We are very serious about security and recognize that the Membership Manager Control
could expose a big security hole if it is left open to the Internet. By taking
certain basic precautions, you should be able to successfully implement this much-needed
control panel without "giving up the keys to the kingdom."
Obviously, your required level of security is very much dependent on your application.
For example a corporate E-Commerce site requires much tighter security than a personal
friends and family web site. Thus, your approach toward security may vary widely.
Here are a couple of ideas:
A) Use Asp.Net Roles
Drop the Membership Manager Control onto an "Admin" page that is only accessible
to Administrators. It's very easy to use the Asp.Net Configuration Tool to enable
roles and designate folders that may only be accessed by members of a particular
role.
To err on the side of security, the default "MembershipRole" property is "Administrators"
and requires that roles are enabled and also that the runtime user is a member of
the "Administrators" role in order for the control to work. You can change this
to another role if you like.
B) Use a separate Intranet Site
Drop the Membership Manager Control onto a page that is only accessible through
your Intranet or through a Windows authentication scheme. Note that since
SQL Server Express only works on a local machine, you'll have to maintain your access-controlled
administration site on the same server. If you are using the full version
of SQL Server, of course, you can maintain the public and private sites on separate
servers.
Just
download and install MembershipManager.msi which copies the program assembly
QualityData.Membership.dll onto your hard drive. By default, the installer copies
the assembly to the C:\Program Files\Quality Data\Membership Manager folder but
you can place it anywhere you like.
To use the control in your web site projects, you'll need to add the control to
your Visual Studio Toolbox as follows:
- Right Click on the General Tab (or any other tab) of your toolbox and select "Choose
Items.." from the context menu.
- In the "Choose Toolbox Items" dialog, make sure you are on the ".Net Framework Components"
tab then click "Browse".
- Locate QualityData.Membership.dll in the folder where
you installed it then select it and click "Open".
- You'll see the control is
now listed in the "Choose Toolbox Items" dialog. Make sure it is checked then click
"OK".
With the control now in your toolbox, just drag it onto your web form.
Watch the Video
that shows you how to download, setup and run the Membership Manager Control in
less than 3-minutes!
The Membership Manager Control is designed to be easy to evaluate and easy to purchase.
When you install the "free trial", you get the deliverable software. Without a license
file, however, the control will only work a few dozen times without requiring an
application restart.
With the purchase of a license, you get a plain text file named QualityData.Web.UI.WebControls.MembershipManager.lic
that contains a product key. When your web application is started, the control checks
for the presence of this file in the "\bin" folder and if it finds it, enables the
control.
To license your copy, therefore, simply copy the license file into your project
and restart the web application.
(Just save web.config with no changes to
restart.)
Our
License Agreement
explains that you can use your Web Server License on any number of staging servers
and on a single production server. If you purchase five Web Server Licenses,
we automatically upgrade you to a Site License and you are allowed to use any or
all of your Web Server Licenses on any server you own.
When you drag the Membership Manager Control from the toolbox onto your web form,
Visual Studio will automatically copy QualityData.Membership.dll into the "\bin"
folder of your project. If you have purchased a license, then you must also copy
the license file, QualityData.Membership.Lic into the "\bin" folder of your project.>
The Membership Manager Control uses the settings from your existing Asp.Net SQLMembershipProvider
for its own configuration.
Most of the features in the Membership Manager Control will work fine regardless
of the settings in Web.Config. A couple of features such as "Change Password" and
"Change Question and Answer" depend on the SQLMembershipProvider and therefore require
that "enablePasswordRetrieval" and "enablePasswordReset" are set to True and that
"requiresQuestionAndAnswer" is set to False. As these settings affect the behavior
of the built-in Asp.Net Membership (login) controls, you may wish to define a custom
Web.Config file for your Administrative pages if you wish to retain the default
behavior in your main site.
No changes are required to your existing Asp.Net Membership database tables but
one feature does require the addition of a couple stored procedures.
The Membership Manager Control is able to leverage the SQLMembershipProvider and
its stored procedures to provide most of its functionality, however it does require
a stored procedure to enable the "Change User Name" feature as well as another to
lookup unencrypted password answers.
If you are using SQL Server Express (in user instance mode), then the Membership
Manager Control has enough rights to add the required stored procedures and will
do so automatically.
Otherwise, you may download and run this SQL Script to add the stored procedures
(don't forget to provide execute rights.)
Without these minor database additions, all features except "Change User Name" will
work just fine.
Yes, but you will generally not use is as such.
We wanted to give you the easiest installation experience possible and also did
not want to preclude you from using your own customized SQLMembershipProvider.
If you just drop in the control without performing any special configuration, then
it will use static methods in its own dll to provide its functionality. Most of
the internal methods call directly upon the base functionality of the SQLMembershipProvider,
so you should not experience any interference with your own custom SQL Membership
provider.
No. The Membership Manager Control is built onto the Asp.Net SQLMembershipProvider.
Yes. You can customize the Membership Manager Control by setting properties and
also through the use of templates.
Properties
Numerous properties are available for readily changing styles (fonts, colors, borders)
as well as the labels found within various views of the control.
Templates
Each of the views as well as the Grid and DataSource are implemented with templates.
When you select any view, in fact, an option is available on the Tasks menu to convert
that view to a template that can then be customized with additional controls.
When the Membership Manager Control is added to a web site project, its libraries
which include a number of convenience functions are immediately available to the
web form programmer. These are all static methods that wrap one or more of the built-in
membership methods to provide "one-line" calls for whichever provider is currently
selected. A list of these methods can be found in the help system and also by reviewing
the QualityData.MembershipManager object using the object browser or Intellisense.
Yes. Just drop the Membership Manager Control into the ContentTemplate of an atlas:UpdatePanel
and you'll get near-real-time interactivity with seemingly no postbacks.
Since we are continually updating the help system, it is maintained on the Quality
Data web site by default. If you like, you can use a setting in Web.Config to obtain
online documentation from a different source.