1 CS 3870/CS 5870: Note 12 Authentication and Authorization Membership Provider.
-
Upload
mary-eustacia-patrick -
Category
Documents
-
view
224 -
download
0
Transcript of 1 CS 3870/CS 5870: Note 12 Authentication and Authorization Membership Provider.
![Page 1: 1 CS 3870/CS 5870: Note 12 Authentication and Authorization Membership Provider.](https://reader035.fdocuments.net/reader035/viewer/2022062423/5697c00a1a28abf838cc772d/html5/thumbnails/1.jpg)
1
CS 3870/CS 5870: Note 12
Authentication and Authorization
Membership Provider
![Page 2: 1 CS 3870/CS 5870: Note 12 Authentication and Authorization Membership Provider.](https://reader035.fdocuments.net/reader035/viewer/2022062423/5697c00a1a28abf838cc772d/html5/thumbnails/2.jpg)
2
Prog 5
Copy folder Prog4 as Prog5
Modify Prog4MasterPage
Name: Prog5MasterPage
Text: Prog 5
TreeView:
New root node
NavigationURL of master page
![Page 3: 1 CS 3870/CS 5870: Note 12 Authentication and Authorization Membership Provider.](https://reader035.fdocuments.net/reader035/viewer/2022062423/5697c00a1a28abf838cc772d/html5/thumbnails/3.jpg)
3
Prog 5
Modify the Content Pages
Reset the MasterPageFile
(top line of the source file)
![Page 4: 1 CS 3870/CS 5870: Note 12 Authentication and Authorization Membership Provider.](https://reader035.fdocuments.net/reader035/viewer/2022062423/5697c00a1a28abf838cc772d/html5/thumbnails/4.jpg)
4
Prog 5
Modify the Session Variables
Prog4_ to Prog5_
File Global
Code file
![Page 5: 1 CS 3870/CS 5870: Note 12 Authentication and Authorization Membership Provider.](https://reader035.fdocuments.net/reader035/viewer/2022062423/5697c00a1a28abf838cc772d/html5/thumbnails/5.jpg)
5
Prog 5
Make sure it’s working the same as Prog4
before adding features for Prog5
![Page 6: 1 CS 3870/CS 5870: Note 12 Authentication and Authorization Membership Provider.](https://reader035.fdocuments.net/reader035/viewer/2022062423/5697c00a1a28abf838cc772d/html5/thumbnails/6.jpg)
6
Web.Config• Machine.config
– Machine level settings – Default settings for all Web applications
• Application Web.config – Under the application root directory – Apply to the entire application – Overwrite some settings set in Machine.config
• Local Web.config – A sub-folder can have its own Web.config file – Overwrite some settings set in higher level Web.config – Not every setting can be set in local Web.config
• AUTHENTICATION must be set in application Web.config • AUTHORIZATION can be different for different sub-folders
• Page Directives – Apply to the page only – Overwrite settings set in Web.config
![Page 7: 1 CS 3870/CS 5870: Note 12 Authentication and Authorization Membership Provider.](https://reader035.fdocuments.net/reader035/viewer/2022062423/5697c00a1a28abf838cc772d/html5/thumbnails/7.jpg)
Machine.config on XrayC:\Windows\Microsoft.NET\Framework\v4.0.30319\Config
<membership> <providers> <add name="AspNetSqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider, System.Web,
Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
connectionStringName="LocalSqlServer" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="true" applicationName="/" requiresUniqueEmail="false" passwordFormat="Hashed" maxInvalidPasswordAttempts="5" minRequiredPasswordLength="7" minRequiredNonalphanumericCharacters="1" passwordAttemptWindow="10" passwordStrengthRegularExpression=""/>
</providers></membership>
7
![Page 8: 1 CS 3870/CS 5870: Note 12 Authentication and Authorization Membership Provider.](https://reader035.fdocuments.net/reader035/viewer/2022062423/5697c00a1a28abf838cc772d/html5/thumbnails/8.jpg)
Machine.config on Xray
C:\Windows\Microsoft.NET\Framework\v4.0.30319\Config
<connectionStrings> <add name="LocalSqlServer" connectionString="data source=.\SQLEXPRESS;Integrated
Security=SSPI;AttachDBFilename=|DataDirectory|aspnetdb.mdf; User Instance=true" providerName="System.Data.SqlClient"/>
</connectionStrings>
8
![Page 9: 1 CS 3870/CS 5870: Note 12 Authentication and Authorization Membership Provider.](https://reader035.fdocuments.net/reader035/viewer/2022062423/5697c00a1a28abf838cc772d/html5/thumbnails/9.jpg)
9
Web.Config• Application Configuration File under the main web site
<system.web> <authentication mode="Forms" > <forms name="formsAuth"
loginUrl="login.aspx" path="/" requireSSL="false" slidingExpiration="true" protection="All" defaultUrl="~/Prog5/Default.aspx" timeout="1" cookieless="UseDeviceProfile" /> </authentication> </system.web>
![Page 10: 1 CS 3870/CS 5870: Note 12 Authentication and Authorization Membership Provider.](https://reader035.fdocuments.net/reader035/viewer/2022062423/5697c00a1a28abf838cc772d/html5/thumbnails/10.jpg)
10
Authentication
• To identify the user• Four Modes
–Windows: IntraNet –Forms : Internet –Passport: MS–None
![Page 11: 1 CS 3870/CS 5870: Note 12 Authentication and Authorization Membership Provider.](https://reader035.fdocuments.net/reader035/viewer/2022062423/5697c00a1a28abf838cc772d/html5/thumbnails/11.jpg)
11
Forms Based Authentication– name : cookie's name – loginUrl : default is login.aspx – path : the location to save the cookie, default is / – protection: the amount of protection applied to the cookie
• Encryption • Validation • All (both, default) • None
– timeout : minutes (default 30)
a durable cookie could be issued
![Page 12: 1 CS 3870/CS 5870: Note 12 Authentication and Authorization Membership Provider.](https://reader035.fdocuments.net/reader035/viewer/2022062423/5697c00a1a28abf838cc772d/html5/thumbnails/12.jpg)
12
Forms Based Authentication– defaultUrl: If the user requests the login.aspx page
Otherwise, go to the requested page– requiresSSL : credential be sent over an encrypted wire (SSL)– slidingExpiration : timeout of the cookie is on a sliding scale– cookieless:
• UseDeviceProfile: default• UseCookies: require to use cookies• UseUri: force to store credential within Uri• AutoDetect: sending a test cookie first
![Page 13: 1 CS 3870/CS 5870: Note 12 Authentication and Authorization Membership Provider.](https://reader035.fdocuments.net/reader035/viewer/2022062423/5697c00a1a28abf838cc772d/html5/thumbnails/13.jpg)
Authentication
All pages are still accessible to the public
After Authentication is set in config file
<system.web> . . . <authentication mode =“forms”> . . . </authentication> . . .</system.web>
13
![Page 14: 1 CS 3870/CS 5870: Note 12 Authentication and Authorization Membership Provider.](https://reader035.fdocuments.net/reader035/viewer/2022062423/5697c00a1a28abf838cc772d/html5/thumbnails/14.jpg)
Form Login
• Create form Login under the root folder• Add control Login from tab Login
• All pages are still accessible to the public
14
![Page 15: 1 CS 3870/CS 5870: Note 12 Authentication and Authorization Membership Provider.](https://reader035.fdocuments.net/reader035/viewer/2022062423/5697c00a1a28abf838cc772d/html5/thumbnails/15.jpg)
15
Authorization
• Web.config file under the main folder
</system.web> . . . <authentication mode="Forms"> . . . </authentication> . . . <authorization> <deny users="?" /> </authorization> . . .</system.web>
![Page 16: 1 CS 3870/CS 5870: Note 12 Authentication and Authorization Membership Provider.](https://reader035.fdocuments.net/reader035/viewer/2022062423/5697c00a1a28abf838cc772d/html5/thumbnails/16.jpg)
No Page Accessible
16
![Page 17: 1 CS 3870/CS 5870: Note 12 Authentication and Authorization Membership Provider.](https://reader035.fdocuments.net/reader035/viewer/2022062423/5697c00a1a28abf838cc772d/html5/thumbnails/17.jpg)
17
Authorization
• Web.config file under the main folder
</system.web> <authentication mode="Forms"> </authentication></system.web>
<location path="Prog5"> <system.web> <authorization> <deny users="?" /> </authorization> </system.web> </location><!–- could have multiple locations -->
![Page 18: 1 CS 3870/CS 5870: Note 12 Authentication and Authorization Membership Provider.](https://reader035.fdocuments.net/reader035/viewer/2022062423/5697c00a1a28abf838cc772d/html5/thumbnails/18.jpg)
All Pages Are Accessible
Except those under folder Prog5
18
![Page 19: 1 CS 3870/CS 5870: Note 12 Authentication and Authorization Membership Provider.](https://reader035.fdocuments.net/reader035/viewer/2022062423/5697c00a1a28abf838cc772d/html5/thumbnails/19.jpg)
Control CreateUserWizard• Add a form CreateUser.aspx under the main folder• Add control CreateUserWizard• Create one user
– UserName: jim– Password: cs3870@UWP– Your email– Your choices for others
19
![Page 20: 1 CS 3870/CS 5870: Note 12 Authentication and Authorization Membership Provider.](https://reader035.fdocuments.net/reader035/viewer/2022062423/5697c00a1a28abf838cc772d/html5/thumbnails/20.jpg)
Event ContinueButtonClick
• In CreateUser.aspx.vb• Select CreateUserWizard1• Select event ContinueButtonClick• Code
Response.Redirect("Login.aspx")
20
![Page 21: 1 CS 3870/CS 5870: Note 12 Authentication and Authorization Membership Provider.](https://reader035.fdocuments.net/reader035/viewer/2022062423/5697c00a1a28abf838cc772d/html5/thumbnails/21.jpg)
21
Authorization
<deny users="*" /> <allow users="*" /> <allow users="[comma separated list of users]" roles="[comma separated list of roles]" verbs="[comma separated list of roles]"/> <deny users="[comma separated list of users]" roles="[comma separated list of roles]" verbs="[comma separated list of roles]"/>
* : everyone ? : anonymous verbs: POST, GET, HEADER, DEBUG
![Page 22: 1 CS 3870/CS 5870: Note 12 Authentication and Authorization Membership Provider.](https://reader035.fdocuments.net/reader035/viewer/2022062423/5697c00a1a28abf838cc772d/html5/thumbnails/22.jpg)
Other Login Controls
• ChangePassword• LoginName• LoginStatus• LoginView• PasswordRecovery
22
![Page 23: 1 CS 3870/CS 5870: Note 12 Authentication and Authorization Membership Provider.](https://reader035.fdocuments.net/reader035/viewer/2022062423/5697c00a1a28abf838cc772d/html5/thumbnails/23.jpg)
Prog5MasterPage
• Add LoginName and LoginStatus
23
![Page 24: 1 CS 3870/CS 5870: Note 12 Authentication and Authorization Membership Provider.](https://reader035.fdocuments.net/reader035/viewer/2022062423/5697c00a1a28abf838cc772d/html5/thumbnails/24.jpg)
Prog5MasterPage
Partial Class Prog5_MasterPage
Protected Sub LoginStatus1_LoggedOut(. . .) Handles LoginStatus1.LoggedOut
Response.Redirect("~/Login.aspx") End Sub
End Class
24
![Page 25: 1 CS 3870/CS 5870: Note 12 Authentication and Authorization Membership Provider.](https://reader035.fdocuments.net/reader035/viewer/2022062423/5697c00a1a28abf838cc772d/html5/thumbnails/25.jpg)
New Page Checkout
• Maintain a shopping bag for each session• Add items into the shopping bag when
shopping• GridView to display all items in the
shopping bag on checkout• Clear the bag when checkout
25
![Page 26: 1 CS 3870/CS 5870: Note 12 Authentication and Authorization Membership Provider.](https://reader035.fdocuments.net/reader035/viewer/2022062423/5697c00a1a28abf838cc772d/html5/thumbnails/26.jpg)
Shopping Bag
• Your Choice– DataTable– ArrayList– New class– . . .
• Location– SQLDataClass– . . .
26
![Page 27: 1 CS 3870/CS 5870: Note 12 Authentication and Authorization Membership Provider.](https://reader035.fdocuments.net/reader035/viewer/2022062423/5697c00a1a28abf838cc772d/html5/thumbnails/27.jpg)
Shopping BagPublic Shared Function NewShoppingBag() As Data.DataTable Dim bag As New Data.DataTable
bag.Columns.Add("Product ID") bag.Columns.Add("Product Name") bag.Columns.Add("Unit Price") bag.Columns.Add("Quantity") bag.Columns.Add("Cost")
Dim PK() As Data.DataColumn = {bag.Columns(0)} bag.PrimaryKey = PK
Return bag End Function
27
![Page 28: 1 CS 3870/CS 5870: Note 12 Authentication and Authorization Membership Provider.](https://reader035.fdocuments.net/reader035/viewer/2022062423/5697c00a1a28abf838cc772d/html5/thumbnails/28.jpg)
Global.vb
Sub Session_Start(. . .) . . .
' For Prog5 Session("Prog5_Bag") = SQLDataClass.NewShoppingBag
. . .End Sub
28
![Page 29: 1 CS 3870/CS 5870: Note 12 Authentication and Authorization Membership Provider.](https://reader035.fdocuments.net/reader035/viewer/2022062423/5697c00a1a28abf838cc772d/html5/thumbnails/29.jpg)
Page Shopping
• New Button “Add to Shopping Bag”• Click Event Dim myBag As Data.DataTable = Session("Prog5_Bag") Dim row As Data.DataRow = myBag.NewRow row(0) = txtID.Text row(1) = txtName.Text row(2) = txtPrice.Text row(3) = txtQuanity.Text row(4) = txtSubTotal.Text
Dim r As Data.DataRow = myBag.Rows.Find(row(0)) If Not r Is Nothing Then myBag.Rows.Remove(r) ‘ replace the old item End If myBag.Rows.Add(row)
29
![Page 30: 1 CS 3870/CS 5870: Note 12 Authentication and Authorization Membership Provider.](https://reader035.fdocuments.net/reader035/viewer/2022062423/5697c00a1a28abf838cc772d/html5/thumbnails/30.jpg)
Page Checkout
Protected Sub Page_Load(. . .) Handles Me.Load
GridView1.DataSource = Session("Prog5_Bag") GridView1.DataBind()
End Sub
30
![Page 31: 1 CS 3870/CS 5870: Note 12 Authentication and Authorization Membership Provider.](https://reader035.fdocuments.net/reader035/viewer/2022062423/5697c00a1a28abf838cc772d/html5/thumbnails/31.jpg)
Page Checkout
Protected Sub Button1_Click(. . .) Handles Button1.Click ‘ End the current session ‘ will clear all session variables Session.Abandon()
' Logout of Membership FormsAuthentication.SignOut()
‘ Go to Login.aspx Response.Redirect(FormsAuthentication.LoginUrl)End Sub
31
![Page 32: 1 CS 3870/CS 5870: Note 12 Authentication and Authorization Membership Provider.](https://reader035.fdocuments.net/reader035/viewer/2022062423/5697c00a1a28abf838cc772d/html5/thumbnails/32.jpg)
32
Schedule
• Thursday– Still have class– Do Prog5 and Project– Lab 206
• Next Tuesday– Do Prog5 and Project– Lab 206
• Lose 10 points if missing class without my permission