Home > Computers and Internet, Programming (and Scripting) > A Quick ASP.NET Web Parts Tutorial Using SQL Server 2008

A Quick ASP.NET Web Parts Tutorial Using SQL Server 2008

25-Jul-08 11:26 pm EDT Leave a comment Go to comments
This treatise on developing a web portal is authored by a well-known Microsoft MVP named Omar Al Zabir (blog), CTO of PageFlakes, a portal software company.  DropThings is the OSS version of their title product, and is intended as a teaching tool, although there are clearly opportunities to extend it into many other applications.

After doing a fair bit of work with Microsoft SharePoint 3.0 / 2007 of late, I decided I wanted to expand my personal website beyond the capabilities offered at Live Spaces.  Specifically, I wanted my personal website to offer some of the same capabilities that are available with SharePoint but couldn’t use the SharePoint platform very easily at home since, of course, neither WSS or SharePoint work on non-Server Windows platforms.  (Plus, even while I work for Microsoft, there may be issues with my setting up a developer-license instance of the software to run a quasi-personal application online – issues I’d rather not have to worry about.)  So I decided to locate another “light-weight” portal alternative to host applications and information the way I wanted.  Much to my shock, there is a fairly mature open-source project with an accompanying book that’s been recently published that instructs you on how to go about building your own web portal – from scratch!  (Well, if you really want to…which I don’t.)  The book is called “Building a Web 2.0 Portal with ASP.NET 3.5“, which is very apropos.

Because SharePoint is out-of-scope for this little project, I’d have to review my understanding of ASP.NET Web Parts once more (as I hadn’t used them in a while).  Web Parts were integrated into the .NET Framework 2.0, so they’ve been around for a couple of years.  As the name suggests, they offer a means for web developers to isolate functionality into a smaller region of a single web page so that other functionality may be displayed alongside – exactly as would occur in a web portal. However, there a many options one can configure which gives Web Parts a lot of power and potential, but also generates a bit of a learning curve.  And this is another case where the MSDN doesn’t get you there especially fast.  This is, in part, the motive for me writing this article; although it’s also my intent to get you, the reader, to understand the context of each step I’m walking you through – but while focused on the goal of getting a couple of web parts going in as few steps as possible.

Step 1: Create & Configure the Personalization Database

The first hurdle one needs to clear is dealing with the fact we’re not using SQL Server Express.  It seems Microsoft is trying to get SQL Express running everywhere – even on desktops fully equipped with the much more sophisticated and powerful Microsoft SQL Server 2008 (or 2005 if you’ve yet to upgrade – these instructions should work for the elder database too).  Web Parts are a technology that are almost entirely intended to work with a .NET Personalization Provider, which in turn is associated with .NET Membership and Internet Information Service (IIS) site providers.  Indeed, you can get a peek at these various IIS web site options presented in the new IIS 7.0 management console on Windows Vista or Server 2008 by clicking on a web site and selecting “Providers” (ASP.NET area).  The figures below demonstrate how to access the different providers from within the IIS management console.  In fact, the one we’re looking for likely won’t be there – we have to create it, and the database where it will store its data.  And, while it’s possible for us to build a new provider programmatically using the instructions given us by the good folks at MSDN, Microsoft has generously provided us with a tool called “aspnet_regsql.exe” along with the .NET Framework 2.0 tools which greatly abbreviates this process:

Each IIS 7.0 website can be configured using a control panel-like window that serves as the configuration tool for Microsoft’s latest web server.  (Click image to enlarge.) Providers come in several flavours, including the 3 identified in the drop-down menu depicted above.  But there’s still more; and although the provider needed to leverage SQL Server 2008/5 is of the same type as the Users provider highlighted here, it must be registered through insertion into the <webParts> block in web.config.  (Click image to enlarge; read below for more details.) After running aspnet_regsql.exe, a configuration wizard appears – displaying the very screen depicted in this image (click to enlarge).  The wizard will prompt you for details about the name of the database server and instance, along with security options.  It concludes by giving the connection string to add to web.config along with some final instructions.

Step 2: Create & Configure Host Web Application

After completing the wizard, we’ll need to get a page with some web parts ready.  This means we’ll need to create a good, ol’ fashioned ASP.NET web application.  (This can be most easily achieved using Visual Studio 2008 or Visual Studio 2008 Express Edition.¹)  We can use Default.aspx to start with, which we’ll use to play host to a WebPartsManager control.  Below is a sample of the control’s configuration in the HTML source for the page:

    1     <asp:WebPartManager ID=”zoneManager” runat=”server”>

    2         <Personalization ProviderName=”SqlMembershipProvider” />

    3     </asp:WebPartManager>

Listing 2.1: WebPartManager Control HTML Source (Default.aspx)

Of course, the ID property can be modified to suit your own naming preference.  As can the ProviderName of the Personalization tag the WebPartManager encapsulates.   However, it is important to keep the name of the Personalization Provider, as you’ll need to add this to the web application’s web.config file.

Figure 2.1: Add Web Site Dialogue (click to enlarge)

Figure 2.2: Add Web Site Connect As dialogue (click to enlarge), used to configure security – required for Web Parts to operate correctly.

But before editing web.config, we should first take a moment to make sure IIS has assigned a web site and application pool to the folder this application has been created in.  Visual Studio doesn’t do this for you automatically anymore, by default.  So return to the IIS Management console, as discussed in Step 1 and simply create a new IIS web application.  On both IIS 6.0 and 7.0, you’ll be prompted with a screen similar to that depicted right (Figure 2.1; very similar in the case of IIS 7.0).  Of course, you’ll want to select a unique name and app pool for the new site, in addition to a unique port number.  You’ll also note the button highlighted in the image, labeled “Connect as…” – which results in a small dialogue (Figure 2.2) that allows one to configure authentication for the new site.

Consideration of security is important when configuring any application using web parts.  Although one can certainly have web parts without enabling personalization, they aren’t anywhere near as useful without it for the simple reason it isn’t possible to retain any information about any of the web parts beyond a single user session otherwise.  However, in the interests of simplicity, I’ve configured this sample application to use Windows authentication (i.e. using the NTLM) so that the current Windows account will be acquired from the browser when the user hits Default.aspx and passed on through both to the .NET runtime and the SQL Server database.  In a production environment, you’d have to consider using a service account and adding it to the dialogue in Figure 2.2 and then read up a little further in the MSDN documentation to figure out how to use other authentication models, such as Basic (forms) authentication, or whatever.  All of this configuration metadata would be placed in the web.config and, ultimately, added to the data in the membership database.

The final security setting we need to concern ourselves with here involves choosing the authentication model(s) the application will support.  For veteran web developers reading this, it’s probably obvious that we need to eliminate the Anonymous Authentication option if we want our credentials passed through the NTLM – but it’s something that can be forgotten if one is removed from web development from too long.  The error messages (if any) that can result from overlooking this setting may also not point to this being the trouble immediately – if anonymous (guest) credentials are used, after all, the application may work to an extent, but personalization features would not.

It is here we’ll also want to enable the Windows Authentication option and ASP.NET impersonation.  The ASP.NET impersonation may also be useful in he scenario described earlier involving the creation of an NTLM service account for your own custom web parts application but, again, for this example we’ll be sticking with simply enabling these two which means the user you’re logged in as when you hit Default.aspx with your browser will be the credentials used to access the database and any other resources.

So, having setup our new IIS web application and having created the application project in Visual Studio, it’s time to move on to the web.config itself.  Below is an excerpt of the pertinent blocks from the web.config of my sample web parts application:

   48     <authenticationmode=Windows />


   50     <webParts>

   51       <personalizationdefaultProvider=SqlMembershipProvider>

   52         <providers>

   53           <addname=SqlMembershipProvidertype=System.Web.UI.WebControls.WebParts.SqlPersonalizationProvider, System.Web, Version=, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3aconnectionStringName=SqlServicesapplicationName=WebPartsTrial />

   54         </providers>

   55       </personalization>

   56     </webParts>

Listing 2.2: WebPartsTrial web.config, WebParts Personalization Provider blocks

On line 48, you’ll notice we’ve gone with Windows authentication, making our application use the same security preference as that which we’ve recently setup in IIS.  Then we create the registration for our web parts’ Personalization Provider.  Unfortunately, I’ve selected the name SqlMembershipProvider for the name of this web parts Personalization Provider instance.  This might seem a bit confusing if you read some of the MSDN documentation concerning ASP.NET providers because there is a .NET class of that same name.  But that class has no relevance to our efforts here, so just try to keep in mind that it’s just a name for our provider here and not get it confused with anything else.

Of course, it’s certainly possible to have other providers defined here, but they would be redundant (i.e. storing our data in two different places at once).  And it’s possible to store personalization data anywhere you want – instructions exist on the MSDN website detailing how to create a custom provider.  Thus instead of using a SQL Server database you could use a MySQL server, and XML file, an MS Access database – or even an MS Excel spreadsheet if you wanted to be really adventurous.  Of course, such endeavors are beyond the scope of this article.

There are two other attributes in the listing above of note; the first is the applicationName attribute, which simply identifies the application token in the membership database.  This is needed because it is quite possible to have more than one application use the same membership data, which is what you might want to do if you wanted to maintain the existing credentials and preferences for several applications.  The typical approach is to have discrete membership databases (containing discrete settings) for each application, notwithstanding perhaps scenarios where a suite of applications shared by the same users form a core tool set or other special scenarios of the like (more common in larger organizations).

The other attribute is our connectionStringName.  As any web.config with a data-driven application needs to have one or more connection strings instructing the Windows ODBC drivers how to connect to them, our Personalization Provider simply needs the name of the string used to connect to our SQL Server database instance.  The listing below is the one used with my sample web parts application:

   25   <connectionStrings>

   26     <addname=SqlServicesconnectionString=Data Source=.;Initial Catalog=WebPartsTrial_Membership;Integrated Security=True />

   27   </connectionStrings>

   28   <system.web>

Listing 2.3: WebPartsTrial web.config, Personalization DB Connection String

Thus, the name of our connection string, “SqlServices“, specified on line 26 is the name provided for the connectionStringName setting on line 53 of the pervious listing.  (Note: both listings are from the same web.config file.)  Of course, the connectionString attribute itself (also on line 26, above) is a fairly typical example of an ODBC connection string for a SQL Server database instance called “WebPartsTrial_Membership”, hosted on the same machine as the IIS web server the web.config is stored on, using integrated NTLM security and thus the account credentials of the user hitting Default.aspx or any other web pages constituting the web application associated with that web.config.

This concludes the basic configuration steps and coverage of rudimentary options for web parts applications.  Now, if we refer back to Listing 2.1 we can readily see what the appropriate response is for the ProviderName attribute; and how that name refers back, ultimately, to the membership database itself.

Step 3: Building Web Parts – The Easy Way



¹ There are several components to Visual Studio Express (VSE), including Visual Web Developer 2008 (Express Ed.).  Because each of the VSE tools are semi-independent, rather than integrated as the commercial tool, some of the basic features may operate differently.  This outline was written using Visual Studio 2008 Team Suite (VSTS), which includes an amalgam of Visual Studio Development, Test, Architecture and Database editions.

  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s


Breaching the barrier between PC and Console.

Terry Glavin


Techno Manor

Geek's Corner


an IT blog.. and an occasional rant

Yammer Site Status

Is Yammer down? Offline? Broken? Undergoing scheduled maintenance? When will it be back? Find out here.


A journey full of wonderful experiences

Azure and beyond

My thoughts on Microsoft Azure and cloud technologies


Startup and Technology News

Ottawa Citizen

Ottawa Latest News, Breaking Headlines & Sports

National Post

Canadian News, World News and Breaking Headlines

Targeted individuals's

One Government to rule them all.

Joey Li's IT Zone

Everything about IT


Unravelling the magik of code...

The Bike Escape

Because Cycling is Life

The Ross Report

Now you know where you need to know more...

Lights in the Dark

A journal of space exploration

Strength Rehabilitation Institute

Bridging the gap between physiotherapy and exercise.

Little Girl's Mostly Linux Blog

Nothing to see here. Move along...

%d bloggers like this: