Upload
brent-richard
View
214
Download
0
Embed Size (px)
Citation preview
Sofia, Bulgaria | 9-10 OctoberSofia, Bulgaria | 9-10 October
Developing Custom ASP.NET Providers For Membership And
Role Manager
Developing Custom ASP.NET Providers For Membership And
Role Manager
Goksin Bakir
Yage Ltd
Microsoft Regional Director, MEA
Goksin Bakir
Yage Ltd
Microsoft Regional Director, MEA
Sofia, Bulgaria | 9-10 October
AgendaAgenda
● Provider Model
● Extensibility scenarios
● Projecting Membership via web services
● Role caching with SQL Server 2005
● Virtualizing applications
● Integrating Membership with custom data
● Provider Model
● Extensibility scenarios
● Projecting Membership via web services
● Role caching with SQL Server 2005
● Virtualizing applications
● Integrating Membership with custom data
Sofia, Bulgaria | 9-10 October
● Membership service
● Membership API
● Membership providers
● Role Management service
● Roles class
● Role caching
● Role providers
● Membership service
● Membership API
● Membership providers
● Role Management service
● Roles class
● Role caching
● Role providers
Sofia, Bulgaria | 9-10 October
Membership ServiceMembership Service
● Service for managing users and credentials
● Declarative access via Web Site Admin Tool
● Programmatic access via Membership and MembershipUser classes
● Membership class provides base services
● MembershipUser class represents users and provides additional services
● Provider-based for flexible data storage
● Service for managing users and credentials
● Declarative access via Web Site Admin Tool
● Programmatic access via Membership and MembershipUser classes
● Membership class provides base services
● MembershipUser class represents users and provides additional services
● Provider-based for flexible data storage
Sofia, Bulgaria | 9-10 October
Membership SchemaMembership Schema
Membership API
MembershipData
Access OtherData Stores
ControlsLoginLogin LoginStatusLoginStatus LoginViewLoginView
AccessMembershipProviderAccessMembershipProvider Other MembershipProviders
Other MembershipProviders
Membership Providers
MembershipMembership MembershipUserMembershipUser
SqlMembershipProviderSqlMembershipProvider
SQL Server
Other LoginControls
Other LoginControls
Sofia, Bulgaria | 9-10 October
The Membership ClassThe Membership Class
● Provides static methods for performing key membership tasks
● Creating and deleting users
● Retrieving information about users
● Generating random passwords
● Validating logins
● Also includes read-only static properties for acquiring data about provider settings
● Provides static methods for performing key membership tasks
● Creating and deleting users
● Retrieving information about users
● Generating random passwords
● Validating logins
● Also includes read-only static properties for acquiring data about provider settings
Sofia, Bulgaria | 9-10 October
The MembershipUser ClassThe MembershipUser Class
● Represents individual users registered in the membership data store
● Includes numerous properties for getting and setting user info
● Includes methods for retrieving, changing, and resetting passwords
● Returned by Membership methods such as GetUser and CreateUser
● Represents individual users registered in the membership data store
● Includes numerous properties for getting and setting user info
● Includes methods for retrieving, changing, and resetting passwords
● Returned by Membership methods such as GetUser and CreateUser
Sofia, Bulgaria | 9-10 October
Provider ConfigurationProvider Configuration
● Membership providers support a number of configuration settings
● How should passwords be stored (cleartext, hashed, encrypted)?
● Should password recovery be enabled?
● Must each user have a unique e-mail address?
● Exposed as properties of provider class
● Initialized from CONFIG files
● Membership providers support a number of configuration settings
● How should passwords be stored (cleartext, hashed, encrypted)?
● Should password recovery be enabled?
● Must each user have a unique e-mail address?
● Exposed as properties of provider class
● Initialized from CONFIG files
Sofia, Bulgaria | 9-10 October
Role Management ServiceRole Management Service
● Role-based security in a box● Declarative access via Web Site Admin Tool
● Programmatic access via Roles class
● Roles class contains static methods for creating roles, adding users to roles, etc.
● Maps users to roles on each request● Replaces Application_AuthenticateRequest
● Provider-based for flexible data storage
● Role-based security in a box● Declarative access via Web Site Admin Tool
● Programmatic access via Roles class
● Roles class contains static methods for creating roles, adding users to roles, etc.
● Maps users to roles on each request● Replaces Application_AuthenticateRequest
● Provider-based for flexible data storage
Sofia, Bulgaria | 9-10 October
Role Management SchemaRole Management Schema
Roles API
Roles Data
AccessOther
Data Stores
Controls
LoginLogin LoginStatusLoginStatus LoginViewLoginView
AccessRoleProviderAccessRoleProvider Other Role ProvidersOther Role Providers
Role Providers
RolesRoles
SqlRoleProviderSqlRoleProvider
SQL Server
Other LoginControls
Other LoginControls
Sofia, Bulgaria | 9-10 October
The Roles ClassThe Roles Class
● Gateway to the Role Management API
● Provides static methods for performing key role management tasks
● Creating and deleting roles
● Adding users to roles
● Removing users from roles and more
● Also includes read-only static properties for acquiring data about provider settings
● Gateway to the Role Management API
● Provides static methods for performing key role management tasks
● Creating and deleting roles
● Adding users to roles
● Removing users from roles and more
● Also includes read-only static properties for acquiring data about provider settings
Sofia, Bulgaria | 9-10 October
Role CachingRole Caching
● Role manager caches roles data in cookies
● Fewer accesses to data store
● Better performance
● Controlled via <roleManager> attributes and programmatically exposed thru Roles class
● Should roles be cached in cookies?
● Should role cookies be encrypted?
● How long are role cookies valid?
● Role manager caches roles data in cookies
● Fewer accesses to data store
● Better performance
● Controlled via <roleManager> attributes and programmatically exposed thru Roles class
● Should roles be cached in cookies?
● Should role cookies be encrypted?
● How long are role cookies valid?
Sofia, Bulgaria | 9-10 October
Role Management ProvidersRole Management Providers
● Role management is provider-based
● AccessRoleProvider (Access) * Removed
● AuthorizationStoreRoleProvider (AuthMan)
● SqlRoleProvider (SQL Server)
● WindowsTokenRoleProvider (Windows)
● Use custom providers for other data stores
● Role management is provider-based
● AccessRoleProvider (Access) * Removed
● AuthorizationStoreRoleProvider (AuthMan)
● SqlRoleProvider (SQL Server)
● WindowsTokenRoleProvider (Windows)
● Use custom providers for other data stores
Sofia, Bulgaria | 9-10 October
Provider ModelProvider Model
● Enable new functionality in a transparent fashion
● Enable extensibility for● Web services
● Browser based “Atlas” clients
● Smart clients
● Application services as pluggable building blocks
● Decoupled via configuration
● Use structural classes for your own features
● Enable new functionality in a transparent fashion
● Enable extensibility for● Web services
● Browser based “Atlas” clients
● Smart clients
● Application services as pluggable building blocks
● Decoupled via configuration
● Use structural classes for your own features
Sofia, Bulgaria | 9-10 October
Provider ModelFeature LifecycleProvider ModelFeature Lifecycle
Feature Feature config.config.
Static Static feature feature classclass
Provider Provider instancesinstances
Sofia, Bulgaria | 9-10 October
public class QuotationsConfiguration : ConfigurationSectionpublic class QuotationsConfiguration : ConfigurationSection{{ [ConfigurationProperty("providers")][ConfigurationProperty("providers")] public ProviderSettingsCollection Providerspublic ProviderSettingsCollection Providers {{ get;get; }}
[ConfigurationProperty("defaultProvider", [ConfigurationProperty("defaultProvider", DefaultValue = "StaticQuotationProvider")]DefaultValue = "StaticQuotationProvider")] public string DefaultProviderpublic string DefaultProvider {{ get;get; set;set; }}}}
Provider ModelFeature Configuration
Sofia, Bulgaria | 9-10 October
Provider ModelCreating Provider InstancesProvider ModelCreating Provider Instances
//Start with empty provider collection//Start with empty provider collectionproviderCollection = new QuotationsProviderCollection();providerCollection = new QuotationsProviderCollection();
//Helper class converts configuration information into//Helper class converts configuration information into//concrete providers//concrete providersProvidersHelper.InstantiateProviders(ProvidersHelper.InstantiateProviders( qc.Providers, //a ProviderSettingsCollectionqc.Providers, //a ProviderSettingsCollection providerCollection, providerCollection, typeof(QuotationsProvider));typeof(QuotationsProvider));
//Lock the provider collection//Lock the provider collectionproviderCollection.SetReadOnly();providerCollection.SetReadOnly();
Sofia, Bulgaria | 9-10 October
Projecting MembershipProjecting Membership
● Physical 3-tier deployments
● May not allow web server to connect directly to Sql tier
● “Atlas” and smart clients
● Clients can only communicate over Http
● Need app services to work across the Internet
● Physical 3-tier deployments
● May not allow web server to connect directly to Sql tier
● “Atlas” and smart clients
● Clients can only communicate over Http
● Need app services to work across the Internet
Sofia, Bulgaria | 9-10 October
Projecting MembershipDesign IssuesProjecting MembershipDesign Issues
● Authenticating to the web service
● Not all methods should be public
● Serialization of MembershipUser
● Read-only properties don’t serialize
● WebMethod parameter constraints
● Collection types and [out] parameters
● Selecting from multiple providers
● Choosing a non-default provider
● Authenticating to the web service
● Not all methods should be public
● Serialization of MembershipUser
● Read-only properties don’t serialize
● WebMethod parameter constraints
● Collection types and [out] parameters
● Selecting from multiple providers
● Choosing a non-default provider
Sofia, Bulgaria | 9-10 October
Projecting Membership3-Tier FlowProjecting Membership3-Tier Flow
Web serverWeb server
Webservice Webservice providerprovider
Webservice serverWebservice server
.asmx .asmx Membership Membership
wrapperwrapper
SQL providerSQL provider
Application Application codecode
Sofia, Bulgaria | 9-10 October
Projecting MembershipAuthenticated FlowProjecting MembershipAuthenticated Flow
Internet Internet clientclient
ApplicatiApplicationon
Webservice serverWebservice server
.asmx .asmx MembershiMembership wrapperp wrapper
SQL SQL providerprovider
.asmx .asmx Formsuth Formsuth wrapperwrapper
““login”login”
Returns forms Returns forms ticketticket
pass ticket w/
pass ticket w/
each request
each requestValidateValidate
ticket and ticket and rolesroles
Sofia, Bulgaria | 9-10 October
Caching Role DataCaching Role Data
● Role Manager can cache user roles:
● Cookie caching (not enabled by default)
● Per-request in RolePrincipal
● RolePrincipal caching
● Results in at least one call to GetRolesForUser
● Stored internally with HybridDictionary
● Cookie caching limited to 4K of data
● Option for persistent cookie
● Role Manager can cache user roles:
● Cookie caching (not enabled by default)
● Per-request in RolePrincipal
● RolePrincipal caching
● Results in at least one call to GetRolesForUser
● Stored internally with HybridDictionary
● Cookie caching limited to 4K of data
● Option for persistent cookie
Sofia, Bulgaria | 9-10 October
Caching Role DataCaching Role Data
● Cache role data using SQL Server 2005 query notifications
● Data is cached until SQL notifies you
● Good for clients that cannot use cookies
● Can handle apps with hundreds of roles
● Cache role data using SQL Server 2005 query notifications
● Data is cached until SQL notifies you
● Good for clients that cannot use cookies
● Can handle apps with hundreds of roles
Sofia, Bulgaria | 9-10 October
Caching Role DataQuery Notification SpecificsCaching Role DataQuery Notification Specifics
● Need to change “SET QUOTED IDENTIFIER” in ASP.NET SQL scripts to “ON”● Then recompile stored procedures
● Custom provider must query ASP.NET tables directly● Cannot create notifications against SQL views
● Need to change “SET QUOTED IDENTIFIER” in ASP.NET SQL scripts to “ON”● Then recompile stored procedures
● Custom provider must query ASP.NET tables directly● Cannot create notifications against SQL views
Sofia, Bulgaria | 9-10 October
Virtualized ApplicationsVirtualized Applications
● One physical ASP.NET application
● Multiple “virtual” applications
● Portal style applications
● DotNetNuke portal provisioning
● Self-registered forums and portals
● Sharepoint
● However providers are
● “Application-centric”
● Statically defined in configuration
● One physical ASP.NET application
● Multiple “virtual” applications
● Portal style applications
● DotNetNuke portal provisioning
● Self-registered forums and portals
● Sharepoint
● However providers are
● “Application-centric”
● Statically defined in configuration
Sofia, Bulgaria | 9-10 October
Virtualized ApplicationsVirtualized Applications
● Override ApplicationName property
● Determine virtual application context dynamically (e.g. IHttpModule)
● Retrieve it in the override
● Cautionary Notes!
● Prevent auth ticket re-use across apps
● Don’t accidentally map roles in one virtual app to a user in a different virtual app
● Turn off cookie caching for roles
● Override ApplicationName property
● Determine virtual application context dynamically (e.g. IHttpModule)
● Retrieve it in the override
● Cautionary Notes!
● Prevent auth ticket re-use across apps
● Don’t accidentally map roles in one virtual app to a user in a different virtual app
● Turn off cookie caching for roles
Sofia, Bulgaria | 9-10 OctoberSofia, Bulgaria | 9-10 October
Setting Application Context DynamicallySetting Application
Context Dynamically
Sofia, Bulgaria | 9-10 October
Integrating Custom DataIntegrating Custom Data
● Need to integrate existing data
● Don’t want to write a provider from scratch
● May need to link to your own data
● What can “safely” be referenced?
● How do you handle transactions?
● How do you pass extra data along?
● Need to integrate existing data
● Don’t want to write a provider from scratch
● May need to link to your own data
● What can “safely” be referenced?
● How do you handle transactions?
● How do you pass extra data along?
Sofia, Bulgaria | 9-10 October
Integrating Custom DataCustom Provider Design IssuesIntegrating Custom DataCustom Provider Design Issues
● Referential Integrity
● Foreign key to aspnet_Users table
● Use SQL views to lookup UserID
● Transactional Integrity
● Use the new ADO.NET 2.0 TransactionScope
● Custom Data
● Pass via HttpContext to CreateUser
● Extend MembershipUser for other cases
● Referential Integrity
● Foreign key to aspnet_Users table
● Use SQL views to lookup UserID
● Transactional Integrity
● Use the new ADO.NET 2.0 TransactionScope
● Custom Data
● Pass via HttpContext to CreateUser
● Extend MembershipUser for other cases
Sofia, Bulgaria | 9-10 October
Summary Summary
● Rewrite or enhance features
● Plug-in rich functionality independently from the presentation tier
● Project current features onto other platforms via web services
● Use the provider infrastructure for your own features
● Rewrite or enhance features
● Plug-in rich functionality independently from the presentation tier
● Project current features onto other platforms via web services
● Use the provider infrastructure for your own features
Sofia, Bulgaria | 9-10 October
Community ResourcesCommunity Resources
● INETA MEA !
● www.ineta.org
● mea.ineta.org
● INETA MEA !
● www.ineta.org
● mea.ineta.org
Sofia, Bulgaria | 9-10 October
Community ResourcesProvider Links on the WebCommunity ResourcesProvider Links on the Web
● Access providers from Beta 1● Installs as a Visual Studio 2005 VSI template
● Includes full source for Membership, Role Manager, Profile and Web Parts Personalization providers
● Provider Toolkit● Extensive 120 page whitepaper
● Sample providers for all provider based features
● Both will be available athttp://msdn.microsoft.com/asp.net/beta2/providers/default.aspx
● Access providers from Beta 1● Installs as a Visual Studio 2005 VSI template
● Includes full source for Membership, Role Manager, Profile and Web Parts Personalization providers
● Provider Toolkit● Extensive 120 page whitepaper
● Sample providers for all provider based features
● Both will be available athttp://msdn.microsoft.com/asp.net/beta2/providers/default.aspx
Sofia, Bulgaria | 9-10 October
Community ResourcesCommunity Resources
● INETA MEA !
● www.ineta.org
● mea.ineta.org
● Speaker as a resource
● INETA MEA !
● www.ineta.org
● mea.ineta.org
● Speaker as a resource
Sofia, Bulgaria | 9-10 October
Summary Summary
● Rewrite or enhance features
● Plug-in rich functionality independently from the presentation tier
● Project current features onto other platforms via web services
● Use the provider infrastructure for your own features
● Rewrite or enhance features
● Plug-in rich functionality independently from the presentation tier
● Project current features onto other platforms via web services
● Use the provider infrastructure for your own features
Sofia, Bulgaria | 9-10 OctoberSofia, Bulgaria | 9-10 October
Please fill out the survey forms!
They are the key to amazing prizes that you can get at the end of each day
Please fill out the survey forms!
They are the key to amazing prizes that you can get at the end of each day
Thank you!Thank you!