As noted in previous blog entries, I've been working on some tutorials for the www.asp.net site on the topics of forms authentication, authorization, membership, and roles. The first set of tutorials covered security basics and examined forms authentication in detail; the second set looked at the Membership system and the SqlMembershipProvider. The third set of tutorials examined the Roles framework and the SqlRoleProvider. The final slate of tutorials includes three on implementing common administrative tasks.
- Building an Interface to Select One User Account from Many [VB | C#] - when we needed to select a user account in previous tutorials we used a drop-down list. While a drop-down list is sufficient if there are only a handful of user accounts, it becomes unusable when there are hundreds or thousands of users. This tutorial looks at building an interface to efficiently and easily select one user account from a large number of accounts.
- Recovering and Changing Passwords [VB | C#] - shows how to use the PasswordRecovery and ChangePassword controls to allow users and administrators to recover lost passwords and change existing passwords.
- Unlocking and Approving User Accounts [VB | C#] - as a security measure, if a user supplies an incorrect password too many times, they are locked out. Users may also be unapproved. In either case, they cannot login. This tutorial examines how these properties are set, how they can be modified by an administrator, and how the user's approved status can be utilized to prevent new users from logging in until some action has been completed (such as clicking a link in an email message or receiving approval from an administrator).
All tutorials are available in C# and VB versions, include a complete, working source code download, and are available to download as PDF. The next batch of tutorials examines creating administrative pages to manage user accounts.
Enjoy! - http://asp.net/learn/security/