How To Use ASP.NET Forms Auth with Azure Tables

While ramping up for Windows Azure, we're getting our feet wet with some basic application scenarios.   This is a quick step through of wiring up ASP.NET Forms Authentication to use Azure Table Storage for the user store.

It’s longer than I like but I wanted to err on the side of being explicit.  It’s nice to know that when you’re going down a path that somebody else has been there and done that and you’re not on your own.  While your path may vary, at least you know this is one path that at least a few of our team members went down while creating repros for Azure authentication scenarios with ASP.NET.

Stepping back, the big thing to know is that we didn’t find a Table Storage Membership provider for ASP.NET out of the box, but we found one in the additional C# samples.  You’ll see this in step 7.  Now, let’s start paving some paths …

Summary of Steps
Here are the steps at a glance:

• Step 1.  Create a New Cloud Service Project.
• Step 2.  Add References to AspProvider Project for the Azure Table Storage Provider
• Step 3.  Add a Login Page
• Step 4.  Create a Way for New Users to Register
• Step 5.  Configure ASP.NET to use Forms Authentication
• Step 6.  Configure ASP.NET to Restrict Anonymous Users
• Step 7.  Configure ASP.NET to Use the Azure Table Storage Provider
• Step 8.  Configure the ASP.NET Membership Provider
• Step 9.  Add Test Code to Page_Load to Show the Forms Authentication Details
• Step 10. Test Registering a New User and Logging in to the Application

Here we go …

Step 1. Create a New Cloud Service Project.
In this step, you create a new cloud service project in Visual Studio:

1. Start Visual Studio, from the menu select  “File” then click “New’ and then click ‘Project”
2. In the “New Project’ dialog box, expand ‘Visual C#’ (or Visual Basic, if you are using it) in the ‘Project Types’ section, and select “Cloud Service”.
3. In the ‘Templates’ section choose “Windows Azure Cloud Service” template, set the location, Name it as FormsAuthSample and click the “Ok” button.
4. In the “New Cloud Service Project” dialog box, select “ASP.NET Web Role”, and click the “>” button to add it to the solution.  Then click the “Ok” button.  This will create a sample cloud Web Application, which is ready to be hosted in the cloud with all required configuration files etc.
5. Run and verify that it works fine.

Step 2. Add a Reference to the AspProvider Project for the Azure Table Storage Provider 
We didn’t see a Table Storage Membership provider for ASP.NET out of box, but there are samples available for download:

1. Unzip the WindowsAzure-AdditionalSamples.zip to some know location.  You can find the Windows Azure Additional Samples on this page.  (Note - if you followed my previous post, Getting Started with Windows Azure you should already have these samples.)
2. Right click on the ‘FormsAuthSample” solution and choose Add -> Existing Project
3. Browse to the location where you have extracted the samples, and select ASPProviders.proj from \\Samples\AspProviders\Lib folder. This will add the ASPProviders project to your solution.
4. Add the reference to this project to your solution.  To do this, expand the WebRole1 node in the solution explorer, and right-click on References.
5. Select Add Reference
6. Select the Projects tab
7. Select AspProviders, and click “Ok”

Step 3. Add a Login Page.
Use Solution Explorer to add a new Web form named Login.aspx to the WebRole1 site.

Step 4. Create a Way for New Users to Register
Add the following two lines into the Login.aspx <form> tag

    <asp:Login runat="server" />
    <asp:CreateUserWizard runat="server"></asp:CreateUserWizard>

It should resemble the following:

    <form id="form1" runat="server">
    <div>
    <asp:Login runat="server" />
    <asp:CreateUserWizard runat="server"></asp:CreateUserWizard>
    </div>
    </form>

Step 5. Configure ASP.NET to use Forms Authentication
In Web.config, add the following line insde the <system.web> tag:
        <authentication mode="Forms" />

Step 6. Configure ASP.NET to restrict Anonymous Users
In Web.config, add the following line inside the <system.web> tag:

      <authorization>
        <deny users="?" />
        <allow users="*" />
      </authorization>

Note – The preceding configuration allows only authenticated users to access the application. The "?" indicates unauthenticated users and the "*" indicates all users. By denying unauthenticated users, any requests made by unauthenticated users are redirected to the login page. The loginUrl attribute of the <forms> element determines the name of the login page. The default setting of this attribute is Login.aspx.

Step 7. Configure ASP.NET to Use the Azure Table Storage Provider
In this step, you configure the Web application to use the AspProviders.TableStorageMembershipProvider.

In Web.config, add the following lines inside the <system.web> tag:

      <membership defaultProvider="TableStorageMembershipProvider" userIsOnlineTimeWindow = "20">
        <providers>
          <clear/>

          <add name="TableStorageMembershipProvider" type="Microsoft.Samples.ServiceHosting.AspProviders.TableStorageMembershipProvider"
          applicationName="AspProvidersDemo"
    />

</providers>
    </membership>

Step 8. Configure the ASP.NET Membership Provider
In Web.config, add the following code to the <appSettings> tag as follows:

  <appSettings>
    <!-- account configuration -->
    <add key = "TableStorageEndpoint" value="https://127.0.0.1:10002/devstoreaccount1"/>
    <add key = "AccountName" value="devstoreaccount1"/>
    <add key = "AccountSharedKey" value="Eby8vdM02xNOcqFlqUwJPLlmEtlCDXJ1OUzFT50uSRZ6IFsuFq2UVErCz4I6tq/K1SZFPTOtr/KBHBeksoGMGw=="/>
  </appSettings>

Note that we don’t have a lot of details on the AccountSharedKey, but we saw Jim Nakashima uses this value, so it’s good enough for now, until we know more.

Step 9. Add Test Code to Page_Load to Show the Forms Authentication Details

1. Add a using statement to Default.aspx.cs in your WebRole1 project to add a reference to  System.Web.Security.
2. Add the following code to Page Load of Default.aspx.cs in WebRole1:

protected void Page_Load(object sender, EventArgs e)
{
  Response.Write("Hello, " + Server.HtmlEncode(User.Identity.Name));

  FormsIdentity id = (FormsIdentity)User.Identity;
  FormsAuthenticationTicket ticket = id.Ticket;

  // optional - but if you use this add a reference to System.Web.Security
  Response.Write("<p/>TicketName: " + ticket.Name );
  Response.Write("<br/>Cookie Path: " + ticket.CookiePath);
  Response.Write("<br/>Ticket Expiration: " + 
                  ticket.Expiration.ToString());
  Response.Write("<br/>Expired: " + ticket.Expired.ToString());
  Response.Write("<br/>Persistent: " + ticket.IsPersistent.ToString());
  Response.Write("<br/>IssueDate: " + ticket.IssueDate.ToString());
  Response.Write("<br/>UserData: " + ticket.UserData);
  Response.Write("<br/>Version: " + ticket.Version.ToString());
}

Step 10. test registering a new user and logging in to the application

1. Run the project by using the F5 key (this runs the project in Debug mode.) 
2. Create a new user.  On your first visit, you need to create a new user (e.g. “bob”.)  Note that the password rules by default are alphanumeric plus one non-alphanumeric (for example, "password!") 
3. Login to the application.  Sign in with your new username and password pair.

The Web application should return something along the following lines:

Hello, bob
TicketName: bob
Cookie Path: /
Ticket Expiration: 3/17/2010 3:04:40 PM
Expired: False
Persistent: False
IssueDate: 3/17/2010 2:34:40 PM
UserData:
Version: 2

Share your feedback or results in the comments.  We’re path paving along with you.

My Related Posts

• Cloud Defined
• Software as a Service (SaaS), Platform at a Service (PaaS), and Infrastructure as a Service (IaaS)
• Visual Model of Cloud Computing
• Windows Azure Platform at a Glance
• VMs for Web and Worker Roles in Windows Azure
• Getting Started with Windows Azure