I have created a website for my university that requires membership.
I used the web administration tool from Visual Studio and created Users and Rules.When i test it from Visual Studio it works fine.
The Web Administration Tool automatically creates a SQL database named ASPNETDB.MDF in the App_Data folder that saves membership data.
My question is will the database work when i add the website at the IIS? Do i have to create a sql server database and add a connection?Please answer me.It's really important.
i only want a very basic membership.
You can use db from /App_Data as explained in this SO answer:
ASP.NET: How to deploy App_Data to webhost? - but it depends on your server set up.
When using Membership my preference is to run it from a separate db in either SQL / SQL Express, as then have choice to run IIS site and db on different servers if required. Also better for security / scaling etc.
Once db is created you can use aspnet_regsql.exe to install Membership services into the db. It's usually located here - c:\Windows\Microsoft.NET\Framework\< versionNumber >\aspnet_regsql.exe. Can run as GUI or command line:
http://msdn.microsoft.com/en-us/library/x28wfk74.aspx
When running Membership from a separate db you'll also need to configure a provider in web.config. Something along the lines of this:
<connectionStrings>
<remove name="LocalSqlServer" />
<add name="MyMembershipConnectionString"
connectionString="Data Source=SERVER123\SQLEXPRESS;Initial Catalog=Database123;Persist Security Info=True;User ID=User123;Password=Password123" providerName="System.Data.SqlClient" />
</connectionStrings>
in < System.Web > section:
<roleManager defaultProvider="MySqlRoleProvider" enabled="true"
cacheRolesInCookie="true" cookieName=".ASPROLES" cookieTimeout="30"
cookiePath="/" cookieRequireSSL="false" cookieSlidingExpiration="true" cookieProtection="All">
<providers>
<clear />
<add name="MySqlRoleProvider" type="System.Web.Security.SqlRoleProvider"
connectionStringName="MyMembershipConnectionString" applicationName="MyAppName" />
</providers>
</roleManager>
<membership defaultProvider="MySqlMembershipProvider" userIsOnlineTimeWindow="720">
<providers>
<clear />
<add name="MySqlMembershipProvider"
type="System.Web.Security.SqlMembershipProvider"
connectionStringName="MyMembershipConnectionString"
enablePasswordRetrieval="false"
enablePasswordReset="true"
requiresQuestionAndAnswer="false"
requiresUniqueEmail="true"
passwordFormat="Hashed"
minRequiredPasswordLength="8"
minRequiredNonalphanumericCharacters="0"
passwordStrengthRegularExpression="((?=.*\d)(?=.*[a-z]).{6,20})"
maxInvalidPasswordAttempts="5"
passwordAttemptWindow="30" />
</providers>
</membership>
I've used a similar set up to this a good few times with no problems.
If using db from /App_Data you shouldn't need to do any of the web.config stuff
Related
I am new to Visual Studio 2012 / ASP.NET 4.5 web forms.
I am attempting to use forms authentication (ASP.NET membership) in my asp.net 4.5 web forms application (using Visual Studio 2012) as I have done successfully many times with asp.net version 4.0.
The problem seems to be that, when I am testing in Visual Studio 2012, it does not recognize my web.config settings pointing to an SQL Server 2008R2 aspnetdb. It seems to be using the SQL Express aspnetdb.mdf file to store my users.
I have tried removing the aspnetdb.mdf completely from my web app and it still does not recognize my web.config settings pointing to the SQL Server and instead it uses the settings from somewhere else (don't know where!). I know this because the Membership.CreateUser() method is throwing an error if I do not provide the question and answer as parameters. Also the web configuration tool requires a question and answer to create a new user. My web.config settings specifically do not!
When I host the web application, it DOES look for my users in the SQL Server database because when I try logging in with a user name that was successfully created using the web configuration tool in VS2012, my application cannot find that user! It seems to be looking in SQL Server but cannot find it.
I must be missing some fundamental setting... Anyone have any thoughts?
I have included my web.config settings below:
<connectionStrings>
<add name="ApplicationServices" connectionString="Data Source=localhost;Initial Catalog=aspnetdb;Persist Security Info=True;User ID=studentid;Password=password" providerName="System.Data.SqlClient"/>
<add name="StudentAttendanceConnectionString" connectionString="Data Source=localhost;Initial Catalog=StudentAttendance;Persist Security Info=True;User ID=studentid;Password=password" providerName="System.Data.SqlClient"/>
</connectionStrings>
<authentication mode="Forms">
<forms loginUrl="~/Account/Login.aspx" timeout="2880"/>
</authentication>
<profile defaultProvider="DefaultProfileProvider">
<providers>
<add name="DefaultProfileProvider" type="System.Web.Providers.DefaultProfileProvider, System.Web.Providers, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" connectionStringName="ApplicationServices" applicationName="/"/>
</providers>
</profile>
<membership>
<providers>
<add connectionStringName="ApplicationServices" enablePasswordRetrieval="true"
enablePasswordReset="false" requiresQuestionAndAnswer="false"
requiresUniqueEmail="false" maxInvalidPasswordAttempts="5" minRequiredPasswordLength="6"
minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10"
applicationName="/" name="DefaultMembershipProvider" type="System.Web.Providers.DefaultMembershipProvider, System.Web.Providers, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
</providers>
</membership>
<roleManager>
<providers>
<add connectionStringName="ApplicationServices" applicationName="/"
name="DefaultRoleProvider" type="System.Web.Providers.DefaultRoleProvider, System.Web.Providers, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
</providers>
</roleManager>
A few things...
1) Do the users or some account have access to the SQL database? I don't see that noted here.
2) Use the server name of the SQL server that appears when you fire up the SQL Management Studio and not localhost if IIS and SQL are on the same server.
3) Check your machine.config file for the version of .Net you're using. I ended up having to change the SQL Express settings to the IP address of the server to get things working for me in a similar scenario along with removing (through the control panel) SQL Express or whatever test database VS 2012 installs. I had errors related to this when building a server recently.
::edit::
Also add the following to your Web.Config file above the 'connectionStrings' section:
<startup>
<supportedRuntime version="4.0" sku=".NETFramework,Version=v4.5" />
</startup>
Could you try to create role and user using ASP.Net Config?
VS2010
Or
VS 2012 > PROJECT > ASP.Net Configuration
Another one is to add clear - Don't forget to when adding providers
I'm developing an ASP.NET MVC 4 website and I'm using the Microsoft ASP.NET Universal Providers. I plan to deploy to Windows Azure and use SQL Database. In order to initialize memberships, profiles and roles on my local SQL Server 2008 database, I created a new user via the ASP.NET Web Site Administration Tool. How do I initialize sessions?
When my application runs, naturally I get a SqlException saying "Invalid object name dbo.Sessions." When testing on Windows Azure, this wasn't an issue; dbo.Sessions was created automatically. I'm able to run locally after generating a create table script from dbo.Sessions on Azure and applying it to my local SQL database.
web.config:
<membership hashAlgorithmType="SHA1" defaultProvider="DefaultMembershipProvider">
<providers>
<clear />
<add name="DefaultMembershipProvider" type="System.Web.Providers.DefaultMembershipProvider" connectionStringName="DefaultConnection" enablePasswordRetrieval="false" enablePasswordReset="true" passwordFormat="Hashed" requiresQuestionAndAnswer="false" requiresUniqueEmail="true" maxInvalidPasswordAttempts="5" minRequiredPasswordLength="6" minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10" applicationName="/" />
</providers>
</membership>
<profile enabled="false" defaultProvider="DefaultProfileProvider">
<providers>
<clear />
<add name="DefaultProfileProvider" type="System.Web.Providers.DefaultProfileProvider" connectionStringName="DefaultConnection" applicationName="/" />
</providers>
</profile>
<roleManager enabled="false" defaultProvider="DefaultRoleProvider">
<providers>
<clear />
<add name="DefaultRoleProvider" type="System.Web.Providers.DefaultRoleProvider" connectionStringName="DefaultConnection" applicationName="/" />
</providers>
</roleManager>
<sessionState mode="Custom" customProvider="DefaultSessionProvider">
<providers>
<add name="DefaultSessionProvider" type="System.Web.Providers.DefaultSessionStateProvider, System.Web.Providers" connectionStringName="DefaultConnection" applicationName="/" />
</providers>
</sessionState>
This article goes into more detail of the differences between the old aspnet_Memembership vs the Universal Providers.
http://dotnet.dzone.com/articles/stronger-password-hashing-net
The key points from the article:
Firstly, there’s no more aspnet_regsql, you just make sure your connection string is set and the account has DBO rights (don’t worry, it doesn’t have to stay this way) then run the app up and attempt to perform any action which should cause the membership provider to hit the DB (i.e. log on – it doesn't matter that there isn't an account).
Thats it all there is to it, when it works.
When you are using Microsoft ASP.NET Universal Providers to deploy to Windows Azure & SQL Database, it seems there could be some issue with your connection string as table on SQL Database is not created.
The blog below from Soctt shows steps by step details on how to do it so please follow and see what is missing:
Introducing System.Web.Providers - ASP.NET Universal Providers for Session, Membership, Roles and User Profile on SQL Compact and SQL Azure
i want to ask about ASP.Net Configuration. i have a project that use ASP.Net MVC3. and i use membership in my project. in my database server, there's 2 database for my project.
aspnetdb, contains aspnet_membership, aspnet_user, aspnet_roles, etc (i use asp.net Configuration)
mydatabase, its for my project database.
now my boss told me that he want to host my project in public and told me to use only one database. so i have to move aspnetdb to mydatabase. how can i do it without making new table in mydatabase ?
thanks
By default the ASP.NET membership provider uses a built-in connectionString named LocalSqlServer which is something like this:
<add name="LocalSqlServer"
connectionString="Data Source=.\SQLEXPRESS;Integrated Security=SSPI;AttachDBFilename=|DataDirectory|aspnetdb.mdf;User Instance=true"
providerName="System.Data.SqlClient"/>
and when you use the Membership for first time (or when you use the web configuration manager tool), the aspnetdb.mdf will be created automatically. For first step, you can remove this connectionString from web.config by clear command:
<connectionStrings>
<clear/>
<!-- your other connectionStrings -->
</connectionStrings>
and also, you must change the connectionString for membershipProvider (and also roleProvider if you use it) in web.config file:
<membership userIsOnlineTimeWindow="20">
<providers>
<clear />
<add
connectionStringName="YourSpecifiedConnectionString" // your connectionString here
name="AspNetSqlMembershipProvider"
type="System.Web.Security.SqlMembershipProvider"
enablePasswordRetrieval="false"
enablePasswordReset="true"
requiresQuestionAndAnswer="false"
requiresUniqueEmail="false"
maxInvalidPasswordAttempts="500"
minRequiredPasswordLength="1"
minRequiredNonalphanumericCharacters="0"
passwordAttemptWindow="10"
applicationName="/" />
</providers>
</membership>
<roleManager enabled="true">
<providers>
<clear/>
<add connectionStringName="YourSpecifiedConnectionString" // your connectionString here
name="AspNetSqlRoleProvider"
applicationName="/"
type="System.Web.Security.SqlRoleProvider, System.Web, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"/>
</providers>
</roleManager>
For configure the database to use ASP.NET built-in membership provider, you can use regsql tool
which can be founded here:
C:\Windows\Microsoft.NET\Framework\(version that you are using. mine is v4.0.30319)\
In this folder, find the aspnet_regsql.exe file and run it. A helpful wizard will be shown and
help you step by step to configure new database. And about your final issue: You haven't to apply any change
to your edmx file! The EF works with tables you supplied to it, and membershipProvider do its job with
tables that ASP.NET supplied to it! Well done, Good job!
You have to add those tables to your own database. It's quite easy. Just use the aspnet_regsql tool to export the database schema to a SQL file and run that file in your own database.
Instruction:
http://www.xdevsoftware.com/blog/post/Install-ASPNET-Membership-Provider-on-a-Shared-Hosting-Company.aspx
since two days I am trying to solve this error in the asp.net web site configuration - Provider Section
If you click on "Test" this error comes up:
Provider Management
Could not establish a connection to the database.
If you have not yet created the SQL Server database, exit the Web Site Administration tool, use the aspnet_regsql command-line utility to create and configure the database, and then return to this tool to set the provider.
My web config looks like this:
<connectionStrings>
<remove name="mydbConnectionString"/>
<add name="mydbConnectionString" connectionString="Server=localhost;Database=mydb;Uid=root;Pwd=root;" providerName="MySql.Data.MySqlClient"/>
</connectionStrings>
<system.web>
<roleManager enabled="true" defaultProvider="MySQLRoleProvider" />
<membership defaultProvider="MySqlMembershipProvider">
<providers>
<clear/>
<add name="MySqlMembershipProvider" autogenerateschema="true"
type="MySql.Web.Security.MySQLMembershipProvider, MySql.Web, Version=5.2.7.0, Culture=neutral,PublicKeyToken=c5687fc88969c44d"
connectionStringName="mydbConnectionString"
enablePasswordRetrieval="false"
enablePasswordReset="true"
requiresQuestionAndAnswer="false"
requiresUniqueEmail="false"
passwordFormat="Hashed"
maxInvalidPasswordAttempts="5"
minRequiredPasswordLength="6"
minRequiredNonalphanumericCharacters="0"
passwordAttemptWindow="10"
passwordStrengthRegularExpression=""
applicationName="LoginControl"
/>
</providers>
</membership>
It doesn't show the error for RoleProvider. It only shows when I click "Test" for MySqlMembershipProvier. So I think my connection string has some problems but I don't know how to fix it. Can anyone help me please?
Thanks a lot...
I'm guessing you just have to do what it says in the exception: Run the equivalent of aspnet_reqsql utility for MySQL to create the required tables in your database.
Shameless plug: Check out the Web.Config Role Provider on Codeplex if you want to set up Roles without a database.
aspnet_regsql only works with SQL Server. Not with MySQL
To install the membership/roles/profile tables, you would need to manually run the SQL files from .NET Framework folder: {SYSDRIVE\WINDOWS\Microsoft.NET\Framework\v2.0.50727}
Once you do so, then you can check if the connection is an issue.
how can I change ASP.NET Configuration tool-s connection string name?
(Which connection string will ASP.NET Configuration tool will use)
I'm learning ASP.NET and everywhere and in book that I'm reading now theres connection string named: LocalSqlServer.
I want to use my local sql server database instead of sql express to store Roles, Membership and other data.
I have used aspnet_regsql.exe to create needed data structures in my database. after that I changed my web.config to look like:
<connectionStrings>
<remove name="LocalSqlServer"/>
<add name="LocalSqlServer" connectionString="Server=(LOCAL); Database=MyDatabase;Integrated Security=True" providerName="System.Data.SqlClient" />
</connectionStrings>
but when I run ASP.NET Configuration tool it says that:
"The connection name 'ApplicationServices' was not found in the applications configuration or the connection string is empty."
ASP.NET Configuration tool uses connection string named: ApplicationServices not LocalSqlServer.
cause of that I have to modify web.config to:
<connectionStrings>
<add name="ApplicationServices" connectionString="Server=(LOCAL); Database=MyDatabase;Integrated Security=True" providerName="System.Data.SqlClient" />
</connectionStrings>
and everything works fine.
I wish to know why the hell my web site uses connection string named: ApplicationServices and all books and online documentations uses LocalSqlServer? and how to change it to LocalSqlServer?
I have:
Windows 7
Sql Server 2008 R2
Visual Studio 2010 Premium
Project type is website
accidentally I have found my question answer when looking to web.config file.
if you override default machine.config configuration settings in web.config file you can change ASP.NET Configuration tool-s connection string name.
I got my web.config file from book-s code archive and it was the problem.
in web.config u can override which connection string name will be used for: membership, profile and roleManager.
to override membership use:
<membership>
<providers>
<clear/>
<add name="AspNetSqlMembershipProvider"
type="System.Web.Security.SqlMembershipProvider"
connectionStringName="LocalSqlServer"
enablePasswordRetrieval="false"
enablePasswordReset="true"
requiresQuestionAndAnswer="false"
requiresUniqueEmail="false"
maxInvalidPasswordAttempts="5"
minRequiredPasswordLength="6"
minRequiredNonalphanumericCharacters="0"
passwordAttemptWindow="10"
applicationName="/"/>
</providers>
</membership>
where connectionStringName is the name of connection string which will be used for storing membership data.
others are:
<profile>
<providers>
<clear/>
<add name="AspNetSqlProfileProvider"
type="System.Web.Profile.SqlProfileProvider"
connectionStringName="LocalSqlServer"
applicationName="/"/>
</providers>
</profile>
and
<roleManager enabled="true">
<providers>
<clear />
<add connectionStringName="LocalSqlServer" applicationName="/"
name="AspNetSqlRoleProvider" type="System.Web.Security.SqlRoleProvider" />
<add applicationName="/" name="AspNetWindowsTokenRoleProvider"
type="System.Web.Security.WindowsTokenRoleProvider" />
</providers>
</roleManager>