Ce diaporama a bien été signalé.
Nous utilisons votre profil LinkedIn et vos données d’activité pour vous proposer des publicités personnalisées et pertinentes. Vous pouvez changer vos préférences de publicités à tout moment.
Daniel Fisher
daniel.fisher@devcoach.com
 In the .NET Framework since the beginning
 Part of ASP.NET
• But who cares 
Membership.ValidateUser(userName, password);
Var user = Membership.GetUser(1);
user.Email = "info@lennybacon.com";
Members...
const string adminRole = "Administrator";
if(!Roles.Role.Exists(adminRole))
{
Role.CreateRole(adminRole);
}
IPrinciple use...
 An essential part of the .NET Framework
• System.Threading
• System.Environment
• ...
 Membership API is provider based
Membership API
Configuration
Membership ProviderMembership ProviderMembership ProviderM...
<configuration>
<system.Web>
<membership defaultProvider="SqlProvider">
<providers>
<add
name="SqlProvider"
...
/>
<provid...
protected MembershipProvider();
public abstract bool ChangePassword();
public abstract bool ChangePasswordQuestionAndAnswe...
public abstract string ApplicationName { get; set; }
public abstract bool EnablePasswordReset { get; }
public abstract boo...
 There are not only ASP.NET Web
Applications
• AJAX
• Desktop
• Web Services
• Rich Internet Applications
 ASP.NET AJAX supports Membership
authentication out of the box.
 Just enable it in the config
<configuration>
<system.web.extensions>
<scripting>
<webServices>
<authenticationService enabled="true" />
</webServices>
...
 Visual Studio 2008 offers desktop
applications to enable Membership features
with "one click".
 Microsoft ships a provider for
• ASP.NET Database schema
• Windows Accounts
• Active directory
 The API offers full adm...
 Windows Communications Foundation is
one of the most pluggable and configurable
thing the world has seen.
 Of course th...
 Derive from the base class
UserNamePasswordValidator.
Override the method Validate.
 Configure the class in the service...
<configuration>
<system.serviceModel>
<behaviors>
<serviceBehaviors>
<behavior name="MyBahavior">
<serviceCredentials>
<us...
 Implement the interface
IAuthorizationPolicy.
 Configure the extension in the service
behavior section as service autho...
<configuration>
<system.serviceModel>
<behaviors>
<serviceBehaviors>
<behavior name="MyBahavior">
<serviceAuthorization
pr...
 There is no Membership in Silverlight
• But we can use the AJAX API...
 So the limiting factor is the network
connectiv...
devcoach®SOFTWARE://DEVELOPMENT+ARCHITECTURE+CONSULTING
2009 - NRW Conf: (ASP).NET Membership
2009 - NRW Conf: (ASP).NET Membership
2009 - NRW Conf: (ASP).NET Membership
2009 - NRW Conf: (ASP).NET Membership
2009 - NRW Conf: (ASP).NET Membership
2009 - NRW Conf: (ASP).NET Membership
2009 - NRW Conf: (ASP).NET Membership
2009 - NRW Conf: (ASP).NET Membership
2009 - NRW Conf: (ASP).NET Membership
2009 - NRW Conf: (ASP).NET Membership
2009 - NRW Conf: (ASP).NET Membership
2009 - NRW Conf: (ASP).NET Membership
Prochain SlideShare
Chargement dans…5
×

2009 - NRW Conf: (ASP).NET Membership

(ASP).NET Membership

  • Soyez le premier à commenter

2009 - NRW Conf: (ASP).NET Membership

  1. 1. Daniel Fisher daniel.fisher@devcoach.com
  2. 2.  In the .NET Framework since the beginning  Part of ASP.NET • But who cares 
  3. 3. Membership.ValidateUser(userName, password); Var user = Membership.GetUser(1); user.Email = "info@lennybacon.com"; Membership.UpdateUser(user);
  4. 4. const string adminRole = "Administrator"; if(!Roles.Role.Exists(adminRole)) { Role.CreateRole(adminRole); } IPrinciple user = HttpContext.Current.User; User.IsInRole(adminRole);
  5. 5.  An essential part of the .NET Framework • System.Threading • System.Environment • ...
  6. 6.  Membership API is provider based Membership API Configuration Membership ProviderMembership ProviderMembership ProviderMembership Provider Membership Provider
  7. 7. <configuration> <system.Web> <membership defaultProvider="SqlProvider"> <providers> <add name="SqlProvider" ... /> <providers> </membership> </system.Web> </configuration>
  8. 8. protected MembershipProvider(); public abstract bool ChangePassword(); public abstract bool ChangePasswordQuestionAndAnswer(); public abstract MembershipUser CreateUser(); protected virtual byte[] DecryptPassword(); public abstract bool DeleteUser(); internal string EncodePassword(); protected virtual byte[] EncryptPassword(); public abstract MembershipUserCollection FindUsersByEmail(); public abstract MembershipUserCollection FindUsersByName(); internal string GenerateSalt(); public abstract MembershipUserCollection GetAllUsers(); public abstract int GetNumberOfUsersOnline(); public abstract string GetPassword(string username, string answer); public abstract MembershipUser GetUser(); public abstract MembershipUser GetUser(); internal MembershipUser GetUser(); public abstract string GetUserNameByEmail(); protected virtual void OnValidatingPassword(); public abstract string ResetPassword(); internal string UnEncodePassword(); public abstract bool UnlockUser(); public abstract void UpdateUser(); public abstract bool ValidateUser();
  9. 9. public abstract string ApplicationName { get; set; } public abstract bool EnablePasswordReset { get; } public abstract bool EnablePasswordRetrieval { get; } public abstract int MaxInvalidPasswordAttempts { get; } public abstract int MinRequiredNonAlphanumericCharacters { get; } public abstract int MinRequiredPasswordLength { get; } public abstract int PasswordAttemptWindow { get; } public abstract MembershipPasswordFormat PasswordFormat { get; } public abstract string PasswordStrengthRegularExpression { get; } public abstract bool RequiresQuestionAndAnswer { get; } public abstract bool RequiresUniqueEmail { get; }
  10. 10.  There are not only ASP.NET Web Applications • AJAX • Desktop • Web Services • Rich Internet Applications
  11. 11.  ASP.NET AJAX supports Membership authentication out of the box.  Just enable it in the config
  12. 12. <configuration> <system.web.extensions> <scripting> <webServices> <authenticationService enabled="true" /> </webServices> </scripting> </system.web.extensions> </configuration>
  13. 13.  Visual Studio 2008 offers desktop applications to enable Membership features with "one click".
  14. 14.  Microsoft ships a provider for • ASP.NET Database schema • Windows Accounts • Active directory  The API offers full administration of your authorization store • BUT... • The providers running against SAM/AD do not support a few things... • Like editing other user accounts 
  15. 15.  Windows Communications Foundation is one of the most pluggable and configurable thing the world has seen.  Of course this is also true for its security features.
  16. 16.  Derive from the base class UserNamePasswordValidator. Override the method Validate.  Configure the class in the service behavior section as service credentials to use.
  17. 17. <configuration> <system.serviceModel> <behaviors> <serviceBehaviors> <behavior name="MyBahavior"> <serviceCredentials> <userNameAuthentication customUserNamePasswordValidatorType="..." userNamePasswordValidationMode="Custom" /> </serviceCredentials> </behavior> </serviceBehaviors> </system.serviceModel> </configuration>
  18. 18.  Implement the interface IAuthorizationPolicy.  Configure the extension in the service behavior section as service authorization to use.
  19. 19. <configuration> <system.serviceModel> <behaviors> <serviceBehaviors> <behavior name="MyBahavior"> <serviceAuthorization principalPermissionMode="Custom"> <authorizationPolicies> <add policyType="..."/> </authorizationPolicies> </serviceAuthorization> </behavior> </serviceBehaviors> </system.serviceModel> </configuration>
  20. 20.  There is no Membership in Silverlight • But we can use the AJAX API...  So the limiting factor is the network connectivity...
  21. 21. devcoach®SOFTWARE://DEVELOPMENT+ARCHITECTURE+CONSULTING

×