Sofia, Bulgaria | 9-10 October Developing Custom ASP.NET Providers For Membership And Role Manager Goksin Bakir Yage Ltd Microsoft Regional Director, MEA Goksin Bakir Yage Ltd Microsoft Regional Director, MEA
Sofia, Bulgaria | 9-10 October Agenda ●Provider Model ●Extensibility scenarios ●Projecting Membership via web services ●Role caching with SQL Server 2005 ●Virtualizing applications ●Integrating Membership with custom data ●Provider Model ●Extensibility scenarios ●Projecting Membership via web services ●Role caching with SQL Server 2005 ●Virtualizing applications ●Integrating Membership with custom data
Sofia, Bulgaria | 9-10 October ●Membership service ●Membership API ●Membership providers ●Role Management service ●Roles class ●Role caching ●Role providers ●Membership service ●Membership API ●Membership providers ●Role Management service ●Roles class ●Role caching ●Role providers
Sofia, Bulgaria | 9-10 October Membership Service ●Service for managing users and credentials ●Declarative access via Web Site Admin Tool ●Programmatic access via Membership and MembershipUser classes ●Membership class provides base services ●MembershipUser class represents users and provides additional services ●Provider-based for flexible data storage ●Service for managing users and credentials ●Declarative access via Web Site Admin Tool ●Programmatic access via Membership and MembershipUser classes ●Membership class provides base services ●MembershipUser class represents users and provides additional services ●Provider-based for flexible data storage
Sofia, Bulgaria | 9-10 October Membership Schema Membership API Membership Data Access Other Data Stores Controls Login LoginStatus LoginView AccessMembershipProvider Other Membership Providers Other Membership Providers Membership Providers Membership MembershipUser SqlMembershipProvider SQL Server Other Login Controls Other Login Controls
Sofia, Bulgaria | 9-10 October The Membership Class ●Provides static methods for performing key membership tasks ●Creating and deleting users ●Retrieving information about users ●Generating random passwords ●Validating logins ●Also includes read-only static properties for acquiring data about provider settings ●Provides static methods for performing key membership tasks ●Creating and deleting users ●Retrieving information about users ●Generating random passwords ●Validating logins ●Also includes read-only static properties for acquiring data about provider settings
Sofia, Bulgaria | 9-10 October The MembershipUser Class ●Represents individual users registered in the membership data store ●Includes numerous properties for getting and setting user info ●Includes methods for retrieving, changing, and resetting passwords ●Returned by Membership methods such as GetUser and CreateUser ●Represents individual users registered in the membership data store ●Includes numerous properties for getting and setting user info ●Includes methods for retrieving, changing, and resetting passwords ●Returned by Membership methods such as GetUser and CreateUser
Sofia, Bulgaria | 9-10 October Provider Configuration ●Membership providers support a number of configuration settings ●How should passwords be stored (cleartext, hashed, encrypted)? ●Should password recovery be enabled? ●Must each user have a unique address? ●Exposed as properties of provider class ●Initialized from CONFIG files ●Membership providers support a number of configuration settings ●How should passwords be stored (cleartext, hashed, encrypted)? ●Should password recovery be enabled? ●Must each user have a unique address? ●Exposed as properties of provider class ●Initialized from CONFIG files
Sofia, Bulgaria | 9-10 October
Role Management Service ●Role-based security in a box ●Declarative access via Web Site Admin Tool ●Programmatic access via Roles class ●Roles class contains static methods for creating roles, adding users to roles, etc. ●Maps users to roles on each request ●Replaces Application_AuthenticateRequest ●Provider-based for flexible data storage ●Role-based security in a box ●Declarative access via Web Site Admin Tool ●Programmatic access via Roles class ●Roles class contains static methods for creating roles, adding users to roles, etc. ●Maps users to roles on each request ●Replaces Application_AuthenticateRequest ●Provider-based for flexible data storage
Sofia, Bulgaria | 9-10 October Role Management Schema Roles API Roles Data Access Other Data Stores Controls Login LoginStatus LoginView AccessRoleProvider Other Role Providers Role Providers Roles SqlRoleProvider SQL Server Other Login Controls Other Login Controls
Sofia, Bulgaria | 9-10 October The Roles Class ●Gateway to the Role Management API ●Provides static methods for performing key role management tasks ●Creating and deleting roles ●Adding users to roles ●Removing users from roles and more ●Also includes read-only static properties for acquiring data about provider settings ●Gateway to the Role Management API ●Provides static methods for performing key role management tasks ●Creating and deleting roles ●Adding users to roles ●Removing users from roles and more ●Also includes read-only static properties for acquiring data about provider settings
Sofia, Bulgaria | 9-10 October Role Caching ●Role manager caches roles data in cookies ●Fewer accesses to data store ●Better performance ●Controlled via attributes and programmatically exposed thru Roles class ●Should roles be cached in cookies? ●Should role cookies be encrypted? ●How long are role cookies valid? ●Role manager caches roles data in cookies ●Fewer accesses to data store ●Better performance ●Controlled via attributes and programmatically exposed thru Roles class ●Should roles be cached in cookies? ●Should role cookies be encrypted? ●How long are role cookies valid?
Sofia, Bulgaria | 9-10 October Role Management Providers ●Role management is provider-based ●AccessRoleProvider (Access) * Removed ●AuthorizationStoreRoleProvider (AuthMan) ●SqlRoleProvider (SQL Server) ●WindowsTokenRoleProvider (Windows) ●Use custom providers for other data stores ●Role management is provider-based ●AccessRoleProvider (Access) * Removed ●AuthorizationStoreRoleProvider (AuthMan) ●SqlRoleProvider (SQL Server) ●WindowsTokenRoleProvider (Windows) ●Use custom providers for other data stores
Sofia, Bulgaria | 9-10 October Provider Model ●Enable new functionality in a transparent fashion ●Enable extensibility for ●Web services ●Browser based “Atlas” clients ●Smart clients ●Application services as pluggable building blocks ●Decoupled via configuration ●Use structural classes for your own features ●Enable new functionality in a transparent fashion ●Enable extensibility for ●Web services ●Browser based “Atlas” clients ●Smart clients ●Application services as pluggable building blocks ●Decoupled via configuration ●Use structural classes for your own features
Sofia, Bulgaria | 9-10 October Provider Model Feature Lifecycle Feature config. Static feature class Provider instances
Sofia, Bulgaria | 9-10 October public class QuotationsConfiguration : ConfigurationSection { [ConfigurationProperty("providers")] [ConfigurationProperty("providers")] public ProviderSettingsCollection Providers public ProviderSettingsCollection Providers { get; get; } [ConfigurationProperty("defaultProvider", [ConfigurationProperty("defaultProvider", DefaultValue = "StaticQuotationProvider")] DefaultValue = "StaticQuotationProvider")] public string DefaultProvider public string DefaultProvider { get; get; set; set; }} Provider Model Feature Configuration
Sofia, Bulgaria | 9-10 October Provider Model Creating Provider Instances //Start with empty provider collection providerCollection = new QuotationsProviderCollection(); //Helper class converts configuration information into //concrete providers ProvidersHelper.InstantiateProviders( qc.Providers, //a ProviderSettingsCollection qc.Providers, //a ProviderSettingsCollection providerCollection, providerCollection, typeof(QuotationsProvider)); typeof(QuotationsProvider)); //Lock the provider collection providerCollection.SetReadOnly();
Sofia, Bulgaria | 9-10 October
Projecting Membership ●Physical 3-tier deployments ●May not allow web server to connect directly to Sql tier ●“Atlas” and smart clients ●Clients can only communicate over Http ●Need app services to work across the Internet ●Physical 3-tier deployments ●May not allow web server to connect directly to Sql tier ●“Atlas” and smart clients ●Clients can only communicate over Http ●Need app services to work across the Internet
Sofia, Bulgaria | 9-10 October Projecting Membership Design Issues ●Authenticating to the web service ●Not all methods should be public ●Serialization of MembershipUser ●Read-only properties don’t serialize ●WebMethod parameter constraints ●Collection types and [out] parameters ●Selecting from multiple providers ●Choosing a non-default provider ●Authenticating to the web service ●Not all methods should be public ●Serialization of MembershipUser ●Read-only properties don’t serialize ●WebMethod parameter constraints ●Collection types and [out] parameters ●Selecting from multiple providers ●Choosing a non-default provider
Sofia, Bulgaria | 9-10 October Projecting Membership 3-Tier Flow Web server Webservice provider Webservice server.asmx Membership wrapper SQL provider Application code
Sofia, Bulgaria | 9-10 October Projecting Membership Authenticated Flow Internet client Applicatio n Webservice server.asmx Membership wrapper SQL provider.asmx Formsuth wrapper “login” Returns forms ticket pass ticket w/ each request Validate ticket and roles
Sofia, Bulgaria | 9-10 October
Caching Role Data ●Role Manager can cache user roles: ●Cookie caching (not enabled by default) ●Per-request in RolePrincipal ●RolePrincipal caching ●Results in at least one call to GetRolesForUser ●Stored internally with HybridDictionary ●Cookie caching limited to 4K of data ●Option for persistent cookie ●Role Manager can cache user roles: ●Cookie caching (not enabled by default) ●Per-request in RolePrincipal ●RolePrincipal caching ●Results in at least one call to GetRolesForUser ●Stored internally with HybridDictionary ●Cookie caching limited to 4K of data ●Option for persistent cookie
Sofia, Bulgaria | 9-10 October Caching Role Data ●Cache role data using SQL Server 2005 query notifications ●Data is cached until SQL notifies you ●Good for clients that cannot use cookies ●Can handle apps with hundreds of roles ●Cache role data using SQL Server 2005 query notifications ●Data is cached until SQL notifies you ●Good for clients that cannot use cookies ●Can handle apps with hundreds of roles
Sofia, Bulgaria | 9-10 October Caching Role Data Query Notification Specifics ●Need to change “SET QUOTED IDENTIFIER” in ASP.NET SQL scripts to “ON” ●Then recompile stored procedures ●Custom provider must query ASP.NET tables directly ●Cannot create notifications against SQL views ●Need to change “SET QUOTED IDENTIFIER” in ASP.NET SQL scripts to “ON” ●Then recompile stored procedures ●Custom provider must query ASP.NET tables directly ●Cannot create notifications against SQL views
Sofia, Bulgaria | 9-10 October
Virtualized Applications ●One physical ASP.NET application ●Multiple “virtual” applications ●Portal style applications ●DotNetNuke portal provisioning ●Self-registered forums and portals ●Sharepoint ●However providers are ●“Application-centric” ●Statically defined in configuration ●One physical ASP.NET application ●Multiple “virtual” applications ●Portal style applications ●DotNetNuke portal provisioning ●Self-registered forums and portals ●Sharepoint ●However providers are ●“Application-centric” ●Statically defined in configuration
Sofia, Bulgaria | 9-10 October Virtualized Applications ●Override ApplicationName property ●Determine virtual application context dynamically (e.g. IHttpModule) ●Retrieve it in the override ●Cautionary Notes! ●Prevent auth ticket re-use across apps ●Don’t accidentally map roles in one virtual app to a user in a different virtual app ●Turn off cookie caching for roles ●Override ApplicationName property ●Determine virtual application context dynamically (e.g. IHttpModule) ●Retrieve it in the override ●Cautionary Notes! ●Prevent auth ticket re-use across apps ●Don’t accidentally map roles in one virtual app to a user in a different virtual app ●Turn off cookie caching for roles
Sofia, Bulgaria | 9-10 October Setting Application Context Dynamically
Sofia, Bulgaria | 9-10 October Integrating Custom Data ●Need to integrate existing data ●Don’t want to write a provider from scratch ●May need to link to your own data ●What can “safely” be referenced? ●How do you handle transactions? ●How do you pass extra data along? ●Need to integrate existing data ●Don’t want to write a provider from scratch ●May need to link to your own data ●What can “safely” be referenced? ●How do you handle transactions? ●How do you pass extra data along?
Sofia, Bulgaria | 9-10 October Integrating Custom Data Custom Provider Design Issues ●Referential Integrity ●Foreign key to aspnet_Users table ●Use SQL views to lookup UserID ●Transactional Integrity ●Use the new ADO.NET 2.0 TransactionScope ●Custom Data ●Pass via HttpContext to CreateUser ●Extend MembershipUser for other cases ●Referential Integrity ●Foreign key to aspnet_Users table ●Use SQL views to lookup UserID ●Transactional Integrity ●Use the new ADO.NET 2.0 TransactionScope ●Custom Data ●Pass via HttpContext to CreateUser ●Extend MembershipUser for other cases
Sofia, Bulgaria | 9-10 October Integrating Membership w/ Custom Data
Sofia, Bulgaria | 9-10 October Summary ●Rewrite or enhance features ●Plug-in rich functionality independently from the presentation tier ●Project current features onto other platforms via web services ●Use the provider infrastructure for your own features ●Rewrite or enhance features ●Plug-in rich functionality independently from the presentation tier ●Project current features onto other platforms via web services ●Use the provider infrastructure for your own features
Sofia, Bulgaria | 9-10 October Community Resources ●INETA MEA ! ● ●mea.ineta.org ●INETA MEA ! ● ●mea.ineta.org
Sofia, Bulgaria | 9-10 October Community Resources Provider Links on the Web ●Access providers from Beta 1 ●Installs as a Visual Studio 2005 VSI template ●Includes full source for Membership, Role Manager, Profile and Web Parts Personalization providers ●Provider Toolkit ●Extensive 120 page whitepaper ●Sample providers for all provider based features ●Both will be available at ●Access providers from Beta 1 ●Installs as a Visual Studio 2005 VSI template ●Includes full source for Membership, Role Manager, Profile and Web Parts Personalization providers ●Provider Toolkit ●Extensive 120 page whitepaper ●Sample providers for all provider based features ●Both will be available at
Sofia, Bulgaria | 9-10 October Community Resources ●INETA MEA ! ● ●mea.ineta.org ●Speaker as a resource ●INETA MEA ! ● ●mea.ineta.org ●Speaker as a resource
Sofia, Bulgaria | 9-10 October Provider Model Appendix Patterns ●Strategy ●Provider base classes ●Factory Method ●System.Web.Configuration.ProvidersHelper ●Singleton Pattern ●Only one provider instance is instantiated ●Façade ●Feature classes like Membership, Roles, etc… ●Strategy ●Provider base classes ●Factory Method ●System.Web.Configuration.ProvidersHelper ●Singleton Pattern ●Only one provider instance is instantiated ●Façade ●Feature classes like Membership, Roles, etc…
Sofia, Bulgaria | 9-10 October Provider Model Appendix ●Provider Class Definition ●What is the pluggable aspect for the feature? ●Configuration ●Feature configuration ●Provider-specific configuration ●Common entry point class ●Triggers feature initialization ●Provider Class Definition ●What is the pluggable aspect for the feature? ●Configuration ●Feature configuration ●Provider-specific configuration ●Common entry point class ●Triggers feature initialization
Sofia, Bulgaria | 9-10 October Summary ●Rewrite or enhance features ●Plug-in rich functionality independently from the presentation tier ●Project current features onto other platforms via web services ●Use the provider infrastructure for your own features ●Rewrite or enhance features ●Plug-in rich functionality independently from the presentation tier ●Project current features onto other platforms via web services ●Use the provider infrastructure for your own features
Sofia, Bulgaria | 9-10 October Please fill out the survey forms! They are the key to amazing prizes that you can get at the end of each day Thank you!
Sofia, Bulgaria | 9-10 October