ASP.NET Membership

Labels
AJAX(112) App Studio(7) Apple(1) Application Builder(245) Application Factory(207) ASP.NET(95) ASP.NET 3.5(45) ASP.NET Code Generator(72) ASP.NET Membership(28) Azure(18) Barcode(2) Barcodes(3) BLOB(18) Business Rules(1) Business Rules/Logic(140) BYOD(13) Caching(2) Calendar(5) Charts(29) Cloud(14) Cloud On Time(2) Cloud On Time for Windows 7(2) Code Generator(54) Collaboration(11) command line(1) Conflict Detection(1) Content Management System(12) COT Tools for Excel(26) CRUD(1) Custom Actions(1) Data Aquarium Framework(122) Data Sheet(9) Data Sources(22) Database Lookups(50) Deployment(22) Designer(177) Device(1) DotNetNuke(12) EASE(20) Email(6) Features(101) Firebird(1) Form Builder(14) Globalization and Localization(6) How To(1) Hypermedia(2) Inline Editing(1) Installation(5) JavaScript(20) Kiosk(1) Low Code(3) Mac(1) Many-To-Many(4) Maps(6) Master/Detail(36) Microservices(4) Mobile(63) Mode Builder(3) Model Builder(3) MySQL(10) Native Apps(5) News(18) OAuth(9) OAuth Scopes(1) OAuth2(13) Offline(20) Offline Apps(4) Offline Sync(5) Oracle(11) PKCE(2) Postgre SQL(1) PostgreSQL(2) PWA(2) QR codes(2) Rapid Application Development(5) Reading Pane(2) Release Notes(183) Reports(48) REST(29) RESTful(29) RESTful Workshop(15) RFID tags(1) SaaS(7) Security(81) SharePoint(12) SPA(6) SQL Anywhere(3) SQL Server(26) SSO(1) Stored Procedure(4) Teamwork(15) Tips and Tricks(87) Tools for Excel(2) Touch UI(93) Transactions(5) Tutorials(183) Universal Windows Platform(3) User Interface(338) Video Tutorial(37) Web 2.0(100) Web App Generator(101) Web Application Generator(607) Web Form Builder(40) Web.Config(9) Workflow(28)
Archive
Blog
ASP.NET Membership
Wednesday, November 7, 2012PrintSubscribe
Implementing User Management for a Web App With Custom Membership Provider

Create “Users” table in the application database using one of the scripts of a minimal membership and roles provider . Configure custom membership and generate the project.

Minimal Membership Provider in Action

The application will open in a default web browser. Move mouse pointer over the “Login” link and sign in using one of the two accounts automatically created by the app.

 A fly-over login dialog of a web app with custom membership and role providers created with Code On Time application generator

Optional standard user accounts are created when the application starts. Use SQL Management Studio to select records from “Users” table. Passwords “admin123%” and “user123%” of the corresponding user accounts are hashed by the membership provider.

Standard user accounts registered by custom membership provider in web app created with Code On Time

User Manager

Management of users can be seamlessly integrated in an application.

Select the project name on the start page of generator and choose Refresh. The Refresh window of Northwind project with selected Users table is shown next.

Click Refresh button to create Users data controller in the application.

Adding 'Users' table as a data controller to an existing project created with Code On Time web app generator

Select Design to activate the Project Designer.

Press “Ctrl” and “comma” keys simultaneously (Ctrl+,) to active the Navigate To window. Enter “users” in Search terms and click on the first match.

Locating "Users" page in project configuration of an app created with Code On Time

The corresponding page node will be displayed in Project Explorer. Drag the the page node to the desired location in the navigation menu.

Page "Users" in the application navigation menu

In the page properties enter Administrators to restrict access to the page. Only a user in Administrators role will be authorized to access the page. This snippet form the provider configuration does the job.

role Administrators = admin
role Users = admin, user
role Everybody = *

Right-click Users page node and choose View in Browser, sign in as admin / admin123% and click on user account. The form view editForm1 of data controller Users is shown in the screen shot

A user account displayed in 'editForm1' of data controller 'Uses'

The user manager will require some work:

  • The Password field is displayed as plain text. The value of the field must not be revealed to the users.
  • If a password is changed by administrator then the value must be hashed before it is stored in the database.
  • A new password must be validated according to the membership provider configuration.

Switch to Project Designer and navigate to Users data controller.

Data controller 'Users' with selected 'Password' data fields

Change Text Mode property of data field nodes Users / Views / editForm1 / c1 – Users and Users / Views / createForm1 / c1 – New Users to “Password”.

The password encryption and validation will require writing some code. Right-click Users / Business Rules node and choose “New Business Rule” option.

Configure the following properties:

Property Value
Type C# / Visual Basic
Command Name Update|Insert
Phase Before

Click “Generate” button on the designer tool bar. Wait for the app to display in the Preview Window and switch back to Project Designer. The placeholder file for the implementation of the business rule has been created. Right-click the business rule in Project Explorer and choose Edit in Visual Studio.

Activating Visual Studio to edit a 'code' business rule

Visual Studio will start with business rule code file ready for modification. Replace the contents with the following.

C#:

using System;
using System.Data;
using System.Collections.Generic;
using System.Linq;
using System.Text.RegularExpressions;
using System.Web;
using System.Web.Security;
using MyCompany.Data;
using MyCompany.Security;

namespace MyCompany.Rules
{
    public partial class UsersBusinessRules : MyCompany.Data.BusinessRules
    {
        
        /// <summary>
        /// This method will execute in any view before an action
        /// with a command name that matches "Insert|New".
        /// </summary>
        [Rule("r100")]
        public void r100Implementation(System.Guid? userID, string userName, 
FieldValue password) { if (password != null && password.Modified) { ApplicationMembershipProvider.ValidateUserPassword(userName,
(
string)password.NewValue); password.NewValue = ApplicationMembershipProvider.EncodeUserPassword((string)password.NewValue); } } } }

Visual Basic:

Imports MyCompany.Data
Imports System
Imports System.Collections.Generic
Imports System.Data
Imports System.Linq
Imports System.Text.RegularExpressions
Imports System.Web
Imports System.Web.Security
Imports MyCompany.Security

Namespace Rules

    Partial Public Class UsersBusinessRules
        Inherits MyCompany.Data.BusinessRules

        ''' <summary>
        ''' This method will execute in any view before an action
        ''' with a command name that matches "Update|Insert".
        ''' </summary>
        <Rule("r100")> _
        Public Sub r100Implementation(ByVal userID As Nullable(Of Integer), 
ByVal userName As String, ByVal password As FieldValue) If Not password Is Nothing And password.Modified Then ApplicationMembershipProvider.ValidateUserPassword(userName, password.NewValue) password.NewValue =
ApplicationMembershipProvider.EncodeUserPassword(password.NewValue) End If End Sub End Class End Namespace

The highlighted namespace MyCompany.Security links the namespace with the membership provider implementation to the code file.

The original type of the argument password has been changed from “String” to “FieldValue” to allow access to Modified and NewValue properties describing the password value submitted by the client application.

A call to the static method ValidateUserPassword checks conformance of a password with the membership provider configuration requirements. By default, a password must be at least seven characters long, and have at least one non-alphanumeric character. Use provider configuration options Min Requires Password Length and Min Required Non Alpha Numeric Characters to change that.

Next, the business rule will encode the password value according to the membership provider configuration. The default option requires password hashing.

Save the code file and refresh the Users page. Try creating a new user.

Password validation exceptions will be displayed to users.

Password validation errors displayed in a user manager in the app with custom membership and role providers

A successfully created user account will have its password “hashed”.

User password is 'hashed' when created in a user manager in a web app with custom membership and role provider

Sunday, November 4, 2012PrintSubscribe
Minimal Membership Provider for SQL Server

Requirements

A minimal membership provider requires a dedicated table to keep track of user names and passwords.

This is a sample “Users” table with “identity” primary key.

A user table with "identity" primary key allows keeping tracking of user names and passwords

SQL:

create table Users
(
     UserID int not null identity primary key,
     UserName nvarchar(128) not null,
     "Password" nvarchar(128) not null
)

Here is how the table may look with a “unique identifier” primary key.

A user table with "unique identifier" primary key allows keeping tracking of user names and passwords

SQL:

create table Users
(
    UserID uniqueidentifier not null default newid() primary key,
    UserName nvarchar(128) not null,
    "Password" nvarchar(128) not null
)

User roles are hardcoded in the minimal Role Provider implementation.

Configuration

Create a table in your database using one of  the scripts specified above.

Select the project name on the start page of the application generator and choose Settings.

Proceed to Authentication and Membership.

Select “Enable custom membership and role providers” option and enter the following configuration settings.

table Users=Users
column [int|uiid] UserID = UserId
column [text] UserName = UserName
column [text] Password = Password

role Administrators = admin
role Users = admin, user
role Everybody = *

The configuration maps logical table Users required for membership provider implementation to the physical database table Users. It also defines three user roles – Administrators, Users, and Everybody.

Generate the project.

Thursday, June 7, 2012PrintSubscribe
Lookup of User Identity

Both name and id of a user selected in a lookup window can be captured in a database table when necessary. Let’s set up a lookup field to capture both properties of the user identity.

Start SQL Server Management Studio. In the Object Explorer, right-click Database / Northwind / Tables / dbo.Orders table node, and select Design option.

Design Orders table in the Northwind database using SQL Server Management Studio.

Add two columns with the following settings:

Column Name Data Type Allow Nulls
OwnerID uniqueidentifier True
OwnerName nvarchar(50) True

Save the table modification. Refresh the Orders controller.

Refresh the Orders table.

Regenerate the project. Navigate to the Orders page, and edit a record. The OwnerID and OwnerName fields will be visible at the bottom of the form, but are currently only simple text boxes.

OwnerID and OwnerName fields are rendered as simple text boxes.

Let’s configure the OwnerID field as a User Id Lookup and have it copy the user name into OwnerName field. The OwnerName will become an alias of OwnerID data field. Only Administrators will be allowed to modify the owner of the record.

Start the Project Designer. In the Project Explorer, switch to the Controllers tab. Double-click on Orders / Fields / OwnerID field node.

OwnerID field in the Orders controller in Code On Time Project Explorer.

Make the following changes:

Property New Value
Items Style User Id Lookup
Copy OwnerName=UserName
“Write” Roles Administrators

Press OK to save the field. In the Project Explorer, double-click on Orders / Views / editForm1 / c1 – Orders / OwnerID data field node.

OwnerID data field of editForm1 view of Orders controller.

Assign an alias for the data field:

Property New Value
Alias OwnerName

Press OK to save the data field. In the Project Explorer, right-click on Orders / Views / editForm1 / c1 – Orders / OwnerName data field node, and select Delete option.

Delete OwnerName data field of editForm1 view in Orders controller.

Confirm the operation. On the toolbar, select Browse option to regenerate the web application.

Navigate to the Orders page, and edit a record. If your user account belongs to the Administrators role, then the field is rendered as a lookup.

OwnerName field rendered as a User Id Lookup.

Activate the lookup, and a lookup window will open and display a list of users.

List of users displayed in the lookup window.

Select a user from the lookup, and the name of the user will be copied into the field Owner Name.

User Name inserted into the Owner Name field.

Save the field. If you look at the record in the database, both UserId and UserName fields have been populated.

Both UserID and UserName have been inserted into the record.