Authentication process

Feb 3, 2009 at 9:23 PM
Hi friends, i'm relative new to ASP.NET and very new to WCSF, can someone explain how the authentication process is accomplished in WCSF June2007 Reference implementation GlobalBank.Commercial.EBanking.sln. I cannot see any code in UserLogin.aspx.cs file.
Thanks
Feb 4, 2009 at 3:46 PM

Hi,

 

The UserLogin page, inside the WebUI Web Site, has a Login control inside it. This control provides a common UI for the login process and uses the MembershipProvider class that is defined in the Web.Config file of your Web Site to authenticate the different users.

If you check the Web Site’s Web.config file, you will find something like this:

 

<!-- Membership provider default configuration -->

<membership defaultProvider="SqlMembershipProvider" userIsOnlineTimeWindow="15">

<providers>

<add name="SqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider" connectionStringName="RI_SqlConnection" applicationName="WCSF_RI_1"

enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="true" requiresUniqueEmail="true" passwordFormat="Hashed"/>

</providers>

</membership>

 

In this case, the Login control will use the System.Web.Security.SqlMembershipProvider class to perform the authentication. The other parameters defined in the Web.config are used for configure the Membership provider to be able to accomplish the authentication task.

 

This kind of authentication (using Membership providers) is very common in ASP.NET applications. So perhaps, you could find useful the following links:

·         ASP.NET Login Controls Overview

·         Managing Users by Using Membership

o   Introduction to Membership

o   Membership Providers

 

Please, let me know if this helps.

 

Ezequiel Sculli

http://blogs.southworks.net/esculli/

Feb 4, 2009 at 6:32 PM
Thanks Ezequiel,
we are porting a large Windows App (built with SCSF) to Asp.net, we already have an User table, UserAplication, UserRole etc.., is mandatory to use this tables in the web app, i'm wondering if we can use those tables with SqlMembershiProvider or should i write my own  MembershipProvider calss. best regards
Elio
Feb 5, 2009 at 1:42 PM

Hi Elio,

 

I suppose that you are using a custom Database schema created and designed by you and your team. It may be that your schema does not match with the required by the SqlMembershipProvider, so you should implement a custom MembershipProvider class to be able to retrieve the user’s data from your Database structure.

There are several articles that show you how to do this (regardless of Web Client Software Factory).

You can use the Aspnet_regsql.exe tool, provided with the framework, to create a new database that has the Database structure that the SqlMembershipProvider needs. In this way, you can compare your schema with the new one to see how different are, and maybe, making little changes you can use the SqlMembershipProvider class, saving developing time.

 

Have in mind that the Membership providers classes manage the authentication of users (confirm that the user who is trying to login is really him). To manage the authorization of an user (give access only where the user has access), using the user’s roles, you don’t use Membership Providers, but you use Role Providers instead, so, if the schema that you are using doesn’t match with the required by a Role Provider defined in the Framework, you should also implement a new custom Role Provider.

Perhaps, you may find useful the following article that talks about how to manage roles based in the ASP.NET Security design:

·         Managing Authorization Using Roles

 

If your DB schema differs greatly from the default one, implementing the ASP.NET Security over it (creating all the custom providers) may not be an easy task, and it could take some time. But, this will save a lot of time in the future if you continue using the same schema for authorization and authentication, because you can reuse your custom providers in another applications.

 

Please, let me know if this helps.

 

Ezequiel Sculli

http://blogs.southworks.net/esculli/

Feb 5, 2009 at 8:10 PM
Hi Ezequiel, thanks again for your time and clarification on the subject.
best regards
Elio