Implementing ASP.NET Role Based Security

4,290 views

Published on

An introduction to implementing role based security using the Asp.Net membership provider

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
4,290
On SlideShare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
45
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide
  • updated 6/10/2010 to add SQL Server membership provider ddl wizard screenshots
  • Implementing ASP.NET Role Based Security

    1. 1. FortWayne .Net User Group – First presented on January 8, 2008 DeanWillson Systemental, Inc.
    2. 2. About Me  Work for Systemental, Inc as a Consultant and Software Developer  Software development to support Corporate business process improvement since 2000 (Mostly to support Lean or Continuous Improvement Initiatives)  .Net since 2004  Mfg. Eng. Technology degrees from Ball State University  Certified Six Sigma Black Belt
    3. 3. Scope of presentation  Conceptual review  Provider Model  Tools (development and maintenance)  Code examples  Login Controls – Declarative Control Templates  Install/Config, Aspnetdb  Web.config settings  Code-behind User.IsInRole  Miscellaneous  Global.asax populate IPrincipal
    4. 4. .Net Security Providers  Prebuilt Membership and Role Providers for managing security (and personalization). Built-in providers:  SQL Server  SQL Express (used during presentation)  Active Directory  Provider based so you can create your own Custom providers (MySQL, XML, Custom)
    5. 5. Tools – Development & Maintenance  Development  Login Controls  CreateUserWizard  Login, LoginView, LoginStatus, LoginName  PasswordRecovery, ChangePassword  Maintenance  WSAT – Web Site Administration Tool (Visual Studio: Website  ASP.Net Configuration)  Roll-Your-Own admin  Peter Kellner’s Membership Editor
    6. 6. Code Samples  NUFWStarting website  Initial project with Gridviews for two different roles HR and Sales (in separate Panels)  Objective is to add login and role based security functionality for the two roles  NUFWFinished website  After adding login and role based security (added during presentation  NUFWAdv website  Showed how to install the aspnetdb Membership database to another existing database (AdventureWorks) then use it. More like a production deployment scenario. Note changes to connection string.  Shows use of global.asax to populate Roles into GenericPrincipal from an XML file while using the Membership db for the User Authentication
    7. 7. Web.config settings – con strings Application App_Data/aspnetdb.mdf (from the machine.config): <connectionStrings> <add name="LocalSqlServer" connectionString="data source=.SQLEXPRESS;Integrated Security=SSPI;AttachDBFilename=| DataDirectory|aspnetdb.mdf;User Instance=true" providerName="System.Data.SqlClient" /> </connectionStrings> If using SQL Server (full version or custom db/connection): <connectionStrings> <remove name="LocalSqlServer" /> <add name="LocalSqlServer" connectionString="Data Source=(local);Initial Catalog=aspnetdb;User ID=USER;Password=PASS" providerName="System.Data.SqlClient" /> </connectionStrings>
    8. 8. Web.config –Authentication, Authorization <roleManager enabled="true" cookieTimeout="5000000" createPersistentCookie="true" /> (from machine.config): <roleManager> <providers> <add name="AspNetSqlRoleProvider“ connectionStringName="LocalSqlServer" applicationName="/" type="System.Web.Security.SqlRoleProvider, ..." /> </providers> </roleManager> <authentication mode="Forms"> <forms loginUrl="Login.aspx" defaultUrl="Default.aspx"></forms> </authentication>
    9. 9. Web.config – restrict access <system.web> <authorization> <allow roles="Admin"/> <deny users="*,?"/> </authorization> </system.web>
    10. 10. Custom Install Membership Database aspnetdb  Separate Membership database to be used by entire server  Add Membership to an existing database  C:WINDOWSMicrosoft.NETFrameworkv2.0.5 0727aspnet_regsql.exe
    11. 11. Wizard – add membership DDL  C:WINDOWSMicrosoft.NETFramework v2.0.50727aspnet_regsql.exe –W
    12. 12. Next
    13. 13. Pick authentication method
    14. 14. Almost there
    15. 15. Done
    16. 16. Before and After the Wizard
    17. 17. Launch WSAT
    18. 18. WSAT – Web Site Admin Tool
    19. 19. Select Authentication type
    20. 20. Users, Roles, Access Rules
    21. 21. References  ASP.NET 2.0 Anthology Sitepoint 2007  ASP.Net 2.0 Membership, Roles, Forms Authentication, and Security Resources by Scott Guthrie http://weblogs.asp.net/scottgu/archive/2006/02/24/ASP.NET-2.0- Membership_2C00_-Roles_2C00_-Forms-Authentication_2C00_- and-Security-Resources-.aspx  Peter Kellner’s Membership Editor  http://msdn2.microsoft.com/en-us/library/aa478958.aspx  Introducing Microsoft Visual Basic 2005 For Developers Microsoft Press 2005  http://www.odetocode.com/Articles/428.aspx  Security for Microsoft Visual Basic .Net Microsoft Press 2003
    22. 22. Thank you!  Websites  http://www.systemental.com  http://www.LeanProjectManager.com  Blog  http://dean-o.blogspot.com/  http://practicalhoshin.blogspot.com  Twitter  @deanwillson  Email  dean@systemental.com
    23. 23. AD Provider <connectionStrings> <add name="ADConnectionString" connectionString="LDAP://testdomain.test.com/CN=Users,DC=testdo main,DC=test,DC=com" /> </connectionStrings> <authorization> <membership defaultProvider="MyADMembershipProvider"> <providers> <add name="MyADMembershipProvider" type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" connectionStringName="ADConnectionString" connectionUsername="testdomainadministrator" connectionPassword="password"/> </providers> </membership> </authorization>
    24. 24. Finished

    ×