ASP.NET Membership

Labels
AJAX(112) App Studio(7) Apple(1) Application Builder(245) Application Factory(207) ASP.NET(95) ASP.NET 3.5(45) ASP.NET Code Generator(72) ASP.NET Membership(28) Azure(18) Barcode(2) Barcodes(3) BLOB(18) Business Rules(1) Business Rules/Logic(140) BYOD(13) Caching(2) Calendar(5) Charts(29) Cloud(14) Cloud On Time(2) Cloud On Time for Windows 7(2) Code Generator(54) Collaboration(11) command line(1) Conflict Detection(1) Content Management System(12) COT Tools for Excel(26) CRUD(1) Custom Actions(1) Data Aquarium Framework(122) Data Sheet(9) Data Sources(22) Database Lookups(50) Deployment(22) Designer(177) Device(1) DotNetNuke(12) EASE(20) Email(6) Features(101) Firebird(1) Form Builder(14) Globalization and Localization(6) How To(1) Hypermedia(2) Inline Editing(1) Installation(5) JavaScript(20) Kiosk(1) Low Code(3) Mac(1) Many-To-Many(4) Maps(6) Master/Detail(36) Microservices(4) Mobile(63) Mode Builder(3) Model Builder(3) MySQL(10) Native Apps(5) News(18) OAuth(9) OAuth Scopes(1) OAuth2(12) Offline(20) Offline Apps(4) Offline Sync(5) Oracle(10) PKCE(2) PostgreSQL(2) PWA(2) QR codes(2) Rapid Application Development(5) Reading Pane(2) Release Notes(180) Reports(48) REST(29) RESTful(29) RESTful Workshop(15) RFID tags(1) SaaS(7) Security(81) SharePoint(12) SPA(6) SQL Anywhere(3) SQL Server(26) SSO(1) Stored Procedure(4) Teamwork(15) Tips and Tricks(87) Tools for Excel(2) Touch UI(93) Transactions(5) Tutorials(183) Universal Windows Platform(3) User Interface(338) Video Tutorial(37) Web 2.0(100) Web App Generator(101) Web Application Generator(607) Web Form Builder(40) Web.Config(9) Workflow(28)
Archive
Blog
ASP.NET Membership
Thursday, November 8, 2012PrintSubscribe
Advanced Membership Provider for SQL Server

Requirements

An advanced membership and role provider requires three tables.

One table keeps track of user information. This information includes the UserName, Email, and a Comment. Additional columns allow for implementation of a password question and answer in order to recover a forgotten password. When users are created, they can not be approved by default. Additional information is captured about the most recent login, activity, and change of password. When a user inputs an incorrect password past the limit, the user will become locked out. The number of failed attempts and most recent failed attempt will be stored.

Two tables are required to keep track of roles and associations of users with roles.

These are the advanced membership and role provider tables with “identity” primary keys.

Advanced membership and role provider using identity primary keys.

SQL:

create table Users (
    UserID int identity not null primary key,
    UserName nvarchar(128) not null,
    Password nvarchar(128) not null,
    Email nvarchar(128),
    Comment ntext,
    PasswordQuestion nvarchar(256),
    PasswordAnswer nvarchar(128),
    IsApproved bit not null,
    LastActivityDate datetime not null,
    LastLoginDate datetime not null,
    LastPasswordChangedDate datetime not null,
    CreationDate datetime not null,
    IsLockedOut bit not null,
    LastLockedOutDate datetime not null,
    FailedPasswordAttemptCount int not null,
    FailedPasswordAttemptWindowStart datetime not null,
    FailedPasswordAnswerAttemptCount int not null,
    FailedPasswordAnswerAttemptWindowStart datetime not null
)
go

create table Roles (
   RoleID int identity not null primary key,
   RoleName nvarchar(50)
)
go

create table UserRoles (
    UserID int not null,
    RoleID int not null,
    primary key(UserID, RoleID)
)
go

alter table UserRoles with check add constraint FK_UserRoles_Roles 
foreign key (RoleID) references Roles (RoleID)

alter table UserRoles with check add constraint FK_UserRoles_Users 
foreign key (UserID) references Users (UserID)

These are the advanced membership and role provider tables with “unique identifier” primary keys.

Advanced membership and role provider using unique identifier primary keys.

SQL:

create table Users (
    UserID uniqueidentifier not null default newid() primary key,
    UserName nvarchar(128) not null,
    Password nvarchar(128) not null,
    Email nvarchar(128),
    Comment ntext,
    PasswordQuestion nvarchar(256),
    PasswordAnswer nvarchar(128),
    IsApproved bit not null,
    LastActivityDate datetime not null,
    LastLoginDate datetime not null,
    LastPasswordChangedDate datetime not null,
    CreationDate datetime not null,
    IsLockedOut bit not null,
    LastLockedOutDate datetime not null,
    FailedPasswordAttemptCount int not null,
    FailedPasswordAttemptWindowStart datetime not null,
    FailedPasswordAnswerAttemptCount int not null,
    FailedPasswordAnswerAttemptWindowStart datetime not null
)
go

create table Roles (
   RoleID uniqueidentifier not null default newid() primary key,
   RoleName nvarchar(50)
)
go

create table UserRoles (
    UserID uniqueidentifier not null,
    RoleID uniqueidentifier not null,
    primary key(UserID, RoleID)
)
go

alter table UserRoles with check add constraint FK_UserRoles_Roles 
foreign key (RoleID) references Roles (RoleID)

alter table UserRoles with check add constraint FK_UserRoles_Users 
foreign key (UserID) references Users (UserID)

Configuration

Use one of the scripts above to create the membership and role provider tables in your database.

Start Code On Time web application generator, select the project name on the start page, and choose Settings. Select Authentication and Membership.

Select “Enable custom membership and role providers” option and enter the following configuration settings.

table Users = Users
column [int|uiid] UserID = UserID
column [text] UserName = UserName
column [text] Password = Password
column [text] Email = Email
column [text] Comment = Comment
column [text] PasswordQuestion = PasswordQuestion
column [text] PasswordAnswer = PasswordAnswer
column [bool] IsApproved = IsApproved
column [date] LastActivityDate = LastActivityDate
column [date] LastLoginDate = LastLoginDate
column [date] LastPasswordChangedDate = LastPasswordChangedDate
column [date] CreationDate = CreationDate
column [bool] IsLockedOut = IsLockedOut
column [date] LastLockedOutDate = LastLockedOutDate
column [int]  FailedPasswordAttemptCount = FailedPasswordAttemptCount
column [date] FailedPasswordAttemptWindowStart = FailedPasswordAttemptWindowStart
column [int]  FailedPasswordAnswerAttemptCount = FailedPasswordAnswerAttemptCount
column [date] FailedPasswordAnswerAttemptWindowStart = FailedPasswordAnswerAttemptWindowStart

table Roles = Roles
column [int|uiid] RoleID = RoleID
column [text] RoleName = RoleName

table UserRoles = UserRoles
column [int|uiid] UserID = UserID
column [int|uiid] RoleID =  RoleID

The configuration will guide the code generator in mapping the logical tables Users, Roles, and UserRoles to the physical tables in the database.

Generate the project to create the custom membership and role provider.

Labels: Application Factory, ASP.NET Membership, Designer, Security, SQL Server, Tutorials, Web App Generator
Thursday, November 8, 2012PrintSubscribe
Basic Membership Provider for SQL Server

Requirements

A basic membership provider requires a dedicated table to keep track of user names, passwords, and emails.

A role provider will require two tables to keep track of roles and associations of users with roles.

These are the basic membership and role provider tables with “identity” primary keys.

Basic Membership Provider database diagram using int as primary key.

SQL:

create table Users (
    UserID int identity not null primary key,
    UserName nvarchar(128) not null,
    Password nvarchar(128) not null,
    Email nvarchar(128)
)
go

create table Roles (
   RoleID int identity not null primary key,
   RoleName nvarchar(50)
)
go

create table UserRoles (
    UserID int not null,
    RoleID int not null,
    primary key(UserID, RoleID)
)
go

alter table UserRoles with check add constraint FK_UserRoles_Roles 
foreign key (RoleID) references Roles (RoleID)

alter table UserRoles with check add constraint FK_UserRoles_Users 
foreign key (UserID) references Users (UserID)

These are the basic membership and role provider tables with “unique identifier” primary keys.

Basic Membership Provider database diagram using unique identifier as primary key.

SQL:

create table Users (
    UserID uniqueidentifier not null default newid() primary key,
    UserName nvarchar(128) not null,
    Password nvarchar(128) not null,
    Email nvarchar(128)
)
go

create table Roles (
   RoleID uniqueidentifier not null default newid() primary key,
   RoleName nvarchar(50)
)
go

create table UserRoles (
    UserID uniqueidentifier not null,
    RoleID uniqueidentifier not null,
    primary key(UserID, RoleID)
)
go

alter table UserRoles with check add constraint FK_UserRoles_Roles 
foreign key (RoleID) references Roles (RoleID)

alter table UserRoles with check add constraint FK_UserRoles_Users 
foreign key (UserID) references Users (UserID)

Configuration

Use one of the scripts above to create the tables in your database.

Start Code On Time web application generator, select the project name on the start page, and choose Settings. Select Authentication and Membership.

Select “Enable custom membership and role providers” option and enter the following configuration settings.

table Users = Users
column [int|uiid] UserID = UserID
column [text] UserName = UserName
column [text] Password = Password
column [text] Email = Email

table Roles = Roles
column [int|uiid] RoleID = RoleID
column [text] RoleName = RoleName
 
table UserRoles = UserRoles
column [int|uiid] UserID = UserID
column [int|uiid] RoleID = RoleID

The configuration will guide the code generator in mapping the logical tables Users, Roles, and UserRoles to the physical tables in the database.

Generate the project to create the custom membership and role provider.

Labels: Application Factory, ASP.NET Membership, Designer, Security, SQL Server, Tutorials, Web Application Generator
Wednesday, November 7, 2012PrintSubscribe
Comparing Fly-Over Login and Dedicated Login Page

If custom membership and role providers are enabled for a project then the application is configured to expose the page with the name Home to anonymous users. A link on a membership bar allows activating the fly-over Login window.

A fly-over login window in web app with custom membership and role providers created with Code OnTime application generator

Developers can re-design the page Home by removing the standard user controls and adding the custom ones. Standard user controls display a site map and login instructions.

Additional pages can be exposed to end users if their Roles property is set to “?”.

For example, create a new page MySiteMap, set its Roles property to “?” (do not copy the double quotes). Activate User Controls tab in Project Explorer, right-click the user control node TableOfContents and choose “Copy”. “Paste” the user control on the new page. Right-click the page and choose “View in Browser”.

The new page will be visible to anonymous users along with Home page.

A page of a web app is exposed to anonymous users if its 'Roles' property is set to '?'

A dedicated login page can “greet” users when they access the web app.

Select the project on the start page of application generator, choose Settings, and proceed to Authentication and Membership. Choose Login Window section and enable a dedicated login page instead of a fly-over login window. Click Finish button.

Select Refresh action to ensure that the dedicated login page is included in the application design. Do not choose any data controllers in Refresh Dialog and simply proceed to refresh the project by clicking on Refresh button.

Generate the project. A dedicated page will be displayed asking users to sign in.

A standard dedicated login page created by application generator

If you need to change the layout of the login page, then activate Project Designer. Select User Controls tab in Project Explorer. Right-click Login user control node and select “Edit in Visual Studio” option in context menu.

Activating Visual Studio to modify the 'Login' user control

Visual Studio will start and display the definition of the user control. The user control is configured to be generated “First Time Only”. Any changes done in Visual Studio will persist between sessions of code generation.

Notice that the pages available to anonymous users are still accessible if the URL of the page is known.

For example,  an anonymous user can access MySiteMap page created above by entering the URL directly in the address bar of a web browser without being required to sign in.

A page can be accessed directly in web app with a dedicated login page if its 'Roles' property is set to '?'

An attempt to access a protected page will redirect an anonymous user to the dedicated login page.

Labels: Application Factory, ASP.NET Membership, Security, User Interface, Web Application Generator
Continue to Introducing Custom Membership and Role Providers
© 2024 Code On Time LLC. All rights reserved. All trademarks mentioned on this website are property of their respective owners.
Watch | Blog | Roadmap | Learn | Community | Support