Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Implementing ASP.NET Role Based Security

4,433 views

Published on

An introduction to implementing role based security using the Asp.Net membership provider

Published in: Technology
  • Login to see the comments

Implementing ASP.NET Role Based Security

  1. 1. FortWayne .Net User Group – First presented on January 8, 2008 DeanWillson Systemental, Inc.
  2. 2. About Me  Work for Systemental, Inc as a Consultant and Software Developer  Software development to support Corporate business process improvement since 2000 (Mostly to support Lean or Continuous Improvement Initiatives)  .Net since 2004  Mfg. Eng. Technology degrees from Ball State University  Certified Six Sigma Black Belt
  3. 3. Scope of presentation  Conceptual review  Provider Model  Tools (development and maintenance)  Code examples  Login Controls – Declarative Control Templates  Install/Config, Aspnetdb  Web.config settings  Code-behind User.IsInRole  Miscellaneous  Global.asax populate IPrincipal
  4. 4. .Net Security Providers  Prebuilt Membership and Role Providers for managing security (and personalization). Built-in providers:  SQL Server  SQL Express (used during presentation)  Active Directory  Provider based so you can create your own Custom providers (MySQL, XML, Custom)
  5. 5. Tools – Development & Maintenance  Development  Login Controls  CreateUserWizard  Login, LoginView, LoginStatus, LoginName  PasswordRecovery, ChangePassword  Maintenance  WSAT – Web Site Administration Tool (Visual Studio: Website  ASP.Net Configuration)  Roll-Your-Own admin  Peter Kellner’s Membership Editor
  6. 6. Code Samples  NUFWStarting website  Initial project with Gridviews for two different roles HR and Sales (in separate Panels)  Objective is to add login and role based security functionality for the two roles  NUFWFinished website  After adding login and role based security (added during presentation  NUFWAdv website  Showed how to install the aspnetdb Membership database to another existing database (AdventureWorks) then use it. More like a production deployment scenario. Note changes to connection string.  Shows use of global.asax to populate Roles into GenericPrincipal from an XML file while using the Membership db for the User Authentication
  7. 7. Web.config settings – con strings Application App_Data/aspnetdb.mdf (from the machine.config): <connectionStrings> <add name="LocalSqlServer" connectionString="data source=.SQLEXPRESS;Integrated Security=SSPI;AttachDBFilename=| DataDirectory|aspnetdb.mdf;User Instance=true" providerName="System.Data.SqlClient" /> </connectionStrings> If using SQL Server (full version or custom db/connection): <connectionStrings> <remove name="LocalSqlServer" /> <add name="LocalSqlServer" connectionString="Data Source=(local);Initial Catalog=aspnetdb;User ID=USER;Password=PASS" providerName="System.Data.SqlClient" /> </connectionStrings>
  8. 8. Web.config –Authentication, Authorization <roleManager enabled="true" cookieTimeout="5000000" createPersistentCookie="true" /> (from machine.config): <roleManager> <providers> <add name="AspNetSqlRoleProvider“ connectionStringName="LocalSqlServer" applicationName="/" type="System.Web.Security.SqlRoleProvider, ..." /> </providers> </roleManager> <authentication mode="Forms"> <forms loginUrl="Login.aspx" defaultUrl="Default.aspx"></forms> </authentication>
  9. 9. Web.config – restrict access <system.web> <authorization> <allow roles="Admin"/> <deny users="*,?"/> </authorization> </system.web>
  10. 10. Custom Install Membership Database aspnetdb  Separate Membership database to be used by entire server  Add Membership to an existing database  C:WINDOWSMicrosoft.NETFrameworkv2.0.5 0727aspnet_regsql.exe
  11. 11. Wizard – add membership DDL  C:WINDOWSMicrosoft.NETFramework v2.0.50727aspnet_regsql.exe –W
  12. 12. Next
  13. 13. Pick authentication method
  14. 14. Almost there
  15. 15. Done
  16. 16. Before and After the Wizard
  17. 17. Launch WSAT
  18. 18. WSAT – Web Site Admin Tool
  19. 19. Select Authentication type
  20. 20. Users, Roles, Access Rules
  21. 21. References  ASP.NET 2.0 Anthology Sitepoint 2007  ASP.Net 2.0 Membership, Roles, Forms Authentication, and Security Resources by Scott Guthrie http://weblogs.asp.net/scottgu/archive/2006/02/24/ASP.NET-2.0- Membership_2C00_-Roles_2C00_-Forms-Authentication_2C00_- and-Security-Resources-.aspx  Peter Kellner’s Membership Editor  http://msdn2.microsoft.com/en-us/library/aa478958.aspx  Introducing Microsoft Visual Basic 2005 For Developers Microsoft Press 2005  http://www.odetocode.com/Articles/428.aspx  Security for Microsoft Visual Basic .Net Microsoft Press 2003
  22. 22. Thank you!  Websites  http://www.systemental.com  http://www.LeanProjectManager.com  Blog  http://dean-o.blogspot.com/  http://practicalhoshin.blogspot.com  Twitter  @deanwillson  Email  dean@systemental.com
  23. 23. AD Provider <connectionStrings> <add name="ADConnectionString" connectionString="LDAP://testdomain.test.com/CN=Users,DC=testdo main,DC=test,DC=com" /> </connectionStrings> <authorization> <membership defaultProvider="MyADMembershipProvider"> <providers> <add name="MyADMembershipProvider" type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" connectionStringName="ADConnectionString" connectionUsername="testdomainadministrator" connectionPassword="password"/> </providers> </membership> </authorization>
  24. 24. Finished

×