Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime. membership anduserroles_ppt


Published on

This PPT explains in brief about Asp.Net Membership and Role Providers

Published in: Technology
  • Be the first to comment membership anduserroles_ppt

  1. 1. ASP.NETMembership and User Roles
  2. 2. Topics Introduction  Why Security is important?  Different ways to secure our Application What is Authentication and Authorization? What are Providers in Asp.Net? What is MembershipProvider in Asp.Net? Overview of Asp.Net Membership System How to configure MembershipProvider in Web.config file? What is Role Management and Role Providers? How to configure Role Providers in Asp.Net?
  3. 3. Introduction – Why Security is Important?1. Security is one of the most important part of any Website or a Web Application.2. Hackers are waiting out there for us and use various ways to exploit a website / web-application.3. Hacker can attack in many ways.  Brute Force  Sniffers  Spoofing  Social Engineering  SQL Injection
  4. 4. Introduction - Different Ways to Secure our Application  Design your Application well.  Encrypting the Data while storing.  Input Validation.  Forcing Users for Strong Passwords.  Authentication and Authorization.
  5. 5. What is Authentication? “Authentication” means to “Check someone’s genuineness” In ASP.NET – Authentication means the same. It is a process where you check a person’s credentials. Example – Facebook, Yahoo, Gmail. What is Authorization? Providing access to resource based on User’s role. Authentication always preceeds Authorization
  6. 6. What is a Provider in Asp.Net? ProviderBase Class is an “Abstract Class” which follows the “Provider Model”. This class is very simple and contains very few methods which is inherited from the “Object” Class. This class is a part of the “System.Configuration.Provider” namespace The ProviderBase Class implementation is a 2 step process.  First implemented by “Feature–specific Providers” (Membership / Role / Profile Providers)  Feature-specific Provider is implemented by “Implementation-specific Providers” (SqlMembership Provider) ProviderBase Class Implementation ProviderBase Membership / Role SQLMembership Class Provider Classes Provider Class
  7. 7. What is MembershipProvider in Asp.Net? MembershipProvider is an Abstract class, which provides an abstraction over the data source. Membership Provider is configured in the Configuration file. Can be bound to multiple data sources. provides 2 membership providers to store data :-  Microsoft SQL Server – (AspNetSqlMembershipProvider)  Windows Active Directory Asp.Net provides us to configure our own Custom Membership Provider. (Oracle Data Source, Other data source) This class inherits from the abstract “ProviderBase” class and contains various methods and properties to “Create, Delete, Update, Validate – Users”, “Get User information”, “Change Password”
  8. 8. Image taken from -
  9. 9. Overview of Membership System Other Login Controls :- Login Login View Login Status ControlsMembership Membership Class Membership User Class API :-Providers :- Membership Provider Provider Base ClassMembership SQLMembership Provider Other Membership ProviderProviders :- Data Source :- SQL ORACLE SERVER
  10. 10. How to use Membership System? Sample Demo
  11. 11. Why do we need Membership System? Membership System is configurable and easy to use. Provides various classes, methods, properties to deal with users information easily. Asp.Net provides built in Login Server Controls which encapsulates most of the Membership functionality and helps write less code. Can be integrated with Forms Authentication. Provides a feature to store useful information like passwords, etc in hashed format within the database. No need to create tables and write stored procedures for maintaining the data.
  13. 13. What is Role Management and Role Providers? Process of managing authorization of Users is called “Role Management”. Helps to synch users into a group, by assigning them Roles. A process to decide which page or any other resource can be accessed by which User. API helps the user to know, what is the role of the User or who the User is?Role Provider – Yet another abstract class which inherits the “ProviderBase” class. Provides various functions to “Create”, “Delete” roles. Check a specific role of a user. Can create custom role providers based upon our application requirements.
  14. 14.  Asp.Net provides 3 different Role Providers  SQLRoleProvider  WindowsTokenRoleProvider  AuthorizationStoreRoleProvider
  15. 15. How to configure Role Providers in Asp.Net? Sample Code
  16. 16. THANK YOU!!!