A Membership Provider allows a web application to store and retrieve membership data for a user, and the standard ASP.NET Membership Provider uses pre-defined SQL Server tables. In this video we learn how to create a custom membership provider that uses custom SQL Server tables separate from the pre-defined tables used by the standard provider. The principles covered in the video will apply to creating custom membership providers using other databases such as Access or Oracle. After learning to create the custom membership provider, we learn how to configure the provider in a web application, and see a demonstration of creating a new user and authenticating the new user with the custom membership provider.
The following text is a software generated transcript of the video. Click on a minute link to jump to a location within the video
Minute 0
I is for spells in the city over to learn how to create a custom ASP net membership provider to implement a custom membership provider of all we need to do is create a class that inherits from a base membership provider class that implements a number of abstract properties and methods that are required by the base class was going pretty class library project here will call this membership provider of VB
Minute 1
To actually in the first one is system configuration and the second one will be system Web now they have those references the next thing we need to do it is take our class one here and inherit from the base class had mentioned that has the abstract properties and methods that is to insist system Web security membership provider and let s hit the enter key here will see these stubs for all the methods that we need to implement and I can see from the list of methods here in the drop down his quite a few methods and properties that we need to implement so in the interest of time what it can do is bring in a class that I ve already implemented all these properties and methods
Minute 2
Doughnuts spend a ton of time looking at the development of the code but can focus more on what these methods do and how they re implemented Cisco out here and we ll take the project and let s refresh it and here s the class I want to bring in cold HDI membership provider to include that in the project and will also delete class one here this front and a need that anymore for to look at the invitation of the methods for the membership provider base class we need to create a place to store our membership data that we were using a SQL membership provider that comes with ASP net there s a script that creates a variety of tables and stored procedures for the membership data for a since for creating a custom provider here will want to do is have our own place to store membership data celeb
Minute 3
Go to SQL Server and take a look at how would I do that this cable here in cold users which will be used to store our membership data and there s a variety of columns that are contained in any most of these columns coincide with the need to store certain pieces of information to implement the functionality required by the methods in our base class and will refer back to these columns as we go through the code and look at the implementation of some of that functionality and we hadn t be using SQL Server and the sample but you could easily use another database a Microsoft access Oracle etc to store your data cells go back over to Visual Studio and take a look at the implementation of our membership provider class solicited with the implementation of our custom membership provider
Minute 4
Efficiency indeed share membership provider inherits from the base number two provider class which is required for any custom membership provider could have done here is to group Freya sections of the class into regions so it makes a little easier for us to take a look at things given that there is a just over 1200 lines of code in the class is number of import statements up top just made easier so we don t have to type the fully qualified name spaces as number of classwide variables here that are used at various points of the functionality in the methods of the class and we have our first override here of the application name property from the abstract base class and all this is doing is storing and retrieving the name of the application in one of those
Minute 5
As wide variables that we just saw above that we have several other properties here there are also implementing overrides of the abstract base class we have one for the eight leading of resetting the password one for whether or not the password can be retrieved whether or not the provider requires that a question and answer be part of the registration or create user process whether or not there is a unique e mail required in the Mercer process the number of or rather the maximum number of invalid password attempts that the user can make when logging in as well as the window of time in minutes in this case that we found invalid password attempts also there is one for what format we use for the
Minute 6
Password and see that a little more detail in a minute whether or not we require a minimum number of non alphabet for alphanumeric characters and also what the required minimum required length of the password is and then lastly what the strength regular expression is noticed you who have worked with the SQL membership provider that comes with ASP net a number of these properties should be familiar to you as they are attributes that being said in the web config file when you specify the membership provider and what I see when we put this custom membership provider into a website testing you ll see that some of these will be set as attributes of our membership provider in the web config file
Minute 7
Method and essentially what happens here in the initialize method is that we re retrieving a number of values from the web config file so for example let s take line 172 here and what s happening here is that we re going out to the Web config file were getting Vmax invalid password attempts at you and restoring that in a classified variable of the same name I ve done here in this class is to try to be consistent in the naming convention so you ll see many of the class library bowls are named such that they correspond
Minute 8
Flight rival password format to the corresponding standard he known value for membership password format next three down here and get the connection string from the config file and then lastly will rejoin his bring in the machine key section of the Web config file which is conceived by the con him on one of seven has to do with encrypting and he couldn t think our key information that is quick and methods from the base class that are implemented here so what want to do is to stick a couple of these methods will look at how they re implemented in what the approaches and then you can look at the other methods in your leisure by downloading the simple source code because there s a lot of consistency across the methods in terms of the approach lets take a look first at the create user method consists ever important method in our membership provider for the create user method does
Minute 9
Is it rude to receive seeing down a number of pieces of information from a base class and once the user is created there is a membership user object death returned and this is the standard membership user object that would be returned by any other provider including the default SQL membership providers while we re doing is just interceding in the process and getting the information for the membership user and populating that object our own to first thing that happens here in Tikrit user metadata as we set up that the user will be validated once we ve created in by creating an instance of the arguments for validating the password and then calling me on validating password method that if you get a cancel return from these arguments in the call to the validating a password resets status to the invalid
Minute 10
Password and we asked you don t create user and his return from the method next we take the e mail address and we determine whether or not he current settings require a unique e mail and if so then we go out to the database and see if a user already exists for the e mail and if they do exist was at the status to their duplicate e mail and we returned from creating user next on here on 361 we take the username co opted to get user method and see whether or not we get a membership user object back or whether we get it never should user object is populated with data because if we do not get a membership user bag that means user doesn t exist in database and then we can go forward with creating the user to create a user we have to set up a number of parameters that are passed into the
Minute 11
Procedure in this case it s called user_INS and both these guys come in down to the create user method to recognize many of the names and then once we set up the parameters we execute the stored procedure and determine whether or not it was successful and if it is reset our status to success otherwise it said two rejected and then once we know the user has been successfully created down here on 397 recall to get user method passing username and it returns a membership user object instance which is then return from the create user method next let s take a look at the validate user method and this method is called every time you try to log into the system of username and passwords let s see how that one works to the username
Minute 12
Password come in down to the method and mom were done we return tour false whether or not we validated our user s the first thing that we do here in the metadata used to take username and execute a stored procedure that goes off and gets us the password is currently on file for the user and is a particular sore procedures for the user_validate go off and execute that open up the SQL data reader and we get some of the values as I said from that reader or the row corresponding to the user in the table all in the database when is the password that s currently on file and the second is whether or not the user is proved and once we have that information to call a check password method which is utility method in a class that takes the inbound password to the validate user method and compares it with
Minute 13
The password that stored in the database and wanting to look at is because the check password method contains the logic that allows us to compare our inbound password which is in plain text format to store password which may or may not be hashed to the finance the definition of the tech password method and see how this works entered and stored password coming down here and then based on what the format of the password is in this case we are doing with encrypted or hashed password that same rehab a hashed password what happens is they been called these include password method takes the plaintext password that the user typed in and encodes it and then we compare whether or not it s equal to the one that comes from the database that include password method is right down here and
Minute 14
One important thing to note is that it is using the machine machine key section from the web config file and ancillary there is an honor code method down here if our password was encrypted let s go back up to our validate user method so if after checking our password to passwords are equivalent then we look to see whether or not the user is approved if they are approved we consider this a valid user and then we make a call to the stored procedure which updates the login date for the user so they were able to track of the date and time that each user logged into the system now if we do our password check failed or what happened is we would call a separate utility
Minute 15
At it which updates the database to indicate that are user try to login but if they ll down here on line 30 returns the local variable_is valid which indicates whether or not the user was successfully validate the third method that I have us look at here is the reset password method but this does is it takes in the username and the answer to their security question and ultimately returns the new password for a salient to do starting on 766 is find out whether or not the user has enabled or the application allows users to reset their passwords if not we thrown exception otherwise we move on and we look and see if the user didn t supply in an assertive security question and we are required
Minute 16
Is upon our configuration to have an answer to security question in update the failure count for the user and Troy exception however it is that all looks good then we create a new password using he generate password method in the net framework membership namespace chloroplasts rather and we use the length of the password comes from the configuration file as well as the minnow number of required non alphanumeric characters now once we have that new password we take username and password and quality on validating password then we test to see what they re not that was successful if it is successful then we call a stored procedure user_get password answer the purpose of this or procedures to take these
Minute 17
Amen the application and retrieve for us the answer on file to the user s security question is whether or not they are currently locked out because they ve exceeded the maximum number of password attempts so following the call that stored procedure first thing we do gays get the value from the result set that indicates whether or not the current user is locked out if they are thrown exception and if they are not locked out then we take the answer from the result set and stored in a local variable next idiot we are required by the configuration settings to have an answer to security question within call a utility check password method at this hour passing ash the answer provided by the user to the answer from the database and the same method that text password actually compares the two answers and tells us whether or not their equivalent of the article of the equivalent
Minute 18
Then we update the failure count for the current user had thrown exception if they are equivalent then we call another sore procedure down here which updates the password for the user heading down it takes the new password here to score the Red Sea can see that and aging codes or encrypts the password and has said in his parameter to sort procedure and its stored in the user s record in the database then funny once that s all done retake the new password and returning from the reset password method now there are a host of other methods here that you can see and most these methods follow a very similar approach they either gay values from the database update values in the database compare some values that are either passed into the methods to configuration
Minute 19
News etc to determine whether or not the purpose of the method is being carried out early to do here before we leave our custom membership provider a treatise have a website and implemented Cisco back over SQL Server and we ll take a quick look at the various stored procedures that are used here just to get a perspective on what the sort procedures are and as with the additional methods in the actual implementation of the provider if they look at these stored procedures in the sample code South Qu bec order Visual Studio and test out our custom membership provider in the sample website lets create a simple website road test out our custom membership provider first let s build the provider to make sure that we ve done everything correctly and it looks good now would create a simple once
Minute 20
Eight discrete regular ASP net website and let s call this website TV the first thing we wanted to hear no website is at a reference to the custom membership provider that we created over here in the class library and what we can do is add that reference correctly to the project in our solution if it also created bin folder on your own and copy and paste the assembly into the bin folder to another leave includes a reference for custom provider we wanted and some membership configuration information to the Web config file round here in more than one ad is a membership element will set the default provider if he is a HCI or
Minute 21
Shift provider and then want to add an empty element for the provider is little clear and existing providers and now we can add our new provider so let s give it a name equal to ATI membership provider pan next move will enter the type attribute is the fully qualified class name so in this case of HDI ASP net membership I d HDI membership provider
Minute 22
Will set the connection string for our provider and that is equal to HDI connection string and that s defined up above in the web config file in the connection string settings are rather elements and let s set enable password retrieval meet with the shrew and let s also enable password reset for that one and let s require a question and answer to
Minute 23
Pen and that looks good so this provider here in the web config file rather than membership provider that we ve defined here will cause our website to use the custom provider rather than the any other provider such as the SQL membership provider that comes with ASP net and before we leave the web config file here I just want to point out up here on my 55 is the machine key element lead the key values that are used for encrypting or hashing of the password as we saw what we re looking at the custom membership provider code let s close this down here and now wanted like to do is create at a few pages and on our default page will do is we ll just say this is the how little labels of his faith have
Minute 24
July and this is the custom membership provider and this is just the simple little labels so that when this page comes up we know what it s finished to other pages that might create test out our provider and the first one is going to be a page called create user which will do as the name implies and then the other is a login page and with his name now a login splits put a login control here on our login page with over the toolbox down under login will get a login control drag it over here on our login page and that in error and scored for a create user page and take one of the standard create user
Minute 25
Wizard controls and put them here as well and now it should be all set to test out of our little website now use a custom membership provider for you test out the website I want to do is open up our custom membership provider class and set a few breakpoints in the first one I want to set is up in the create user method and then the second one will be down in the validate user method is now are all set to go just make the create user page are start page syrup the website in a debug mode will get this standard pretty user form from the create user Wizard control lets fill this out and pull this test user one password will make password
Minute 26
E mail won t test you through one that tempt out or security question lets use favorite dog and that would be Dino now a click create user to see we jump into the create user method to go swallow logic that we just saw one review that class let that go in and up and validate user names here and go through all the logic to determine whether or not the current user is valid that we saw and when we finish up with that seaweed successfully create a new user to click continue and center now authenticated login we have access to our homepage so now let s go back and this time will make default aspx via homepage and I should note that a
Minute 27
All of the access for anonymous users has been turned off years when a return to access any page including the homepage will be asked to authenticate zealots started up began and this time were redirected to the login page lets login as test user and put in password click login and invalidate user again it goes to that logic and when it s complete it authenticates us and were redirected to the homepage was to shut down the browser here I want to go back over to SQL Server and just take a quick look at the database table users where were storing our information and you will see here we do have one row for test user wants of the information that we entered in our create user form was stored in the database
Minute 28
Set an example to the major operations are custom membership provider creating user in validating user as you saw what we went through the code there is a lot of properties and methods here from abstract base class that are implemented by encouraging to do is download the sample source code installed on your machine and use breakpoints as a means of stepping into various operations such as entering too many invalid passwords so the summer and what we did is we created a custom membership provider by creating a class library and in it and we had a class called a generous provider that I heard it from the abstract base class of membership provider from the net framework memory and submitted a number of abstract properties and methods from that base class I hope you enjoy this video on how to create a custom or merchant provider
Minute 29
This is Chris tells thank you for your time
Click here to go to original video page
Google Search
Monday, August 25, 2008
Video: How Do I: Create a Custom Membership Provider?
Subscribe to:
Post Comments (Atom)
0 comments:
Post a Comment