The method that lets you sign out current users is the FormsAuthentication
class’s SignOut method. You could call this method in the Click event handler
of a Sign Out button, like this:
Visual Basic
Sub Logout(s As Object, e As EventArgs)
FormsAuthentication.SignOut()
Response.Redirect("Default.aspx")
C#
void Logout(Object s, EventArgs e) {
FormsAuthentication.SignOut();
Response.Redirect("Default.aspx");
}
As you can see, the SignOut method is used to clear the authentication cookie.
The next line simply redirects the user to the home page.
ASP.NET 2.0 Memberships and Roles
The ASP.NET 2.0 team made a big step forward by implementing common
functionality that previously needed to be coded from scratch for every new web
application. This functionality includes a membership system, which supports
the management of customer accounts, login forms, user registration forms, and
so on, and is divided into several layers, which can each be extended or modified
to suit your needs.
In particular, this new membership system offers a rich set of login controls,
which you find in the Login tab of the Toolbox in Visual Web Developer. That’s
right—you can add a form for the creation of new user accounts simply by dragging
a CreateUserWizard control into a web form! ASP.NET 2.0 makes implementing
many such features extremely easy, but in order to take full advantage of these
controls, we’ll need to learn about the framework on which they’re built.
Creating the Membership Data Structures
ASP.NET 2.0’s membership system stores user profile data, including membership
and personalization information, in a structured data store consisting of a set of
tables, views, and stored procedures. We’ll call these membership data struc-
tures, although that name doesn’t take into account the complete range of data
they contain.
544
Chapter 13: Security and User Authentication
To manipulate this data, Visual Web Developer provides the ASP.NET Web
Site Administration Tool, which lets you add and edit users and their roles,
and perform other administrative tasks.
We can use two procedures to create the necessary data structures. The first option
is simply to open the ASP.NET Web Site Administration Tool, and click the
Security tab. When you do this for the first time, the Web Site Administration
Tool will create a database called ASPNETDB in the App_Data folder of your Web
Application. This database will consist of two files: ASPNETDB.MDF (the database
file) and ASPNETDB_LOG. LDF (the database log file).
Let’s give this a try. With the Dorknozzle web site project loaded in Visual Web
Developer, select Website > ASP.NET Configuration. This will load a page like that
shown in Figure 13.3.
Figure 13.3. The ASP.NET Web Site Administration Tool
545
Creating the Membership Data Structures
Figure 13.4. The Security tab
Click the Security tab to access the page shown in Figure 13.4.
At this point you can open the Dorknozzle\App_Data folder, where you’ll be
able to see your new database files, as Figure 13.5 indicates.
The ASPNETDB database is what's called a User Instance database, whose files
are stored locally inside your application’s folder. User instance databases are
new to Microsoft SQL Server 2005; they allow you to access database files without
attaching them to a SQL Server instance. These databases can easily be copied
or transferred, and your application can connect to them as needed.
The new ASP.NET 2.0 login controls, the ASP.NET Web Site Administration
Tool, and a number of related classes are able to access the ASPNETDB database
546
Chapter 13: Security and User Authentication
Get Build Your Own ASP.NET 2.0 Web Site Using C# & VB, Second Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
