Dr. Dobb's is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


Channels ▼
RSS

.NET

ASP.NET 2.0's Membership API

By Dino Esposito, June 07, 2006

Forms authentication in ASP.NET 2.0 benefited from the introduction of the membership API, which provides a set of classes to let you manage users and roles
Forms Authentication is one of the ASP.NET features that didn't go through a significant reworking in ASP.NET 2.0. At its core, you still define a login page to collect credentials, handle a button click, and check credentials against a data store. If credentials are valid, you then redirect the user to the originally requested page and attach properly encrypted credentials to the HTTP request via cookies or URL. 'Although the core functionality is nearly identical, the same can't be said for the plumbing. The login page, for example, can be written much more simply by using login controls. Note that by using a built-in control, you don't lose any key functionality, but you also gain free functions that might be tricky to code. For example, the "Remember Me" feature. Login pages built using ready-made login controls are codeless or, more precisely, don't strictly require any code to support base and common features. How are credentials checked? Isn't this a detail specific of a given application? How can a stock control know about that?

The most notable change to Forms authentication in ASP.NET 2.0 is the introduction of a complementary API—the membership API. The membership API provides a set of classes to let you manage users and roles. Partnered with the FormsAuthentication class, the new Membership and Roles classes form a complete security toolkit for ASP.NET developers. The Membership class supplies methods to manage user accounts—checking credentials, adding or deleting a new user and editing any associated user information such as e-mail address and password. The Roles class creates and manages associations between users and roles.

The membership API doesn't bind you to a fixed data store and data scheme. It leaves you free to choose any data store and scheme you want, but it binds you to a fixed API instead through which users and roles are managed. The membership API shields you from the details of how the credentials and other user information are retrieved and compared. It is based on providers and delegates to the selected provider the implementation of all the features defined by the API itself.

The Membership class defaults to a provider that stores user information to a SQL Express database in a predefined format. The default database is named aspnetdb.mdf and is created by the Web Site Administration Tool (WSAT) from within Visual Studio 2005. You should note that the database is not specifically for forms authentication but is designed to contain tables for a variety of ASP.NET customizable features including user profiles and Web Parts.

To use a custom data store such as an Active Directory or a personal database, you need to register the provider in the configuration file. ASP.NET 2.0 comes with a built-in provider for ActiveDirectory; if you wish to use a custom database or, more likely, you have an existing database with user credentials to reuse all that you have to do is creating your own membership provider and just plug it in. Creating a membership provider is as easy as deriving a new class from MembershipProvider and override a few members to implement the operations you need. Easy and effective.


Related Reading

News

Commentary

Slideshow

Video

Most Popular

More Insights

White Papers

More >>

Reports

More >>

Webcasts

More >>
INFO-LINK




Currently we allow the following HTML tags in comments:

Single tags

These tags can be used alone and don't need an ending tag.

<br> Defines a single line break

<hr> Defines a horizontal line

Matching tags

These require an ending tag - e.g. <i>italic text</i>

<a> Defines an anchor

<b> Defines bold text

<big> Defines big text

<blockquote> Defines a long quotation

<caption> Defines a table caption

<cite> Defines a citation

<code> Defines computer code text

<em> Defines emphasized text

<fieldset> Defines a border around elements in a form

<h1> This is heading 1

<h2> This is heading 2

<h3> This is heading 3

<h4> This is heading 4

<h5> This is heading 5

<h6> This is heading 6

<i> Defines italic text

<p> Defines a paragraph

<pre> Defines preformatted text

<q> Defines a short quotation

<samp> Defines sample computer code text

<small> Defines small text

<span> Defines a section in a document

<s> Defines strikethrough text

<strike> Defines strikethrough text

<strong> Defines strong text

<sub> Defines subscripted text

<sup> Defines superscripted text

<u> Defines underlined text

Dr. Dobb's encourages readers to engage in spirited, healthy debate, including taking us to task. However, Dr. Dobb's moderates all comments posted to our site, and reserves the right to modify or remove any content that it determines to be derogatory, offensive, inflammatory, vulgar, irrelevant/off-topic, racist or obvious marketing or spam. Dr. Dobb's further reserves the right to disable the profile of any commenter participating in said activities.

 
Disqus Tips To upload an avatar photo, first complete your Disqus profile. | View the list of supported HTML tags you can use to style comments. | Please read our commenting policy.
 

.NET Recent Articles

Most Popular

Stories Blogs

Upcoming Events



Most Recent Premium Content

Digital Issues