Project Description

This project provides a simple abstraction for the Membership, Roles and ProfileManager ASP.NET providers as well as ASP.NET FormsAuthentication. The library creates required database objects automatically and uses web.config Membership, Roles and ProfileManager sections.

Introduction

In any non-trivia web solution, user authentication and authorization are crucial. Authentication enable the solution to verify the identity of users while authorization enables the solution to provide the solution users resources based on their roles within the system. In addition, it is often desired that users are able to customize the solution (or some parts) to their specific needs. For example, the default background of the application. This is often achieved through user profiles. ASP.NET defines a pluggable provider model for these three aspects (authentication, authorization and user profiles) of a web solution. These are the MembershipProvider (for managing users), RoleProvider (for managing user roles) and the ProfileProvider (for managing user profiles) and they define the minimum functionality supported by ASP.NET. Although the framework (ASP.NET) offers a defualt implementation of the various providers to support persistence of data in an MS SQL Server database, this implementation is somewhat heavy weight. In view of this, this project is aimed solely at providing a light-weight implementation of the aforementions providers to support databases. However, the first release will target only MS SQL Server.

Features
  • Simple and clean abstraction layer for Membership, Roles and ProfileManager ASP.NET providers
  • Provides helper methods for ASP.NET FormsAuthentication
  • Can create database objects if required
  • Provides poco classes which can be integrated into existing application

What Is Membership, Roles and Profile Library (MRPLibrary)

In many of the ASP.NET solutions, developers are either attempting to customise the default ASP.NET SQLMembershipProvider or develop a custom implementation in order to suit their solutions requirements. In my experience, this primary reason for this has been that the default providers are quite heavy-weight implementation which are complex to integrate into my solution. As such, I have repeatedly implemented these providers within new projects. Even when there is no need to customise the default providers, in order for the providers to work, you have to run a special command-line tool to make sure the required schema is created in you databse. In order to simplify this process, I have developed MRPLibrary which servers to astract this cross-cutting features which every project requires (membership, role and profile) into a separate library that can be referenced by other projects. The library is able to detect the absence of the require database objects and create them.

In addition, library also provides an abstraction for Forms authentication with the desired result that the ASP.NET developer can focus solely on the core business functionality and rely on MRPLibrary for membership, role and profile management.

The library designed is based on the provider model and as such, the main configuration is via the web.config although this can be done programatically via code. It utilises Microsoft EntityFramework 4 CTP 5 for persistence and as such currently supports MS SQL Server. However, the designed is flexible enough to accommodate other datastores. This will be implemented in future versions.

I hope this library helps developers focus on the real task of their solution: solving business problems.

How To Use MRPLibrary

In order to use the library, the following steps should be followed:
  • Download the binaries and add a refrence to AspAuthentication.dll in your solution
  • Add a new database connection to the "connectionStrings" section of the application configuration file if there is not already one. Sample shown below:
     <connectionStrings>
           <add name="[CONNECTION NAME]"
                               connectionString="data source=(local);Integrated Security=SSPI;Initial Catalog=[DATABASE NAME];MultipleActiveResultSets=true;
                                                           Persist Security Info=true" providerName="System.Data.SqlClient" />
     </connectionStrings>
  • Add the relevant Membership, Role and Profile configuration to the system.web section of the configuration file. Sample shown below:
    <membership defaultProvider="[PROVIDER NAME]">
      <providers>
        <clear/>
        <add 	name="[MEMEBERSHIP PROVIDER NAME]" 
				type="AspAuthentication.Providers.PortalMembershipProvider" 
				connectionStringName="[CONNECTION NAME]"
				enablePasswordRetrieval="false" 
				enablePasswordReset="true" 
				requiresQuestionAndAnswer="false" 
				requiresUniqueEmail="false"
				maxInvalidPasswordAttempts="5" 
				minRequiredPasswordLength="6" 
				minRequiredNonalphanumericCharacters="0" 
				passwordAttemptWindow="10"
				applicationName="[APPLICATION NAME]"  
				passwordFormat="Hashed" 
				createDatabaseObjects="true" 
		/>
      </providers>
    </membership>
	<profile enabled="true" defaultProvider="[PROFILE PROVIDER NAME]">
      <providers>
        <clear/>
        <add 	name="[PROFILE PROVIDER NAME]" 
				type="AspAuthentication.Providers.PortalRoleProvider, AspAuthentication 
				connectionStringName="[CONNECTION NAME]"
				applicationName="[APPLICATION NAME]"  
				createDatabaseObjects="true" 
		/>
      </providers>
    </profile>
	<roleManager enabled="true" defaultProvider="[ROLE PROVIDER NAME]">
      <providers>
        <clear/>
        <add 	name="[ROLE PROVIDER NAME]" 
				type="AspAuthentication.Providers.PortalRoleProvider, AspAuthentication" 
				connectionStringName="[CONNECTION NAME]" 
				applicationName="[APPLICATION NAME]"  
				createDatabaseObjects="true" 
                                defaultRoles="RoleA;RoleB;RoleC;RoleD"
		/>
      </providers>
    </roleManager>

The above configuration entries are typical settings for ASP.NET Membership, Roles and Profile providers and can be found here. However, the unique entry to the MRPLibrary is createDatabaseObjects which if set to true will make the library create the required database objects while for a setting of false the library will assume the objects exist in the database.
  • Utilise the ASP.NET Membership, Roles or ProfileManager classes to invoke the respective memebership provider, roles provider and profiles provider. Sample shown below:
          var profileProvider = ProfileManager.Provider;
          var roleProvider = Roles.Provider;
          var membershipprovider = Membership.Provider;


The code sample above demonstrates how the MRPLibrary library can be utilised in a transparent manner in which any provider will work. If the specific solution intends to take advantage of the specific capabilities of the MRPLibrary library then the following pattern could be utilised:
           var securityCop = new SecurityCop();
           
            if (!securityCop.PortalRoleProvider.RoleExists("user"))
            {
                securityCop.PortalRoleProvider.CreateRole("user");
            }
            if (!securityCop.PortalRoleProvider.RoleExists("administrator"))
            {
                securityCop.PortalRoleProvider.CreateRole("administrator");
            }

            try
            {
                securityCop.PortalMembershipProvider.GetUser("Administrator",false);
            }
            catch (EntityNotFoundException)
            {
                MembershipCreateStatus status;
                securityCop.PortalMembershipProvider.CreateUser("Administrator", "password", "Administrator@test.com", "Administrator", "Administrator", true, "Administrator", out status);
                securityCop.PortalRoleProvider.AddUsersToRoles(new[] { "Administrator" }, new[] { "user", "administrator" });
            }


The benefit of the second approach is that the developer can reuse the classes defined within the MRPLibrary library within their solution. There is an API documentation associated with the library.

It is however necessary to note that the library could actually be utilised to manage users in non-ASP.NET-based application though this is not the default usage scenario.

Last edited Apr 30, 2011 at 8:09 PM by ekhor, version 17