I am building a solution for a small business without any in house IT staff.
The central datastore is SQL SERVER (express2008)
I would like to leverage SQLs built in security (certain views for certain classes of employees).
However the boss (the one who needs the control to say who sees what and who can edit) is overwhelmed by Management Studio.
No I know that in just 16-20 hours I could put together a nice interface that uses SQL to manage the users.
It just seems silly for me to reinvent the wheel for what seams like it must be a common problem and must have been solved many times before. but searching on the web has not turned anything up.
I would rather something that I could package with my app (WPF/C#/Linq2Sql)
but if it was stand alone it would also be great as long as it was dummy proof.
While I am on the topic.
How do users usually change their sql passwords (when you are forced to used mixed authentication)?
Thanks
From Scott Guthrie's weblog:
If you haven’t watched this great online video yet you absolutely should. It walks through how to add Forms Authentication (using the <asp:login> control) with a secure Membership Credential Store + Role Based Security to a site, then implement pages that enable Registration (using the <asp:createuserwizard> control) + Change Password (using the <asp:changepassword> control) + Reset Password (using the <asp:recoverypassword> control), and then authorize page access and hide menu navigation links using the role groupings of the authenticated user. The video shows how to-do all of this from scratch in only 17 minutes. You can watch it here. You can also find other great ASP.NET “how to” videos here.
Easiest way to implement this kind of functionality, in my opinion, assuming you're building an ASP.NET front-end.
Edit:
Even though you're delivering a desktop app, I'd still build a web app, stick it on their intranet and then there's one place to go for user account stuff. It's just too easy.
Edit Again:
Look into the stored procedures that are called from the <asp:changepassword> and the <asp:createuserwizard> controls and replicate them from in your admin section.
The answer you're looking for:
Again, Scott Guthrie comes to the rescue:
Peter Kellner has a good article on the new ASP.NET 2.0 Membership and Roles Features, and then put together a very useful sample that demonstrates how to implement a set of admin data-pages on top of the ASP.NET 2.0 Membership and Role Management system to allow you to remotely administer your users and roles. His sample is available to download in source format -- so you can integrate it within your applications to provide a remote management experience for users/roles that works well in a hosting environment.
Update: Check out Juval's article and sample code on how to accomplish the same thing using a Windows Forms front-end and web-services. Very slick!
Updated: Juval has updated his code again to support three options:
1) The version mentioned in the magazine
2) A WCF (Indigo) version hosted in IIS
3) A WCF (Indigo) version with a custom server host in case IIS isn't an option
You can download all three versions here: http://www.idesign.net/idesign/temp/CredentialsManager.zip
Hope this helps,
Scott
Related
Visual Studio 2010 has a way to create a new website.
I have done that with 4 different websites, all are hosted remotely on Godaddy, and they all run fine.
All of these sites come with a default Microsoft login link:
The link goes to documentation on MSDN, but that documentation covers everything in depth. I'm not a DBA, and I have never figured out how to get one of my websites to use this feature.
In the past, I have either deleted those links or set them so they were not displayed.
Now, I'd like to learn what is required to getting them to working - just something basic.
I went there and created a new, blank Microsoft SQL database. The tables are not setup, though. That may be all I need!
Looking at the default settings in the web.config file, it looks like I can simply edit the connection string to be what I need.
Microsoft posts a link in their code, but I must confess that I really don't know what I'm looking for, so it is hard to tell when I am looking at the solution.
For a hosted website (like GoDaddy), does anyone know how to get the database setup?
I'm looking for a spoon fed, Step-By-Step, "How To" for dummies like me that spend most of their time developing Windows Forms.
You are using ASP.Net - Legacy SQL Membership Provider. It has been deprecated long time ago.
ASP.Net Identity 2 is new, but it requires .Net 4.5
Closest to Legacy Membership Provider is ASP.NET Universal Providers.
Link from the 2nd picture is for web.config in general. It doesn't include any information about Membership Provider.
I am building a set of services based on MVC 4. They should all be a part of the same authentication system. Currently I have got a separate project for all the model handling, including the Forms Authentication you get by default when making a new MVC 4 app.
Now, I would like to make a toolbar for logging in to our cloud services, and this toolbar must be made in such a way that it can be imported into our other services. Logging in with this toolbar should log you in to all our services, that are separated into different MVC apps. Thus logging in when browsing "service1" and then going to "service2", you should still be logged in with the same user.
Can anyone point me in the right direction here? Should I make a separate MVC app for this toolbar, and somehow reference it in all of my other projects? Should I export my controllers into a separate project and use them? I am not sure what the best practice is here, nor where to find the info I need on the matter.
Since you will be hosting your applications on different domains, you could implement some Single Sign On mechanism the way SO does it over the Stack Exchange network: https://meta.stackexchange.com/questions/64260/how-does-sos-new-auto-login-feature-work/64274#64274
Different domains means that you won't be able to share the Forms cookie. You should rather learn how to use one of the enterprise Single Sign-on protocols - using a recognized protocol means that you can easily integrate other applications, even if they are developed in different technologies (standarized protocols are supported by most development environments).
Possible candidates are:
the OAuth2 protocol. It is a respected protocol as Google, LiveID, Facebook, Twitter and others support it. To build an OAuth2 server you will need a framework like the DotNetOpenAuth.
WS-Federation. Got a lot of attention in .NET world as we got the Windows Identity Foundation framework which lets you create WS-Federation servers and clients.
Anyway, my advice is to invest your time now as this will pay off well in future.
I have a website that uses WebMatrix user authentication (login/register pages) and I am making an app in Windows 8 release preview and would like to know if it is possible to authenticate users of my app (let users of my app sign in to my app) if they are registered members of my website? And if they are not, allow them to register through my app - but it appears that remost db connections are not possible in Metro apps - so I don't know what to do. Can somebody please help?
I've been searching for weeks but there still isn't a whole lot of official documentation out there.
You should never ever allow any client or user program to access your database directly (not even read access). People WILL abuse it one way or another and they might try exploits to gain write access if their access is restricted to reading. If you'd like a prominent example, Super Meat Boy did that exactly, and they got lots of database issues and abuse over last year's christmas days (while there game was on (Steam) sale, so they got lots of additional upset players!).
I've never used WebMatrix, so I might be a bit off here, but in general you should have several possible approaches - all being better than doing direct database access:
Use some provided remote access (this might be some extra class or addon or whatever; IF available).
Write your own remote access tool. This would essentially be some special website accepting/returning text or data interpreted by your program. E.g. you could post the login credentials in a HTTP POST request and it could return ok or failed or something like that.
Essentially fake a web browser and access the standard URLs/scripts/systems provided by WebMatrix.
I'm in the process of designing an iPhone app and I need to create a login mechanism written in ASP.NET on the server. Any ideas how the best way to go about doing this would be?
We would need to be able to create a username/ pass, login, then send a (small) amount of information back and forth from user application to server.
This is one of the more "packaged" (I guess is a good word) parts of ASP.NET, but it sounds like you would do great w/ the provided ASP.NET login controls: http://msdn.microsoft.com/en-us/library/ms178329.aspx
This gets you pretty far for free (metaphorically) and if you need more later, the MembershipProvider support is pretty rock solid.
I'm assuming that by iPhone app you are referring to a native (Objective-C) application. If this is the case then I would probably look at creating a web service (WCF) to interact with the server rather than a web site. The service would allow you to use the native widgets without having to scrape (or manipulate) a DOM object to perform a post back.
Note that there's no reason why a well written web service couldn't also be exposed as a web site if the software follows good design principles. As #Rikon mentioned the MembershipProvider support provides a good quick out of the box experience although it's easy to out grow what it provides.
Howdy,
I'd like to create a website with c# and ASP.NET. This Website should feature a front end which is accessable by all visitors - and then I'd like to create a backend which is only accessibly after the user logged in ... however I'm facing a couple problems since this is my first web project in C# and in general.
I think I have to create at least 3 classes:
Page - ( every page should inherit this page )
holds if the page should be an open or closed page
Loginpage
Membership Page
Checks if the user is really logged in and which user it is.
I have no clue if this is the right way to do it - and how I should do. I would be really grateful 4 help.
Take a look at the MembershipProvider. ASP.NET comes with some pre-rolled controls for logging users in and out, as well as several mechanisms for checking whether a user is logged in and what roles they have. You can secure resources programmatically by checking on what roles the current user has and make decisions in code, or in the web config by requiring specific user names and/or roles to access a given resource (such as a page).
Here's an intro link to get you started:
http://msdn.microsoft.com/en-us/library/yh26yfzy.aspx
Once you're done getting a general feel for what the MembershipProvider is, here's a video to walk you through setting up a SqlMembershipProvider:
http://www.asp.net/general/videos/how-do-i-set-up-the-sql-membership-provider
This sample is so useful.
Review it.
Project Description MyWSAT aka ASP.NET
WSAT is a WebForms based website
Starter Kit for the ASP.NET Membership
Provider. It is a feature rich
application that takes care of all the
basics to save you time. Use it as a
template to start your websites.
MyWSAT v3.5 PROJECT OVERVIEW:
MyWSAT aka ASP.NET WSAT is a WebForms
based Website Starter Kit for the
ASP.NET Membership Provider with Forms
Authentication. It provides you with
all the security features required for
a site out of the box so you start
focusing on building your pages. It
allows you to manage membership users
online once your site is deployed. It
features complete administrative
back-end functionality and designed to
manage users, as well as admin pages
for users to manage their own user
data.
MyWSAT works with the default
membership provider database tables to
manage membership users, roles and
profiles and uses a few specially
crafted stored procedures for
efficient paging of any amount of
records... and a few more things as
you will see. It consists of simple
procedural programming with neatly
organized and commented code. The
programming methodology is geared
toward the beginning developer to help
quickly gain some practical every day
development knowledge. MyWSAT has been
used in many production environments
(personal and enterprise) and is
reliable and secure. A perfect starter
kit for your next Blog, CMS,
E-commerce or any project that
requires security and user management.
Tip: You can save this website as a
template and use it to create new
sites based on it.
TECHNOLOGY USED:
This application was created in Visual
Web Developer 2008 Express (works with
2005 and 2010) with SQL Server 2008
Express , .NET version 3.5 and C#.NET.
This release is not available in
VB.NET.
Since you are using ASP.NET, there is a lot of existing infrastructure here you can take advantage of. Look into:
Microsoft ASP.NET Membership API: http://msdn.microsoft.com/en-us/library/yh26yfzy.aspx
Login Controls: http://msdn.microsoft.com/en-us/library/ms178329.aspx
Forms authentication
Microsoft has pretty much fully solved/written all of this for you. Now you might still prefer to avoid their implementation for whatever reason, but it's still worth looking into.