Lecture11

This preview shows page 1 out of 30 pages.

Unformatted text preview: Membership and Role Providers in ASP.NET Membership and Role Providers Membership and role providers exist to provide authentication and authorization services to our applications. The provider model in ASP.NET provides extensibility points for developers to plug their own implementation of a feature into the runtime. Both the membership and role features in ASP.NET follow the provider pattern by specifying an interface, or contract. 1 Membership and Role Providers Use the NuGet Package Manager to add the Membership and Role Providers to your web.config file. Membership and Role Providers Update the “DefaultConnection” connectionString in the web.config file to point to your database. 2 Membership and Role Providers You can always override the default setting and point all providers using LocalSqlServer to a remote database, or a non-Express database on the local machine. Use the ASP.NET Sql Server Registration Tool (aspnet_regsql.exe) to create a new “aspnetdb” database. Using the Membership Provider string username = "SwedishChef"; string password = "bj#kbj1k"; string email = @"[email protected]"; string question = "The greatest band ever?"; string answer = "ABBA"; bool isApproved = true; MembershipCreateStatus status; Membership.CreateUser( username, password, email, question, answer, isApproved, out status); if(status == MembershipCreateStatus.Success) { // party! } 3 Using the Role Provider If(Roles.IsUserInRole("Admin") == true) { // perform an admin action } else { // give user an error message } Roles & Memberships 4 Login Controls Name Description ChangePassword UI for changing passwords CreateUserWizard UI for creating new user accounts Login UI for entering and validating user names and passwords LoginName Displays authenticated user names LoginStatus UI for logging in and logging out LoginView Displays different views based on login status and roles PasswordRecovery UI for recovering forgotten passwords The Login Control Standard UI for logging in users Integrates with Membership service Calls ValidateUser automatically No-code validation and logins Also works without Membership service (to install this service use aspnet_regsql) Incorporates RequiredFieldValidators Highly customizable UI and behavior 5 Using the Login Control <html> <body> <form runat="server"> <asp:Login RunAt="server" /> </form> </body> </html> Customizing the Login Control <asp:Login ID="LoginControl" RunAt="server" CreateUserText="Create new account" CreateUserUrl="CreateUser.aspx" DisplayRememberMe="false" PasswordRecoveryText="Forgotten your password?" PasswordRecoveryUrl="RecoverPassword.aspx" LoginButtonText="Do It!" TitleText="Please Log In" /> 6 Login Control Events Name Description LoggingIn Fired when the user clicks the Log In button. Purpose: to Prevalidate login credentials (e.g., make sure e-mail address is well-formed) Authenticate Fired when the user clicks the Log In button. Purpose: to Authenticate the user by validating his or her login credentials LoggedIn Fired f...
View Full Document

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture