Membership in ASP.Net...if only Presented by: Patrick Hynds President, CriticalSites Microsoft Regional Director

Agenda Membership Provider Model Custom Providers –SOA based membership example –Making a custom provider do what the standard ones won’t (Demo)

Membership API Included Membership providers –SQL Server (and SQL Express) –Active Directory (Windows) –Access (kind of…) Installs as a Visual Studio 2005 VSI template Custom Membership providers –Oracle –MySQL –SQLLite3 –Others + whatever you write yourself… Membership Service

Service for managing users and credentials –Declarative access via Web Site Admin Tool –Programmatic access via Membership and MembershipUser classes Membership class provides base services MembershipUser class represents users and provides additional services Provider-based for flexible data storage

Membership Service (cont.) Vastly simplifies forms authentication –Provides logic for validating user names and passwords, creating accounts, and more –Provides data store for storing credentials, e- mail addresses, and other membership data

Membership Schema Membership API Membership Data SQL Server Other Data Stores Membership Providers Active Directory LoginLoginStatusLoginViewOther Controls MembershipMembershipUser SqlMembershipProvider ActiveDirectory- MembershipProvider Other Providers

LoginView...

The Membership Class Provides static methods for performing key membership tasks –Creating and deleting users –Retrieving information about users –Generating random passwords –Validating logins Also includes read-only static properties for acquiring data about provider settings

The MembershipUser Class Represents individual users registered in the membership data store Includes numerous properties for getting and setting user info Includes methods for retrieving, changing, and resetting passwords Returned by Membership methods such as GetUser and CreateUser

Configuring the SQL Membership Provider

Provider Model Enable new functionality in a transparent fashion Enable extensibility for –Web services –Browser based “Atlas” clients –Smart clients Application services as pluggable building blocks Decoupled via configuration Use structural classes for your own features

Provider Model Feature Lifecycle Feature config. Static feature class Provider instances

Provider Configuration Membership providers support a number of configuration settings –How should passwords be stored (cleartext, hashed, encrypted)? –Should password recovery be enabled? –Must each user have a unique address? Exposed as properties of provider class Initialized from CONFIG files

public class QuotationsConfiguration : ConfigurationSection { [ConfigurationProperty("providers")] [ConfigurationProperty("providers")] public ProviderSettingsCollection Providers public ProviderSettingsCollection Providers { get; get; } [ConfigurationProperty("defaultProvider", [ConfigurationProperty("defaultProvider", DefaultValue = "StaticQuotationProvider")] DefaultValue = "StaticQuotationProvider")] public string DefaultProvider public string DefaultProvider { get; get; set; set; }} Provider Model Feature Configuration

When to Build a Provider Physical 3-tier deployments –May not allow web server to connect directly to SQL Server Schema isn’t working for you Your data isn’t in a supported format or repository You need that killer feature that isn’t provided by existing providers

Projecting Membership Design Issues Authenticating to the web service –Not all methods should be public Serialization of MembershipUser –Read-only properties don’t serialize WebMethod parameter constraints –Collection types and [out] parameters Selecting from multiple providers –Choosing a non-default provider

Projecting Membership 3-Tier Flow Web server Webservice provider Webservice server.asmx Membership wrapper SQL provider Application code

Projecting Membership Authenticated Flow Internet client Application Webservice server.asmx Membership wrapper SQL provider.asmx Formsuth wrapper “login” Returns forms ticket pass ticket w/ each request Validate ticket and roles

Creating a Custom Membership Provider

Summary Rewrite or enhance features Project current features onto other platforms via web services or other methods Use the provider infrastructure for your own features Don’t screw it up, you can always make life worse – especially in security

Resources Custom Membership Providers Oracle Provider –Supports Membership, Roles and Personalization –Included in the PetShop sample – url=/library/en-us/dnbda/html/bdasamppet4.asp Access Database Provider –Supports Membership, Roles and Personalization –Installs as a Visual Studio 2005 VSI template – a8e-b8d4-4d6e-bb8f-027e6c8e15d8

Resources Custom Membership Providers (cont.) MySQL Provider –Support for ASP.NET Membership and Roles – MySQLMembershipProvider.asp SQLLite3 –Supports Membership and Roles – asp