لطفا منتظر باشید ...
Forms Authentication and Membership
The included forms authentication in v1.x of ASP.NET enables you to easily make a user appear logged in after you've verified his or her credentials. By simply calling the static method FormsAuthentication. SetAuthCookie(string name, bool saveLogin), a cookie is set that enables you to identify the user by name.
This mechanism does not provide a way to check the user's credentials. You still need to create some kind of plumbing and database code to make it work. The ASP.NET team apparently felt that this was more work than you should have to do, and as a result they created the Membership class. This class, new to v2.0 of ASP.NET, has a number of static methods that manage user accounts either through a Microsoft SQL Server 2005 database or through some other means as dictated by a provider.
The provider model is a design pattern that puts a specific data access layer between a particular class and a data store. For Membership and other built-in capabilities of ASP.NET v2.0, Microsoft has chosen SQL Server 2005 Express (a free product) as the default data store. Aside from being free, one of the greatest benefits of this product is that it enables you to deploy a database as a file, enabling xcopy deployment. This is significantly easier than using import and export methods to get your data from one place to another.
If you have SQL Server 2005 Express installed, when you use these methods, a database is created and placed in the application's /App_Data folder by default, and it's named ASPNetDB.mdf. You don't need to do anything elseit's done and ready to go! Table 11.1 provides a brief overview of these methods. Check the .NET documentation for a full list of parameters and return values.
Method | Description |
|---|---|
CreateUser() | Creates a new user in the data store. There are several overloads for this method. |
DeleteUser() | Deletes a user from the data store. A second overload indicates whether associated user data should be deleted. |
FindUsersByEmail() | Searches for users by email. A second overload enables the search results to be paged. |
FindUsersByName() | Same as above, except that the search is conducted against names. |
GeneratePassword() | A helper function to generate random passwords. |
GetAllUsers() | The mother of all user data collections. As with the searches, it can be paged. |
GetNumberOfUsersOnline() | Kind of a vanity function, but you can find out just how many users are on the site. |
GetUser() | Returns a MembershipUser object. Overloads vary from getting the current logged in user to one indicated by name. |
GetUserNameByEmail() | Does what the name implies. |
UpdateUser() | Persists changes made to a MembershipUser object to the data store. |
ValidateUser() | Checks user and password to find out if your user is legitimate. |
The core of user data manipulation involves the MembershipUser class. This class acts as a bucket to tie your user's basic data together, with properties Comment, CreationDate, Email, IsApproved, LastActivityDate and LastPasswordChangedDate, and read-only properties IsOnline, PasswordQuestion, Provider (gets a reference to the underlying Membership provider), UserId, and UserName. It also has the methods ChangePassword(), ChangePasswordQuestionAndAnswer(), GetPassword(), and ResetPassword().
The Membership system optionally uses a question-and-answer challenge to verify the identity of the user in the event that the user has lost his or her password. You've probably encountered this mechanism on some Web sites.Listing 8.7 did this for you by hitting the database (or the cache) from an HttpModule. So while that was a great example of an HttpModule, and very useful code in v1.x of ASP.NET, you won't need it if you're using v2.0 or later of ASP.NET. The Roles class, like the Membership class, has a number of static methods, shown in Table 11.2. Check the .NET documentation for a full list of parameters and return values.
Method | Description |
|---|---|
| Adds users to roles in different quantities of each. The plural varieties take string arrays as parametersi.e., AddUserToRoles() takes a user name string and anarray of role name strings. |
CreateRole() | Adds a role to the data store. |
DeleteCookie() | Deletes the user's cookie used to cache roles. |
DeleteRole() | Removes a role from the data store. An overload will throw an exception if users are still assigned to the role. |
FindUsersInRole() | Returns a string array of users in a role. |
GetAllRoles() | Returns a string array of all roles in the data store. |
GetrolesForUser() | Returns a string array of roles for a user. Without a parameter, it uses the logged in user. You can also pass in a user name. |
GetUsersInRole() | Returns a string array of users in a particular role. |
IsUserInRole() | A lot like User.IsInRole(), but this version has an overload to look up a user by name. |
| Deletes users from roles in different quantities of each The plural varieties take string arrays as parameters i.e., RemoveUserFromRoles() takes a user name string and an array of role name strings. |
RoleExists() | An easy way to see if a role already exists in the data store. |
