Contenu connexe Similaire à 2009 - NRW Conf: (ASP).NET Membership (20) Plus de Daniel Fisher (15) 2009 - NRW Conf: (ASP).NET Membership4. In the .NET Framework since the beginning
Part of ASP.NET
• But who cares
6. const string adminRole = "Administrator";
if(!Roles.Role.Exists(adminRole))
{
Role.CreateRole(adminRole);
}
IPrinciple user = HttpContext.Current.User;
User.IsInRole(adminRole);
7. An essential part of the .NET Framework
• System.Threading
• System.Environment
• ...
9. Membership API is provider based
Membership API
Configuration
Membership ProviderMembership ProviderMembership ProviderMembership Provider
Membership Provider
11. protected MembershipProvider();
public abstract bool ChangePassword();
public abstract bool ChangePasswordQuestionAndAnswer();
public abstract MembershipUser CreateUser();
protected virtual byte[] DecryptPassword();
public abstract bool DeleteUser();
internal string EncodePassword();
protected virtual byte[] EncryptPassword();
public abstract MembershipUserCollection FindUsersByEmail();
public abstract MembershipUserCollection FindUsersByName();
internal string GenerateSalt();
public abstract MembershipUserCollection GetAllUsers();
public abstract int GetNumberOfUsersOnline();
public abstract string GetPassword(string username, string answer);
public abstract MembershipUser GetUser();
public abstract MembershipUser GetUser();
internal MembershipUser GetUser();
public abstract string GetUserNameByEmail();
protected virtual void OnValidatingPassword();
public abstract string ResetPassword();
internal string UnEncodePassword();
public abstract bool UnlockUser();
public abstract void UpdateUser();
public abstract bool ValidateUser();
12. public abstract string ApplicationName { get; set; }
public abstract bool EnablePasswordReset { get; }
public abstract bool EnablePasswordRetrieval { get; }
public abstract int MaxInvalidPasswordAttempts { get; }
public abstract int MinRequiredNonAlphanumericCharacters { get; }
public abstract int MinRequiredPasswordLength { get; }
public abstract int PasswordAttemptWindow { get; }
public abstract MembershipPasswordFormat PasswordFormat { get; }
public abstract string PasswordStrengthRegularExpression { get; }
public abstract bool RequiresQuestionAndAnswer { get; }
public abstract bool RequiresUniqueEmail { get; }
15. There are not only ASP.NET Web
Applications
• AJAX
• Desktop
• Web Services
• Rich Internet Applications
16. ASP.NET AJAX supports Membership
authentication out of the box.
Just enable it in the config
19. Visual Studio 2008 offers desktop
applications to enable Membership features
with "one click".
21. Microsoft ships a provider for
• ASP.NET Database schema
• Windows Accounts
• Active directory
The API offers full administration of your
authorization store
• BUT...
• The providers running against SAM/AD do not
support a few things...
• Like editing other user accounts
22. Windows Communications Foundation is
one of the most pluggable and configurable
thing the world has seen.
Of course this is also true for its security
features.
23. Derive from the base class
UserNamePasswordValidator.
Override the method Validate.
Configure the class in the service behavior
section as service credentials to use.
25. Implement the interface
IAuthorizationPolicy.
Configure the extension in the service
behavior section as service authorization to
use.
28. There is no Membership in Silverlight
• But we can use the AJAX API...
So the limiting factor is the network
connectivity...
Notes de l'éditeur PROVIDE YOU SESSION CODE AND NAME AS IT WAS DEFINED BY AGENDA OWNERS.
WELCOME ATTENDEES. INTRODUCE YOURSELF AND YOUR SESSION. Einlauf der Stuardessen/Stewads und präsentation der Sicherheitsvorkehrungen Vater ich habe gesündigt!!! - ASP.NET Authorization
- Roles based security - ASP.NET Authorization
- Roles based security - ASP.NET Authorization
- Roles based security - ASP.NET Authorization
- Roles based security - ASP.NET Authorization
- Roles based security - ASP.NET Authorization
- Roles based security - ASP.NET Authorization
- Roles based security PROVIDE 5 MIN BEFORE SESSION ENDS FOR Q&A. - ASP.NET Authorization
- Roles based security