Presentation is loading. Please wait.

Presentation is loading. Please wait.

Sofia, Bulgaria | 9-10 October Developing Custom ASP.NET Providers For Membership And Role Manager Goksin Bakir Yage Ltd Microsoft Regional Director, MEA.

Published byBrent Richard Modified over 8 years ago

Similar presentations

Presentation on theme: "Sofia, Bulgaria | 9-10 October Developing Custom ASP.NET Providers For Membership And Role Manager Goksin Bakir Yage Ltd Microsoft Regional Director, MEA."— Presentation transcript:

1 Sofia, Bulgaria | 9-10 October Developing Custom ASP.NET Providers For Membership And Role Manager Goksin Bakir Yage Ltd Microsoft Regional Director, MEA Goksin Bakir Yage Ltd Microsoft Regional Director, MEA

2 Sofia, Bulgaria | 9-10 October Agenda ●Provider Model ●Extensibility scenarios ●Projecting Membership via web services ●Role caching with SQL Server 2005 ●Virtualizing applications ●Integrating Membership with custom data ●Provider Model ●Extensibility scenarios ●Projecting Membership via web services ●Role caching with SQL Server 2005 ●Virtualizing applications ●Integrating Membership with custom data

3 Sofia, Bulgaria | 9-10 October ●Membership service ●Membership API ●Membership providers ●Role Management service ●Roles class ●Role caching ●Role providers ●Membership service ●Membership API ●Membership providers ●Role Management service ●Roles class ●Role caching ●Role providers

4 Sofia, Bulgaria | 9-10 October Membership Service ●Service for managing users and credentials ●Declarative access via Web Site Admin Tool ●Programmatic access via Membership and MembershipUser classes ●Membership class provides base services ●MembershipUser class represents users and provides additional services ●Provider-based for flexible data storage ●Service for managing users and credentials ●Declarative access via Web Site Admin Tool ●Programmatic access via Membership and MembershipUser classes ●Membership class provides base services ●MembershipUser class represents users and provides additional services ●Provider-based for flexible data storage

5 Sofia, Bulgaria | 9-10 October Membership Schema Membership API Membership Data Access Other Data Stores Controls Login LoginStatus LoginView AccessMembershipProvider Other Membership Providers Other Membership Providers Membership Providers Membership MembershipUser SqlMembershipProvider SQL Server Other Login Controls Other Login Controls

6 Sofia, Bulgaria | 9-10 October The Membership Class ●Provides static methods for performing key membership tasks ●Creating and deleting users ●Retrieving information about users ●Generating random passwords ●Validating logins ●Also includes read-only static properties for acquiring data about provider settings ●Provides static methods for performing key membership tasks ●Creating and deleting users ●Retrieving information about users ●Generating random passwords ●Validating logins ●Also includes read-only static properties for acquiring data about provider settings

7 Sofia, Bulgaria | 9-10 October The MembershipUser Class ●Represents individual users registered in the membership data store ●Includes numerous properties for getting and setting user info ●Includes methods for retrieving, changing, and resetting passwords ●Returned by Membership methods such as GetUser and CreateUser ●Represents individual users registered in the membership data store ●Includes numerous properties for getting and setting user info ●Includes methods for retrieving, changing, and resetting passwords ●Returned by Membership methods such as GetUser and CreateUser

8 Sofia, Bulgaria | 9-10 October Provider Configuration ●Membership providers support a number of configuration settings ●How should passwords be stored (cleartext, hashed, encrypted)? ●Should password recovery be enabled? ●Must each user have a unique e-mail address? ●Exposed as properties of provider class ●Initialized from CONFIG files ●Membership providers support a number of configuration settings ●How should passwords be stored (cleartext, hashed, encrypted)? ●Should password recovery be enabled? ●Must each user have a unique e-mail address? ●Exposed as properties of provider class ●Initialized from CONFIG files

9 Sofia, Bulgaria | 9-10 October

10 Role Management Service ●Role-based security in a box ●Declarative access via Web Site Admin Tool ●Programmatic access via Roles class ●Roles class contains static methods for creating roles, adding users to roles, etc. ●Maps users to roles on each request ●Replaces Application_AuthenticateRequest ●Provider-based for flexible data storage ●Role-based security in a box ●Declarative access via Web Site Admin Tool ●Programmatic access via Roles class ●Roles class contains static methods for creating roles, adding users to roles, etc. ●Maps users to roles on each request ●Replaces Application_AuthenticateRequest ●Provider-based for flexible data storage

11 Sofia, Bulgaria | 9-10 October Role Management Schema Roles API Roles Data Access Other Data Stores Controls Login LoginStatus LoginView AccessRoleProvider Other Role Providers Role Providers Roles SqlRoleProvider SQL Server Other Login Controls Other Login Controls

12 Sofia, Bulgaria | 9-10 October The Roles Class ●Gateway to the Role Management API ●Provides static methods for performing key role management tasks ●Creating and deleting roles ●Adding users to roles ●Removing users from roles and more ●Also includes read-only static properties for acquiring data about provider settings ●Gateway to the Role Management API ●Provides static methods for performing key role management tasks ●Creating and deleting roles ●Adding users to roles ●Removing users from roles and more ●Also includes read-only static properties for acquiring data about provider settings

13 Sofia, Bulgaria | 9-10 October Role Caching ●Role manager caches roles data in cookies ●Fewer accesses to data store ●Better performance ●Controlled via attributes and programmatically exposed thru Roles class ●Should roles be cached in cookies? ●Should role cookies be encrypted? ●How long are role cookies valid? ●Role manager caches roles data in cookies ●Fewer accesses to data store ●Better performance ●Controlled via attributes and programmatically exposed thru Roles class ●Should roles be cached in cookies? ●Should role cookies be encrypted? ●How long are role cookies valid?

14 Sofia, Bulgaria | 9-10 October Role Management Providers ●Role management is provider-based ●AccessRoleProvider (Access) * Removed ●AuthorizationStoreRoleProvider (AuthMan) ●SqlRoleProvider (SQL Server) ●WindowsTokenRoleProvider (Windows) ●Use custom providers for other data stores ●Role management is provider-based ●AccessRoleProvider (Access) * Removed ●AuthorizationStoreRoleProvider (AuthMan) ●SqlRoleProvider (SQL Server) ●WindowsTokenRoleProvider (Windows) ●Use custom providers for other data stores

15 Sofia, Bulgaria | 9-10 October Provider Model ●Enable new functionality in a transparent fashion ●Enable extensibility for ●Web services ●Browser based “Atlas” clients ●Smart clients ●Application services as pluggable building blocks ●Decoupled via configuration ●Use structural classes for your own features ●Enable new functionality in a transparent fashion ●Enable extensibility for ●Web services ●Browser based “Atlas” clients ●Smart clients ●Application services as pluggable building blocks ●Decoupled via configuration ●Use structural classes for your own features

16 Sofia, Bulgaria | 9-10 October Provider Model Feature Lifecycle Feature config. Static feature class Provider instances

17 Sofia, Bulgaria | 9-10 October public class QuotationsConfiguration : ConfigurationSection { [ConfigurationProperty("providers")] [ConfigurationProperty("providers")] public ProviderSettingsCollection Providers public ProviderSettingsCollection Providers { get; get; } [ConfigurationProperty("defaultProvider", [ConfigurationProperty("defaultProvider", DefaultValue = "StaticQuotationProvider")] DefaultValue = "StaticQuotationProvider")] public string DefaultProvider public string DefaultProvider { get; get; set; set; }} Provider Model Feature Configuration

18 Sofia, Bulgaria | 9-10 October Provider Model Creating Provider Instances //Start with empty provider collection providerCollection = new QuotationsProviderCollection(); //Helper class converts configuration information into //concrete providers ProvidersHelper.InstantiateProviders( qc.Providers, //a ProviderSettingsCollection qc.Providers, //a ProviderSettingsCollection providerCollection, providerCollection, typeof(QuotationsProvider)); typeof(QuotationsProvider)); //Lock the provider collection providerCollection.SetReadOnly();

19 Sofia, Bulgaria | 9-10 October

20 Projecting Membership ●Physical 3-tier deployments ●May not allow web server to connect directly to Sql tier ●“Atlas” and smart clients ●Clients can only communicate over Http ●Need app services to work across the Internet ●Physical 3-tier deployments ●May not allow web server to connect directly to Sql tier ●“Atlas” and smart clients ●Clients can only communicate over Http ●Need app services to work across the Internet

21 Sofia, Bulgaria | 9-10 October Projecting Membership Design Issues ●Authenticating to the web service ●Not all methods should be public ●Serialization of MembershipUser ●Read-only properties don’t serialize ●WebMethod parameter constraints ●Collection types and [out] parameters ●Selecting from multiple providers ●Choosing a non-default provider ●Authenticating to the web service ●Not all methods should be public ●Serialization of MembershipUser ●Read-only properties don’t serialize ●WebMethod parameter constraints ●Collection types and [out] parameters ●Selecting from multiple providers ●Choosing a non-default provider

22 Sofia, Bulgaria | 9-10 October Projecting Membership 3-Tier Flow Web server Webservice provider Webservice server.asmx Membership wrapper SQL provider Application code

23 Sofia, Bulgaria | 9-10 October Projecting Membership Authenticated Flow Internet client Applicatio n Webservice server.asmx Membership wrapper SQL provider.asmx Formsuth wrapper “login” Returns forms ticket pass ticket w/ each request Validate ticket and roles

24 Sofia, Bulgaria | 9-10 October

25 Caching Role Data ●Role Manager can cache user roles: ●Cookie caching (not enabled by default) ●Per-request in RolePrincipal ●RolePrincipal caching ●Results in at least one call to GetRolesForUser ●Stored internally with HybridDictionary ●Cookie caching limited to 4K of data ●Option for persistent cookie ●Role Manager can cache user roles: ●Cookie caching (not enabled by default) ●Per-request in RolePrincipal ●RolePrincipal caching ●Results in at least one call to GetRolesForUser ●Stored internally with HybridDictionary ●Cookie caching limited to 4K of data ●Option for persistent cookie

26 Sofia, Bulgaria | 9-10 October Caching Role Data ●Cache role data using SQL Server 2005 query notifications ●Data is cached until SQL notifies you ●Good for clients that cannot use cookies ●Can handle apps with hundreds of roles ●Cache role data using SQL Server 2005 query notifications ●Data is cached until SQL notifies you ●Good for clients that cannot use cookies ●Can handle apps with hundreds of roles

27 Sofia, Bulgaria | 9-10 October Caching Role Data Query Notification Specifics ●Need to change “SET QUOTED IDENTIFIER” in ASP.NET SQL scripts to “ON” ●Then recompile stored procedures ●Custom provider must query ASP.NET tables directly ●Cannot create notifications against SQL views ●Need to change “SET QUOTED IDENTIFIER” in ASP.NET SQL scripts to “ON” ●Then recompile stored procedures ●Custom provider must query ASP.NET tables directly ●Cannot create notifications against SQL views

28 Sofia, Bulgaria | 9-10 October

29 Virtualized Applications ●One physical ASP.NET application ●Multiple “virtual” applications ●Portal style applications ●DotNetNuke portal provisioning ●Self-registered forums and portals ●Sharepoint ●However providers are ●“Application-centric” ●Statically defined in configuration ●One physical ASP.NET application ●Multiple “virtual” applications ●Portal style applications ●DotNetNuke portal provisioning ●Self-registered forums and portals ●Sharepoint ●However providers are ●“Application-centric” ●Statically defined in configuration

30 Sofia, Bulgaria | 9-10 October Virtualized Applications ●Override ApplicationName property ●Determine virtual application context dynamically (e.g. IHttpModule) ●Retrieve it in the override ●Cautionary Notes! ●Prevent auth ticket re-use across apps ●Don’t accidentally map roles in one virtual app to a user in a different virtual app ●Turn off cookie caching for roles ●Override ApplicationName property ●Determine virtual application context dynamically (e.g. IHttpModule) ●Retrieve it in the override ●Cautionary Notes! ●Prevent auth ticket re-use across apps ●Don’t accidentally map roles in one virtual app to a user in a different virtual app ●Turn off cookie caching for roles

31 Sofia, Bulgaria | 9-10 October Setting Application Context Dynamically

32 Sofia, Bulgaria | 9-10 October Integrating Custom Data ●Need to integrate existing data ●Don’t want to write a provider from scratch ●May need to link to your own data ●What can “safely” be referenced? ●How do you handle transactions? ●How do you pass extra data along? ●Need to integrate existing data ●Don’t want to write a provider from scratch ●May need to link to your own data ●What can “safely” be referenced? ●How do you handle transactions? ●How do you pass extra data along?

33 Sofia, Bulgaria | 9-10 October Integrating Custom Data Custom Provider Design Issues ●Referential Integrity ●Foreign key to aspnet_Users table ●Use SQL views to lookup UserID ●Transactional Integrity ●Use the new ADO.NET 2.0 TransactionScope ●Custom Data ●Pass via HttpContext to CreateUser ●Extend MembershipUser for other cases ●Referential Integrity ●Foreign key to aspnet_Users table ●Use SQL views to lookup UserID ●Transactional Integrity ●Use the new ADO.NET 2.0 TransactionScope ●Custom Data ●Pass via HttpContext to CreateUser ●Extend MembershipUser for other cases

34 Sofia, Bulgaria | 9-10 October Integrating Membership w/ Custom Data

35 Sofia, Bulgaria | 9-10 October Summary ●Rewrite or enhance features ●Plug-in rich functionality independently from the presentation tier ●Project current features onto other platforms via web services ●Use the provider infrastructure for your own features ●Rewrite or enhance features ●Plug-in rich functionality independently from the presentation tier ●Project current features onto other platforms via web services ●Use the provider infrastructure for your own features

36 Sofia, Bulgaria | 9-10 October Community Resources ●INETA MEA ! ●www.ineta.org ●mea.ineta.org ●INETA MEA ! ●www.ineta.org ●mea.ineta.org

37 Sofia, Bulgaria | 9-10 October Community Resources Provider Links on the Web ●Access providers from Beta 1 ●Installs as a Visual Studio 2005 VSI template ●Includes full source for Membership, Role Manager, Profile and Web Parts Personalization providers ●Provider Toolkit ●Extensive 120 page whitepaper ●Sample providers for all provider based features ●Both will be available at http://msdn.microsoft.com/asp.net/beta2/providers/default.aspx ●Access providers from Beta 1 ●Installs as a Visual Studio 2005 VSI template ●Includes full source for Membership, Role Manager, Profile and Web Parts Personalization providers ●Provider Toolkit ●Extensive 120 page whitepaper ●Sample providers for all provider based features ●Both will be available at http://msdn.microsoft.com/asp.net/beta2/providers/default.aspx

38 Sofia, Bulgaria | 9-10 October Community Resources ●INETA MEA ! ●www.ineta.org ●mea.ineta.org ●Speaker as a resource ●goksin@yage.com.tr ●INETA MEA ! ●www.ineta.org ●mea.ineta.org ●Speaker as a resource ●goksin@yage.com.tr

39 Sofia, Bulgaria | 9-10 October Provider Model Appendix Patterns ●Strategy ●Provider base classes ●Factory Method ●System.Web.Configuration.ProvidersHelper ●Singleton Pattern ●Only one provider instance is instantiated ●Façade ●Feature classes like Membership, Roles, etc… ●Strategy ●Provider base classes ●Factory Method ●System.Web.Configuration.ProvidersHelper ●Singleton Pattern ●Only one provider instance is instantiated ●Façade ●Feature classes like Membership, Roles, etc…

40 Sofia, Bulgaria | 9-10 October Provider Model Appendix ●Provider Class Definition ●What is the pluggable aspect for the feature? ●Configuration ●Feature configuration ●Provider-specific configuration ●Common entry point class ●Triggers feature initialization ●Provider Class Definition ●What is the pluggable aspect for the feature? ●Configuration ●Feature configuration ●Provider-specific configuration ●Common entry point class ●Triggers feature initialization

41 Sofia, Bulgaria | 9-10 October Summary ●Rewrite or enhance features ●Plug-in rich functionality independently from the presentation tier ●Project current features onto other platforms via web services ●Use the provider infrastructure for your own features ●Rewrite or enhance features ●Plug-in rich functionality independently from the presentation tier ●Project current features onto other platforms via web services ●Use the provider infrastructure for your own features

42 Sofia, Bulgaria | 9-10 October Please fill out the survey forms! They are the key to amazing prizes that you can get at the end of each day Thank you!

43 Sofia, Bulgaria | 9-10 October

Download ppt "Sofia, Bulgaria | 9-10 October Developing Custom ASP.NET Providers For Membership And Role Manager Goksin Bakir Yage Ltd Microsoft Regional Director, MEA."

Similar presentations

Malek Kemmou Technology Architect, Application Platform Microsoft Middle East and Africa Overview of ASP.NET 2.0.

Malek Kemmou Technology Architect, Application Platform Microsoft Middle East and Africa Overview of ASP.NET 2.0.
Microsoft Dynamics® AX 2012

Microsoft Dynamics® AX 2012
Sofia, Bulgaria | 9-10 October Developing An Advanced ASP.NET Server Control With Rich Design-Time Goksin Bakir Yage Ltd Microsoft Regional Director, MEA.

Sofia, Bulgaria | 9-10 October Developing An Advanced ASP.NET Server Control With Rich Design-Time Goksin Bakir Yage Ltd Microsoft Regional Director, MEA.
Designing, Deploying and Managing Workflow in SharePoint Sites Steve Heaney Product Development Manager OBS

Designing, Deploying and Managing Workflow in SharePoint Sites Steve Heaney Product Development Manager OBS
Forms Authentication, Users, Roles, Membership Ventsislav Popov Crossroad Ltd.

Forms Authentication, Users, Roles, Membership Ventsislav Popov Crossroad Ltd.
October 20-24. Dyalog File Server Version 2.0 Morten Kromberg CTO, Dyalog LTD Dyalog’13.

October Dyalog File Server Version 2.0 Morten Kromberg CTO, Dyalog LTD Dyalog’13.
Microsoft Dynamics AX 2009 Integration and Development with.NET Framework Enterprise Portal.

Microsoft Dynamics AX 2009 Integration and Development with.NET Framework Enterprise Portal.
DEV392: Extending SharePoint Products And Technologies Through Web Parts And ASP.NET Clint Covington, Program Manager Data And Developer Services - Office.

DEV392: Extending SharePoint Products And Technologies Through Web Parts And ASP.NET Clint Covington, Program Manager Data And Developer Services - Office.
Chapter 12: ADO.NET and ASP.NET Programming with Microsoft Visual Basic.NET, Second Edition.

Chapter 12: ADO.NET and ASP.NET Programming with Microsoft Visual Basic.NET, Second Edition.
INTERNET DATABASE. Internet and E-commerce Internet – a worldwide collection of interconnected computer network Internet – a worldwide collection of interconnected.

INTERNET DATABASE. Internet and E-commerce Internet – a worldwide collection of interconnected computer network Internet – a worldwide collection of interconnected.
Microsoft ASP.NET AJAX - AJAX as it has to be Presented by : Rana Vijayasimha Nalla CSCE Grad Student.

Microsoft ASP.NET AJAX - AJAX as it has to be Presented by : Rana Vijayasimha Nalla CSCE Grad Student.
Performed by:Gidi Getter Svetlana Klinovsky Supervised by:Viktor Kulikov 08/03/2009.

Performed by:Gidi Getter Svetlana Klinovsky Supervised by:Viktor Kulikov 08/03/2009.
Membership, Role Manager and Profile Membership, Role Manager and Profile Matt Gibbs ASP.NET Development Manager.

Membership, Role Manager and Profile Membership, Role Manager and Profile Matt Gibbs ASP.NET Development Manager.
ASP.NET Programming with C# and SQL Server First Edition

ASP.NET Programming with C# and SQL Server First Edition
Jonas Thomsen, Ph.d. student Computer Science University of Aarhus Best Practices and Techniques for Building Secure Microsoft.

Jonas Thomsen, Ph.d. student Computer Science University of Aarhus Best Practices and Techniques for Building Secure Microsoft.
IIS 7: The Next Generation Web Application Server Platform Michael Volodarsky Program Manager Web Platform and Tools Team Microsoft Corporation.

IIS 7: The Next Generation Web Application Server Platform Michael Volodarsky Program Manager Web Platform and Tools Team Microsoft Corporation.
Enterprise Reporting with Reporting Services SQL Server 2005 Donald Farmer Group Program Manager Microsoft Corporation.

Enterprise Reporting with Reporting Services SQL Server 2005 Donald Farmer Group Program Manager Microsoft Corporation.
Christopher M. Pascucci Basic Structural Concepts of.NET Browser – Server Interaction.

Christopher M. Pascucci Basic Structural Concepts of.NET Browser – Server Interaction.
WSS 3.0 Architecture and Enhancements Ashvini Shahane Member – Synergetics Research Lab.

WSS 3.0 Architecture and Enhancements Ashvini Shahane Member – Synergetics Research Lab.
May 30 th – 31 st, 2006 Sheraton Ottawa. Microsoft Certificate Lifecycle Manager Saleem Kanji Technology Solutions Professional - Windows Server Microsoft.

May 30 th – 31 st, 2006 Sheraton Ottawa. Microsoft Certificate Lifecycle Manager Saleem Kanji Technology Solutions Professional - Windows Server Microsoft.

Similar presentations

Ads by Google