Login | Register   
Twitter
RSS Feed
Download our iPhone app
TODAY'S HEADLINES  |   ARTICLE ARCHIVE  |   FORUMS  |   TIP BANK
Browse DevX
Sign up for e-mail newsletters from DevX


advertisement
 

Using the New Security Controls in ASP.NET 2.0 : Page 3

ASP.NET 2.0 adds many security enhancements to make building Web sites that handle passwords (for example) much easier by providing encryption features in the controls right out of the box.


advertisement
Where Is the User's Information Stored?
So far you have seen how to create users using the WAT as well as using the CreateUserWizard control. You're probably wondering where this information is stored. If you now examine the Solution Explorer and refresh the App_Data folder (right-click on it and select Refresh Folder), you will see an item named ASPNETDB.MDF (see Figure 15).
 
Figure 15. ASPNETDB.MDF: Here's where you'll find the ASPNETDB.MDF database file in Solution Explorer.
 
Figure 16. Inside ASPNETDB.MDF: You can explore the ASPNETDB.MDF database in the Database Explorer pane.

The ASPNETDB.MDF is a SQL Server 2005 Express database that ASP.NET 2.0 uses by default to store application-related data such as user accounts, profiles, etc. To examine the database, double-click it and you'll see its content displayed in the Database Explorer (see Figure 16). Specifically, the aspnet_Membership and aspnet_Users tables will store the user accounts information that you have just created in the previous sections. To view the content of the tables, right-click on the table name and select Show Table Data.

One really nice feature of ASP.NET 2.0 is that there is no need to create custom databases to store your users' information. And you don't even need to worry about hashing the users' password to store them securely. ASP.NET 2.0 does this automatically for you. The Membership Provider Model—How it Works
ASP.NET 2.0 uses a new security model known as the Membership Provider Model. The Provider Model allows for maximum flexibility and extensibility by enabling developers to choose the way they add security features to their applications.

 
Figure 23. The Membership Provider Model: The figure shows the relationships between the controls discussed in this article and the various layers of the Membership Provider Model.
As an example of the extensibility of the Provider Model, consider the new set of Security (Login) controls which you have seen in this article. The controls, APIs, and providers that make up this new model are shown in Figure 23. At the top level are the various Web server controls such as the Login, LoginStatus, and LoginView controls. Underlying the controls are the APIs that perform the work required to implement their functionality. The Membership class takes care of tasks such as adding and deleting users, while the MembershipUser class is responsible for managing users' information such as passwords, password questions, and so on. The Membership APIs uses the Membership Providers to save—or persist, in today's jargon—user information in data stores. Visual Studio 2005 ships with one default Membership Provider: the SQL Server 2005 Express Membership Provider. The role of the Membership Provider is to act as a bridge between the Membership APIs and the data stores so that information can be persisted without requiring a developer to write the low-level code needed to access data.


If the provider supplied by Microsoft does not meet your needs, you can either extend them or simply write your own. For instance, if you want to save the membership information for your site in an XML document rather than a relational database (such as SQL Server), you can write your own provider to talk to the XML file.



Comment and Contribute

 

 

 

 

 


(Maximum characters: 1200). You have 1200 characters left.

 

 

Sitemap