Role Management in .net

Vinay Dhareshwar

Introduction Membership Service Login Controls Role Management Service

Agenda

2

Most business applications require role-based security.

Role management lets you create groups of users as a unit

Roles give flexibility to change permissions and add and remove users.

Each Web page in the Web application can be assigned a security level

As you define more access rules for your application, roles become a more convenient way to apply the changes to groups of users.

Role Based Security

3

Manages users and credentials Simplifies forms authentication Provider-based for flexible data storage

Membership Service

4

Membership Schema

Membership API

MembershipData

ControlsLoginLogin LoginStatusLoginStatus LoginViewLoginView

Other MembershipProviders

Other MembershipProviders

Membership Providers

MembershipMembership MembershipUserMembershipUser

SqlMembershipProviderSqlMembershipProvider

OtherControlsOther

Controls

SQL ServerOther

Data StoresSQL Server

Express

5

Key Membership Methods

Creating New Userstry { Membership.CreateUser ("Jeff", "imbatman!", "jeff@microsoft.com");}catch (MembershipCreateUserException e) { // Find out why CreateUser failed switch (e.StatusCode) {

case MembershipCreateStatus.DuplicateUsername: ... case MembershipCreateStatus.DuplicateEmail: ... case MembershipCreateStatus.InvalidPassword: ... default: ... }}

7

Represents individual users registered in the membership data store

Returned by Membership methods such as GetUser and CreateUser

The MembershipUser Class

8

Key MembershipUser Methods

Configuring the Membership Service

<membership defaultProvider="AspNetSqlMembershipProvider" userIsOnlineTimeWindow = "00:15:00" hashAlgorithmType = "[SHA1|MD5]"> <providers> ... </providers></membership>

10

Login Controls

Using the Login Control

<html> <body> <form runat="server"> <asp:Login RunAt="server" /> </form> </body></html>

12

Displays content differently to different users depending on:◦ Whether user is authenticated◦ If user is authenticated, the role memberships he

or she is assigned Template-driven

◦ <AnonymousTemplate>◦ <LoggedInTemplate>◦ <RoleGroups> and <ContentTemplate>

The LoginView Control

13

Using LoginView

<asp:LoginView ID="LoginView1" Runat="server"> <AnonymousTemplate> <!-- Content seen by unauthenticated users --> </AnonymousTemplate> <LoggedInTemplate> <!-- Content seen by authenticated users --> </LoggedInTemplate> <RoleGroups> <asp:RoleGroup Roles="Administrators"> <ContentTemplate> <!-- Content seen by authenticated users who are administrators --> </ContentTemplate> </asp:RoleGroup> ... </RoleGroups></asp:LoginView>

14

Role-based security in a box Simplifies adding role-based security to sites

that employ forms authentication Provider-based for flexible data storage

Role Management Service

15

Role Management Schema

Roles API

Roles Data

SQL ServerOther

Data Stores

ControlsLoginLogin LoginStatusLoginStatus LoginViewLoginView

Other Role ProvidersOther Role Providers

Role Providers

RolesRoles

SqlRoleProviderSqlRoleProvider

SQL ServerExpress

OtherControlsOther

Controls

16

Provides static methods for performing key role management tasks

Includes read-only static properties for acquiring data about provider settings

The Roles Class

17

Key Roles Methods

Creating a New Role

if (!Roles.RoleExists ("Developers")) { Roles.CreateRole ("Developers");}

Adding a User to a Role

string name = Membership.GetUser ().Username; // Get current userRoles.AddUserToRole (name, "Developers"); // Add current user to role

19

Configuring the Role Manager

<roleManager enabled="[true|false]" defaultProvider="AspNetSqlRoleProvider" createPersistentCookie="[true|false]" cacheRolesInCookie="[true|false]" cookieName=".ASPXROLES" cookieTimeout="00:30:00" cookiePath="/" cookieRequireSSL="[true|false]" cookieSlidingExpiration="[true|true]" cookieProtection="[None|Validation|Encryption|All]" domain="" maxCachedResults="25"> <providers> ... </providers></roleManager>

20

Role management is provider-based Ships with three role providers:

◦ AuthorizationStoreRoleProvider (Authorization Manager, or "AzMan")

◦ SqlRoleProvider (SQL Server)◦ WindowsTokenRoleProvider (Windows)

Use custom providers for other data stores

Role Management Providers

21

Configuring SqlRoleProvider

<roleManager defaultProvider="AspNetSqlRoleProvider" ...> <providers> <add applicationName="/" connectionStringName="LocalSqlServer" name="AspNetSqlRoleProvider" type="System.Web.Security.SqlRoleProvider, System.Web, ..." /> </providers></roleManager>

22

Role Management

23

http://www.c-sharpcorner.com/UploadFile/praveenalwar/PraveenAlwar07202006064726AM/PraveenAlwar.aspx

http://msdn.microsoft.com/en-us/library/5k850zwb.aspx

http://oudinia.blogspot.com/2007/11/aspnet-20-security-role-management.html

http://www.codedigest.com/Articles/ASPNET/78_LoginView_Controls_with_Roles_in_ASPNet_20.aspx

http://msdn.microsoft.com/en-us/library/aa478958.aspx

http://download.microsoftvirtuallabs.com/download/8/a/7/8a71365b-4c80-4e60-8185-8f12f59bf1d4/ASP.NET2.0MembershipLoginControlsandRoleManagement.pdf

References

24