1 CS 3870/CS 5870: Note 12 Authentication and Authorization Membership Provider.

Slides:



Advertisements
Similar presentations
Unit 02. ASP.NET Introduction HTML & Server controls Postbacks Page Lifecycle.
Advertisements

Forms Authentication, Users, Roles, Membership Ventsislav Popov Crossroad Ltd.
1 CS 3870/CS 5870: Lab4 Save with Invalid Price Keep Order After Updating.
Forms Authority Database Store Username and Passwords: ASP.NET framework allows you to control access to pages, classes, or methods based on username and.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation.
Authenticating Users in an ASP.NET Application. Web Site Administration Tool From VS 2008, click Website/ ASP.Net Configuration to open Web Site Administration.
Website Security ISYS 512. Authentication Authentication is the process that determines the identity of a user. Web.config file – node Options: –Windows.
Microsoft ASP.NET Security Venkat Chilakala Support Professional Microsoft Corporation.
Building ASP.NET Applications 2 Lecture 3,4 T. Ahlam Algharasi 4 th Level.
ASP.NET 2.0 Chapter 6 Securing the ASP.NET Application.
Website Security ISYS 512. Cookies Data in Cookies System.Web Which web site set the cookie Expiration date –DateTime data type –TimeSpan data type One.
1 CS 3870/CS 5870 Static and Dynamic Web Pages ASP.NET and IIS.
Session 11: Security with ASP.NET
1 CS 3870/CS 5870 Static and Dynamic Web Pages ASP.NET and IIS.
Forms Authentication, Users, Roles, Membership Svetlin Nakov Telerik Corporation
Chapter 13 – Advanced Topics Dr. Stephanos Mavromoustakos.
IT533 Lectures Security. Reasons for Security Prevent access to areas of your Web server Record and store secure relevant user data Security Configuration.
1.NET Web Forms Security Issues © 2002 by Jerry Post.
© FPT SOFTWARE – TRAINING MATERIAL – Internal use 04e-BM/NS/HDCV/FSOFT v2/3 Securing a Microsoft ASP.NET Web Application.
1 Web services and security ---discuss different ways to enforce security Presenter: Han, Xue.
.Net and Web Services Security CS795. Web Services A web application Does not have a user interface (as a traditional web application); instead, it exposes.
1 CS 3870/CS 5870: Note 11 Authentication and Authorization Membership Provider.
Dr. Mustafa Cem Kasapbaşı Security in ASP.NET. Determining Security Requirements Restricted File Types.
1 CS 3870/CS 5870 Note04 Session Variables and Post Back.
Effective Security in ASP.Net Applications Jatin Sharma: Summer 2005.
1 CS 3870/CS 5870: Note 13 Lab 6 Authentication and Authorization Roles Management.
PROG Advanced Web Applications With.NET PROG Advanced Web Applications With.NET User Authentication & Authorization.
1 CS 3870/CS 5870: Note 07 Lab 3 Lab 4 Test 1: Two Tables.
Module 11: Securing a Microsoft ASP.NET Web Application.
Slide 1 ASP Authentication There are basically three authentication modes Windows Passport Forms There are others through WCF You choose an authentication.
Module 7: Creating a Microsoft ASP.NET Web Application.
What is Web Site Administration Tool ? WAT Allow you to Configure Web Site With Simple Interface –Manage Users –Manage Roles –Manage Access Rules.
Web Database Programming Week 7 Session Management & Authentication.
Cookies and Sessions IDIA 618 Fall 2014 Bridget M. Blodgett.
Role Management in.NET Shree Shalini Pusapati CS /17/20151.
1 CS 3870/CS 5870: Note05 Prog3 Web Application with Database.
MEMBERSHIP AND IDENTITY Active server pages (ASP.NET) 1 Chapter-4.
1 CS 3870/CS 5870: Note 20 Web Service. 2 What is Web Service? Providing functionality online to other applications, Web and Windows applications. The.
1 CS387/CS587: Note 08 Shopping Bag DataTable. 2 DataClass Public Shared Function NewShoppingBag() As Data.DataTable Dim bag As New Data.DataTable bag.Columns.Add("Product.
1 CS387/CS587: Note05 Lab 3. 2 Global.asax Must not be under any sub-folder Application_Start Application_End Application_Error Session_Start Session_End.
From “Control Panel”, launch “Programs and Features” then select “Turn Windows features on or off” Lab 2: Setup Lab Environment.
1 CS 3870/CS 5870: Note 16 Web User Controls. Prog 7 Copy Prog6 to Prog7 Modify all files for Prog7 Remove Web.config from sub-folders Make sure Prog7.
1 CS387/CS587: Note04 Lab 3. 2 Master Page All Web pages will be similar Should be created before other web pages Add New Items Controls on the Master.
1 CS 3870/CS 5870: Note 13 Web Service. 2 What is Web Service? Providing functionality online to other Web applications SOAP Simple Object Access Protocol.
1 CS 3870/CS 5870: Note 14. Prog5 Due 10 PM Wednesday, Oct 21 Authentication and Authorization 2.
1 CS 3870/CS 5870: Note07 Prog 4. Master Pages Creating a master page based on another master page MainMasterPage –For all Progs and Tests Prog4MasterPage.
1 CS 3870/CS 5870: Note07 Prog 4. Master Pages Creating a master page based on another master page MainMasterPage –For all Progs and Tests Prog4MasterPage.
1 CS 3870/CS 5870: Note 12 Membership Class. 2 Logging in User Programmatically If Membership.ValidateUser(txtUserName.Text, txtPassword.Text) Then FormsAuthetication.RedirectFromLoginPage(...)
Security. Agenda ASP.NET security basics AuthenticationAuthorization Security principals Forms authentication Membership service Login controls Role Management.
Part 2.
Working with ASP.NET Controls What is ASP.NET Using server controls in your pages Allowing users to create their own accounts Creating a login page Letting.
Developer Exam Preparation Thom Robbins Bryan Soltis
ASP.NET Essentials State management, authentication, and Web Services Daniele Pagano Arizona State University.
Authentication and Authorization
CS 3870/CS 5870 Web Service.
Unit 7 Learning Objectives
Securing your ASP.NET Website
Agenda Introduction Security flow for a request Authentication
CS 3870/CS 5870 Web User Controls.
Authentication and Authorisation in ASP.Net
Session Variables and Post Back
CONTENT MANAGEMENT SYSTEM CSIR-NISCAIR, New Delhi
Jim Fawcett CSE686 – Internet Programming Summer 2005
Web Application with Dataase
ASP.NET Application Framework
CS 3870 Prog6 Roles Management Due Monday, November 5 Group Assignment.
CS 3870/CS 5870 Web User Controls Events (II).
CS 3870 Prog5 Shopping Bag.
Created by : Asst. Prof. Ashish Shah
Security - Forms Authentication
Presentation transcript:

1 CS 3870/CS 5870: Note 12 Authentication and Authorization Membership Provider

2 Prog 5 Copy folder Prog4 as Prog5 Modify Prog4MasterPage Name: Prog5MasterPage Text: Prog 5 TreeView: New root node NavigationURL of master page

3 Prog 5 Modify the Content Pages Reset the MasterPageFile (top line of the source file)

4 Prog 5 Modify the Session Variables Prog4_ to Prog5_ File Global Code file

5 Prog 5 Make sure it’s working the same as Prog4 before adding features for Prog5

6 Web.Config Machine.config –Machine level settings –Default settings for all Web applications Application Web.config –Under the application root directory –Apply to the entire application –Overwrite some settings set in Machine.config Local Web.config –A sub-folder can have its own Web.config file –Overwrite some settings set in higher level Web.config –Not every setting can be set in local Web.config AUTHENTICATION must be set in application Web.config AUTHORIZATION can be different for different sub-folders Page Directives –Apply to the page only –Overwrite settings set in Web.config

Machine.config on Xray C:\Windows\Microsoft.NET\Framework\v \Config <add name="AspNetSqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider, System.Web, Version= , Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" connectionStringName="LocalSqlServer" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="true" applicationName="/" requiresUnique ="false" passwordFormat="Hashed" maxInvalidPasswordAttempts="5" minRequiredPasswordLength="7" minRequiredNonalphanumericCharacters="1" passwordAttemptWindow="10" passwordStrengthRegularExpression=""/> 7

Machine.config on Xray C:\Windows\Microsoft.NET\Framework\v \Config <add name="LocalSqlServer" connectionString="data source=.\SQLEXPRESS;Integrated Security=SSPI;AttachDBFilename=|DataDirectory|aspnetdb.mdf; User Instance=true" providerName="System.Data.SqlClient"/> 8

9 Web.Config Application Configuration File under the main web site <forms name="formsAuth" loginUrl="login.aspx" path="/" requireSSL="false" slidingExpiration="true" protection="All" defaultUrl="~/Prog5/Default.aspx" timeout="1" cookieless="UseDeviceProfile" />

10 Authentication To identify the user Four Modes –Windows: IntraNet –Forms : Internet –Passport: MS –None

11 Forms Based Authentication –name : cookie's name –loginUrl : default is login.aspx –path : the location to save the cookie, default is / –protection: the amount of protection applied to the cookie Encryption Validation All (both, default) None –timeout : minutes (default 30) a durable cookie could be issued

12 Forms Based Authentication –defaultUrl: If the user requests the login.aspx page Otherwise, go to the requested page –requiresSSL : credential be sent over an encrypted wire (SSL) –slidingExpiration : timeout of the cookie is on a sliding scale –cookieless: UseDeviceProfile: default UseCookies: require to use cookies UseUri: force to store credential within Uri AutoDetect: sending a test cookie first

Authentication All pages are still accessible to the public After Authentication is set in config file

Form Login Create form Login under the root folder Add control Login from tab Login All pages are still accessible to the public 14

15 Authorization Web.config file under the main folder

No Page Accessible 16

17 Authorizatio n Web.config file under the main folder

All Pages Are Accessible Except those under folder Prog5 18

Control CreateUserWizard Add a form CreateUser.aspx under the main folder Add control CreateUserWizard Create one user –UserName: jim –Password: –Your –Your choices for others 19

Event ContinueButtonClick In CreateUser.aspx.vb Select CreateUserWizard1 Select event ContinueButtonClick Code Response.Redirect("Login.aspx") 20

21 Authorization <allow users="[comma separated list of users]" roles="[comma separated list of roles]" verbs="[comma separated list of roles]"/> <deny users="[comma separated list of users]" roles="[comma separated list of roles]" verbs="[comma separated list of roles]"/> * : everyone ? : anonymous verbs: POST, GET, HEADER, DEBUG

Other Login Controls ChangePassword LoginName LoginStatus LoginView PasswordRecovery 22

Prog5MasterPage Add LoginName and LoginStatus 23

Prog5MasterPage Partial Class Prog5_MasterPage Protected Sub LoginStatus1_LoggedOut(...) Handles LoginStatus1.LoggedOut Response.Redirect("~/Login.aspx") End Sub End Class 24

New Page Checkout Maintain a shopping bag for each session Add items into the shopping bag when shopping GridView to display all items in the shopping bag on checkout Clear the bag when checkout 25

Shopping Bag Your Choice –DataTable –ArrayList –New class –... Location –SQLDataClass –... 26

Shopping Bag Public Shared Function NewShoppingBag() As Data.DataTable Dim bag As New Data.DataTable bag.Columns.Add("Product ID") bag.Columns.Add("Product Name") bag.Columns.Add("Unit Price") bag.Columns.Add("Quantity") bag.Columns.Add("Cost") Dim PK() As Data.DataColumn = {bag.Columns(0)} bag.PrimaryKey = PK Return bag End Function 27

Global.vb Sub Session_Start(...)... ' For Prog5 Session("Prog5_Bag") = SQLDataClass.NewShoppingBag... End Sub 28

Page Shopping New Button “Add to Shopping Bag” Click Event Dim myBag As Data.DataTable = Session("Prog5_Bag") Dim row As Data.DataRow = myBag.NewRow row(0) = txtID.Text row(1) = txtName.Text row(2) = txtPrice.Text row(3) = txtQuanity.Text row(4) = txtSubTotal.Text Dim r As Data.DataRow = myBag.Rows.Find(row(0)) If Not r Is Nothing Then myBag.Rows.Remove(r) ‘ replace the old item End If myBag.Rows.Add(row) 29

Page Checkout Protected Sub Page_Load(...) Handles Me.Load GridView1.DataSource = Session("Prog5_Bag") GridView1.DataBind() End Sub 30

Page Checkout Protected Sub Button1_Click(...) Handles Button1.Click ‘ End the current session ‘ will clear all session variables Session.Abandon() ' Logout of Membership FormsAuthentication.SignOut() ‘ Go to Login.aspx Response.Redirect(FormsAuthentication.LoginUrl) End Sub 31

Schedule Thursday –Still have class –Do Prog5 and Project –Lab 206 Next Tuesday –Do Prog5 and Project –Lab 206 Lose 10 points if missing class without my permission 32

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.