Professional ASP.NET 3.5 in C# and Visual Basic Part 65 ppt

With the code from Listing 12-2 in place, the membership provider now works with Microsoft SQL Server 2005 as shown in this example instead of the Microsoft SQL Server Express Edition fi

Trang 1

<add name="AspNetSql2005MembershipProvider"

type="System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"

connectionStringName="LocalSql2005Server"

enablePasswordRetrieval="false"

enablePasswordReset="true"

requiresQuestionAndAnswer="true"

applicationName="/"

requiresUniqueEmail="false"

passwordFormat="Hashed"

maxInvalidPasswordAttempts="5"

minRequiredPasswordLength="7"

minRequiredNonalphanumericCharacters="1"

passwordAttemptWindow="10"

passwordStrengthRegularExpression="" />

</providers>

</membership>

</system.web>

</configuration>

Figure 12-8

Trang 2

With these changes in place, the SQL Server 2005 instance is now one of the providers available for

use with your applications The name of this provider instance isAspNetSql2005MembershipProvider

You can see that this instance also uses the connection string ofLocalSql2005Server, which was defined

in Listing 12-1

Pay attention to some important attribute declarations from Listing 12-2 The first is that the provider

used by the membership system is defined via thedefaultProviderattribute found in the main

<membership>node Using this attribute, you can specify whether the provider is one of the built-in

providers or whether it is a custom provider that you have built yourself or received from a third party

With the code from Listing 12-2 in place, the membership provider now works with Microsoft SQL Server

2005 (as shown in this example) instead of the Microsoft SQL Server Express Edition files

Next, you look at the providers that come built into the ASP.NET 3.5 install — starting with the

member-ship system providers

Membership Providers

The membership system enables you to easily manage users in your ASP.NET applications As with most

of the systems provided in ASP.NET, it features a series of server controls that interact with a defined

provider to either retrieve or record information to and from the data store defined by the provider

Because a provider exists between the server controls and the data stores where the data is retrieved

and recorded, it is fairly trivial to have the controls work from an entirely different backend You just

change the underlying provider of the overall system (in this case, the membership system) This can be

accomplished by a simple configuration change in the ASP.NET application It really makes no difference

to the server controls

As previously stated, ASP.NET 3.5 provides two membership providers out of the box

❑ System.Web.Security.SqlMembershipProvider:Provides you with the capability to use the

membership system to connect to Microsoft’s SQL Server 2000/2005 as well as with Microsoft

SQL Server Express Edition

❑ System.Web.Security.ActiveDirectoryMembershipProvider:Provides you with the

capabil-ity to use the membership system to connect to Microsoft’s Active Directory

Both of these membership provider classes inherit from theMembershipProviderbase class, as illustrated

in Figure 12-9

Next, you review each of these providers

System.Web.Security.SqlMembershipProvider

The default provider is theSqlMembershipProviderinstance You find this default declaration for every

ASP.NET application that resides on the application server in themachine.configfile This file is found

inC:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CONFIG Listing 12-3 shows the definition of this

provider, which is located in themachine.configfile

Listing 12-3: A SqlMembershipProvider instance declaration

<system.web>

Trang 3

<add name="AspNetSqlMembershipProvider"

type="System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"

connectionStringName="LocalSqlServer"

enablePasswordRetrieval="false" enablePasswordReset="true"

requiresQuestionAndAnswer="true" applicationName="/"

requiresUniqueEmail="false" passwordFormat="Hashed"

maxInvalidPasswordAttempts="5" minRequiredPasswordLength="7"

minRequiredNonalphanumericCharacters="1" passwordAttemptWindow="10"

passwordStrengthRegularExpression=""/>

</providers>

</membership>

</system.web>

</configuration>

Figure 12-9

Trang 4

From this listing, you can see that a single instance of theSqlMembershipProviderobject is defined

in themachine.configfile This single instance is namedAspNetSqlMembershipProvider This is also

where you find the default behavior settings for your membership system By default, this provider

is also configured to work with a SQL Server Express Edition instance rather than a full-blown

ver-sion of SQL Server such as SQL Server 2000, 2005, or 2008 You can see this by looking at the defined

connectionStringNameproperty in the provider declaration from Listing 12-3 In this case, it is set to

LocalSqlServer.LocalSqlServeris also defined in themachine.configfile as shown in Listing 12-4

Listing 12-4: The LocalSqlServer defined instance

<add name="LocalSqlServer"

connectionString="Data Source=.\SQLEXPRESS;Integrated Security=SSPI;

AttachDBFilename=|DataDirectory|aspnetdb.mdf;User Instance=true"

providerName="System.Data.SqlClient" />

</connectionStrings>

</configuration>

You can see this connection string information is set for a local SQL Server Express Edition file (an.mdf

file) Of course, you are not required to work with only these file types for theSqlMembershipProvider

capabilities Instead, you can also set it up to work with either Microsoft’s SQL Server 7.0, 2000, 2005, or

2008 (as was previously shown)

System.Web.Security.ActiveDirectoryMembershipProvider

It is also possible for the membership system provided from ASP.NET 3.5 to connect this system to a

Microsoft Active Directory instance or even Active Directory Application Mode (ADAM), which is a

stand-alone directory product Because the default membership provider is defined in themachine

configfiles at theSqlMembershipProvider, you must override these settings in your application’s

web.configfile

Before creating a defined instance of theActiveDirectoryMembershipProviderin yourweb.configfile,

you have to define the connection string to the Active Directory store This is illustrated in Listing 12-5

Listing 12-5: Defining the connection string to the Active Directory store

<add name="ADConnectionString"

connectionString=

"LDAP://domain.myAdServer.com/CN=Users,DC=domain,DC=testing,DC=com" />

</configuration>

With the connection in place, you can create an instance of theActiveDirecotryMembershipProviderin

yourweb.configfile that associates itself to this connection string This is illustrated in Listing 12-6

Trang 5

Listing 12-6: Defining the ActiveDirectoryMembershipProvider instance

<add name="ADConnectionString"

connectionString=

"LDAP://domain.myAdServer.com/CN=Users,DC=domain,DC=testing,DC=com" />

<system.web>

<membership

defaultProvider="AspNetActiveDirectoryMembershipProvider">

<add name="AspNetActiveDirectoryMembershipProvider"

type="System.Web.Security.ActiveDirectoryMembershipProvider,

System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"

connectionStringName="ADConnectionString"

connectionUserName="UserWithAppropriateRights"

connectionPassword="PasswordForUser"

connectionProtection="Secure"

enablePasswordReset="true"

enableSearchMethods="true"

requiresQuestionAndAnswer="true"

applicationName="/"

description="Default AD connection"

requiresUniqueEmail="false"

clientSearchTimeout="30"

serverSearchTimeout="30"

attributeMapPasswordQuestion="department"

attributeMapPasswordAnswer="division"

attributeMapFailedPasswordAnswerCount="singleIntAttribute"

attributeMapFailedPasswordAnswerTime="singleLargeIntAttribute"

attributeMapFailedPassswordAnswerLockoutTime="singleLargeIntAttribute"

maxInvalidPasswordAttemps = "5"

passwordAttemptWindow = "10"

passwordAnswerAttemptLockoutDuration = "30"

minRequiredPasswordLength="7"

minRequiredNonalphanumericCharacters="1"

passwordStrengthRegularExpression="

@\"(?=.{6,})(?=(.*\d){1,})(?=(.*\W){1,})" />

/>

</providers>

</membership>

</system.web>

</configuration>

Trang 6

Although not all these attributes are required, this list provides you with the available attributes of the

ActiveDirectoryMembershipProvider In fact, you can easily declare the instance in its simplest form,

as shown here:

<add name="AspNetActiveDirectoryMembershipProvider"

type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral,

PublicKeyToken=b03f5f7f11d50a3a"

connectionStringName="ADConnectionString" />

</providers>

</membership>

Again, with either theSqlMembershipProvideror theActiveDirectoryMembershipProviderin place,

the membership system server controls (such as the Login server control) as well as the membership API,

once configured, will record and retrieve their information via the provider you have established That is

the power of the provider model that the ASP.NET team has established You continue to see this power

as you learn about the rest of the providers detailed in this chapter

Role Providers

After a user is logged into the system (possibly using the ASP.NET membership system), the ASP.NET

role management system enables you to work with the role of that user to authorize him for a particular

access to the overall application The role management system in ASP.NET 3.5, as with the other systems,

has a set of providers to store and retrieve role information in an easy manner This, of course, doesn’t

mean that you are bound to one of the three available providers in the role management system Instead,

you can extend one of the established providers or even create your own custom provider

By default, ASP.NET 3.5 offers three providers for the role management system These providers are

defined in the following list:

❑ System.Web.Security.SqlRoleProvider:Provides you with the capability to use the ASP.NET

role management system to connect to Microsoft’s SQL Server 2000/2005/2008 as well as to

Microsoft SQL Server Express Edition

❑ System.Web.Security.WindowsTokenRoleProvider:Provides you with the capability to

con-nect the ASP.NET role management system to the built-in Windows security group system

❑ System.Web.Security.AuthorizationStoreRoleProvider:Provides you with the capability to

connect the ASP.NET role management system to either an XML file, Active Directory, or in an

Active Directory Application Mode (ADAM) store

These three classes for role management inherit from theRoleProviderbase class This is illustrated in

Figure 12-10

System.Web.Security.SqlRoleProvider

The role management system in ASP.NET uses SQL Server Express Edition files by default (just as the

membership system does) The connection to the SQL Server Express file usesSqlRoleProvider, but you

can just as easily configure your SQL Server 7.0, 2000, 2005, or 2008 server to work with the role

Trang 7

Figure 12-10

management system throughSqlRoleProvider The procedure for setting up your full-blown SQL

Server is described in the beginning of this chapter

Looking at theSqlRoleProviderinstance in themachine.config.commentsfile, you will notice the

syntax as defined in Listing 12-7 Themachine.config.commentsfile provides documentation on the

machine.configas well as showing you the details of the default settings that are baked into the ASP

.NET Framework

Listing 12-7: A SqlRoleProvider instance declaration

<system.web>

<roleManager enabled="false" cacheRolesInCookie="false"

cookieName=".ASPXROLES" cookieTimeout="30" cookiePath="/"

cookieRequireSSL="false" cookieSlidingExpiration="true"

cookieProtection="All" defaultProvider="AspNetSqlRoleProvider"

createPersistentCookie="false" maxCachedResults="25">

<add name="AspNetSqlRoleProvider"

connectionStringName="LocalSqlServer" applicationName="/"

type="System.Web.Security.SqlRoleProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />

</providers>

</roleManager>

</system.web>

</configuration>

Trang 8

As stated, this is part of the default<roleManager>declaration that is baked into the overall ASP.NET

Framework (note again that you can change any of these defaults by making a new declaration in your

web.configfile) As you can see, role management is disabled by default through theenabledattribute

found in the<roleManager>node (it is set tofalseby default) Also, pay attention to the

default-Providerattribute in the<roleManager>element In this case, it is set toAspNetSqlRoleProvider This

provider is defined in the same code example To connect to the Microsoft SQL Server 2005 instance that

was defined earlier (in the membership system examples), you can use the syntax shown in Listing 12-8

Listing 12-8: Connecting the role management system to SQL Server 2005

<add name="LocalSql2005Server"

connectionString="Data Source=127.0.0.1;Integrated Security=SSPI" />

<system.web>

<roleManager enabled="true" cacheRolesInCookie="true"

cookieName=".ASPXROLES" cookieTimeout="30" cookiePath="/"

cookieRequireSSL="false" cookieSlidingExpiration="true"

cookieProtection="All" defaultProvider="AspNetSqlRoleProvider"

createPersistentCookie="false" maxCachedResults="25">

<add connectionStringName="LocalSql2005Server" applicationName="/"

name="AspNetSqlRoleProvider"

type="System.Web.Security.SqlRoleProvider, System.Web, Version=2.0.0.0, Culture=neutral,

PublicKeyToken=b03f5f7f11d50a3a" />

</providers>

</roleManager>

</system.web>

</configuration>

With this in place, you can now connect to SQL Server 2005 Next is a review of the second provider

available to the role management system

System.Web.Security.WindowsTokenRoleProvider

The Windows operating system has a role system built into it This Windows security group system is

an ideal system to use when you are working with intranet-based applications where you might have

all users already in defined roles This, of course, works best if you have anonymous authentication

turned off for your ASP.NET application, and you have configured your application to use Windows

Authentication

Windows Authentication for ASP.NET applications is discussed in Chapter 21.

Some limitations exist when usingWindowsTokenRoleProvider This is a read-only provider because

ASP.NET is not allowed to modify the settings applied in the Windows security group system This

means that not all the methods provided via theRoleProviderabstract class are usable when working

Trang 9

with this provider From theWindowsTokenRoleProviderclass, the only methods you have at your

disposal areIsUserInRoleandGetUsersInRole

To configure yourWindowsTokenRoleProviderinstance, you use the syntax defined in Listing 12-9

Listing 12-9: A WindowsTokenRoleProvider instance

<system.web>

<roleManager defaultProvider="WindowsProvider"

enabled="true"

cacheRolesInCookie="false">

<add name="WindowsProvider"

type="System.Web.Security.WindowsTokenRoleProvider" />

</providers>

</roleManager>

</system.web>

</configuration>

Remember that you have to declare the default provider using thedefaultProviderattribute in the

<roleManager>element to change the assigned provider from theSqlRoleProviderassociation

System.Web.Security.AuthorizationStoreRoleProvider

The final role provider you have available to you from a default install of ASP.NET is

Authoriza-tionStoreRoleProvider This role provider class allows you to store roles inside of an Authorization

Manager policy store These types of stores are also referred to as AzMan stores As with

WindowsTo-kenRoleProvider,AuthorizationStoreRoleProvideris a bit limited because it is unable to support any AzMan business rules

To useAuthorizationStoreRoleProvider, you must first make a connection in yourweb.configfile to the XML data store used by AzMan This is illustrated in Listing 12-10

Listing 12-10: Making a connection to the AzMan policy store

<add name="LocalPolicyStore"

connectionString="msxml://~\App_Data\datafilename.xml" />

</configuration>

Note that when working with these XML-based policy files, it is best to store them in the App_Data

folder Files stored in the App_Data folder cannot be pulled up in the browser

After the connection string is in place, the next step is to configure your

AuthorizationStoreRole-Providerinstance This takes the syntax defined in Listing 12-11

Trang 10

Listing 12-11: Defining the AuthorizationStoreRoleProvider instance

<add name="MyLocalPolicyStore"

connectionString="msxml://~\App_Data\datafilename.xml" />

<system.web>

<roleManager defaultProvider="AuthorizationStoreRoleProvider"

enabled="true"

cacheRolesInCookie="true"

cookieName=".ASPROLES"

cookieTimeout="30"

cookiePath="/"

cookieRequireSSL="false"

cookieSlidingExpiration="true"

cookieProtection="All" >

<add name="AuthorizationStoreRoleProvider"

type="System.Web.Security.AuthorizationStoreRoleProvider"

connectionStringName="MyLocalPolicyStore"

applicationName="SampleApplication"

cacheRefreshInterval="60"

scopeName="" />

</providers>

</roleManager>

</system.web>

</configuration>

Next, this chapter reviews the single personalization provider available in ASP.NET 3.5

The Personalization Provider

As with the membership system found in ASP.NET, the personalization system (also referred to as the

profile system) is another system that is based on the provider model This system makes associations

between the end user viewing the application and any data points stored centrally that are specific to that

user As stated, these personalization properties are stored and maintained on a per-user basis ASP.NET

provides a single provider for data storage This provider is detailed here:

❑ System.Web.Profile.SqlProfileProvider:Provides you with the capability to use the ASP

.NET personalization system to connect to Microsoft’s SQL Server 2000/2005/2008 as well as to

the new Microsoft SQL Server Express Edition

Định dạng
Số trang	10
Dung lượng	186,5 KB