SlideShare ist ein Scribd-Unternehmen logo

Implementing ASP.NET Role Based Security

Als PPT, PDF herunterladen
Dean Willson
Dean Willson

An introduction to implementing role based security using the Asp.Net membership provider

Technologie
1 von 24
FortWayne .Net User Group – First presented on January 8, 2008 DeanWillson Systemental, Inc.
About Me  Work for Systemental, Inc as a Consultant and Software Developer  Software development to support Corporate business process improvement since 2000 (Mostly to support Lean or Continuous Improvement Initiatives)  .Net since 2004  Mfg. Eng. Technology degrees from Ball State University  Certified Six Sigma Black Belt
Scope of presentation  Conceptual review  Provider Model  Tools (development and maintenance)  Code examples  Login Controls – Declarative Control Templates  Install/Config, Aspnetdb  Web.config settings  Code-behind User.IsInRole  Miscellaneous  Global.asax populate IPrincipal
.Net Security Providers  Prebuilt Membership and Role Providers for managing security (and personalization). Built-in providers:  SQL Server  SQL Express (used during presentation)  Active Directory  Provider based so you can create your own Custom providers (MySQL, XML, Custom)
Tools – Development & Maintenance  Development  Login Controls  CreateUserWizard  Login, LoginView, LoginStatus, LoginName  PasswordRecovery, ChangePassword  Maintenance  WSAT – Web Site Administration Tool (Visual Studio: Website  ASP.Net Configuration)  Roll-Your-Own admin  Peter Kellner’s Membership Editor
Code Samples  NUFWStarting website  Initial project with Gridviews for two different roles HR and Sales (in separate Panels)  Objective is to add login and role based security functionality for the two roles  NUFWFinished website  After adding login and role based security (added during presentation  NUFWAdv website  Showed how to install the aspnetdb Membership database to another existing database (AdventureWorks) then use it. More like a production deployment scenario. Note changes to connection string.  Shows use of global.asax to populate Roles into GenericPrincipal from an XML file while using the Membership db for the User Authentication
Web.config settings – con strings Application App_Data/aspnetdb.mdf (from the machine.config): <connectionStrings> <add name="LocalSqlServer" connectionString="data source=.SQLEXPRESS;Integrated Security=SSPI;AttachDBFilename=| DataDirectory|aspnetdb.mdf;User Instance=true" providerName="System.Data.SqlClient" /> </connectionStrings> If using SQL Server (full version or custom db/connection): <connectionStrings> <remove name="LocalSqlServer" /> <add name="LocalSqlServer" connectionString="Data Source=(local);Initial Catalog=aspnetdb;User ID=USER;Password=PASS" providerName="System.Data.SqlClient" /> </connectionStrings>
Web.config –Authentication, Authorization <roleManager enabled="true" cookieTimeout="5000000" createPersistentCookie="true" /> (from machine.config): <roleManager> <providers> <add name="AspNetSqlRoleProvider“ connectionStringName="LocalSqlServer" applicationName="/" type="System.Web.Security.SqlRoleProvider, ..." /> </providers> </roleManager> <authentication mode="Forms"> <forms loginUrl="Login.aspx" defaultUrl="Default.aspx"></forms> </authentication>
Web.config – restrict access <system.web> <authorization> <allow roles="Admin"/> <deny users="*,?"/> </authorization> </system.web>
Custom Install Membership Database aspnetdb  Separate Membership database to be used by entire server  Add Membership to an existing database  C:WINDOWSMicrosoft.NETFrameworkv2.0.5 0727aspnet_regsql.exe
Wizard – add membership DDL  C:WINDOWSMicrosoft.NETFramework v2.0.50727aspnet_regsql.exe –W
Next
Pick authentication method
Almost there
Done
Before and After the Wizard
Launch WSAT
WSAT – Web Site Admin Tool
Select Authentication type
Users, Roles, Access Rules
References  ASP.NET 2.0 Anthology Sitepoint 2007  ASP.Net 2.0 Membership, Roles, Forms Authentication, and Security Resources by Scott Guthrie http://weblogs.asp.net/scottgu/archive/2006/02/24/ASP.NET-2.0- Membership_2C00_-Roles_2C00_-Forms-Authentication_2C00_- and-Security-Resources-.aspx  Peter Kellner’s Membership Editor  http://msdn2.microsoft.com/en-us/library/aa478958.aspx  Introducing Microsoft Visual Basic 2005 For Developers Microsoft Press 2005  http://www.odetocode.com/Articles/428.aspx  Security for Microsoft Visual Basic .Net Microsoft Press 2003
Thank you!  Websites  http://www.systemental.com  http://www.LeanProjectManager.com  Blog  http://dean-o.blogspot.com/  http://practicalhoshin.blogspot.com  Twitter  @deanwillson  Email  dean@systemental.com
AD Provider <connectionStrings> <add name="ADConnectionString" connectionString="LDAP://testdomain.test.com/CN=Users,DC=testdo main,DC=test,DC=com" /> </connectionStrings> <authorization> <membership defaultProvider="MyADMembershipProvider"> <providers> <add name="MyADMembershipProvider" type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" connectionStringName="ADConnectionString" connectionUsername="testdomainadministrator" connectionPassword="password"/> </providers> </membership> </authorization>
Finished

Empfohlen

Partially Contained Databases
Partially Contained DatabasesPartially Contained Databases
Partially Contained Databases
Microsoft TechNet - Belgium and Luxembourg
 
SQLite database in android
SQLite database in androidSQLite database in android
SQLite database in android
Gourav Kumar Saini
 
SQLite - Overview
SQLite - OverviewSQLite - Overview
SQLite - Overview
Emanuele Bartolesi
 
Query Store and live Query Statistics
Query Store and live Query StatisticsQuery Store and live Query Statistics
Query Store and live Query Statistics
SolidQ
 
JDBC Tutorial
JDBC TutorialJDBC Tutorial
JDBC Tutorial
Information Technology
 
Database
DatabaseDatabase
Database
nationalmobileapps
 
Sqlite
SqliteSqlite
Sqlite
Kumar
 
Day2
Day2Day2
Day2
madamewoolf
 

Empfohlen

Partially Contained Databases
Partially Contained DatabasesPartially Contained Databases
Partially Contained Databases
Microsoft TechNet - Belgium and Luxembourg
 
SQLite database in android
SQLite database in androidSQLite database in android
SQLite database in android
Gourav Kumar Saini
 
SQLite - Overview
SQLite - OverviewSQLite - Overview
SQLite - Overview
Emanuele Bartolesi
 
Query Store and live Query Statistics
Query Store and live Query StatisticsQuery Store and live Query Statistics
Query Store and live Query Statistics
SolidQ
 
JDBC Tutorial
JDBC TutorialJDBC Tutorial
JDBC Tutorial
Information Technology
 
Database
DatabaseDatabase
Database
nationalmobileapps
 
Sqlite
SqliteSqlite
Sqlite
Kumar
 
Day2
Day2Day2
Day2
madamewoolf
 
Java database connectivity
Java database connectivityJava database connectivity
Java database connectivity
Vaishali Modi
 
Jdbc
JdbcJdbc
Jdbc
Nitesh Kumar Pandey
 
Writing simple web services in java using eclipse editor
Writing simple web services in java using eclipse editorWriting simple web services in java using eclipse editor
Writing simple web services in java using eclipse editor
Santosh Kumar Kar
 
Jdbc
JdbcJdbc
Jdbc
Jussi Pohjolainen
 
Jdbc in servlets
Jdbc in servletsJdbc in servlets
Jdbc in servlets
Nuha Noor
 
JDBC ppt
JDBC pptJDBC ppt
JDBC ppt
Rohit Jain
 
Kaashiv SQL Server Interview Questions Presentation
Kaashiv SQL Server Interview Questions PresentationKaashiv SQL Server Interview Questions Presentation
Kaashiv SQL Server Interview Questions Presentation
kaashiv1
 
SQLite 3
SQLite 3SQLite 3
SQLite 3
Scott MacVicar
 
Sqlite
SqliteSqlite
Sqlite
Raghu nath
 
Android Training (Storing data using SQLite)
Android Training (Storing data using SQLite)Android Training (Storing data using SQLite)
Android Training (Storing data using SQLite)
Khaled Anaqwa
 
Ada for Web Development
Ada for Web DevelopmentAda for Web Development
Ada for Web Development
Stephane Carrez
 
Java- JDBC- Mazenet Solution
Java- JDBC- Mazenet SolutionJava- JDBC- Mazenet Solution
Java- JDBC- Mazenet Solution
Mazenetsolution
 
Using sqlite database in android with sqlite manager browser add ons
Using sqlite database in android with sqlite manager browser add onsUsing sqlite database in android with sqlite manager browser add ons
Using sqlite database in android with sqlite manager browser add ons
Vincent Clyde
 
SQL overview and software
SQL overview and softwareSQL overview and software
SQL overview and software
Randy Riness @ South Puget Sound Community College
 
JDBC: java DataBase connectivity
JDBC: java DataBase connectivityJDBC: java DataBase connectivity
JDBC: java DataBase connectivity
Tanmoy Barman
 
Introduction to SQLite: The Most Popular Database in the World
Introduction to SQLite: The Most Popular Database in the WorldIntroduction to SQLite: The Most Popular Database in the World
Introduction to SQLite: The Most Popular Database in the World
jkreibich
 
Less07 Users
Less07 UsersLess07 Users
Less07 Users
vivaankumar
 
Jdbc
JdbcJdbc
Jdbc
Mumbai Academisc
 
Spring database - part2
Spring database - part2Spring database - part2
Spring database - part2
Santosh Kumar Kar
 
Sql interview-question-part-6
Sql interview-question-part-6Sql interview-question-part-6
Sql interview-question-part-6
kaashiv1
 
Authentication Using Twitter, Google, Facebook, And More
Authentication Using Twitter, Google, Facebook, And MoreAuthentication Using Twitter, Google, Facebook, And More
Authentication Using Twitter, Google, Facebook, And More
Billy Cravens
 
Addressing cyber security
Addressing cyber securityAddressing cyber security
Addressing cyber security
Femi Ashaye
 

Weitere ähnliche Inhalte

Was ist angesagt?

Was ist angesagt? (20)

Java database connectivity
Java database connectivityJava database connectivity
Java database connectivity
 
Jdbc
JdbcJdbc
Jdbc
 
Writing simple web services in java using eclipse editor
Writing simple web services in java using eclipse editorWriting simple web services in java using eclipse editor
Writing simple web services in java using eclipse editor
 
Jdbc
JdbcJdbc
Jdbc
 
Jdbc in servlets
Jdbc in servletsJdbc in servlets
Jdbc in servlets
 
JDBC ppt
JDBC pptJDBC ppt
JDBC ppt
 
Kaashiv SQL Server Interview Questions Presentation
Kaashiv SQL Server Interview Questions PresentationKaashiv SQL Server Interview Questions Presentation
Kaashiv SQL Server Interview Questions Presentation
 
SQLite 3
SQLite 3SQLite 3
SQLite 3
 
Sqlite
SqliteSqlite
Sqlite
 
Android Training (Storing data using SQLite)
Android Training (Storing data using SQLite)Android Training (Storing data using SQLite)
Android Training (Storing data using SQLite)
 
Ada for Web Development
Ada for Web DevelopmentAda for Web Development
Ada for Web Development
 
Java- JDBC- Mazenet Solution
Java- JDBC- Mazenet SolutionJava- JDBC- Mazenet Solution
Java- JDBC- Mazenet Solution
 
Using sqlite database in android with sqlite manager browser add ons
Using sqlite database in android with sqlite manager browser add onsUsing sqlite database in android with sqlite manager browser add ons
Using sqlite database in android with sqlite manager browser add ons
 
SQL overview and software
SQL overview and softwareSQL overview and software
SQL overview and software
 
JDBC: java DataBase connectivity
JDBC: java DataBase connectivityJDBC: java DataBase connectivity
JDBC: java DataBase connectivity
 
Introduction to SQLite: The Most Popular Database in the World
Introduction to SQLite: The Most Popular Database in the WorldIntroduction to SQLite: The Most Popular Database in the World
Introduction to SQLite: The Most Popular Database in the World
 
Less07 Users
Less07 UsersLess07 Users
Less07 Users
 
Jdbc
JdbcJdbc
Jdbc
 
Spring database - part2
Spring database - part2Spring database - part2
Spring database - part2
 
Sql interview-question-part-6
Sql interview-question-part-6Sql interview-question-part-6
Sql interview-question-part-6
 

Andere mochten auch

It infrastructure hardware and software
It infrastructure hardware and softwareIt infrastructure hardware and software
It infrastructure hardware and software
Prof. Othman Alsalloum
 

Andere mochten auch (15)

Authentication Using Twitter, Google, Facebook, And More
Authentication Using Twitter, Google, Facebook, And MoreAuthentication Using Twitter, Google, Facebook, And More
Authentication Using Twitter, Google, Facebook, And More
 
Addressing cyber security
Addressing cyber securityAddressing cyber security
Addressing cyber security
 
E-RBAC Development - A Risk Based Security Architecture Approach
E-RBAC Development - A Risk Based Security Architecture ApproachE-RBAC Development - A Risk Based Security Architecture Approach
E-RBAC Development - A Risk Based Security Architecture Approach
 
IT Infrastructure and Platforms
IT Infrastructure and PlatformsIT Infrastructure and Platforms
IT Infrastructure and Platforms
 
MIS - IT Infrastructure (Part I)
MIS - IT Infrastructure (Part I)MIS - IT Infrastructure (Part I)
MIS - IT Infrastructure (Part I)
 
ITIL v3 Foundation Overview
ITIL v3 Foundation OverviewITIL v3 Foundation Overview
ITIL v3 Foundation Overview
 
Intro To Hadoop
Intro To HadoopIntro To Hadoop
Intro To Hadoop
 
It infrastructure hardware and software
It infrastructure hardware and softwareIt infrastructure hardware and software
It infrastructure hardware and software
 
History of Business Intelligence
History of Business IntelligenceHistory of Business Intelligence
History of Business Intelligence
 
Big Data & Hadoop Tutorial
Big Data & Hadoop TutorialBig Data & Hadoop Tutorial
Big Data & Hadoop Tutorial
 
Hadoop introduction , Why and What is Hadoop ?
Hadoop introduction , Why and What is Hadoop ?Hadoop introduction , Why and What is Hadoop ?
Hadoop introduction , Why and What is Hadoop ?
 
Big data ppt
Big data pptBig data ppt
Big data ppt
 
Big data and Hadoop
Big data and HadoopBig data and Hadoop
Big data and Hadoop
 
What is Big Data?
What is Big Data?What is Big Data?
What is Big Data?
 
Big data ppt
Big data pptBig data ppt
Big data ppt
 

Ähnlich wie Implementing ASP.NET Role Based Security

Rediscovering Spring with Spring Boot(1)
Rediscovering Spring with Spring Boot(1)Rediscovering Spring with Spring Boot(1)
Rediscovering Spring with Spring Boot(1)
Gunith Devasurendra
 
Asp Net Advance Topics
Asp Net Advance TopicsAsp Net Advance Topics
Asp Net Advance Topics
Ali Taki
 
Hands-On Lab: Improve large network visibility and operational efficiency wit...
Hands-On Lab: Improve large network visibility and operational efficiency wit...Hands-On Lab: Improve large network visibility and operational efficiency wit...
Hands-On Lab: Improve large network visibility and operational efficiency wit...
CA Technologies
 
Data Mining for Developers
Data Mining for DevelopersData Mining for Developers
Data Mining for Developers
llangit
 
09 - express nodes on the right angle - vitaliy basyuk - it event 2013 (5)
09 - express nodes on the right angle - vitaliy basyuk - it event 2013 (5)09 - express nodes on the right angle - vitaliy basyuk - it event 2013 (5)
09 - express nodes on the right angle - vitaliy basyuk - it event 2013 (5)
Igor Bronovskyy
 
Ch 04 asp.net application
Ch 04 asp.net application Ch 04 asp.net application
Ch 04 asp.net application
Madhuri Kavade
 

Ähnlich wie Implementing ASP.NET Role Based Security (20)

Saying goodbye to SQL Server 2000
Saying goodbye to SQL Server 2000Saying goodbye to SQL Server 2000
Saying goodbye to SQL Server 2000
 
Java Web Programming on Google Cloud Platform [1/3] : Google App Engine
Java Web Programming on Google Cloud Platform [1/3] : Google App EngineJava Web Programming on Google Cloud Platform [1/3] : Google App Engine
Java Web Programming on Google Cloud Platform [1/3] : Google App Engine
 
Rediscovering Spring with Spring Boot(1)
Rediscovering Spring with Spring Boot(1)Rediscovering Spring with Spring Boot(1)
Rediscovering Spring with Spring Boot(1)
 
dokumen.tips_rediscovering-spring-with-spring-boot1 (1).pdf
dokumen.tips_rediscovering-spring-with-spring-boot1 (1).pdfdokumen.tips_rediscovering-spring-with-spring-boot1 (1).pdf
dokumen.tips_rediscovering-spring-with-spring-boot1 (1).pdf
 
dokumen.tips_rediscovering-spring-with-spring-boot1.pdf
dokumen.tips_rediscovering-spring-with-spring-boot1.pdfdokumen.tips_rediscovering-spring-with-spring-boot1.pdf
dokumen.tips_rediscovering-spring-with-spring-boot1.pdf
 
Google App Engine
Google App EngineGoogle App Engine
Google App Engine
 
SpringBootCompleteBootcamp.pptx
SpringBootCompleteBootcamp.pptxSpringBootCompleteBootcamp.pptx
SpringBootCompleteBootcamp.pptx
 
SQL Server - High availability
SQL Server - High availabilitySQL Server - High availability
SQL Server - High availability
 
Sql server basics
Sql server basicsSql server basics
Sql server basics
 
Professional Recycling - SSIS Custom Control Flow Components With Visual Stud...
Professional Recycling - SSIS Custom Control Flow Components With Visual Stud...Professional Recycling - SSIS Custom Control Flow Components With Visual Stud...
Professional Recycling - SSIS Custom Control Flow Components With Visual Stud...
 
SharePoint Object Model, Web Services and Events
SharePoint Object Model, Web Services and EventsSharePoint Object Model, Web Services and Events
SharePoint Object Model, Web Services and Events
 
2009 - NRW Conf: (ASP).NET Membership
2009 - NRW Conf: (ASP).NET Membership2009 - NRW Conf: (ASP).NET Membership
2009 - NRW Conf: (ASP).NET Membership
 
Windows Azure and a little SQL Data Services
Windows Azure and a little SQL Data ServicesWindows Azure and a little SQL Data Services
Windows Azure and a little SQL Data Services
 
Road Show Asp Net
Road Show Asp NetRoad Show Asp Net
Road Show Asp Net
 
Asp Net Advance Topics
Asp Net Advance TopicsAsp Net Advance Topics
Asp Net Advance Topics
 
Hands-On Lab: Improve large network visibility and operational efficiency wit...
Hands-On Lab: Improve large network visibility and operational efficiency wit...Hands-On Lab: Improve large network visibility and operational efficiency wit...
Hands-On Lab: Improve large network visibility and operational efficiency wit...
 
Data Mining for Developers
Data Mining for DevelopersData Mining for Developers
Data Mining for Developers
 
Azure Data platform
Azure Data platformAzure Data platform
Azure Data platform
 
09 - express nodes on the right angle - vitaliy basyuk - it event 2013 (5)
09 - express nodes on the right angle - vitaliy basyuk - it event 2013 (5)09 - express nodes on the right angle - vitaliy basyuk - it event 2013 (5)
09 - express nodes on the right angle - vitaliy basyuk - it event 2013 (5)
 
Ch 04 asp.net application
Ch 04 asp.net application Ch 04 asp.net application
Ch 04 asp.net application
 

Mehr von Dean Willson

Mehr von Dean Willson (12)

Intro to the Internet of Things using Netduino
Intro to the Internet of Things using NetduinoIntro to the Internet of Things using Netduino
Intro to the Internet of Things using Netduino
 
Index Reorganization and Rebuilding for Success
Index Reorganization and Rebuilding for SuccessIndex Reorganization and Rebuilding for Success
Index Reorganization and Rebuilding for Success
 
Automating sql server daily health checks
Automating sql server daily health checksAutomating sql server daily health checks
Automating sql server daily health checks
 
Visual Studio 2012 Productivity Tools
Visual Studio 2012 Productivity ToolsVisual Studio 2012 Productivity Tools
Visual Studio 2012 Productivity Tools
 
Intro to Powershell
Intro to PowershellIntro to Powershell
Intro to Powershell
 
Continuous improvement in a professional organization
Continuous improvement in a professional organizationContinuous improvement in a professional organization
Continuous improvement in a professional organization
 
Database Source Control
Database Source ControlDatabase Source Control
Database Source Control
 
Career Transitions - Ball State University, Six Sigma Speakers Series
Career Transitions - Ball State University, Six Sigma Speakers SeriesCareer Transitions - Ball State University, Six Sigma Speakers Series
Career Transitions - Ball State University, Six Sigma Speakers Series
 
Introduction to SQL Server 2008 Management Data Warehouse (MDW)
Introduction to SQL Server 2008 Management Data Warehouse (MDW)Introduction to SQL Server 2008 Management Data Warehouse (MDW)
Introduction to SQL Server 2008 Management Data Warehouse (MDW)
 
Introduction to SSRS Report Builder
Introduction to SSRS Report BuilderIntroduction to SSRS Report Builder
Introduction to SSRS Report Builder
 
Data Mining with SQL Server 2005
Data Mining with SQL Server 2005Data Mining with SQL Server 2005
Data Mining with SQL Server 2005
 
Designing For Occasionally Connected Apps Slideshare
Designing For Occasionally Connected Apps SlideshareDesigning For Occasionally Connected Apps Slideshare
Designing For Occasionally Connected Apps Slideshare
 

Kürzlich hochgeladen

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
Earley Information Science
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
UK Journal
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
Delhi Call girls
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
Delhi Call girls
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Safe Software
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
Delhi Call girls
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
Enterprise Knowledge
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Joaquim Jorge
 

Kürzlich hochgeladen (20)

Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 

Implementing ASP.NET Role Based Security

  • 1. FortWayne .Net User Group – First presented on January 8, 2008 DeanWillson Systemental, Inc.
  • 2. About Me  Work for Systemental, Inc as a Consultant and Software Developer  Software development to support Corporate business process improvement since 2000 (Mostly to support Lean or Continuous Improvement Initiatives)  .Net since 2004  Mfg. Eng. Technology degrees from Ball State University  Certified Six Sigma Black Belt
  • 3. Scope of presentation  Conceptual review  Provider Model  Tools (development and maintenance)  Code examples  Login Controls – Declarative Control Templates  Install/Config, Aspnetdb  Web.config settings  Code-behind User.IsInRole  Miscellaneous  Global.asax populate IPrincipal
  • 4. .Net Security Providers  Prebuilt Membership and Role Providers for managing security (and personalization). Built-in providers:  SQL Server  SQL Express (used during presentation)  Active Directory  Provider based so you can create your own Custom providers (MySQL, XML, Custom)
  • 5. Tools – Development & Maintenance  Development  Login Controls  CreateUserWizard  Login, LoginView, LoginStatus, LoginName  PasswordRecovery, ChangePassword  Maintenance  WSAT – Web Site Administration Tool (Visual Studio: Website  ASP.Net Configuration)  Roll-Your-Own admin  Peter Kellner’s Membership Editor
  • 6. Code Samples  NUFWStarting website  Initial project with Gridviews for two different roles HR and Sales (in separate Panels)  Objective is to add login and role based security functionality for the two roles  NUFWFinished website  After adding login and role based security (added during presentation  NUFWAdv website  Showed how to install the aspnetdb Membership database to another existing database (AdventureWorks) then use it. More like a production deployment scenario. Note changes to connection string.  Shows use of global.asax to populate Roles into GenericPrincipal from an XML file while using the Membership db for the User Authentication
  • 7. Web.config settings – con strings Application App_Data/aspnetdb.mdf (from the machine.config): <connectionStrings> <add name="LocalSqlServer" connectionString="data source=.SQLEXPRESS;Integrated Security=SSPI;AttachDBFilename=| DataDirectory|aspnetdb.mdf;User Instance=true" providerName="System.Data.SqlClient" /> </connectionStrings> If using SQL Server (full version or custom db/connection): <connectionStrings> <remove name="LocalSqlServer" /> <add name="LocalSqlServer" connectionString="Data Source=(local);Initial Catalog=aspnetdb;User ID=USER;Password=PASS" providerName="System.Data.SqlClient" /> </connectionStrings>
  • 8. Web.config –Authentication, Authorization <roleManager enabled="true" cookieTimeout="5000000" createPersistentCookie="true" /> (from machine.config): <roleManager> <providers> <add name="AspNetSqlRoleProvider“ connectionStringName="LocalSqlServer" applicationName="/" type="System.Web.Security.SqlRoleProvider, ..." /> </providers> </roleManager> <authentication mode="Forms"> <forms loginUrl="Login.aspx" defaultUrl="Default.aspx"></forms> </authentication>
  • 9. Web.config – restrict access <system.web> <authorization> <allow roles="Admin"/> <deny users="*,?"/> </authorization> </system.web>
  • 10. Custom Install Membership Database aspnetdb  Separate Membership database to be used by entire server  Add Membership to an existing database  C:WINDOWSMicrosoft.NETFrameworkv2.0.5 0727aspnet_regsql.exe
  • 11. Wizard – add membership DDL  C:WINDOWSMicrosoft.NETFramework v2.0.50727aspnet_regsql.exe –W
  • 12. Next
  • 15. Done
  • 16. Before and After the Wizard
  • 18. WSAT – Web Site Admin Tool
  • 21. References  ASP.NET 2.0 Anthology Sitepoint 2007  ASP.Net 2.0 Membership, Roles, Forms Authentication, and Security Resources by Scott Guthrie http://weblogs.asp.net/scottgu/archive/2006/02/24/ASP.NET-2.0- Membership_2C00_-Roles_2C00_-Forms-Authentication_2C00_- and-Security-Resources-.aspx  Peter Kellner’s Membership Editor  http://msdn2.microsoft.com/en-us/library/aa478958.aspx  Introducing Microsoft Visual Basic 2005 For Developers Microsoft Press 2005  http://www.odetocode.com/Articles/428.aspx  Security for Microsoft Visual Basic .Net Microsoft Press 2003
  • 22. Thank you!  Websites  http://www.systemental.com  http://www.LeanProjectManager.com  Blog  http://dean-o.blogspot.com/  http://practicalhoshin.blogspot.com  Twitter  @deanwillson  Email  dean@systemental.com
  • 23. AD Provider <connectionStrings> <add name="ADConnectionString" connectionString="LDAP://testdomain.test.com/CN=Users,DC=testdo main,DC=test,DC=com" /> </connectionStrings> <authorization> <membership defaultProvider="MyADMembershipProvider"> <providers> <add name="MyADMembershipProvider" type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" connectionStringName="ADConnectionString" connectionUsername="testdomainadministrator" connectionPassword="password"/> </providers> </membership> </authorization>

Hinweis der Redaktion

  1. updated 6/10/2010 to add SQL Server membership provider ddl wizard screenshots