Membership, Role Manager and Profile Membership, Role Manager and Profile Matt Gibbs ASP.NET Development Manager.

Slides:



Advertisements
Similar presentations
Malek Kemmou Technology Architect, Application Platform Microsoft Middle East and Africa Overview of ASP.NET 2.0.
Advertisements

Implementing Tableau Server in an Enterprise Environment
Chapter Five Users, Groups, Profiles, and Policies.
Overview of User Set-up & Security. Administrator Functions Before adding new Users, we first need to define some User Security Settings To do this navigate.
Forms Authentication, Users, Roles, Membership Ventsislav Popov Crossroad Ltd.
Forms Authority Database Store Username and Passwords: ASP.NET framework allows you to control access to pages, classes, or methods based on username and.
Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.
Unit 5: Building Presentation Layer Applications with ASP.NET 2.0.
It’s always better live. MSDN Events Security Best Practices Part 2 of 2 Reducing Vulnerabilities using Visual Studio 2008.
ASP.NET Security MacDonald Ch. 18 MIS 424 MIS 424 Professor Sandvig Professor Sandvig.
Authenticating Users in an ASP.NET Application. Web Site Administration Tool From VS 2008, click Website/ ASP.Net Configuration to open Web Site Administration.
ASP.NET 2.0 Chapter 6 Securing the ASP.NET Application.
Jonas Thomsen, Ph.d. student Computer Science University of Aarhus Best Practices and Techniques for Building Secure Microsoft.
Enterprise Reporting with Reporting Services SQL Server 2005 Donald Farmer Group Program Manager Microsoft Corporation.
May 30 th – 31 st, 2006 Sheraton Ottawa. Microsoft Certificate Lifecycle Manager Saleem Kanji Technology Solutions Professional - Windows Server Microsoft.
CONFIGURING WINDOWS SERVER MIS 424 Professor Sandvig.
Delivering Excellence in Software Engineering ® EPAM Systems. All rights reserved. ASP.NET Authentication.
1 ASP.NET SECURITY Presenter: Van Nguyen. 2 Introduction Security is an integral part of any Web-based application. Understanding ASP.NET security will.
Edwin Sarmiento Microsoft MVP – Windows Server System Senior Systems Engineer/Database Administrator Fujitsu Asia Pte Ltd
Membership in ASP.Net...if only Presented by: Patrick Hynds President, CriticalSites Microsoft Regional Director.
Session 11: Security with ASP.NET
Forms Authentication, Users, Roles, Membership Svetlin Nakov Telerik Corporation
M i SMob i S Mob i Store - Mobile i nternet File Storage Platform Chetna Kaur.
1.NET Web Forms Security Issues © 2002 by Jerry Post.
Sagar Joshi Senior Security Consultant | ACE Team, Microsoft Information Security
1 © 2008 Avaya Inc. All rights reserved. IPOffice Configuration Service Emil Ratnam.
© FPT SOFTWARE – TRAINING MATERIAL – Internal use 04e-BM/NS/HDCV/FSOFT v2/3 Securing a Microsoft ASP.NET Web Application.
SSL, Single Sign On, and External Authentication Presented By Jeff Kelley April 12, 2005.
Sofia, Bulgaria | 9-10 October Developing Custom ASP.NET Providers For Membership And Role Manager Goksin Bakir Yage Ltd Microsoft Regional Director, MEA.
Goals One ASP.NET Membership story – Web APIs and Web Apps Profile. Extensibility allows for non SQL persistence model. Improve unit testability of.
Microsoft SharePoint Server 2010 for the Microsoft ASP.NET Developer Yaroslav Pentsarskyy
Module 5 Configuring Authentication. Module Overview Lesson 1: Understanding Classic SharePoint Authentication Providers Lesson 2: Understanding Federated.
Advanced Windows 8 Apps Using JavaScript Jump Start Exam Prep M5: Data, Files, and Encryption Michael Palermo Microsoft Technical Evangelist Jeremy.
Dr. Mustafa Cem Kasapbaşı Security in ASP.NET. Determining Security Requirements Restricted File Types.
Securing Your ASP.NET Application Presented by: Rob Bagby Developer Evangelist Microsoft ( )
SECURITY ISSUES. Introduction The.NET Framework includes a comprehensive set of security tools –Low-level classes and an overall framework –Managing code.
1 Chapter Overview Performing Configuration Tasks Setting Up Additional Features Performing Maintenance Tasks.
Empowering people-centric IT Unified device management Access and information protection Desktop Virtualization Hybrid Identity.
Module 11: Securing a Microsoft ASP.NET Web Application.
Slide 1 ASP Authentication There are basically three authentication modes Windows Passport Forms There are others through WCF You choose an authentication.
Module 7: Creating a Microsoft ASP.NET Web Application.
Module 2: Overview of IIS 7.0 Application Server.
Guide to MCSE , Second Edition, Enhanced1 The Windows XP Security Model User must logon with: Valid user ID Password User receives access token Access.
What is Web Site Administration Tool ? WAT Allow you to Configure Web Site With Simple Interface –Manage Users –Manage Roles –Manage Access Rules.
Windows Role-Based Access Control Longhorn Update
Role Management in.NET Shree Shalini Pusapati CS /17/20151.
SAURABH PANT PROGRAM MANAGER MICROSOFT CORPORATION Client Application Services in Orcas Authentication, Roles & Web Settings.
MEMBERSHIP AND IDENTITY Active server pages (ASP.NET) 1 Chapter-4.
GUDURU PRAVEEN REDDY.NET IMPERSONATION. Contents Introduction Impersonation Enabled Impersonation Disabled Impersonation Class Libraries Impersonation.
Asia Pacific SharePoint Conference 2007 May 15th to 16th, 2007 Hilton Hotel Sydney.
Copyright © 2006, Infinite Campus, Inc. All rights reserved. User Security Administration.
Web Content Management with MOSS 2007 Patrick Tisseghem
Security E-Learning Chapter 08. Security Control access to your web site –3 Techinques for Identifying users Giving users access to your site Securing.
Configuring and Deploying Web Applications Lesson 7.
A Lap Around New Enhancements for Web Developers in Visual Studio 2005 Alexander Holy Developer Evangelist, Microsoft EMEA
Personalizing Web Sites Nasrullah. Understanding Profile The ASP.NET application service that enables you to store and retrieve information about users.
Security. Agenda ASP.NET security basics AuthenticationAuthorization Security principals Forms authentication Membership service Login controls Role Management.
ASP.NET 2.0 Security Alex Mackman CM Group Ltd
Developing Custom ASP.NET Providers For Membership And Role Manager Stefan Schackow PRS404 Program Manager – Web Platform and Tools Microsoft Corporation.
ASP.NET Essentials State management, authentication, and Web Services Daniele Pagano Arizona State University.
Vinod Unny Enterprise InfoTech Microsoft Regional Director, North India
ASP.NET 2.0 Mohammed Abdelhadi Developer.NET Evangelist Microsoft Corporation.
Unit 7 Learning Objectives
Authentication and Authorisation in ASP.Net
Module Overview Installing and Configuring a Network Policy Server
Introduction to ASP.NET 2.0
Role Management in .net Vinay Dhareshwar.
Introduction to ASP.NET Parts 1 & 2
Mark Quirk Head of Technology Developer & Platform Group
Security - Forms Authentication
Presentation transcript:

Membership, Role Manager and Profile Membership, Role Manager and Profile Matt Gibbs ASP.NET Development Manager

Overview of Provider Model ASP.NET 2.0 Security Services –Membership (Authentication) –Role Manager (Authorization) ASP.NET 2.0 Personalization Features –Profile feature Summary Agenda

Provider Model Data Stores SQL Server 7 / 2000 / 2005 Active Directory Access User Defined Providers Microsoft Provider ImplementationsCustom Providers Public Feature API Calls Configured ProvidersProviders Communicate With Data Stores

ASP.NET 2.0 Security Services - Membership

Security Services - Membership Membership –Replaces complex authentication code –Solves common credential storage problem Secure Credential Storage Services –Hashed + random salt for user credentials –Eliminates complex security plumbing code Comprehensive user management –Creating Users / Credential Validation –Password maintenance

Login Controls No code needed Integrates seamlessly with security features –Controls change behavior based on configuration of security features Rapidly build out common security UI: –Login/Logout –Create new users –Password recovery / password maintenance Easily modify page display based on a user’s role

Membership Classes System.Web.Security Membership –Main entry point for programming with the Membership feature Validating credentials User Management Finding/Getting Users MembershipUser –Represents a user in Membership –Properties represent data about the user Username, , LastLoginDate, etc… MembershipProvider –Defines the required functionality for implementing the feature

Membership Security Can create users in a disabled state Password Question and Answer Membership tracks bad password and bad answer attempts Configurable thresholds for number of attempts and tracking time window Passwords are hashed by default Extensibility for encryption and password validation

Creating and Managing Users Create users w/ console app Validate user credentials demo

ASP.NET 2.0 Security Services – Role Manager

Security Services - Role Manager Role Manager –Solves common user-to-role mapping code –Replaces complex authorization code –Builds on ASP.NET 1.X Role APIs RolePrincipal class represents logged in user Not tied to Membership –Works great together, but… –Role Manager can be used separately

Enables the following two common AuthZ scenarios –Declaratively restrict access through web.config –Code-based authorization checks using User.IsInRole Role Manager <authorization> </authorization> User.IsInRole(rolename);

Role Manager Classes System.Web.Security Roles –Main entry point Create, Delete roles, etc.. IsUserInRole check RoleProvider –Defines the required functionality for the feature RolePrincipal & RoleManagerModule –Automatically associates roles with the current user –Supports role caching

Role Manager Create new roles Map users to roles Url Authorization Using role based security demo

Personalization Features

Profile Store custom data about each user –Access through friendly programming model –Eliminate complex data plumbing code Store user data indefinitely –SQL Server (or other) back-end Associates a user with data –Remember user settings and preferences –Build richer web sites

Web Parts Personalization Long-term persistent storage of control properties (e.g. long-lived viewstate) Data is stored on a per-user-per-page basis Personalization is a feature of Web Parts –Works with both User Controls and custom Server Controls

Profile

Defined completely in configuration –No custom code required Type-safe programming model –No dictionary key to remember - No casting Smart data retrieval –On-demand and Partitioned data retrieval Provider Model –Plug in your own data stores for extensibility ProfileModule –Loads & saves Profile data on each page request

Profile Configuration Configuration is central to the Profile feature

Profile Programming Model

Working with Profile Scalar property types, e.g. int Non-Scalar property types, e.g. Collections Custom types, e.g. System.Drawing.Color demo

Summary Membership – easy way to create, manage and validate users Role Manager – authorize users based on roles Profile – easily store and retrieve information for a user

Provider information + Access providers: Sample Code: Atlas, Profile Providers, etc..

Questions?

Advanced Scenarios Creating Profile data for new users Associating role data in CreateUserWizard Approving new users Controlling site navigation with roles demo

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.