User Authentication & Role Management in ASP.NET 2.0 using Sql Server 2005: Part I


Hey, Guys do you remember how we used to authenticate the users logged into our applications.

One of the solutions is that, we used to write class files and maintain session id for each and every user who logged into our application. But things are not always the same.

Authenticating users and Role Management in ASP.NET 2.0 is much easier when compared to other technologies.

Here we need not create a session id for each and every user or I can say that we need not use session id for authenticating a user. All that care is been taken internally by the SQLServer itself.

The only thing you have to do is to configure that properly in order to get the efficient results.

Here I can give you a glance of how to configure your SQLServer for login authentications.

Initially if you don't use any tables in your application till now, the Server Explorer look similar to the one below.  (View --> server explorer)

 

You can see that the "Data Connections" in the Server Explorer which is at the left hand side of the window is empty and doesn't contain any tables or any of the data elements. This is how your Server Explorer looks if no database is connected to your application. In the later stages of this article, you can see the modifications to the "Data Connections".

Now let's see how to add a login page to your application.

Switch to the "Design View" of your form and drag and drop the login control from the tool box onto your form. This is how your form looks in design mode after doing that.

Now the real task lies in configuring your form to the database and to authenticate the users basing on their roles. And can you believe that you need not create any database or a table or a stored procedure to do that in ASP.NET 2.0.? That is why developers go crazy about the technologies like ASP.NET

Ok, now let's go to work and see how we can do that with a minimal work from the developers end.

If you right click on the "login control" which is been placed on your form, you can see an option "show smart tag". Click on that and you can see a thing similar to the one shown below. The one which you are seeing is called the "smart tag" and you can have that for every data object or data source you come across in ASP.NET 2.0.

So, as you can see the smart tag contains 3 options.

1. Auto format: This is where you can apply different existing themes to your login control.

2. Convert to template:  This is where you can change the login control as you wish.

For e.g. if you want to place a login image button instead of the normal login button control, you can do that by converting this to template.

3. Administer website: This is the thing which deals with your user authentication and role management.

Just click on the 3rd option, Administer web site and you can see the page similar to the one below.

This is called the "web site administration tool" where we can add a user, authenticate that user, add different roles to that user and make different parts of the application accessible/inaccessible to that role.

For e.g. if you don't want a normal user to view what the admin page contains, then you are done.

You can do the same thing in any of the technologies. But can you do it even without creating a single table and without writing a single line of code? Probably Not. But you should believe that you can do the same thing here.

 

In the website administration tool we have 3 aspects relating to the database.

  • Security
  • Application configuration
  • Provider configuration

Initially I will show you how to deal with "security". Then we can move on to the other things.

After clicking on the security link you will be directed to the security page where in you can find links like Users, Roles, and Access rules.

If you are doing this configuration for the first time it is suggestible to  use the link "Use the security Setup Wizard to configure security step by step" in the same page.

This is the wizard who helps you set up the user accounts and assign different roles and accessibility options for the users. After clicking on that link you will be directed to the wizard's home page which similar to the one below. The first page is the "welcome page" where you can have a brief description about the wizard. Click next without wasting much more time.

 

Step 2: Select Access Method:

 

Now you are in step 2 basically intended to select the type of network you are using.

If your application is been used on internet then select "from the internet".

If your application is typically used only in a LAN, then use "from the local area network".

Select the type of access method you require and then press next to continue with data store.

In the step 3 just press next and move onto step 4.

In step 4, check the "enable roles for this website" checkbox to enable roles to users and click next.

After clicking next, you will be asked to type the name of the role you want to provide for different users. Just type administrator and click Add Role button.

The window will look like the one below after successfully adding the role.
 
Step 4: Adding Roles.

 

If you want to add, another role you can do that now itself or you can manage that afterwards also.

Press next after you have done adding the required roles to your application.

E.g. for roles: administrator, users, anonymous users, guests etc...

Now you are in step 5, where in you set up your accounts for the users.

Just fill all the values and please remember that the password must be Password length minimum: 7. Non-alphanumeric characters required: 1. so your password must be similar to xxx_xxx.

Step 5:

After you are done with filling all the required fields press "Add User" and you will see a confirmation page similar to this. At any point of time if you want to modify the settings you made using web administration tool, you can press "back" to perform the operation.

For example after creating a user you want to add a role then simply press back and you page will be directed to the "Add Roles" page.

 

If you want to add another user then you click on "Continue" and do that and if you don't want to add another user name then click on "Next" at the bottom of the page.

Now you are in step 6, the place where you can make the accessibility options set for different roles.

Select the directory you want to make accessible/deny for a role.

Here I am allowing the administrator to access the complete site.

If you want to deny some folder to users, here is the place to do that.

For example, if you don't want your normal users to access the app_Code folder. Just select "app_Code" folder from the directory hierarchy and select role: user and then click on deny. After that just press "Add this Rule". (In the example I gave, we did not any other role except "administrator". so we cannot see any other role in the drop down box of Role. Any way you can add a new role if you want to add).

Step 7:

After you are done adding the rules then click on next and if you can view a page (step 7) similar to the one just above then Congrats, you are done with that.

This is how you can set the configurations for the login page itself by adding the users and their roles and the accessibility options for each and every user.

Press finish and you will be redirected to the web administrator page again. Just close/minimize this window and just observe your "Solution Explorer" to the right side of the window.

You can see a database added to your "App_Code" folder with the default name "ASPNETDB.MDF".

Now, observe the "Server Explorer" pane to the left side of the window.

If you expand the ASPNETDB.MDF connection in your "Server Explorer", you can find all the objects related to that connection. Now try logging with the user name and password you gave in step 5.

That's it; your application should work according to your role management.

We will see more about role management in my next publish.

Thank you all...

Continue...