My Life: December 2010

This tutorial will be posted as a DevNet article in a couple of weeks, but I already wanted to make it available here because a number of people have asked for it. It is based on the hands-on session I delivered at MAX, with additional information and instructions.

Here is a quick outline:

Part 1: Creating a Basic Mobile Application
Part 2: Using Mobile Item Renderers
Part 3: Navigating and Passing Information between Views
Part 4: Creating an Action Bar
Part 5: Integrating with the Device Capabilities (Dialer, SMS, Email)
Part 6: Using a RemoteObject
Part 7: Using a Local SQLite Database

In this tutorial, you build a fully functioning Employee Directory application. The end result is the application available on the Android Market.

check out this tutorial: FlexAndroid90Minutes.pdf

You can download the supporting materials here: FlexAndroid90Minutes.zip

How to use Google Analytics in Flash (the easy way)

Implementing custom Membership Provider and Role Provider for Authenticating ASP.NET MVC Applications

The .NET framework provides a provider model that allows developers to implement common user management and authentication functionality in ASP.NET applications. Out of the box, the framework ships with a few providers that allow you to easily wire up a user management system with very little to zero back end code. For instance, you can use the SqlMembershipProvider and the SqlRoleProvider which will create a database for you with tables for maintaining users and their roles. There are also providers available that use Active Directory as the user and role data store.

This is great in many cases and can save you from writing a lot of tedious plumbing code. However, there are many instances where this may not be appropriate:

I personally don’t feel comfortable having third party code create my user schema. Perhaps I’m being overly sensitive here.
You don’t use Sql Server or Active Directory. If you are using MySql to manage your user data, neither the out of the box providers will work for you.
You already have your own user data and schema which you want to continue using. You will need to implement your own providers to work with your schema.

I fall into the first and third scenarios listed above. I have multiple applications that all run on top of a common user/role management database. I want to be able to use Forms Authentication to provide my web security and I want all user validation and role checking to leverage the database schema that I already have. Fortunately, creating custom Membership and Role providers proved to be rather easy and this post will walk you through the necessary steps to get up and running.

Defining Users, Roles and Rights

My schema has the following key tables:
A users table which defines individual users and their user names, human names, passwords and role.

A role table that defines individual roles. It’s a simple lookup table with role_id and role_name columns.
A right table which is also a simple lookup table with Right_id and right_name columns.
A role_right table which defines many to many relationships between roles and rights. It has a role_id and right_id columns. Individual roles contain a collection of one to N number of rights.

These tables are mapped to classes via nHibernate.

Here is the User class:

   1: public class User : IPrincipal   2:  {   3:  protected User() { } public User(int userId, string userName, string fullName, string password)   4:  {   5:  UserId = userId;   6:  UserName = userName;   7:  FullName = fullName;   8:  Password = password;   9:  }  10:  public virtual int UserId { get; set; }  11:  public virtual string UserName { get; set; }  12:  public virtual string FullName { get; set; }  13:  public virtual string Password { get; set; } public virtual IIdentity Identity  14:  {  15:  get;  16:  set;  17:  } public virtual bool IsInRole(string role)  18:  {  19:  if (Role.Description.ToLower() == role.ToLower())  20:  return true; foreach (Right right in Role.Rights)  21:  {  22:  if (right.Description.ToLower() == role.ToLower())  23:  return true;  24:  }  25:  return false;  26:  } }

You will notice that User derives from IPrincipal. This is not necessary to allow User to operate with my MembershipProvider implementation, but it allows me the option to use the User class within other frameworks that work with IPrincipal. For example, I may want to be able to directly interact with User when calling the Controller base class User property. This just requires me to implement the Identity property and the bool IsInRole(string roleName) method. When we get to the RoleProvider implementation, you will see that the IsInRole implementation is used there. You may also notice something else that may appear peculiar: a role here can be either a role or a right. This might be a bit of a hack to shim my finer grained right based schema into the ASP.NET role based framework, but it works for me.

Here are the Role and Right classes. They are simple data objects:

   1: public class Role   2: {   3: protected Role() { } public Role(int roleid, string roleDescription)   4: {   5: RoleId = roleid;   6: Description = roleDescription;   7: }   8: public virtual int RoleId { get; set; }   9: public virtual string Description { get; set; }  10: public virtual IList<Right> Rights { get; set; }  11: } public class Right  12: {  13: protected Right() { } public Right(int rightId, string description)  14: {  15: RightId = rightId;  16: Description = description;   17: } public virtual int RightId { get; set; }  18: public virtual string Description { get; set; } }

Implementing the providers

So now with the basic data classes behind us, we can implement the membership and role providers. These implementations must derrive from MembershipProvider and RoleProvider. Note that these base classes contain a lot of methods that I have no use for. The Membership Provider model was designed to handle all sorts of user related functionality like creating users, modifying paswords, etc. I just need basic logon and role checking; so a lot of my methods throw NotImplementedExceptions. However, all methods required to handle authentication and role checking are implemented.

Here is the Membership Provider:

   1: public class AdminMemberProvider : MembershipProvider   2:  {   3:  #region Unimplemented MembershipProvider Methods public override string ApplicationName   4:  {   5:  get   6:  {   7:  throw new NotImplementedException();   8:  }   9:  set  10:  {  11:  throw new NotImplementedException();  12:  }  13:  } public override bool ChangePassword(string username, string oldPassword, string newPassword)  14:  {  15:  throw new NotImplementedException();  16:  } public override bool ChangePasswordQuestionAndAnswer(string username, string password, string newPasswordQuestion, string newPasswordAnswer)  17:  {  18:  throw new NotImplementedException();  19:  } public override MembershipUser CreateUser(string username, string password, string email, string passwordQuestion, string passwordAnswer, bool isApproved, object providerUserKey, out MembershipCreateStatus status)  20:  {  21:  throw new NotImplementedException();  22:  }  23:   public override bool DeleteUser(string username, bool deleteAllRelatedData)  24:  {  25:  throw new NotImplementedException();  26:  } public override bool EnablePasswordReset  27:  {  28:  get { throw new NotImplementedException(); }  29:  } public override bool EnablePasswordRetrieval  30:  {  31:  get { throw new NotImplementedException(); }  32:  } public override MembershipUserCollection FindUsersByEmail(string emailToMatch, int pageIndex, int pageSize, out int totalRecords)  33:  {  34:  throw new NotImplementedException();  35:  } public override MembershipUserCollection FindUsersByName(string usernameToMatch, int pageIndex, int pageSize, out int totalRecords)  36:  {  37:  throw new NotImplementedException();  38:  } public override MembershipUserCollection GetAllUsers(int pageIndex, int pageSize, out int totalRecords)  39:  {  40:  throw new NotImplementedException();  41:  } public override int GetNumberOfUsersOnline()  42:  {  43:  throw new NotImplementedException();  44:  } public override string GetPassword(string username, string answer)  45:  {  46:  throw new NotImplementedException();  47:  } public override MembershipUser GetUser(string username, bool userIsOnline)  48:  {  49:  throw new NotImplementedException();  50:  } public override MembershipUser GetUser(object providerUserKey, bool userIsOnline)  51:  {  52:  throw new NotImplementedException();  53:  } public override string GetUserNameByEmail(string email)  54:  {  55:  throw new NotImplementedException();  56:  } public override int MaxInvalidPasswordAttempts  57:  {  58:  get { throw new NotImplementedException(); }  59:  } public override int MinRequiredNonAlphanumericCharacters  60:  {  61:  get { throw new NotImplementedException(); }  62:  } public override int MinRequiredPasswordLength  63:  {  64:  get { throw new NotImplementedException(); }  65:  } public override int PasswordAttemptWindow  66:  {  67:  get { throw new NotImplementedException(); }  68:  } public override MembershipPasswordFormat PasswordFormat  69:  {  70:  get { throw new NotImplementedException(); }  71:  } public override string PasswordStrengthRegularExpression  72:  {  73:  get { throw new NotImplementedException(); }  74:  } public override bool RequiresQuestionAndAnswer  75:  {  76:  get { throw new NotImplementedException(); }  77:  } public override bool RequiresUniqueEmail  78:  {  79:  get { throw new NotImplementedException(); }  80:  } public override string ResetPassword(string username, string answer)  81:  {  82:  throw new NotImplementedException();  83:  } public override bool UnlockUser(string userName)  84:  {  85:  throw new NotImplementedException();  86:  } public override void UpdateUser(MembershipUser user)  87:  {  88:  throw new NotImplementedException();  89:  }  90:    91:  #endregion IUserRepository _repository; public AdminMemberProvider() : this(null)  92:  {  93:  } public AdminMemberProvider(IUserRepository repository) : base()  94:  {  95:  _repository = repository ?? UserRepositoryFactory.GetRepository();  96:  } public User User  97:  {  98:  get;  99:  private set; 100:  } 101:  public UserAdmin.DataEntities.User CreateUser(string fullName,string passWord, string email) 102:  { 103:  return (null); 104:  } 105:  public override bool ValidateUser(string username, string password) 106:  { 107:  if(string.IsNullOrEmpty(password.Trim())) return false; string hash = EncryptPassword(password); 108:  User user = _repository.GetByUserName(username); 109:  if (user == null) return false; if (user.Password == hash) 110:  { 111:  User = user; 112:  return true; 113:  } return false; 114:  } /// <summary> 115:  /// Procuses an MD5 hash string of the password 116:  /// </summary> 117:  /// <param name="password">password to hash</param> 118:  /// <returns>MD5 Hash string</returns> 119:  protected string EncryptPassword(string password) 120:  { 121:  //we use codepage 1252 because that is what sql server uses 122:  byte[] pwdBytes = Encoding.GetEncoding(1252).GetBytes(password); 123:  byte[] hashBytes = System.Security.Cryptography.MD5.Create().ComputeHash(pwdBytes); 124:  return Encoding.GetEncoding(1252).GetString(hashBytes); 125:  } } 126: }

The key method implemented here is ValidateUser. This uses the Repository pattern to query the user by name and then compares the password in the repository with the password passed to the method. My default repository is backed by nHibernate, but it could be plain ADO or a fake repository for testing purposes. You will need to implement your own UserRepositoryFactory based on your data store. Note that I am encrypting the passed password before the comparison. This is because our passwords are hashed in the database.

Here is the Role Provider:


     1: public class AdminRoleProvider : RoleProvider
   2: {
   3: IUserRepository _repository;
   4: public AdminRoleProvider(): this(UserRepositoryFactory.GetRepository()) 
   5: {
   6:  
   7: }
   8: public AdminRoleProvider(IUserRepository repository) : base()
   9: {
  10: _repository = repository ?? UserRepositoryFactory.GetRepository();
  11: }
  12: public override bool IsUserInRole(string username, string roleName)
  13: {
  14: User user = _repository.GetByUserName(username);
  15: if(user!=null)
  16: return user.IsInRole(roleName);
  17: else
  18: return false;
  19: }
  20: public override string ApplicationName
  21: {
  22: get
  23: {
  24: throw new NotImplementedException();
  25: }
  26: set
  27: {
  28: throw new NotImplementedException();
  29: }
  30: }
  31: public override void AddUsersToRoles(string[] usernames, string[] roleNames)
  32: {
  33: throw new NotImplementedException();
  34: }
  35: public override void RemoveUsersFromRoles(string[] usernames, string[] roleNames)
  36: {
  37: throw new NotImplementedException();
  38: }
  39: public override void CreateRole(string roleName)
  40: {
  41: throw new NotImplementedException();
  42: }
  43: public override bool DeleteRole(string roleName, bool throwOnPopulatedRole)
  44: {
  45: throw new NotImplementedException();
  46: }
  47: public override bool RoleExists(string roleName)
  48: {
  49: throw new NotImplementedException();
  50: }
  51: public override string[] GetRolesForUser(string username)
  52: {
  53: User user = _repository.GetByUserName(username);
  54: string[] roles = new string[user.Role.Rights.Count + 1];
  55: roles[0] = user.Role.Description;
  56: int idx = 0;
  57: foreach (Right right in user.Role.Rights)
  58: roles[++idx] = right.Description; return roles;
  59: }
  60: public override string[] GetUsersInRole(string roleName)
  61: {
  62: throw new NotImplementedException();
  63: } public override string[] FindUsersInRole(string roleName, string usernameToMatch)
  64: {
  65: throw new NotImplementedException(); }
  66: public override string[] GetAllRoles()
  67: {
  68: throw new NotImplementedException(); }
  69: }

Again, many methods of the base class are unimplemented because I did not need the functionality.

Wiring the providers in web.config

This is all the code we need for the “model” level user authentication and role checking. Next we have to wire these classes up in our web.config so that the application knows to use them. The following should be inside of <system.web>:


   1: <authentication mode="Forms" >
   2: <forms loginUrl="~/LoginAccount/LogOn" path="/" />
   3: </authentication>
   4: <authorization>
   5: <deny users="?"/>
   6: </authorization>
   7: <membership defaultProvider="AdminMemberProvider" userIsOnlineTimeWindow="15">
   8:  <providers>
   9:  <clear/>
  10:  <add name="AdminMemberProvider" type="UserAdmin.DomainEntities.AdminMemberProvider, UserAdmin" />
  11:  </providers>
  12: </membership>
  13: <roleManager defaultProvider="AdminRoleProvider" enabled="true" cacheRolesInCookie="true">
  14:  <providers>
  15:  <clear/>
  16:  <add name="AdminRoleProvider" type="UserAdmin.DomainEntities.AdminRoleProvider, UserAdmin" />
  17:  </providers>
  18: </roleManager>

Brining in the Controller and View

The only thing left now is to code the controllers. First our LoginAccountController needs to be able to log users in and out of the application:


      1: public class LoginAccountController : Controller
   2: {
   3: UserMemberProvider provider = (UserMemberProvider) Membership.Provider;
   4: public LoginAccountController()
   5: {
   6: } public ActionResult LogOn()
   7: {
   8: return View();
   9: } [AcceptVerbs(HttpVerbs.Post)]
  10: public ActionResult LogOn(string userName, string password, string returnUrl)
  11: { if (!ValidateLogOn(userName, password))
  12: {
  13: return View();
  14: }
  15:  
  16: UserAdmin.DataEntities.User user = provider.GetUser();
  17: FormsAuthentication.SetAuthCookie(user.UserName, false);
  18: if (!String.IsNullOrEmpty(returnUrl) && returnUrl != "/")
  19: {
  20: return Redirect(returnUrl);
  21: }
  22: else
  23: {
  24: return RedirectToAction("Index", "Home");
  25: }
  26: } public ActionResult LogOff()
  27: { FormsAuthentication.SignOut();
  28: return RedirectToAction("Index", "Home");
  29: } private bool ValidateLogOn(string userName, string password)
  30: {
  31: if (String.IsNullOrEmpty(userName))
  32: {
  33: ModelState.AddModelError("username", "You must specify a username.");
  34: }
  35: if (String.IsNullOrEmpty(password))
  36: {
  37: ModelState.AddModelError("password", "You must specify a password.");
  38: }
  39: if (!provider.ValidateUser(userName, password))
  40: {
  41: ModelState.AddModelError("_FORM", "The username or password provided is incorrect.");
  42: } return ModelState.IsValid;
  43: } }

Here is our login form in the view:

   1: <div id="errorpanel">   2:  <%= Html.ValidationSummary() %>   3: </div><div class="signinbox">   4:     5:  <% using (Html.BeginForm()) { %>   6:  <table>   7:  <tr>   8:  <td>   9:  Email:  10:  </td>  11:  <td>  12:  <%= Html.TextBox("username", null, new { @class = "userbox"}) %>  13:  </td>  14:  </tr>  15:  <tr>  16:  <td>  17:  Password:  18:  </td>  19:  <td>  20:  <%= Html.Password("password", null, new { @class = "passwordbox"}) %>  21:  </td>  22:  </tr>  23:  <tr>  24:  <td>  25:  <input type="image" src="/Content/images/buttonLogin.gif" alt="Login" width="80" height="20"  26:  border="0" id="Image1" name="Image1">  27:  </td>  28:  <td align="right" valign="bottom">  29:  </td>  30:  </tr>  31:  </table>  32:  <% } %>  33:    34: </div>

Search This Blog

Infolinks In Text Ads

Thursday, December 30, 2010

Wednesday, December 29, 2010

Tuesday, December 28, 2010

Sunday, December 26, 2010

Saturday, December 25, 2010

Thursday, December 23, 2010

Wednesday, December 22, 2010

Tuesday, December 21, 2010

Sunday, December 19, 2010

Friday, December 17, 2010

Thursday, December 16, 2010

Tuesday, December 14, 2010

Monday, December 13, 2010

Friday, December 10, 2010

Wednesday, December 8, 2010

Tuesday, December 7, 2010

Friday, December 3, 2010