ASP.NET Tutorial/Authentication Authorization/Membership
Содержание
- 1 After a user has been locked out, you must call the MembershipUser.UnlockUser() method to re-enable the user account.
- 2 Configure how passwords are stored by setting the passwordFormat attribute in the web configuration file.
- 3 Creating users programmatically (C#)
- 4 Create User
- 5 Create User
- 5.1 Denying unauthenticated users
- 5.2 Disable this requirement when using the SqlMembershipProvider.
- 5.3 Locking Out Bad Users
- 5.4 Membership provider settings in the machine.config file
- 5.5 Setting Up Your Web Site for Membership
- 5.6 The web configuration file used to set up the XmlMembershipProvider
- 5.7 Use the methods of the Membership class to create custom Login controls.
- 5.8 Using ASP.NET Membership
- 5.9 Using the Membership Application Programming Interface
After a user has been locked out, you must call the MembershipUser.UnlockUser() method to re-enable the user account.
<source lang="csharp">
<%@ Page Language="C#" %> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <script runat="server">
protected void btnRemove_Click(object sender, EventArgs e)
{
MembershipUser userToUnlock = Membership.GetUser(txtUserName.Text);
if (userToUnlock == null)
{
lblMessage.Text = "User not found!";
}
else
{
userToUnlock.UnlockUser();
lblMessage.Text = "Lock removed!";
}
}
</script> <html xmlns="http://www.w3.org/1999/xhtml" > <head runat="server">
<title>Remove Lock</title>
</head> <body>
<form id="form1" runat="server">
<asp:Label
id="lblUserName"
Text="User Name:"
AssociatedControlID="txtUserName"
Runat="server" />
<asp:TextBox
id="txtUserName"
Runat="server" />
<asp:Button
id="btnRemove"
Text="Remove Lock"
Runat="server" OnClick="btnRemove_Click" />
<asp:Label
id="lblMessage"
EnableViewState="false"
Runat="server" />
</form>
</body> </html></source>
Configure how passwords are stored by setting the passwordFormat attribute in the web configuration file.
<source lang="csharp">
The following web configuration file configures the SqlMembershipProvider to store passwords in plain text. File: Web.Config <configuration>
<system.web>
<authentication mode="Forms" />
<membership defaultProvider="MyProvider">
<providers>
<add
name="MyProvider"
type="System.Web.Security.SqlMembershipProvider"
passwordFormat="Clear"
connectionStringName="LocalSqlServer"/>
</providers>
</membership>
</system.web>
</configuration></source>
Creating users programmatically (C#)
<source lang="csharp">
<%@ Page Language="C#" %> <script runat="server">
protected void Button1_Click(object sender, EventArgs e)
{
try
{
Membership.CreateUser(TextBox1.Text.ToString(), TextBox2.Text.ToString());
Label1.Text = "Successfully created user " + TextBox1.Text;
}
catch (MembershipCreateUserException ex)
{
Label1.Text = "Error: " + ex.ToString();
}
}
</script> <html xmlns="http://www.w3.org/1999/xhtml" > <head id="Head1" runat="server">
<title>Creating a User</title>
</head> <body>
<form id="form1" runat="server">
Create User
Username
<asp:TextBox ID="TextBox1" Runat="server"></asp:TextBox> Password
<asp:TextBox ID="TextBox2" Runat="server" TextMode="Password"></asp:TextBox> <asp:Button ID="Button1" Runat="server" Text="Create User" OnClick="Button1_Click" /> <asp:Label ID="Label1" Runat="server"></asp:Label> </form>
</body> </html></source>
Creating users programmatically (VB)
<source lang="csharp">
<%@ Page Language="VB" %> <script runat="server"> Protected Sub Button1_Click(ByVal sender As Object, ByVal e As System.EventArgs)
Try
Membership.CreateUser(TextBox1.Text, TextBox2.Text)
Label1.Text = "Successfully created user " & TextBox1.Text
Catch ex As MembershipCreateUserException
Label1.Text = "Error: " & ex.ToString()
End Try
End Sub </script> <html xmlns="http://www.w3.org/1999/xhtml" > <head id="Head1" runat="server">
<title>Creating a User</title>
</head> <body>
<form id="form1" runat="server">
Create User
Username
<asp:TextBox ID="TextBox1" Runat="server"></asp:TextBox> Password
<asp:TextBox ID="TextBox2" Runat="server" TextMode="Password"></asp:TextBox> <asp:Button ID="Button1" Runat="server" Text="Create User" OnClick="Button1_Click" /> <asp:Label ID="Label1" Runat="server"></asp:Label> </form>
</body> </html></source>
Denying unauthenticated users
<source lang="csharp">
<?xml version="1.0" encoding="utf-8"?> <configuration>
<system.web>
<authentication mode="Forms" />
<authorization>
<deny users="?" />
</authorization>
</system.web>
</configuration></source>
Disable this requirement when using the SqlMembershipProvider.
<source lang="csharp">
<configuration>
<system.web>
<authentication mode="Forms" />
<membership defaultProvider="MyProvider">
<providers>
<add
name="MyProvider"
type="System.Web.Security.SqlMembershipProvider"
minRequiredNonalphanumericCharacters="0"
connectionStringName="LocalSqlServer"/>
</providers>
</membership>
</system.web>
</configuration></source>
Locking Out Bad Users
<source lang="csharp">
Two configuration settings control when an account gets locked out: maxInvalidPasswordAttempts, passwordAttemptWindow Enter a maximum of three bad passwords or bad password answers in one hour. File: Web.Config <configuration>
<system.web>
<authentication mode="Forms" />
<membership defaultProvider="MyProvider">
<providers>
<add
name="MyProvider"
type="System.Web.Security.SqlMembershipProvider"
maxInvalidPasswordAttempts="3"
passwordAttemptWindow="60"
connectionStringName="LocalSqlServer"/>
</providers>
</membership>
</system.web>
</configuration></source>
Membership provider settings in the machine.config file
<source lang="csharp">
<membership>
<providers>
<add name="AspNetSqlMembershipProvider"
type="System.Web.Security.SqlMembershipProvider, System.Web,Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
connectionStringName="LocalSqlServer"
enablePasswordRetrieval="false"
enablePasswordReset="true"
requiresQuestionAndAnswer="true"
applicationName="/"
requiresUniqueEmail="false"
passwordFormat="Hashed"
maxInvalidPasswordAttempts="5"
passwordAttemptWindow="10"
passwordStrengthRegularExpression="" />
</providers>
</membership></source>
Setting Up Your Web Site for Membership
<source lang="csharp">
Adding an <authentication> Element to the web.config File
<?xml version="1.0" encoding="utf-8"?> <configuration>
<system.web>
<authentication mode="Forms" />
</system.web>
</configuration>
Adding a <forms> Element to the web.config File
<?xml version="1.0" encoding="utf-8"?> <configuration>
<system.web>
<authentication mode="Forms">
<forms name=".ASPXAUTH"
loginUrl="login.aspx"
protection="All"
timeout="30"
path="/"
requireSSL="false"
slidingExpiration="true"
cookieless="useDeviceProfile" />
</authentication>
</system.web>
</configuration>
name: the name used for the cookie loginUrl: page location to which the HTTP request is redirected for login protection: protection applied to the cookie.
The possible settings include All, None, Encryption, and Validation.
timeout: amount of time (in minutes) after which the cookie expires.
The default value is 30 minutes.
path: Specifies the path for cookies issued by the application. requireSSL: whether you require that credentials be sent over an encrypted wire (SSL) instead of clear text. slidingExpiration: whether the timeout of the cookie is on a sliding scale. cookieless: how the cookies are handled by ASP.NET.
The possible values include useDeviceProfile, useCookies, auto, and useUri.
The default value is useDeviceProfile.
Using the CreateUserWizard Server Control
<%@ Page Language="VB" %>
<html xmlns="http://www.w3.org/1999/xhtml" > <head runat="server">
<title>Creating Users</title>
</head> <body>
<form id="form1" runat="server">
<asp:CreateUserWizard ID="CreateUserWizard1" Runat="server"
BorderWidth="1px" BorderColor="#FFDFAD" BorderStyle="Solid"
BackColor="#FFFBD6" Font-Names="Verdana">
<TitleTextStyle Font-Bold="True" BackColor="#990000"
ForeColor="White"></TitleTextStyle>
</asp:CreateUserWizard>
</form>
</body> </html></source>
The web configuration file used to set up the XmlMembershipProvider
<source lang="csharp">
File: Web.Config <configuration>
<system.web>
<authentication mode="Forms" />
<membership defaultProvider="MyMembershipProvider">
<providers>
<add
name="MyMembershipProvider"
type="MyNamespace.XmlMembershipProvider"
dataFile="~/App_Data/Membership.xml"
requiresQuestionAndAnswer="false"
enablePasswordRetrieval="true"
enablePasswordReset="true"
passwordFormat="Clear" />
</providers>
</membership>
</system.web>
</configuration>
A sample of the Membership.xml file. File: App_Data\Membership.xml <credentials>
<user name="Tom" password="secret" email="tom@somewhere.ru" /> <user name="Jack" password="secret" email="jack@somewhere.ru" />
</credentials></source>
Use the methods of the Membership class to create custom Login controls.
<source lang="csharp">
using System; using System.Web.Security; using System.Web.UI; using System.Web.UI.WebControls; namespace myControls {
public class UsersOnline : WebControl
{
protected override void RenderContents(HtmlTextWriter writer)
{
writer.Write(Membership.GetNumberOfUsersOnline());
}
}
}
File: ShowUsersOnline.aspx <%@ Page Language="C#" %> <%@ Register TagPrefix="custom" Namespace="myControls" %> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" > <head id="Head1" runat="server">
<title>Show UsersOnline</title>
</head> <body>
<form id="form1" runat="server">
How many people are online?
<custom:UsersOnline id="UsersOnline1" Runat="server" />
</form>
</body> </html></source>
Using ASP.NET Membership
<source lang="csharp">
ASP.NET Membership uses the provider model. The ASP.NET Framework includes two Membership providers: SqlMembershipProvider stores user information in a Microsoft SQL Server database. ActiveDirectoryMembershipProvider stores user information in the Active Directory or an Active Directory Application Mode server.</source>
Using the Membership Application Programming Interface
<source lang="csharp">
<%@ Page Language="C#" %> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" > <head id="Head1" runat="server">
<title>List Users</title>
</head> <body>
<form id="form1" runat="server">
<asp:GridView
id="grdUsers"
DataSourceID="srcUsers"
Runat="server" />
<asp:ObjectDataSource
id="srcUsers"
TypeName="System.Web.Security.Membership"
SelectMethod="GetAllUsers"
Runat="server" />
</form>
</body> </html></source>
