Security in ASP.NET 2.0


Overview

In December 2004, Microsoft made available its ASP.NET v1.1 Membership Management Component Prototype. This was distributed as an SDK which, when used by a developer in a project, was referenced as an assembly named MemberRole.dll. Microsoft defines it as "a collection of classes and sample scripts that allows a developer to more easily authenticate users, authorize users, and store per-user property data in a user profile." MemberRole.dll was simply a backport of a series of classes, from the then ASP.NET 2.0 Beta 2 framework, compiled under the 1.1 framework. This backported version conforms to the same API as is found in ASP.NET 2.0.

Just before releasing the SDK, Microsoft informed the DotNetNuke Core Team of its intentions with this backport. The Core Team discussed the pros and cons of taking advantage of the backport and, after much debate, decided to implement it at that time, using the backport, rather than waiting eleven months to prepare for a future upgrade of DotNetNuke to the ASP.NET 2.0 framework. When it was time to upgrade to the ASP.NET 2.0 framework with DotNetNuke's 4.0 release, the upgrade task was less complicated because of this decision. The majority of the changes required replacing the DLL reference with a reference to the new classes within the 2.0 framework.

Other factors that weighed in this decision included what MemberRole.dll offered in addition to the easier migration path. In adapting MemberRole.dll, DotNetNuke was also preparing itself for exposure to the hosting market through Microsoft's Shared Hosting Initiative. This initiative not only placed DotNetNuke in front of a new audience, but also helped DotNetNuke form a solid relationship with Microsoft. That relationship allows DotNetNuke to work closely with Microsoft and reap additional benefits, such as the special license for MemberRole.dll usage that extends the length this DLL can remain in production use. For example, the typical MemberRole.dll license was only permitted for production usage for a period of 90 days after the release of the ASP.NET 2.0 framework. The MemberRole.dll included in framework version 1.1 DotNetNuke releases does not contain this restriction.

For developers, it's important to understand that the MemberRole.dll referenced in the DotNetNuke 3.x versions, which use the ASP.NET 1.1 framework, is now part of the ASP.NET 2.0 framework. In DotNetNuke 4.x versions, which use the ASP.NET 2.0 framework, it is referenced from the System .Web.Security namespace.

Before discussing the details of how DotNetNuke uses Member Role, it is first essential that you understand how security works in ASP.NET 2.0.




Professional DotNetNuke 4.0 (c) Open Source Web Application Framework for ASP. NET 4.0
Professional DotNetNuke 4: Open Source Web Application Framework for ASP.NET 2.0 (Programmer to Programmer)
ISBN: 0471788163
EAN: 2147483647
Year: 2006
Pages: 182

Similar book on Amazon

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net