Making the Most of Login Controls with ASP.NET

Email this Article

Printer-Friendly

View Reader Comments

[November 2006]
Making the Most of Login Controls with ASP.NET
ASP.NET lets you use Visual Studio login controls to simplify Web-site membership administration chores
By: Rick Dobson
Features
InstantDoc #93053
From the November 2006 edition of SQL Server Magazine

DOWNLOAD THE CODE:

93053.zip

One of the most attractive features of ASP.NET 2.0 is the ability to use a new set of login controls based on a SQL Server 2005 provider. These new controls dramatically simplify the creation of Web-application features. For example, a membership application might restrict site access to registered users (members) or provide members with special privileges not available to anonymous (unregistered) users. Visual Studio 2005 automatically enables login controls for use with a SQL Server Express database file located in a Web site.With this default outcome, each Web site has its own SQL Server Express database membership provider.You can optionally configure multiple Web sites' login controls to work with a single SQL Server 2005 database. Using one SQL Server 2005 database with multiple Web sites can centralize and minimize membership administration chores.This article shows you how to set up a SQL Server 2005 membership provider and demonstrates how to configure a Web site for use with the membership provider.

Configuring a Site for a SQL Server Database Provider
Three main steps let you configure a Web site to use a SQL Server database as a membership provider. First, you must create the database with an appropriate set of database objects for serving as a membership provider. Second, you must configure the web.config file so that the Web site can connect to the membership provider database. In the second step, you should also modify the web.config file by adding membership, roleManager, and authorization elements and by altering the default authentication element to permit forms authentication. Third, you can perform additional site configuration, such as adding users and roles, by using the ASP.NET Web Site Administration Tool.

Creating the membership provider database. You can create a membership provider database by using aspnet_regsql.exe, which resides on your Web server at drive:\WINDOWS\Microsoft .NET\Framework\(versionNumber), where versionNumber equals 2.0.50727.

The aspnet_regsql.exe tool that comes with ASP.NET runs in either graphical or command-line mode and can configure a site for several different types of providers. When an administrator simply wants a membership provider, command-line mode is more efficient. The following example syntax creates a SQL Server database as the provider for membership services.

Path_to_file/aspnet_regsql.exe -E
  -S database_server_name -A mr

In this statement, the -E argument specifies integrated security.The -S argument designates the name of the database server instance that will manage the membership provider database.The -A arguments (m and r) designate the setup of both member and role services in the database.

By default, the aspnet_regsql.exe tool creates a database named aspnetdb that includes a collection of tables, views, and stored procedures to facilitate the operation of the login controls. You can extend the built-in functionality of the login controls by using custom code to invoke the aspnetdb database's built-in stored procedures.You can also modify the aspnetdb database to include additional database objects that complement the automatically generated objects.

Configuring a web.config file. To make a Web site use the login controls with the aspnetdb database, you'll need to modify the site's web.config file. If you're starting with the web.config file for a new Web site, you can copy and replace the default web.config file with the contents of the WebDot-Config.txt file that Listing 1 shows.You can download the complete file at http://www .sqlmag.com, InstantDoc ID 93053. The XML code in Listing 1 omits comment sections from WebDotConfig.txt file to shorten its length. Several elements are especially noteworthy.

At callout A, the connectionStrings element within the configuration element contains an add element for a connection string pointing at the aspnetdb database. In the database-creation syntax above, replace database_server_name with the name of the server that the aspnet_regsql.exe tool designates as the argument for ?S. ASP.NET is automatically configured to use the name SqlServices for the connection string pointing at the aspnetdb database.
At callout B, the authentication element within the system.web element of the configuration element contains three attribute settings:

The mode attribute designates Forms authentication instead of the default Windows authentication for an ASP .NET web.config file.This setting lets the login controls and the membership provider manage site membership services.
The loginURL attribute specifies the name and, optionally, the location of the page for logging into a Web site. The setting isn't strictly necessary in this example because the example specifies the default name and location, but including the attribute shows the syntax for designating a nondefault login.aspx page. If you want to specify a non-default path and file, you can replace the setting for loginURL.
The name attribute designates the HTTP cookie name to use for authentication.

At callout C, the allow element within the authorization element of the system .web element lets anonymous visitors connect to the site. Changing the allow element to a deny element that has the same users attribute setting prohibits Web access by anonymous visitors.
At callout D, the membership element within the system.web element specifies parameters for a site's membership services.The applicationName attribute within the add element of the membership element designates an identifier value for all of a Web site's membership data. If you want two Web sites to share the same membership data, assign the same value to the applicationName attribute for both Web sites.
At callout E, the roleManager element within the system.web element specifies the parameters for a site's roles.To synchronize membership data between the roleManager and membership elements, you must ensure that both elements share the same applicationName attribute value.

Using the ASP.NET Web Site Administration Tool. The ASP.NET Web Site Administration Tool is an easy-to-use graphical Web application for configuring an ASP.NET web site.You can open the tool from Visual Studio 2005 by choosing Website,ASP.NET Configuration. Besides a Home tab, the tool includes three tabs labeled Security, Application, and Provider.The Security tab facilitates creating and managing users, roles, and folder-access rules such as which users and roles can access designated Web-site folders. The other two tabs help you manage Website capabilities such as the ability to send users email messages that contain new replacement passwords.

From the tool's Home tab, you can invoke a Security Setup Wizard to help launch membership security services. The wizard walks you through the process of configuring a Web site for login controls.The Wizard lets you set up Web registration so that you can collect essential information from users. Then, for example, if a user forgets his password, he can use the RecoverPassword control on a Web page to have a new password mailed to his email address. Before creating a new password to send to the user, built-in code will ask the user a security question. If the user replies with the correct security answer, the process completes.

The Security Setup Wizard provides no way to assign users to roles. Instead, from the Security tab in the ASP.NET Web Site Administration Tool, you click the Manage users link, which does allow the assignment of users to roles.You can also use this page to edit user settings and delete users. A link below the list of users opens a page similar to the one in the Security Setup Wizard for adding a new user.

Prev. page [1] 2 3 next page

ADS BY GOOGLE

SQL JOB OPENINGSSPONSORED LINKS

Backup & Recover like the DBA star you are: With continuous application imaging and data de-dupe, Replay AppImage speeds recovery in test or live environments from hours to minutes. Try it now!

SQL Management Made Easy with DBLaunch 4.0!: Wish you could migrate multiple SQL databases with the same time and effort it takes for one? Now you can with DBLaunch. Download a free trial today!

Order Your SharePoint Fundamentals CD!: Learn how to uncover rich information management capabilities with this free SharePoint CD.

FEATURED LINKS

Empower Your Processes with PowerShell 201: Paul Robichaux delves deep into PowerShell how-tos in 3 informative lessons, each followed by live Q&A—all on your own computer! Register today!

SQL Connections, March 22-25, 2009 – Orlando, FL: The first 800 paid attendees receive SQL Server 2008 Standard Edition w/one CAL. Register by January 12 and receive a free night at the JW Marriott (with 3-night stay). For details (203) 268-3204 or 800-438-6720.

Join Today: VIP Monthly Pass: Get online access to ALL of the resources in the Windows IT Pro and SQL Server Magazine network! With your order, you'll also receive a full digital copy of the latest issue of SQL Server Magazine.

	SQL Server Magazine Register Subscribe FAQ for Windows WinInfoNews
	Contact Us / Customer Service Editorial Calendar Media Kit Affiliates / Licensing Technology Resource Directory
	Windows IT Pro Office & SharePoint Pro Windows Dev Pro IT Library Connected Home SuperSite IT Job Hound ITTV

	Copyright © 2009 Penton Media, Inc. All rights reserved. Terms and Use Privacy Statement Reprints and Licensing

SQL Server Magazine

Search

Related Events

Related Resources

SQL JOB OPENINGSSPONSORED LINKS

Backup & Recover like the DBA star you are

SQL Management Made Easy with DBLaunch 4.0!

Order Your SharePoint Fundamentals CD!

FEATURED LINKS

Empower Your Processes with PowerShell 201

SQL Connections, March 22-25, 2009 – Orlando, FL

Join Today: VIP Monthly Pass