Maximizing.ASP.dot.NET.Real.World.ObjectOriented.Development [Electronic resources] نسخه متنی

Authentication Controls

As impressive as the Membership and Roles classes are, ASP.NET v2.0 also ships with a number of authentication controls that make life easier by helping you manipulate user data and page elements based on the providers.

The first and arguably most useful of the authentication controls is the Login control. This is a composite control that takes user name and password input to authenticate and log in a user. Under the covers, it calls Membership.ValidateUser(), and if the user input matches the values in the data store (as determined by the MembershipProvider), FormsAuthentication.SetAuthCookie() is called, and the user is logged in.

This composite control is rendered by placing just one control in your page with <asp:Login ID="Login1" Runat="server" />. A vast array of properties enables you to customize everything from the text to the colors and validation. Everything else is taken care of for you. Figure 11.3 shows the rendered control in the browser.

The LoginName control simply outputs the name of the currently logged in user. Displaying it in the page requires only <asp:LoginName ID="LoginName1" Runat="server" />. It has a FormatString property that will let you add in extra text. If no user is logged in, it doesn't display anything.

The LoginStatus control is basically the counterpart of the Login control. It's added to the page with <asp:LoginStatus ID= "LoginStatus1" Runat="server" />. When a user is not logged in, it provides a link to the login page specified in the loginUrl attribute of the forms element (located within the authentication section) of web.config. When the user is logged in, it provides a LinkButton that says "Logout" that will call FormsAuthentication.SignOut() and remove the auth cookie of the user. This control also has a number of properties that enable you to alter the text and style of the rendered elements.

The LoginView control uses templates to display content based on the user's login status or role. This is useful to show a user only the content that he or she should see. Listing 11.10 shows how straightforward this control is to use.

Listing 11.10. Using the LoginView control

<asp:LoginView ID="LoginView1" Runat="server">
<AnonymousTemplate>
Unknown user
</AnonymousTemplate>
<LoggedInTemplate>
Logged in user
</LoggedInTemplate>
<RoleGroups>
<asp:RoleGroup Roles="Admin">
<ContentTemplate>A user in the Admin role</ContentTemplate>
</asp:RoleGroup>
<asp:RoleGroup Roles="Moderator">
<ContentTemplate>A user in the Moderator role</ContentTemplate>
</asp:RoleGroup>
</RoleGroups>
</asp:LoginView>

The PasswordRecovery control is probably the most complex of the bunch but also the most powerful. This control provides user interface elements that enable the user to change or receive his or her password by email, depending on the settings of the provider. In the first step, it asks for the user's name. In the second step, it asks for the answer to the user's question, if it's enabled. The third part is a confirmation that the password was sent or reset, again depending on the values set for the MembershipProvider.