Sofia, Bulgaria | 9-10 October Developing Custom ASP.NET Providers For Membership And Role Manager Goksin Bakir Yage Ltd Microsoft Regional Director, MEA

Sofia, Bulgaria | 9-10 OctoberSofia, Bulgaria | 9-10 October

Developing Custom ASP.NET Providers For Membership And

Role Manager

Developing Custom ASP.NET Providers For Membership And

Role Manager

Goksin Bakir

Yage Ltd

Microsoft Regional Director, MEA

Goksin Bakir

Yage Ltd

Microsoft Regional Director, MEA

Sofia, Bulgaria | 9-10 October

AgendaAgenda

● Provider Model

● Extensibility scenarios

● Projecting Membership via web services

● Role caching with SQL Server 2005

● Virtualizing applications

● Integrating Membership with custom data

● Provider Model

● Extensibility scenarios

● Projecting Membership via web services

● Role caching with SQL Server 2005

● Virtualizing applications

● Integrating Membership with custom data


● Membership service

● Membership API

● Membership providers

● Role Management service

● Roles class

● Role caching

● Role providers

● Membership service

● Membership API

● Membership providers

● Role Management service

● Roles class

● Role caching

● Role providers


Membership ServiceMembership Service

● Service for managing users and credentials

● Declarative access via Web Site Admin Tool

● Programmatic access via Membership and MembershipUser classes

● Membership class provides base services

● MembershipUser class represents users and provides additional services

● Provider-based for flexible data storage

● Service for managing users and credentials

● Declarative access via Web Site Admin Tool

● Programmatic access via Membership and MembershipUser classes

● Membership class provides base services

● MembershipUser class represents users and provides additional services



Membership SchemaMembership Schema

Membership API

MembershipData

Access OtherData Stores

ControlsLoginLogin LoginStatusLoginStatus LoginViewLoginView

AccessMembershipProviderAccessMembershipProvider Other MembershipProviders

Other MembershipProviders

Membership Providers

MembershipMembership MembershipUserMembershipUser

SqlMembershipProviderSqlMembershipProvider

SQL Server

Other LoginControls

Other LoginControls


The Membership ClassThe Membership Class

● Provides static methods for performing key membership tasks

● Creating and deleting users

● Retrieving information about users

● Generating random passwords

● Validating logins

● Also includes read-only static properties for acquiring data about provider settings

● Provides static methods for performing key membership tasks

● Creating and deleting users

● Retrieving information about users

● Generating random passwords

● Validating logins



The MembershipUser ClassThe MembershipUser Class

● Represents individual users registered in the membership data store

● Includes numerous properties for getting and setting user info

● Includes methods for retrieving, changing, and resetting passwords

● Returned by Membership methods such as GetUser and CreateUser

● Represents individual users registered in the membership data store

● Includes numerous properties for getting and setting user info

● Includes methods for retrieving, changing, and resetting passwords

● Returned by Membership methods such as GetUser and CreateUser


Provider ConfigurationProvider Configuration

● Membership providers support a number of configuration settings

● How should passwords be stored (cleartext, hashed, encrypted)?

● Should password recovery be enabled?

● Must each user have a unique e-mail address?

● Exposed as properties of provider class

● Initialized from CONFIG files

● Membership providers support a number of configuration settings

● How should passwords be stored (cleartext, hashed, encrypted)?

● Should password recovery be enabled?

● Must each user have a unique e-mail address?

● Exposed as properties of provider class

● Initialized from CONFIG files



Role Management ServiceRole Management Service

● Role-based security in a box● Declarative access via Web Site Admin Tool

● Programmatic access via Roles class

● Roles class contains static methods for creating roles, adding users to roles, etc.

● Maps users to roles on each request● Replaces Application_AuthenticateRequest


● Role-based security in a box● Declarative access via Web Site Admin Tool

● Programmatic access via Roles class

● Roles class contains static methods for creating roles, adding users to roles, etc.

● Maps users to roles on each request● Replaces Application_AuthenticateRequest



Role Management SchemaRole Management Schema

Roles API

Roles Data

AccessOther

Data Stores

Controls

LoginLogin LoginStatusLoginStatus LoginViewLoginView

AccessRoleProviderAccessRoleProvider Other Role ProvidersOther Role Providers

Role Providers

RolesRoles

SqlRoleProviderSqlRoleProvider

SQL Server

Other LoginControls

Other LoginControls


The Roles ClassThe Roles Class

● Gateway to the Role Management API

● Provides static methods for performing key role management tasks

● Creating and deleting roles

● Adding users to roles

● Removing users from roles and more


● Gateway to the Role Management API

● Provides static methods for performing key role management tasks

● Creating and deleting roles

● Adding users to roles

● Removing users from roles and more



Role CachingRole Caching

● Role manager caches roles data in cookies

● Fewer accesses to data store

● Better performance

● Controlled via <roleManager> attributes and programmatically exposed thru Roles class

● Should roles be cached in cookies?

● Should role cookies be encrypted?

● How long are role cookies valid?

● Role manager caches roles data in cookies

● Fewer accesses to data store

● Better performance

● Controlled via <roleManager> attributes and programmatically exposed thru Roles class

● Should roles be cached in cookies?

● Should role cookies be encrypted?

● How long are role cookies valid?


Role Management ProvidersRole Management Providers

● Role management is provider-based

● AccessRoleProvider (Access) * Removed

● AuthorizationStoreRoleProvider (AuthMan)

● SqlRoleProvider (SQL Server)

● WindowsTokenRoleProvider (Windows)

● Use custom providers for other data stores

● Role management is provider-based

● AccessRoleProvider (Access) * Removed

● AuthorizationStoreRoleProvider (AuthMan)

● SqlRoleProvider (SQL Server)

● WindowsTokenRoleProvider (Windows)

● Use custom providers for other data stores


Provider ModelProvider Model

● Enable new functionality in a transparent fashion

● Enable extensibility for● Web services

● Browser based “Atlas” clients

● Smart clients

● Application services as pluggable building blocks

● Decoupled via configuration

● Use structural classes for your own features

● Enable new functionality in a transparent fashion

● Enable extensibility for● Web services

● Browser based “Atlas” clients

● Smart clients

● Application services as pluggable building blocks

● Decoupled via configuration

● Use structural classes for your own features


Provider ModelFeature LifecycleProvider ModelFeature Lifecycle

Feature Feature config.config.

Static Static feature feature classclass

Provider Provider instancesinstances


public class QuotationsConfiguration : ConfigurationSectionpublic class QuotationsConfiguration : ConfigurationSection{{ [ConfigurationProperty("providers")][ConfigurationProperty("providers")] public ProviderSettingsCollection Providerspublic ProviderSettingsCollection Providers {{ get;get; }}

[ConfigurationProperty("defaultProvider", [ConfigurationProperty("defaultProvider", DefaultValue = "StaticQuotationProvider")]DefaultValue = "StaticQuotationProvider")] public string DefaultProviderpublic string DefaultProvider {{ get;get; set;set; }}}}

Provider ModelFeature Configuration


Provider ModelCreating Provider InstancesProvider ModelCreating Provider Instances

//Start with empty provider collection//Start with empty provider collectionproviderCollection = new QuotationsProviderCollection();providerCollection = new QuotationsProviderCollection();

//Helper class converts configuration information into//Helper class converts configuration information into//concrete providers//concrete providersProvidersHelper.InstantiateProviders(ProvidersHelper.InstantiateProviders( qc.Providers, //a ProviderSettingsCollectionqc.Providers, //a ProviderSettingsCollection providerCollection, providerCollection, typeof(QuotationsProvider));typeof(QuotationsProvider));

//Lock the provider collection//Lock the provider collectionproviderCollection.SetReadOnly();providerCollection.SetReadOnly();



Projecting MembershipProjecting Membership

● Physical 3-tier deployments

● May not allow web server to connect directly to Sql tier

● “Atlas” and smart clients

● Clients can only communicate over Http

● Need app services to work across the Internet

● Physical 3-tier deployments

● May not allow web server to connect directly to Sql tier

● “Atlas” and smart clients

● Clients can only communicate over Http

● Need app services to work across the Internet


Projecting MembershipDesign IssuesProjecting MembershipDesign Issues

● Authenticating to the web service

● Not all methods should be public

● Serialization of MembershipUser

● Read-only properties don’t serialize

● WebMethod parameter constraints

● Collection types and [out] parameters

● Selecting from multiple providers

● Choosing a non-default provider

● Authenticating to the web service

● Not all methods should be public

● Serialization of MembershipUser

● Read-only properties don’t serialize

● WebMethod parameter constraints

● Collection types and [out] parameters

● Selecting from multiple providers

● Choosing a non-default provider


Projecting Membership3-Tier FlowProjecting Membership3-Tier Flow

Web serverWeb server

Webservice Webservice providerprovider

Webservice serverWebservice server

.asmx .asmx Membership Membership

wrapperwrapper

SQL providerSQL provider

Application Application codecode


Projecting MembershipAuthenticated FlowProjecting MembershipAuthenticated Flow

Internet Internet clientclient

ApplicatiApplicationon

Webservice serverWebservice server

.asmx .asmx MembershiMembership wrapperp wrapper

SQL SQL providerprovider

.asmx .asmx Formsuth Formsuth wrapperwrapper

““login”login”

Returns forms Returns forms ticketticket

pass ticket w/

pass ticket w/

each request

each requestValidateValidate

ticket and ticket and rolesroles



Caching Role DataCaching Role Data

● Role Manager can cache user roles:

● Cookie caching (not enabled by default)

● Per-request in RolePrincipal

● RolePrincipal caching

● Results in at least one call to GetRolesForUser

● Stored internally with HybridDictionary

● Cookie caching limited to 4K of data

● Option for persistent cookie

● Role Manager can cache user roles:

● Cookie caching (not enabled by default)

● Per-request in RolePrincipal

● RolePrincipal caching

● Results in at least one call to GetRolesForUser

● Stored internally with HybridDictionary

● Cookie caching limited to 4K of data

● Option for persistent cookie


Caching Role DataCaching Role Data

● Cache role data using SQL Server 2005 query notifications

● Data is cached until SQL notifies you

● Good for clients that cannot use cookies

● Can handle apps with hundreds of roles

● Cache role data using SQL Server 2005 query notifications

● Data is cached until SQL notifies you

● Good for clients that cannot use cookies

● Can handle apps with hundreds of roles


Caching Role DataQuery Notification SpecificsCaching Role DataQuery Notification Specifics

● Need to change “SET QUOTED IDENTIFIER” in ASP.NET SQL scripts to “ON”● Then recompile stored procedures

● Custom provider must query ASP.NET tables directly● Cannot create notifications against SQL views

● Need to change “SET QUOTED IDENTIFIER” in ASP.NET SQL scripts to “ON”● Then recompile stored procedures

● Custom provider must query ASP.NET tables directly● Cannot create notifications against SQL views


Virtualized ApplicationsVirtualized Applications

● One physical ASP.NET application

● Multiple “virtual” applications

● Portal style applications

● DotNetNuke portal provisioning

● Self-registered forums and portals

● Sharepoint

● However providers are

● “Application-centric”

● Statically defined in configuration

● One physical ASP.NET application

● Multiple “virtual” applications

● Portal style applications

● DotNetNuke portal provisioning

● Self-registered forums and portals

● Sharepoint

● However providers are

● “Application-centric”

● Statically defined in configuration


Virtualized ApplicationsVirtualized Applications

● Override ApplicationName property

● Determine virtual application context dynamically (e.g. IHttpModule)

● Retrieve it in the override

● Cautionary Notes!

● Prevent auth ticket re-use across apps

● Don’t accidentally map roles in one virtual app to a user in a different virtual app

● Turn off cookie caching for roles

● Override ApplicationName property

● Determine virtual application context dynamically (e.g. IHttpModule)

● Retrieve it in the override

● Cautionary Notes!

● Prevent auth ticket re-use across apps

● Don’t accidentally map roles in one virtual app to a user in a different virtual app

● Turn off cookie caching for roles


Setting Application Context DynamicallySetting Application

Context Dynamically


Integrating Custom DataIntegrating Custom Data

● Need to integrate existing data

● Don’t want to write a provider from scratch

● May need to link to your own data

● What can “safely” be referenced?

● How do you handle transactions?

● How do you pass extra data along?

● Need to integrate existing data

● Don’t want to write a provider from scratch

● May need to link to your own data

● What can “safely” be referenced?

● How do you handle transactions?

● How do you pass extra data along?


Integrating Custom DataCustom Provider Design IssuesIntegrating Custom DataCustom Provider Design Issues

● Referential Integrity

● Foreign key to aspnet_Users table

● Use SQL views to lookup UserID

● Transactional Integrity

● Use the new ADO.NET 2.0 TransactionScope

● Custom Data

● Pass via HttpContext to CreateUser

● Extend MembershipUser for other cases

● Referential Integrity

● Foreign key to aspnet_Users table

● Use SQL views to lookup UserID

● Transactional Integrity

● Use the new ADO.NET 2.0 TransactionScope

● Custom Data

● Pass via HttpContext to CreateUser

● Extend MembershipUser for other cases


Summary Summary

● Rewrite or enhance features

● Plug-in rich functionality independently from the presentation tier

● Project current features onto other platforms via web services

● Use the provider infrastructure for your own features






Community ResourcesCommunity Resources

● INETA MEA !

● www.ineta.org

● mea.ineta.org

● INETA MEA !

● www.ineta.org

● mea.ineta.org


Community ResourcesProvider Links on the WebCommunity ResourcesProvider Links on the Web

● Access providers from Beta 1● Installs as a Visual Studio 2005 VSI template

● Includes full source for Membership, Role Manager, Profile and Web Parts Personalization providers

● Provider Toolkit● Extensive 120 page whitepaper

● Sample providers for all provider based features

● Both will be available athttp://msdn.microsoft.com/asp.net/beta2/providers/default.aspx

● Access providers from Beta 1● Installs as a Visual Studio 2005 VSI template

● Includes full source for Membership, Role Manager, Profile and Web Parts Personalization providers

● Provider Toolkit● Extensive 120 page whitepaper

● Sample providers for all provider based features

● Both will be available athttp://msdn.microsoft.com/asp.net/beta2/providers/default.aspx


Community ResourcesCommunity Resources

● INETA MEA !

● www.ineta.org

● mea.ineta.org

● Speaker as a resource

● [email protected]

● INETA MEA !

● www.ineta.org

● mea.ineta.org

● Speaker as a resource

● [email protected]


Summary Summary










Please fill out the survey forms!

They are the key to amazing prizes that you can get at the end of each day

Please fill out the survey forms!

They are the key to amazing prizes that you can get at the end of each day

Thank you!Thank you!


Documents

Sofia, Bulgaria | 9-10 October Developing Custom ASP.NET Providers For Membership And Role Manager Goksin Bakir Yage Ltd Microsoft Regional Director, MEA