Implementing ASP.NET Role Based Security
•Descargar como PPT, PDF•
1 recomendación•1,585 vistas
An introduction to implementing role based security using the Asp.Net membership provider
Recomendados
Más contenido relacionado
La actualidad más candente
La actualidad más candente (20)
Destacado
Destacado (15)
Similar a Implementing ASP.NET Role Based Security
Similar a Implementing ASP.NET Role Based Security (20)
Más de Dean Willson
Más de Dean Willson (12)
Último
Último (20)
Implementing ASP.NET Role Based Security
- 1. FortWayne .Net User Group – First presented on January 8, 2008 DeanWillson Systemental, Inc.
- 2. About Me Work for Systemental, Inc as a Consultant and Software Developer Software development to support Corporate business process improvement since 2000 (Mostly to support Lean or Continuous Improvement Initiatives) .Net since 2004 Mfg. Eng. Technology degrees from Ball State University Certified Six Sigma Black Belt
- 3. Scope of presentation Conceptual review Provider Model Tools (development and maintenance) Code examples Login Controls – Declarative Control Templates Install/Config, Aspnetdb Web.config settings Code-behind User.IsInRole Miscellaneous Global.asax populate IPrincipal
- 4. .Net Security Providers Prebuilt Membership and Role Providers for managing security (and personalization). Built-in providers: SQL Server SQL Express (used during presentation) Active Directory Provider based so you can create your own Custom providers (MySQL, XML, Custom)
- 5. Tools – Development & Maintenance Development Login Controls CreateUserWizard Login, LoginView, LoginStatus, LoginName PasswordRecovery, ChangePassword Maintenance WSAT – Web Site Administration Tool (Visual Studio: Website ASP.Net Configuration) Roll-Your-Own admin Peter Kellner’s Membership Editor
- 6. Code Samples NUFWStarting website Initial project with Gridviews for two different roles HR and Sales (in separate Panels) Objective is to add login and role based security functionality for the two roles NUFWFinished website After adding login and role based security (added during presentation NUFWAdv website Showed how to install the aspnetdb Membership database to another existing database (AdventureWorks) then use it. More like a production deployment scenario. Note changes to connection string. Shows use of global.asax to populate Roles into GenericPrincipal from an XML file while using the Membership db for the User Authentication
- 7. Web.config settings – con strings Application App_Data/aspnetdb.mdf (from the machine.config): <connectionStrings> <add name="LocalSqlServer" connectionString="data source=.SQLEXPRESS;Integrated Security=SSPI;AttachDBFilename=| DataDirectory|aspnetdb.mdf;User Instance=true" providerName="System.Data.SqlClient" /> </connectionStrings> If using SQL Server (full version or custom db/connection): <connectionStrings> <remove name="LocalSqlServer" /> <add name="LocalSqlServer" connectionString="Data Source=(local);Initial Catalog=aspnetdb;User ID=USER;Password=PASS" providerName="System.Data.SqlClient" /> </connectionStrings>
- 8. Web.config –Authentication, Authorization <roleManager enabled="true" cookieTimeout="5000000" createPersistentCookie="true" /> (from machine.config): <roleManager> <providers> <add name="AspNetSqlRoleProvider“ connectionStringName="LocalSqlServer" applicationName="/" type="System.Web.Security.SqlRoleProvider, ..." /> </providers> </roleManager> <authentication mode="Forms"> <forms loginUrl="Login.aspx" defaultUrl="Default.aspx"></forms> </authentication>
- 9. Web.config – restrict access <system.web> <authorization> <allow roles="Admin"/> <deny users="*,?"/> </authorization> </system.web>
- 10. Custom Install Membership Database aspnetdb Separate Membership database to be used by entire server Add Membership to an existing database C:WINDOWSMicrosoft.NETFrameworkv2.0.5 0727aspnet_regsql.exe
- 11. Wizard – add membership DDL C:WINDOWSMicrosoft.NETFramework v2.0.50727aspnet_regsql.exe –W
- 12. Next
- 14. Almost there
- 15. Done
- 16. Before and After the Wizard
- 17. Launch WSAT
- 18. WSAT – Web Site Admin Tool
- 20. Users, Roles, Access Rules
- 21. References ASP.NET 2.0 Anthology Sitepoint 2007 ASP.Net 2.0 Membership, Roles, Forms Authentication, and Security Resources by Scott Guthrie http://weblogs.asp.net/scottgu/archive/2006/02/24/ASP.NET-2.0- Membership_2C00_-Roles_2C00_-Forms-Authentication_2C00_- and-Security-Resources-.aspx Peter Kellner’s Membership Editor http://msdn2.microsoft.com/en-us/library/aa478958.aspx Introducing Microsoft Visual Basic 2005 For Developers Microsoft Press 2005 http://www.odetocode.com/Articles/428.aspx Security for Microsoft Visual Basic .Net Microsoft Press 2003
- 22. Thank you! Websites http://www.systemental.com http://www.LeanProjectManager.com Blog http://dean-o.blogspot.com/ http://practicalhoshin.blogspot.com Twitter @deanwillson Email dean@systemental.com
- 23. AD Provider <connectionStrings> <add name="ADConnectionString" connectionString="LDAP://testdomain.test.com/CN=Users,DC=testdo main,DC=test,DC=com" /> </connectionStrings> <authorization> <membership defaultProvider="MyADMembershipProvider"> <providers> <add name="MyADMembershipProvider" type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" connectionStringName="ADConnectionString" connectionUsername="testdomainadministrator" connectionPassword="password"/> </providers> </membership> </authorization>
- 24. Finished
Notas del editor
- updated 6/10/2010 to add SQL Server membership provider ddl wizard screenshots