Download presentation
Presentation is loading. Please wait.
1
Role Management in .net Vinay Dhareshwar
2
Agenda Introduction Membership Service Login Controls
Role Management Service 2
3
Role Based Security Most business applications require role- based security. Role management lets you create groups of users as a unit Roles give flexibility to change permissions and add and remove users. Each Web page in the Web application can be assigned a security level As you define more access rules for your application, roles become a more convenient way to apply the changes to groups of users. Most business applications require role-based security. The business owner of an application usually wants certain groups to have full control of all screens, other groups to have full control of a few screens, and another group to have read-only access to a few screens. Role management lets you treat groups of users as a unit by assigning users to roles such as manager, sales, member, and so on. (In Windows, you create roles by assigning users to groups such as Administrators, Power Users, and so on.) Even if your application has only a few users, you might still find it convenient to create roles. Roles give you flexibility to change permissions and add and remove users without having to make changes throughout the site. Each Web page in the Web application can be assigned a security level. This is done by specifying what role is required to access the page. The syntax in the web.config file is very straightforward. After you have established roles, you can create access rules in your application. For example, your site might include a set of pages that you want to display only to members. Similarly, you might want to show or hide a part of a page based on whether the current user is a manager. By using roles, you can establish these types of rules independent from individual application users. For example, you do not have to grant individual members of your site access to member-only pages. Instead, you can grant access to the role of member and then just add and remove users from that role as people sign up or let their memberships lapse. To work with roles, you must be able to identify users in your application so that you can determine whether the user is in a specific role. You can configure your application to establish user identity in two ways: Windows authentication and forms authentication. 3
4
Membership Service Manages users and credentials
Simplifies forms authentication Provider-based for flexible data storage Manages users and credentials Declarative access via WebSite Admin Tool Programmatic access via Membership API Simplifies forms authentication Provides logic for validating user names and passwords, creating users, and more Manages data store for credentials, addresses, and other membership data Provider-based for flexible data storage 4
5
SqlMembershipProvider
Membership Schema Controls Login LoginStatus LoginView Other Controls Membership API Membership MembershipUser Membership Providers SqlMembershipProvider Other Membership Providers Ships with one membership provider SqlMembershipProvider (SQL Server and SQL Server Express) Use custom providers for other Membership data stores Membership Data SQL Server SQL Server Express Other Data Stores 5
6
Key Membership Methods
Membership Class Provides static methods for performing key membership tasks Creating and deleting users Retrieving information about users Generating random passwords Validating logins Includes read-only static properties for acquiring data about provider settings
7
Creating New Users try {
Membership.CreateUser ("Jeff", "imbatman!", } catch (MembershipCreateUserException e) { // Find out why CreateUser failed switch (e.StatusCode) { case MembershipCreateStatus.DuplicateUsername: ... case MembershipCreateStatus.Duplicate case MembershipCreateStatus.InvalidPassword: default: Validating Users if (Membership.ValidateUser (UserName.Text, Password.Text)) FormsAuthentication.RedirectFromLoginPage (UserName.Text, RememberMe.Checked); 7
8
The MembershipUser Class
Represents individual users registered in the membership data store Returned by Membership methods such as GetUser and CreateUser Represents individual users registered in the membership data store Includes numerous properties for getting and setting user info Includes methods for retrieving, changing, and resetting passwords Returned by Membership methods such as GetUser and CreateUser 8
9
Key MembershipUser Methods
Works if Membership.EnablePasswordRetrieval is true ** Works if Membership.EnablePasswordReset is true Comment - Storage for user-defined data CreationDate - Date user was added to the membership data store - User's address LastLoginDate - Date user last logged in successfully LastPassword-ChangedDate - Date user's password was last changed ProviderUserKey - Unique user ID generated by membership provider UserName - User's registered user name
10
Configuring the Membership Service
<membership defaultProvider="AspNetSqlMembershipProvider" userIsOnlineTimeWindow = "00:15:00" hashAlgorithmType = "[SHA1|MD5]" > <providers> ... </providers> </membership> 10
11
Login Controls Standard UI for logging in users
Integrates with Membership service Calls ValidateUser automatically No-code validation and logins Also works without Membership service Incorporates RequiredFieldValidators
12
Using the Login Control
<html> <body> <form runat="server"> <asp:Login RunAt="server" /> </form> </body> </html> Login Control Events LogginIn Authenticate LoggedIn LoginError 12
13
The LoginView Control Displays content differently to different users depending on: Whether user is authenticated If user is authenticated, the role memberships he or she is assigned Template-driven <AnonymousTemplate> <LoggedInTemplate> <RoleGroups> and <ContentTemplate> 13
14
Using LoginView <asp:LoginView ID="LoginView1" Runat="server">
<AnonymousTemplate> <!-- Content seen by unauthenticated users --> </AnonymousTemplate> <LoggedInTemplate> <!-- Content seen by authenticated users --> </LoggedInTemplate> <RoleGroups> <asp:RoleGroup Roles="Administrators"> <ContentTemplate> <!-- Content seen by authenticated users who are administrators --> </ContentTemplate> </asp:RoleGroup> ... </RoleGroups> </asp:LoginView> Things inside LoggedInTemplate will be shown only if the user is logged in where AnonymousTemplate will be visible if the user is not logged in. 14
15
Role Management Service
Role-based security in a box Simplifies adding role-based security to sites that employ forms authentication Provider-based for flexible data storage Role-based security in a box Declarative access via WS Admin Tool Programmatic access via Roles API Simplifies adding role-based security to sites that employ forms authentication Maps users to roles on each request Provides data store for role information Provider-based for flexible data storage 15
16
Role Management Schema
Controls Login LoginStatus LoginView Other Controls Roles API Roles Role Providers SqlRoleProvider Other Role Providers Roles Data SQL Server SQL Server Express Other Data Stores 16
17
The Roles Class Provides static methods for performing key role management tasks Includes read-only static properties for acquiring data about provider settings Gateway to the Role Management API Creating and deleting roles Adding users to roles Removing users from roles and more 17
18
Key Roles Methods
19
Creating a New Role Adding a User to a Role
if (!Roles.RoleExists ("Developers")) { Roles.CreateRole ("Developers"); } Adding a User to a Role string name = Membership.GetUser ().Username; // Get current user Roles.AddUserToRole (name, "Developers"); // Add current user to role 19
20
Configuring the Role Manager
<roleManager enabled="[true|false]" defaultProvider="AspNetSqlRoleProvider" createPersistentCookie="[true|false]" cacheRolesInCookie="[true|false]" cookieName=".ASPXROLES" cookieTimeout="00:30:00" cookiePath="/" cookieRequireSSL="[true|false]" cookieSlidingExpiration="[true|true]" cookieProtection="[None|Validation|Encryption|All]" domain="" maxCachedResults="25" > <providers> ... </providers> </roleManager> Role manager is disabled by default Enable it via Web.config: 20
21
Role Management Providers
Role management is provider-based Ships with three role providers: AuthorizationStoreRoleProvider (Authorization Manager, or "AzMan") SqlRoleProvider (SQL Server) WindowsTokenRoleProvider (Windows) Use custom providers for other data stores 21
22
Configuring SqlRoleProvider
<roleManager defaultProvider="AspNetSqlRoleProvider" ...> <providers> <add applicationName="/" connectionStringName="LocalSqlServer" name="AspNetSqlRoleProvider" type="System.Web.Security.SqlRoleProvider, System.Web, ..." /> </providers> </roleManager> 22
23
Role Management 23
24
References sharpcorner.com/UploadFile/praveenalwar/PraveenAlwar AM/PraveenAlwar.aspx management.html trols_with_Roles_in_ASPNet_20.aspx 1365b-4c80-4e f12f59bf1d4/ASP.NET2.0MembershipLoginControlsandRoleMan agement.pdf 24
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.