Beginning ASP.NET 2.0 With CSharp (2006) [eng]
.pdf
Chapter 4
Now follow these steps:
1.Click the Security link to take you to the Security settings administration tab, shown in Figure 4-7.
Figure 4-7
2.In this page you will see a hyperlink that enables you to launch the Security Setup Wizard. Click this link to proceed to the first stage in the wizard, as depicted in Figure 4-8.
108
Membership and Identity
Figure 4-8
3.Click Next to skip past the first page, and you’ll arrive at the screen shown in Figure 4-9. Select the From the Internet radio button to enable both anonymous users and users who have to log in via the web.
109
Chapter 4
Figure 4-9
Click Next to continue to the next screen, displayed in Figure 4-10.
110
Membership and Identity
Figure 4-10
You can skip straight past this step and click Next to continue — the default provider will enable all of the required functionality without additional work. In the next screen, you are asked if you want to define any roles for the web site. In this example, you can skip this step — you will be defining roles later in this chapter. Keep the check box unchecked and click Next.
4.When you reach the screen shown in Figure 4-11, you will be prompted to enter some details for a user.
111
Chapter 4
Figure 4-11
5.As shown in Figure 4-12, enter some details for a user of the site — these could be your name, my name, anyone’s name. Just make sure you don’t forget the password you enter — you’ll need this later. Clicking the Create User button shows a confirmation prompt, at which point you can click Continue to create another user. At this stage, you should create two users — one standard user and one that you’ll use later as the administrator of the site.
112
Membership and Identity
Figure 4-12
Later, you’ll be able to give these users appropriate access permissions for the site. Note that you don’t get the option to make these users members of any roles at this stage — this is done later in the setup process. Click Next to continue.
6.The next step is to define the accessibility levels for the site, defining who is able to see the content of the site, and who is denied access. At this stage, you can add permissions to users directly. Later, you will add those users to groups and assign rights and permissions to entire groups of people. As illustrated in Figure 4-13, you need to grant the Allow permission to each user individually, and deny access to all anonymous users. To set permissions for a user, select the User radio button, enter the username in the box next to the radio button, select Allow, and click Add This Rule. To deny access to anonymous users, select the Anonymous Users radio button, click Deny in the Permission section, and click Add This Rule.
113
Chapter 4
Figure 4-13
After you click Next, you should see that you have completed the wizard, which means that you should now have a web site with some user profiles and some access rights restrictions. All that remains is to try out the pages.
7.Back in VWD, select the Default.aspx page from the solution explorer and press Ctrl+F5 to run the page — you should see the screen shown in Figure 4-14.
114
Membership and Identity
Figure 4-14
Because anonymous access is denied for the site, you are immediately taken to the login page. Notice that the address of the page indicates that your intention was to view the Default.aspx page.
8.Before you log in, try entering some invalid credentials (a username and password that don’t exist, but not a blank password). You should see the message shown in Figure 4-15.
Figure 4-15
9.Try to log in as one of the user accounts available to the site. You are automatically taken back to the Default.aspx page, as illustrated in Figure 4-16.
115
Chapter 4
Figure 4-16
Clicking the Logout link takes you back to the Login.aspx page — the site will not let anyone view pages without being logged in first.
How It Works
The Login controls available to ASP.NET pages are a real gift from the Microsoft teams. I’ve lost count of the number of sites I’ve worked on that had custom login functionality, all coded by hand, and now all I have to do is drag a few controls onto a page. On top of that, the wizards available for configuring user accounts and permissions make it even easier to get results up and running quickly. You may prefer to use your own user account data store, or even to link in to Active Directory user accounts, but this can be changed later in your development process.
This Try It Out simply walked you through the process of configuring user accounts. Though that is a necessary process, the Website Administration Tool is more interesting in what it creates behind the scenes. First, the user account profiles that were created have to be stored in some central repository, so the tool creates a new profile database for you for this purpose. Take a look at the Chapter04 folder in your C:\BegASPNET2\Chapters\Begin\Chapter04 directory and you should see a folder called App_Data. Right-click and select Refresh Folder, and you should see a file called AspNetDB.mdf. This is a Microsoft SQL database file, and you can view the structure and contents of the database tables within the VWD environment, as shown in Figure 4-17. (You’ll learn more about this process when you get to the database chapters.)
The other part of the configuration was to assign some permissions to user accounts for accessing the site. By running the wizard, you’re able to run through this process quite easily. After the wizard is finished, you have a new file in your solution called Web.config (the configuration file that stores preferences related to the way the application runs on your server — see Chapter 2 for more details). If you look in the Web.config file stored in your Chapter04 folder, you will see the statements shown in Figure 4-18.
Notice that the <allow ... /> and <deny ... /> parts of the configuration file reflect the permissions that were set as part of the example. You can add and modify these statements yourself directly in the Web.config file by typing them in, or you can use the Administration Tool to streamline the process, whichever you prefer.
116
Membership and Identity
Figure 4-17
Figure 4-18
The LoginView control can do much more than display specific text to users depending on whether or not they’re logged in. In Chapter 11, you’ll see that this control can be used to change the appearance of a page entirely based on not just user identity, but also on roles. This control can contain text, HTML, or even other controls. The next Try It Out shows an example of this.
Personalization
The capability to personalize a site to reflect the preferences of the currently logged-in user is a great way to give a site a sense of community. Although you won’t be doing too much personalization in this
117