Create a Minimal ASP.NET Membership Website (that will come in useful in another post)





This post contains no special considerations or insights, and is just meant to provide a base for the post here. If you are familiar with ASP.NET membership, DON’T READ THIS and go straight here. This is just a walkthrough which helps you to create a certain ASP.NET website which takes advantage of the membership provider authentication mechanism and that I use as a starting example in another post. We have excellent walkthroughs in MSDN on this topic (see this) however 1) this is a specific example and 2) if you are not familiar with our platform, here I added a lot of screenshots that may make your life easier.


Let’s say that we want to create a club website, where all the members are software architects who happen to have long hair (or an interest in growing them). We will use a sql membership provider store, we will create users, assign roles and use role info for granting or denying access to parts of the website.


The first step is creating the website:


image


The result is a classic one-page website, with  no special security settings.


image


Let’s go to the Website menu and choose ASP.NET Configuration:


image


We’ll end up on the site admin tool, which will allow us to add & configure our membership store


 


image


Let’s choose “use the security setup wizard..”


image


 


Standard splash screen: let’s move on


image


Our users will be from the public internet, let’s pick the right selection and move on


image


We do want roles.


image


Let’s add some roles which represent different hair lengths


image


OK, you had enough fun already! four are more than enough 🙂


image


Let’s add some users: at least two, so that we can experiment with different role assignments


image


Let’s deny be default, and we’re almost done.


image


Now that we defined both users and roles, we need to assign the latter to the formers:


image


The UI makes it very easy


image


Once we assigned few roles, we can go back to the app.


Let’s customize the default page a bit: green background, some text, and a LoginStatus control that we can use for controlling the session (ie sign out if we are signed in & viceversa)


 image


If we want to be even more adaptive, we can add a LoginName control in the text for personalized greetings


image


Now hat we have a users store, we need a page for gathering credentials and interrogate it. Let’s add a login.aspx page:


image


Let’s drag a Login control in there: that should do.


image


Now that we have our default and login pages, let’s add an extra page to demonstrate how to restrict content only to specific roles:


image


Write some nonsense in it, make it very recognizable (ie different background than the rest of the website, for example) and we’re done.


image


Let’s add a link to the restricted page from the home page:


image


Restricting the access to the page is easy: you just add the code fragment below in the web.config. That code means that only the members belonging to the role chewbacca can access the page.


image


Let’s give the website a spin. If you navigate to the default.aspx page, since you are not authenticated you’ll end up being redirected to the login page


 


 


 


 


 


 


 


 


 


 


 


 


 


 


 


 


image


Note in fact the address


image


Once we enter the right credentials, we are in.


image


If the user does not belong to the chewbacca role, he’ll be bounced back when trying to follow the exclusive content link. Let’s logout and sign in with a user that is in the chewbacca role:


image 


image


This time we can successfully access the restricted page.


That’s it. As promised, nothing esoteric: no prescriptive guidance or best practices, just a little walkthrough for a trivial sample. I just needed a normal membership provider ASP.NET site as a starting point for the next post but 1) i didn’t want to spoil the signal/noise ratio of that post by adding instructions that are not useful for many readers while at the same time 2) i didn’t want to leave out the readers who are not too familiar with the membership.


On to the next post, where you’ll find the real substance 🙂