Manualshelf

Datasheet

ManualsBrandsWiley ManualsSoftware978-0-7645-7860-1
11121314151617181920
All of this work, both in the infrastructure that supports your Web application and in the application
code behind your login page, has just one purpose: to establish who the user is (the user ID) and to
authenticate that claim (the password). Once a user is authenticated, she is then authorized to perform
specific activities.
Whatever mechanism is used to authenticate the user, when the process is completed successfully, the user
has been assigned an identity. From this point of view, security is just the base level of personalization;
security assigns an identity that is authorized to perform some activities (and forbidden to perform others).
Personalization extends this security feature up from the ASP.NET infrastructure and into the application
domain. Personalization allows you to manage your application on the basis of who the user is.
The identity you are assigned when you log onto the Web server is used just within the application.
When your code accesses other services (for example, reading or writing a database), those accesses are
normally performed by an identity that represents ASP.NET. (On Windows 2003, this identity is called
NETWORK SERVICE; on other versions of Windows the identity is called ASPNET.) In your applica-
tion’s Web.Config file you can turn on impersonation, which causes the ASP.NET application to adopt
the identity used to log on to the server: the anonymous user if anonymous access is enabled, the users
identity if anonymous access is not enabled.
Understanding the Personalization
Framework
The good news is that the personalization framework will take care of itself by and large you can just
build on the personalization framework and count on it to work. However, there are some decisions that
you will need to make as part of setting up a Web site (for example, selecting the correct provider for your
site). In order to make those decisions you need to understand the components of the personalization
framework.
The personalization framework has three main components:
Login controls
Membership providers
Profile services and providers
The first components of the personalization framework that a user encounters are ASP.NET 2.0’s new
login and user controls. Rather than write all the code necessary to log in a user, you can simply drag and
drop the new login controls to a Web page. These controls handle all the typical tasks associated with the
log on process (including sending forgotten passwords to users). For personalization, these controls allow
a user to be assigned an identity. Separate from this process, the site administrator has to register with the
personalization datastore the identities that users can be assigned. Figure 1-6 illustrates the three elements
of the personalization framework: login controls, membership providers, and profile services.
19
Creating Your Own Controls
05_57860x ch01.qxd 10/4/05 9:26 PM Page 19