Role Management Role Management in .NETin .NET

Shree Shalini PusapatiCS 795

04/21/23 1

AgendaAgenda

Understanding Role Management

Membership Services

Login Control

Role Management Services

Demo

04/21/23 2

IntroductionIntroduction

04/21/23 3

Understanding Role ManagementUnderstanding Role Management

Roles give flexibility to manage permissions

Manage Authorization

Assigning users to Roles

Lets you create Access Rules

Rules independent of individual user

04/21/23 4

Role Management in .NETRole Management in .NET

Define Users – Membership Services

User Identification – Login Control

Define Roles & Assign Members to Roles – Role Management

04/21/23 5

Membership ServicesMembership Services

04/21/23 6

Membership ServicesMembership Services

Manages users and credentials◦Declarative access via WS Admin Tool◦Programmatic access via Membership API

Simplifies forms authentication◦Provides logic for validating user names and

passwords, creating users, and more◦Manages data store for credentials, e-mail

addresses, and other membership data

Provider-based for flexible data storage

04/21/23 7

Membership SchemaMembership Schema04/21/23

Membership API

MembershipData

ControlsLoginLoginLoginLogin LoginStatusLoginStatusLoginStatusLoginStatus LoginViewLoginViewLoginViewLoginView

Other MembershipOther MembershipProvidersProviders

Other MembershipOther MembershipProvidersProviders

Membership Providers

MembershipMembershipMembershipMembership MembershipUserMembershipUserMembershipUserMembershipUser

SqlMembershipProviderSqlMembershipProviderSqlMembershipProviderSqlMembershipProvider

OtherOtherControlsControls

OtherOtherControlsControls

SQL ServerSQL Server OtherOtherData StoresData Stores

SQL ServerSQL ServerExpressExpress

8

The Membership ClassThe Membership Class

Provides static methods for performing key membership tasks◦Creating and deleting users◦Retrieving information about users◦Generating random passwords◦Validating logins

Includes read-only static properties for acquiring data about provider settings

04/21/23 9

Key Membership MethodsKey Membership Methods

Name Description

CreateUser Adds a user to the membership data store

DeleteUser Removes a user from the membership data store

GeneratePassword Generates a random password of a specified length

GetAllUsersRetrieves a collection of MembershipUser objects

representing all currently registered users

GetUser Retrieves a MembershipUser object representing a user

UpdateUser Updates information for a specified user

ValidateUser Validates logins based on user names and passwords

Creating New UserCreating New User04/21/23

try { Membership.CreateUser ("Jeff", "imbatman!", "jeff@microsoft.com");}catch (MembershipCreateUserException e) { // Find out why CreateUser failed switch (e.StatusCode) {

case MembershipCreateStatus.DuplicateUsername: ... case MembershipCreateStatus.DuplicateEmail: ... case MembershipCreateStatus.InvalidPassword: ... default: ... }}

11

The MembershipUser ClassThe MembershipUser Class

Represents individual users registered in the membership data store

Includes numerous properties for getting and setting user info

Includes methods for retrieving, changing, and resetting passwords

Returned by Membership methods such as GetUser and CreateUser

04/21/23 12

Key MembershipUser MethodsKey MembershipUser Methods

Name Description

ChangePassword Changes user's password

ChangePassword-QuestionAndAnswer

Changes question and answer used for password

recovery

GetPassword* Retrieves a password

ResetPassword** Resets a password by setting it to a new random password

UnlockUser Restores suspended login privileges

* Works if Membership.EnablePasswordRetrieval is true** Works if Membership.EnablePasswordReset is true

Membership ProvidersMembership Providers

Membership is provider-based◦Provider provides interface between

Membership service and data store

Ships with one membership provider◦SqlMembershipProvider (SQL Server and SQL

Server Express)

Use custom providers for other Membership data stores

04/21/23 14

Configuring SqlMembershipProviderConfiguring SqlMembershipProvider

04/21/23

<membership defaultProvider="AspNetSqlMembershipProvider"> <providers> <add name="AspNetSqlMembershipProvider" connectionStringName="LocalSqlServer" enablePasswordRetrieval="[true|false]" enablePasswordReset="[true|false]" requiresQuestionAndAnswer="[true|false]" applicationName="/" requiresUniqueEmail="[true|false]" passwordFormat="[Clear|Encrypted|Hashed]" maxInvalidPasswordAttempts="5" passwordAttemptWindow="10" passwordStrengthRegularExpression="" minRequiredPasswordLength="7" minRequiredNonalphanumericCharacters="1" type="System.Web.Security.SqlMembershipProvider, System.Web, ..." /> </providers></membership>

15

Login ControlsLogin Controls

04/21/23 16

Login ControlsLogin Controls

Name Description

ChangePassword UI for changing passwords

CreateUserWizard UI for creating new user accounts

Login UI for entering and validating user names and passwords

LoginName Displays authenticated user names

LoginStatus UI for logging in and logging out

LoginView Displays different views based on login status and roles

PasswordRecovery UI for recovering forgotten passwords

The Login ControlThe Login Control

Standard UI for logging in users

Integrates with Membership service◦Calls ValidateUser automatically◦No-code validation and logins

Also works without Membership service

Incorporates RequiredFieldValidators

Highly customizable UI and behavior

04/21/23 18

Using the Login ControlUsing the Login Control

<html> <body> <form runat="server"> <asp:Login RunAt="server" /> </form> </body></html>

04/21/23 19

Customizing the Login ControlCustomizing the Login Control

<asp:Login ID="LoginControl" RunAt="server" CreateUserText="Create new account" CreateUserUrl="CreateUser.aspx" DisplayRememberMe="false" PasswordRecoveryText="Forgotten your password?" PasswordRecoveryUrl="RecoverPassword.aspx" LoginButtonText="Do It!" TitleText="Please Log In"/>

04/21/23 20

Login Control EventsLogin Control Events

Name Description

LoggingIn

Fired when the user clicks the Log In button. Purpose: to

Prevalidate login credentials (e.g., make sure e-mail

address is well-formed)

Authenticate

Fired when the user clicks the Log In button. Purpose: to

Authenticate the user by validating his or her

login credentials

LoggedIn Fired following a successful login

LoginError Fired when an attempted login fails

The LoginView ControlThe LoginView Control

Displays content differently to different users depending on:◦Whether user is authenticated◦If user is authenticated, the role memberships

he or she is assignedTemplate-driven

◦<AnonymousTemplate>◦<LoggedInTemplate>◦<RoleGroups> and <ContentTemplate>

04/21/23 22

Using LoginViewUsing LoginView

<asp:LoginView ID="LoginView1" Runat="server"> <AnonymousTemplate> <!-- Content seen by unauthenticated users --> </AnonymousTemplate> <LoggedInTemplate> <!-- Content seen by authenticated users --> </LoggedInTemplate> <RoleGroups> <asp:RoleGroup Roles="Administrators"> <ContentTemplate> <!-- Content seen by authenticated users who are administrators --> </ContentTemplate> </asp:RoleGroup> ... </RoleGroups></asp:LoginView>

04/21/23 23

The LoginName ControlThe LoginName Control

Displays authenticated user namesUse optional FormatString property to

control format of output

<asp:LoginView ID="LoginView1" Runat="server"> <AnonymousTemplate> You are not logged in </AnonymousTemplate> <LoggedInTemplate> <asp:LoginName ID="LoginName1" Runat="server" FormatString="You are logged in as {0}" /> </LoggedInTemplate></asp:LoginView>

04/21/23 24

The LoginStatus ControlThe LoginStatus Control

Displays links for logging in and out◦"Login" to unauthenticated users◦"Logout" to authenticated users

UI and logout behavior are customizable

<asp:LoginStatus ID="LoginStatus1" Runat="server" LogoutAction="Redirect" LogoutPageUrl="~/Default.aspx" />

04/21/23 25

LoginStatus PropertiesLoginStatus Properties

Name Description

LoginText Text displayed for login link (default="Login")

LogoutText Text displayed for logout link (default="Logout")

LoginImageUrl URL of image used for login link

LogoutActionAction to take following logout: Redirect,

RedirectToLoginPage, or Refresh (default)

LogOutPageUrl URL of page to go to following logout if LogoutAction="Redirect"

Role ManagementRole Management

04/21/23 27

Role Management ServiceRole Management Service

Role-based security in a box◦Declarative access via WS Admin Tool◦Programmatic access via Roles API

Simplifies adding role-based security to sites that employ forms authentication◦Maps users to roles on each request◦Provides data store for role information

Provider-based for flexible data storage

04/21/23 28

Role Management SchemaRole Management Schema

Roles API

Roles Data

SQL ServerSQL Server OtherOtherData StoresData Stores

ControlsLoginLoginLoginLogin LoginStatusLoginStatusLoginStatusLoginStatus LoginViewLoginViewLoginViewLoginView

Other Role ProvidersOther Role ProvidersOther Role ProvidersOther Role Providers

Role Providers

RolesRolesRolesRoles

SqlRoleProviderSqlRoleProviderSqlRoleProviderSqlRoleProvider

SQL ServerSQL ServerExpressExpress

OtherOtherControlsControls

OtherOtherControlsControls

04/21/23 29

The Roles ClassThe Roles Class

Gateway to the Role Management APIProvides static methods for performing

key role management tasks◦Creating and deleting roles◦Adding users to roles◦Removing users from roles and more

Includes read-only static properties for acquiring data about provider settings

04/21/23 30

Key Roles MethodsKey Roles Methods

Name Description

AddUserToRole Adds a user to a role

CreateRole Creates a new role

DeleteRole Deletes an existing role

GetRulesForUser Gets a collection of roles to which a user belongs

GetUsersInRole Gets a collection of users belonging to a specified role

IsUserInRole Indicates whether a user belongs to a specified role

RemoveUserFromRole Removes a user from the specified role

Creating a New RoleCreating a New Role

if (!Roles.RoleExists ("Developers")) { Roles.CreateRole ("Developers");}

04/21/23 32

Adding a User to a RoleAdding a User to a Role

string name = Membership.GetUser ().Username; // Get current userRoles.AddUserToRole (name, "Developers"); // Add current user to role

04/21/23 33

Enabling the Role ManagerEnabling the Role Manager

Role manager is disabled by defaultEnable it via Web.config:

<configuration> <system.web> <roleManager enabled="true" /> </system.web></configuration>

04/21/23 34

Configuring the Role ManagerConfiguring the Role Manager

<roleManager enabled="[true|false]" defaultProvider="AspNetSqlRoleProvider" createPersistentCookie="[true|false]" cacheRolesInCookie="[true|false]" cookieName=".ASPXROLES" cookieTimeout="00:30:00" cookiePath="/" cookieRequireSSL="[true|false]" cookieSlidingExpiration="[true|true]" cookieProtection="[None|Validation|Encryption|All]" domain="" maxCachedResults="25"> <providers> ... </providers></roleManager>

04/21/23 35

Role Management ProvidersRole Management Providers

Role management is provider-based

Ships with three role providers:◦AuthorizationStoreRoleProvider (Authorization

Manager, or "AzMan")◦SqlRoleProvider (SQL Server)◦WindowsTokenRoleProvider (Windows)

Use custom providers for other data stores

04/21/23 36

Configuring SqlRoleProviderConfiguring SqlRoleProvider

<roleManager defaultProvider="AspNetSqlRoleProvider" ...> <providers> <add applicationName="/" connectionStringName="LocalSqlServer" name="AspNetSqlRoleProvider" type="System.Web.Security.SqlRoleProvider, System.Web, ..." /> </providers></roleManager>

04/21/23 37

DemoDemo

04/21/23 38