Introduction

Welcome to this video overview of the differences between the latest Web design tools available from Microsoft and Macromedia, namely, Microsoft’s Visual Studio 2005 and Macromedia’s Dreamweaver, Version 8. This video examines how storing user credentials and configuration can be simplified.

Dreamweaver Section

Membership is a unique feature of the .NET environment and is not supported by Dreamweaver version 8.

Visual Studio 2005 Section

Membership in ASP.NET 2.0 gives you a built-in way to validate and store user credentials, helping you to manage user authentication in your Web sites. Think of this as a reference system behind the scenes that keeps track of important user information. As there is no specific visual component to this feature, the options available will be examined simply from what appears from Intellisense.

The implementation of Membership is from the System.Web.Security.Membership class. You can use ASP.NET Membership with ASP.NET Forms Authentication and ASP.NET log in controls. This creates a complete system for authenticating users. The Membership class provides all the implementation, and you can choose a provider to obtain data from. ASP.NET 2.0 ships with providers for both Active Directory and SQL server, giving options tailored for Corporate Intranet solutions as well as common Internet sites such as a storefront.

ASP.NET Membership supports facilities for ...

• Creating new users and passwords
• Storing membership information such as user names, passwords, and also supporting data
• The facility to authenticate users who visit your site. You can authenticate users programmatically, or you can use the ASP.NET Login controls to create a complete authentication system that requires little or no code
• The membership system also manages passwords, including the creation, changing, and resetting of them. Depending on the membership options you choose, the system can provide an automated password-reset system that takes user-supplied questions and responses
• The membership system also exposes unique identification for users that are authenticated, and you can use in your applications. This also integrates with the ASP.NET Personalization and Role-Management systems
• Membership can also use a custom provider, which allows you to substitute your own code to manage membership data in a custom data store.

Although membership is a standalone authentication system in ASP.NET 2.0, it can also be integrated with the ASP.NET Role-Management system. This provides authorization services for your site. Membership can also be integrated with the Profile feature of ASP.NET 2.0 to provide custom application features specific to your users. Visual Studio 2005 also provides a Web administration tool, that will allow you to create and modify your existing users, and the roles that your users belong to. Once these users and roles are created, you can them limit access to certain roles to directories in your Web site.

To setup this example, we’re going to create a Web site from scratch. We’ll create a new directory in our Web site called Admin. This is the directory that we’re going to only let certain users have access to. In this directory, we’ll create a new Default.aspx page. On this page, we’ll simply drag a LoginName control onto the page. Now, we’ll create a Login.aspx page. This will let us login to the Web site. On the login page, we’ll simply drag a login control to the page. Back on the default page, in the root of our site, let’s create a link to our administration Default page.

The net step is to create users, roles, and secure the administration directory using the built in membership system for ASP.NET. We can accomplish this from the Website Menu, choosing the ASP.NET Configuration item. This will launch a configuration application that will allow you to easily manage your Web site membership. On this site, you’ll see for tabs. Home. Security. Application. and Provider. For membership, we’ll be working in the Security tab, where we can manage users, roles, and Access rules.

Let’s create a new user. First, select the authentication type. This example is going to let users login from an internet application, so we’ll select From the Internet, and then click done. Now we can create a new user. Now that we have created a user, we can manage roles. First click enable roles. Then click "Create or Manage Roles". We’ll create a role for all of our Admin users.

Finally we can create an access rule, that will secure our Admin directory, so that only users that belong to the adminusers role will be allowed access to those pages. Fist we need to deny the Anonymous users. This access rule will require that all users must be logged in to have access to the admin directory. Then we’ll add another access rule, that will only allow the users that have the role "AdminUsers" to access the directory. Now we can close the Web Admin tool, and return to our site. Since our site is already setup, we’re ready to run our site, and see the example.

On the default page, we have a link to the Admin directory. If we click the link, ASP.NET will see that the directory has an access rule, that does not let anonymous users have access to the Admin directory, and automatically redirects us to the login page. Notice the URL of the login page has a returnurl parameter in the query string. This tells the login page where to return after you have logged in successfully. We’ll log in as our admin user, and since our user belongs to the role AdminUsers, we’ll have access to the admin page we created.

Notice that we were able to create a secure site, with users, and passwords, and roles, all without using any programming logic. We did use the Web site administration tool to create user accounts, but this could also have been done on your Web site, using the login controls that were shown and talked about in the last video.

Conclusion

This video examined ways to store user credentials and other configuration details.