ASP.net Membership role and permission management)

Directory:
1. Introduction to membership
2. settings of membership in SQL server
3. Configure web. config
4. Create the CreateUserWizard control.
5. log on to the login control.
6. display the LoginName control of the current user
7. Check the LoginStatus control of the user's authentication status
8. Present LoginView controls for different categories of users with different content
9. Change the password's ChangePassword Control
10. Self-Help password retrieval PasswordRecovery Control

11. Conclusion

 

1. Introduction to membership

Membership is really interesting, convenient, and useful. This article will be introduced to you.

In ASP. NET applications, the Membership class is used to authenticate user creden。 and manage user settings (such as passwords and email addresses ). The Membership class can be used independently or together with FormsAuthentication to create a complete Web application or website user authentication system. The Login control encapsulates the Membership class to provide a convenient user authentication mechanism.

The Membership class provides the following functions:
1) create a new user.
2) store the Membership Information (username, password, email address, and supported data) in Microsoft SQL Server or similar data storage areas.
3) authenticate the users accessing the website. Users can be authenticated programmatically, or a complete authentication system with few or no code is created using the Login control.
4) Manage the password. Including creating, changing, retrieving, and resetting passwords. You can choose to configure ASP. NET membership to require a password to prompt questions and their answers to perform identity verification for Password Reset and retrieval requests of users who forget the password.
By default, ASP. NET membership supports all ASP. NET applications. The default membership provider is sqlmembershipprovider and is specified in the computer configuration with the name aspnetsqlprovider. The default instance of sqlmembershipprovider is a local instance connected to Microsoft SQL Server.

2. settings of membership in SQL server

To use membership, you need to make some settings for the database. Those who have used membership know that there are some inherent tables, views, and stored procedures in the database. We do not have these in our own tables. Finally, we can use the Wizard to create them, that is, aspnet_regsql.exe, which is generally located at: C: \ WINDOWS \ Microsoft. NET \ framework \ v2.0.50727 (here I am)

It can create options in the database or remove these settings.

Before running this program, I created an empty database in SQL server2005: membershipdemo. After establishing membershipdemo, run aspnet_regsql.exe and specify membership as membershipdemo.

After completion, the empty database will have a lot of content, but the specific content is not required for the moment. Continue with the subsequent content.

3. Configure web. config

 

Web. config also needs to be modified. Add an authentication node under the system. Web node.

Since membership is used for member qualification management, of course, login authentication is required, so first add a form authentication.

<Authentication mode = "Forms">
<Forms loginUrl = "login. aspx" name = ". aspxlogin"/>
</Authentication>

Add a membership node under the system. Web node.

<Membership defaultProvider = "AspNetSqlMembershipProvi Der "userIsOnlineTimeWindow =" 15 "hashAlgorithmType =" ">
<Providers>
<Clear/>
<Add connectionStringName = "ConnectionString" enablePasswordRetrieval = "false" enablePasswordReset = "true" requiresQuestionAndAnswe R = "true" applicationName = "/" requiresUniqueEmail = "false" passwordFormat = "Hashed" maxInvalidPasswordAttemp Ts = "5" minRequiredPasswordLengt H = "7" minRequiredNonalphanumer IcCharacters = "1" passwordAttemptWindow = "10" passwordStrengthRegulare Xpression_r = "" name = "AspNetSqlMembershipProvi Der "type =" System. Web. Security. SqlMembershipProvider, System. Web, Version = 2.0.0.0, Culture = neutral, PublicKeyToken = b03f5f7f11d50a3a "/>
</Providers>
</Membership>

Attribute description:

DefaultProvider: Name of the provider. The default value is aspnetsqlmembershipprovi.Der. If you have multiple providers, it is wise to specify a default value.
UserIsOnlineTimeWindow: Specify the number of minutes that the user is considered online after the date/timestamp of the last activity.
HashAlgorithmType: The identifier of the algorithm used to hash the password, or is null to use the default hash algorithm.ConnectionStringName: The connection name of the membership database.
EnablePasswordRetrieval: Indicates whether the current membership provider is configured to allow users to retrieve their passwords.
EnablePasswordReset: Indicates whether the current membership provider is configured to allow users to reset their passwords.
RequiresQuestionAndAnswer: Indicates whether the default membership provider requires the user to answer the password prompt questions during password reset and retrieval.
ApplicationName: Application name.
RequiresUniqueEmail: Indicates whether the membership provider is configured to require each user name to have a unique email address.
PasswordFormat: Indicates the format of the password stored in the member qualification data storage area. Values include Clear, Encrypted, and Hashed. Clear passwords are stored in plain text, which improves the performance of storing and retrieving passwords, but are less secure. When the security of data sources is threatened, such passwords are easily read. The Encrypted password is Encrypted during storage and can be decrypted during password comparison or retrieval. This type of password requires additional processing during storage and retrieval, but it is relatively secure and is not easy to obtain when the security of the data source is threatened. When the Hashed password is stored in the database, it uses a one-way hash algorithm and a randomly generated salt value for hash processing. When a password is verified, the password is hash calculated using the salt value in the database for verification. The hash password cannot be retrieved.
MaxInvalidPasswordAttempts: Number of attempts to prompt questions and answers to the invalid or invalid passwords allowed before the user is locked.
MinRequiredPasswordLength: Minimum length required by the password.
MinRequiredNonalphanumericCharacters: The minimum number of special characters that a valid Password must contain.
PasswordAttemptWindow: The maximum number of minutes that a question answer attempt can be prompted for an invalid password or password before the user is locked. This is an additional measure to prevent unknown sources from repeatedly trying to guess the password of a Member-qualified user or the password prompts the answer to the question.
PasswordStrengthRegularexpression_r: Calculate the regular expression of the password.

After configuring web. config for membership, configure its role management roleManager, which is also under system. web.

<RoleManager enabled = "true" cacheRolesInCookie = "true">
<Providers>
<Clear/>
<Add connectionStringName = "ConnectionString" applicationName = "/" name = "AspNetSqlRoleProvider" type = "System. web. security. sqlRoleProvider, System. web, Version = 2.0.0.0, Culture = neutral, PublicKeyToken = b03f5f7f11d50a3a "/>
</Providers>
</RoleManager>

Attribute description:
CacheRolesInCookie: Indicates whether the role of the current user has been cached in a Cookie.
When the CacheRolesInCookie attribute is set to true in the configuration file, the role information of each user is stored in a Cookie on the client. When role management checks whether a user belongs to a specific role, it checks the role Cookie before calling the role provider to check the role list in the data source. The Cookie is dynamically updated on the client to cache recently verified role names.
Web. config is configured almost.

Really step into the question.

 

4. Create the CreateUserWizard control.

Create An aspx page in vs2005 named CreateUserWizard. aspx. Drag a CreateUserWizard control from the toolbox and set FinishDestinationPageUrl.Attribute. This attribute indicates the target page after you click "continue" after the user is created.

<Asp: CreateUserWizard ID = "CreateUserWizard1" runat = "server" ContinueDestinationPageU Rl = "~ /Default. aspx ">
</Asp: CreateUserWizard>

Currently, no settings are made. You can see it in the design view of vs2005.

Test it first!

Submit. the following result is displayed:

Therefore, after Correctly Setting membership, the registered users can use it immediately. This is the default template of CreateUserWizard. You can also create the template you need, and vs2005 can help you convert it. You can modify it. This is the case after conversion.

<Asp: RequiredFieldValidator ID = "EmailRequired" runat = "server" ControlToValidate = "Email"
                              ErrorMessage = "you must enter" email ". "ToolTip =" you must enter "email ". "ValidationGroup =" CreateUserWizard1 "> * </asp: RequiredFieldValidator>
                      </Td>
                  </Tr>
                  <Tr>
                      <TD align = "right">
                          <Asp: Label ID = "QuestionLabel" runat = "server" AssociatedControlID = "Question"> Security Prompt: </asp: Label> </td>
                      <Td>
                          <Asp: TextBox ID = "Question" runat = "server"> </asp: TextBox>
                          <Asp: RequiredFieldValidator ID = "QuestionRequired" runat = "server" ControlToValidate = "Question"
                              ErrorMessage = "you must enter" security prompt ". "ToolTip =" you must enter "Security Prompt question ". "ValidationGroup =" CreateUserWizard1 "> * </asp: RequiredFieldValidator>