This is a long one, so hold on guys.
What is it?
Answer from MDSN: “ASP.NET membership gives you a built-in way to validate and store user credentials. ASP.NET membership therefore helps you manage user authentication in your Web sites. You can use ASP.NET membership with ASP.NET forms authentication by using with the ASP.NET login controls to create a complete system for authenticating users.”
So basically its something you can use when you want to have some sort of accounts in your website.
Why use it?
So why use this and not just write something yourself? well you got the obvious reason, why would you invent the wheel? and if you got all the power to create and manage users straight of the box. You even have controls straight from the box, just waiting to be dragged and dropped into a page to make it happen couldn’t be any simpler. You don’t have to worry about password encryption, you don’t have to worry about how to make different parts of the site have different types of access levels, etc.
I have seen the controls but I already have Database design with a nice table for my users, or I have seen the controls but I want to have more data against my users, can I use this?
Yes you can! That’s what so great about this. it’s very easy to extend the membership controls so you can add more stuff.
Can you show me how to do it?
Yeah, I can! so lets do this.
first thing you need is a DB ( we will use a SQL server database for this example. (the way you get a DB is out the scope of this post). once you have a DB
you have to create get all the tables and stored procedures that ASP.NET Membership requires. Luckily there is a great tool to do that.
if you go to %WINDIR%\Microsoft.Net\Framework\v2.0.50727\ you will find the “aspnet_regsql.exe” tool, double click on it and you will open a wizard that enables you to add or remove all the DB objects
needed. So go through the wizard, in short you just have to select if you want to add or remove the objects and point to your DB. Once that is done you have to go to your web app or website and
you need to add a connection string in the web.config. something like this:
<connectionStrings>
<add name=”Nice_Name_For_ConnectionString”
connectionString=”Server=MyDatabaseServerIPorDNSname;Database=MyDatabaseName;User ID=SQLusername;Password=password;Trusted_Connection=False;” />
</connectionStrings>
You have the connection to the DB but you have to set up the Membership provider. you can do that with :
<membership defaultProvider=”SqlProvider” userIsOnlineTimeWindow=”15″>
<providers>
<clear />
<add name=”SqlProvider”
type=”System.Web.Security.SqlMembershipProvider”
connectionStringName=”Nice_Name_For_ConnectionString”
applicationName=”MyApplication”
enablePasswordRetrieval=”false”
enablePasswordReset=”true”
requiresQuestionAndAnswer=”true”
requiresUniqueEmail=”true”
passwordFormat=”Hashed” />
</providers>
</membership>
so you can see that I am setting this up to use SQL ( defaultProvider = “SqlProvider”) . And that I am using the connection string created earlier.
The last stuff to do in the Web.config is to set up authorization , which is the same as saying who can go where, or which of the pages are public and which of them are to be seen only
by validated users and the default login page.
You can do that with:
<authentication mode=”Forms” >
<forms loginUrl=”login.aspx”
name=”.ASPXFORMSAUTH” />
</authentication>
<authorization>
<deny users=”?” />
</authorization>
Obviously you can have several authorization blocks like this:
<location path=”public_area”>
<system.web>
<authorization>
<allow users =”*” />
</authorization>
</system.web>
</location>
More on authorization control.
So the membership is configure lets add some pages to test it.
You should have at least three pages to check the membership working.
So add a login, a register, and a user dashboard page.
then drag a Login control to the login page, a CreateUserWizard Control in the register page and a Login status in the user dashboard page (its nice if you put the user dashboard under a directory that only logged users have access to). Set up the urls in each control, the login control will have a CreateUserUrl property that should point to the Register page and a DestinatioPageUrl that should be set to the Dashboard page.
You can now compile the site, and if everything was done correctly, you will be able to navigate to the login page, you won’t be able to login because there is no user created, so you can go to the Register page and create a new user, just follow the wizard, once its finished go back to the login page and enter your credentials. this will take you to the DashBoard page.
This is all great. but now you must be thinking “cool,so where can I link an user that was created with my existing tables so I can have more info on the guy?”
Its simple. you have to go back to the Register page and set the OnCreatedUser of the CreateUserWizard control, it should look kind of like this:
<asp:CreateUserWizard ID=”CreateUserWizard1″ runat=”server”
FinishDestinationPageUrl=”~/login.aspx”
OnCreatedUser=”CreatedUser”
ContinueDestinationPageUrl=”~/login.aspx”
CancelDestinationPageUrl=”~/login.aspx”>
<WizardSteps>
<asp:CreateUserWizardStep ID=”CreateUserWizardStep1″ runat=”server” >
</asp:CreateUserWizardStep>
<asp:CompleteWizardStep ID=”CompleteWizardStep1″ runat=”server” >
</asp:CompleteWizardStep>
</WizardSteps>
</asp:CreateUserWizard>
then on the code behind you have to add the CreatedUser method, in this example I’m using LINQ to SQL to create a user on my Users Table, I am just setting the same info that I am getting from the CreateUserWizard(CUW), but you can add steps to the CUW get more info and save it. In this case I don’t want to waste the user time with more than the essential, he should be able to go to a personal settings page and set the rest after registering. so this is how I create the user on my sets of tables:
protected void CreatedUser(object sender, EventArgs e)
{
MyStatsDataContext Db = new MyStatsDataContext();
MembershipUser newUser = Membership.GetUser(CreateUserWizard1.UserName);
Guid newUserID = (Guid)newUser.ProviderUserKey;
Infrastructure.User _User = new Infrastructure.User();
_User.User_ID = newUserID;
_User.User_Name = newUser.UserName;
_User.User_Email = newUser.Email;
_User.User_CreatedTimeStamp = newUser.CreationDate;
_User.User_UpdatedTimeStamp = newUser.CreationDate;
Db.Users.InsertOnSubmit(_User);
Db.SubmitChanges();
}
So Now if you run the site when you create a user you will create a user on your own DB. this means you have all the power of the ASP.NET Membership and all the flexibility you want and need for your system!
ASP.NET Membership Done!
More resources:
Creating ASP.NET Website with basic User Login
Storing Additional User Information
Thats all folks enjoy, as always feedback is welcome.
live long.