I am getting membership error in my application.
This is my web.config section that is creating error.
<membership defaultProvider="DefaultMembershipProvider">
<providers>
<add name="DefaultMembershipProvider" type="System.Web.Providers.DefaultMembershipProvider, System.Web.Providers, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" connectionStringName="DefaultConnection" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" requiresUniqueEmail="false" maxInvalidPasswordAttempts="5" minRequiredPasswordLength="6" minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10" applicationName="/" />
</providers>
</membership>
Like all other same questions like this one I have read, are telling me about adding defaultProvider and name to this config file.
But I already have defaultProvider and name set to by default in there.
What other customization needs to be done?
You can see this error here-
http://funranger.com
I suspect there is already a membership provider registered before your configuration file is loaded.
You'll need to remove the first membership provider, and this can be done by clearing all providers before you add one, just as you are doing with your connectionstrings.
In the configuration section, inside the membership/providers section, add a element before the element(s).
<membership>
<providers>
<clear/>
<add name="AspNetSqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider" connectionStringName="WorkI" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" requiresUniqueEmail="false" maxInvalidPasswordAttempts="5" minRequiredPasswordLength="6" minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10" applicationName="/"/>
</providers>
</membership>
And also add the below line in your web.config file.
<connectionStrings><add name="DefaultConnection" connectionString="Data Source=YourServername;Initial Catalog=YourDBname;Integrated Security=True;MultipleActiveResultSets=True" providerName="System.Data.SqlClient" /></connectionStrings>
Here is how your membership provider's declaration should look like in the web.config under the system.web element
<membership defaultProvider="SqlProvider" userIsOnlineTimeWindow="15">
<providers>
<clear />
<add
name="SqlProvider"
type="System.Web.Security.SqlMembershipProvider"
connectionStringName="MySqlConnection"
applicationName="MyApplication"
enablePasswordRetrieval="false"
enablePasswordReset="true"
requiresQuestionAndAnswer="true"
requiresUniqueEmail="true"
passwordFormat="Hashed" />
</providers>
</membership>
Related
I want to use custom membership and role provider in MVC4 .
So i added some code to my config file as you can see here:
<membership defaultProvider="AspNetSqlMembershipProvider">
<providers> <clear />
<add name="AspNetSqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider" connectionStringName="authentication" />
</providers>
</membership>
<roleManager enabled="true" defaultProvider="CustomRoleProvider">
<providers>
<clear/>
<add name="CustomRoleProvider"
connectionStringName="authentication"
enablePasswordRetrieval="false" enablePasswordReset="true"
requiresQuestionAndAnswer="false" writeExceptionsToEventLog="false" />
</providers>
</roleManager>
But when i go to ** Web Site Administration Too** for adding role i got this error:
The following message may help in diagnosing the problem: Sections must only appear once per config file. See the help topic for exceptions. (C:\Users\ehsan\Desktop\EducationModel\EducationMVC\web.config line 46)
You have multiple membership providers defined separately:
Removing one of them should get rid of that error. But if you need to have both providers then update as follows:
<membership defaultProvider="MembershipProvider2">
<providers>
<add name="MembershipProvider1" type="WebMatrix.WebData.SimpleMembershipProvider, WebMatrix.WebData" />
<add name="MembershipProvider2" type="System.Web.Providers.DefaultMembershipProvider, System.Web.Providers, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" connectionStringName="DefaultConnection" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" requiresUniqueEmail="false" maxInvalidPasswordAttempts="5" minRequiredPasswordLength="6" minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10" applicationName="/" />
</providers>
</membership>
Here MembershipProvider2 is set as defaultProvider just for example. You would update this with whichever providers you need to use as default.
Hmmmm... I really can't get my head around this.
In web.config I have:
<connectionStrings>
<clear /> <!--- need this to prevent using LocalSqlServer from machine.config or somewhere becouse it is not present when when publish to hosting -->
<add name="DefaultConnection" providerName="System.Data.SqlClient" connectionString="Data Source=.\SQLEXPRESS;Initial Catalog=aspnet-Goaly-20120615111028;Integrated Security=SSPI" />
</connectionStrings>
and
<membership defaultProvider="DefaultMembershipProvider">
<providers>
<!-- I think this line is telling asp.net that I want the membership working agains defaultconnection, and not LocalSqlServer connection????? -->
<add name="DefaultMembershipProvider" type="System.Web.Providers.DefaultMembershipProvider, System.Web.Providers, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" connectionStringName="DefaultConnection" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" requiresUniqueEmail="false" maxInvalidPasswordAttempts="5" minRequiredPasswordLength="6" minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10" applicationName="/" />
</providers>
</membership>
But then it is complaining:
The connection name 'LocalSqlServer' was not found in the applications configuration or the connection string is empty.
When I use the publish from VS2012 RC in the settings tab I get a ModelContext and a DefaultConnection, so how is this supposed to work?
What I want is simply to get the membership tables in the same database as the tables created by modelcontext.
This should be so oob, but I must have overcomplicated it some how.
Thanks for any help.
Regards
Larsi
The default settings for all web sites on a windows machines inherit the settings of 2 configuration files: machine.config and web.config, which can be found in the directory Windows/Microsoft.NET/Framework(or Framework64 for 64 bit)/version/config.
Here is a snippet from the default version of machine.config:
<system.web>
<processModel autoConfig="true"/>
<httpHandlers/>
<membership>
<providers>
<add name="AspNetSqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider, System.Web, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" connectionStringName="LocalSqlServer" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="true" applicationName="/" requiresUniqueEmail="false" passwordFormat="Hashed" maxInvalidPasswordAttempts="5" minRequiredPasswordLength="7" minRequiredNonalphanumericCharacters="1" passwordAttemptWindow="10" passwordStrengthRegularExpression=""/>
</providers>
</membership>
<profile>
<providers>
<add name="AspNetSqlProfileProvider" connectionStringName="LocalSqlServer" applicationName="/" type="System.Web.Profile.SqlProfileProvider, System.Web, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"/>
</providers>
</profile>
<roleManager>
<providers>
<add name="AspNetSqlRoleProvider" connectionStringName="LocalSqlServer" applicationName="/" type="System.Web.Security.SqlRoleProvider, System.Web, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"/>
<add name="AspNetWindowsTokenRoleProvider" applicationName="/" type="System.Web.Security.WindowsTokenRoleProvider, System.Web, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"/>
</providers>
</roleManager>
</system.web>
So the answer to your question is: it is machine.config that establishes the dependency to the LocalSqlServer connection. When you add the <clear/> tag as the other answers to this question suggest, you are removing the reference to the membership provider named AspNetSqlMembershipProvier, and with it the reference to LocalSqlServer.
It is mentioned in the follwing post forumsasp
that adding </clear> tag before your connection string in the membership element and rolemangaer element ( if present in your web.config) will solves the issue.
<membership defaultProvider="DefaultMembershipProvider">
<providers>
<clear/> <!-- solves the issue -->
<add name="DefaultMembershipProvider" type="System.Web.Providers.DefaultMembershipProvider, System.Web.Providers, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" connectionStringName="DefaultConnection" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" requiresUniqueEmail="false" maxInvalidPasswordAttempts="5" minRequiredPasswordLength="6" minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10" applicationName="/" />
</providers>
</membership>
also you can use SqlMetal.exe to add membership tables to your existing database.
There is allready a membershipprovider registered (in one of the root configuration files) before your configuration file is loaded. That membershippprovider points to LocalSqlServer.
You'll need to remove the first membershipprovider, and this can be done by clearing all providers before you add one, just as you are doing with your connectionstrings.
In the <system.web> configuration section, inside the membership/providers section, add a <clear> element before the <add> element(s).
i have application that uses asp.net membership. Unfortunately users password are stored using PasswordFormat clear. I want to change password to hashed format without asking user to setting theirs again. Another restriction is that UserId in Membership table can't be changed. Does anyone have any idea how to do it ?
In your web.config go to
<membership defaultProvider="MyMembershipProvider">
<providers>
<clear/>
<add name="MyMembershipProvider"
type="MyProviders.SqlMembershipProvider"
connectionStringName="MyConnectionString"
maxInvalidPasswordAttempts="5"
passwordAttemptWindow="10"
minRequiredNonalphanumericCharacters="0"
minRequiredPasswordLength="4"
passwordStrengthRegularExpression=""
passwordFormat="Hashed"
enablePasswordReset="true"
enablePasswordRetrieval="false"
requiresQuestionAndAnswer="false"
requiresUniqueEmail="true" />
</providers>
</membership>
And there's a "key generator" snippet in this MSDN article, run it twice and shove them in your web.config as:
<system.web>
<machineKey
validationKey="<blah>"
decryptionKey="<blah>"
validation="SHA1"
decryption="AES"
/>
</system.web>
You can encrypt the passwords by configuring the membership provider setting & keys in web.config
<membership defaultProvider="SqlProvider" userIsOnlineTimeWindow="15">
<providers>
<add
name="SqlProvider"
type="System.Web.Security.SqlMembershipProvider"
connectionStringName="SqlServices"
enablePasswordRetrieval="true"
enablePasswordReset="true"
requiresQuestionAndAnswer="true"
passwordFormat="Hashed"
minRequiredPasswordLength="1"
minRequiredNonalphanumericCharacters="0"
passwordStrengthRegularExpression="^([1-zA-Z0-1#.\s]{1,255})$"
applicationName="NitinJS" />
</providers>
</membership>
I'm building a small website which will have FBA enabled (SqlMembershipProvider) and I want signup to be as simple as possible, just a prompt for username (email address) and password.
How do I remove the security question from the create user control?
My bad, I jumped the gun on that one.
It looks like the control will sense if the underlying provider required a question and answer. So, have you tried disabling it in the web.config?
<add
name="AspNetSqlMembershipProvider"
type="System.Web.Security.SqlMembershipProvider, ..."
connectionStringName="LocalSqlServer"
enablePasswordRetrieval="false"
enablePasswordReset="true"
**requiresQuestionAndAnswer="false"**
applicationName="/"
requiresUniqueEmail="false"
passwordFormat="Hashed"
maxInvalidPasswordAttempts="5"
minRequiredPasswordLength="7"
minRequiredNonalphanumericCharacters="1"
passwordAttemptWindow="10"
passwordStrengthRegularExpression=""
/>
Wrong answer below:
Set the QuestionAndAnswerRequired property to false.
Set requiresQuestionAndAnswer="false" in your web.config
i.e.:
<membership defaultProvider="MySqlMembershipProvider">
<providers>
<clear/>
<add name="MySqlMembershipProvider"
type="System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
connectionStringName="LocalSQL"
enablePasswordRetrieval="false"
enablePasswordReset="true"
requiresQuestionAndAnswer="false"
requiresUniqueEmail="false"
passwordFormat="Hashed"
maxInvalidPasswordAttempts="15"
minRequiredPasswordLength="5"
minRequiredNonalphanumericCharacters="0"
passwordAttemptWindow="10"
passwordStrengthRegularExpression=""
applicationName="/"/>
</providers>
</membership>
I am using the default SQLMembershipProvider in my ASP.NET 2.0 website, and expect the Membership.ValidateUser to lock-out the user after entering a number of wrong passwords (5, in my case) but ValidateUser doesn't seem to be caring about keeping count of bad password attempts and locking out the user.
What's wrong?
The Membership configuration in my web.config:
<membership defaultProvider="SqlMembershipProvider" >
<providers>
<clear />
<add connectionStringName="ConnectionStringName" enablePasswordRetrieval="true"
enablePasswordReset="true" requiresQuestionAndAnswer="false"
requiresUniqueEmail="true" passwordFormat="Encrypted" maxInvalidPasswordAttempts="5"
minRequiredPasswordLength="6" minRequiredNonalphanumericCharacters="0"
passwordAttemptWindow="10" passwordStrengthRegularExpression=""
applicationName="MyApp" name="SqlMembershipProvider"
type="System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
</providers>
</membership>
what is the PasswordAttemptWindow and MaxInvalidPasswordAttempts set to? and is these configuration settings set in the correct web.config? (the one actual in use by the test environment)
Here's the config for my membership usage which is working as required if it's of any use:
<membership defaultProvider="AspNetSqlMembershipProvider" userIsOnlineTimeWindow="30">
<providers>
<remove name="AspNetSqlMembershipProvider" />
<!--
Membership defaults mainly below this point:
connString, reqQ&A - modified - all others currently default.
-->
<add connectionStringName="CustomSqlServerProvider"
name="AspNetSqlMembershipProvider"
type="System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
enablePasswordRetrieval="false"
enablePasswordReset="true"
requiresQuestionAndAnswer="false"
requiresUniqueEmail="false"
passwordFormat="Hashed"
maxInvalidPasswordAttempts="5"
minRequiredPasswordLength="7"
minRequiredNonalphanumericCharacters="1"
passwordAttemptWindow="10"
passwordStrengthRegularExpression=""
applicationName="/" />
</providers>
</membership>
Also, have you tried using the .Login() method for the authentication process instead? That's what i'm using rather than validateuser().
Please set the user.[IsApproved] to true