Programming Microsoft ASP.NET 4 - Dino Esposito [426]
Configuring a Membership Provider
You can change the default provider through the defaultProvider attribute of the With the new provider in place, the code to verify credentials reduces to the following code, which is the same as you saw earlier in the chapter: void LogonUser(object sender, EventArgs e) { string user = userName.Text; string pswd = passWord.Text; if (Membership.ValidateUser(user, pswd)) FormsAuthentication.RedirectFromLoginPage(user, false); else errorMsg.Text = "Sorry, yours seems not to be a valid account."; } There’s more than just this with the membership API. Now a login page has a relatively standard structure and relatively standard code attached. At least in the simplest scenarios, it can be reduced to a composite control with no binding code. This is exactly what security controls do. Before we get to cover this new family of server controls, though, let’s review roles and their provider-based management. Managing Roles For example, an application might define two roles—Admin and Guest, each representative of a set of application-specific permissions. Users belonging to the Admin role can perform tasks that other users are prohibited from performing. Assigning roles to a user account doesn’t add any security restrictions by itself. It is the responsibility of the application to ensure that authorized users perform critical operations only if they are members of a certain role. In ASP.NET, the role manager feature simply maintains the relationship between users and roles. Note The Role Management API, although it consists of different methods and properties, works like the Membership API from a mechanical standpoint. Many of the concepts you read in the previous section also apply to role management. The Role Management API You can use roles to establish access rules for pages and folders. The following The order in which you place WSAT provides a visual interface for creating associations between users and roles. If necessary, you can instead perform this task programmatically by calling various role manager methods. The following code snippet demonstrates how to create the Admin and Guest roles and populate them with user names: Roles.CreateRole("Admin"); Roles.AddUsersToRole("DinoE", "Admin"); Roles.CreateRole("Guest"); var guests = new String[2]; guests[0]
You register a new provider through the
Roles in ASP.NET simplify the implementation of applications that require authorization. A role is just a logical attribute assigned to a user. An ASP.NET role is a plain string that refers to the logical role the user plays in the context of the application. In terms of configuration, each user can be assigned one or more roles. This information is attached to the identity object, and the application code can check it before the execution of critical operations.
The role management API lets you define roles as well as specify programmatically which users are in which roles. The easiest way to configure role management, define roles, add users to roles, and create access rules is to use WSAT. (See Figure 19-4.) You enable role management by adding the following script to your application’s web.config file: