slide1 l.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Building Secure Applications using Membership and Role Management with Visual Studio 2005 and ASP.NET 2.0 PowerPoint Presentation
Download Presentation
Building Secure Applications using Membership and Role Management with Visual Studio 2005 and ASP.NET 2.0

Loading in 2 Seconds...

play fullscreen
1 / 36

Building Secure Applications using Membership and Role Management with Visual Studio 2005 and ASP.NET 2.0 - PowerPoint PPT Presentation


  • 296 Views
  • Uploaded on

Building Secure Applications using Membership and Role Management with Visual Studio 2005 and ASP.NET 2.0. Agenda. Membership Service. Membership Schema. Controls. Login. LoginStatus. LoginView. Other Login Controls. Membership API. Membership. MembershipUser. Membership Providers.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Building Secure Applications using Membership and Role Management with Visual Studio 2005 and ASP.NET 2.0' - issac


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
slide1
Building Secure Applications using Membership and Role Management with Visual Studio 2005 and ASP.NET 2.0
membership schema
Membership Schema

Controls

Login

LoginStatus

LoginView

Other Login

Controls

Membership API

Membership

MembershipUser

Membership Providers

SqlMembershipProvider

Other Membership

Providers

Membership

Data

SQL Server

Other

Data Stores

key membership methods
Key Membership Methods

Name

Description

CreateUser

Adds a user to the membership data store

DeleteUser

Removes a user from the membership data store

GeneratePassword

Generates a random password of a specified length

GetAllUsers

Retrieves a collection of MembershipUser objects

representing all currently registered users

GetUser

Retrieves a MembershipUser object representing a user

UpdateUser

Updates information for a specified user

ValidateUser

Validates logins based on user names and passwords

creating new users
Creating New Users

try {

Membership.CreateUser ("Jeff", "imbatman", "jeff@microsoft.com");

}

catch (MembershipCreateUserException e) {

// Find out why CreateUser failed

switch (e.StatusCode) {

case MembershipCreateStatus.DuplicateUsername:

...

case MembershipCreateStatus.DuplicateEmail:

...

case MembershipCreateStatus.InvalidPassword:

...

default:

...

}

}

validating logins
Validating Logins

if (Membership.ValidateUser (UserName.Text, Password.Text))

FormsAuthentication.RedirectFromLoginPage (UserName.Text,

RememberMe.Checked);

key membershipuser properties
Key MembershipUser Properties

Name

Description

Comment

Storage for user-defined data

CreationDate

Date user was added to the membership data store

Email

User's e-mail address

LastLoginDate

Date user last logged in successfully

LastPasswordChangedDate

Date user's password was last changed

UserId

Unique user ID generated by membership provider

UserName

User's registered user name

key membershipuser methods
Key MembershipUser Methods

Name

Description

ChangePassword

Changes user's password

ChangePassword-

QuestionAndAnswer

Changes question and answer used for password

recovery

GetPassword*

Retrieves a password

ResetPassword

Resets a password by setting it to a new random password

suspending login privileges
Suspending Login Privileges

if (Membership.ValidateUser (UserName.Text, Password.Text)) {

MembershipUser user = Membership.GetUser (UserName.Text);

user.Comment = "0"; // Reset the count of failed login attempts

RedirectFromLoginPage (UserName.Text, RememberMe.Checked);

}

else {

MembershipUser user = Membership.GetUser (UserName.Text);

if (user != null) {

// Get a count of consecutive failed login attempts

string count = Convert.ToInt32 (user.Comment) + 1;

// If the count equals or exceeds 5, suspend login privileges

if (count >= 5)

user.IsApproved = false;

// Update the count of consecutive failed login attempts

user.Comment = count.ToString ();

}

}

changing provider settings
Changing Provider Settings

<membership>

<providers>

<remove name="AspNetSqlProvider" />

<add name="AspNetSqlProvider"

type="System.Web.Security.SqlMembershipProvider, System.Web, ..."

connectionStringName="RemoteSqlServer"

enablePasswordRetrieval="false"

enablePasswordReset="true"

requiresQuestionAndAnswer="false"

applicationName="/"

requiresUniqueEmail="false"

passwordFormat="Hashed"

description="Stores and retrieves membership data ..."

/>

</providers>

</membership>

login controls
Login Controls

Control

Description

ChangePassword

UI for changing passwords

CreateUserWizard

UI for creating new user accounts

Login

UI for entering and validating user names and passwords

LoginName

Displays authenticated user names

LoginStatus

UI for logging in and logging out

LoginView

Displays different views based on login status and roles

PasswordRecovery

UI for recovering forgotten passwords

using the login control
Using the Login Control

<html>

<body>

<form runat="server">

<asp:Login RunAt="server" />

</form>

</body>

</html>

customizing the login control
Customizing the Login Control

<asp:Login ID="LoginControl" RunAt="server"

CreateUserText="Create new account"

CreateUserUrl="CreateUser.aspx"

DisplayRememberMe="false"

PasswordRecoveryText="Forgotten your password?"

PasswordRecoveryUrl="RecoverPassword.aspx"

SubmitButtonText="Do It!"

TitleText="Please Log In"

/>

login control events
Login Control Events

Name

Description

Authenticate

Fired when the user clicks the Log In button. Purpose: to authenticate

the user by validating his or her login credentials

LoggedIn

Fired following a successful login

LoggingIn

Fired when the user clicks the Log In button. Purpose: to prevalidate

login credentials (e.g., make sure e-mail address is well-formed)

LoginError

Fired when an attempted login fails

validating credential formats
Validating Credential Formats

<asp:Login ID="LoginControl" RunAt="server"

OnLoggingIn="OnValidateCredentials" ... />

.

.

.

<script language="C#" runat="server">

void OnValidateCredentials (Object sender, CancelEventArgs e)

{

if (!Regex.IsMatch (LoginControl.UserName, "[a-zA-Z0-9]{6,}") ||

!Regex.IsMatch (LoginControl.Password, "[a-zA-Z0-9]{8,}")) {

LoginControl.InstructionText = "User names and passwords " +

"must contain letters and numbers only and must be at " +

"least 6 and 8 characters long, respectively";

e.Cancel = true;

}

}

</script>

layout templates
Layout Templates

<asp:Login RunAt="server">

<LayoutTemplate>

...

</LayoutTemplate>

</asp:Login>

role management schema
Role Management Schema

Controls

Login

LoginStatus

LoginView

Other Login

Controls

Roles API

Roles

Role Providers

SqlRoleProvider

Other Role Providers

Roles Data

SQL Server

Other

Data Stores

key roles methods
Key Roles Methods

Name

Description

AddUserToRole

Adds a user to a role

CreateRole

Creates a new role

DeleteRole

Deletes an existing role

GetRolesForUser

Gets a collection of roles to which a user belongs

GetUsersInRole

Gets a collection of users belonging to a specified role

IsUserInRole

Indicates whether a user belongs to a specified role

RemoveUserFromRole

Removes a user from the specified role

creating a new role
Creating a New Role

if (!Roles.RoleExists ("Developers")) {

Roles.CreateRole ("Developers");

}

adding a user to a role
Adding a User to a Role

string name = Membership.GetUser ().Username;

Roles.AddUserToRole (name, "Developers");

enabling the role manager
Enabling the Role Manager

<configuration>

<system.web>

<roleManager enabled="true" />

</system.web>

</configuration>

enabling role caching
Enabling Role Caching

<configuration>

<system.web>

<roleManager enabled="true" cacheRolesInCookie="true" />

<!-- Other roleManager attributes (and their defaults) include:

cookieName=".ASPXROLES" // Cookie name

cookieTimeout="30" // Cookie lifetime

cookiePath="/" // Cookie path

cookieRequireSSL="false" // Restrict cookie to SSL?

cookieSlidingExpiration="true" // Renew expiring cookies?

createPersistentCookie="false" // Issue persistent cookie?

cookieProtection="All" /> // Cookie protection level

-->

</system.web>

</configuration>