Configuration SQL Server for remote connection

Configuration SQL Server for remote connection

------------------------------------------------------------------------------------------------

When you try to connect to an instance of SQL Server 2005 form a remote machine, you may receive the following error message.

"An error has occurred while establishing a connection to the server. When connecting to SQL Server 2005, this failure may be caused by the fact that under the default settings SQL Server does not allow remote connections."

Steps 1: Make sure that Remote Connections are enabled in Surface Area Configuration tool

Click Start -> Programs -> SQL server 2005 -> Configuration Tools - > SQL Server Surface Area Configuration

Now you will be able to see the following window

Now choose the first option there "Surface area Configuration for services and Connections"

Make sure that you choose the Right "SQL server instance at the Left Pane". As you can see from the above picture

.Select Database Engine->Remoteconnection->Using both TCP/IP and named pipes .like above picture .

Click on Apply button, you can see a warning message saying that you need to restart the Service.

STEP 2 : Check Whether TCP/IP protocol is enabled in the SQL Server Configuration Manager

Click Start -> Programs -> SQL server 2005 -> Configuration Tools - > SQL Server Configuration Manager

Now check whether "TCP/IP" is enabled, if not, double click on "TCP/IP" and choose "Yes" to enable it .

STEP 3: Make sure that SQL server Browser service is running

Click on the "SQL Server 2005 Services", on the left pane, and check "SQL server Browser" i running ? if not right click on that service and start. Or else choose properties and make the service to be run as "Automatic"

Now you are permitted to start "SQL server Browser"

start your service shown in figure .

Thnx All.

Create Manual New Role in ASP.NET

Create Manual New Role in ASP.NET
---------------------------------------------------------------------------------------------------
Design a login control using lebel,texbox and botton.


then write code in button Event

Roles.CreateRole(txt_addrole.Text);

Create Manual NewUser in ASP.NET

Create Manual NewUser in ASP.NET
---------------------------------------------------------------------------------------------------
Design a login control using lebel,texbox and botton.

then write code in button Event

MembershipCreateStatus membershipCreateStatus;
string providerIdKeyString = string.Empty;

MembershipUser newuser = Membership.CreateUser(txt_username.Text, txt_repassword.Text, txt_reemail.Text, dpd_question.Text, txt_answer.Text, true, out membershipCreateStatus);

switch (membershipCreateStatus)
{
case MembershipCreateStatus.Success:

ErrorStatus.Text = "The user account was successfully created!";
Roles.AddUserToRole(txt_username.Text, "reguser");
break;
case MembershipCreateStatus.DuplicateUserName:
ErrorStatus.Text = "That username already exists.";
break;
case MembershipCreateStatus.DuplicateEmail:
ErrorStatus.Text = "A user with that Email address already exists.";
break;
case MembershipCreateStatus.InvalidEmail:
ErrorStatus.Text = "PLease enter a VALID email address.";
break;
case MembershipCreateStatus.InvalidAnswer:
ErrorStatus.Text = "The security answer is not valid";
break;
case MembershipCreateStatus.InvalidPassword:
ErrorStatus.Text = "The password entered is invalid. PLease enter a passoword with at least 7 cahacters and one non-alphanumeric.";
break;
default:
ErrorStatus.Text = "Unknown Error: Account NOT created.";
break;

}

Create Manual Login in ASP.NET

Create Manual Login in ASP.NET
--------------------------------------------------------------------------------------------------

Design a login control using lebel,texbox and botton.


then write code in button Event

if(Membership.ValidateUser(txtUserName.Text.ToString(), txtPassword.Text.ToString()))
{
FormsAuthentication.SetAuthCookie(txtUserName.Text, remember.Checked );
Response.Redirect("~/Default.aspx");

}
else{
ErrorMgs.Text = "Invalid User Id or password";
}

How to add a Login, Roles and Profile system to an ASP.NET 2.0 app in only 24 lines of code

How to add a Login, Roles and Profile system to an ASP.NET 2.0 app in only 24 lines of code

---------------------------------------------------------------------------------------

I’ve seen a few questions in the forums lately looking for examples on how to use the CreateUserWizard control to create new users in the ASP.NET 2.0 membership system, and then as part of the registration process assign the new user into custom roles and/or collect and store custom profile properties about them (country, address, gender, zipcode, etc).

Stefan from my team had a cool CreateUserWizard control sample that I borrowed and expanded upon to build-up a sample that demonstrates how to build a fairly common user management, roles and personalization system in ASP.NET 2.0 that does this. I was pleasantly surprised to find it only took about 25 lines of C# code in the entire app. J

The sample comes with 6 pages:

Specifically it supports:

1) Login support to enable registered users to login to the web app using forms auth and the new membership system (login.aspx)

2) Registration support to enable visitors to create and register new users in the membership system (CreateNewWizard.aspx)

3) Profile support that enables the site to gather information about the user on registration, and for the users to see that information on a profile page (MyProfile.aspx).

4) Change Password support to enable registered users to change their password in the membership system (ChangePassword.aspx)

5) Password Recovery support to enable users to reset their password if they forgot them (RecoverPassword.aspx)

You can download and run the sample yourself from here. Note that it is built with the final release of VS 2005 and ASP.NET 2.0 – so it won’t work with Beta2 (although it will probably work with the RC).

Implementation Notes on CreateNewWizard.aspx and MyProfile.aspx:

Only two of the above pages (CreateNewWizard.aspx and MyProfile.aspx) have code in them. The others use the built-in Login controls in V2 to-do everything (asp:login, asp:passwordrecovery, asp:changepassword).

CreateNewWizard.aspx is the most interesting page. It uses the built-in server control to-do most of the heavy lifting and has two templated wizard steps defined within the wizard:

wizard step 1: gathering user-account data

The control handles gathering up the user-account, email, password, and password recovery/answer data and then calling into the ASP.NET 2.0 membership system to register the new user. You simply have to override the control’s template and customize the control layout to have things look how you want.

The sample is using the ASP.NET validation controls to perform client-side validation on the inputs as well within the template (example: making sure passwords match, the age is a valid integer, etc). One added benefit in ASP.NET 2.0 is that these validation controls now support client-side validation for FireFox and other modern browsers (note: all screenshots were done using FireFox).

There are then three additional properties (their country, gender and age) that I wanted to gather up about the new user as part of the registration process. Doing this was pretty easy using the new ASP.NET 2.0 Profile system – simply add their definitions within the tag of the web.config file to register them and store their values in the new profile system:

<profile enabled="true">

<properties>

<add name="Country" type="string"/>

<add name="Gender" type="string"/>

<add name="Age" type="Int32"/>

properties>

profile>

I then handled the “CreatedUser” event on the CreateUserWizard control within my CreateNewWizard.aspx.cs code-behind file to retrieve the values from the controls within the CreateUserWizard control template and set them in the profile store:

// CreatedUser event is called when a new user is successfully created

public void CreateUserWizard1_CreatedUser(object sender, EventArgs e) {

// Create an empty Profile for the newly created user

ProfileCommon p = (ProfileCommon) ProfileCommon.Create(CreateUserWizard1.UserName, true);

// Populate some Profile properties off of the create user wizard

p.Country = ((DropDownList)CreateUserWizard1.CreateUserStep.ContentTemplateContainer.FindControl("Country")).SelectedValue;

p.Gender = ((DropDownList)CreateUserWizard1.CreateUserStep.ContentTemplateContainer.FindControl("Gender")).SelectedValue;

p.Age = Int32.Parse(((TextBox)CreateUserWizard1.CreateUserStep.ContentTemplateContainer.FindControl("Age")).Text);

// Save profile - must be done since we explicitly created it

p.Save();

}

Because the user is being created as part of this step, I explicitly choose to create a new Profile object in code (note that I was passing in the CreatedUserWizard1.UserName property as the username – since the user isn’t logged into the system yet). I then accessed the controls within the template of the control, pulled out their values, and stuck them within the newly created profile. Calling p.save at the end registered this profile with the new username. (note: I’ll walk through how we use this profile data later in a page below).

wizard step 2: picking roles

After the user fills out the first step of registration information and clicks the next button, the user is created, the CreatedUser event fires, and we fill in the appropriate information about the user into the profile store.

The control then displays the second step template we’ve defined. This template lists all of the roles currently created in the ASP.NET Role Management system, and allows the user to select which roles they belong to:

Note that you’d typically never assign roles to an end-user this way (instead you’d add your own logic to somehow calculate which role they belong in), but I thought this scenario was cool nonetheless which is why it works like the sample above.

I think it is cool because of the way we populate and access these roles in the template of the . Basically, we have a template definition to the .aspx like this:

<asp:WizardStep runat="server" AllowReturn="False"

OnActivate="AssignUserToRoles_Activate"

OnDeactivate="AssignUserToRoles_Deactivate">

<table>

<tr>

<td>

Select one or more roles for the user:

td>

tr>

<tr>

<td>

<asp:ListBox ID="AvailableRoles" runat="server"

SelectionMode="Multiple" >

asp:ListBox>

td>

tr>

table>

asp:WizardStep>

It simply contains a control named “AvailableRoles”. When this wizard step is loaded (after the user hits the next button on the first step in the wizard), it will fire the “OnActivate” event. We can use this to databind the list of all roles in the system to the above listbox. When the user hits next again, the wizard will fire the “OnDeactivate” event. We can then use this to determine which roles were selected in the above listbox, and use them to update the role-manager system.

The code to-do both of these actions looks like this:

// Activate event fires when user hits "next" in the CreateUserWizard

public void AssignUserToRoles_Activate(object sender, EventArgs e) {

// Databind list of roles in the role manager system to listbox

AvailableRoles.DataSource = Roles.GetAllRoles(); ;

AvailableRoles.DataBind();

}

// Deactivate event fires when user hits "next" in the CreateUserWizard

public void AssignUserToRoles_Deactivate(object sender, EventArgs e) {

// Add user to all selected roles from the roles listbox

for (int i = 0; i <>

if (AvailableRoles.Items[i].Selected == true)

Roles.AddUserToRole(CreateUserWizard1.UserName, AvailableRoles.Items[i].Value);

}

}

That is all of the code for the CreateNewWizard.aspx.cs file – 17 lines total if you omit comments and whitespace (if my count is right).

Next Step: Displaying User Profile Data

The only other page in this scenario that required me to add code was the MyProfile.aspx page. This page looks like this:

The page itself was pretty simple to implement. I simply added a few asp:label controls on the page, as well a listbox for the roles. Populating these controls with the profile and role information involved added a Page_Load event with 7 lines of code like so:

protected void Page_Load(object sender, EventArgs e) {

Country.Text = Profile.Country;

Gender.Text = Profile.Gender;

Age.Text = Profile.Age.ToString();

RoleList.DataSource = Roles.GetRolesForUser(User.Identity.Name);

RoleList.DataBind();

}

Note that the profile object is strongly typed – which means profile properties will get statement completion and compilation checking in VS 2005 with it. I can also then query the role management system to retrieve an array of all the roles the current user belongs to and then databind this to the listbox control.

Since the MyProfile.aspx page requires a user to be logged in (otherwise retrieving profile information about them doesn’t make a lot of sense), I also added a based authorization control tag in my web.config file:

<location path="MyProfile.aspx">

<system.web>

<authorization>

<deny users="?"/>

<allow users="*"/>

authorization>

system.web>

location>

This is the same configuration I would have added in ASP.NET V1.1 – and basically tells the system to deny all users who aren’t logged in (the ? = anonymous), and then allow all users who are logged in (the * = all).

Those who aren’t logged in will get automatically re-directed to the login.aspx page. The control can be used there to allow users who have already registered to log-in without the developer having to write any custom code.

Summary

Hopefully this walks-through a fairly common real-world web app scenario and explains how it can be easily done in ASP.NET 2.0. The ASP.NET 2.0 Membership, Role and Profile system (especially when combined with the new login controls) pack a lot of productivity power.

What is really nice is that they are all built on the new ASP.NET 2.0 provider model. Our of the box ASP.NET ships built-in providers that provide Membership, Roles and Profile storage inside SQL Express, SQL Server and Active Directory stores (the later for Membership and Roles only). What is even better is that you can replace any of these implementations using a custom provider that you either buy or build yourself (see this blog post for more details on how to-do this). Replacing a provider in ASP.NET 2.0 simply involves changing a value in a web.config file – the above code sample will work regardless of what provider was plugged in (LDAP, Oracle, DB2, Custom SQL Table Schema, File-System, etc).

Note: Copyright of this article is Scott. programmer of Microsoft.

Creating Custom Membership and Role Providers

Introduction

In the Part 1 and Part 2 we learnt the concept and internal architecture of ASP.NET provider model. We know that the provider model is extensible and one can implement custom providers to suit his requirement. In this part we will develop two custom providers - one for membership and the other for roles.

Why develop a custom membership and role provider?

Well. There can be many reasons. Here are few:

• You have custom data store (not SQL Server or Access) in which you want to store user data.
• You are using some non-standard database for which there is no inbuilt membership or role providers.
• You want to implement custom encryption mechanism for the data being saved and retrieved
• You want to write database independent membership and role provider

One more reason that I have not listed in the above list is - You may want to use your own table schema instead of using inbuilt one. At first glance it may look odd but it can be a great way to save your work while migrating applications.

Requirements

Let's decide the requirements for building our custom membership and role providers.

• We want to use our application database for storing membership and role information. That also means that we do not have a central database for storing membership details of multiple applications
• We want to store membership details in a table called Users
• We want to store available roles in the system in a table called Roles
• We want to store user-role mapping in a table called UserRoles
• For the sake of simplicity we will not include any encryption-decryption logic
• User can register by supplying user name, password and email. No security question is required
• We do not need features such as password reset and accounting locking

Database access

We will be using BinaryIntellect DatabaseHelper open source component for all our database access.

Creating the Web Site

To begin, create a new web site and add two classes called MyMembershipProvider and MyRoleProvider to App_Code folder. For the sake of simplicity we will be creating all the necessary classes in the web site itself. In a more real world situations you may create a separate class library project to contain these classes.

Configuring the web site to use our providers

Open the web.config file and add the following markup:

type="MyMembershipProvider"
connectionStringName="connstr"/>

 

type="MyRolesProvider"
connectionStringName="connstr"/>

Here, we instruct ASP.NET to use MyMembershipProvider class as membership provider and MyRolesProvider class as roles provider.

Creating custom membership provider

Recollect from Part 2 that custom membership providers need to inherit from System.Web.Security.MembershipProvider class. The MembershipProvider class in turn inherits from ProviderBase class. The MembershipProvider class contains several abstract methods that you must implement in your class.

If you are using VS.NET then your job is simple. Right click on the MembershipProvider class in the class definition line and choose "Implement Abstract Class". VS.NET will add dummy delimitations for all the required methods and properties from the MembershipProvider class. The following table lists all the properties and methods that you need to implement (methods are shown with parenthesis).

Property/Method Name	Description
Initialize()*	Receives the connection string name specified in the web.config file. You can use it to perform database operation in your class.
Name*	Represents name of our custom provider
CreateUser()*	Creates a user
UpdateUser()*	Saves modified information about an existing user
DeleteUser()*	Deletes a user
GetUser()*	Gets a user as MembershipUser instance
GetAllUsers()*	Gets all the users as MembershipUserCollection
ChangePassword()*	Changes password of a user
GetPassword()*	Retrieves password of a user. Used when implementing "Forgot Password" feature
ValidateUser()*	Authenticates the user
EnablePasswordReset*	Indicates whether the password can be reset by the user
EnablePasswordRetrieval*	Indicates whether the password can be retrieved by teh user
RequiresQuestionAndAnswer*	Indicates whether user should supply a security question and answer during registration
RequiresUniqueEmail*	Indicates whether the email supplied during registration should be unique
ApplicationName	Name of the web application. This name is used in case you are using a central database for storing membership data of multiple applications
MaxInvalidPasswordAttempts	Indicates the number of times user can try to login to the system
MinRequiredNonAlphanumericCharacters	Indicates minimum no. of non alpha numeric characters that the user must supply during registration and password change
MinRequiredPasswordLength	Indicates the minimum length required for the password when user registers or changes the password
ChangePasswordQuestionAndAnswer()	Allows to change user's security question and answer
FindUsersByEmail()	Searches user database on the basis of email
FindUsersByName()	Searches user database on the basis of user name
GetNumberOfUsersOnline()	Returns total no. of uses that are signed in
GetUser()	Returns MembershipUser instance representing a specific user
GetUserNameByEmail()	Returns the user name on the basis of email
PasswordAttemptWindow	Indicates the time span for multiple login attempts
PasswordFormat	Indicates the format of password e.g.clear, hashed etc.
PasswordStrengthRegularExpression	Indicates a regular expression to be used to check the strength of password
ResetPassword()	Resets the password
UnlockUser()	Unlocks the user account

In our example we will code the methods and properties marked with * above. The remaining members will simply throw a "Not implemented" exception.

The complete source code of our custom membership provider can be found in the download (MyMembershipProvider.cs). As an example CreateUser() method implementation is given below:

public override MembershipUser CreateUser
(string username, string password,
string email, string passwordQuestion,
string passwordAnswer, bool isApproved,
object providerUserKey,
out MembershipCreateStatus status)
{
MembershipUser user = new MembershipUser(Name,
username, providerUserKey, email, passwordQuestion,
null, isApproved, false, DateTime.Now, DateTime.Now,
DateTime.Now, DateTime.Now, DateTime.Now);
string sql = "INSERT INTO USERS(USERNAME,PASSWORD,
EMAIL,ISACTIVE) VALUES(@UID,@PWD,@EMAIL,@ISACTIVE)";
db.AddParameter("@UID", username);
db.AddParameter("@PWD", password);
db.AddParameter("@EMAIL", email);
db.AddParameter("@ISACTIVE",
(isApproved == true ? "Y" : "N"));
int i = db.ExecuteNonQuery(sql);

if (i > 0)
{
status = MembershipCreateStatus.Success;
return user;
}
else
{
status = MembershipCreateStatus.ProviderError;
return null;
}
}

Creating custom roles provider

Creating custom roles provider involves creating a class that inherits from RoleProvider class. The following table lists all the properties and methods that you need to implement (methods are shown with parenthesis).

Property/Method Name	Description
Initialize()*	Receives the connection string name specified in the web.config file. You can use it to perform database operation in your class.
Name*	Represents name of our custom provider
CreateRole*	Create a new role
DeleteRole*	Deletes an existing role
GetAllRoles*	Returns all roles as string array
RoleExists*	Checks if role exists in the database
AddUsersToRoles*	Adds users to specified roles
RemoveUsersFromRoles*	Removes users from specified roles
GetRolesForUser*	Returns all the roles for a specific user
GetUsersInRole*	Returns all the users belonging to a specified role
IsUserInRole*	Checks if a user exists in a specified role
ApplicationName	Name of the web application. This name is used in case you are using a central database for storing membership data of multiple applications
FindUsersInRole	Searches for users belonging to a specified role

In our example we will code the methods and properties marked with * above. The remaining members will simply throw a "Not implemented" exception.

The complete source code of our custom membership provider can be found in the download (MyRolesProvider.cs). As an example CreateRole() method is given below:

public override void CreateRole(string roleName)
{
db.AddParameter("@ROLE", roleName);
db.ExecuteNonQuery
("INSERT INTO ROLES(ROLENAME) VALUES(@ROLE)");
}

Testing our providers

There are four test web forms provided along with the download - Default.aspx, Login.aspx, RoleManager.aspx and UserRoles.aspx. The first two test the membership provider and the later two test the roles provider. We use essentially the same Membership and Roles classes of ASP.NET. These classes in turn call our custom provides to get the job done.

Summary

In this article we saw how easy it is to develop your own providers for membership and role management. You can extend the application to suit your needs. You can also add more security features such as encryption and password strength.

Note : this article is collected from the website all right reserved BinaryIntellect Consulting.

Implementing Role Based Security in ASP.NET

Introduction

ASP.NET allows three main ways to authenticating the user of the application. They are - Windows Authentication, Forms Based Authentication and Passport Authentication. Out of these three Windows and Forms authentications are most commonly used for intranet and internet applications respectively. Authentication involves validating that the user is what he claims to be. In many applications this is not just enough. You also need to grant access rights to the user based on his category. This process is referred to as authorization. The category I just mentioned is nothing but the role of the user. In this article we will see how to use Windows as well as Custom roles to authorize users of your application.

What are Principals, Roles and Identities?

Identities

Identities are nothing but the users of your application and allow you to obtain information about that user. The classes (GenericIdentity and WindowsIdentity) and interfaces (IIdentity) required for working with Identities reside in the System.Security.Principal Namespace.

Roles

A role is nothing but a set of access rights that is assigned to the user. One user may have one or more roles. You must be familiar with Windows roles such as Administrator and Guest.

Principals

A Principal is combination of the identity and role(s) of the user. The classes and interfaces related to Principals (GenericPrincipal, WindowsPrincipal and IPrincipal) can be found in System.Security.Principal Namespace.

When to authorize a user?

Note that you should authorize a user only after authenticating. The Request.IsAuthenticated property tells you whether the user is authenticated or not. You should check this in Application_AuthenticateRequest event handler in Global.asax. This event is fired for each request at the time of authenticating the user. If the user is already authenticated by windows or forms authentications then you follow above steps

Authentication in ASP.NET

ASP.NET provides three ways to authenticate your users. They are:

• Windows
• Forms
• Passport

Out of these three the first two are commonly used in ASP.NET applications.

Role based security and Windows Authentication

When you use Windows authentication to authenticate a user, you also have roles for that user based on its Windows group. For example, a user User1 might belong to group Administrators and the same role can be used in ASP.NET applications. You can check whether a user belongs to a particular role or not you need to write something like this:

if(User.IsInRole("BUILTIN\Administrators")
{
  //display all options
}
else
{
  //display limited options
}

Here, the IsInRole() method is used to check whether a given user has a given role. Note how we used BUILTIN for local users. If you are authenticating domain users you may write something like MYDOMAIN\Administrators. Also, note that here we didn't created any identity or principal object ourselves. Windows and ASP.NET automatically did that for us.

Role based security and Forms authentication

If you are authenticating users via Forms authentication then you need to take care of some extra steps. These steps are:

• Create a user identity
• Create an array of roles
• Create a principal based on user identity and list of roles
• Attach the principal to the current authenticated user

Create a user identity

User identity is represented by a class that implements IIdentity interface. .NET comes with a class GenericIdentity that is a simple implementation of IIdentity interface. Here, we will create a user identity using GenericIdentity class.

GenericIdentity gi=new GenericIdentity(User.Identity)

Here, we used the same identity object as created by forms authentication (User.Identity) but you can use your own ideality instead.

Create an array of roles

Next, we need to create an string array containing roles to which the user belongs.

string[] roles={"clerk","manager"};

Create a principal based on user identity and list of roles

We will now create a principal based on the identity and role information that we have. .NET provides a class called GenericPrincipal that represents a simple implementation of IPrincipal.

GenericPrincipal gp=new GenericPrincipal(gi,roles);

Attach the principal to the current authenticated user

Finally, we need to attach the principal we just created to the ASP.NET application. The way you do this is as follows:

Context.User = gp;

Here, Context.User represents the current principal of the application. You are replacing it with your own principal (gp). Note that code for all above steps will typically go in Application_AuthenticateRequest event handler inside Global.asax.

Authorizing the user

Once you have done this, authorizing a user is same as in Windows authentication.

if(User.IsInRole("manager")
{
  //display all options
}
else
{
  //display limited options
}

Summary

In this article we saw how to add role based security to your ASP.NET applications. using IIdentity and Iprincipal interfaces you can create your custom implementation or you can use GEnericIdentity and GenericPrincipal classes. Once you set a custom principal to the user you can use user.IsInRole() method to check whether user belongs to the specified role or not.

User Administration Tool -Part 3

Introduction

In Part 2 of this series we covered user management features. This final part will deal with role management and profile management.

Managing roles

The case for Role management option is shown in Figure 14.

...
case "Roles":
string[] roles = Roles.GetAllRoles();
FillControlsWithRoles(roles);
string[] userroles = Roles.
GetRolesForUser(user.UserName);
foreach (string s in userroles)
{
ListItem li = CheckBoxList1.Items.FindByValue(s);
if (li != null)
li.Selected = true;
}
MultiView1.ActiveViewIndex = 3;
break;
...

Figure 14: Case for Roles

The code gets a list of all the roles defined in the system by calling GetAllRoles() method of the Roles object. The returned roles are supplied as a parameter to a method called FillControlsWithRoles(). This method is discussed shortly and simply fills the CheckBoxList and DropDownList with the roles. The code then proceeds to retrieve a list of roles belonging to the user. This is done by calling GetRolesForUser() method of the Roles object. The for loop iterates through the array of roles returned by the GetRolesForUser() method and checks those roles in the CheckBoxList. Finally ActiveViewIndex property of the MultiView is set to 3.

The Role Management panel allows the administrator to perform in all three tasks � user to role mapping, role creation and role deletion. Once the administrator assigns or removes roles to a user he needs to click on the Update User Roles button. The Click event handler of the Update User Roles button is shown in Figure 15.

protected void Button10_Click(object sender,
EventArgs e)
{
MembershipUser user = Membership.GetUser
(ViewState["username"].ToString());

foreach (ListItem li in CheckBoxList1.Items)
{
if (li.Selected)
{
if (!Roles.IsUserInRole(user.UserName, li.Value))
{
Roles.AddUserToRole(user.UserName, li.Value);
}
}
else
{
if (Roles.IsUserInRole(user.UserName, li.Value))
{
Roles.RemoveUserFromRole(user.UserName, li.Value);
}
}
}
}

Figure 15: Updating user roles

The code iterates through the list of all roles i.e. CheckBoxList items and adds the user to selected roles. This is done by calling AddUserToRole() method of the Roles object. The AddUserToRole() method accepts two parameters � user name and role name. On the same lines the user is removed from the roles unchecked by the administrator. This is achieved by calling RemoveUserFromRole() method of the Roles object. The RemoveUserFromRole() method also accepts the same two parameters as the AddUserToRole() method.

The administrator can create new roles by entering in the role name in the relevant textbox and clicking on the Create button. Figure 16 shows the Click event handler of the Create button.

protected void Button8_Click
(object sender, EventArgs e)
{
Roles.CreateRole(TextBox10.Text);
FillControlsWithRoles(Roles.GetAllRoles());
}

Figure 16: Creating new roles

The code simply calls the CreateRole() method of the Roles object passing the desired role name. After a new role has been added the CheckBoxList and the DropDownList must show the new role and hence FillControlsWithRoles() method is called.

The administrator can delete a role by selecting it from the relevant DropDownList and clicking on the Delete button. The Click event handler of the Delete button is shown in Figure 17.

protected void Button9_Click
(object sender, EventArgs e)
{
Roles.DeleteRole(DropDownList2.SelectedValue);
FillControlsWithRoles(Roles.GetAllRoles());
}

Figure 17: Deleting a role

The code calls DeleteRole() method of the Roles object passing the role name to be deleted. In order to reflect the change in the CheckBoxList and DropDownList the FillControlsWithRoles() method is called again.

We have been using the FillControlsWithRoles() method at many places. The code for this helper method is shown in Figure 18.

private void FillControlsWithRoles
(string[] roles)
{
CheckBoxList1.Items.Clear();
DropDownList2.Items.Clear();
foreach (string s in roles)
{
CheckBoxList1.Items.Add(s);
DropDownList2.Items.Add(s);
}
}

Figure 18: Filling controls with roles

The method simply clears the CheckBoxList and DropDownList control and refills them with the roles array passed as a parameter.

This complete the user role management. Now we will move on to coding the last feature i.e. Profile management.

Viewing user profiles

The case of the Profile Management option looks as shown in Figure 19.

...
case "Profile":
ProfileCommon pc = Profile.
GetProfile(user.UserName);
DropDownList3.Items.Clear();
foreach (SettingsProperty p in
ProfileCommon.Properties)
{
DropDownList3.Items.Add(p.Name);
}
MultiView1.ActiveViewIndex = 4;
break;
...

Figure 19: Case for profile management

The code retrieves profile of the user by calling GetProfile() method. The GetProfile() method accepts the user name whose profile is to be retrieved. The profile is returned as an instance of ProfileCommon class. The code then iterates through all the profile properties using Properties collection of the ProfileCommon class. Each element of the Properties collection is of type SettingsProperty. The name of each profile property is added to the relevant DropDownList. Note that the profile properties from a property group are shown using dot (.) notion. Finally ActiveViewIndex property of the MultiView is set to 4.

The administrator can modify any of the profile properties or he can delete the entire profile of the user. When the administrator selects a particular profile property from the DropDownList, its value is shown a textbox. This is done in the SelectedIndexChanged event of the DropDownList (Figure 20).

protected void DropDownList3_
SelectedIndexChanged(object sender, EventArgs e)
{
MembershipUser user = Membership.GetUser
(ViewState["username"].ToString());
ProfileCommon pc = Profile.GetProfile
(user.UserName);
object obj = pc.GetPropertyValue
(DropDownList3.SelectedValue);
TextBox11.Text = obj.ToString();
}

Figure 20: Showing value of a profile property

The code retrieves profile of the user. The value of selected profile property is retrieved using GetPropertyValue() method of the ProfileCommon instance. The returned value is displayed in a textbox so that the administrator can edit it if required. If the administrator changes value of any profile property he needs to click on the Save button. The Save button sets the profile property to a new value and saves it in the underlying profile data store. This is shown in Figure 21.

protected void Button11_Click
(object sender, EventArgs e)
{
MembershipUser user = Membership.GetUser
(ViewState["username"].ToString());
ProfileCommon pc = Profile.GetProfile
(user.UserName);
object obj = pc.GetPropertyValue
(DropDownList3.SelectedValue);
pc.SetPropertyValue(DropDownList3.SelectedValue,
Convert.ChangeType(TextBox11.Text, obj.GetType()));
pc.Save();
}

Figure 21: Modifying a profile property

The code first retrieves the value of the profile property by calling GetPropertyValue() method of the ProfileCommon instance. Wondering why we do that? This is necessary because while setting the new value we need to typecast the string from the textbox to appropriate data type. The call to SetPropertyValue() method will make this clear. The SetPropertyValue() method accepts property name and the new value as parameters. The property value parameter is of type object. While passing the new value we need to convert into the appropriate data type otherwise an exception will be thrown. That�s why the code uses ChangeType() method of the Convert class. The ChangeType() method accepts two parameters � value and the destination data type. Note that we pass the data type of the value previously retrieved here. Finally Save() method of the ProfileCommon instance is called to persist the changes in the underlying data store.

In order to delete the complete profile of a user the administrator can click on the Delete Profile for this user LinkButton. The code that deletes the profile is shown in Figure 22.

protected void LinkButton2_Click
(object sender, EventArgs e)
{
MembershipUser user = Membership.GetUser
(ViewState["username"].ToString());
bool result = ProfileManager.
DeleteProfile(user.UserName);
}

Figure 22: Deleting user profile

The code calls DeleteProfile() method of ProfileManager class by passing the user name to it. The ProfileManager class is used to perform various profile related tasks such as deleting profiles and searching profiles.

That�s it! Our own User Administration Tool is ready to use. Simply drag and drop the Members.ascx on the default web form and run.

Note : this article is collected from the website all right reserved BinaryIntellect Consulting.

User Administration Tool -Part 1

ASP.NET membership, role and profile features make it easy to develop a membership driven web site. However, equally important is a way to administer and manage the users registered with the web site. If you have managed any membership driven web site then you would be familiar with the complaints about forgotten passwords, forgotten user ids and change in email addresses.

Visual Studio provide an inbuilt tool called Web Site Administration Tool that allows you to administer various aspects including membership, roles and application configuration. However, many times it is needed that the user management facility be provided as a part of the web site itself. This way the web site administrator can manage the users from anywhere. The Web Site Administration Tool suffers from some limitations in such cases. Those limitations are:

• We can not make that tool as a part of your web site
• The look and feel of the tool may not fit in the theme of our web site
• We can not view and manage all the information about the users. E.g. user status and activity
• We can not view profile information of the users
• We can not do tasks such as password retrieval and reset
• The tool allows us to modify settings other than membership and roles which might be undesirable

The User Administration Tool

Because of these limitations often we need to roll out our own administrative pages that handle user administration. In this article we will develop a user control that will allow us to administer all the aspect of users and their membership. Specifically the user control will allow us to:

• Create new users
• Search for one or more users
• Modify user information such as email and comments
• See status of a user
• View activity of a user
• Manage password of a user
• Manage role information
• View and modify profile information of a user

We will create it as a user control so that it can be added easily to any of the existing web forms. For the rest of the discussion we will call our user control as “User Administration Tool”.

Before we begin any development let’s see how the User Administration Tool is going to look like.

Figure 1 shows the User Administration Tool.

Figure 1 : The User Administration Tool

The tool consists four major sections. On the top it provides searching facility. Search can be based on email or user name. Wild cards (_ and %) are allowed.

Below the search area a GridView displays list of all the users or users filtered depending on the search criteria. The user can be deleted using the Delete button. There is a DropDownList that allows you select which options to display and upon clicking on the Show button the information is displayed on the right hand side. You can also change the email address and comments of a user.

Below the GridView there is facility to create new users.

The right hand side area i.e. the area below “Managing Details for…” label displays various settings related to user status, activity, security, roles and profile.

Creating a web site and a database

In order to begin, create a new web site in VS.NET 2005. Add a new Web User Control called Members.ascx. Open SQL Server Management Studio and create a new database called UserAdminToolTestDb. Note that we could have used an existing database such as Northwind but for the sake of completeness we are create a brand new database. Figure 2 shows the New Database dialog of SQL Server Management Studio.

Figure 2: New Database dialog of SQL Server Management Studio

Configuring membership, role and profile providers

Now that we have created the database it’s time to configure it to support membership, roles and profile features. These features are collectively called as application services. ASP.NET provides a command line tool called aspnet_regsql.exe that can be used for enabling and disabling the application services. The aspnet_regsql.exe tool can be used in command line mode or wizard mode for this purpose. We will use the later mode for configuring the database.

Open Visual Studio.NET 2005 Command Prompt from the Visual Studio 2005 program group. Type aspnet_regsql.exe and hit enter. The aspnet_regsql tool should start itself in wizard mode. The wizard consists of five steps. Figure 3 shows the first step of the wizard.

Figure 3: Step 1 of aspnet_regsql.exe tool

The second step (Figure 4) asks you whether you want to enable or disable application services. Select “Configure SQL Server for application services” radio button and click on Next.

Figure 4: Step 2 of aspnet_regsql.exe tool

The third step (Figure 5) accepts database details such as server name, authentication method and database name. After entering the required details click Next.

Figure 5: Step 5 of aspnet_regsql.exe tool

The fourth step (Figure 6) simply shows the summary of the settings. Clicking Next actually starts the configuration process.

Figure 6: Step 4 of aspnet_regsql.exe tool

The final step (Figure 7) is just a confirmation that the tool has configured the database correctly.

Figure 7: Step 5 of aspnet_regsql.exe tool

The aspnet_regsql.exe tool creates several tables and stored procedures (prefixed with aspnet_) in the underlying database. These tables and stored procedures are used by the membership, roles and profile features.

Configuring the membership, role and profile providers for web site

Configuring your database for supporting membership, role and profile features is just half part of the story. We also need to configure the web site so that Membership, Roles and Profile objects (as well as login controls if they are being used in the web site) correctly point to the required data store. This is achieved by adding some markup in the web.config file.

Open the web.config file and add a section as shown in Figure 8.

Figure 8: Storing database connection string

The stores zero or more database connection strings. In our case we have added a connection string named connstr pointing to UserAdminToolTestDb database we created earlier. The connection string shown in Figure 8 uses integrated security. One needs to modify it depending on the SQL Server setup.

Now add the markup as shown in Figure 9 to configure membership and role provider.

Figure 9: Configuring membership and role provider

The tag configures the membership provider where as the tag enables and configures the role provider. Both these sections point to our database connection string connstr. Note how password reset, retrieval features are enabled using enablePasswordReset and enablePasswordRetrieval attributes. Also note how the password storage format is specified using the passwordFormat attribute. The passwordFormat attribute takes three possible values – Clear, Encrypted and Hashed. Since we are using SQL Server database the type attribute of membership configuration is set to System.Web.Security.SqlMembershipProvider. The SqlMembershipProvider class handles all the intricacies of membership management with the underlying database. On the same lines type attribute of role manager configuration points to System.Web.Security.SqlRoleProvider.

Finally, add the markup for configuring profile provider and profile properties. The markup looks as shown in Figure 10.

Figure 10: configuring profile provider

The section does two jobs. First it configures the profile provider and second it configures the profile properties and groups. The profile provider configuration points to our connection string. This time the type that handles ins and outs of profile management is System.Web.Profile.SqlProfileProvider. Various profile properties and a profile group is defined with and tags respectively. We have deliberately added a DateTime property called DOB so that we can test the implication of using data types other than string. We have also added a property group so that we can test how these groups can be accessed. (These points will become clear when we code related functionality later on)

Designing the GridView for displaying list of users

Now that we have set up the database let’s display a list of users in a GridView. In order to do so open the Members.ascx user control that we added to the web site earlier. Add a base table with three rows and two columns on to the user control designer. Drag and drop a GridView control as shown in Figure 1. A collection of MembershipUser objects will be acting as the data source for the GridView. Set AllowPaging property of the GridView to true. From the smart tag of the GridView click on “Edit Columns…” link to open the Fields dialog. Figure 11 shows the Fields dialog of the GridView.

Figure 11: Fields dialog of GridView

Add a TemplateField and set its HeaderText property to “Users”. Ensure that “Auto-generate fields” checkbox is unchecked and close the dialog. Design the ItemTemplate and EditItemTemplate as shown in the Figure 12.

Figure 12: ItemTemplate and EditItemTemplate of GridView

The ItemTemplate consists of a Label control for displaying the user name, HyperLink control for displaying email address and another Label control for displaying comments about the user. The template also has Button controls titled Edit and Delete. Finally, there is a DropDownList that contains possible user options (Status, Security etc.) and a Button titled Show.

Once you design the ItemTemplate open the smart tag for user name Label and select “Edit DataBindings…” option to open DataBindings dialog as shown in Figure 13.

Figure 13: DataBindings dialog

Select Text property from the “Bindable Properties” list. In the “Code expression” textbox enter Eval(“UserName”). This will bind the Text property of the Label with the UserName property of the underlying data element. Similarly bind the Text and NavigateUrl properties of the HyperLink with Email property of the underlying data element. Also bind Text property of comment label to Comment property of the underlying data element. From the smart tag of DropDownList select “Edit Items…” option to open the ListItem Collection Editor as shown in Figure 14.

Figure 14: ListItem Collection Editor

Add five items namely – Status, Activity, Security, Roles and Profile. Finally set the CommandName property of Edit and Delete buttons to “Edit” and “Delete” respectively. This completes the design of ItemTemplate.

The EditItemTemplate consists of a Label control for displaying user name and two textboxes for editing email and comments respectively. The newly entered data is saved using the Save button and the edit operation can be cancelled using the Cancel button. Data bind the Label and Textboxes with UserName, Email and Comment properties exactly as before. Also set the CommandName property of the Save and Cancel buttons to “Update” and “Cancel” respectively. This completes the design of EditItemTemplate.

Designing user interface for searching users

In order to design a user interface for searching users, drag and drop a Panel control above the GridView that we just designed. Set the GroupingText property of the panel to “Find Users”. Add a table with four rows and two columns and place controls as shown in Figure 15.

Figure 15: Find Users panel

The Find Users panel consists of two Textboxes for accepting search criterions for email search and user name search respectively. Search criteria can contain wild cards _ (single character) and % (any number of characters). Clicking on the respective Go button will display only the matching records in the GridView. At the top there is a LinkButton for clearing the filter criteria so that the GridView displays the complete list of users.

Designing user interface for creating new users

Designing user interface for creating new users is fairly simple. Simply drag and drop a CreateUserWizard control below the GridView that we designed previously. Apply some formatting theme to it if required. That’s it.

Designing user interface for displaying user details

The user interface for displaying user details consists of MultiView and View controls. In order to design the interface, drag and drop a MultiView control on the right hand side of the GridView and Find Users panel (refer Figure 1). Drag and drop five View controls inside the MultiView control. Further drag and drop a Panel control in each of the View control and set their GroupingText property to User Status, User Activity, Security, Role Management and Profile Management respectively.

Design the first View control as shown in Figure 16.

Figure 16: View control for displaying User Status

The View for User Status consists of three Checkbox controls and a Button control. The checkboxes indicate if the user is active, locked out or online. The administrator can mark a user as inactive by un-checking the Is Active checkbox. The “Is Locked Out” checkbox is enabled only if the user is locked i.e. user can only be unlocked by the administrator. The “Is Online” checkbox is always disabled. It simply displays the on-line status of the user. The changes can be saved by clicking the Save Changes button.

Now design the second View control as shown in Figure 17.

Figure 17: View control for displaying User Activity

The second View control shows the activity of the user in terms of creation date, last activity date, last lockout date, last login date and last password change date. All the information displayed here is read only.

Design the third View control as shown in Figure 18 and 19.

Figure 18: View control for managing security details

Figure 19: View control for managing security details

The third View control allows the administrator to change the password of a user or the password question and answer. It also allows the administrator to retrieve or reset the password. The Get Password button is enabled only if the password retrieval feature is enabled on the membership provider. Similarly the Reset Password button is enabled only if the password reset feature is enabled on the membership provider. Note that for the sake of simplicity we have not taken any care of validating the inputs.

It’s time to design the fourth View control. This View control allows the administrator to manage roles in the system as well as user to role mapping. Design the View control as shown in Figure 20.

Figure 20: View control for managing roles

The “Add/Remove user from role(s)” section displays a list of all the roles with the roles to which the user belongs to as checked. The administrator can add or remove the user from one or more role(s) and click on Update User Roles button to save the changes. The administrator can also create a new role or delete existing roles. Note that for the sake of simplicity we have not taken any care of validating the inputs.

Finally design the fifth View control as shown in Figure 21

Figure 21: View control for managing profile

The fifth View control allows the administrator to manage profile of a user. A DropDownList shows a list of all the profile properties. The property values can be read or changed. Clicking on the Save button saves the changes. The administrator can also delete the profile of the user. Note that profile properties can be of a user defined type (customer class for example). Such properties of course can not be read or modified via this tool.

That’s it! We have just completed designing the user interface of the User Administration Tool. The mark up of Members.ascx is bit lengthy and hence not given here. You can get it in the download accompanying this article.

Conclusion

Membership, Role and Profile features come handy while building a secure membership driven web site. Often the administrators need a tool that allows them to manage users easily. In the Part 1 of this series we kicked off developing such a flexible yet simple tool. We developed user interface of a web user control for managing various aspect of user administration such as password recovery, role mapping and profile management. In the Part 2 of this article we will code the functionality to make our user control functional

Note : this article is collected from the website all right reserved BinaryIntellect Consulting.