How To: Use Forms Authentication with Local SQL Membership

Objectives

  • Use the SqlMembershipProvider with forms authentication.
  • Set up the aspnetdb membership data store for local development.
  • Restrict the forms authentication cookie to HTTPS connections.

Summary

ASP.NET provides a membership feature that you can use with forms authentication. The membership feature provides an abstraction for the underlying data store used to maintain user credentials such as user names and passwords, and it provides an API that allows you to easily validate user credentials and manage the user data store. ASP.NET supports SQL Server and Active Directory providers.

This How To shows you how to develop a simple Web site that uses forms authentication with the SQL membership provider.

Contents

  • Pre-Requisites
  • Summary of Steps
  • Step 1. Create a New Cloud Service Project.
  • Step 2. Add a Login Page.
  • Step 3. Create a Way for New Users to Register
  • Step 4. Configure ASP.NET to use Forms Authentication
  • Step 5. Configure ASP.NET to restrict Anonymous Users
  • Step 6. Set up the SQL Membership Database
  • Step 7. Add the SQL Connection String
  • Step 8. Configure ASP.NET to Use the Azure Table Storage Provider
  • Step 9. Add Test Code to Page_Load to Show the Forms Authentication Details
  • Step 10. test registering a new user and logging in to the application

Pre-Requisites

  1. Windows Azure Tools for Visual Studio 2008
  2. Microsoft SQL Server, or SQL Express with Standard or Mixed security model

Summary of Steps

  • Step 1. Create a New Cloud Service Project.
  • Step 2. Add a Login Page.
  • Step 3. Create a Way for New Users to Register
  • Step 4. Configure ASP.NET to use Forms Authentication
  • Step 5. Configure ASP.NET to restrict Anonymous Users
  • Step 6. Set up the SQL Membership Database
  • Step 7. Add the SQL Connection String
  • Step 8. Configure ASP.NET to Use the Azure Table Storage Provider
  • Step 9. Add Test Code to Page_Load to Show the Forms Authentication Details
  • Step 10. test registering a new user and logging in to the application

Step 1. Create a New Cloud Service Project.

In this step, you create a new cloud service project in Visual Studio:
  1. Start Visual Studio, from the menu select “File” then click “New’ and then click ‘Project”
  2. In the “New Project’ dialog box, expand ‘Visual C#’ (or Visual Basic, if you are using it) in the ‘Project Types’ section, and select “Cloud Service”.
  3. In the ‘Templates’ section choose “Windows Azure Cloud Service” template, set the location, Name it as FormsAuthSample and click the “Ok” button.
  4. In the “New Cloud Service Project” dialog box, select “ASP.NET Web Role”, and click the “>” button to add it to the solution. Then click the “Ok” button. This will create a sample cloud Web Application, which is ready to be hosted in the cloud with all required configuration files etc.
  5. Run and verify that it works fine.

Step 2. Add a Login Page.

Use Solution Explorer to add a new Web form named Login.aspx to the WebRole1 site.

Step 3. Create a Way for New Users to Register

Add the following two lines into the Login.aspx <form> tag

    <asp:Login runat="server" /> 
    <asp:CreateUserWizard runat="server" /> 


It should resemble the following:

    <form id="form1" runat="server"> 
    <div>
    <asp:Login runat="server" /> 
    <asp:CreateUserWizard runat="server" /> 
    </div>
    </form> 

Step 4. Configure ASP.NET to use Forms Authentication

In Web.config, add the following line insde the <system.web> tag:
 <authentication mode="Forms" />

Step 5. Configure ASP.NET to restrict Anonymous Users

In Web.config, add the following line inside the <system.web> tag:

      <authorization> 
        <deny users="?" /> 
        <allow users="*" /> 
      </authorization> 


Note – The preceding configuration allows only authenticated users to access the application. The "?" indicates unauthenticated users and the "*" indicates all users. By denying unauthenticated users, any requests made by unauthenticated users are redirected to the login page. The loginUrl attribute of the <forms> element determines the name of the login page. The default setting of this attribute is Login.aspx.

Step 6. Set up the SQL Membership Database

In this step, you configure the SQL data store for membership. This is accomplished through the use of the aspnetregsql.exe utility. Details on aspnetregsql.exe can be found at: http://msdn.microsoft.com/en-us/library/ms229862(VS.80).aspx

Note: Configuring SQL Azure for use with ASP.NET membership providers requires some alternate steps. These can be found at: http://support.microsoft.com/kb/2006191

Step 7. Add the SQL Connection String

In Web.config, add the connection string to the connectionStrings tag using the <add> tag as follows:

  <connectionStrings> 
    <add name="MyLocalSQLServer" connectionString="Initial Catalog=aspnetdb;Data Source=MyServerName;Integrated Security=SSPI"/> 
  </connectionStrings> 

Step 8. Configure ASP.NET to Use the Azure Table Storage Provider

In this step, you configure the Web application to use the AspProviders.TableStorageMembershipProvider.

In Web.config, add the following lines inside the <system.web> tag:

    <membership defaultProvider="MySqlMembershipProvider" > 
      <providers> 
        <clear/> 
        <add name="MySqlMembershipProvider" 
             connectionStringName="MyLocalSQLServer" 
             applicationName="MyAppName" 
             type="System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" /> 
      </providers> 
    </membership> 

Step 9. Add Test Code to Page_Load to Show the Forms Authentication Details

Add a using statement to Default.aspx.cs in your WebRole1 project to add a reference to System.Web.Security.

Add the following code to Page Load of Default.aspx.cs in WebRole1:

protected void Page_Load(object sender, EventArgs e) 
{  
    Response.Write("Hello, " + Server.HtmlEncode(User.Identity.Name) + "<br />"); 
} 

Step 10. test registering a new user and logging in to the application

  1. Run the project by using the F5 key (this runs the project in Debug mode.)
  2. Create a new user. On your first visit, you need to create a new user (e.g. “bob”.) Note that the password rules by default are alphanumeric plus one non- alphanumeric (for example, "password!")
  3. Login to the application. Sign in with your new username and password pair.
  4. The Web application should return something along the following lines:

Hello, waldo

Last edited May 21, 2010 at 5:20 PM by paulenfield, version 4

Comments

No comments yet.