Programming Microsoft ASP.NET 4 - Dino Esposito [422]
PasswordStrengthRegularExpression
Returns the regular expression that the password must comply with.
Provider
Returns an instance of the provider being used.
Providers
Returns the collection of all registered providers.
RequiresQuestionAndAnswer
Returns true if the provider requires a password question/answer when retrieving or resetting the password.
UserIsOnlineTimeWindow
Number of minutes after the last activity for which the user is considered on line.
The Provider property returns a reference to the membership provider currently in use. As you’ll see in a moment, the provider is selected in the configuration file. ASP.NET comes with a couple of predefined providers that target MDF files in SQL Server Express and Active Directory. However, many more membership providers are in the works from Microsoft and third-party vendors, or you can even derive your own. You can obtain the list of installed providers for a given application through the Providers collection.
All properties are static and read-only. All of them share a pretty simple implementation. Each property just accesses the corresponding member on the current provider, as shown here:
public static int PasswordAttemptWindow
{
get
{
Membership.Initialize();
return Membership.Provider.PasswordAttemptWindow;
}
}
As the name suggests, the Initialize method ensures that the internal structure of the Membership class is properly initialized and that a reference to the provider exists.
The class supports fairly advanced functionality, such as estimating the number of users currently using the application. It uses the value assigned to the UserIsOnlineTimeWindow property to determine this number. A user is considered on line if he has done something with the application during the previous time window. The default value for the UserIsOnlineTimeWindow property is 15 minutes. After 15 minutes of inactivity, a user is considered off line.
Table 19-9 details the methods supported by the Membership class. This list clarifies the tasks the class accomplishes.
Table 19-9. Methods of the Membership Class
Member
Description
CreateUser
Creates a new user and fails if the user already exists. The method returns a MembershipUser object representing any available information about the user.
DeleteUser
Deletes the user corresponding to the specified name.
FindUsersByEmail
Returns a collection of MembershipUser objects whose e-mail address corresponds to the specified e-mail.
FindUsersByName
Returns a collection of MembershipUser objects whose user name matches the specified user name.
GeneratePassword
Generates a random password of the specified length.
GetAllUsers
Returns a collection of all users.
GetNumberOfUsersOnline
Returns the total number of users currently on line.
GetUser
Retrieves the MembershipUser object associated with the current or specified user.
GetUserNameByEmail
Obtains the user name that corresponds to the specified e-mail. If more users share the same e-mail, the first is retrieved.
UpdateUser
Takes a MembershipUser object and updates the information stored for the user.
ValidateUser
Authenticates a user by using supplied credentials.
Setting Up Membership Support
To build an authentication layer based on the membership API, you start by choosing the default provider and establish the data store. In the simplest case, you can stay with the default predefined provider, which saves user information in a local MDF file in SQL Server Express.
The Web Site Administration Tool (WSAT) in Microsoft Visual Studio provides a user interface for creating and administering the registered users of your application. Figure 19-4 provides a glimpse of the user interface.
Figure 19-4. Configure the membership data model.
To add a new user or to edit properties of an existing one, you use the links shown in the figure. When you edit the properties of a new user, you use the page in Figure 19-5.
Figure 19-5. Choosing