Your SlideShare is downloading. ×
Implementing ASP.NET Role Based Security
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Implementing ASP.NET Role Based Security

3,749
views

Published on

An introduction to implementing role based security using the Asp.Net membership provider

An introduction to implementing role based security using the Asp.Net membership provider

Published in: Technology

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
3,749
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
40
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide
  • updated 6/10/2010 to add SQL Server membership provider ddl wizard screenshots
  • Transcript

    • 1. FortWayne .Net User Group – First presented on January 8, 2008 DeanWillson Systemental, Inc.
    • 2. About Me  Work for Systemental, Inc as a Consultant and Software Developer  Software development to support Corporate business process improvement since 2000 (Mostly to support Lean or Continuous Improvement Initiatives)  .Net since 2004  Mfg. Eng. Technology degrees from Ball State University  Certified Six Sigma Black Belt
    • 3. Scope of presentation  Conceptual review  Provider Model  Tools (development and maintenance)  Code examples  Login Controls – Declarative Control Templates  Install/Config, Aspnetdb  Web.config settings  Code-behind User.IsInRole  Miscellaneous  Global.asax populate IPrincipal
    • 4. .Net Security Providers  Prebuilt Membership and Role Providers for managing security (and personalization). Built-in providers:  SQL Server  SQL Express (used during presentation)  Active Directory  Provider based so you can create your own Custom providers (MySQL, XML, Custom)
    • 5. Tools – Development & Maintenance  Development  Login Controls  CreateUserWizard  Login, LoginView, LoginStatus, LoginName  PasswordRecovery, ChangePassword  Maintenance  WSAT – Web Site Administration Tool (Visual Studio: Website  ASP.Net Configuration)  Roll-Your-Own admin  Peter Kellner’s Membership Editor
    • 6. Code Samples  NUFWStarting website  Initial project with Gridviews for two different roles HR and Sales (in separate Panels)  Objective is to add login and role based security functionality for the two roles  NUFWFinished website  After adding login and role based security (added during presentation  NUFWAdv website  Showed how to install the aspnetdb Membership database to another existing database (AdventureWorks) then use it. More like a production deployment scenario. Note changes to connection string.  Shows use of global.asax to populate Roles into GenericPrincipal from an XML file while using the Membership db for the User Authentication
    • 7. Web.config settings – con strings Application App_Data/aspnetdb.mdf (from the machine.config): <connectionStrings> <add name="LocalSqlServer" connectionString="data source=.SQLEXPRESS;Integrated Security=SSPI;AttachDBFilename=| DataDirectory|aspnetdb.mdf;User Instance=true" providerName="System.Data.SqlClient" /> </connectionStrings> If using SQL Server (full version or custom db/connection): <connectionStrings> <remove name="LocalSqlServer" /> <add name="LocalSqlServer" connectionString="Data Source=(local);Initial Catalog=aspnetdb;User ID=USER;Password=PASS" providerName="System.Data.SqlClient" /> </connectionStrings>
    • 8. Web.config –Authentication, Authorization <roleManager enabled="true" cookieTimeout="5000000" createPersistentCookie="true" /> (from machine.config): <roleManager> <providers> <add name="AspNetSqlRoleProvider“ connectionStringName="LocalSqlServer" applicationName="/" type="System.Web.Security.SqlRoleProvider, ..." /> </providers> </roleManager> <authentication mode="Forms"> <forms loginUrl="Login.aspx" defaultUrl="Default.aspx"></forms> </authentication>
    • 9. Web.config – restrict access <system.web> <authorization> <allow roles="Admin"/> <deny users="*,?"/> </authorization> </system.web>
    • 10. Custom Install Membership Database aspnetdb  Separate Membership database to be used by entire server  Add Membership to an existing database  C:WINDOWSMicrosoft.NETFrameworkv2.0.5 0727aspnet_regsql.exe
    • 11. Wizard – add membership DDL  C:WINDOWSMicrosoft.NETFramework v2.0.50727aspnet_regsql.exe –W
    • 12. Next
    • 13. Pick authentication method
    • 14. Almost there
    • 15. Done
    • 16. Before and After the Wizard
    • 17. Launch WSAT
    • 18. WSAT – Web Site Admin Tool
    • 19. Select Authentication type
    • 20. Users, Roles, Access Rules
    • 21. References  ASP.NET 2.0 Anthology Sitepoint 2007  ASP.Net 2.0 Membership, Roles, Forms Authentication, and Security Resources by Scott Guthrie http://weblogs.asp.net/scottgu/archive/2006/02/24/ASP.NET-2.0- Membership_2C00_-Roles_2C00_-Forms-Authentication_2C00_- and-Security-Resources-.aspx  Peter Kellner’s Membership Editor  http://msdn2.microsoft.com/en-us/library/aa478958.aspx  Introducing Microsoft Visual Basic 2005 For Developers Microsoft Press 2005  http://www.odetocode.com/Articles/428.aspx  Security for Microsoft Visual Basic .Net Microsoft Press 2003
    • 22. Thank you!  Websites  http://www.systemental.com  http://www.LeanProjectManager.com  Blog  http://dean-o.blogspot.com/  http://practicalhoshin.blogspot.com  Twitter  @deanwillson  Email  dean@systemental.com
    • 23. AD Provider <connectionStrings> <add name="ADConnectionString" connectionString="LDAP://testdomain.test.com/CN=Users,DC=testdo main,DC=test,DC=com" /> </connectionStrings> <authorization> <membership defaultProvider="MyADMembershipProvider"> <providers> <add name="MyADMembershipProvider" type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" connectionStringName="ADConnectionString" connectionUsername="testdomainadministrator" connectionPassword="password"/> </providers> </membership> </authorization>
    • 24. Finished