1.Introduction to membership
2.Settings of membership in SQL server
3.Configure web. config
4.Create user CreateUserWizard Control
5.Log on to the login Control
6.Display the LoginName control of the current user
7.LoginStatus Control for detecting the user's authentication status
8.Displays LoginView controls for different types of users.
9.ChangePassword Control for Password Change
10.PasswordRecovery Control for password retrieval
11.Summary
1. Introduction to membership
Membership is really interesting, convenient, and useful. This article will be introduced to you.
In ASP. NET applications, the Membership class is used to authenticate user creden。 and manage user settings (such as passwords and email addresses ). The Membership class can be used independently or together with FormsAuthentication to create a complete Web application or website user authentication system. The Login control encapsulates the Membership class to provide a convenient user authentication mechanism.
The Membership class provides the following functions:
1) create a new user.
2) store the Membership Information (username, password, email address, and supported data) in Microsoft SQL Server or similar data storage areas.
3) authenticate the users accessing the website. Users can be authenticated programmatically, or a complete authentication system with few or no code is created using the Login control.
4) Manage the password. Including creating, changing, retrieving, and resetting passwords. You can choose to configure ASP. NET membership to require a password to prompt questions and their answers to perform identity verification for Password Reset and retrieval requests of users who forget the password.
By default, ASP. NET membership supports all ASP. NET applications. The default membership provider is SqlMembershipProvider and is specified in the computer configuration with the name AspNetSqlProvider. The default instance of SqlMembershipProvider is a local instance connected to Microsoft SQL Server.
2. settings of membership in SQL server
To use membership, you need to make some settings for the database. Those who have used membership know that there are some inherent tables, views, and stored procedures in the database. Our own tables do not have these things.
Finally, we can use the Wizard to create them, that is, aspnet_regsql.exe, which is generally located at: C: \ WINDOWS \ Microsoft. NET \ Framework \ v2.0.50727 (here I am)
It can create options in the database or remove these settings.
Before running this program, I created an empty database in SQL server2005: membershipdemo.
After establishing membershipdemo, run aspnet_regsql.exe and specify membership as membershipdemo.
[Attach] 34768 [/attach]
After completion, the empty database will have a lot of content, but the specific content is not required for the moment. Continue with the subsequent content.
[Attach] 34769 [/attach]
3. Configure web. config
Web. config also needs to be modified.
Add an authentication node under the system. web Node
Since membership is used for member qualification management, of course, login authentication is required, so first add a form authentication.
[Copy to clipboard] [-]
CODE:
<Authentication mode = "Forms">
<Forms loginUrl = "login. aspx" name = ". aspxlogin"/>
</Authentication>
Add a membership node to the system. web node.
[Copy to clipboard] [-]
CODE:
<Membership defaultProvider = "AspNetSqlMembershipProvider" userIsOnlineTimeWindow = "15" hashAlgorithmType = "">
<Providers>
<Clear/>
<Add connectionStringName = "ConnectionString" enablePasswordRetrieval = "false" enablePasswordReset = "true" Success = "true" applicationName = "/" requiresUniqueEmail = "false" passwordFormat = "Hashed" Success =" 5 "minRequiredPasswordLength =" 7 "minRequiredNonalphanumericCharacters =" 1 "passwordAttemptWindow =" 10 "passwordStrengthRegularExpression =" "name =" AspNetSqlMembershipProvider "type =" System. web. security. sqlMembershipProvider, System. web, Version = 2.0.0.0, Culture = neutral, PublicKeyToken = b03f5f7f11d50a3a "/>
</Providers>
</Membership>
Attribute description:
DefaultProvider: Name of the provider. The default value is AspNetSqlMembershipProvider. If you have multiple providers, it is wise to specify a default value.
UserIsOnlineTimeWindow: Specify the number of minutes that the user is considered online after the date/timestamp of the last activity.
HashAlgorithmType: The identifier of the algorithm used to hash the password, or is null to use the default hash algorithm.
ConnectionStringName: The connection name of the membership database.
EnablePasswordRetrieval: Indicates whether the current membership provider is configured to allow users to retrieve their passwords.
EnablePasswordReset: Indicates whether the current membership provider is configured to allow users to reset their passwords.
RequiresQuestionAndAnswer: Indicates whether the default membership provider requires the user to answer the password prompt questions during password reset and retrieval.
ApplicationName: Application name.
RequiresUniqueEmail: Indicates whether the membership provider is configured to require each user name to have a unique email address.
PasswordFormat: Indicates the format of the password stored in the member qualification data storage area. Values include Clear, Encrypted, and Hashed. Clear passwords are stored in plain text, which improves the performance of storing and retrieving passwords, but are less secure. When the security of data sources is threatened, such passwords are easily read. The Encrypted password is Encrypted during storage and can be decrypted during password comparison or retrieval. This type of password requires additional processing during storage and retrieval, but it is relatively secure and is not easy to obtain when the security of the data source is threatened. When the Hashed password is stored in the database, it uses a one-way hash algorithm and a randomly generated salt value for hash processing. When a password is verified, the password is hash calculated using the salt value in the database for verification. The hash password cannot be retrieved.
MaxInvalidPasswordAttempts: Number of attempts to prompt questions and answers to the invalid or invalid passwords allowed before the user is locked.
MinRequiredPasswordLength: Minimum length required by the password.
MinRequiredNonalphanumericCharacters: The minimum number of special characters that a valid Password must contain.
PasswordAttemptWindow: The maximum number of minutes that a question answer attempt can be prompted for an invalid password or password before the user is locked. This is an additional measure to prevent unknown sources from repeatedly trying to guess the password of a Member-qualified user or the password prompts the answer to the question.
PasswordStrengthRegularExpression: Calculate the regular expression of the password.
After configuring web. config for membership, configure its role management roleManager.
Also in system. web
[Copy to clipboard] [-]
CODE:
<RoleManager enabled = "true" cacheRolesInCookie = "true">
<Providers>
<Clear/>
<Add connectionStringName = "ConnectionString" applicationName = "/" name = "AspNetSqlRoleProvider" type = "System. web. security. sqlRoleProvider, System. web, Version = 2.0.0.0, Culture = neutral, PublicKeyToken = b03f5f7f11d50a3a "/>
</Providers>
</RoleManager>
Attribute description:
CacheRolesInCookie: Indicates whether the role of the current user has been cached in a Cookie.
When the CacheRolesInCookie attribute is set to true in the configuration file, the role information of each user is stored in a Cookie on the client. When role management checks whether a user belongs to a specific role, it checks the role Cookie before calling the role provider to check the role list in the data source. The Cookie is dynamically updated on the client to cache recently verified role names.
Web. config is configured almost.