Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 CS 3870/CS 5870: Note 12 Authentication and Authorization Membership Provider.

Published byMary Eustacia Patrick Modified over 8 years ago

Similar presentations

Presentation on theme: "1 CS 3870/CS 5870: Note 12 Authentication and Authorization Membership Provider."— Presentation transcript:

1 1 CS 3870/CS 5870: Note 12 Authentication and Authorization Membership Provider

2 2 Prog 5 Copy folder Prog4 as Prog5 Modify Prog4MasterPage Name: Prog5MasterPage Text: Prog 5 TreeView: New root node NavigationURL of master page

3 3 Prog 5 Modify the Content Pages Reset the MasterPageFile (top line of the source file)

4 4 Prog 5 Modify the Session Variables Prog4_ to Prog5_ File Global Code file

5 5 Prog 5 Make sure it’s working the same as Prog4 before adding features for Prog5

6 6 Web.Config Machine.config –Machine level settings –Default settings for all Web applications Application Web.config –Under the application root directory –Apply to the entire application –Overwrite some settings set in Machine.config Local Web.config –A sub-folder can have its own Web.config file –Overwrite some settings set in higher level Web.config –Not every setting can be set in local Web.config AUTHENTICATION must be set in application Web.config AUTHORIZATION can be different for different sub-folders Page Directives –Apply to the page only –Overwrite settings set in Web.config

7 Machine.config on Xray C:\Windows\Microsoft.NET\Framework\v4.0.30319\Config <add name="AspNetSqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider, System.Web, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" connectionStringName="LocalSqlServer" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="true" applicationName="/" requiresUniqueEmail="false" passwordFormat="Hashed" maxInvalidPasswordAttempts="5" minRequiredPasswordLength="7" minRequiredNonalphanumericCharacters="1" passwordAttemptWindow="10" passwordStrengthRegularExpression=""/> 7

8 Machine.config on Xray C:\Windows\Microsoft.NET\Framework\v4.0.30319\Config <add name="LocalSqlServer" connectionString="data source=.\SQLEXPRESS;Integrated Security=SSPI;AttachDBFilename=|DataDirectory|aspnetdb.mdf; User Instance=true" providerName="System.Data.SqlClient"/> 8

9 9 Web.Config Application Configuration File under the main web site <forms name="formsAuth" loginUrl="login.aspx" path="/" requireSSL="false" slidingExpiration="true" protection="All" defaultUrl="~/Prog5/Default.aspx" timeout="1" cookieless="UseDeviceProfile" />

10 10 Authentication To identify the user Four Modes –Windows: IntraNet –Forms : Internet –Passport: MS –None

11 11 Forms Based Authentication –name : cookie's name –loginUrl : default is login.aspx –path : the location to save the cookie, default is / –protection: the amount of protection applied to the cookie Encryption Validation All (both, default) None –timeout : minutes (default 30) a durable cookie could be issued

12 12 Forms Based Authentication –defaultUrl: If the user requests the login.aspx page Otherwise, go to the requested page –requiresSSL : credential be sent over an encrypted wire (SSL) –slidingExpiration : timeout of the cookie is on a sliding scale –cookieless: UseDeviceProfile: default UseCookies: require to use cookies UseUri: force to store credential within Uri AutoDetect: sending a test cookie first

13 Authentication All pages are still accessible to the public After Authentication is set in config file......... 13

14 Form Login Create form Login under the root folder Add control Login from tab Login All pages are still accessible to the public 14

15 15 Authorization Web.config file under the main folder............

16 No Page Accessible 16

17 17 Authorizatio n Web.config file under the main folder

18 All Pages Are Accessible Except those under folder Prog5 18

19 Control CreateUserWizard Add a form CreateUser.aspx under the main folder Add control CreateUserWizard Create one user –UserName: jim –Password: cs3870@UWP –Your email –Your choices for others 19

20 Event ContinueButtonClick In CreateUser.aspx.vb Select CreateUserWizard1 Select event ContinueButtonClick Code Response.Redirect("Login.aspx") 20

21 21 Authorization <allow users="[comma separated list of users]" roles="[comma separated list of roles]" verbs="[comma separated list of roles]"/> <deny users="[comma separated list of users]" roles="[comma separated list of roles]" verbs="[comma separated list of roles]"/> * : everyone ? : anonymous verbs: POST, GET, HEADER, DEBUG

22 Other Login Controls ChangePassword LoginName LoginStatus LoginView PasswordRecovery 22

23 Prog5MasterPage Add LoginName and LoginStatus 23

24 Prog5MasterPage Partial Class Prog5_MasterPage Protected Sub LoginStatus1_LoggedOut(...) Handles LoginStatus1.LoggedOut Response.Redirect("~/Login.aspx") End Sub End Class 24

25 New Page Checkout Maintain a shopping bag for each session Add items into the shopping bag when shopping GridView to display all items in the shopping bag on checkout Clear the bag when checkout 25

26 Shopping Bag Your Choice –DataTable –ArrayList –New class –... Location –SQLDataClass –... 26

27 Shopping Bag Public Shared Function NewShoppingBag() As Data.DataTable Dim bag As New Data.DataTable bag.Columns.Add("Product ID") bag.Columns.Add("Product Name") bag.Columns.Add("Unit Price") bag.Columns.Add("Quantity") bag.Columns.Add("Cost") Dim PK() As Data.DataColumn = {bag.Columns(0)} bag.PrimaryKey = PK Return bag End Function 27

28 Global.vb Sub Session_Start(...)... ' For Prog5 Session("Prog5_Bag") = SQLDataClass.NewShoppingBag... End Sub 28

29 Page Shopping New Button “Add to Shopping Bag” Click Event Dim myBag As Data.DataTable = Session("Prog5_Bag") Dim row As Data.DataRow = myBag.NewRow row(0) = txtID.Text row(1) = txtName.Text row(2) = txtPrice.Text row(3) = txtQuanity.Text row(4) = txtSubTotal.Text Dim r As Data.DataRow = myBag.Rows.Find(row(0)) If Not r Is Nothing Then myBag.Rows.Remove(r) ‘ replace the old item End If myBag.Rows.Add(row) 29

30 Page Checkout Protected Sub Page_Load(...) Handles Me.Load GridView1.DataSource = Session("Prog5_Bag") GridView1.DataBind() End Sub 30

31 Page Checkout Protected Sub Button1_Click(...) Handles Button1.Click ‘ End the current session ‘ will clear all session variables Session.Abandon() ' Logout of Membership FormsAuthentication.SignOut() ‘ Go to Login.aspx Response.Redirect(FormsAuthentication.LoginUrl) End Sub 31

32 Schedule Thursday –Still have class –Do Prog5 and Project –Lab 206 Next Tuesday –Do Prog5 and Project –Lab 206 Lose 10 points if missing class without my permission 32

Download ppt "1 CS 3870/CS 5870: Note 12 Authentication and Authorization Membership Provider."

Similar presentations

Unit 02. ASP.NET Introduction HTML & Server controls Postbacks Page Lifecycle.

Unit 02. ASP.NET Introduction HTML & Server controls Postbacks Page Lifecycle.
Forms Authentication, Users, Roles, Membership Ventsislav Popov Crossroad Ltd.

Forms Authentication, Users, Roles, Membership Ventsislav Popov Crossroad Ltd.
1 CS 3870/CS 5870: Lab4 Save with Invalid Price Keep Order After Updating.

1 CS 3870/CS 5870: Lab4 Save with Invalid Price Keep Order After Updating.
Forms Authority Database Store Username and Passwords: ASP.NET framework allows you to control access to pages, classes, or methods based on username and.

Forms Authority Database Store Username and Passwords: ASP.NET framework allows you to control access to pages, classes, or methods based on username and.
Copyright © 2004 - The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation.
Authenticating Users in an ASP.NET Application. Web Site Administration Tool From VS 2008, click Website/ ASP.Net Configuration to open Web Site Administration.

Authenticating Users in an ASP.NET Application. Web Site Administration Tool From VS 2008, click Website/ ASP.Net Configuration to open Web Site Administration.
Website Security ISYS 512. Authentication Authentication is the process that determines the identity of a user. Web.config file – node Options: –Windows.

Website Security ISYS 512. Authentication Authentication is the process that determines the identity of a user. Web.config file – node Options: –Windows.
Microsoft ASP.NET Security Venkat Chilakala Support Professional Microsoft Corporation.

Microsoft ASP.NET Security Venkat Chilakala Support Professional Microsoft Corporation.
Building ASP.NET Applications 2 Lecture 3,4 T. Ahlam Algharasi 4 th Level.

Building ASP.NET Applications 2 Lecture 3,4 T. Ahlam Algharasi 4 th Level.
ASP.NET 2.0 Chapter 6 Securing the ASP.NET Application.

ASP.NET 2.0 Chapter 6 Securing the ASP.NET Application.
Website Security ISYS 512. Cookies Data in Cookies System.Web Which web site set the cookie Expiration date –DateTime data type –TimeSpan data type One.

Website Security ISYS 512. Cookies Data in Cookies System.Web Which web site set the cookie Expiration date –DateTime data type –TimeSpan data type One.
1 CS 3870/CS 5870 Static and Dynamic Web Pages ASP.NET and IIS.

1 CS 3870/CS 5870 Static and Dynamic Web Pages ASP.NET and IIS.
Session 11: Security with ASP.NET

Session 11: Security with ASP.NET
1 CS 3870/CS 5870 Static and Dynamic Web Pages ASP.NET and IIS.

1 CS 3870/CS 5870 Static and Dynamic Web Pages ASP.NET and IIS.
Forms Authentication, Users, Roles, Membership Svetlin Nakov Telerik Corporation www.telerik.com.

Forms Authentication, Users, Roles, Membership Svetlin Nakov Telerik Corporation
Chapter 13 – Advanced Topics Dr. Stephanos Mavromoustakos.

Chapter 13 – Advanced Topics Dr. Stephanos Mavromoustakos.
IT533 Lectures Security. Reasons for Security Prevent access to areas of your Web server Record and store secure relevant user data Security Configuration.

IT533 Lectures Security. Reasons for Security Prevent access to areas of your Web server Record and store secure relevant user data Security Configuration.
1.NET Web Forms Security Issues © 2002 by Jerry Post.

1.NET Web Forms Security Issues © 2002 by Jerry Post.
© FPT SOFTWARE – TRAINING MATERIAL – Internal use 04e-BM/NS/HDCV/FSOFT v2/3 Securing a Microsoft ASP.NET Web Application.

© FPT SOFTWARE – TRAINING MATERIAL – Internal use 04e-BM/NS/HDCV/FSOFT v2/3 Securing a Microsoft ASP.NET Web Application.
1 Web services and security ---discuss different ways to enforce security Presenter: Han, Xue.

1 Web services and security ---discuss different ways to enforce security Presenter: Han, Xue.

Similar presentations

Ads by Google