1 CS 3870/CS 5870: Note 11 Authentication and Authorization Membership Provider.

Slides:



Advertisements
Similar presentations
Forms Authentication, Users, Roles, Membership Ventsislav Popov Crossroad Ltd.
Advertisements

1 CS 3870/CS 5870: Lab4 Save with Invalid Price Keep Order After Updating.
Authenticating Users in an ASP.NET Application. Web Site Administration Tool From VS 2008, click Website/ ASP.Net Configuration to open Web Site Administration.
Website Security ISYS 512. Authentication Authentication is the process that determines the identity of a user. Web.config file – node Options: –Windows.
Web Site Security ISYS 512/812. Authentication Authentication is the process that determines the identity of a user. Web.config file – node Options: –Windows:
Microsoft ASP.NET Security Venkat Chilakala Support Professional Microsoft Corporation.
Building ASP.NET Applications 2 Lecture 3,4 T. Ahlam Algharasi 4 th Level.
ASP.NET 2.0 Chapter 6 Securing the ASP.NET Application.
Website Security ISYS 512. Cookies Data in Cookies System.Web Which web site set the cookie Expiration date –DateTime data type –TimeSpan data type One.
Christopher M. Pascucci Basic Structural Concepts of.NET Browser – Server Interaction.
Preview of ASP.NET 2.0 in Delphi Course #3182 Jim Tierney Principal Engineer - Borland.
Session 11: Security with ASP.NET
Forms Authentication, Users, Roles, Membership Svetlin Nakov Telerik Corporation
Chapter 13 – Advanced Topics Dr. Stephanos Mavromoustakos.
IT533 Lectures Security. Reasons for Security Prevent access to areas of your Web server Record and store secure relevant user data Security Configuration.
1.NET Web Forms Security Issues © 2002 by Jerry Post.
© FPT SOFTWARE – TRAINING MATERIAL – Internal use 04e-BM/NS/HDCV/FSOFT v2/3 Securing a Microsoft ASP.NET Web Application.
1 Web services and security ---discuss different ways to enforce security Presenter: Han, Xue.
.Net and Web Services Security CS795. Web Services A web application Does not have a user interface (as a traditional web application); instead, it exposes.
1 CS 3870/CS 5870 Note04 Session Variables and Post Back.
Effective Security in ASP.Net Applications Jatin Sharma: Summer 2005.
ASP.NET The Clock Project. The ASP.NET Clock Project The ASP.NET Clock Project is the topic of Chapter 23. By completing the clock project, you will learn.
1 CS 3870/CS 5870: Note 13 Lab 6 Authentication and Authorization Roles Management.
PROG Advanced Web Applications With.NET PROG Advanced Web Applications With.NET User Authentication & Authorization.
1 CS 3870/CS 5870: Note 07 Lab 3 Lab 4 Test 1: Two Tables.
Module 11: Securing a Microsoft ASP.NET Web Application.
Slide 1 ASP Authentication There are basically three authentication modes Windows Passport Forms There are others through WCF You choose an authentication.
Module 7: Creating a Microsoft ASP.NET Web Application.
What is Web Site Administration Tool ? WAT Allow you to Configure Web Site With Simple Interface –Manage Users –Manage Roles –Manage Access Rules.
Web Database Programming Week 7 Session Management & Authentication.
Cookies and Sessions IDIA 618 Fall 2014 Bridget M. Blodgett.
Role Management in.NET Shree Shalini Pusapati CS /17/20151.
1 CS 3870/CS 5870: Note05 Prog3 Web Application with Database.
MEMBERSHIP AND IDENTITY Active server pages (ASP.NET) 1 Chapter-4.
1 CS 3870/CS 5870: Note 20 Web Service. 2 What is Web Service? Providing functionality online to other applications, Web and Windows applications. The.
1 CS387/CS587: Note 08 Shopping Bag DataTable. 2 DataClass Public Shared Function NewShoppingBag() As Data.DataTable Dim bag As New Data.DataTable bag.Columns.Add("Product.
1 CS387/CS587: Note05 Lab 3. 2 Global.asax Must not be under any sub-folder Application_Start Application_End Application_Error Session_Start Session_End.
1 CS 3870/CS 5870: Note 12 Authentication and Authorization Membership Provider.
1.NET Web Forms ADO.NET Structure © 2002 by Jerry Post.
From “Control Panel”, launch “Programs and Features” then select “Turn Windows features on or off” Lab 2: Setup Lab Environment.
1 CS 3870/CS 5870: Note 16 Web User Controls. Prog 7 Copy Prog6 to Prog7 Modify all files for Prog7 Remove Web.config from sub-folders Make sure Prog7.
1 CS387/CS587: Note04 Lab 3. 2 Master Page All Web pages will be similar Should be created before other web pages Add New Items Controls on the Master.
So – You want to learn how to put an article onto the state website. (Note: If you have not done so, you will need to review the web training provided.
1 CS 3870/CS 5870: Note 13 Web Service. 2 What is Web Service? Providing functionality online to other Web applications SOAP Simple Object Access Protocol.
1 CS 3870/CS 5870: Note 14. Prog5 Due 10 PM Wednesday, Oct 21 Authentication and Authorization 2.
1 CS 3870/CS 5870: Note07 Prog 4. Master Pages Creating a master page based on another master page MainMasterPage –For all Progs and Tests Prog4MasterPage.
1 CS 3870/CS 5870: Note07 Prog 4. Master Pages Creating a master page based on another master page MainMasterPage –For all Progs and Tests Prog4MasterPage.
1 CS 3870/CS 5870: Note 12 Membership Class. 2 Logging in User Programmatically If Membership.ValidateUser(txtUserName.Text, txtPassword.Text) Then FormsAuthetication.RedirectFromLoginPage(...)
Security. Agenda ASP.NET security basics AuthenticationAuthorization Security principals Forms authentication Membership service Login controls Role Management.
Part 2.
Session 11: Cookies, Sessions ans Security iNET Academy Open Source Web Development.
Working with ASP.NET Controls What is ASP.NET Using server controls in your pages Allowing users to create their own accounts Creating a login page Letting.
ASP.NET Essentials State management, authentication, and Web Services Daniele Pagano Arizona State University.
Authentication and Authorization
CS 3870/CS 5870 Web Service.
Unit 7 Learning Objectives
Securing your ASP.NET Website
Agenda Introduction Security flow for a request Authentication
Web Application with Database
CS 3870/CS 5870 Web User Controls.
Authentication and Authorisation in ASP.Net
Session Variables and Post Back
CONTENT MANAGEMENT SYSTEM CSIR-NISCAIR, New Delhi
Jim Fawcett CSE686 – Internet Programming Summer 2005
Web Application with Dataase
CS 3870 Prog6 Roles Management Due Monday, November 5 Group Assignment.
CS 3870/CS 5870 Web User Controls Events (II).
CS 3870 Prog5 Shopping Bag.
Created by : Asst. Prof. Ashish Shah
Security - Forms Authentication
Presentation transcript:

1 CS 3870/CS 5870: Note 11 Authentication and Authorization Membership Provider

2 Lab 5 Copy folder Lab4 as Lab5 Modify Lab4MasterPage Name: Lab5MasterPage Text: Lab 5 TreeView: New root node NavigationURL of master page

3 Lab 5 Modify the Content Pages MasterPageFile (top line of the source file)

4 Lab 5 Modify the Session Variables Lab4_ to Lab5_ File Global Code file Aspx file

5 Lab 5 Make sure it’s working the same as Lab4

6 Format DetailsView on page Updating <asp:BoundField DataField="ProductID" HeaderText="ProductID" ItemStyle-HorizontalAlign="Center" ReadOnly="True" SortExpression="ProductID" /> <asp:BoundField DataField="UnitPrice" HeaderText="Unit Price" DataFormatString="{0:c}" HtmlEncode="False" >

7 Lab 5 Make sure it’s working after formatting

Make Delete Work on Updating Open Updating.aspx Click source Remove the following from DeleteParameters 8

9 Web.Config Machine.config –Machine level settings –Default settings for all Web applications Application Web.config –Under the application root directory –Apply to the entire application –Overwrite some settings set in Machine.config Local Web.config –A sub-folder can have its own Web.config file –Overwrite some settings set in higher level Web.config –Not every setting can be set in local Web.config AUTHENTICATION must be set in application Web.config AUTHORIZATION can be different for different sub-folders Page Directives –Apply to the page only –Overwrite settings set in Web.config

Machine.config on Xray C:\Windows\Microsoft.NET\Framework\v \Config <add name="AspNetSqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider, System.Web, Version= , Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" connectionStringName="LocalSqlServer" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="true" applicationName="/" requiresUnique ="false" passwordFormat="Hashed" maxInvalidPasswordAttempts="5" minRequiredPasswordLength="7" minRequiredNonalphanumericCharacters="1" passwordAttemptWindow="10" passwordStrengthRegularExpression=""/> 10

Machine.config on Xray C:\Windows\Microsoft.NET\Framework\v \Config <add name="LocalSqlServer" connectionString="data source=.\SQLEXPRESS;Integrated Security=SSPI;AttachDBFilename=|DataDirectory|aspnetdb.mdf; User Instance=true" providerName="System.Data.SqlClient"/> 11

12 Web.Config Application Configuration File under the main web site <forms name="formsAuth" loginUrl="lab5/login.aspx" path="/" requireSSL="false" slidingExpiration="true" protection="All" defaultUrl="~/Lab5/Default.aspx" timeout="1" cookieless="UseDeviceProfile" />

13 Authentication To identify the user Four Modes –Windows: IntraNet –Forms : Internet –Passport: MS –None

14 Forms Based Authentication –name : cookie's name –loginUrl : default is login.aspx –path : the location to save the cookie, default is / –protection: the amount of protection applied to the cookie Encryption Validation All (both, default) None –timeout : minutes (default 30) a durable cookie could be issued

15 Forms Based Authentication –defaultUrl: if the user requests the login.aspx page Otherwise, go to the requested page –requiresSSL : credential be sent over an encrypted wire (SSL) –slidingExpiration : timeout of the cookie is on a sliding scale –cookieless: UseDeviceProfile: default UseCookies: require to use cookies UseUri: force to store credential within Uri AutoDetect: sending a test cookie first

Authentication All pages are still accessible to the public 16

Form Login Create form Login under the root folder Add control Login from tab Login All pages are still accessible to the public 17

18 Authorization Application Configuration File under the main folder

No Page Accessible 19

20 Authorizatio n Application Configuration File under the main folder

All Pages Are Accessible Except those under folder Lab5 21

Control CreateUserWizard Add a form CreateUser.aspx under the main folder Add control CreateUserWizard Create one user –UserName: jim –Password: –Your –Your choices for others 22

Event ContinueButtonClick In CreateUser.aspx.vb Select CreateUserWizard1 Select event ContinueButtonClick Code Response.Redirect("Lab5/Login.aspx") 23

24 Authorization <allow users="[comma separated list of users]" roles="[comma separated list of roles]" verbs="[comma separated list of roles]"/> <deny users="[comma separated list of users]" roles="[comma separated list of roles]" verbs="[comma separated list of roles]"/> * : everyone ? : anonymous verbs: POST, GET, HEADER, DEBUG

Other Login Controls ChangePassword LoginName LoginStatus LoginView PasswordRecovery 25

Lab5MasterPage Add LoginName and LoginStatus 26

New Page Checkout Maintain a shopping bag for each session Add items into the shopping bag when shopping GridView to display all items in the shopping bag on checkout Clear the bag when checkout 27

Shopping Bag Your Choice –DataTable –ArrayList –New class –... Location –SQLDataClass –... 28

Shopping Bag Public Shared Function NewShoppingBag() As Data.DataTable Dim bag As New Data.DataTable bag.Columns.Add("Product ID") bag.Columns.Add("Product Name") bag.Columns.Add("Unit Price") bag.Columns.Add("Quantity") bag.Columns.Add("Cost") Dim PK() As Data.DataColumn = {bag.Columns(0)} bag.PrimaryKey = PK Return bag End Function 29

Global.vb Sub Session_Start(...)... ' For Lab5 Session("Lab5_Bag") = SQLDataClass.NewShoppingBag... End Sub 30

Page Shopping New Button “Add to Shopping Bag” Click Event Dim myBag As Data.DataTable = Session("Lab5_Bag") Dim row As Data.DataRow = myBag.NewRow row(0) = txtID.Text row(1) = txtName.Text row(2) = txtPrice.Text row(3) = txtQuanity.Text row(4) = txtSubTotal.Text Dim r As Data.DataRow = myBag.Rows.Find(row(0)) If Not r Is Nothing Then myBag.Rows.Remove(r) End If myBag.Rows.Add(row) 31

Page Checkout Protected Sub Page_Load(...) Handles Me.Load GridView1.DataSource = Session("Lab5_Bag") GridView1.DataBind() End Sub 32

Page Checkout Protected Sub Button1_Click(...) Handles Button1.Click ‘ End the current session ‘ will clear all session variables Session.Abandon() ' Logout of Membership FormsAuthentication.SignOut() ‘ Go to Login.aspx Response.Redirect(FormsAuthentication.LoginUrl) End Sub 33

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.