Upload
hailey
View
35
Download
0
Embed Size (px)
DESCRIPTION
Membership in ASP.Net...if only. Presented by: Patrick Hynds President, CriticalSites Microsoft Regional Director. Agenda. Membership Provider Model Custom Providers SOA based membership example Making a custom provider do what the standard ones won’t (Demo). Membership Service. - PowerPoint PPT Presentation
Citation preview
Membership in ASP.Net...if only
Presented by:Patrick Hynds President, CriticalSitesMicrosoft Regional Director
Agenda• Membership • Provider Model• Custom Providers
– SOA based membership example– Making a custom provider do what the
standard ones won’t (Demo)
• Membership API• Included Membership providers
– SQL Server (and SQL Express)– Active Directory (Windows)– Access (kind of…)
• Installs as a Visual Studio 2005 VSI template
• Custom Membership providers– Oracle– MySQL– SQLLite3– Others + whatever you write yourself…
Membership Service
Membership Service• Service for managing users and credentials
– Declarative access via Web Site Admin Tool– Programmatic access via Membership and
MembershipUser classes• Membership class provides base services• MembershipUser class represents users
and provides additional services• Provider-based for flexible data storage
Membership Service (cont.)• Vastly simplifies forms authentication
– Provides logic for validating user names and passwords, creating accounts, and more
– Provides data store for storing credentials, e-mail addresses, and other membership data
Membership Schema
Membership API
MembershipData
SQL Server OtherData Stores
Membership Providers
ActiveDirectory
Login LoginStatus LoginView Other
Controls
Membership MembershipUser
SqlMembershipProvider
ActiveDirectory-MembershipProvider
Other Providers
LoginView<asp:LoginView ID="LoginView1" Runat="server"> <AnonymousTemplate> <!-- Content seen by unauthenticated users --> </AnonymousTemplate> <LoggedInTemplate> <!-- Content seen by authenticated users --> </LoggedInTemplate> <RoleGroups> <asp:RoleGroup Roles="Administrators"> <ContentTemplate> <!-- Content seen by administrators --> </ContentTemplate> </asp:RoleGroup> ... </RoleGroups></asp:LoginView>
The Membership Class
• Provides static methods for performing key membership tasks– Creating and deleting users– Retrieving information about users– Generating random passwords– Validating logins
• Also includes read-only static properties for acquiring data about provider settings
The MembershipUser Class
• Represents individual users registered in the membership data store
• Includes numerous properties for getting and setting user info
• Includes methods for retrieving, changing, and resetting passwords
• Returned by Membership methods such as GetUser and CreateUser
Configuring the SQL Membership Provider
Provider Model• Enable new functionality in a transparent fashion• Enable extensibility for
– Web services– Browser based “Atlas” clients– Smart clients
• Application services as pluggable building blocks• Decoupled via configuration• Use structural classes for your own features
Provider ModelFeature Lifecycle
Feature Feature config.config.
Static Static feature feature classclass
Provider Provider instanceinstance
ss
Provider Configuration
• Membership providers support a number of configuration settings– How should passwords be stored (cleartext,
hashed, encrypted)?– Should password recovery be enabled?– Must each user have a unique e-mail address?
• Exposed as properties of provider class• Initialized from CONFIG files
public class QuotationsConfiguration : public class QuotationsConfiguration : ConfigurationSectionConfigurationSection{{ [ConfigurationProperty("providers")][ConfigurationProperty("providers")] public ProviderSettingsCollection Providerspublic ProviderSettingsCollection Providers {{ get;get; }}
[ConfigurationProperty("defaultProvider", [ConfigurationProperty("defaultProvider", DefaultValue = "StaticQuotationProvider")]DefaultValue = "StaticQuotationProvider")] public string DefaultProviderpublic string DefaultProvider {{ get;get; set;set; }}}}
Provider ModelFeature Configuration
When to Build a Provider• Physical 3-tier deployments
– May not allow web server to connect directly to SQL Server• Schema isn’t working for you• Your data isn’t in a supported format or repository• You need that killer feature that isn’t provided by
existing providers
Projecting MembershipDesign Issues
• Authenticating to the web service– Not all methods should be public
• Serialization of MembershipUser– Read-only properties don’t serialize
• WebMethod parameter constraints– Collection types and [out] parameters
• Selecting from multiple providers– Choosing a non-default provider
Projecting Membership3-Tier Flow
Web serverWeb server
Webservice Webservice providerprovider
Webservice serverWebservice server
.asmx .asmx MembershiMembership wrapperp wrapper
SQL SQL providerprovider
Application Application codecode
Projecting MembershipAuthenticated Flow
Internet Internet clientclient
ApplicatiApplicationon
Webservice serverWebservice server
.asmx .asmx MembershiMembership wrapperp wrapper
SQL SQL providerprovider
.asmx .asmx Formsuth Formsuth wrapperwrapper
““login”login”
Returns forms Returns forms ticketticket
pass ticket w/
pass ticket w/ each request
each requestValidateValidate
ticket and ticket and rolesroles
Creating a Custom Membership Provider
Summary • Rewrite or enhance features• Project current features onto other platforms
via web services or other methods• Use the provider infrastructure for your own
features• Don’t screw it up, you can always make life
worse – especially in security
ResourcesCustom Membership Providers• Oracle Provider
– Supports Membership, Roles and Personalization – Included in the PetShop sample– http://msdn.microsoft.com/library/default.asp?
url=/library/en-us/dnbda/html/bdasamppet4.asp• Access Database Provider
– Supports Membership, Roles and Personalization– Installs as a Visual Studio 2005 VSI template– http://msdn.microsoft.com/vstudio/eula.aspx?
id=96713a8e-b8d4-4d6e-bb8f-027e6c8e15d8
ResourcesCustom Membership Providers (cont.)• MySQL Provider
– Support for ASP.NET Membership and Roles– http://www.codeproject.com/aspnet/
MySQLMembershipProvider.asp• SQLLite3
– Supports Membership and Roles– http://www.eggheadcafe.com/articles/
20051119.asp