WordPress Websites for Engineers: Elevate Your Brand
Implementing ASP.NET Role Based Security
1. FortWayne .Net User Group – First presented on January 8, 2008
DeanWillson
Systemental, Inc.
2. About Me
Work for Systemental, Inc as a Consultant
and Software Developer
Software development to support Corporate
business process improvement since 2000
(Mostly to support Lean or Continuous
Improvement Initiatives)
.Net since 2004
Mfg. Eng. Technology degrees from Ball
State University
Certified Six Sigma Black Belt
3. Scope of presentation
Conceptual review
Provider Model
Tools (development and maintenance)
Code examples
Login Controls – Declarative Control Templates
Install/Config, Aspnetdb
Web.config settings
Code-behind User.IsInRole
Miscellaneous
Global.asax populate IPrincipal
4. .Net Security Providers
Prebuilt Membership and Role Providers for
managing security (and personalization).
Built-in providers:
SQL Server
SQL Express (used during presentation)
Active Directory
Provider based so you can create your own
Custom providers (MySQL, XML, Custom)
5. Tools – Development & Maintenance
Development
Login Controls
CreateUserWizard
Login, LoginView, LoginStatus, LoginName
PasswordRecovery, ChangePassword
Maintenance
WSAT – Web Site Administration Tool (Visual
Studio: Website ASP.Net Configuration)
Roll-Your-Own admin
Peter Kellner’s Membership Editor
6. Code Samples
NUFWStarting website
Initial project with Gridviews for two different roles HR and Sales (in
separate Panels)
Objective is to add login and role based security functionality for the two
roles
NUFWFinished website
After adding login and role based security (added during presentation
NUFWAdv website
Showed how to install the aspnetdb Membership database to another
existing database (AdventureWorks) then use it. More like a production
deployment scenario. Note changes to connection string.
Shows use of global.asax to populate Roles into GenericPrincipal from
an XML file while using the Membership db for the User Authentication
7. Web.config settings – con strings
Application App_Data/aspnetdb.mdf (from the machine.config):
<connectionStrings>
<add name="LocalSqlServer" connectionString="data
source=.SQLEXPRESS;Integrated Security=SSPI;AttachDBFilename=|
DataDirectory|aspnetdb.mdf;User Instance=true"
providerName="System.Data.SqlClient" />
</connectionStrings>
If using SQL Server (full version or custom db/connection):
<connectionStrings>
<remove name="LocalSqlServer" />
<add name="LocalSqlServer" connectionString="Data Source=(local);Initial
Catalog=aspnetdb;User ID=USER;Password=PASS"
providerName="System.Data.SqlClient" />
</connectionStrings>
10. Custom Install Membership Database
aspnetdb
Separate Membership database to be used by
entire server
Add Membership to an existing database
C:WINDOWSMicrosoft.NETFrameworkv2.0.5
0727aspnet_regsql.exe
21. References
ASP.NET 2.0 Anthology Sitepoint 2007
ASP.Net 2.0 Membership, Roles, Forms Authentication, and
Security Resources by Scott Guthrie
http://weblogs.asp.net/scottgu/archive/2006/02/24/ASP.NET-2.0-
Membership_2C00_-Roles_2C00_-Forms-Authentication_2C00_-
and-Security-Resources-.aspx
Peter Kellner’s Membership Editor
http://msdn2.microsoft.com/en-us/library/aa478958.aspx
Introducing Microsoft Visual Basic 2005 For Developers Microsoft
Press 2005
http://www.odetocode.com/Articles/428.aspx
Security for Microsoft Visual Basic .Net Microsoft Press 2003