DotNetStories
Membership in ASP.Net applications - part 3
This is the third post in a series of posts regarding ASP.Net built in membership functionality,providers,controls. You can read the first one post one here .
You can read the second post here. In this post I would like to investigate how to use the Membership class methods to achieve the same functionality we have with the login web server controls.The login web server controls live inside the .aspx pages and access the underlying abstract membership classes to perform the desired functionality. We can access them directly when we do not want to have our users logged in/authenticated through the Login web server control.Some people will say that there is no point to do that. Well, we might want to implement some sort of bussiness logic when the user is validated.
1) Launch Visual Studio 2005,2008/2010. Express editions will work fine. I am using Visual Studio 2010 Ultimate edition.
2) Create an empty asp.net web site. Choose an appropriate name.
3) Add an item to your website, a web form. Leave the default name.
4) Now go to the Visual Studio menu and choose Website->ASP.NET configurationYou will see a new web page loading. Refresh your solution in the Solution Explorerwindow. You will see the App_Data special folder added to your solution and inside the special folder you will see the ASPNETDB.MDF database.This is a SQL database.
5) Go back to your web configuration web page that was loaded when we clicked the Website->ASP.NET configuration.Choose Forms Authetication
6) Choose Security and enable roles. When you do that you will see changes in the web.config file. A new line will be added.<roleManager enabled="true" />7) Add a new role called e.g "friends".Now we must add some users to these roles.In the security tab (in the web environment), click "Create user". All this data is saved into the ASPNETDB.MDF database.
I created a new user and added him to the friends role. Make sure you use a strong password with 7 characters or more containing at least one non-alphanumeric character.
8) In the Default.aspx page I am going to use the LoginView control and the LoginStatus control.There are 2 templates,AnonymousTemplate and LoggedInTemplate. I place a LoginStatus control in the AnonymousTemplate.I place a LoginStatus control and the same LoginNamecontrol I had before in the LoggedInTemplate.
<asp:LoginView runat="server">
<AnonymousTemplate>
you are not logged in .
<br />
<asp:LoginStatus ID="LoginStatus1" runat="server" />
</AnonymousTemplate>
<LoggedInTemplate>
You are logged in, <asp:LoginName ID="LoginName1" runat="server" /><br />
<asp:LoginStatus ID="LoginStatus1" runat="server" />
</LoggedInTemplate>
</asp:LoginView>
9) So far we have the same steps as in the previous steps. Now we will add another web form to the site and name it Login.aspx.
We will not use the Login control.
We will add 2 textboxes, a button and a label on the Login.aspx. The markup looks like this
<form id="form1" runat="server">
<div>
Username<asp:TextBox ID="TextBox1" runat="server"></asp:TextBox><br />
Password<asp:TextBox ID="TextBox2"
runat="server" TextMode="Password"></asp:TextBox>
</div>
<p>
<asp:Button ID="Button1" runat="server" Text="Log in" Height="26px"onclick="Button1_Click" />
</p>
<asp:Label ID="Label1" runat="server" Text="Failed!!!!" Font-Bold="true" Visible="False"></asp:Label>
</form>
10) In the Button1_Click event handler routine type
if (Membership.ValidateUser(TextBox1.Text, TextBox2.Text))
{
FormsAuthentication.RedirectFromLoginPage(TextBox1.Text,false);
}
Label1.Visible=true;
I use the ValidateUser() method to verify that the supplied username and password are valid.Then redirect the authenticated user to the originally requested page.
Run your application and try to log in. Try first with the correct username and password. Then try with the wrong username or password.
11) Now we will add a new page to our site.I name it GetRoles.aspx. We will get the roles that already exist and add a new role.
12) We add a bulleted list control, a textbox control,a label control and a button control.The markup for the GetRoles.aspx looks like this.
<form id="form1" runat="server">
<div>
<asp:BulletedList ID="BulletedList1" runat="server">
</asp:BulletedList>
</div>
<asp:TextBox ID="TextBox1" runat="server"></asp:TextBox>
<p>
<asp:Button ID="Button1" runat="server" onclick="Button1_Click"Text="Create a new role" />
</p>
<asp:Label ID="Label1" runat="server" Text="Label"></asp:Label>
</form>
13) We create a simple void method to show the existing roles. We call this method from the Page_Load event handling routine.
The method looks like this
private void ShowRoles(){
BulletedList1.DataSource = Roles.GetAllRoles();BulletedList1.DataBind();
}
In the Page_Load event handling routine we just call the method
protected void Page_Load(object sender, EventArgs e){
if (!IsPostBack)
ShowRoles();
}
Run the application and see the role(s) you created earlier.
14) In the Button1_Click() event handling routine type,
if (Roles.RoleExists(TextBox1.Text) == false){
Roles.CreateRole(TextBox1.Text);Label1.Text = TextBox1.Text +
" :New role added";ShowRoles();
}
else
{
Label1.Text = TextBox1.Text +
"You cannot add this role because it exists in our database";}
Basically I am just using the various methods(RoleExists,CreateRole,GetAllRoles) of the Roles static class.
Run the application,create a new role and see the new role added.
15) Now we will add a new web form to the site and we will try to get the users that belong to a specified role.Name the new form UsersInRole.aspx
16) We will add a button, a dropdownlist and bulletedlist control
<form id="form1" runat="server">
<div>
</div>
<asp:DropDownList ID="DropDownList1" runat="server">
</asp:DropDownList>
<p>
<asp:Button ID="Button1" runat="server" Text="Button" onclick="Button1_Click" />
</p>
<asp:BulletedList ID="BulletedList1" runat="server">
</asp:BulletedList>
</form>
17) We will have a method that gets all the roles and bind them to the dropdownlist control.
private void ShowRoles(){
DropDownList1.DataSource = Roles.GetAllRoles();DropDownList1.DataBind();
}
In the Page_Load event handling routine we just call the method
protected void Page_Load(object sender, EventArgs e){
ShowRoles();
}
18) In the Button1_Click() event handling routine type, BulletedList1.DataSource=Roles.GetUsersInRole(DropDownList1.SelectedItem.Text.
ToString());BulletedList1.DataBind();
Run your application and select from the dropdown list the role and click the button to see the users in that role.
Hope it helps!!!