ptg 1194 CHAPTER 26 Using the Login Controls FIGURE 26.15 Retrieving a lost password with the PasswordRecovery control. <asp:PasswordRecovery id=”PasswordRecovery1” CssClass=”passwordRecovery” TitleTextStyle-CssClass=”passwordRecovery_title” InstructionTextStyle-CssClass=”passwordRecovery_instructions” SubmitButtonStyle-CssClass=”passwordRecovery_button” Runat=”server”> <MailDefinition From=”Admin@YourSite.com” Subject=”Password Reminder” /> </asp:PasswordRecovery> </div> </form> </body> </html> After you open the page in Listing 26.34 in your web browser, you are first asked to enter your username (see Figure 26.15). Next, you are asked to enter the answer to the security question that you entered when registering. Finally, a password is emailed to your regis- tered email account. From the Library of Wow! eBook ptg 1195 Using the PasswordRecovery Control 26 NOTE Before you use the PasswordRecovery control, you must specify your mail server set- tings in your application’s web configuration file. See the earlier section in this chapter, “Sending a Create User Email Message.” By default, the PasswordRecovery control first resets your password before sending you the password. In the next section, you learn how to send a user’s original password. Sending the Original Password By default, the PasswordRecovery control does not send a user’s original password. If you don’t want the PasswordRecovery control to reset a user’s password before sending it, you must change the configuration of the membership provider. Three configuration settings matter: passwordFormat, enablePasswordRetrieval, and enablePasswordReset. By default, the passwordFormat attribute has the value Hashed. When passwords are hashed, the PasswordRecovery control cannot send a user’s original password. This limita- tion makes sense because when passwords are hashed, the actual passwords are never stored anywhere. If you want to send a user his original password, you need to set the passwordFormat attribute to either the value Clear or Encrypted. By default, the enablePasswordRetrieval attribute has the value False. Therefore, if you want to send a user his original password, you must enable this property in the web configuration file. Finally, by default, the enablePasswordReset attribute has the value True. Regardless of the value of the passwordFormat or enablePasswordRetrieval attributes, you can always reset a user’s password and email the new password to the user. The web configuration file in Listing 26.35 contains the necessary configuration settings to enable a user’s original password to be sent. LISTING 26.35 Web.Config <?xml version=”1.0” encoding=”utf-8”?> <configuration> <system.web> <authentication mode=”Forms” /> <membership defaultProvider=”MyMembership”> <providers> <add name=”MyMembership” type=”System.Web.Security.SqlMembershipProvider” connectionStringName=”LocalSqlServer” From the Library of Wow! eBook ptg 1196 CHAPTER 26 Using the Login Controls passwordFormat=”Clear” enablePasswordRetrieval=”true” /> </providers> </membership> </system.web> </configuration> The configuration file in Listing 26.35 causes passwords to be stored in plain text rather than hashed. Furthermore, password retrieval is enabled. Requiring a Security Question and Answer When you use the CreateUserWizard control to register, you are required to select a security question and answer. The PasswordRecovery control displays a form that contains the secu- rity question. If you cannot enter the correct security answer, your password is not sent. If you do not want to require users to answer a security question before receiving their passwords, you can modify the configuration of the membership provider. The web configuration file in Listing 26.36 assigns the value false to the requiresQuestionAndAnswer attribute. LISTING 26.36 Web.Config <?xml version=”1.0” encoding=”utf-8”?> <configuration> <system.web> <authentication mode=”Forms” /> <membership defaultProvider=”MyMembership”> <providers> <add name=”MyMembership” type=”System.Web.Security.SqlMembershipProvider” connectionStringName=”LocalSqlServer” requiresQuestionAndAnswer=”false” /> </providers> </membership> </system.web> </configuration> From the Library of Wow! eBook ptg 1197 Using the PasswordRecovery Control 26 Using Templates with the PasswordRecovery Control If you need to completely customize the appearance of the PasswordRecovery control, you can use templates. The PasswordRecovery control supports the following three types of templates: . UserNameTemplate . QuestionTemplate . SuccessTemplate The page in Listing 26.37 illustrates how you can use all three of these templates. LISTING 26.37 PasswordRecoveryTemplate.aspx <%@ Page Language=”C#” %> <!DOCTYPE html PUBLIC “-//W3C//DTD XHTML 1.0 Transitional//EN” “http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd”> <html xmlns=”http://www.w3.org/1999/xhtml” > <head id=”Head1” runat=”server”> <style type=”text/css”> html { font:12px Arial,Sans-Serif; } h1 { font:bold 16px Arial,Sans-Serif; color:DarkGray; } </style> <title>PasswordRecovery Template</title> </head> <body> <form id=”form1” runat=”server”> <div> <asp:PasswordRecovery id=”PasswordRecovery1” Runat=”server”> <MailDefinition From=”Admin@YourSite.com” Subject=”Password Reminder” BodyFileName=”PasswordRecovery.txt” /> <UserNameTemplate> From the Library of Wow! eBook ptg 1198 CHAPTER 26 Using the Login Controls <h1>User Name</h1> <asp:Label id=”FailureText” EnableViewState=”false” ForeColor=”Red” Runat=”server” /> <br /> <asp:Label id=”lblUserName” Text=”Enter your user name:” AssociatedControlID=”UserName” Runat=”server” /> <br /> <asp:TextBox id=”UserName” Runat=”server” /> <br /> <asp:Button id=”btnSubmit” Text=”Next” CommandName=”Submit” Runat=”server” /> </UserNameTemplate> <QuestionTemplate> <h1>Security Question</h1> <asp:Label id=”FailureText” EnableViewState=”false” ForeColor=”Red” Runat=”server” /> <br /> <asp:Label id=”Question” Text=”Enter your user name:” AssociatedControlID=”Answer” Runat=”server” /> <br /> <asp:TextBox id=”Answer” Runat=”server” /> <br /> <asp:Button id=”btnSubmit” Text=”Next” CommandName=”Submit” Runat=”server” /> From the Library of Wow! eBook ptg 1199 Using the LoginView Control 26 </QuestionTemplate> <SuccessTemplate> <h1>Success</h1> An email has been sent to your registered email account that contains your user name and password. </SuccessTemplate> </asp:PasswordRecovery> </div> </form> </body> </html> The UserNameTemplate must contain a control with an ID of UserName. You also can include a control with an ID of FailureText when you want to display error messages. This template also must contain a Button control with a CommandName that has the value Submit. The QuestionTemplate must contain a control with an ID of Question and a control with an ID of Answer. Optionally, you can include a FailureText control when you want to display error messages. It also must have a Button control with a CommandName that has the value Submit. The SuccessTemplate, on the other hand, does not require any special controls. The PasswordRecovery control in Listing 26.37 includes a MailDefinition property that references a custom email message. The message is contained in Listing 26.38. LISTING 26.38 PasswordRecovery.txt Here’s your login information: user name: <%UserName%> password: <%Password%> The email message in Listing 26.38 contains substitution expressions for both the user- name and password. Using the LoginView Control The LoginView control enables you to display different content to different users depend- ing on their authentication status. For example, the page in Listing 26.39 displays differ- ent content for authenticated users and anonymous users (see Figure 26.16). From the Library of Wow! eBook ptg 1200 CHAPTER 26 Using the Login Controls FIGURE 26.16 Displaying content to authenticated users with the LoginView control. LISTING 26.39 ShowLoginView.aspx <%@ Page Language=”C#” %> <!DOCTYPE html PUBLIC “-//W3C//DTD XHTML 1.0 Transitional//EN” “http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd”> <html xmlns=”http://www.w3.org/1999/xhtml” > <head id=”Head1” runat=”server”> <title>Show LoginView</title> </head> <body> <form id=”form1” runat=”server”> <div> <asp:LoginStatus id=”LoginStatus” Runat=”server” /> <hr /> <asp:LoginView id=”LoginView1” Runat=”server”> <AnonymousTemplate> This content is displayed to anonymous users. From the Library of Wow! eBook ptg 1201 Using the LoginView Control 26 </AnonymousTemplate> <LoggedInTemplate> This content is displayed to authenticated users. </LoggedInTemplate> </asp:LoginView> </div> </form> </body> </html> The LoginView control in Listing 26.39 contains two templates: an AnonymousTemplate and a LoggedInTemplate. Only one of the two templates is displayed at a time. The page also includes a LoginStatus control. You can use this control to log in and log out quickly. NOTE You can use the LoginView control with Windows authentication as well as Forms authentication. Using Roles with the LoginView Control You also can use the LoginView control to display different content to users who belong to different roles. The page in Listing 26.40 contains a LoginView that contains two RoleGroup controls. The first RoleGroup contains content that is displayed to members of the Administrator role. The second RoleGroup contains content that is displayed to members of the Manager and Worker roles. LISTING 26.40 LoginViewRoles.aspx <%@ Page Language=”C#” %> <!DOCTYPE html PUBLIC “-//W3C//DTD XHTML 1.0 Transitional//EN” “http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd”> <script runat=”server”> protected void Page_Load(object sender, EventArgs e) { MembershipCreateStatus status; // Create Bill Membership.CreateUser(“Bill”,”secret_”,”bill@somewhere.com”, “dog”,”rover”,true,out status); // Create Ted Membership.CreateUser(“Ted”, “secret_”, “ted@somewhere.com”, “dog”, “rover”, true,out status); From the Library of Wow! eBook ptg 1202 CHAPTER 26 Using the Login Controls // Create Fred Membership.CreateUser(“Fred”, “secret_”, “fred@somewhere.com”, “dog”, “rover”, true, out, status); // Create Administrator Role if (!Roles.RoleExists(“Administrator”)) { Roles.CreateRole(“Administrator”); Roles.AddUserToRole(“Bill”, “Administrator”); } // Create Manager Role if (!Roles.RoleExists(“Manager”)) { Roles.CreateRole(“Manager”); Roles.AddUserToRole(“Bill”, “Manager”); Roles.AddUserToRole(“Ted”, “Manager”); } // Create Worker Role if (!Roles.RoleExists(“Worker”)) { Roles.CreateRole(“Worker”); Roles.AddUserToRole(“Fred”, “Worker”); } } </script> <html xmlns=”http://www.w3.org/1999/xhtml” > <head id=”Head1” runat=”server”> <title>LoginView Roles</title> </head> <body> <form id=”form1” runat=”server”> <div> <asp:LoginStatus id=”LoginStatus” Runat=”server” /> <hr /> <asp:LoginView id=”LoginView1” Runat=”server”> <RoleGroups> <asp:RoleGroup Roles=”Administrator”> <ContentTemplate> From the Library of Wow! eBook ptg 1203 Using the LoginView Control 26 This content is displayed to Administrators. </ContentTemplate> </asp:RoleGroup> <asp:RoleGroup Roles=”Manager,Worker”> <ContentTemplate> This content is displayed to Managers and Workers. </ContentTemplate> </asp:RoleGroup> </RoleGroups> </asp:LoginView> </div> </form> </body> </html> The Page_Load() handler in Listing 26.40 creates three users named Bill, Ted, and Fred. Bill is added to both the Administrator and Manager roles; Ted is added to the Manager role; and Fred is added to the Worker role. The content of only one RoleGroup is displayed by the LoginView control at a time. If a user matches more than one RoleGroup, the content of the first RoleGroup matched is displayed and the other RoleGroups are ignored. Before you can use the page in Listing 26.40, you must enable roles in the web configura- tion file. The file in Listing 26.41 contains the necessary roleManager element. LISTING 26.41 Web.Config <?xml version=”1.0” encoding=”utf-8”?> <configuration> <system.web> <authentication mode=”Forms” /> <roleManager enabled=”true” /> </system.web> </configuration> From the Library of Wow! eBook . templates. LISTING 26.37 PasswordRecoveryTemplate.aspx <%@ Page Language=”C#” %> <!DOCTYPE html PUBLIC -/ /W3C//DTD XHTML 1.0 Transitional//EN” “http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd”>. control, you can use templates. The PasswordRecovery control supports the following three types of templates: . UserNameTemplate . QuestionTemplate . SuccessTemplate The page in Listing 26.37. ptg 11 94 CHAPTER 26 Using the Login Controls FIGURE 26.15 Retrieving a lost password with the PasswordRecovery control. < ;asp: PasswordRecovery id=”PasswordRecovery1” CssClass=”passwordRecovery”