Building Secure Applications utilizing Membership and Role Management with Visual Studio 2005 and ASP 2.0

0
0
2855 days ago, 1183 views
PowerPoint PPT Presentation

Presentation Transcript

Slide 1

Building Secure Applications utilizing Membership and Role Management with Visual Studio 2005 and ASP.NET 2.0

Slide 2

Agenda

Slide 3

Membership Service

Slide 4

Membership Schema Controls Login LoginStatus LoginView Other Login Controls Membership API Membership MembershipUser Membership Providers SqlMembershipProvider Other Membership Providers Membership Data SQL Server Other Data Stores

Slide 5

The Membership Class

Slide 6

Key Membership Methods Name Description CreateUser Adds a client to the enrollment information store DeleteUser Removes a client from the participation information store GeneratePassword Generates an irregular secret key of a predetermined length GetAllUsers Retrieves a gathering of MembershipUser articles speaking to all as of now enlisted clients GetUser Retrieves a MembershipUser protest speaking to a client UpdateUser Updates data for a predefined client ValidateUser Validates logins in light of client names and passwords

Slide 7

Creating New Users attempt { Membership.CreateUser ("Jeff", "imbatman", "jeff@microsoft.com"); } get (MembershipCreateUserException e) {/Find out why CreateUser fizzled switch (e.StatusCode) { case MembershipCreateStatus.DuplicateUsername: ... case MembershipCreateStatus.DuplicateEmail: ... case MembershipCreateStatus.InvalidPassword: ... default: ... }

Slide 8

Validating Logins if (Membership.ValidateUser (UserName.Text, Password.Text)) FormsAuthentication.RedirectFromLoginPage (UserName.Text, RememberMe.Checked);

Slide 9

The MembershipUser Class

Slide 10

Key MembershipUser Properties Name Description Comment Storage for client characterized information CreationDate Date client was added to the participation information store Email User's email address LastLoginDate Date client last signed in effectively LastPasswordChangedDate Date client's watchword was last changed UserId Unique client ID produced by enrollment supplier UserName User's enlisted client name

Slide 11

Key MembershipUser Methods Name Description ChangePassword Changes client's secret word ChangePassword-QuestionAndAnswer Changes question and answer utilized for secret word recuperation GetPassword* Retrieves a watchword ResetPassword Resets a secret key by setting it to another irregular watchword

Slide 12

Suspending Login Privileges if (Membership.ValidateUser (UserName.Text, Password.Text)) { MembershipUser client = Membership.GetUser (UserName.Text); user.Comment = "0";/Reset the tally of fizzled login endeavors RedirectFromLoginPage (UserName.Text, RememberMe.Checked); } else { MembershipUser client = Membership.GetUser (UserName.Text); if (client != invalid) {/Get a number of back to back fizzled login endeavors string tally = Convert.ToInt32 (user.Comment) + 1;/If the check approaches or surpasses 5, suspend login benefits if (tally >= 5) user.IsApproved = false;/Update the tally of successive fizzled login endeavors user.Comment = count.ToString (); }

Slide 13

Membership Providers

Slide 14

Provider Configuration

Slide 15

Changing Provider Settings <membership> <providers> <remove name="AspNetSqlProvider"/> <add name="AspNetSqlProvider" type="System.Web.Security.SqlMembershipProvider, System.Web, ..." connectionStringName="RemoteSqlServer" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" applicationName="/" requiresUniqueEmail="false" passwordFormat="Hashed" description="Stores and recovers enrollment information ..."/> </providers> </membership>

Slide 16

Membership

Slide 17

Login Controls Control Description ChangePassword UI for changing passwords CreateUserWizard UI for making new client accounts Login UI for entering and approving client names and passwords LoginName Displays verified client names LoginStatus UI for signing in and logging out LoginView Displays diverse perspectives in light of login status and parts PasswordRecovery UI for recouping overlooked passwords

Slide 18

The Login Control

Slide 19

Using the Login Control <html> <body> <form runat="server"> <asp:Login RunAt="server"/> </form> </body> </html>

Slide 20

Customizing the Login Control <asp:Login ID="LoginControl" RunAt="server" CreateUserText="Create new account" CreateUserUrl="CreateUser.aspx" DisplayRememberMe="false" PasswordRecoveryText="Forgotten your password?" PasswordRecoveryUrl="RecoverPassword.aspx" SubmitButtonText="Do It!" TitleText="Please Log In"/>

Slide 21

Login Control Events Name Description Authenticate Fired when the client taps the Log In catch. Reason: to verify the client by approving his or her login accreditations LoggedIn Fired after a fruitful login LoggingIn Fired when the client taps the Log In catch. Reason: to prevalidate login qualifications (e.g., ensure email address is all around framed) LoginError Fired when an endeavored login falls flat

Slide 22

Validating Credential Formats <asp:Login ID="LoginControl" RunAt="server" OnLoggingIn="OnValidateCredentials" ... /> . . . <script language="C#" runat="server"> void OnValidateCredentials (Object sender, CancelEventArgs e) { if (!Regex.IsMatch (LoginControl.UserName, "[a-zA-Z0-9]{6,}") || !Regex.IsMatch (LoginControl.Password, "[a-zA-Z0-9]{8,}")) { LoginControl.InstructionText = "User names and passwords " + "must contain letters and numbers just and must be at " + "least 6 and 8 characters in length, respectively"; e.Cancel = genuine; } </script>

Slide 23

Layout Templates <asp:Login RunAt="server"> <LayoutTemplate> ... </LayoutTemplate> </asp:Login>

Slide 24

Login Controls

Slide 25

Role Management Service

Slide 26

Role Management Schema Controls Login LoginStatus LoginView Other Login Controls Roles API Roles Role Providers SqlRoleProvider Other Role Providers Roles Data SQL Server Other Data Stores

Slide 27

The Roles Class

Slide 28

Key Roles Methods Name Description AddUserToRole Adds a client to a part CreateRole Creates another part DeleteRole Deletes a current part GetRolesForUser Gets a gathering of parts to which a client has a place GetUsersInRole Gets an accumulation of clients having a place with a predetermined part IsUserInRole Indicates whether a client has a place with a predefined part RemoveUserFromRole Removes a client from the predefined part

Slide 29

Creating a New Role if (!Roles.RoleExists ("Developers")) { Roles.CreateRole ("Developers"); }

Slide 30

Adding a User to a Role string name = Membership.GetUser ().Username; Roles.AddUserToRole (name, "Developers");

Slide 31

Enabling the Role Manager <configuration> <system.web> <roleManager enabled="true"/> </system.web> </configuration>

Slide 32

Role Caching

Slide 33

Enabling Role Caching <configuration> <system.web> <roleManager enabled="true" cacheRolesInCookie="true"/> <!- - Other roleManager properties (and their defaults) include: cookieName=".ASPXROLES"/Cookie name cookieTimeout="30"/Cookie lifetime cookiePath="/"/Cookie way cookieRequireSSL="false"/Restrict treat to SSL? cookieSlidingExpiration="true"/Renew terminating treats? createPersistentCookie="false"/Issue industrious treat? cookieProtection="All"/>/Cookie assurance level - > </system.web> </configuration>

Slide 34

Role Management Providers

Slide 35

Role Management

SPONSORS