Presentation is loading. Please wait.

Presentation is loading. Please wait.

Membership, Role Manager and Profile Membership, Role Manager and Profile Matt Gibbs ASP.NET Development Manager.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Membership, Role Manager and Profile Membership, Role Manager and Profile Matt Gibbs ASP.NET Development Manager."— Presentation transcript:

1 Membership, Role Manager and Profile Membership, Role Manager and Profile Matt Gibbs ASP.NET Development Manager

2 Overview of Provider Model ASP.NET 2.0 Security Services –Membership (Authentication) –Role Manager (Authorization) ASP.NET 2.0 Personalization Features –Profile feature Summary Agenda

3 Provider Model Data Stores SQL Server 7 / 2000 / 2005 Active Directory Access User Defined Providers Microsoft Provider ImplementationsCustom Providers Public Feature API Calls Configured ProvidersProviders Communicate With Data Stores

4 ASP.NET 2.0 Security Services - Membership

5 Security Services - Membership Membership –Replaces complex authentication code –Solves common credential storage problem Secure Credential Storage Services –Hashed + random salt for user credentials –Eliminates complex security plumbing code Comprehensive user management –Creating Users / Credential Validation –Password maintenance

6 Login Controls No code needed Integrates seamlessly with security features –Controls change behavior based on configuration of security features Rapidly build out common security UI: –Login/Logout –Create new users –Password recovery / password maintenance Easily modify page display based on a user’s role

7 Membership Classes System.Web.Security Membership –Main entry point for programming with the Membership feature Validating credentials User Management Finding/Getting Users MembershipUser –Represents a user in Membership –Properties represent data about the user Username, Email, LastLoginDate, etc… MembershipProvider –Defines the required functionality for implementing the feature

8 Membership Security Can create users in a disabled state Password Question and Answer Membership tracks bad password and bad answer attempts Configurable thresholds for number of attempts and tracking time window Passwords are hashed by default Extensibility for encryption and password validation

9 Creating and Managing Users Create users w/ console app Validate user credentials demo

10 ASP.NET 2.0 Security Services – Role Manager

11 Security Services - Role Manager Role Manager –Solves common user-to-role mapping code –Replaces complex authorization code –Builds on ASP.NET 1.X Role APIs RolePrincipal class represents logged in user Not tied to Membership –Works great together, but… –Role Manager can be used separately

12 Enables the following two common AuthZ scenarios –Declaratively restrict access through web.config –Code-based authorization checks using User.IsInRole Role Manager <authorization> </authorization> User.IsInRole(rolename);

13 Role Manager Classes System.Web.Security Roles –Main entry point Create, Delete roles, etc.. IsUserInRole check RoleProvider –Defines the required functionality for the feature RolePrincipal & RoleManagerModule –Automatically associates roles with the current user –Supports role caching

14 Role Manager Create new roles Map users to roles Url Authorization Using role based security demo

15 Personalization Features

16 Profile Store custom data about each user –Access through friendly programming model –Eliminate complex data plumbing code Store user data indefinitely –SQL Server (or other) back-end Associates a user with data –Remember user settings and preferences –Build richer web sites

17 Web Parts Personalization Long-term persistent storage of control properties (e.g. long-lived viewstate) Data is stored on a per-user-per-page basis Personalization is a feature of Web Parts –Works with both User Controls and custom Server Controls

18 Profile

19 Defined completely in configuration –No custom code required Type-safe programming model –No dictionary key to remember - No casting Smart data retrieval –On-demand and Partitioned data retrieval Provider Model –Plug in your own data stores for extensibility ProfileModule –Loads & saves Profile data on each page request

20 Profile Configuration Configuration is central to the Profile feature

21 Profile Programming Model

22 Working with Profile Scalar property types, e.g. int Non-Scalar property types, e.g. Collections Custom types, e.g. System.Drawing.Color demo

23 Summary Membership – easy way to create, manage and validate users Role Manager – authorize users based on roles Profile – easily store and retrieve information for a user

24 Provider information + Access providers: http://msdn.microsoft.com/asp.net/downloads/providers/ Sample Code: Atlas, Profile Providers, etc.. http://www.asp.net/default.aspx?tabindex=8&tabid=60

25 Questions?

26

27 Advanced Scenarios Creating Profile data for new users Associating role data in CreateUserWizard Approving new users Controlling site navigation with roles demo

Download ppt "Membership, Role Manager and Profile Membership, Role Manager and Profile Matt Gibbs ASP.NET Development Manager."

Similar presentations

Malek Kemmou Technology Architect, Application Platform Microsoft Middle East and Africa Overview of ASP.NET 2.0.

Malek Kemmou Technology Architect, Application Platform Microsoft Middle East and Africa Overview of ASP.NET 2.0.
Implementing Tableau Server in an Enterprise Environment

Implementing Tableau Server in an Enterprise Environment
Chapter Five Users, Groups, Profiles, and Policies.

Chapter Five Users, Groups, Profiles, and Policies.
Overview of User Set-up & Security. Administrator Functions Before adding new Users, we first need to define some User Security Settings To do this navigate.

Overview of User Set-up & Security. Administrator Functions Before adding new Users, we first need to define some User Security Settings To do this navigate.
Forms Authentication, Users, Roles, Membership Ventsislav Popov Crossroad Ltd.

Forms Authentication, Users, Roles, Membership Ventsislav Popov Crossroad Ltd.
Forms Authority Database Store Username and Passwords: ASP.NET framework allows you to control access to pages, classes, or methods based on username and.

Forms Authority Database Store Username and Passwords: ASP.NET framework allows you to control access to pages, classes, or methods based on username and.
Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.

Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.
Unit 5: Building Presentation Layer Applications with ASP.NET 2.0.

Unit 5: Building Presentation Layer Applications with ASP.NET 2.0.
It’s always better live. MSDN Events Security Best Practices Part 2 of 2 Reducing Vulnerabilities using Visual Studio 2008.

It’s always better live. MSDN Events Security Best Practices Part 2 of 2 Reducing Vulnerabilities using Visual Studio 2008.
ASP.NET Security MacDonald Ch. 18 MIS 424 MIS 424 Professor Sandvig Professor Sandvig.

ASP.NET Security MacDonald Ch. 18 MIS 424 MIS 424 Professor Sandvig Professor Sandvig.
Authenticating Users in an ASP.NET Application. Web Site Administration Tool From VS 2008, click Website/ ASP.Net Configuration to open Web Site Administration.

Authenticating Users in an ASP.NET Application. Web Site Administration Tool From VS 2008, click Website/ ASP.Net Configuration to open Web Site Administration.
ASP.NET 2.0 Chapter 6 Securing the ASP.NET Application.

ASP.NET 2.0 Chapter 6 Securing the ASP.NET Application.
Jonas Thomsen, Ph.d. student Computer Science University of Aarhus Best Practices and Techniques for Building Secure Microsoft.

Jonas Thomsen, Ph.d. student Computer Science University of Aarhus Best Practices and Techniques for Building Secure Microsoft.
Enterprise Reporting with Reporting Services SQL Server 2005 Donald Farmer Group Program Manager Microsoft Corporation.

Enterprise Reporting with Reporting Services SQL Server 2005 Donald Farmer Group Program Manager Microsoft Corporation.
May 30 th – 31 st, 2006 Sheraton Ottawa. Microsoft Certificate Lifecycle Manager Saleem Kanji Technology Solutions Professional - Windows Server Microsoft.

May 30 th – 31 st, 2006 Sheraton Ottawa. Microsoft Certificate Lifecycle Manager Saleem Kanji Technology Solutions Professional - Windows Server Microsoft.
CONFIGURING WINDOWS SERVER MIS 424 Professor Sandvig.

CONFIGURING WINDOWS SERVER MIS 424 Professor Sandvig.
Delivering Excellence in Software Engineering ® 2006. EPAM Systems. All rights reserved. ASP.NET Authentication.

Delivering Excellence in Software Engineering ® EPAM Systems. All rights reserved. ASP.NET Authentication.
1 ASP.NET SECURITY Presenter: Van Nguyen. 2 Introduction Security is an integral part of any Web-based application. Understanding ASP.NET security will.

1 ASP.NET SECURITY Presenter: Van Nguyen. 2 Introduction Security is an integral part of any Web-based application. Understanding ASP.NET security will.
Edwin Sarmiento Microsoft MVP – Windows Server System Senior Systems Engineer/Database Administrator Fujitsu Asia Pte Ltd

Edwin Sarmiento Microsoft MVP – Windows Server System Senior Systems Engineer/Database Administrator Fujitsu Asia Pte Ltd
Membership in ASP.Net...if only Presented by: Patrick Hynds President, CriticalSites Microsoft Regional Director.

Membership in ASP.Net...if only Presented by: Patrick Hynds President, CriticalSites Microsoft Regional Director.

Similar presentations

Ads by Google