Topics Introduction Why Security is important? Different ways to secure our Application What is Authentication and Authorization? What are Providers in Asp.Net? What is MembershipProvider in Asp.Net? Overview of Asp.Net Membership System How to configure MembershipProvider in Web.config file? What is Role Management and Role Providers? How to configure Role Providers in Asp.Net?
Introduction – Why Security is Important?1. Security is one of the most important part of any Website or a Web Application.2. Hackers are waiting out there for us and use various ways to exploit a website / web-application.3. Hacker can attack in many ways. Brute Force Sniffers Spoofing Social Engineering SQL Injection
Introduction - Different Ways to Secure our Application Design your Application well. Encrypting the Data while storing. Input Validation. Forcing Users for Strong Passwords. Authentication and Authorization.
What is Authentication? “Authentication” means to “Check someone’s genuineness” In ASP.NET – Authentication means the same. It is a process where you check a person’s credentials. Example – Facebook, Yahoo, Gmail. What is Authorization? Providing access to resource based on User’s role. Authentication always preceeds Authorization
What is a Provider in Asp.Net? ProviderBase Class is an “Abstract Class” which follows the “Provider Model”. This class is very simple and contains very few methods which is inherited from the “Object” Class. This class is a part of the “System.Configuration.Provider” namespace The ProviderBase Class implementation is a 2 step process. First implemented by “Feature–specific Providers” (Membership / Role / Profile Providers) Feature-specific Provider is implemented by “Implementation-specific Providers” (SqlMembership Provider) ProviderBase Class Implementation ProviderBase Membership / Role SQLMembership Class Provider Classes Provider Class
What is MembershipProvider in Asp.Net? MembershipProvider is an Abstract class, which provides an abstraction over the data source. Membership Provider is configured in the Configuration file. Can be bound to multiple data sources. Asp.net provides 2 membership providers to store data :- Microsoft SQL Server – (AspNetSqlMembershipProvider) Windows Active Directory Asp.Net provides us to configure our own Custom Membership Provider. (Oracle Data Source, Other data source) This class inherits from the abstract “ProviderBase” class and contains various methods and properties to “Create, Delete, Update, Validate – Users”, “Get User information”, “Change Password”
Image taken from -http://www.felix-colibri.com/
Overview of Membership System Other Login Controls :- Login Login View Login Status ControlsMembership Membership Class Membership User Class API :-Providers :- Membership Provider Provider Base ClassMembership SQLMembership Provider Other Membership ProviderProviders :- Data Source :- SQL ORACLE SERVER
Why do we need Membership System? Membership System is configurable and easy to use. Provides various classes, methods, properties to deal with users information easily. Asp.Net provides built in Login Server Controls which encapsulates most of the Membership functionality and helps write less code. Can be integrated with Forms Authentication. Provides a feature to store useful information like passwords, etc in hashed format within the database. No need to create tables and write stored procedures for maintaining the data.
What is Role Management and Role Providers? Process of managing authorization of Users is called “Role Management”. Helps to synch users into a group, by assigning them Roles. A process to decide which page or any other resource can be accessed by which User. API helps the user to know, what is the role of the User or who the User is?Role Provider – Yet another abstract class which inherits the “ProviderBase” class. Provides various functions to “Create”, “Delete” roles. Check a specific role of a user. Can create custom role providers based upon our application requirements.
Asp.Net provides 3 different Role Providers SQLRoleProvider WindowsTokenRoleProvider AuthorizationStoreRoleProvider
How to configure Role Providers in Asp.Net? Sample Code