Role Management in.NET Shree Shalini Pusapati CS /17/20151

Agenda Understanding Role Management Membership Services Login Control Role Management Services Demo 11/17/20152

Introduction 3

Understanding Role Management Roles give flexibility to manage permissions Manage Authorization Assigning users to Roles Lets you create Access Rules Rules independent of individual user 11/17/20154

Role Management in.NET Define Users – Membership Services User Identification – Login Control Define Roles & Assign Members to Roles – Role Management 11/17/20155

Membership Services 11/17/20156

Membership Services Manages users and credentials ◦Declarative access via WS Admin Tool ◦Programmatic access via Membership API Simplifies forms authentication ◦Provides logic for validating user names and passwords, creating users, and more ◦Manages data store for credentials, addresses, and other membership data Provider-based for flexible data storage 11/17/20157

Membership Schema 11/17/2015 Membership API Membership Data Controls LoginLoginLoginStatusLoginStatusLoginViewLoginView Other Membership Providers Providers Membership Providers MembershipMembershipMembershipUserMembershipUser SqlMembershipProviderSqlMembershipProvider OtherControlsOtherControls SQL Server Other Data Stores SQL Server Express 8

The Membership Class Provides static methods for performing key membership tasks ◦Creating and deleting users ◦Retrieving information about users ◦Generating random passwords ◦Validating logins Includes read-only static properties for acquiring data about provider settings 11/17/20159

Key Membership Methods NameDescription CreateUserAdds a user to the membership data store DeleteUser Removes a user from the membership data store GeneratePassword Generates a random password of a specified length GetAllUsers Retrieves a collection of MembershipUser objects representing all currently registered users GetUser Retrieves a MembershipUser object representing a user UpdateUserUpdates information for a specified user ValidateUser Validates logins based on user names and passwords

Creating New User 11/17/2015 try { Membership.CreateUser ("Jeff", "imbatman!", } catch (MembershipCreateUserException e) { // Find out why CreateUser failed switch (e.StatusCode) { case MembershipCreateStatus.DuplicateUsername:... case MembershipCreateStatus.Duplicate ... case MembershipCreateStatus.InvalidPassword:... default:... } 11

The MembershipUser Class Represents individual users registered in the membership data store Includes numerous properties for getting and setting user info Includes methods for retrieving, changing, and resetting passwords Returned by Membership methods such as GetUser and CreateUser 11/17/201512

Key MembershipUser Methods NameDescription ChangePasswordChanges user's password ChangePassword- QuestionAndAnswer Changes question and answer used for password recovery GetPassword* Retrieves a password ResetPassword** Resets a password by setting it to a new random password UnlockUser Restores suspended login privileges * Works if Membership.EnablePasswordRetrieval is true ** Works if Membership.EnablePasswordReset is true

Membership Providers Membership is provider-based ◦Provider provides interface between Membership service and data store Ships with one membership provider ◦SqlMembershipProvider (SQL Server and SQL Server Express) Use custom providers for other Membership data stores 11/17/201514

Configuring SqlMembershipProvider 11/17/2015 <add name="AspNetSqlMembershipProvider" connectionStringName="LocalSqlServer" enablePasswordRetrieval="[true|false]" enablePasswordReset="[true|false]" requiresQuestionAndAnswer="[true|false]" applicationName="/" requiresUnique ="[true|false]" passwordFormat="[Clear|Encrypted|Hashed]" maxInvalidPasswordAttempts="5" passwordAttemptWindow="10" passwordStrengthRegularExpression="" minRequiredPasswordLength="7" minRequiredNonalphanumericCharacters="1" type="System.Web.Security.SqlMembershipProvider, System.Web,..." /> 15

Login Controls 11/17/201516

Login Controls NameDescription ChangePassword UI for changing passwords CreateUserWizard UI for creating new user accounts Login UI for entering and validating user names and passwords LoginName Displays authenticated user names LoginStatus UI for logging in and logging out LoginView Displays different views based on login status and roles PasswordRecovery UI for recovering forgotten passwords

The Login Control Standard UI for logging in users Integrates with Membership service ◦Calls ValidateUser automatically ◦No-code validation and logins Also works without Membership service Incorporates RequiredFieldValidators Highly customizable UI and behavior 11/17/201518

Using the Login Control 11/17/201519

Customizing the Login Control <asp:Login ID="LoginControl" RunAt="server" CreateUserText="Create new account" CreateUserUrl="CreateUser.aspx" DisplayRememberMe="false" PasswordRecoveryText="Forgotten your password?" PasswordRecoveryUrl="RecoverPassword.aspx" LoginButtonText="Do It!" TitleText="Please Log In" /> 11/17/201520

Login Control Events NameDescription LoggingIn Fired when the user clicks the Log In button. Purpose: to Prevalidate login credentials (e.g., make sure address is well-formed) Authenticate Fired when the user clicks the Log In button. Purpose: to Authenticate the user by validating his or her login credentials LoggedIn Fired following a successful login LoginError Fired when an attempted login fails

The LoginView Control Displays content differently to different users depending on: ◦Whether user is authenticated ◦If user is authenticated, the role memberships he or she is assigned Template-driven ◦ ◦ and 11/17/201522

Using LoginView... 11/17/201523

The LoginName Control Displays authenticated user names Use optional FormatString property to control format of output You are not logged in <asp:LoginName ID="LoginName1" Runat="server" FormatString="You are logged in as {0}" /> 11/17/201524

The LoginStatus Control Displays links for logging in and out ◦"Login" to unauthenticated users ◦"Logout" to authenticated users UI and logout behavior are customizable <asp:LoginStatus ID="LoginStatus1" Runat="server" LogoutAction="Redirect" LogoutPageUrl="~/Default.aspx" /> 11/17/201525

LoginStatus Properties NameDescription LoginText Text displayed for login link (default="Login") LogoutText Text displayed for logout link (default="Logout") LoginImageUrl URL of image used for login link LogoutAction Action to take following logout: Redirect, RedirectToLoginPage, or Refresh (default) LogOutPageUrl URL of page to go to following logout if LogoutAction="Redirect"

Role Management 11/17/201527

Role Management Service Role-based security in a box ◦Declarative access via WS Admin Tool ◦Programmatic access via Roles API Simplifies adding role-based security to sites that employ forms authentication ◦Maps users to roles on each request ◦Provides data store for role information Provider-based for flexible data storage 11/17/201528

Role Management Schema Roles API Roles Data SQL Server Other Data Stores Controls LoginLoginLoginStatusLoginStatusLoginViewLoginView Other Role Providers Role Providers RolesRoles SqlRoleProviderSqlRoleProvider SQL Server Express OtherControlsOtherControls 11/17/201529

The Roles Class Gateway to the Role Management API Provides static methods for performing key role management tasks ◦Creating and deleting roles ◦Adding users to roles ◦Removing users from roles and more Includes read-only static properties for acquiring data about provider settings 11/17/201530

Key Roles Methods NameDescription AddUserToRoleAdds a user to a role CreateRoleCreates a new role DeleteRoleDeletes an existing role GetRulesForUser Gets a collection of roles to which a user belongs GetUsersInRole Gets a collection of users belonging to a specified role IsUserInRole Indicates whether a user belongs to a specified role RemoveUserFromRoleRemoves a user from the specified role

Creating a New Role if (!Roles.RoleExists ("Developers")) { Roles.CreateRole ("Developers"); } 11/17/201532

Adding a User to a Role string name = Membership.GetUser ().Username; // Get current user Roles.AddUserToRole (name, "Developers"); // Add current user to role 11/17/201533

Enabling the Role Manager Role manager is disabled by default Enable it via Web.config: 11/17/201534

Configuring the Role Manager <roleManager enabled="[true|false]" defaultProvider="AspNetSqlRoleProvider" createPersistentCookie="[true|false]" cacheRolesInCookie="[true|false]" cookieName=".ASPXROLES" cookieTimeout="00:30:00" cookiePath="/" cookieRequireSSL="[true|false]" cookieSlidingExpiration="[true|true]" cookieProtection="[None|Validation|Encryption|All]" domain="" maxCachedResults="25" >... 11/17/201535

Role Management Providers Role management is provider-based Ships with three role providers: ◦AuthorizationStoreRoleProvider (Authorization Manager, or "AzMan") ◦SqlRoleProvider (SQL Server) ◦WindowsTokenRoleProvider (Windows) Use custom providers for other data stores 11/17/201536

Configuring SqlRoleProvider <add applicationName="/" connectionStringName="LocalSqlServer" name="AspNetSqlRoleProvider" type="System.Web.Security.SqlRoleProvider, System.Web,..." /> 11/17/201537

Demo 11/17/201538