ASP.NET/Membership

From Wikibooks, open books for an open world
Jump to: navigation, search

ASP.Net Membership Provider[edit]

As of ASP.Net Version 2.0 Microsoft has included a membership system, or Membership Provider, that can be easily integrated into any ASP.Net 2.0 web site that has a MSSql Database back-end. The new system is not limited to just logins but also integrates role based authentication, and profiles and takes away much of the hassle of having to create your own system to do the same thing.

First Steps: Setting Up The Database[edit]

Since the new Membership system relies on a MSSql Database back-end the first step is to make the necessary additions/changes to your web.config file.

If you do not currently have a connection string entry to your MSSql database inside your web.config file please reference the ASP.Net Database section first before continuing on to this next step.

Assuming that you have your database connecting string properly entered into your web.config file we will now configure your database and add the appropriate tables, stored procedures, etc... that are required. Fortunately Microsoft makes this fairly painless by providing a tool that will do the job for us! The tool is called aspnet_regsql.exe and is found at the following path normally: C:\windows\microsoft.net\Framework\v2.0.xxxxx\aspnet_regsql.exe. After you start the ASP.Net SQL Server Setup Wizard click Next. Select the option Configure SQL Server for application services from the next page, then click Next. At this point the Wizard is asking you for the path/location of your MSSQL Database. In the Server box type in the full path to the MSSQL server that you are using. If the SQL server is located on the current machine then type localhost into the box. If your server is located on a remote machine then you will most likely have to enter in a SQL authentication, unless you are using Windows Authentication.

Once you have all of the authentication information entered and you have selected the database that you wish to use from the drop down list click Next. The next screen will simply give you a summary of the information you have selected showing you the name of the server and database that the Wizard will install the Membership schema information onto. Click Next to install the Schema into your database. If all goes well you should get a success screen and you may click Finish.

Enabling Membership in Web.config[edit]

After the database schema has been updated the next step is to modify our Web.config file and enable the Membership Provider.

First open up your Web.config file. At the top of the page, or near the top, should be your Database Connection string that we entered in the Database section. Note the name that this connection has, such as LocalSqlServer, or whatever you have named it.

Inside the <System.Web> section of the Web.config file we copy and paste the following piece of code:

    <membership defaultProvider="CustomizedProvider">
      <providers>
         <add name="CustomizedProvider"
              type="System.Web.Security.SqlMembershipProvider"  
              connectionStringName="YourSqlServerConnectionName"
              applicationName="MyMembership"
              minRequiredPasswordLength="5"
              minRequiredNonalphanumericCharacters="0" />
      </providers>
    </membership>

Also inside the <System.Web> section of your Web.config file you will need to change your Authentication entry to look like the following:

   <authentication mode="Forms" />

Assuming that your connection string is correct, that you installed the Membership Schema correct, and you copied, pasted, and modified the above code appropriately there shouldn't be much left before it will work. So let's save our Web.config file and test it out.

Creating A New User[edit]

The best way to test our system is to try creating a user. Included in ASP.Net 2.0 are several Web Controls that should be in your Tool Box that are specifically designed for working with the Membership Provider. So let's make a new Web Form in the root directory of our website. Drag and drop and CreateUserWizard from the Tool Box onto your new page. Save the page and then click the preview page button/load the page by hand in your web browser, then try filling in all the fields and making a new user. If all goes as it should you should be displayed a User Created Successfully box in your browser.

Logging in as Your New User[edit]

Now that we can make users let's try logging in as our user. In the Tool Box there is also a Login Control that we can drag and drop onto the same page we made earlier. We will also want to add a LoginName Control so that after we are logged in we can verify who we are logged in as. After you have added these controls to the page save the page and load it in your web browser once again. Using the login box try to login using the account you made earlier. If all goes well you should login and the LoginName Control will be displaying your user name.

Overview Of Included Login/Authentication Related Controls[edit]

Login - Standard User name & Password login box. The Login Control is very customizable. When the login button is clicked the default action is to Post-Back the page and verify the users credentials.
LoginView - Allows you to show different content in a part of the page based upon whether the user is logged in or not logged in. The LoginView can also be used to display different content to Users based upon the Roles they are in (whether the user has logged in or not).
PasswordRecovery - Provides users access to recover their own passwords. Requires an answer to a password question.
LoginStatus - Shows the currently status of the user. If the user is logged in then this control will display a Logout link. If the user is not logged in the this user will display a Login link.
LoginName - Will display the user name of the currently logged in User. If no user is logged in then it will display nothing.
CreateUserWizard - A wizard that helps you create a new user account.
ChangePassword - Change password Control that allows users to change their own passwords, requires that you enter the old password.