Using Site Server 3.0 Membership Services and Visual InterDev 6.0

Kevin Durr
www.notsoldseparately.com

January 1999

Summary: Discusses how to use Microsoft® Visual InterDev™ version 6.0 with Site Server 3.0 Membership services. Covers how to create a Web development system with Visual InterDev that uses Membership authentication, and then shows how to use the Membership design-time controls (DTCs) to create some sample user registration pages. (29 printed pages)

Contents

Introduction to Site Server 3.0 Membership
     Directory Services and the Membership Directory
     Lightweight Directory Access Protocol
     Active Directory Service Interfaces
     Active User Object
     Membership Directory Authentication
What Are Design Time Controls?
Introduction to Site Server's P&M DTCs
Getting Started
     Setting Up Your Server
     Setting Up Your Visual InterDev 6.0 Workstation
     Creating a Visual InterDev Project
Creating Registration Pages
     Creating an Update Page
     Adding HTML Tables to Your Forms
Resources
     Site Server
     LDAP
     ADSI
     Visual InterDev

Introduction to Site Server 3.0 Membership

Microsoft Site Server 3.0 is a suite of products and application development tools used to create dynamic interactive intranet and Internet Web sites. Site Server is available in two versions: Site Server and Site Server Commerce Edition. Site Server contains the following features:

Commerce Edition is the same suite with the addition of Commerce Server and Ad Server. Although Microsoft has positioned Site Server as an intranet platform, it may be used equally as well for Internet sites. This is particularly true for the Personalization & Membership services. P&M may be used to deliver personalized content for users as well as to restrict users to areas of a site for which they have been given privileges. It provides several membership authentication methods and is tightly integrated with Microsoft Windows NT® Server's Internet Information Server (IIS) technology.

First, let's cover some of the basic technologies utilized by Site Server Membership, including directory services, Lightweight Directory Access Protocol (LDAP), and Active Directory Service Interfaces (ADSI). A general knowledge of these technologies is important as you build your Membership site.

Directory Services and the Membership Directory

A directory service is a database that stores organizational data and is highly optimized for database lookups (reads). Directory services provide an index of users and network resources. Site Server 3.0 contains Microsoft's most recent directory service, the Membership Directory. It is the central repository for user data, including member accounts, permissions, and site resources. All directory services use LDAP as their communicating protocol. In the future Microsoft Windows® 2000 Server will implement the much-talked-about Active Directory, which will take the Membership Directory to the next level. The Active Directory will also be responsible for storing all the information needed for the Windows NT domain architecture.

Lightweight Directory Access Protocol

Lightweight Directory Access Protocol (LDAP) is the underlying protocol used by Site Server Membership to communicate with the Membership Directory. LDAP was designed to be the standard Internet protocol for accessing directory services. LDAP runs on TCP/IP networks and is independent of platform, allowing directory-based information to be shared across operating systems. Site Server Membership implements an LDAP service for reading and writing information to the Membership Directory database.

Active Directory Service Interfaces

As stated previously, the Membership Directory must be accessed using the LDAP protocol. Rather than making raw LDAP calls to the Membership Directory, Site Server Membership uses Active Directory Service Interfaces, better known as ADSI. ADSI provides a common standard interface to multiple directory services (through ADSI providers) and communicates with the directory services using LDAP. ADSI makes life easier by allowing the developer to write code to one API while working with multiple directory services.

Active User Object

Site Server provides the Active User Object (AUO) as a single component that aggregates all of a user's attributes from multiple Active Directory Service (ADS) providers. The primary provider is always the Membership Directory. The AUO is a COM object called membership.userobjects. It uses ADSI to retrieve a user's information from the Membership Directory and greatly simplifies the code a developer writes by automatically binding to the current user's information in the Membership Directory. The binding occurs when the component is created, but requires that the Web site be mapped to a Membership Server and that the user is authenticated.

Membership Directory Authentication

When you set up a Membership Directory for a Web site, you must choose the type of authentication to be used. Membership may be set up to use Windows NT accounts (Windows NT Authentication) or accounts that reside solely in the Membership Directory database (Membership Authentication). Windows NT Authentication is most useful for intranet sites where you wish to leverage existing accounts. However, Membership Authentication is a good choice for Internet sites, especially sites in which the number of users will increase dramatically over time. As your user base grows, it is much easier to administer your accounts and privileges using Membership Authentication.

It is important to note that Membership Authentication maps Membership groups to proxy Windows NT group accounts to determine a member's security permissions. You still have the benefit of the strong security of Windows NT and can administer security permissions for a Membership group by assigning permissions (ACLs) to the proxy account. For every group in the Membership Directory, Membership creates a corresponding Windows NT group called Site_directoryname_groupname, where directoryname is the name of the Membership Directory and groupname is the name of the Membership group.

For our example code, we'll be creating a new Membership Directory called BookStore. When the BookStore Membership Directory is created, an administrator group, called AdminGroup, is also created. The corresponding Windows NT group is therefore called Site_BookStore_AdminGroup.

What Are Design-Time Controls?

Design-time controls (DTCs) are a special class of Microsoft ActiveX® Control that act as visual helper applications for Web developers and can automatically generate the HTML and server-side or client-side script required to accomplish simple or complex tasks within a Web site. Because DTCs have no binary run-time component, their output can be viewed on any platform in any browser. DTCs help to reduce development time by generating common code that is repeated many times to perform common tasks within Web pages.

For more information, please see: http://msdn.microsoft.com/vinterdev/technical/techfaq.asp.

Introduction to Site Server's P&M DTCs

Creating a registration page that adds a user to the Membership Directory can be a fairly complex task. To help solve this problem, Site Server provides a set of DTCs for creating user registration pages and forms. The Membership DTCs consist of three DTCs that must be used together. They are as follows:

The Membership Header DTC is used only once per page or form. It defines whether you will be creating a new user or updating an existing user. It also defines which Membership Directory to add the user to and which administrative account to use when doing this.

The Membership Attribute DTC is inserted for each member attribute that you want to include on the registration form. The only required attribute is the username, called cn (Common Name). Even though it's not required, you will most likely want to insert the userpassword attribute as well.

The Member Footer DTC is used only once per page or form. It places the Submit button on the form and allows you to specify the URL the user will be sent to upon successful completion of registration. You may also specify the Membership group to which the user is added.

Getting Started

Setting Up Your Server

Install Site Server 3.0

You need to have Site Server 3.0 with Site Server Service Pack 1 installed on the server. If you do not have Site Server, you may order an evaluation CD or download an evaluation copy from the Microsoft Web site at http://www.microsoft.com/siteserver/. The Site Server Service Pack 1 may be downloaded from http://www.microsoft.com/backoffice/downloads.htm#Site.

Site Server 3.0 has the following hardware and software requirements:

Hardware requirements

Software requirements

Note   Actual requirements will vary based on your system configuration and on the features you choose to install.

Site Server 3.0 Membership Directories can be created using a Microsoft Access or Microsoft SQL Server™ 6.5 database. In our example, we will create the Membership Directory with an Access database. Because Access databases do not require a server component to run, there is no additional installation required. If you choose to implement your Membership Server with an SQL Server database, you must install SQL Server on the server. An evaluation copy of SQL Server 6.5 and its installation documentation is included on the Site Server 3.0 evaluation CD.

To utilize the Direct Mail feature of Site Server 3.0 Membership, a valid SMTP server that can be reached from your Web server is required. If you do not have an SMTP server available, you can install the Microsoft SMTP server that is included with the Windows NT Server 4.0 Option Pack.

Create the Membership Server

Once you have Site Server installed, you'll need to create a Membership Server instance for your Web site. The Membership Server instance contains your Membership Directory.

  1. Open the Site Server Management Console (MMC). From the Start menu, select Programs, Microsoft Site Server, and then Site Server Administrator (MMC).

  2. When the MMC is open, expand the Personalization & Membership folder by clicking it. Then right-click the server and select New, Membership Server instance. (See Figure 1.)

    Figure 1. Creating a new Membership instance

  3. Click the Next button and select Complete Configuration.

  4. Click the Next button and select Create a new Membership Directory.

  5. Click the Next button and select Membership Authentication.

  6. You are now at the Name the Membership Directory and Create Account dialog box. Enter a name for your Membership Directory. For the example, we'll use BookStore. Enter a password for the administrative account. For this example I'm going to use a password of password.

    You will need your password later. Write it down someplace you will not lose it. Click the Next button when finished. (See Figure 2.)

    Figure 2. Naming the Membership Directory

  7. Choose Access Database as the database type and click the Next button. Access is chosen for this example because it does not require any additional installations. When creating a Membership Directory for a production environment, consider choosing SQL Server. SQL Server is a more highly scalable database.

  8. Accept the default file name that Site Server generates and click the Next button.

  9. Accept [All Unassigned] for the IP Address and write down the port number. If you've created other Membership Servers, make sure you use a port number that is not in use. If this is the first Membership Server instance you are creating, the port number will most likely be 1003. You will need this port number later. Click the Next button.

  10. Enter the name of the SMTP server you wish to use. If you are unsure, use the SMTP server that is installed with the Windows NT Option Pack. Verify that the service is running by going to Start, Settings, Control Panel, and then Services. The service is called Microsoft SMTP Service. You may use this service by entering "localhost" or the name of your server. Click the Next button.

  11. You are now at the Confirmation dialog box. Click the Finish button.

  12. After the Membership Server instance is created, you are returned to the MMC. You should see your new instance. It is named Membership Server #N, where N equals the next available number.

  13. Right-click the Membership Server name (Membership Server #2) and select Rename. This allows you to give the server a more descriptive name. For this example we've renamed it BookStore.

Create a Membership Web site

After the Membership Server instance is created, the next step is to create a Web site and map the new Web site to the Membership Server that you have just created.

  1. Create a new directory under your Inetpub directory. This directory is used to store the content of your Web site. For this example, our directory is called BookStore.

  2. Create a directory under the directory you just created called Members. Although this directory could easily be created later using Visual InterDev, we have created it now to demonstrate how to configure the Membership Authentication service for this directory (step 11 of this task).

  3. Open the Site Server Management Console. From the Start menu, select Programs, Microsoft Site Server, and then Site Server Administrator (MMC).

  4. When the MMC is open, expand the Internet Information Server folder by clicking it. Then right-click the server, select New, and then select Web Site.

    Figure 3. Creating a Membership Web site

  5. Enter a name for the Web site under Web Site Description. We've used BookStore again. Click the Next button.

  6. Accept [All Unassigned] for the IP address and set the port to an available port. In this example, we are setting the port to 82. Click the Next button.

  7. Enter the path of the new directory you created under Inetpub. Click the Next button.

    Figure 4. Setting the home directory path

  8. Accept the defaults on the Permission dialog box and click the Finish button.

  9. The Web site is created and you are returned to the MMC. Highlight the name of the new Web site and right-click it. Then select Task, Membership Mapping. The Membership Mapping dialog box appears. Select the new Membership Server you just created and click the OK button.

  10. Highlight the new Web site and press the F5 key. The display is refreshed, and the new Web site now contains a virtual directory called "_mem_bin" . This directory is used by Membership for authentication and user account purposes.

    Figure 5. The new virtual directory "_mem_bin"

  11. Highlight and right-click the members directory in the MMC under the new Web site, and then select Properties. When the Properties dialog box is displayed, click the Membership Authentication tab. Clear the Allow Anonymous box and check HTML Forms Authentication. Click the OK button when finished.

    Figure 6. Properties dialog box

The actions just described will force the user to log in using an HTML form rather than a dailog box before accessing the content contained in this directory. As you create other directories that require authentication using Visual InterDev, you can set the Membership Authentication property using this technique, or through the WebAdmin pages provided by Site Server. (See the Site Server documentation for more information regarding WebAdmin.)

Install FrontPage Extensions

Now you need to install and configure Microsoft FrontPage® Extensions on your new Web site. FrontPage Extensions enable you to attach to the site using Visual InterDev. It's important to map the new Web site to a Membership Directory before beginning this task. As you begin development of the site and connect to it with Visual InterDev, your authentication should be through Membership accounts rather than Windows NT accounts.

  1. Open the FrontPage Server Administrator. From the Start menu, select Programs, Windows NT 4.0 Option Pack, Microsoft Internet Information Server, FrontPage Server Administrator. The FrontPage Administrator dialog box appears.

    Figure 7. FrontPage Server Administrator dialog box

  2. Click the Install button. The Configure Server Type dialog box appears. Select Microsoft Internet Information Server and click the OK button.

  3. The Multihosted Servers dialog box appears. This dialog box allows you to select on which Web sites you wish to install FrontPage Extensions. Highlight your new Web site (in our case it's BookStore), and then click the OK button.

    Figure 8. Multihosted Servers dialog box

  4. You will be prompted to confirm your selection; click the OK button.

  5. You are now prompted to enter the name of the account to use when authoring and administering your Web site. The dialog box defaults to the current user logged in. Earlier we talked about how Membership maps Membership groups to Windows NT groups, and we also discussed how it automatically creates an AdminGroup when the Membership Server instance is created. We'll enter the Windows NT group that corresponds to the AdminGroup here (Site_directoryname_AdminGroup). In our case, the Windows NT group is called Site_BookStore_AdminGroup. Click the OK button after entering the AdminGroup name.

    Figure 9. Entering the corresponding Windows NT group

  6. After the FrontPage Extensions are installed you are returned to the main FrontPage Administrator dialog box. Click the Close button to close this dialog box.

Setting Up Your Visual InterDev 6.0 Workstation

If you're installing Visual InterDev 6.0 on the same computer as Site Server, you must install Visual InterDev after the Site Server and Site Server Service Pack 1 (SP1) installation.

Important   SP1 installation is necessary to ensure the interoperability of Site Server 3.0 and Visual InterDev 6.0.

If you are not developing on a server, you must install the Site Server Tools on your client workstation. You can do this by inserting the Site Server 3.0 CD-ROM and selecting Tools Installation. If you downloaded a Site Server evaluation copy, run the install program and select Tools Installation.

Creating a Visual InterDev Project

Create a new project

  1. Open Visual InterDev 6.0. The New Project dialog box appears. Type the name of your new project. We're going to keep with the bookstore theme, so we'll name our project BookStore. Click the Open button when finished.

    Figure 10. Creating a new project in Visual InterDev

  2. The Web Project Wizard starts. Enter the name of your Web site server and Web site port number on the first page, and then click the Next button. We put our Web site on port 82 and the name of our server is DUNE, so we entered DUNE:82.

    Figure 11. Specifying the server and port

  3. After connecting with the server, you are prompted to choose between creating a new Web application or connecting to an existing one. Select the Connect to an existing Web application button and select <Root Web> as the name. Click the Finish button when finished.

    Figure 12. Connecting to your existing Web site

  4. Visual InterDev now prompts you for a username and password in order to author the site. This must be a valid Membership Directory account that is part of the AdminGroup. The Administrator account is valid, because the Membership server automatically adds the Administrator account to the AdminGroup when the Membership Server instance is created. You also need the password you chose earlier. Enter Administrator as the username and enter the password that you chose. Click the OK button when finished.

  5. Upon successful authentication, you are prompted to install the Visual InterDev Script Library. This is not required for our examples, however it is very useful and may help to reduce development time. Click the Yes button to install; click the No button to skip.

  6. After the project opens, we need to add the Membership DTCs to Visual InterDev. From the menu bar select Tools, Customize Toolbox. The Customize Toolbox dialog box appears. Scroll down until you see the Membership DTCs. Check the following DTCs and click the OK button:

    Figure 13. Adding the Membership DTCs

You are now ready to start developing your project. Before we begin coding, we need to add some pages to the project using Visual InterDev.

In the root directory add the following files:

In the members directory add the following files:

Your project should resemble Figure 14.

Figure 14. BookStore Web site project view

Link the New Pages

  1. In the default.asp page that resides in the root directory, add the following HTML to the body of the page. This creates a link to the register.asp page.
    Welcome to our book store! <br>
    Sign up for a <A href="register.asp">free member account</a>.
    <br> 
    If you already have an account, you may enter the <A href="members/ ">members</A> section.
    
  2. Add the following HTML to the body of members/default.asp.
    <P>Welcome to the members section.</P>
    You may <A HREF="update.asp">update your account</A> 
    or go back to the <A HREF="../default.asp">home</A> page.
    
  3. Add the following HTML to the body of registerconfirm.asp.
    Thanks for registering. <BR> 
    You may login into our <A HREF="members/">members section</A>.
    
  4. Add the following HTML to the body of members/updateconfirm.asp.
    Thanks for updating your information. 
    <A HREF="default.asp"> Continue </A>
    

Creating Registration Pages

Now we're going to use the Membership DTCs we just installed to create a page where users may create their own accounts.

  1. Open your register.asp page and delete all of the existing code and HTML by pressing CTRL+A and then the Delete key.

  2. Next, make sure your ToolBox is displayed. You may press the ToolBox icon if you are unsure:

    When the ToolBox is displayed, click Design Time Controls. You should see the Membership DTCs listed in the ToolBox, displayed with the following names:

    If you do not see these in the ToolBox, perform the following: From the menu select Tools, and then Customize Toolbox. Next, deselect the Membership DTCs and click the OK button. Then reinsert them using the same process by selecting rather than deselecting them.

  3. First, we'll insert a Membership Header DTC. Double-click the MemHeaderCtrl. This inserts the DTC into your blank register.asp page. Once inserted, the Membership Header DTC should look like this:

  4. To set the properties of the Header DTC we need to bring up the Property Pages window. To do this we need to make sure the Properties window is displayed. This technique is used for all of the DTCs.

    Figure 15. Property Pages window

    If you do not wish to use the Property Pages window, you may select the DTC by clicking it. Next, from the menu choose View, and then Property Pages. This accomplishes the same task.

  5. When the Membership Header Property dialog box appears, click the Create a new user and ensure that it is unique button.

  6. Next, click the Variables tab. There are three variables that may be set: Script ID, Script Password, and HTML.

    The Script ID and Script Password correspond to the account that the script uses to create our new user. This account must have sufficient privileges in the Membership Directory to create accounts. For our example, we'll use the Administrator account. However, when you go into a production environment, you should change this to another account with the minimal permissions required. (See the Site Server documentation for more information.)

    The HTML value is self-explanatory.

    Click each variable and enter the following values:

    Click the OK button when finished.

    Figure 16. Entering the values for the Membership Header variables

  7. Next, we'll add the username to our form. To do this, insert a Membership Attribute DTC by double-clicking the MemAttributeCtrl in the ToolBox. Then bring up the Property Pages using the same technique used for the Membership Header.

    Figure 17. Adding username to the registration form

  8. Enter your Web site as the application server. Don't forget to include the port number (in our case this was DUNE:82). Then click the Get Attributes button. This retrieves all available attributes for the Member object. Scroll down until you see cn. CN (Common Name) is the same as "username" for Member objects. Highlight cn and click the Options tab.

  9. Under Options, select Username as the user interface (UI) type and Update as the action. Username is a special UI type defined for the cn attribute.

    Figure 18. Choosing UI type and action

  10. Click the Validation tab and click the Input required check box. This forces the user to enter a username. Click the OK button when finished.

    Figure 19. Forcing the login

  11. Using the same technique, insert the UserPassword Membership attribute. Select Specify Password as the UI type, and Update as the action. Specify Password is another unique type of UI that is specific to the UserPassword attribute; cn and UserPassword are the only attributes that have special user interfaces.

    The Validation tab is already set, so click the OK button when finished.

  12. Next, insert a Membership Footer attribute by clicking MemFooterCtrl in the Toolbox. Make sure the attributes are in the following order: Membership Header, Membership Attributes, Membership Footer.

  13. Open the Membership Footer Property pages. Scroll down through the variables until you see URL to forward to on successful completion. Set this variable to registerconfirm.asp.

    The default values for the other variables are fine. Notice the Name of Group to add member to variable. This is Public by default. As you develop your Web site you may want to create several different groups to apply different restrictions to various user subsets. You may change this group to match the restrictions you wish to place on your users.

    Click the OK button when finished.

    Figure 20. Setting the forwarding URL

  14. You are now ready to test your registration page. Right-click the Project name in the Project Explorer window and select View in Browser. When your home page appears, click the free member account link.

    Figure 21. Default.asp

  15. When the registration page appears, enter a Username and Password and click the Submit button.

    Figure 22. Register.asp, the registration form

  16. If your page is working properly, you will be sent to the confirmation page shown here. Click the Members Section link.

    Figure 23. Registerconfirm.asp, the registration confirmation page

  17. The anchor (or link) that we placed on this page links to the default page in the members subdirectory. Because this directory is configured to use Membership HTML Forms Authentication, you are prompted to log in. Click the members section link to try this out. Notice how you are redirected to FormsLogin.asp.

    Figure 24. FormsLogin.asp, the default login page

  18. The Site Server Membership default login page appears. This page is called formslogin.asp and may be modified to reflect the site's look and feel. Enter your UserName and Password and click the Login button. You will be authenticated and sent to the page that you were trying to access—in this case, members/default.asp. (See Figure 25.)

    Figure 25. The default page for the member subsite

  19. Now that you've successfully created a registration page, go back to your register.asp and add another Membership Attribute DTC instance, the Mail attribute. Set the UI type to Single Line Text, the action to Update, and both HTML before fields to the value "Email:".

    View the registration page again using Internet Explorer 4, and see what happens after you make the changes just described to the form. The dialog box that appears on the screen automatically is called the Internet Explorer Profile Assistant.

Creating an Update Page

Now that we've created a self-registration page, you may use the same techniques to create a user update page. Here are some tips on creating the update page.

Adding HTML Tables to Your Forms

Once you've got the hang of using the DTCs, you may want to rework your pages and use an HTML table to align the registration form elements. Let's try this with register.asp.

  1. First, open the property page for the Membership Header DTC and click the Variables tab. Then select the variable HTML to put before the start of the form and enter the value <TABLE>. (See Figure 26.)

    Figure 26. Entering the <TABLE> tag

  2. Continue using this technique to set all of the variables for the Membership DTCs according to the chart shown here.
DTC Variable Value
Cn HTML inserted before the field on input error <TR><TD>Username</TD><TD>
Cn HTML inserted after the field on input error ERROR</TD></TR>
Cn HTML inserted before the field <TR><TD>Username</TD><TD>
Cn HTML inserted after the field </TD></TR>
Userpassword HTML before error password specify input <TR><TD>Specify Password</TD><TD>
Userpassword HTML after error password specify input ERROR</TD></TR>
Userpassword HTML before error verify password input <TR><TD>Retype Password</TD><TD>
Userpassword HTML after error verify password input ERROR</TD></TR>
Userpassword HTML before password specify input <TR><TD>Specify Password</TD><TD>
Userpassword HTML after password specify input </TD></TR>
Userpassword HTML before verify password input <TR><TD>Retype Password</TD><TD>
Userpassword HTML after verify password input </TD></TR>
Mail HTML inserted before the field on input error <TR><TD>Email : </TD><TD>
Mail HTML inserted after the field on input error ERROR</TD></TR>
Mail HTML inserted before the field <TR><TD>Email : </TD><TD>
Mail HTML inserted after the field </TD></TR>
Footer HTML to put before submit button <TR><TD COLSPAN="2" ALIGN="CENTER" >
Footer HTML to put after reset button </TD></TR></TABLE>

Figure 27. Continue adding HTML table tags

  1. After you have added all of the tags just described, your new registration page should resemble Figure 28.

    Figure 28. The new registration form using an HTML table

Resources

To follow is a list of resources that are pertinent to the technologies discussed in this article.

Site Server

LDAP

LDAP IETF RFC-1777:

http://info.internet.isi.edu/in-notes/rfc/files/rfc1777.txt

ADSI

ADSI FAQ:

http://www.microsoft.com/NTServer/nts/exec/overview/ADSIfaqs.asp

Visual InterDev

http://msdn.microsoft.com/vinterdev/