I'm trying to allow users to login with either forms authentication or their AD account but having some problems. I'm logged into an AD accountno,w but Page.User.Identity.Name is blank. I have this in my web.config:
<connectionStrings>
<add name="ADConnectionString" connectionString="LDAP://full.domain.address:389/DC=mydomain,DC=blah,DC=uk"/>
<add name="myapp" connectionString="Data Source=myserver;Initial Catalog=myapp;User ID=myapp;Password=myapp" providerName="System.Data.SqlClient"/>
</connectionStrings>
<system.web>
<authentication mode="Forms">
<forms loginUrl="~/Account/Login.aspx" timeout="129600" name="CookieMonster" protection="All" slidingExpiration="true" cookieless="UseCookies"/>
</authentication>
<membership defaultProvider="ADMembershipProvider">
<providers>
<clear/>
<add name="AspNetSqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider"
connectionStringName="myapp" enablePasswordRetrieval="false" enablePasswordReset="true"
requiresQuestionAndAnswer="false" requiresUniqueEmail="false"
maxInvalidPasswordAttempts="5" minRequiredPasswordLength="6" minRequiredNonalphanumericCharacters="0"
passwordAttemptWindow="10" applicationName="/"/>
<add name="ADMembershipProvider" type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
connectionStringName="ADConnectionString"/>
</providers>
</membership>
<profile>
<providers>
<clear/>
<add name="AspNetSqlProfileProvider" type="System.Web.Profile.SqlProfileProvider" connectionStringName="myapp" applicationName="/"/>
</providers>
</profile>
Do I need to do something else to get this to work? I've tried logging in with my domain account and domain\myaccount to no avail.
When I try var u = Membership.GetUser("mydomain\\myuser"); I get an error: Usernames must not contain '\' when mapped to 'userPrincipalName'.
AD userPrincipalName might be something like user#full.domain.address. Try using the sAMAccountName value for the attributeMapUsername:
<add name="ADMembershipProvider"
type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
connectionStringName="ADConnectionString"
attributeMapUsername="sAMAccountName"/>
If you are unable to connect, you may need to add connectionUsername and connectionUserPassword attributes (check the MSDN documentation).
"sAMAccountName" does not include the domain. To resolve your problem, simply remove the domain qualifying form your username:
Instead of var u = Membership.GetUser("mydomain\\myuser");
use var u = Membership.GetUser("myuser");
This is because you specified the domain in the connection string, implicitly by connecting to a particular active directory.
Related
I upload my project to IIS ,I used my custome sqlmembership provider.and createed roles and users ,but when I tring to edit/delete/update data ,It tell me "u dont have a permission to do that" but inside the roles already define it can do that.
Plus I am using VS ASP.NET configuration tool,to add user and roles but when click the test button onAspNetSqlRoleProvider ,it tell me not found database.It works fine with VS build-in server but I upload the IIs ,it give error.
here is the a part of web.config
<system.web>
<roleManager enabled="true" />
<customErrors mode="RemoteOnly" defaultRedirect="~/Admin/Hata.aspx" />
<authentication mode="Forms">
<forms cookieless="AutoDetect" loginUrl="~/Login.aspx" />
</authentication>
<membership defaultProvider="MySqlMembershipProvider">
<providers>
<clear/>
<!--Add a customized SqlMembershipProvider -->
<add name="MySqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider"
connectionStringName="OSProjeConnectionString" enablePasswordRetrieval="false"
enablePasswordReset="true" requiresQuestionAndAnswer="false" requiresUniqueEmail="false"
passwordFormat="Hashed" maxInvalidPasswordAttempts="15" minRequiredPasswordLength="5"
minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10"
passwordStrengthRegularExpression="">
</providers>
</membership>
<connectionStrings>
<add name="OSProjeConnectionString" connectionString="Data Source=.\SQLEXPRESS;Initial Catalog=OSProje;Integrated Security=SSPI; User ID=sa;Password=password;" />
</connectionStrings>
..............
...................
edıt :
I fix the problem adding this lines
<roleManager defaultProvider="roleProvider">
<providers>
<add connectionStringName="OSProjeConnectionString"
name="roleProvider"
type="System.Web.Security.SqlRoleProvider" />
</providers>
</roleManager>
Here is the line which is creating problem.
But you have not specified the DefaultProvider, so it takes AspNetSqlRoleProvider as the provider. Now you have to check the settings of AspNetSqlRoleProvider. Or you can add the following code:
<roleManager
enabled="false"
cacheRolesInCookie="false"
cookieName=".ASPXROLES"
cookieTimeout="30"
cookiePath="/"
cookieRequireSSL="false"
cookieSlidingExpiration="true"
cookieProtection="All"
defaultProvider="AspNetSqlRoleProvider"
createPersistentCookie="false"
maxCachedResults="25">
<providers>
<clear />
<add
connectionStringName="LocalSqlServer"
applicationName="/"
name="AspNetSqlRoleProvider"
type="System.Web.Security.SqlRoleProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
<add
applicationName="/"
name="AspNetWindowsTokenRoleProvider"
type="System.Web.Security.WindowsTokenRoleProvider, System.Web, Version=2.0.0.0,
Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
</providers>
</roleManager>
With some modifications.
Regarding App_Data folder, its automatically created for the application related data. For more details read this
I created an asp.net site using VS 2008. I was using a db in app_data for membership. I am moving this to a new server and the db will be attached to a sql server 2008 R2 instance. I wanted to change the db name so it would fit in better with the rest of the server. Since I changed the name from ASPNETDB.mdf to Reporting.MDF I cannot login and ASP.NET says I have no users. I used the rename function in VS and updated my connectionstring.
<connectionStrings>
<add name="MembershipConnectionString" connectionString="Data Source=.\SQLEXPRESS;AttachDbFilename=|DataDirectory|\Reporting.MDF;Integrated Security=True;User Instance=True" providerName="System.Data.SqlClient"/>
</connectionStrings>
<system.web>
<!--added to create new membership to connect to-->
<roleManager enabled="true">
<providers>
<clear/>
<add connectionStringName="MembershipConnectionString" applicationName="WebSite2" name="AspNetSqlRoleProvider" type="System.Web.Security.SqlRoleProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken="/>
</providers>
</roleManager>
<membership defaultProvider="SqlMembershipProvider">
<providers>
<clear/>
<add connectionStringName="MembershipConnectionString" enablePasswordRetrieval="false"
enablePasswordReset="true" requiresQuestionAndAnswer="true" applicationName="WebSite2"
requiresUniqueEmail="true" passwordFormat="Hashed" maxInvalidPasswordAttempts="5"
minRequiredPasswordLength="7" minRequiredNonalphanumericCharacters="1"
passwordAttemptWindow="10" passwordStrengthRegularExpression=""
name="SqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider" />
</providers>
</membership>
Users: 0
Provider: Test to check db works fine.
edit: I removed the publicKey in case it is tied to me in some way.
edit: I changed the name back to aspnetdb and it still does not work.
If i delete the membership code it works again. This is after changing the name back to aspnetdb. I am back where I started.
If you have this problem again it's likely caused by forgetting to properly set the applicationName attribute in web.config. Here's a great, detailed explanation of the common problem. If you compare the web.config file from your question to your web.config in your answer, you'll see that the applicationName attributes in the two files have different values; WebSite2 versus /.
I fixed this by opening machine.config and copying all of the membership details. Then used
clear
in every section.
<connectionStrings>
<add name="LocalSqlServer2" connectionString="Data Source=Johnny;Initial Catalog=aspnetdb;Integrated Security=True" providerName="System.Data.SqlClient"/>
</connectionStrings>
<system.web>
<!--added to create new membership to connect to-->
<membership>
<providers>
<clear/>
<add name="AspNetSqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=" connectionStringName="LocalSqlServer2" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="true" applicationName="/" requiresUniqueEmail="false" passwordFormat="Hashed" maxInvalidPasswordAttempts="5" minRequiredPasswordLength="7" minRequiredNonalphanumericCharacters="1" passwordAttemptWindow="10" passwordStrengthRegularExpression=""/>
</providers>
</membership>
<profile>
<providers>
<clear/>
<add name="AspNetSqlProfileProvider" connectionStringName="LocalSqlServer2" applicationName="/" type="System.Web.Profile.SqlProfileProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken="/>
</providers>
</profile>
<roleManager>
<providers>
<clear/>
<add name="AspNetSqlRoleProvider" connectionStringName="LocalSqlServer2" applicationName="/" type="System.Web.Security.SqlRoleProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken="/>
<add name="AspNetWindowsTokenRoleProvider" applicationName="/" type="System.Web.Security.WindowsTokenRoleProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken="/>
</providers>
</roleManager>
Try attaching the aspnetdb database first. Then rename it using Sql Management Studio.
I develop some site, that uses authentication ticket from API of other service.
I have method GetSessionTicket() from API. And now question:
can i do asp.net authentication thats depends only from cookie?
Now i remove all section about Membership provider at web.config:
<add name="ApplicationServices"
connectionString="data source=.\SQLEXPRESS;Integrated Security=SSPI;AttachDBFilename=|DataDirectory|aspnetdb.mdf;User Instance=true"
providerName="System.Data.SqlClient" />
<membership>
<providers>
<clear/>
<add name="AspNetSqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider" connectionStringName="ApplicationServices"
enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" requiresUniqueEmail="false"
maxInvalidPasswordAttempts="5" minRequiredPasswordLength="6" minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10"
applicationName="/" />
</providers>
</membership>
<profile>
<providers>
<clear/>
<add name="AspNetSqlProfileProvider" type="System.Web.Profile.SqlProfileProvider" connectionStringName="ApplicationServices" applicationName="/" />
</providers>
</profile>-->
<roleManager enabled="false">
<providers>
<clear/>
<add name="AspNetSqlRoleProvider" type="System.Web.Security.SqlRoleProvider" connectionStringName="ApplicationServices" applicationName="/" />
<add name="AspNetWindowsTokenRoleProvider" type="System.Web.Security.WindowsTokenRoleProvider" applicationName="/" />
</providers>
</roleManager>
and left this:
<authentication mode="Forms">
<forms loginUrl="~/Account/LogOn" timeout="2880" />
</authentication>
LogOn logic looks like:
var ticket = SecurityService.GetSessionTicket(model.UserName, model.Password);
FormsAuthentication.SetAuthCookie(ticket.SessionUserId.ToString(), true);
Is it ok? Now my ASP.NET authorization based only on cookie and does not require sql server or aspnetdb.mdf, yes?
Yes it is fine to do this, what you are essentially doing is implementing Forms authentication, without the membership database. You are not required to use a membership datbase to achieve authentication, and setting the cookies in code is fine.
I have an ASP.NET MVC 1 web application using the ASP.NET Membership provider. On my local box, when I submit data to a form, the redirect takes it to the proper location (with Controller.RedirectToRoute). On the server where it is supposed to live, form submitting takes me back to the login page. The data posts properly, but I'm just redirected incorrectly.
I recall dealing with this a few years ago (in a non-MVC application) and it was due to a problem with the Web.Config relative to the Membership provider.
I can't imagine I'm the only one that's had this problem. What should I be looking for in my web.config that could be related to this?
Thanks ahead of time.
EDIT
Here is my authentication and membership portion of the web.config:
<authentication mode="Forms">
<forms loginUrl="~/Account/LogOn" timeout="2880" />
</authentication>
<membership>
<providers>
<clear />
<add name="AspNetSqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" connectionStringName="ApplicationServices" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" requiresUniqueEmail="false" passwordFormat="Hashed" maxInvalidPasswordAttempts="5" minRequiredPasswordLength="6" minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10" passwordStrengthRegularExpression="" applicationName="IPS" />
</providers>
</membership>
<profile>
<providers>
<clear />
<add name="AspNetSqlProfileProvider" type="System.Web.Profile.SqlProfileProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" connectionStringName="ApplicationServices" applicationName="IPS" />
</providers>
</profile>
<roleManager enabled="true">
<providers>
<clear />
<add connectionStringName="ApplicationServices" applicationName="IPS" name="AspNetSqlRoleProvider" type="System.Web.Security.SqlRoleProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
<add applicationName="IPS" name="AspNetWindowsTokenRoleProvider" type="System.Web.Security.WindowsTokenRoleProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
</providers>
</roleManager>
MVC 1 uses Forms auth by default. You may want to check your forms auth settings to make sure that you aren't being redirected as part of security.
If you using the MySQL like a user data storage, such problem can happened because of different MySQL Connector version on our local pc and server
i am facing a wierd problem
i use visual studio 2010, SQL express 2008 on win server 2008
after running the wizard of security (created single user, set permissions like deny anonymous and allow the created user) and pressing F5 --> the site works just fine.
when i move the folder to IIS 7 and "convert to application" the login page appears but it wont accept the password i provided.
i was told that only Stackoverflow geniuses will answer this question.
i am using .Net 4, manged pipleine mode --> inegrated
IIS settings:
Anonymous Auth. --> Enabled
Forms Auth. --> Enabled
ASP.Net Impersonation, Basic Auth, Digest Auth, Windows Auth--> Disabled
web.config
<configuration>
<connectionStrings>
<add name="ApplicationServices" connectionString="data source=.\SQLEXPRESS;Integrated Security=SSPI;AttachDBFilename=|DataDirectory|\aspnetdb.mdf;User Instance=true" providerName="System.Data.SqlClient"/>
</connectionStrings>
<system.web>
<authorization>
<deny users="?"/>
<allow users="statmaster"/>
</authorization>
<compilation debug="true" strict="false" explicit="true" targetFramework="4.0"/>
<authentication mode="Forms">
<forms loginUrl="~/Account/Login.aspx" timeout="2880"/>
</authentication>
<membership>
<providers>
<clear/>
<add name="AspNetSqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider" connectionStringName="ApplicationServices" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" requiresUniqueEmail="false" maxInvalidPasswordAttempts="5" minRequiredPasswordLength="6" minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10" applicationName="/"/>
</providers>
</membership>
<profile>
<providers>
<clear/>
<add name="AspNetSqlProfileProvider" type="System.Web.Profile.SqlProfileProvider" connectionStringName="ApplicationServices" applicationName="/"/>
</providers>
</profile>
<roleManager enabled="false">
<providers>
<clear/>
<add name="AspNetSqlRoleProvider" type="System.Web.Security.SqlRoleProvider" connectionStringName="ApplicationServices" applicationName="/"/>
<add name="AspNetWindowsTokenRoleProvider" type="System.Web.Security.WindowsTokenRoleProvider" applicationName="/"/>
</providers>
</roleManager>
</system.web>
<system.webServer>
<modules runAllManagedModulesForAllRequests="true"/>
</system.webServer>
</configuration>
the username exists in aspnet_Users table and the username "encrypted" in aspnet_Membership table
Read the article
Always set the "applicationName" property when configuring ASP.NET 2.0 Membership and other Providers
try creating a new website and put the application component in the root in case web.config application name = "/"
i hope this will solve it
<membership>
<providers>
<clear/>
<add name="AspNetSqlMembershipProvider"
type="System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
connectionStringName="LocalSqlServer"
enablePasswordRetrieval="false"
enablePasswordReset="true"
requiresQuestionAndAnswer="true"
requiresUniqueEmail="false"
passwordFormat="Hashed"
maxInvalidPasswordAttempts="5"
minRequiredPasswordLength="7"
minRequiredNonalphanumericCharacters="1"
passwordAttemptWindow="10"
passwordStrengthRegularExpression=""
applicationName="/"
/>
</providers>
</membership>
http://weblogs.asp.net/scottgu/archive/2006/04/22/Always-set-the-_2200_applicationName_2200_-property-when-configuring-ASP.NET-2.0-Membership-and-other-Providers.aspx