Sunday, February 19, 2012

Forms Authentication in ASP.NET

ASP.NET provides you a greater set of capabilities for working with a proper authentication. This is made available with the Membership Provider in it. Membership provider provides rich set of features including adding new users and assigning them specific roles.
By default, once you create an ASP.NET Application (Not empty application), it provides the capability of registering the users and sign-in them. But, how does this work, where are these registration data are stored? As soon as you create an application, just check the folder structure by browsing it through Windows Explorer. (In Visual Studio: Right-click on Application->Open Folder in Windows Explorer) Go inside the App_Data folder and you will find nothing inside in it.

Go back to Visual Studio and Run the application. Then create a new user account (Register). Once you are done, re-check the App_Data folder. You will find a database and a log file created named ASPNETDB. This is the file created for storing the user information by default. You can see a new connection string is made in Web.config file.

So, the Database name remains asASPNETDB. But we do need to have a different name which has a relevance to our application. Basically, this database includes a set of tables and views. We can add them into our own database or a new database with a name which we would like to have.ASP.NET SQL Server Setup Wizardprovides this opportunity. This tool is located in “[drive:]\%windir%\Microsoft.NET\Framework\version” folder of the file system. Once you get in there, open the aspnet_regsql application.

You can either Configure SQL Server for application services or Remove application services from an existing database. Once you get it done, you will have the required tables and fields in the database you want.


A user can have many roles. A role defines something that a particular user needs to have. For example as user may need to have access to Health Department and the Transport Department. In such a scenario, what we can do is create two Roles for Health and Transport Departments and assign the user to both. When we are rendering the views or executing the methods, we can restrict by User Role. But, how are we gonna have this Role feature?

Visual Studio provides a tool named ASP.NET Configuration for this. You can find it in the Solution Explorer. It is a tool with a web interface. It will be browsed with the parameter applicationPhysicalPath in your web browser. Just go to the Security tab and click on the link Enable Roles. There you can view the Existing Users as well as you can create User accounts from there.
Once you Enable the Roles, you can create the roles and assign users to the system through this tool. Also you can have all those features in your web application it self. Lets discuss them in another article.

The web.config file will get changed once you change the Enable Roles feature and all the roles you create will be stored in the database.
<roleManager enabled="true">
        <clear />
        <add connectionStringName="ApplicationServices" applicationName="/"
          type="System.Web.Security.SqlRoleProvider" />
        <add applicationName="/" name="AspNetWindowsTokenRoleProvider"
          type="System.Web.Security.WindowsTokenRoleProvider" />
In MVC, the controllers can have the attribute [Authorize(Roles="Health")] like such and restrict the users by accessing them.

No comments:

Post a Comment