ASP.NET Managing Membership and Roles

ASP.NET Managing Membership and Roles

In this tutorial you will learn about Anonymous Users, Managing Membership and Roles, The Programming Interface - Properties and Methods, Setting up the Membership, The Membership Provider, The ProviderBase Class, The MembershipProviderBase Class, Managing Roles, The Role Class and The Role Provider.

Anonymous Users

Before actually moving into the topic of creating roles and managing users, we need to talk on how to deal with Anonymous users ASP.NET 2.0. The Beta version provides a new feature that assigns an identity to the anonymous users. The authentication and authorization process of the application is not impacted. It merely gives a handle to track this user and assign personalization properties to him.

The Anonymous User’s ID is stored in a Cookie, but the membership system does not treat him as logged in. If the user’s browser does not accept cookies, the identification cannot be embedded in the URL requested class. This ID is generated by the HTTP module and the properties of the cookie are determined by the configuration settings.

< anonymous identification enabled= “true|False” / >

The Module fires two events—Create and Remove which are used for creating and removing the anonymous user. The name of the user can be retrieved using the User object from the HTTP context. The user name is returned by the context.

String name=HttpContext.Current.User.Identity.Name;

The Logoff button would be a plain submit button or the developer could use the Login view control and other controls to enhance user experience.

If the anonymous user later registers and logs in, he is treated as a regular authenticated user and his personalization properties are migrated to his identity in the application.

Managing Membership and Roles

This is an aspect of a web based application that demanded a lot of coding skills and thinking through by the developer. He had also to do a lot of repetitive hard coding to ensure that memberships and roles are properly defined and the administrator has the right tools to administer these roles. This has been made extremely simple by ASP.NET 2.0. The new Membership class of ASP.NET 2.0 reduces the amount of code to be written considerably and provides the infrastructure for managing roles. The user authentication can be completed by calling the ValidateUser function to do the task. All the developer needs to do is to ensure that he has obtained the right data provider and has rightly configured the users’ data store.

The membership class is a neat and elegant API that masks the backend functionalities and processes from the developer. It contains a few static methods that can be used to obtain unique identity for each connected user. This information can be used with other services such as role based function enabling and personalization.

The membership class also provides methods for update, create and delete users but no methods for programmatically setting roles and giving rights to users. It works on top of the data provider –even custom defined ones. Multiple providers can also be used and the application must be set to select the right one at runtime.