Hi,
This blog post summarizes - Enabling Windows Authentication within an Intranet ASP.NET Web application.
Steps:
ASP.NET 2.0 includes a number of built-in "Building Block" application services. We call them "building blocks" because they are useful core frameworks for enabling super-common scenarios with web applications today – and as a result can provide significant productivity wins and time-savings for developers.
These include:
· A Membership API for managing usernames/passwords and secure credential management,
· A Roles API that supports mapping users into logical groups,
· A Profile API for storing arbitrary properties about both authenticated and anonymous users visiting a web site (for example: their zipcode, gender, theme preference, etc),
· A Personalization API for storing control customization preferences (this is most often used with the WebPart features in ASP.NET 2.0),
· A Health Monitoring API that can track and collect information about the running state and any errors that occur within a web application, and
· A Site Navigation API for defining hierarchy within an application and constructing navigation UI (menus, treeviews, bread-crumbs) that can be context specific based on where the current incoming user is in the site.
These APIs are designed to be pluggable and implementation agnostic. This means that the APIs do not hardcode the details of where data is stored with them.
Instead, these APIs call into "Providers", which are classes that implement a specific "Provider Contract" – which is defined as an abstract class with a defined set of methods/properties that the API expects to be implemented.
e.g
System.Web.Security.SqlMembershipProvider;
System.Web.Security.ActiveDirectoryMembershipProvider;
System.Web.Profile.SqlProfileProvider;
System.Web.Security.SqlRoleProvider;
System.Web.UI.WebControls.WebParts.SqlPersonalizationProvider;
System.Web.XmlSiteMapProvider;
ASP.NET 2.0 ships with a number of built-in providers including:
· A SQL Express provider for going against local SQL Express Databases,
· SQL 2000/2005 providers that work against full-blown SQL Servers,
· An Active Directory Provider that can go against AD or ADAM implementations, and
· An XML provider in the case of site navigation that can bind against XML files on the file-system.
The beauty of the model is that if you don't like the existing providers that ship in the box, or want to integrate these APIs against existing data-stores you are already using, then you can just implement a provider and plug it in. Just implment the new Provider contract as a class and register it in your application's web.config file.
Default SQL Express Providers vs SQL 2005
Using SQL Express:
The above mentioned ASP.NET 2.0 application services are configured to use the built-in SQL Express provider. This provider automatically creates a new DB (ASPNETDB.mdf), the first time when either of these application services are used.
The tables within this DB for all the APIs are as below.
Now, to use the above API services in our aplication, need is to specify the API and the DB connection in Web.Config
<configuration>
<connectionStrings>
<clear />
<add name="LocalSqlServer" connectionString="data source=.\SQLEXPRESS;Integrated Security=SSPI;
AttachDBFilename=|DataDirectory|aspnetdb.mdf;User Instance=true"
providerName="System.Data.SqlClient" />
</connectionStrings>
</configuration>
<system.web>
<profile defaultProvider=" AspNetSqlProfileProvider">
<providers>
<add name="AspNetSqlProfileProvider"
connectionStringName="LocalSqlServer" applicationName="/"
type="System.Web.Profile.SqlProfileProvider, System.Web,
Version=2.0.0.0, Culture=neutral,
PublicKeyToken=b03f5f7f11d50a3a" />
</providers>
</profile>
<membership defaultProvider="SqlMembershipProvider" userIsOnlineTimeWindow="15″>
<providers>
<clear/>
<add name="SqlMembershipProviderOther"
type="SqlProviderOneShot.SqlMembershipProvider"
requiresQuestionAndAnswer="false"
connectionStringName=" LocalSqlServer"
applicationName="EmailEmail"
enablePasswordRetrieval="false"
enablePasswordReset="true"
requiresUniqueEmail="true"
passwordFormat="Hashed"
minRequiredNonalphanumericCharacters="0″
writeExceptionsToEventLog="false"
minRequiredPasswordLength="1″
passwordStrengthRegularExpression=""
passwordAttemptWindow="10″
maxInvalidPasswordAttempts="8″/>
</providers>
</membership>
<roleManager defaultProvider="MyRoleProvider" >
<providers>
<add
name="MyRoleProvider"
type="System.Web.Security.SqlRoleProvider"
connectionStringName=" LocalSqlServer " />
</providers>
</roleManager>
</system.web>
Using SQL Server 2000/2005:
Now, if we want to use the full-blown SQL Server than we need to create a new DB and then create Tables similar to the tables in the ASPNETDB.mdf .
Steps:
· Create or obtain a blank SQL database instance
· Create ASP.NET schemas like ASPNETDB.mdf within SQL DB. To do this run the aspnet_regsql.exe on .Net command prompt. This utility can be run in either a GUI based mode or with command-line switches. Better you choose GUI based.
For reference follow the link - http://weblogs.asp.net/scottgu/archive/2005/08/25/423703.aspx
· Point your web.config file at the new SQL Database
ASP.NET 2.0 ships with a built-in connection string called "LocalSqlServer" which by default is configured to use a SQL Express database, and which by default the Membership, Roles, Personalization, Profile and Health Monitoring services are configured to use. To use SQL database is to just replace the connectionstring value of this "LocalSqlServer" setting in your app's local web.config.
<connectionStrings>
<remove name="LocalSqlServer"/>
<add name="LocalSqlServer" connectionString="Data Source=localhost;Initial Catalog=appservicesdb;Integrated Security=True" providerName="System.Data.SqlClient"/>
</connectionStrings>
Hope this helps.
Arun Manglick