membership anduserroles_ppt


Published on

This PPT explains in brief about Asp.Net Membership and Role Providers

Published in: Technology
1 Like
  • Be the first to comment

No Downloads
Total Views
On Slideshare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide membership anduserroles_ppt

  1. 1. ASP.NETMembership and User Roles
  2. 2. Topics Introduction  Why Security is important?  Different ways to secure our Application What is Authentication and Authorization? What are Providers in Asp.Net? What is MembershipProvider in Asp.Net? Overview of Asp.Net Membership System How to configure MembershipProvider in Web.config file? What is Role Management and Role Providers? How to configure Role Providers in Asp.Net?
  3. 3. Introduction – Why Security is Important?1. Security is one of the most important part of any Website or a Web Application.2. Hackers are waiting out there for us and use various ways to exploit a website / web-application.3. Hacker can attack in many ways.  Brute Force  Sniffers  Spoofing  Social Engineering  SQL Injection
  4. 4. Introduction - Different Ways to Secure our Application  Design your Application well.  Encrypting the Data while storing.  Input Validation.  Forcing Users for Strong Passwords.  Authentication and Authorization.
  5. 5. What is Authentication? “Authentication” means to “Check someone’s genuineness” In ASP.NET – Authentication means the same. It is a process where you check a person’s credentials. Example – Facebook, Yahoo, Gmail. What is Authorization? Providing access to resource based on User’s role. Authentication always preceeds Authorization
  6. 6. What is a Provider in Asp.Net? ProviderBase Class is an “Abstract Class” which follows the “Provider Model”. This class is very simple and contains very few methods which is inherited from the “Object” Class. This class is a part of the “System.Configuration.Provider” namespace The ProviderBase Class implementation is a 2 step process.  First implemented by “Feature–specific Providers” (Membership / Role / Profile Providers)  Feature-specific Provider is implemented by “Implementation-specific Providers” (SqlMembership Provider) ProviderBase Class Implementation ProviderBase Membership / Role SQLMembership Class Provider Classes Provider Class
  7. 7. What is MembershipProvider in Asp.Net? MembershipProvider is an Abstract class, which provides an abstraction over the data source. Membership Provider is configured in the Configuration file. Can be bound to multiple data sources. provides 2 membership providers to store data :-  Microsoft SQL Server – (AspNetSqlMembershipProvider)  Windows Active Directory Asp.Net provides us to configure our own Custom Membership Provider. (Oracle Data Source, Other data source) This class inherits from the abstract “ProviderBase” class and contains various methods and properties to “Create, Delete, Update, Validate – Users”, “Get User information”, “Change Password”
  8. 8. Image taken from -
  9. 9. Overview of Membership System Other Login Controls :- Login Login View Login Status ControlsMembership Membership Class Membership User Class API :-Providers :- Membership Provider Provider Base ClassMembership SQLMembership Provider Other Membership ProviderProviders :- Data Source :- SQL ORACLE SERVER
  10. 10. How to use Membership System? Sample Demo
  11. 11. Why do we need Membership System? Membership System is configurable and easy to use. Provides various classes, methods, properties to deal with users information easily. Asp.Net provides built in Login Server Controls which encapsulates most of the Membership functionality and helps write less code. Can be integrated with Forms Authentication. Provides a feature to store useful information like passwords, etc in hashed format within the database. No need to create tables and write stored procedures for maintaining the data.
  13. 13. What is Role Management and Role Providers? Process of managing authorization of Users is called “Role Management”. Helps to synch users into a group, by assigning them Roles. A process to decide which page or any other resource can be accessed by which User. API helps the user to know, what is the role of the User or who the User is?Role Provider – Yet another abstract class which inherits the “ProviderBase” class. Provides various functions to “Create”, “Delete” roles. Check a specific role of a user. Can create custom role providers based upon our application requirements.
  14. 14.  Asp.Net provides 3 different Role Providers  SQLRoleProvider  WindowsTokenRoleProvider  AuthorizationStoreRoleProvider
  15. 15. How to configure Role Providers in Asp.Net? Sample Code
  16. 16. THANK YOU!!!