The ASP.NET User Management module allows you to create, assign, and track users across your organization. It provides email and password-less login, role-based administration with secure access, and flexible password policies. It also supports single sign-on with popular external identity providers. This article explains everything you need to know about this module including features, pricing, functionality, and more.
Features
The following are the key features of the ASP.NET User Management module.
- Full control over user passwords
- Flexible password policies
- Role-based administration
- Free version – with restrictions
- Single sign-on with popular social identity providers
- Email and password-less login
- User-friendly reports and dashboards
- Audit logging
Let’s dive into each one.
Full Control Over User Passwords
The most unique aspect of the ASP.NET User Management module is its support for full control over user passwords. This level of control allows you to reset a user’s password, change it to any value, or remove it altogether. You can lock or prohibit the use of specific passwords and require users to use a combination of letters and digits. You can force users to change their passwords periodically.
In larger organizations, this level of control can be extremely helpful. Even for smaller installations, a little bit of flexibility can go a long way. For example, you might want to allow employees to use the same password for multiple purposes (such as their email login and an application specific login). The ability to do this kind of thing in an authenticated manner allows employees to feel more comfortable using a shared password without having to memorize a different one for each account.
Flexible Password Policies
Flexible password policies are an essential part of any security-conscious organization. The ASP.NET User Management module supports a number of different password policies, including the following:
- Minimum length
- Maximum length
- Character set (i.e., allowed characters)
- Numbers, uppercase letters, lowercase letters, and special characters
- Must use character, uppercase letter, lowercase letter, and number
- No consecutive identical characters
- Password must contain at least two of the following: uppercase letter, lowercase letter, number, and special character
These policies are extremely useful when combined to form a comprehensive password policy. For example, you might want to require that a user choose a password containing a combination of uppercase and lowercase letters, and then also require them to choose a number and special character. This can make it significantly more difficult for an attacker to guess a user’s password.
Role-Based Administration
The ASP.NET User Management module supports role-based administration. This feature allows you to create and assign specific rights and responsibilities to different groups of users. For example, you might want to create a sales role and give that user the rights to access order and invoice information, or you might want to create an administrative assistant role and give that user the rights to view all active orders, change billing addresses, and delete obsolete information.
One of the most useful roles you can create is the administrator. An administrator can view every aspect of an account and make changes as necessary. This means they have full control over users, passwords, and security. In some situations, you might not want to give the administrator all the rights available – especially if you are also going to give them responsibility for managing users and passwords. In that case, you would want to create a role with fewer permissions, such as the sales or purchasing administrator.
To add or modify rights for a user, navigate to their profile page and click the gear icon on the far right. From here, you can:
- Edit the user’s permissions
- Assign the user to a role
From the above list, it is clear that the Administrator can do anything an ordinary user can do. However, in addition to viewing and updating user details, the administrator can also perform the following tasks:
- Change a user’s password
- Delete a user
- Assign the user to a role
- Change the user’s email address
- Remove the user’s access to the entire website
It is also important to remember that the administrator always views every aspect of a user’s account, even when he/she is not directly involved in the account’s maintenance. This means that if you are using multiple administrators for different areas of your organization, you must ensure that each one has a user’s perspective. This way, you can be sure that all the important information is being seen and used by the right person.
Secure Access To All Areas Of The Website
The ASP.NET User Management module provides a number of security measures to keep your website and database secure. These include:
- Transparent Password Hashing
- IP Address Management
- Two Factor Authentication (2FA)
- Secure Sockets Layer (SSL) Certificate
- and more…
Transparent Password Hashing is a method of storing passwords that does not require any additional security measures. This type of hashing makes it extremely easy for anyone with the plaintext password to log in as that user. The only way to stop that from happening is to change the password – a cumbersome task if you ask me. But, let’s say a user chooses a password that is easy to guess (such as “123456”) or is written down on a sticky note and shared with coworkers. In that case, you would want to utilize the other security features available to prevent that user from being misused.
Secure Sockets Layer (SSL) Certificate
The use of encryption for web traffic is becoming more and more commonplace. Most websites use some type of https as part of their web address (i.e., https://store.google.com) to indicate they are using encryption. The type of encryption used and the strength of the encryption used can vary from website to website, and it is important to research which type of encryption is used when visiting a particular site.
When a user visits a site that uses an SSL certificate, they see a small lock icon in the address bar. When the user clicks on the lock, they see a warning window pop up. This window warns the user that their connection is not secure and gives them an option to continue or cancel the connection. In most situations, the warning should not be necessary as the lock icon on the address bar indicates that the connection is secure.
If you do not have a VPN or use an insecure connection to the internet, you are putting your organization at risk. This is especially important for larger organizations where the network administrators might not be as vigilant as they could be when it comes to security. To add an extra layer of security, you could require employees to use a company-issued VPN or connect to a trusted network when accessing sensitive information online.
Single Sign-On With Popular External Identity Providers
The single sign-on (SSO) feature in ASP.NET User Management allows users to seamlessly login to your website or app using their external identity. In other words, when a user clicks the Login button on your website or app, they are automatically directed to the identity provider’s website or app to login. They do not have to input their email and password every time they use your product.
One of the most useful features of this functionality is the ability to choose different identity providers to serve as your login screen. You can configure which providers your users can use and update their information as necessary. Once an identity provider is configured, all your users will have the option to use it.
External identity providers that support SSO with ASP.NET User Management include the following: