NES Preliminary Findings - Dallas Asp.net User Group

Download Report

Transcript NES Preliminary Findings - Dallas Asp.net User Group 

Membership in
ASP.Net...if only
Presented by:
Patrick Hynds
President, CriticalSites
Microsoft Regional Director
Agenda
• Membership
• Provider Model
• Custom Providers
– SOA based membership example
– Making a custom provider do what the
standard ones won’t (Demo)
Membership Service
• Membership API
• Included Membership providers
– SQL Server (and SQL Express)
– Active Directory (Windows)
– Access (kind of…)
• Installs as a Visual Studio 2005 VSI template
• Custom Membership providers
– Oracle
– MySQL
– SQLLite3
– Others + whatever you write yourself…
Membership Service
• Service for managing users and credentials
– Declarative access via Web Site Admin Tool
– Programmatic access via Membership and
MembershipUser classes
• Membership class provides base services
• MembershipUser class represents users
and provides additional services
• Provider-based for flexible data storage
Membership Service (cont.)
• Vastly simplifies forms authentication
– Provides logic for validating user names and
passwords, creating accounts, and more
– Provides data store for storing credentials, email addresses, and other membership data
Membership Schema
Controls
Login
LoginStatus
LoginView
Other
Membership API
Membership
MembershipUser
Membership Providers
SqlMembershipProvider
ActiveDirectoryMembershipProvider
Membership
Data
SQL Server
Active
Directory
Other
Providers
Other
Data Stores
LoginView
<asp:LoginView ID="LoginView1" Runat="server">
<AnonymousTemplate>
<!-- Content seen by unauthenticated users -->
</AnonymousTemplate>
<LoggedInTemplate>
<!-- Content seen by authenticated users -->
</LoggedInTemplate>
<RoleGroups>
<asp:RoleGroup Roles="Administrators">
<ContentTemplate>
<!-- Content seen by administrators -->
</ContentTemplate>
</asp:RoleGroup>
...
</RoleGroups>
</asp:LoginView>
The Membership Class
• Provides static methods for performing key
membership tasks
– Creating and deleting users
– Retrieving information about users
– Generating random passwords
– Validating logins
• Also includes read-only static properties for
acquiring data about provider settings
The MembershipUser Class
• Represents individual users registered in
the membership data store
• Includes numerous properties for getting
and setting user info
• Includes methods for retrieving, changing,
and resetting passwords
• Returned by Membership methods such as
GetUser and CreateUser
Configuring the SQL
Membership Provider
Provider Model
• Enable new functionality in a transparent fashion
• Enable extensibility for
– Web services
– Browser based “Atlas” clients
– Smart clients
• Application services as pluggable building blocks
• Decoupled via configuration
• Use structural classes for your own features
Provider Model
Feature Lifecycle
Static
feature
class
Feature
config.
Provider
instances
Provider Configuration
• Membership providers support a number of
configuration settings
– How should passwords be stored (cleartext,
hashed, encrypted)?
– Should password recovery be enabled?
– Must each user have a unique e-mail address?
• Exposed as properties of provider class
• Initialized from CONFIG files
Provider Model
Feature Configuration
public class QuotationsConfiguration :
ConfigurationSection
{
[ConfigurationProperty("providers")]
public ProviderSettingsCollection Providers
{
get;
}
[ConfigurationProperty("defaultProvider",
DefaultValue = "StaticQuotationProvider")]
public string DefaultProvider
{
get;
set;
}
}
When to Build a Provider
• Physical 3-tier deployments
– May not allow web server to connect directly to
SQL Server
• Schema isn’t working for you
• Your data isn’t in a supported format or
repository
• You need that killer feature that isn’t
provided by existing providers
Projecting Membership
Design Issues
• Authenticating to the web service
– Not all methods should be public
• Serialization of MembershipUser
– Read-only properties don’t serialize
• WebMethod parameter constraints
– Collection types and [out] parameters
• Selecting from multiple providers
– Choosing a non-default provider
Projecting Membership
3-Tier Flow
Web server
Application
code
Webservice
provider
Webservice server
.asmx
Membership
wrapper
SQL provider
Projecting Membership
Authenticated Flow
Webservice server
Internet client
“login”
Application
Returns forms ticket
.asmx
Formsuth
wrapper
.asmx
Membership
wrapper
SQL provider
Validate
ticket and
roles
Creating a Custom
Membership Provider
Summary
• Rewrite or enhance features
• Project current features onto other
platforms via web services or other
methods
• Use the provider infrastructure for your own
features
• Don’t screw it up, you can always make life
worse – especially in security
Resources
Custom Membership Providers
• Oracle Provider
– Supports Membership, Roles and Personalization
– Included in the PetShop sample
– http://msdn.microsoft.com/library/default.asp?
url=/library/en-us/dnbda/html/bdasamppet4.asp
• Access Database Provider
– Supports Membership, Roles and Personalization
– Installs as a Visual Studio 2005 VSI template
– http://msdn.microsoft.com/vstudio/eula.aspx?id=96713
a8e-b8d4-4d6e-bb8f-027e6c8e15d8
Resources
Custom Membership Providers (cont.)
• MySQL Provider
– Support for ASP.NET Membership and Roles
– http://www.codeproject.com/aspnet/
MySQLMembershipProvider.asp
• SQLLite3
– Supports Membership and Roles
– http://www.eggheadcafe.com/articles/
20051119.asp