We are running several applications on the same aspnetdb.
They are all using the same MembershipProvider. Sometimes we are getting "weird values" for Profile properties. It seems that the application is using data from a different application.
We already use different ApplicationName parameters.
Is there a way to clearly separate the applications without using distinct databases for the profiles?
This post is useful for what you need
http://weblogs.asp.net/scottgu/archive/2006/04/22/Always-set-the-_2200_applicationName_2200_-property-when-configuring-ASP.NET-2.0-Membership-and-other-Providers.aspx
<membership>
<providers>
<clear/>
<add name="AspNetSqlMembershipProvider"
type="System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
connectionStringName="LocalSqlServer"
enablePasswordRetrieval="false"
enablePasswordReset="true"
requiresQuestionAndAnswer="true"
requiresUniqueEmail="false"
passwordFormat="Hashed"
maxInvalidPasswordAttempts="5"
minRequiredPasswordLength="7"
minRequiredNonalphanumericCharacters="1"
passwordAttemptWindow="10"
passwordStrengthRegularExpression=""
applicationName="/"
/>
</providers>
</membership>
Add the same connectionstring for each application, and set different names in applicationName attribute
Related
I'm trying to implement membership with oracle. I have created the database perfectly, but I can not access from my App. The database is on a dadicated server, and the error that its shows me is "OracleConnection.ConnectionString is invalid" but I know that is correct.
I have used this connection with ADO.NET and I works perfectly.
Can I use a remote server to implement membership? because this is the only explinantion that I could find...
This is my connectionstring.
Thanks in advance!
I found the solution in this post:
Setting up the default AspNetSqlProvider to point to remote database
So my web.config looks like:
<connectionStrings>
<add name="ApplicationServices" connectionString="DATA SOURCE=(DESCRIPTION= (ADDRESS=(PROTOCOL=TCP)(HOST=EUBEWD92Z1.jnj.com)(PORT=1521))(CONNECT_DATA=(SERVER=DEDICATED)(SERVICE_NAME=XE))); user id=user; password=pass;" providerName="Oracle.DataAccess.Client"/>
</connectionStrings>
<membership>
<providers>
<remove name="OracleMembershipProvider"/>
<add name="OracleMembershipProvider"
type="System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
connectionStringName="ApplicationServices"
enablePasswordRetrieval="false"
enablePasswordReset="true"
requiresQuestionAndAnswer="true"
applicationName="/"
requiresUniqueEmail="false"
passwordFormat="Hashed"
maxInvalidPasswordAttempts="5"
minRequiredPasswordLength="7"
minRequiredNonalphanumericCharacters="1"
passwordAttemptWindow="10"
passwordStrengthRegularExpression=""/>
</providers>
</membership>
I am getting membership error in my application.
This is my web.config section that is creating error.
<membership defaultProvider="DefaultMembershipProvider">
<providers>
<add name="DefaultMembershipProvider" type="System.Web.Providers.DefaultMembershipProvider, System.Web.Providers, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" connectionStringName="DefaultConnection" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" requiresUniqueEmail="false" maxInvalidPasswordAttempts="5" minRequiredPasswordLength="6" minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10" applicationName="/" />
</providers>
</membership>
Like all other same questions like this one I have read, are telling me about adding defaultProvider and name to this config file.
But I already have defaultProvider and name set to by default in there.
What other customization needs to be done?
You can see this error here-
http://funranger.com
I suspect there is already a membership provider registered before your configuration file is loaded.
You'll need to remove the first membership provider, and this can be done by clearing all providers before you add one, just as you are doing with your connectionstrings.
In the configuration section, inside the membership/providers section, add a element before the element(s).
<membership>
<providers>
<clear/>
<add name="AspNetSqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider" connectionStringName="WorkI" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" requiresUniqueEmail="false" maxInvalidPasswordAttempts="5" minRequiredPasswordLength="6" minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10" applicationName="/"/>
</providers>
</membership>
And also add the below line in your web.config file.
<connectionStrings><add name="DefaultConnection" connectionString="Data Source=YourServername;Initial Catalog=YourDBname;Integrated Security=True;MultipleActiveResultSets=True" providerName="System.Data.SqlClient" /></connectionStrings>
Here is how your membership provider's declaration should look like in the web.config under the system.web element
<membership defaultProvider="SqlProvider" userIsOnlineTimeWindow="15">
<providers>
<clear />
<add
name="SqlProvider"
type="System.Web.Security.SqlMembershipProvider"
connectionStringName="MySqlConnection"
applicationName="MyApplication"
enablePasswordRetrieval="false"
enablePasswordReset="true"
requiresQuestionAndAnswer="true"
requiresUniqueEmail="true"
passwordFormat="Hashed" />
</providers>
</membership>
I have this membership provider, and I'm using the "website administration tool" launched from Visual Studio->PROJECT->ASP.NET Configuration.
<membership>
<providers>
<add connectionStringName="DefaultConnection" enablePasswordRetrieval="false"
enablePasswordReset="true" requiresQuestionAndAnswer="false"
requiresUniqueEmail="true"
maxInvalidPasswordAttempts="5"
minRequiredPasswordLength="6"
minRequiredNonalphanumericCharacters="0"
passwordAttemptWindow="10"
applicationName="/" name="DefaultMembershipProvider" type="System.Web.Providers.DefaultMembershipProvider, System.Web.Providers, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
</providers>
</membership>
Changing these minRequiredPasswordLength="6", minRequiredNonalphanumericCharacters="0" has no effect so I suspect it's not using that provider.
Adding <clear/> before the add only makes it worse and proves it's getting it elsewhere.
<membership>
<providers>
<clear/>
<add....
This leads to this message on the page http://localhost:58144/asp.netwebadminfiles/security/security0.aspx:
The following message may help in diagnosing the problem: Default Membership Provider could not be found.
So how can I tell it to use that provider, or how can I configure the provider to what it expects?
I must give it a default provider here:
<membership defaultProvider="DefaultMembershipProvider">
I'm building a small website which will have FBA enabled (SqlMembershipProvider) and I want signup to be as simple as possible, just a prompt for username (email address) and password.
How do I remove the security question from the create user control?
My bad, I jumped the gun on that one.
It looks like the control will sense if the underlying provider required a question and answer. So, have you tried disabling it in the web.config?
<add
name="AspNetSqlMembershipProvider"
type="System.Web.Security.SqlMembershipProvider, ..."
connectionStringName="LocalSqlServer"
enablePasswordRetrieval="false"
enablePasswordReset="true"
**requiresQuestionAndAnswer="false"**
applicationName="/"
requiresUniqueEmail="false"
passwordFormat="Hashed"
maxInvalidPasswordAttempts="5"
minRequiredPasswordLength="7"
minRequiredNonalphanumericCharacters="1"
passwordAttemptWindow="10"
passwordStrengthRegularExpression=""
/>
Wrong answer below:
Set the QuestionAndAnswerRequired property to false.
Set requiresQuestionAndAnswer="false" in your web.config
i.e.:
<membership defaultProvider="MySqlMembershipProvider">
<providers>
<clear/>
<add name="MySqlMembershipProvider"
type="System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
connectionStringName="LocalSQL"
enablePasswordRetrieval="false"
enablePasswordReset="true"
requiresQuestionAndAnswer="false"
requiresUniqueEmail="false"
passwordFormat="Hashed"
maxInvalidPasswordAttempts="15"
minRequiredPasswordLength="5"
minRequiredNonalphanumericCharacters="0"
passwordAttemptWindow="10"
passwordStrengthRegularExpression=""
applicationName="/"/>
</providers>
</membership>
I am using the default SQLMembershipProvider in my ASP.NET 2.0 website, and expect the Membership.ValidateUser to lock-out the user after entering a number of wrong passwords (5, in my case) but ValidateUser doesn't seem to be caring about keeping count of bad password attempts and locking out the user.
What's wrong?
The Membership configuration in my web.config:
<membership defaultProvider="SqlMembershipProvider" >
<providers>
<clear />
<add connectionStringName="ConnectionStringName" enablePasswordRetrieval="true"
enablePasswordReset="true" requiresQuestionAndAnswer="false"
requiresUniqueEmail="true" passwordFormat="Encrypted" maxInvalidPasswordAttempts="5"
minRequiredPasswordLength="6" minRequiredNonalphanumericCharacters="0"
passwordAttemptWindow="10" passwordStrengthRegularExpression=""
applicationName="MyApp" name="SqlMembershipProvider"
type="System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
</providers>
</membership>
what is the PasswordAttemptWindow and MaxInvalidPasswordAttempts set to? and is these configuration settings set in the correct web.config? (the one actual in use by the test environment)
Here's the config for my membership usage which is working as required if it's of any use:
<membership defaultProvider="AspNetSqlMembershipProvider" userIsOnlineTimeWindow="30">
<providers>
<remove name="AspNetSqlMembershipProvider" />
<!--
Membership defaults mainly below this point:
connString, reqQ&A - modified - all others currently default.
-->
<add connectionStringName="CustomSqlServerProvider"
name="AspNetSqlMembershipProvider"
type="System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
enablePasswordRetrieval="false"
enablePasswordReset="true"
requiresQuestionAndAnswer="false"
requiresUniqueEmail="false"
passwordFormat="Hashed"
maxInvalidPasswordAttempts="5"
minRequiredPasswordLength="7"
minRequiredNonalphanumericCharacters="1"
passwordAttemptWindow="10"
passwordStrengthRegularExpression=""
applicationName="/" />
</providers>
</membership>
Also, have you tried using the .Login() method for the authentication process instead? That's what i'm using rather than validateuser().
Please set the user.[IsApproved] to true