Dela via


Sample Membership Provider Implementation

Describes the sample membership providers and their supported data source schema.

The following topics include the code for a sample membership provider implementation. The sample provider uses the .NET Framework Data Provider for ODBC to connect to an ODBC data source. The sample uses an Access database as its data source.

This topic describes implementation details about the sample membership provider and describes how to build the sample and configure an ASP.NET application to use the sample provider.

Note

Because data sources contain differing SQL syntax, some commands will work with one data source and not with another. Therefore, you should create a membership provider specific to your data source even if you are using the .NET Framework Data Provider for ODBC or the .NET Framework Data Provider for OLEDB to access your data source, for example, SybaseMembershipProvider, OracleMembershipProvider, and so on.

There are two versions of the sample provider included: one in Visual Basic and another in C#. Sample code can be found in How to: Sample Membership Provider Implementation.

Database Schema

To create the Access table used by the sample provider, issue the following data-definition query in a new or existing Access database.

CREATE TABLE Users
(
  PKID Guid NOT NULL PRIMARY KEY,
  Username Text (255) NOT NULL,
  ApplicationName Text (255) NOT NULL,
  Email Text (128) NOT NULL,
  Comment Text (255),
  Password Text (128) NOT NULL,
  PasswordQuestion Text (255),
  PasswordAnswer Text (255),
  IsApproved YesNo, 
  LastActivityDate DateTime,
  LastLoginDate DateTime,
  LastPasswordChangedDate DateTime,
  CreationDate DateTime, 
  IsOnLine YesNo,
  IsLockedOut YesNo,
  LastLockedOutDate DateTime,
  FailedPasswordAttemptCount Integer,
  FailedPasswordAttemptWindowStart DateTime,
  FailedPasswordAnswerAttemptCount Integer,
  FailedPasswordAnswerAttemptWindowStart DateTime
)

Event Log Access

If the sample provider encounters an exception when working with the data source, it writes the details of the exception to the application event log instead of returning the exception to the ASP.NET application. This is done as a security measure to prevent private information about the data source from being exposed in the ASP.NET application.

The sample provider specifies an event Source of "OdbcMembershipProvider." Before your ASP.NET application will be able to write to the Application Event Log successfully, you will need to create the following registry key.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\OdbcMembershipProvider

If you do not want the sample provider to write exceptions to the event log, then you can set the writeExceptionsToEventLog attribute to false in the Web.config file.

Building the Sample Provider

In order to use the sample provider, you can place your source code in the App_Code directory of your application. Note that if you already have source code in the App_Code directory of your application, you must add the version of the sample provider that is written in the same language as the existing code in the directory. The provider will be compiled by ASP.NET when your application is requested.

You can also compile the sample provider as a library and place it in the Bin directory of your Web application, or strongly name it and place it in the GAC. The following command shows how to compile the sample provider using the command-line compiler.

vbc /out:OdbcMembershipProvider.dll /t:library OdbcMembershipProvider.vb /r:System.Web.dll /r:System.Configuration.dll
csc /out:OdbcMembershipProvider.dll /t:library OdbcMembershipProvider.cs /r:System.Web.dll /r:System.Configuration.dll

Using the Sample Provider in an ASP.NET Application

The following example shows the Web.config file for an ASP.NET application configured to use the sample provider. The configuration file assumes the existence of two files, CreateUser.aspx and RetrievePassword.aspx. The two files are accessible to all users, even those who are logged in.

The example uses an ODBC DSN named "MembershipUsers" to obtain connection information for the Access database. To use the sample provider, you will need to either create the "MembershipUsers" System DSN or supply a valid ODBC connection string to your database.

<configuration>

  <location path="CreateUser.aspx">
    <system.web>
      <authorization>
        <allow users="?" />
      </authorization>
    </system.web>
  </location>
  <location path="RetrievePassword.aspx">
    <system.web>
      <authorization>
        <allow users="?" />
      </authorization>
    </system.web>
  </location>

  <connectionStrings>
    <add name="OdbcServices" connectionString="DSN=MembershipUsers;" />
  </connectionStrings>

  <system.web>

    <authentication mode="Forms" >
      <forms loginUrl="login.aspx"
        name=".ASPXFORMSAUTH" />
    </authentication>

    <authorization>
      <deny users="?" />
    </authorization>

    <machineKey
      validationKey="[your key here]" 
      decryptionKey="[your key here]"
      validation="SHA1" />

    <membership defaultProvider="OdbcProvider" userIsOnlineTimeWindow="15">

      <providers>

        <add 
          name="OdbcProvider" 
          type="Samples.AspNet.Membership.OdbcMembershipProvider" 
          connectionStringName="OdbcServices"
          enablePasswordRetrieval="true"
          enablePasswordReset="true"
          requiresQuestionAndAnswer="true" 
          writeExceptionsToEventLog="true" />

      </providers>
    </membership>

  </system.web>
</configuration>

See Appendix A: How to generate a <machineKey> element for instructions on generating keys.

See Also

Concepts

Implementing a Membership Provider

Other Resources

Managing Users by Using Membership