommended