Role Management in net Vinay Dhareshwar Agenda Introduction

Role Management in. net Vinay Dhareshwar

Agenda � Introduction � Membership Service � Login Controls � Role Management Service 2

Role Based Security � Most business applications require rolebased security. � Role management lets you create groups of users as a unit � Roles give flexibility to change permissions and add and remove users. � Each Web page in the Web application can be assigned a security level � As you define more access rules for your application, roles become a more convenient way to apply the changes to groups of users. 3

Membership Service � Manages users and credentials � Simplifies forms authentication � Provider-based for flexible data storage 4

Membership Schema Controls Login. Status Other Controls Login. View Membership API Membership. User Membership Providers Sql. Membership. Provider Membership Data SQL Server Other Membership Providers SQL Server Express Other Data Stores 5

Key Membership Methods

Creating New Users try { Membership. Create. User ("Jeff", "imbatman!", "jeff@microsoft. com"); } catch (Membership. Create. User. Exception e) { // Find out why Create. User failed switch (e. Status. Code) { case Membership. Create. Status. Duplicate. Username: . . . case Membership. Create. Status. Duplicate. Email: . . . case Membership. Create. Status. Invalid. Password: . . . default: . . . } } 7

The Membership. User Class � Represents individual users registered in the membership data store � Returned by Membership methods such as Get. User and Create. User 8

Key Membership. User Methods

Configuring the Membership Service <membership default. Provider="Asp. Net. Sql. Membership. Provider" user. Is. Online. Time. Window = "00: 15: 00" hash. Algorithm. Type = "[SHA 1|MD 5]" > <providers>. . . </providers> </membership> 10

Login Controls

Using the Login Control <html> <body> <form runat="server"> <asp: Login Run. At="server" /> </form> </body> </html> 12

The Login. View Control � Displays content differently to different users depending on: ◦ Whether user is authenticated ◦ If user is authenticated, the role memberships he or she is assigned � Template-driven ◦ <Anonymous. Template> ◦ <Logged. In. Template> ◦ <Role. Groups> and <Content. Template> 13

Using Login. View <asp: Login. View ID="Login. View 1" Runat="server"> <Anonymous. Template> <!-- Content seen by unauthenticated users --> </Anonymous. Template> <Logged. In. Template> <!-- Content seen by authenticated users --> </Logged. In. Template> <Role. Groups> <asp: Role. Group Roles="Administrators"> <Content. Template> <!-- Content seen by authenticated users who are administrators --> </Content. Template> </asp: Role. Group>. . . </Role. Groups> </asp: Login. View> 14

Role Management Service � Role-based security in a box � Simplifies adding role-based security to sites that employ forms authentication � Provider-based for flexible data storage 15

Role Management Schema Controls Login. Status Roles API Other Controls Login. View Roles Role Providers Sql. Role. Provider Other Role Providers Roles Data SQL Server Express Other Data Stores 16

The Roles Class � Provides static methods for performing key role management tasks � Includes read-only static properties for acquiring data about provider settings 17

Key Roles Methods

Creating a New Role if (!Roles. Role. Exists ("Developers")) { Roles. Create. Role ("Developers"); } Adding a User to a Role string name = Membership. Get. User (). Username; // Get current user Roles. Add. User. To. Role (name, "Developers"); // Add current user to role 19

Configuring the Role Manager <role. Manager enabled="[true|false]" default. Provider="Asp. Net. Sql. Role. Provider" create. Persistent. Cookie="[true|false]" cache. Roles. In. Cookie="[true|false]" cookie. Name=". ASPXROLES" cookie. Timeout="00: 30: 00" cookie. Path="/" cookie. Require. SSL="[true|false]" cookie. Sliding. Expiration="[true|true]" cookie. Protection="[None|Validation|Encryption|All]" domain="" max. Cached. Results="25" > <providers>. . . </providers> </role. Manager> 20

Role Management Providers � Role management is provider-based � Ships with three role providers: ◦ Authorization. Store. Role. Provider (Authorization Manager, or "Az. Man") ◦ Sql. Role. Provider (SQL Server) ◦ Windows. Token. Role. Provider (Windows) � Use custom providers for other data stores 21

Configuring Sql. Role. Provider <role. Manager default. Provider="Asp. Net. Sql. Role. Provider". . . > <providers> <add application. Name="/" connection. String. Name="Local. Sql. Server" name="Asp. Net. Sql. Role. Provider" type="System. Web. Security. Sql. Role. Provider, System. Web, . . . " /> </providers> </role. Manager> 22

Role Management 23

References � � � http: //www. csharpcorner. com/Upload. File/praveenalwar/Praveen. Alwar 072020 06064726 AM/Praveen. Alwar. aspx http: //msdn. microsoft. com/en-us/library/5 k 850 zwb. aspx http: //oudinia. blogspot. com/2007/11/aspnet-20 -security-rolemanagement. html http: //www. codedigest. com/Articles/ASPNET/78_Login. View_Con trols_with_Roles_in_ASPNet_20. aspx http: //msdn. microsoft. com/en-us/library/aa 478958. aspx http: //download. microsoftvirtuallabs. com/download/8/a/7/8 a 7 1365 b-4 c 80 -4 e 60 -81858 f 12 f 59 bf 1 d 4/ASP. NET 2. 0 Membership. Login. Controlsand. Role. Man agement. pdf 24