Addisu Hailegiorgis Desta

• Configure forms authentication for a Web application by using a configuration file.
• Enable cookieless forms authentication by setting the cookieless attribute.
• Use membership APIs and the Membership class to manage users.
• Enable anonymous identification.

Summary

The following description of how to configure forms authentication is from msdn:

To implement forms authentication you must create your own logon page and redirect URL for unauthenticated clients. You must also create your own scheme for account authentication. The following is an example of a Web.config configuration using Forms authentication:

<!-- Web.config file -->

<system.web>

   <authentication mode="Forms">

      <forms forms="401kApp" loginUrl="/login.aspx" />

   </authentication>

</system.web>

Because you are implementing your own authentication, you will typically configure IIS for Anonymous authentication.

The forms node has an attribute that is new to .Net 2.0: Cookieless. It has four values: UseUri – Store the authentication ID in the url, UseCookies, AutoDetect, and UseDeviceProfile which looks up the device in machine config to determine whether to use cookies or not.

The Membership class can be used to create new users, store user data (user names, passwords, e-mail addresses, and supporting data), authenticating users either programmatically or with the Login controls provided by ASP.Net, and managing passwords for users.

 The following description of how to enable anonymous identification is from msdn:

ASP.NET 2.0 supports anonymous identification, and you can encrypt the anonymous identification cookie. Encryption of the cookie uses the <machineKey> configuration. To enable anonymous identification, set enabled=”true” on the <anonymousIdentification> element in your Web.config file. To enable the cookies to be encrypted, set cookieProtection=”Encrypted”, as shown here.

<anonymousIdentification enabled="true" cookieName=".ASPXANONYMOUS"

cookieTimeout="100000" cookiePath="/" cookieRequireSSL="false"

cookieSlidingExpiration="true" cookieProtection="Encrypted"

cookieless="UseCookies" domain="" />

Other Resources & Links:

ASP.Net Authentication
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/vsent7/html/vxconASPNETAuthentication.asp

ASP.Net 2.0 Security (Has info on cookieless forms authentication)
http://www.awprofessional.com/articles/article.asp?p=351414&seqNum=4&rl=1

Membership Class
http://msdn2.microsoft.com/en-us/library/system.web.security.membership(VS.80).aspx

How To: Configure MachineKey in ASP.NET 2.0 (Has info on configuring Anonymous Identification)
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnpag2/html/paght000007.asp

• Track and coordinate all Web Parts controls on a page by adding a WebPartManager control.
• Connect Web Parts to each other by using connection objects.
• Divide a page that uses Web Parts into zones by using WebPartZones.
• Present a list of available Web Parts controls to users by using CatalogPart controls.
• Enable users to edit and personalize Web Parts controls on a page by using EditorPart controls.

Summary

New  to ASP.Net 2.0 are the concept of web parts, customizable modular data presentation components.

The WebPartManager Class is used to manage all the Web Parts on a page and their events. This class is the workhorse for all web part functionality. The following details on what this control does are taken from MSDN:

The WebPartManager control acts as the hub or control center of a Web Parts application. There must be one–and only one–WebPartManager control instance on every page that uses Web Parts controls. As with most aspects of Web Parts applications, the WebPartManager control works only with authenticated users. Further, its functionality works almost entirely with server controls that reside within Web Parts zones that inherit from the WebZone class. Server controls that reside on a page outside of these zones can have very little Web Parts functionality or interaction with the WebPartManager control.

As the hub for Web Parts functionality on a page, the WebPartManager control carries out the kinds of tasks listed below

Tracking Web Parts controls
Keeps track of the many different kinds of controls on a page that provide Web Parts features, including WebPart controls, connections, zones, and others.

Adding and removing Web Parts controls
Provides the methods for adding, deleting, and closing WebPart controls on a page.

Administering connections
Creates connections between controls, and monitors the connections as well as the processes of adding and removing them.

Personalizing controls and pages
Enables users to move controls to different locations on a page, and launches the views in which users can edit the appearance, properties, and behavior of controls. Maintains user-specific personalization settings on each page.

Toggling between different page views
Switches a page among different specialized views of the page, so that users can carry out certain tasks such as changing page layout or editing controls.

Raising Web Parts life-cycle events
Defines, raises, and enables developers to handle life-cycle events of Web Parts controls, such as when controls are being added, moved, connected, or deleted.

Enabling import and export of controls
Exports XML streams that contain the state of the properties of WebPart controls, and allows users to import the files for convenience in personalizing complex controls in other pages or sites.

The following explanation of connecting Web Parts comes from the Personalizing Using Web Parts ASP.Net Quickstart Tutorial:

Web parts are also capable of exchanging data between them, using web part connections. Using connections, you can have one web part provide one or more property values that can be used by other web parts on the page. Web part connections have the following elements:

An interface that defines the communications contract between two parts. The interface describes properties and methods available through the connection.

A web part that behaves as a connection provider. To specify a provider connection point, a web part needs to have a method that creates and returns an instance of the communications interface. This method should be marked with the ConnectionProvider attribute. By default, A single provider connection point can be used with multiple connection consumers.

A web part that behaves as a connection consumer. To specify a consumer connection point, a web part needs to have a method that takes an instance of the communications interface as a parameter. This method should be marked with the ConnectionConsumer attribute. By default, A single consumer connection point can only be used with one connection provider.

WebPartZones define the areas on the page where Web Parts can be placed and also define common user interface for those controls by defining styles.

The CatalogPart Control is used to list the controls that a user can add to a web page.

The EditorPart Control is used to modify web parts when they are in edit mode.  Using this control you can modify its layout, appearance, properties, behavior, or other characteristics.

Other Resources & Links:

Personalize Your Portal with User Controls and Custom Web Parts
http://msdn.microsoft.com/msdnmag/issues/05/09/WebParts/default.aspx

Personalizing Using Web Parts – ASP.NET Quickstart Tutorials
http://www.asp.net/QuickStart/aspnet/doc/webparts/default.aspx

WebPartManager Class
http://msdn2.microsoft.com/en-us/library/system.web.ui.webcontrols.webparts.webpartmanager(VS.80).aspx

WebPartConnection Class
http://msdn2.microsoft.com/en-us/library/system.web.ui.webcontrols.webparts.webpartconnection(VS.80).aspx

WebPartZone Class
http://msdn2.microsoft.com/en-us/library/system.web.ui.webcontrols.webparts.webpartzone(VS.80).aspx

Catalog Part Class
http://msdn2.microsoft.com/en-us/library/system.web.ui.webcontrols.webparts.catalogpart(VS.80).aspx

EditorPart Control
http://msdn2.microsoft.com/en-us/library/system.web.ui.webcontrols.webparts.editorpart(VS.80).aspx

• Apply a theme declaratively.
• Apply a theme programmatically.
• Apply a user-selected theme programmatically.
• Define custom themes.
• Define the appearance of a control by using skins.
• Enable users to personalize an application by using Web Parts.
• Track and store user-specific information by using user profiles.
• Personalize a Web page by dynamically adding or removing child controls in a Placeholder control at run time.

Summary

ASP.Net themes are new to ASP.Net 2.0 and allow you to define the default appearance of server controls.

To Apply a theme declaratively you can specify the them in the applications web.config or specify it in the page directive for a particular page.

To Apply themes programmatically you can alter the Page’s theme property, but you must do so during the PreInit event.

To Define your own themes you must add a theme folder to your application and then add a folder for each theme you want to create. In each folder add a css file and add a skin file that defines the default look and feel for each server control. Below is an example of an entry in a skin file as taken from msdn:

<asp:Button runat="server" 

  BackColor="Red" 

  ForeColor="White" 

  Font-Name="Arial" 

  Font-Size="9px" />

You can enable users to personalize an application by leveraging Web Parts. Using web parts you use a Web Part Manager to control the Web Parts and Personalization process. On each page you define Web Part Zones that specify where the web parts will appear. You can use a Catalog Component to define what web parts are available. Users can then easily customize their pages.

Using ASP.Net 2.0 you can enable personalization. This enables user specific properties to be stored in a database or other source as configured through the personalization provider. In the Web Config you can define the properties that you want to keep track of and ASP.Net will automatically handle the storage of this data. Below is an example of defining three properties in an applications web config that will be stored through the personalization provider. (Example from MSDN)

<profile>

   <properties>

      <add name="BackColor" type="string" />

      <add name="ForeColor" type="string" />

      <add name="Links" 

           type="System.Collections.Specialized.StringCollection" 

           serializeAs="Xml" />

   </properties>

</profile>

Notice that you can specify the type. This enables you to use custom types for any property you want. What’s even better is that you can access the properties using intellisense as in the following example (also from msdn.

If Profile.Links.Count = 0 Then

   Profile.Links.Add("http://www.misirach.org")

   Profile.Links.Add("http://www.ethiopioneers.com")

End If

You can dynamically add controls to a placeholder control at runtime by creating a new instance of the control either directly or through the LoadControl method of the page class and then passing in the reference to the Placeholders AddControl method.

Other Resources & Links:

ASP.Net Themes and Styles
http://msdn2.microsoft.com/en-us/library/wcyt4fxb.aspx

How To: Apply ASP.Net Themes
http://msdn2.microsoft.com/en-us/library/0yy5hxdk.aspx

How To: Define ASP.Net Page Themes
http://msdn2.microsoft.com/en-us/library/ms247256(VS.80).aspx

Personalize Your Portal with User Controls and Custom Web Parts
http://msdn.microsoft.com/msdnmag/issues/05/09/WebParts/

Personalization and User Profiles in ASP.Net 2.0
http://msdn.microsoft.com/msdnmag/issues/05/10/CuttingEdge/default.aspx

• Create a master page.
• Add a ContentPlaceHolder control to a master page.
• Specify default content for a ContentPlaceHolder.
• Reference external resources in a master page.
• Define the content of a particular page in a content page.
• Create a content page.
• Add content to a content page.
• Reference a master page member from a content page.
• Handle events when using master pages.
• Create a nested master page.
• Change master pages dynamically.

Summary

Net to .Net 2.0 Master pages contain all the top-level HTML elements for a page, such as <html>, <head>, and <form>. They also define sections with controls called ContentPlaceHolders.  ASPX pages use master pages to define layout ensuring a consistent site design.  ASPX define mappings between the ContentPlaceHolders of the masterpage and the Content sections of the ASPX page.  Master pages have a .master file extension.  Masterpages are tied to ASPX pages via the MasterPageFile attribute of the Page directive or in webconfig via the  /configuration/system.web/pages MasterPageFile attribute.

Be careful with the term Master.. although it may seem that the masterpage is higher up in the food chain and things filter down from it,  The masterpage itself inherits from user control and, at runtime, becomes a child of the page of which it is a “master” of.  There is a method to the madness.  There is a new stage in the page lifecycle call PreInit.  It is here that themes and masterpages are leveraged to provide modular formatting and structure to the user interface.  At this stage the Page object takes the definition for the masterpage (all your ContentPlaceHolders controls) and “superimposes” it onto itself.  It then inserts all the controls from each of the Content Control sections of your page into their respective ContentPlaceHolders.  This mapping between ContentPlaceHolders and Content controls is done via the ContenPlaceHolderID.

ContentPlaceHolder Controls are used to define where the content will be inserted into the Master Page Template. You can set the Master Page through Configuration in Web.Config, with a Page Directive Attribute, or dynamically in the PreInit event like the following example:

Dynamically Set a masterpage and Theme in the PreInit Method

    void Page_PreInit(Object sender, System.EventArgs e)

    {

        Page.MasterPageFile = "~/MasterPages/MasterPage.master";

        Page.Theme = "FunkyTheme";

    }

Note: After the PreInit method, the Master Page can not be changed.

In a master page, you can define default content inside a ContentPlaceHolder Control so when a page that uses the master page does not specify content for that content placeholder, ASP.Net will use the default content.

In order to nest master pages, just have the master page you are building use a master page on it’s own.

Other Resources & Links:

Master Pages in ASP.NET 2.0
http://msdn.microsoft.com/asp.net/reference/design/default.aspx?pull=/library/en-us/dnvs05/html/masterpages.asp

Creating a Layout Using Master Pages
http://www.asp.net/QuickStart/aspnet/doc/masterpages/default.aspx

Events in ASP.NET Master and Content Pages
http://msdn2.microsoft.com/dct97kc3.aspx