Membership and Role Management


ASP.NET contains a built-in membership and role management system that can be initiated either through code or the ASP.NET Web Site Administration Tool. This is an ideal system for authenticating users to access a page or even your entire site. This management system not only provides a new API suite for managing users, but also provides you with some server controls that interact with this API.

As the first step in setting up your site’s security and the user roles, open the ASP.NET Web Site Administration Tool. You can launch this tool through a button in the Visual Studio 2005 Solution Explorer or by clicking Website image from book ASP.NET Configuration in the Visual Studio menu. When the tool opens in the document window, click the Security tab, shown in Figure 20-26.

image from book
Figure 20-26

Click the link to start the Security Setup Wizard, shown in Figure 20-27.

image from book
Figure 20-27

The wizard first asks whether your application will be available on the public Internet or hosted on an intranet. If you select Internet, then your website will be enabled with Forms Authentication. If you select Intranet, then your site will be configured to work with Windows Integrated Authentication. For our example, select the Internet option.

Working through the wizard, you are also asked whether you are going to work with role management. Enable role management by checking the appropriate check box and add a role titled Manager. After this step, you can actually enter users into the system. Fill out information for each user you want in the system, as shown in Figure 20-28.

image from book
Figure 20-28

The next step is to create the access rules for your site. You can pick specific folders and apply the rules for the folder. In this example, anyone in the Manager role would have access to the site, while anonymous users would be denied access. This is shown in Figure 20-29.

image from book
Figure 20-29

Click the Finish button to exit the wizard. If you refresh the Solution Explorer in Visual Studio, a new datastore (an SQL Server Express Edition .mdf file) appears in the App_Data folder. This is where all of the user and role information is stored. Note that you can configure both of the systems (the membership and role management systems) to work with other datastores besides these SQL Express data files. For example, you can configure these systems to work with a full-blown version of Microsoft’s SQL Server. Notice in the Solution Explorer that if you didn’t already have a web.config file, you have one now. The contents added to the web.config file includes the following:

  <?xml version="1.0" encoding="utf-8"?> <configuration>     <system.web>         <authorization>             <allow roles="Manager" />             <deny users="?" />         </authorization>         <roleManager enabled="true" />         <authentication mode="Forms" />     </system.web> </configuration> 

This shows all the settings that were enabled. The <authorization> section allows for users who are in the role of Manager, and denies all anonymous users (defined with a question mark). The <roleManager> element turns on the role management system, while the <authentication> element turns on forms authentication. Now, let’s utilize these configurations.

Create a login page, as everyone will access any page in this application as an anonymous user first. The login page enables people to enter their credentials in order to be authorized in the Manager role created earlier.

ASP.NET includes a slew of controls that make working with the membership and role management systems easier. On the login page (Login.aspx), place a simple Login server control:

  <asp:Login  runat="server"></asp:Login> 

The nice thing here is that you have to do absolutely nothing to tie this Login control to the .mdf database created earlier through the wizard. Now access another page in the application (other than the Login.aspx page) and start up that page. This example started up Default.aspx (which only contains a simple text statement), but looking at Figure 20-30 you can see from the URL specified in the browser that I was redirected to Login.aspx because I wasn’t yet authenticated.

image from book
Figure 20-30

The Login.aspx page enables me to enter my credentials, which then authorize me in the Manager role. Pressing the Login button causes the browser to redirect me to the appropriate page. I am now authenticated and authorized for the site!




Professional VB 2005 with. NET 3. 0
Professional VB 2005 with .NET 3.0 (Programmer to Programmer)
ISBN: 0470124709
EAN: 2147483647
Year: 2004
Pages: 267

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net