Membership%20in%20ASP.Net...if%20only

1
Membership in ASP.Net...if only

• Presented by
• Patrick Hynds
• President, CriticalSites
• Microsoft Regional Director

2
Agenda

• Membership
• Provider Model
• Custom Providers
• SOA based membership example
• Making a custom provider do what the standard
  ones wont (Demo)

3
Membership Service

• Membership API
• Included Membership providers
• SQL Server (and SQL Express)
• Active Directory (Windows)
• Access (kind of)
• Installs as a Visual Studio 2005 VSI template
• Custom Membership providers
• Oracle
• MySQL
• SQLLite3
• Others whatever you write yourself

4
Membership Service

• Service for managing users and credentials
• Declarative access via Web Site Admin Tool
• Programmatic access via Membership and
  MembershipUser classes
• Membership class provides base services
• MembershipUser class represents users and
  provides additional services
• Provider-based for flexible data storage

5
Membership Service (cont.)

• Vastly simplifies forms authentication
• Provides logic for validating user names and
  passwords, creating accounts, and more
• Provides data store for storing credentials,
  e-mail addresses, and other membership data

6
Membership Schema
Controls
Login
LoginStatus
LoginView
Other
Membership API
Membership
MembershipUser
Membership Providers
SqlMembershipProvider
ActiveDirectory-MembershipProvider
Other Providers
Membership Data
SQL Server
Active Directory
Other Data Stores
7
LoginView
ltaspLoginView ID"LoginView1" Runat"server"gt
ltAnonymousTemplategt lt!-- Content seen by
unauthenticated users --gt lt/AnonymousTemplategt
ltLoggedInTemplategt lt!-- Content seen by
authenticated users --gt lt/LoggedInTemplategt
ltRoleGroupsgt ltaspRoleGroup
Roles"Administrators"gt ltContentTemplategt
lt!-- Content seen by administrators --gt
lt/ContentTemplategt lt/aspRoleGroupgt
... lt/RoleGroupsgt lt/aspLoginViewgt
8
The Membership Class

• Provides static methods for performing key
  membership tasks
• Creating and deleting users
• Retrieving information about users
• Generating random passwords
• Validating logins
• Also includes read-only static properties for
  acquiring data about provider settings

9
The MembershipUser Class

• Represents individual users registered in the
  membership data store
• Includes numerous properties for getting and
  setting user info
• Includes methods for retrieving, changing, and
  resetting passwords
• Returned by Membership methods such as GetUser
  and CreateUser

10
Configuring the SQL Membership Provider
11
Provider Model

• Enable new functionality in a transparent fashion
• Enable extensibility for
• Web services
• Browser based Atlas clients
• Smart clients
• Application services as pluggable building blocks
• Decoupled via configuration
• Use structural classes for your own features

12
Provider ModelFeature Lifecycle
13
Provider Configuration

• Membership providers support a number of
  configuration settings
• How should passwords be stored (cleartext,
  hashed, encrypted)?
• Should password recovery be enabled?
• Must each user have a unique e-mail address?
• Exposed as properties of provider class
• Initialized from CONFIG files

14
Provider ModelFeature Configuration
public class QuotationsConfiguration
ConfigurationSection ConfigurationProperty("
providers") public ProviderSettingsCollection
Providers get
ConfigurationProperty("defaultProvider",
DefaultValue "StaticQuotationProvider")
public string DefaultProvider get
set
15
When to Build a Provider

• Physical 3-tier deployments
• May not allow web server to connect directly to
  SQL Server
• Schema isnt working for you
• Your data isnt in a supported format or
  repository
• You need that killer feature that isnt provided
  by existing providers

16
Projecting MembershipDesign Issues

• Authenticating to the web service
• Not all methods should be public
• Serialization of MembershipUser
• Read-only properties dont serialize
• WebMethod parameter constraints
• Collection types and out parameters
• Selecting from multiple providers
• Choosing a non-default provider

17
Projecting Membership3-Tier Flow
Webservice server
Web server
.asmx Membership wrapper
Application code
Webservice provider
SQL provider
18
Projecting MembershipAuthenticated Flow
Webservice server
.asmx Formsuth wrapper
.asmx Membership wrapper
Validate ticket and roles
SQL provider
19
Creating a Custom Membership Provider
20
Summary

• Rewrite or enhance features
• Project current features onto other platforms via
  web services or other methods
• Use the provider infrastructure for your own
  features
• Dont screw it up, you can always make life worse
  especially in security

21
Resources

• Custom Membership Providers
• Oracle Provider
• Supports Membership, Roles and Personalization
• Included in the PetShop sample
• http//msdn.microsoft.com/library/default.asp?
  url/library/en-us/dnbda/html/bdasamppet4.asp
• Access Database Provider
• Supports Membership, Roles and Personalization
• Installs as a Visual Studio 2005 VSI template
• http//msdn.microsoft.com/vstudio/eula.aspx?id967
  13a8e-b8d4-4d6e-bb8f-027e6c8e15d8

22
Resources

• Custom Membership Providers (cont.)
• MySQL Provider
• Support for ASP.NET Membership and Roles
• http//www.codeproject.com/aspnet/
  MySQLMembershipProvider.asp
• SQLLite3
• Supports Membership and Roles
• http//www.eggheadcafe.com/articles/ 20051119.asp