HomeASP.NET ASP.NET 3.5 Role Based Security and User A...
ASP.NET 3.5 Role Based Security and User Authentication Web Development
This is the first part of a tutorial series on developing ASP.NET 3.5 websites that will implement user role-based security and user authentication. This is a very common and useful ASP.NET website feature. On the Internet, you'll see a lot of websites that accept some kind of membership, where users can log in to the website to access restricted information.
Contributed by Codex-M Rating: / 7 August 16, 2010
On the other hand, administrators also manage the websites in such a way that more sensitive pages can not even be viewed by the registered users. This tutorial will sum up everything that has been discussed previously by the following tutorials:
To make the learning process very easy for you, we'll develop a sample website in this tutorial series that will incorporate all of the fundamentals and web controls involved in ASP.NET user account management.
If you have not read the previous tutorials at the links listed above, it is recommended that you read those first. This will make it easier for you to understand the concepts discussed in this tutorial.
The name of the project will be aspnetloginexercise. You need to make sure the website is fully functional, especially the basic administrator login page and the Default.aspx home page.
Once you get that working, we'll use that website to host a useful web application which we will start to create in this tutorial. For example, say you are planning to create a website that monitors tasks for a certain company. What functions will you need?
The manager/web administrator will be the one to assign, edit and update tasks to their workers. The registered users/workers will then log in to view the tasks assigned to them.
The registered workers cannot view the administrator folders. Additionally, anonymous users (those who are not logged in) cannot view either the administrator or the registeredworkers folder.
Finally, new workers can register using the website's new worker registration page. However, since the website is publicly accessible, newly registered users are marked inactive and cannot log in as new workers until the website's administrators mark their account active. Once active, they can log in and view the tasks assigned to them.
This website should consist of the following pages:
Default.aspx (home page)
Path: /aspnetloginexercise/Default.aspx
The purpose of this page is to serve as the landing page for most visitors and anonymous users. This page has already been created in an earlier tutorial.
This page is used by the registered workers to view their assigned tasks.
CreateNewUser.aspx
Path: /aspnetloginexercise/CreateNewUser.aspx
New workers can register using this page. The administrator needs to mark their account active in order for them to become valid registered workers.
Login.aspx
Path: /aspnetloginexercise/login.aspx
This is the login page used by the workers and website administrators. This page was created in the same tutorial in which the Default.aspx page was created.
In this tutorial, you are the first user (as an administrator). Now, assuming your company has three starting workers (Peter, John and Mary), you need to add them to the website administration tool as users. Follow the steps below:
Step 1. Launch the “aspnetloginexercise” ASP.NET website project in Visual Web Developer.
Step 2. Go to Website -> ASP.NET configuration.
Step 3. Click “Security.”
Step 4. Click “Create User,” and the registration form will be shown.
You will need to register John first. Access credentials that you will use are shown below (for the purpose of this tutorial, you will be using these later, so take note of them):
User Name: Peter Password: zedRab2=ba@U Email: peter_the_worker@gmail.com Security Question: What is the name of your pet? Security Answer: Pete Active User: Yes
After entering the registration information for Peter, click “Create User” and then click “Continue.” Do the same for John and Mary (see registration details below):
User Name: John Password: pRab87p=AG?x Email: john_the_worker@gmail.com Security Question: Name of your first pet? Security Answer: Pedro
User Name: Mary Password: te!a=rUTajEt Email: mary_the_worker@gmail.com Security Question: Most favorite food? Security Answer: Cheeseburger
Step 5. After registering the three workers, click the “Security” link in the navigation menu. Then, under “Users,” click “Manage Users.” You should see the newly registered workers on your website. See the screen shot below:
Step 6. Delete your browsing history (Safety – “Delete Browsing History” and checking all options in Internet Explorer 8) and close your browser. This will also close the Website Administration Tool).
Let’s assign initial tasks to Peter, John and Mary. To do this, you will need to use the ASPNETDB.MDF database to save the tasks so that your ASP.NET web application can simply retrieve these tasks for updating, editing and viewing purposes.
Take the following steps:
Step 1. In Visual Web Developer, go to View -> Database Explorer. This will let you see the Database Explorer on your right.
Step 2. Expand ASPNETDB.MDF by clicking the + (plus sign). This will let you see the components of the database (for example, Database Diagrams, Tables, Views, etc.).
Step 3. Expand Tables by clicking the + (plus sign). You will then see several tables created by ASP.NET; these are the user account management database tables (for example, aspnet_Applications, aspnet_Membership, etc).
Step 4. Let’s add and create a new table in this database, named “WorkAssignment.” To do this, right click on “Tables” and click “Add New Table.”
Step 5. Add the following column names below, their respective data types and allow nulls setting:
First column name Name: WorkID Data Type: int Allow nulls: No (unchecked)
Second column name Name: Tasks Data Type: nvarchar(200) Allow nulls: No (unchecked)
Third column name Name: InCharge Data Type: nvarchar(100) Allow nulls: No (unchecked)
Fourth column name Name: Deadline Data Type: datetime Allow nulls: No (unchecked)
After entering the above column names, what you have should look like the screen shot below in Visual Web Developer:
Step 7. You need to set the WorkID column as the primary key index. Highlight the WorkID row, and then go to “Table Designer” -> Set Primary Key. You should see a yellow key icon beside the WorkID.
Step 8. At the bottom, you should see the “Column Properties” of the WorkID. Scroll down until you see the “Identity Specification.” Click the + (plus sign) to expand it. Change the value of (Is Identity) from No to Yes.
Step10. Enter WorkAssignment as the name for the table.
Step11. You should see the newly created table under Tables in ASPNETDB.MDF database. Here is a screen shot:
Step 9. Enter the initial tasks for Peter, John and Mary by right clicking on the WorkAssignment table, and then clicking “Show Table Data.” Since it is empty, you need to type the following tasks as shown in the jpg here: http://www.dotnetdevelopment.net/tutorials/taskinputsample.jpg
You will only need to enter data for the three columns (Tasks, InCharge and Deadline); the WorkID will automatically increment, since it is set as primary index.
After entering the data, it should look like the screen shot one below:
We'll continue with the creation of the different ASP.NET pages on the next tutorial.
ASP.NET 
/ 7 
Implement Gzip and Deflate Compression in ASP.Net
