Using the forms authentication tables in ASP Identity - asp.net

I have a database which is created using Forms authentication in asp.net but now i want to develop an other application which uses the same user names and passwords and should be able to login to the new App which is developed using MVC 5 Aspnet Identity. So i want to be able to authenticate the user in the new App using their old creds.
My old database structure
I know that Asp Identity Individual Authentication mode will generate other set of tables i would also like to stop this default behavior as i don't want Iddentity tables created in the old Db.
PLease guide me how could i achieve this. Thanks

Web Forms and MVC both use ASP.NET Membership by default. If your old application uses a membership provider it should be fairly easy to adapt it to MVC. If not, you have the option of either creating a new membership provider that uses your existing database or replacing the authentication mechanisms of the MVC application.
I recommend this as a starting point for your research: http://weblogs.asp.net/jongalloway/asp-net-mvc-authentication-customizing-authentication-and-authorization-the-right-way
Alternatively, there are a variety of ways you could migrate user accounts from the old application to the new MVC application. If backward-compatibility with the old application is not necessary, this may be your best (simplest) option.

So After the things i have tried. i have got it working.
1) Install the nuget package for web providers
Install-Package Microsoft.AspNet.Providers.Core
2) Cop these web config sections and add them in web config under Section
<profile defaultProvider="DefaultProfileProvider">
<providers>
<add name="DefaultProfileProvider" type="System.Web.Providers.DefaultProfileProvider, System.Web.Providers, Version=2.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" connectionStringName="DefaultConnection" applicationName="/" />
</providers>
</profile>
<membership defaultProvider="DefaultMembershipProvider">
<providers>
<add name="DefaultMembershipProvider" type="System.Web.Providers.DefaultMembershipProvider, System.Web.Providers, Version=2.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" connectionStringName="DefaultConnection" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" requiresUniqueEmail="false" maxInvalidPasswordAttempts="5" minRequiredPasswordLength="6" minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10" applicationName="/" />
</providers>
</membership>
<roleManager defaultProvider="DefaultRoleProvider">
<providers>
<add name="DefaultRoleProvider" type="System.Web.Providers.DefaultRoleProvider, System.Web.Providers, Version=2.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" connectionStringName="DefaultConnection" applicationName="/" />
</providers>
</roleManager>
3) Point your default connectionString towards the existing DB which consists users or you can add new connection string and use that name in the above web config sections replacing "DefaultConnection" with "newConnection"
Now you are good to go.
Just verify the Validity of the user by Membership.ValidateUser("username","password")

Related

Aspnet web site administration tool, Users table or aspnet_users table

Why do my users and roles end up in Users and Roles tables and not aspnet_users and aspnet_roles?
When I use the Aspnet web site administration tool (visualstudio->menu->project->aspnet configuration to add a user it ends up in the Users table; and new roles in the Roles table.
Everything I have read on the subject says aspnet_users and aspnnet_roles.
I am using aspnetmvc4 (beta), sqlserver2008r2, visualstudio2010. I have created the aspnet_xxx-tables in the database through aspnet_regsql.exe. I sniff sqlserver and get queries against Users and Roles. It even creates an Applications table.
As per request, the membership part of web.config:
<membership defaultProvider="DefaultMembershipProvider">
<providers>
<clear />
<add connectionStringName="DefaultConnection" enablePasswordRetrieval="false"
enablePasswordReset="true" requiresQuestionAndAnswer="false"
requiresUniqueEmail="false" maxInvalidPasswordAttempts="5"
minRequiredPasswordLength="6"
minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10"
applicationName="/"
name="DefaultMembershipProvider"
type="System.Web.Providers.DefaultMembershipProvider, System.Web.Providers, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
</providers>
</membership>
Old school ASP.NET 2.0+ providers (System.Web.XXX.SqlXXXProvider)
--> Uses the aspnet_Users and aspnet_Roles tables, via stored procs.
The new Universal Providers (System.Web.Providers.XXX)
--> Uses the Users and Roles tables, via (EF-generated?) SQL.
More info here (from Mr Scott H):
http://www.hanselman.com/blog/IntroducingSystemWebProvidersASPNETUniversalProvidersForSessionMembershipRolesAndUserProfileOnSQLCompactAndSQLAzure.aspx

Create a brand new custom membership provider and authenticate from that

I have to develop a brand new custom membership provider(MyCustomProvider) in which i have to implement all the methods like validate user, CreateUser and all other and use this membership provider as authentication mechanism for my sharepoint site. I have implemented it completely. Now i am left with using it for authentication. I want to know how to proceed further.
After implementing your Provider you just set it up in the web.config:
<configuration>
<system.web>
<membership defaultProvider="MyCustomProvider" userIsOnlineTimeWindow="15">
<providers>
<clear/>
<add name="MyCustomProvider" type="My.Namespace.MyCustomProvider" connectionStringName="myConnStr"
enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" requiresUniqueEmail="true"
maxInvalidPasswordAttempts="5" minRequiredPasswordLength="6" minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10"
applicationName="MyApp" />
</providers>
</membership>
</system.web>
</configuration>
Then you can use Forms Authentication, Login Controls and all the other cool features.
Also check out this MSDN example for custom Membership Providers
I suggest you to read - Examining ASP.NET's Membership, Roles, and Profile

custom Membership provider

I am new in ASP I am doing a web Site with a custom Membership provider, because I don't need a BBDD to save my user only XMLFile.
I am folling this example
http://madskristensen.net/post/XML-membership-provider-for-ASPNET-20.aspx
but now I don't Know, how to create my logon method to comunicate with my custom MembershipProvider.
There are any examples o documentations to learn about this.!!!!
Thanks a lot!!!
If you create a new ASP.NET MVC 3 Web Application it will contain an AccountController an related Account views that should work with your custom membership provider.
The only change you should need to make is to change the "type" to your custom provider in the membership section of the web.config (see sample below):
<membership>
<providers>
<clear/>
<add name="AspNetSqlMembershipProvider" type="MY.CUSTOM.MembershipProvider" connectionStringName="ApplicationServices"
enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" requiresUniqueEmail="false"
maxInvalidPasswordAttempts="5" minRequiredPasswordLength="6" minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10"
applicationName="/" />
</providers>
</membership>

asp.net membership select provider

I've done this before but can't remember how for the life of me. I used aspnetreg_sql.exe to create the membership tables in my database. But now i cant seem to be able to point my web app to the correct database. In the provider settings in asp.net management interface i only see a radio button with the label "AspNetSqlProvider" but I can only test it (in which it always fails). I can't modify the connection. Can someone help me with this?
Cheers,
Billy
The membership provider needs to clear the existing result and add in the new result with the new connection; the default uses the local sql server.
<membership defaultProvider="p">
<providers>
<clear />
<add name="p" type="System.Web.Security.SqlMembershipProvider" connectionStringName="myConnectionString" ... />
</providers>
So the keys here is to clear the existing provider, setting the default provider to the name of your entry, and adding a new entry with the in-built membership provider that points to your DB.
Look for something like this in the web.config:
<membership defaultProvider="AspNetSqlProvider" userIsOnlineTimeWindow="15">
<providers>
<add name="zzz" type="System.Web.Security.SqlMembershipProvider" connectionStringName="appServicesConn" applicationName="zzz" enablePasswordRetrieval="false" enablePasswordReset="false" requiresQuestionAndAnswer="false" requiresUniqueEmail="false" minRequiredNonalphanumericCharacters="0" maxInvalidPasswordAttempts="5" minRequiredPasswordLength="8" passwordAttemptWindow="5" passwordStrengthRegularExpression="" passwordFormat="Hashed" />
</providers>
That should point you to the connection string.
The connection information should be in the web.config file under the <connectionstrings> section.

Using one Asp.net Membership database with multiple applications Single Sign On

I have two asp.net applications on one IIS server and I would like to use the same back end asp_security database and membership provider. I've read that all I have to do is reference the same application name in both web configs as I'm doing now, but I must be doing something wrong
In each applications web.config I have this section.
<membership>
<providers>
<clear/>
<add name="AspNetSqlMembershipProvider"
type="System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
connectionStringName="membership"
enablePasswordRetrieval="false"
enablePasswordReset="true"
requiresQuestionAndAnswer="false"
applicationName="/"
requiresUniqueEmail="false"
minRequiredPasswordLength="5"
minRequiredNonalphanumericCharacters="0"
passwordFormat="Hashed"
maxInvalidPasswordAttempts="5"
passwordAttemptWindow="10"
passwordStrengthRegularExpression=""
/>
</providers>
</membership>
When I log in from application A and browse to application B application B doesn't seem to know anything about me or my credentials from application A. Anyone have any ideas what I'm doing incorrectly?
Just for closure sake I will answer how I did achieved the goal of what my original question meant to ask for.
I had two asp.net applications on one IIS server. It was my goal to make it so when user logged onto app1 their user credentials would be available in app2. Configuring the asp.net membership provider is only one step of what I was looking for. Even if both apps were using the same back end database and provider I still wouldn't be authenticated when I hit app2. What I was looking for was a Single Sign On solution.
Once you have both apps pointing at your asp_membership database by placing the following in the system.web section of your web config
<authentication mode="Forms" />
<membership>
<providers>
<clear/>
<add name="AspNetSqlMembershipProvider"
type="System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
connectionStringName="membership"
applicationName="/"
/>
</providers>
</membership>
<roleManager enabled="true" />
make sure both have the same applicationname property set.
I was using IIS 6 so I configured it to autogenerate a machine key for both applications. Because both of these applications live on the same machine the key would be identical, this is the critical part to making the SSO work. After setting up IIS the following was added to my web.config
<machineKey decryptionKey="AutoGenerate" validation="SHA1" validationKey="AutoGenerate" />
That was all there was to it. Once that was done I could log into app1 and then browse to app2 and keep my security credentials.
Thanks for the push in the right direction.
If my understanding serves me correctly, the users authentication credentails are stored within the HTTP context of each application. So switching between the two applications will not automatically authenticate the user, since a new context will be created when you switch to app B.
What I believe may the correct approach would be to use the DefaultCredentials (or UseDefaultCredentials property to True) of the current user prior to switching to app B.
When you say switch what do you mean eg. open a different browser window and access app B or request a page from appB from appA?

Resources