ASP.NET Membership Class

The membership class is an extremely powerful and useful tool that can be used to secure a web application. A lot of developers prefer to implement their own system and this used to be my preferred method. However, after a recent revisit I highly recommend you take another look at the ASP.NET Membership system; it can save you a great deal of time.

Overview

The ASP.NET Membership Class is almost a framework in its own right and it comes with the following advantages:

  • You can use the tool aspnet_regsql.exe to set up all the tables, views and stored procedures in your application database.
  • You can set it up to use Active Directory as the user store for use in a Intranet environment.
  • You can use the membership controls to simply add a great deal of functionality, such as:
    • Log in forms
    • Sign out controls
    • Sign up forms
    • Change password
    • Lost password
  • You can extend the system to add additional functionality specific to your requirements.
  • It’s pretty secure, users passwords can be encrypted in case your database is compromised.
  • You can implement the roles class to allow users to have different levels of access to your web application.

There are many more advantages and it to get started there is an excellent tutorial written by Scott Mitchell on the 4guysfromrolla website.

A Multipart Series on ASP.NET’s Membership, Roles, and Profile This article is one in a series of articles on ASP.NET’s membership, roles, and profile functionality.

  • Part 1 – learn about how the membership features make providing user accounts on your website a breeze. This article covers the basics of membership, including why it is needed, along with a look at the SqlMembershipProvider and the security Web controls.
  • Part 2 – master how to create roles and assign users to roles. This article shows how to setup roles, using role-based authorization, and displaying output on a page depending upon the visitor’s roles.
  • Part 3 – see how to add the membership-related schemas to an existing database using the ASP.NET SQL Server Registration Tool (aspnet_regsql.exe).
  • Part 4 – improve the login experience by showing more informative messages for users who log on with invalid credentials; also, see how to keep a log of invalid login attempts.
  • Part 5 – learn how to customize the Login control. Adjust its appearance using properties and templates; customize the authentication logic to include a CAPTCHA.
  • Part 6 – capture additional user-specific information using the Profile system. Learn about the built-in SqlProfileProvider.
  • Part 7 – the Membership, Roles, and Profile systems are all build using the provider model, which allows for their implementations to be highly customized. Learn how to create a custom Profile provider that persists user-specific settings to XML files.
  • Part 8 – learn how to use the Microsoft Access-based providers for the Membership, Roles, and Profile systems. With these providers, you can use an Access database instead of SQL Server.
  • Part 9 – when working with Membership, you have the option of using .NET’s APIs or working directly with the specified provider. This article examines the pros and cons of both approaches and examines the SqlMembershipProvider in more detail.
  • Part 10 – the Membership system includes features that automatically tally the number of users logged onto the site. This article examines and enhances these features.
  • Part 11 – many websites require new users to verify their email address before their account is activated. Learn how to implement such behavior using the CreateUserWizard control.
  • Part 12 – learn how to apply user- and role-based authorization rules to methods and classes.
  • Part 13 – see how to create a login screen that allows Admin users to log in as another user in the user database.
  • Part 14 – learn how to create a page that permits users to update their security question and answer.
  • Part 15 – the Membership API does not provide a means to change a user’s username. But such functionality is possible by going directly to the user store, as this article illustrates.
  • Part 16 – the Membership system includes the necessary components for enforcing expiring passwords. This installment shows how to implement such a policy.
  • Part 17 – see how to display important, unread announcements to users when they sign into the website.
  • Part 18 – often, applications need to track additional user information; learn how to capture this information in a database and see how to build pages to let users update their own information and to display this information to others.

jQuery Basics Part 3

To continue this series, we shall list the ways you can filter your select elements:

Basic Filters

$("p:first").css("border", "3px solid red");
$("p:last").css("border", "3px solid red");
$("p:even").css("border", "3px solid red");
$("p:odd").css("border", "3px solid red");
$(".a:first").css("border", "3px solid red");
$(".b:even").css("border", "3px solid red");
$("p:gt(1)").css("border","3px solid red");
$("p:not(p:eq(2))").css("border", "3px solid red");

Attribute Filters

$("p[class]").css("border", "3px solid red");
$("p[id=para1]").css("border", "3px solid red");
$("p[id^=para]").css("border", "3px solid red");
$("p[id^=para][lang*=en-]").css("border", "3px solid red");

Child, Visibility and Content Filters

	
$("p:contains(3)").css("border", "3px solid red");
$("p:parent").css("border", "3px solid red");
$("ul:has(li[class=a])").css("border", "3px solid red");
$("ul li:nth-child(3)").css("border", "3px solid red");
$("ul li:nth-child(2n)").css("border", "3px solid red");

jQuery Basics Part 2

In this post I’m going to look at all the different ways you can target and select DOM elements.

Basic Selectors

$("p").css("border", "3px solid red");
$(".a").css("border", "3px solid red");
$("#list1").css("border", "3px solid red");
$("p.b").css("border", "3px solid red");

Form Selectors

$("form :input").css("border", "3px solid red");
$("form :text").css("border", "3px solid red");
$("form :text:enabled").css("border", "3px solid red");
$("form :checked").css("border", "3px solid red");
$("form :checkbox:checked").css("border", "3px solid red");

jQuery Basics Part 1

JQuery is pretty handy but if you don’t use it often it can pain remembering the basics. In this post I’ll list some very simple starter snippets.

Function declaration
To make sure the DOM has finished loading before your code initialises, you can wrap your code in either of these 2 functions:

$("document").ready(function() { 
   insert code here 
});

Alternatively you can use the short cut version

$(function{ 
   insert code here 
 });

Linking to jQuery
Rather than hosting the jQuery scipts on your own site there are many advantages to using the Google content delivery network:

  • Improved speed, the content delivery network will usually be a lot quicker and more reliable that your hosting provider.
  • Many other websites use the content delivery network alongside the Google services such as Gmail and Google docs so there is a good chance your visitors may already have the jQuery or jQuery UI scripts cached by their browser.
  • Free and easy to use.

To make things even easier, http://scriptsrc.net is a handy site that supplies the script tags to many of the frameworks that are hosted on the Google content delivery network.

Classic ASP 3.0 Snippets

From time to time we end up with a project to update a classic ASP website. I don’t know about you guys but I dropped classic ASP sometime around 2003 in favour of ASP.NET. Anyway, here is a collection of useful functions and snippets that I keep to hand.

A function to clean postback data.
As classic ASP does not automatically sanitise post back data from form controls, I use this function to strip out any unwanted data that could be used in a SQL injection or XSS attack.


Private Function cleanData(ByVal strData As String) As String
'this function uses regular expression to clean input data
Dim rgxObj As New Regex("[^0-9a-zA-Z\s]")
cleanData = rgxObj.Replace(strData, "")
rgxObj = Nothing
End Function