Role Providers
Download
Report
Transcript Role Providers
Sofia, Bulgaria | 9-10 October
Developing Custom ASP.NET
Providers For Membership And
Role Manager
Goksin Bakir
Yage Ltd
Microsoft Regional Director, MEA
Agenda
● Provider Model
● Extensibility scenarios
●
●
●
●
Projecting Membership via web services
Role caching with SQL Server 2005
Virtualizing applications
Integrating Membership with custom data
Sofia, Bulgaria | 9-10 October
● Membership service
● Membership API
● Membership providers
● Role Management service
● Roles class
● Role caching
● Role providers
Sofia, Bulgaria | 9-10 October
Membership Service
● Service for managing users and credentials
● Declarative access via Web Site Admin Tool
● Programmatic access via Membership and
MembershipUser classes
● Membership class provides base services
● MembershipUser class represents users and
provides additional services
● Provider-based for flexible data storage
Sofia, Bulgaria | 9-10 October
Membership Schema
Controls
Login
LoginStatus
LoginView
Other Login
Controls
Membership API
Membership
MembershipUser
Membership Providers
AccessMembershipProvider
SqlMembershipProvider
Membership
Data
Access
SQL Server
Other Membership
Providers
Other
Data Stores
Sofia, Bulgaria | 9-10 October
The Membership Class
● Provides static methods for performing key
membership tasks
●
●
●
●
Creating and deleting users
Retrieving information about users
Generating random passwords
Validating logins
● Also includes read-only static properties for
acquiring data about provider settings
Sofia, Bulgaria | 9-10 October
The MembershipUser
Class
● Represents individual users registered in the
membership data store
● Includes numerous properties for getting and
setting user info
● Includes methods for retrieving, changing,
and resetting passwords
● Returned by Membership methods such as
GetUser and CreateUser
Sofia, Bulgaria | 9-10 October
Provider Configuration
● Membership providers support a number of
configuration settings
● How should passwords be stored (cleartext,
hashed, encrypted)?
● Should password recovery be enabled?
● Must each user have a unique e-mail address?
● Exposed as properties of provider class
● Initialized from CONFIG files
Sofia, Bulgaria | 9-10 October
Sofia, Bulgaria | 9-10 October
Role Management Service
● Role-based security in a box
● Declarative access via Web Site Admin Tool
● Programmatic access via Roles class
● Roles class contains static methods for creating
roles, adding users to roles, etc.
● Maps users to roles on each request
● Replaces Application_AuthenticateRequest
● Provider-based for flexible data storage
Sofia, Bulgaria | 9-10 October
Role Management Schema
Controls
Login
LoginStatus
LoginView
Other Login
Controls
Roles API
Roles
Role Providers
AccessRoleProvider
SqlRoleProvider
Other Role Providers
Roles Data
Access
SQL Server
Other
Data Stores
Sofia, Bulgaria | 9-10 October
The Roles Class
● Gateway to the Role Management API
● Provides static methods for performing key
role management tasks
● Creating and deleting roles
● Adding users to roles
● Removing users from roles and more
● Also includes read-only static properties for
acquiring data about provider settings
Sofia, Bulgaria | 9-10 October
Role Caching
● Role manager caches roles data in cookies
● Fewer accesses to data store
● Better performance
● Controlled via <roleManager> attributes and
programmatically exposed thru Roles class
● Should roles be cached in cookies?
● Should role cookies be encrypted?
● How long are role cookies valid?
Sofia, Bulgaria | 9-10 October
Role Management
Providers
● Role management is provider-based
●
●
●
●
AccessRoleProvider (Access) * Removed
AuthorizationStoreRoleProvider (AuthMan)
SqlRoleProvider (SQL Server)
WindowsTokenRoleProvider (Windows)
● Use custom providers for other data stores
Sofia, Bulgaria | 9-10 October
Provider Model
● Enable new functionality in a transparent fashion
● Enable extensibility for
● Web services
● Browser based “Atlas” clients
● Smart clients
● Application services as pluggable building blocks
● Decoupled via configuration
● Use structural classes for your own features
Sofia, Bulgaria | 9-10 October
Provider Model
Feature Lifecycle
Static
feature
class
Feature
config.
Provider
instances
Sofia, Bulgaria | 9-10 October
Provider Model
Feature Configuration
public class QuotationsConfiguration : ConfigurationSection
{
[ConfigurationProperty("providers")]
public ProviderSettingsCollection Providers
{
get;
}
[ConfigurationProperty("defaultProvider",
DefaultValue = "StaticQuotationProvider")]
public string DefaultProvider
{
get;
set;
}
}
Sofia, Bulgaria | 9-10 October
Provider Model
Creating Provider Instances
//Start with empty provider collection
providerCollection = new QuotationsProviderCollection();
//Helper class converts configuration information into
//concrete providers
ProvidersHelper.InstantiateProviders(
qc.Providers, //a ProviderSettingsCollection
providerCollection,
typeof(QuotationsProvider));
//Lock the provider collection
providerCollection.SetReadOnly();
Sofia, Bulgaria | 9-10 October
Sofia, Bulgaria | 9-10 October
Projecting Membership
● Physical 3-tier deployments
● May not allow web server to connect directly
to Sql tier
● “Atlas” and smart clients
● Clients can only communicate over Http
● Need app services to work across the
Internet
Sofia, Bulgaria | 9-10 October
Projecting Membership
Design Issues
● Authenticating to the web service
● Not all methods should be public
● Serialization of MembershipUser
● Read-only properties don’t serialize
● WebMethod parameter constraints
● Collection types and [out] parameters
● Selecting from multiple providers
● Choosing a non-default provider
Sofia, Bulgaria | 9-10 October
Projecting Membership
3-Tier Flow
Web server
Application
code
Webservice
provider
Webservice server
.asmx
Membership
wrapper
SQL provider
Sofia, Bulgaria | 9-10 October
Projecting Membership
Authenticated Flow
Webservice server
Internet client
“login”
Applicatio
n
Returns forms ticket
.asmx
Formsuth
wrapper
.asmx
Membership
wrapper
Validate
ticket and
roles
SQL provider
Sofia, Bulgaria | 9-10 October
Sofia, Bulgaria | 9-10 October
Caching Role Data
● Role Manager can cache user roles:
● Cookie caching (not enabled by
default)
● Per-request in RolePrincipal
● RolePrincipal caching
● Results in at least one call to
GetRolesForUser
● Stored internally with HybridDictionary
● Cookie caching limited to 4K of data
● Option for persistent cookie
Sofia, Bulgaria | 9-10 October
Caching Role Data
● Cache role data using SQL Server 2005
query notifications
● Data is cached until SQL notifies you
● Good for clients that cannot use
cookies
● Can handle apps with hundreds of roles
Sofia, Bulgaria | 9-10 October
Caching Role Data
Query Notification Specifics
● Need to change “SET QUOTED IDENTIFIER”
in ASP.NET SQL scripts to “ON”
● Then recompile stored procedures
● Custom provider must query ASP.NET tables
directly
● Cannot create notifications against SQL views
Sofia, Bulgaria | 9-10 October
Virtualized Applications
● One physical ASP.NET application
● Multiple “virtual” applications
● Portal style applications
● DotNetNuke portal provisioning
● Self-registered forums and portals
● Sharepoint
● However providers are
● “Application-centric”
● Statically defined in configuration
Sofia, Bulgaria | 9-10 October
Virtualized Applications
● Override ApplicationName property
● Determine virtual application context
dynamically (e.g. IHttpModule)
● Retrieve it in the override
● Cautionary Notes!
● Prevent auth ticket re-use across apps
● Don’t accidentally map roles in one virtual
app to a user in a different virtual app
● Turn off cookie caching for roles
Sofia, Bulgaria | 9-10 October
Sofia, Bulgaria | 9-10 October
Setting Application
Context Dynamically
Integrating Custom Data
● Need to integrate existing data
● Don’t want to write a provider from scratch
● May need to link to your own data
● What can “safely” be referenced?
● How do you handle transactions?
● How do you pass extra data along?
Sofia, Bulgaria | 9-10 October
Integrating Custom Data
Custom Provider Design Issues
● Referential Integrity
● Foreign key to aspnet_Users table
● Use SQL views to lookup UserID
● Transactional Integrity
● Use the new ADO.NET 2.0 TransactionScope
● Custom Data
● Pass via HttpContext to CreateUser
● Extend MembershipUser for other cases
Sofia, Bulgaria | 9-10 October
Summary
● Rewrite or enhance features
● Plug-in rich functionality independently
from the presentation tier
● Project current features onto other
platforms via web services
● Use the provider infrastructure for your
own features
Sofia, Bulgaria | 9-10 October
Community
Resources
● INETA MEA !
● www.ineta.org
● mea.ineta.org
Sofia, Bulgaria | 9-10 October
Community Resources
Provider Links on the Web
● Access providers from Beta 1
● Installs as a Visual Studio 2005 VSI template
● Includes full source for Membership, Role Manager,
Profile and Web Parts Personalization providers
● Provider Toolkit
● Extensive 120 page whitepaper
● Sample providers for all provider based features
● Both will be available at
http://msdn.microsoft.com/asp.net/beta2/providers/default.aspx
Sofia, Bulgaria | 9-10 October
Community
Resources
● INETA MEA !
● www.ineta.org
● mea.ineta.org
● Speaker as a resource
● [email protected]
Sofia, Bulgaria | 9-10 October
Summary
● Rewrite or enhance features
● Plug-in rich functionality independently
from the presentation tier
● Project current features onto other
platforms via web services
● Use the provider infrastructure for your
own features
Sofia, Bulgaria | 9-10 October
Sofia, Bulgaria | 9-10 October
Please fill out the survey forms!
They are the key to amazing prizes that
you can get at the end of each day
Thank you!
Sofia, Bulgaria | 9-10 October