Asp.Net Membership and Roles Tutorial

Overview

I was originally going to just post the information needed for my reference, but I decided that I had to reference many things all the time, so I will just post a tutorial. For those people using ASP.NET often on a large amount of projects have no doubt-ably come across ASP.NET 2.0’s custom roles and membership tools. These tools allow you to use a lot of prefabricated tools written by the Microsoft developers in order to perform menial tasks like authentication and role assignment. The problem is that this system is so flexible, it is hard to get a lot of documentation about using all of the features, and searchers are usually pointed to specific information. This tutorial is going to be short and sweet and demonstrate what I feel would be the most common and useful usage for the membership and role system.

Our task: A custom authentication system implementing users and roles. Our technologies: ASP.NET 2.0 written in C# (Visual Studio) using a SqlServer 2005 database.

Setting up the database

Originally, I was under the assumption that unless I wrote my own custom membership and role classes, I would be required to use the ASPNETDB on SqlExpress (I later found out that a lot of people were under the same assumption). Well I have no intention of writing unnecessary code, and I found out that there is a tool that will set up a remote database according to the specifications of Microsoft’s default membership and role providers. so…

  • Run the Visual Studio Command Prompt
  • Type aspnet_regsql and press enter
  • Go through the wizard provided to set up your database

This will set up your database with all of the stored procedures and tables required. Very fast eh? Onward…

Setting up the website

  • Create a new ASP.NET website or open up the existing site.
  • Create a new or open up your web.config files

Use the following in your web.config under the <configuration> section

<connectionStrings>
  <add name=“TestConnection"
    connectionString="your connection string here”/>
</connectionStrings>

This section is the connection string for your SqlServer2005 server that you previously configured. It will be used by our membership and roles declarations below. Add the following too your web.config file under the <system.web> section

<roleManager enabled=“true” defaultProvider=“MyTestRoleProvider”>
    <providers>
      <clear />
      <add connectionStringName=“TestConnection"
        applicationName=”/ApplicationName"
        name=“MyTestRoleProvider” type=“System.Web.Security.SqlRoleProvider” />
    </providers>
</roleManager>

<membership defaultProvider=“MyTestMembershipProvider"
                    userIsOnlineTimeWindow="20"
                    hashAlgorithmType="MD5”>
    <providers>
        <clear />
        <add name=“MyTestMembershipProvider”
            enablePasswordRetrieval=“false”
            enablePasswordReset=“true”
            requiresQuestionAndAnswer=“true”
            applicationName=“/ApplicationName”
            requiresUniqueEmail=“true”
            passwordFormat=“Hashed”
            maxInvalidPasswordAttempts=“5”
            minRequiredPasswordLength=“6”
            minRequiredNonalphanumericCharacters=“0”
            passwordAttemptWindow=“10”
            passwordStrengthRegularExpression=“"
            connectionStringName="TestConnection”
            type=“System.Web.Security.SqlMembershipProvider” />
    </providers>
</membership>

<authentication mode=“Forms” />

A little explaination of the above. This section configures your asp.net to handle your new Sql connection with custom membership and roles. The <roleManager> section creates a custom role provider that will be used by asp.net to handle… well roles. The <membership> section defines a custom membership provider that asp.net will use to manage your users. The settings within the TestMembership declaration should be fairly straight forward to control your application as much as possible. That last little bit, just lets ASP.net know that you are using custom authentication.

Now you can use all of the authentication controls within asp.net using SqlServer2005 as well as the nifty ASP.net Web Site Administration Tool.

Happy Coding.