Title: Membership%20in%20ASP.Net...if%20only
1Membership in ASP.Net...if only
- Presented by
- Patrick Hynds
- President, CriticalSites
- Microsoft Regional Director
2Agenda
- Membership
- Provider Model
- Custom Providers
- SOA based membership example
- Making a custom provider do what the standard
ones wont (Demo)
3Membership Service
- Membership API
- Included Membership providers
- SQL Server (and SQL Express)
- Active Directory (Windows)
- Access (kind of)
- Installs as a Visual Studio 2005 VSI template
- Custom Membership providers
- Oracle
- MySQL
- SQLLite3
- Others whatever you write yourself
4Membership Service
- Service for managing users and credentials
- Declarative access via Web Site Admin Tool
- Programmatic access via Membership and
MembershipUser classes - Membership class provides base services
- MembershipUser class represents users and
provides additional services - Provider-based for flexible data storage
5Membership Service (cont.)
- Vastly simplifies forms authentication
- Provides logic for validating user names and
passwords, creating accounts, and more - Provides data store for storing credentials,
e-mail addresses, and other membership data
6Membership Schema
Controls
Login
LoginStatus
LoginView
Other
Membership API
Membership
MembershipUser
Membership Providers
SqlMembershipProvider
ActiveDirectory-MembershipProvider
Other Providers
Membership Data
SQL Server
Active Directory
Other Data Stores
7LoginView
ltaspLoginView ID"LoginView1" Runat"server"gt
ltAnonymousTemplategt lt!-- Content seen by
unauthenticated users --gt lt/AnonymousTemplategt
ltLoggedInTemplategt lt!-- Content seen by
authenticated users --gt lt/LoggedInTemplategt
ltRoleGroupsgt ltaspRoleGroup
Roles"Administrators"gt ltContentTemplategt
lt!-- Content seen by administrators --gt
lt/ContentTemplategt lt/aspRoleGroupgt
... lt/RoleGroupsgt lt/aspLoginViewgt
8The Membership Class
- Provides static methods for performing key
membership tasks - Creating and deleting users
- Retrieving information about users
- Generating random passwords
- Validating logins
- Also includes read-only static properties for
acquiring data about provider settings
9The MembershipUser Class
- Represents individual users registered in the
membership data store - Includes numerous properties for getting and
setting user info - Includes methods for retrieving, changing, and
resetting passwords - Returned by Membership methods such as GetUser
and CreateUser
10Configuring the SQL Membership Provider
11Provider Model
- Enable new functionality in a transparent fashion
- Enable extensibility for
- Web services
- Browser based Atlas clients
- Smart clients
- Application services as pluggable building blocks
- Decoupled via configuration
- Use structural classes for your own features
12Provider ModelFeature Lifecycle
13Provider Configuration
- Membership providers support a number of
configuration settings - How should passwords be stored (cleartext,
hashed, encrypted)? - Should password recovery be enabled?
- Must each user have a unique e-mail address?
- Exposed as properties of provider class
- Initialized from CONFIG files
14Provider ModelFeature Configuration
public class QuotationsConfiguration
ConfigurationSection ConfigurationProperty("
providers") public ProviderSettingsCollection
Providers get
ConfigurationProperty("defaultProvider",
DefaultValue "StaticQuotationProvider")
public string DefaultProvider get
set
15When to Build a Provider
- Physical 3-tier deployments
- May not allow web server to connect directly to
SQL Server - Schema isnt working for you
- Your data isnt in a supported format or
repository - You need that killer feature that isnt provided
by existing providers
16Projecting MembershipDesign Issues
- Authenticating to the web service
- Not all methods should be public
- Serialization of MembershipUser
- Read-only properties dont serialize
- WebMethod parameter constraints
- Collection types and out parameters
- Selecting from multiple providers
- Choosing a non-default provider
17Projecting Membership3-Tier Flow
Webservice server
Web server
.asmx Membership wrapper
Application code
Webservice provider
SQL provider
18Projecting MembershipAuthenticated Flow
Webservice server
.asmx Formsuth wrapper
.asmx Membership wrapper
Validate ticket and roles
SQL provider
19Creating a Custom Membership Provider
20Summary
- Rewrite or enhance features
- Project current features onto other platforms via
web services or other methods - Use the provider infrastructure for your own
features - Dont screw it up, you can always make life worse
especially in security
21Resources
- Custom Membership Providers
- Oracle Provider
- Supports Membership, Roles and Personalization
- Included in the PetShop sample
- http//msdn.microsoft.com/library/default.asp?
url/library/en-us/dnbda/html/bdasamppet4.asp - Access Database Provider
- Supports Membership, Roles and Personalization
- Installs as a Visual Studio 2005 VSI template
- http//msdn.microsoft.com/vstudio/eula.aspx?id967
13a8e-b8d4-4d6e-bb8f-027e6c8e15d8
22Resources
- Custom Membership Providers (cont.)
- MySQL Provider
- Support for ASP.NET Membership and Roles
- http//www.codeproject.com/aspnet/
MySQLMembershipProvider.asp - SQLLite3
- Supports Membership and Roles
- http//www.eggheadcafe.com/articles/ 20051119.asp