Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 CS 3870/CS 5870: Note 11 Authentication and Authorization Membership Provider.

Published byRosaline Shelton Modified over 9 years ago

Similar presentations

Presentation on theme: "1 CS 3870/CS 5870: Note 11 Authentication and Authorization Membership Provider."— Presentation transcript:

1 1 CS 3870/CS 5870: Note 11 Authentication and Authorization Membership Provider

2 2 Lab 5 Copy folder Lab4 as Lab5 Modify Lab4MasterPage Name: Lab5MasterPage Text: Lab 5 TreeView: New root node NavigationURL of master page

3 3 Lab 5 Modify the Content Pages MasterPageFile (top line of the source file)

4 4 Lab 5 Modify the Session Variables Lab4_ to Lab5_ File Global Code file Aspx file

5 5 Lab 5 Make sure it’s working the same as Lab4

6 6 Format DetailsView on page Updating <asp:BoundField DataField="ProductID" HeaderText="ProductID" ItemStyle-HorizontalAlign="Center" ReadOnly="True" SortExpression="ProductID" /> <asp:BoundField DataField="UnitPrice" HeaderText="Unit Price" DataFormatString="{0:c}" HtmlEncode="False" >

7 7 Lab 5 Make sure it’s working after formatting

8 Make Delete Work on Updating Open Updating.aspx Click source Remove the following from DeleteParameters 8

9 9 Web.Config Machine.config –Machine level settings –Default settings for all Web applications Application Web.config –Under the application root directory –Apply to the entire application –Overwrite some settings set in Machine.config Local Web.config –A sub-folder can have its own Web.config file –Overwrite some settings set in higher level Web.config –Not every setting can be set in local Web.config AUTHENTICATION must be set in application Web.config AUTHORIZATION can be different for different sub-folders Page Directives –Apply to the page only –Overwrite settings set in Web.config

10 Machine.config on Xray C:\Windows\Microsoft.NET\Framework\v4.0.30319\Config <add name="AspNetSqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider, System.Web, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" connectionStringName="LocalSqlServer" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="true" applicationName="/" requiresUniqueEmail="false" passwordFormat="Hashed" maxInvalidPasswordAttempts="5" minRequiredPasswordLength="7" minRequiredNonalphanumericCharacters="1" passwordAttemptWindow="10" passwordStrengthRegularExpression=""/> 10

11 Machine.config on Xray C:\Windows\Microsoft.NET\Framework\v4.0.30319\Config <add name="LocalSqlServer" connectionString="data source=.\SQLEXPRESS;Integrated Security=SSPI;AttachDBFilename=|DataDirectory|aspnetdb.mdf; User Instance=true" providerName="System.Data.SqlClient"/> 11

12 12 Web.Config Application Configuration File under the main web site <forms name="formsAuth" loginUrl="lab5/login.aspx" path="/" requireSSL="false" slidingExpiration="true" protection="All" defaultUrl="~/Lab5/Default.aspx" timeout="1" cookieless="UseDeviceProfile" />

13 13 Authentication To identify the user Four Modes –Windows: IntraNet –Forms : Internet –Passport: MS –None

14 14 Forms Based Authentication –name : cookie's name –loginUrl : default is login.aspx –path : the location to save the cookie, default is / –protection: the amount of protection applied to the cookie Encryption Validation All (both, default) None –timeout : minutes (default 30) a durable cookie could be issued

15 15 Forms Based Authentication –defaultUrl: if the user requests the login.aspx page Otherwise, go to the requested page –requiresSSL : credential be sent over an encrypted wire (SSL) –slidingExpiration : timeout of the cookie is on a sliding scale –cookieless: UseDeviceProfile: default UseCookies: require to use cookies UseUri: force to store credential within Uri AutoDetect: sending a test cookie first

16 Authentication All pages are still accessible to the public 16

17 Form Login Create form Login under the root folder Add control Login from tab Login All pages are still accessible to the public 17

18 18 Authorization Application Configuration File under the main folder

19 No Page Accessible 19

20 20 Authorizatio n Application Configuration File under the main folder

21 All Pages Are Accessible Except those under folder Lab5 21

22 Control CreateUserWizard Add a form CreateUser.aspx under the main folder Add control CreateUserWizard Create one user –UserName: jim –Password: cs3870@UWP –Your email –Your choices for others 22

23 Event ContinueButtonClick In CreateUser.aspx.vb Select CreateUserWizard1 Select event ContinueButtonClick Code Response.Redirect("Lab5/Login.aspx") 23

24 24 Authorization <allow users="[comma separated list of users]" roles="[comma separated list of roles]" verbs="[comma separated list of roles]"/> <deny users="[comma separated list of users]" roles="[comma separated list of roles]" verbs="[comma separated list of roles]"/> * : everyone ? : anonymous verbs: POST, GET, HEADER, DEBUG

25 Other Login Controls ChangePassword LoginName LoginStatus LoginView PasswordRecovery 25

26 Lab5MasterPage Add LoginName and LoginStatus 26

27 New Page Checkout Maintain a shopping bag for each session Add items into the shopping bag when shopping GridView to display all items in the shopping bag on checkout Clear the bag when checkout 27

28 Shopping Bag Your Choice –DataTable –ArrayList –New class –... Location –SQLDataClass –... 28

29 Shopping Bag Public Shared Function NewShoppingBag() As Data.DataTable Dim bag As New Data.DataTable bag.Columns.Add("Product ID") bag.Columns.Add("Product Name") bag.Columns.Add("Unit Price") bag.Columns.Add("Quantity") bag.Columns.Add("Cost") Dim PK() As Data.DataColumn = {bag.Columns(0)} bag.PrimaryKey = PK Return bag End Function 29

30 Global.vb Sub Session_Start(...)... ' For Lab5 Session("Lab5_Bag") = SQLDataClass.NewShoppingBag... End Sub 30

31 Page Shopping New Button “Add to Shopping Bag” Click Event Dim myBag As Data.DataTable = Session("Lab5_Bag") Dim row As Data.DataRow = myBag.NewRow row(0) = txtID.Text row(1) = txtName.Text row(2) = txtPrice.Text row(3) = txtQuanity.Text row(4) = txtSubTotal.Text Dim r As Data.DataRow = myBag.Rows.Find(row(0)) If Not r Is Nothing Then myBag.Rows.Remove(r) End If myBag.Rows.Add(row) 31

32 Page Checkout Protected Sub Page_Load(...) Handles Me.Load GridView1.DataSource = Session("Lab5_Bag") GridView1.DataBind() End Sub 32

33 Page Checkout Protected Sub Button1_Click(...) Handles Button1.Click ‘ End the current session ‘ will clear all session variables Session.Abandon() ' Logout of Membership FormsAuthentication.SignOut() ‘ Go to Login.aspx Response.Redirect(FormsAuthentication.LoginUrl) End Sub 33

Download ppt "1 CS 3870/CS 5870: Note 11 Authentication and Authorization Membership Provider."

Similar presentations

Forms Authentication, Users, Roles, Membership Ventsislav Popov Crossroad Ltd.

Forms Authentication, Users, Roles, Membership Ventsislav Popov Crossroad Ltd.
1 CS 3870/CS 5870: Lab4 Save with Invalid Price Keep Order After Updating.

1 CS 3870/CS 5870: Lab4 Save with Invalid Price Keep Order After Updating.
Authenticating Users in an ASP.NET Application. Web Site Administration Tool From VS 2008, click Website/ ASP.Net Configuration to open Web Site Administration.

Authenticating Users in an ASP.NET Application. Web Site Administration Tool From VS 2008, click Website/ ASP.Net Configuration to open Web Site Administration.
Website Security ISYS 512. Authentication Authentication is the process that determines the identity of a user. Web.config file – node Options: –Windows.

Website Security ISYS 512. Authentication Authentication is the process that determines the identity of a user. Web.config file – node Options: –Windows.
Web Site Security ISYS 512/812. Authentication Authentication is the process that determines the identity of a user. Web.config file – node Options: –Windows:

Web Site Security ISYS 512/812. Authentication Authentication is the process that determines the identity of a user. Web.config file – node Options: –Windows:
Microsoft ASP.NET Security Venkat Chilakala Support Professional Microsoft Corporation.

Microsoft ASP.NET Security Venkat Chilakala Support Professional Microsoft Corporation.
Building ASP.NET Applications 2 Lecture 3,4 T. Ahlam Algharasi 4 th Level.

Building ASP.NET Applications 2 Lecture 3,4 T. Ahlam Algharasi 4 th Level.
ASP.NET 2.0 Chapter 6 Securing the ASP.NET Application.

ASP.NET 2.0 Chapter 6 Securing the ASP.NET Application.
Website Security ISYS 512. Cookies Data in Cookies System.Web Which web site set the cookie Expiration date –DateTime data type –TimeSpan data type One.

Website Security ISYS 512. Cookies Data in Cookies System.Web Which web site set the cookie Expiration date –DateTime data type –TimeSpan data type One.
Christopher M. Pascucci Basic Structural Concepts of.NET Browser – Server Interaction.

Christopher M. Pascucci Basic Structural Concepts of.NET Browser – Server Interaction.
Preview of ASP.NET 2.0 in Delphi Course #3182 Jim Tierney Principal Engineer - Borland.

Preview of ASP.NET 2.0 in Delphi Course #3182 Jim Tierney Principal Engineer - Borland.
Session 11: Security with ASP.NET

Session 11: Security with ASP.NET
Forms Authentication, Users, Roles, Membership Svetlin Nakov Telerik Corporation www.telerik.com.

Forms Authentication, Users, Roles, Membership Svetlin Nakov Telerik Corporation
Chapter 13 – Advanced Topics Dr. Stephanos Mavromoustakos.

Chapter 13 – Advanced Topics Dr. Stephanos Mavromoustakos.
IT533 Lectures Security. Reasons for Security Prevent access to areas of your Web server Record and store secure relevant user data Security Configuration.

IT533 Lectures Security. Reasons for Security Prevent access to areas of your Web server Record and store secure relevant user data Security Configuration.
1.NET Web Forms Security Issues © 2002 by Jerry Post.

1.NET Web Forms Security Issues © 2002 by Jerry Post.
© FPT SOFTWARE – TRAINING MATERIAL – Internal use 04e-BM/NS/HDCV/FSOFT v2/3 Securing a Microsoft ASP.NET Web Application.

© FPT SOFTWARE – TRAINING MATERIAL – Internal use 04e-BM/NS/HDCV/FSOFT v2/3 Securing a Microsoft ASP.NET Web Application.
1 Web services and security ---discuss different ways to enforce security Presenter: Han, Xue.

1 Web services and security ---discuss different ways to enforce security Presenter: Han, Xue.
.Net and Web Services Security CS795. Web Services A web application Does not have a user interface (as a traditional web application); instead, it exposes.

.Net and Web Services Security CS795. Web Services A web application Does not have a user interface (as a traditional web application); instead, it exposes.
1 CS 3870/CS 5870 Note04 Session Variables and Post Back.

1 CS 3870/CS 5870 Note04 Session Variables and Post Back.

Similar presentations

Ads by Google