In default authorization database that is created by wizard, there are two tables for one entity. For example:
aspnet_users and users, aspnet_roles and roles, etc.
What is the reason for this?
Something has gone wrong? The default database created by aspnet_regsql for authentication has three tables; aspnet_users, aspnet_roles and aspnet_applications. Adding roles for authorization adds a few more, but they're still all aspnet_ prefixed.
You can check this for yourself by running
aspnet_regsql -sqlexportonly
and examining the SQL it produces. There's not even a way to remove the prefix when you register SQL for application services.
I found the reason. aspnet_ prefixed tables created by aspnet_regsql and others (Roles, Profiles, Users, etc) created by web site administration tool when added the user and role. Thank your advice.
Related
I am using a default .aspx web forms example in Visual Studio 2010 and I am curious if anyone can speak to how the default login/register system stores the user's information. From what I can tell this is not stored in any kind of SQL type table.
Is it known exactly where this file is located, and how would one interface with that? I would like that table to contain a URL for each user in addition to their password. ( I am guessing the 'table' only contains user and password ).
Is this possible or would I be better of creating my own login/register system? I know it wouldn't be that much coding, but it would sure be nice to utilize what is already there.
Please spare me if this is easily edited up in a menu somewhere. Was unknowingly thrown into a aspx project with little previous experience. Taking in info as fast as I can!
Thanks in advance for your inputs!
If you use the Membership class you have access to all the methods you need. This class includes methods for:
Creating users
Changing their password
Deleting Users
etc.
The users are stored in the aspnetdb and the information is in several tables. The main ones are:
aspnet_User - this stores the users
aspnet_Applications - which applications are running
aspnet_Membership - this relates the users to the applications they are authorised for
aspnet_Profile - user profile information the the application
This is a standard SQL database that exists on your SQL Server.
For a fuller explanation read this MSDN article.
The users are stored in the ASPNETDB.MDF database in the App_Data folder.This file is hidden by default so I can understand why you're confused.
To make ASPNETDB visible - select the App_Data folder in Solution Explorer and click Show All Files.
Now if you click on the .mdf file the database will open in the Server Explorer in Visual Studio.
The user information is located in the aspnet_Users and aspnet_Membership tables.
The query below will return the user id, user name,encrypted password and email:
SELECT aspnet_Users.UserId, aspnet_Users.UserName, aspnet_Membership.Password, aspnet_Membership.Email
FROM aspnet_Users INNER JOIN
aspnet_Membership ON aspnet_Users.UserId = aspnet_Membership.UserId
I'm using aspnet memberhips database for authorization and authentication for my azure web application.
This aspnet application contains the employees details. All good until we got new requirment. The new requirement is to in include lots of extra attributes related to employees such as awardcode, costcentre, division, location etc...
The requirement is also to admin these details via Admin portal.
Is there any way we can fit the above requirement with in aspnet database? Should I add extra tables and fields or there's a better way of acheving this.
Thank you.
You might want to consider the ASP.NET Profile provider. It's another component of the Membership framework. It stores a somewhat dynamic list of user properties in the database, typically in the aspnet_Profile table. You can get a lot of functionality for free by making additions to Web.config, or you can customize heavily by implementing a custom profile provider. Here are some links to get started:
http://msdn.microsoft.com/en-us/library/014bec1k.aspx
http://msdn.microsoft.com/en-us/magazine/cc163457.aspx
There have been times though when this approach wasn't a great fit for me, so I simply created a separate UserRecord table in the database with exactly the columns I wanted, and added some views to the database that joined UserRecord with the bulitin aspnet_Membership table, etc., to get the right combination of data.
I have added the SQL Role Provider and SQL Membership Provider to an existing application and set the authentication mode to Windows. I have created roles, but I cannot add users.
In the Security Tab of Web Site Administration Tool, I search for my user name and get the following:
No users found for this search.
It is my expectation that the tool would search AD for users. Am I supposed to add users to the aspnet_Users table manually? Or is there some key configuration element I'm supposed to set in the Web.config?
Here is an article by Scott Gu on how to do what you want.
Forms authentication should be used in order to add users through the WebSite Administration Tool. WHen using Windows authentication new users must be added by creating a new account in ActiveDirectory on the domain.
I want to know whats the "right" way to setup membership in a new website.
When i have new project i can go to Website/ASP.NET Configuration. There i can setup Forms authentication and manage all users that will be using this page. I can make roles and rules on folders. All of this info are saved into table that will be saved locally in database App_Data/ASPNETDB.MDF. What i'm trying to do is that all this info would be on a host server along with the website but not locally.
What is the best way to connect my website that i made locally to a mssql server that is central. I want to be able to go to the asp.net configuration and manage users but i want the data to be saved in the tables on the mssql server not to the aspnetdb.mdf file.
I have already made the asp.net membership tables on the mssql server by using the aspnet_regsql.exe file.
Update:
Never mind, i found out a way to to this.
Just had to add
<remove name="LocalSqlServer"/>
in <ConnectionStrings> and then my own connection string. Now its working...
There is a line command in the Visual Studio SDK called "aspnet_regsql". It opens a window, and you can use it to set up the ASP.NET membership, roles, and profile support in any SQL Server database.
For most applications, you'll probably end up writing your own membership admin pages. It's not hard, and most of the controls you need are in the toolbox in Visual Studio. Here's the cookbook I've given in presentations on security:
To add ASP.NET membership and roles to an existing SQL Server database:
Open a Visual Studio 2008 command window.
(If you must run SQL line commands in Administrator mode, you will need
to open a command line in administrator mode, then set the path to
include the Visual Studio SDK executables.)
Run aspnet_regsql in that command window.
For the SQL user logins that will use the database, add one or more
of the following membership provider roles:
aspnet_Membership_FullAccess - if users can register themselves or others
aspnet_Membership_BasicAccess - users cannot register themselves
aspnet_Membership_ReportingAccess - for membership statistics
For the SQL user logins, add one or more of the following role provider roles:
aspnet_Roles_FullAccess - create and delete roles
aspnet_Roles_BasicAccess - use asp.net roles
Configure your initial application and roles using SQL Server Management Studio:
exec aspnet_Applications_CreateApplication #ApplicationName='Northwind',#ApplicationID=''
exec aspnet_Roles_CreateRole #ApplicationName='Northwind', #RoleName='Employee'
exec aspnet_Roles_CreateRole #ApplicationName='Northwind', #RoleName='Manager'
exec aspnet_Roles_CreateRole #ApplicationName='Northwind', #RoleName='Master'
Implement your "New User" page, but don't lock it down with forms authorization yet.
You may want to implement your own form, assuming you have user records already existing
in your database, and assuming that you'd like to add roles as part of the "create user"
process. In any case, use this page to create an initial set of users for ASP.NET
membership; it's easier this way than trying to make it work with stored procedures.
See sample code for an implementation of user creation without using the ASP.NET
LoginView control.
Note that this "Add a User" page in the sample application assumes a number of things
that are hard to do with the standard Login control in ASP.NET. If you're creating users
as an administrative function, rather than letting users add themselves, you probably
want to have multiple roles, and be able to select the role. Even more important,
you may have "user" tables already established in your database, and need to integrate
"new user" functionality with adding records to your application's user table. This is
a prototype for creating your own Login control, collecting additional data and
integrating the creation of user records, ASP.NET membership records, and ASP.NET role
assignments. All of this is done within an ambient transaction, so they either succeed
or fail as a single unit of work.
Once you've created users and added them to roles, you can set up forms authentication
and lock down your pages that require authorization. Notes:
a. Don't require authentication for your top-level directory. Pages at this level
should be publicly accessible.
b. Add a web.config in each subdirectory where pages require authentication.
Usually, setting the authentication level will be the only function in these
web.config files.
I'm going to use the membership system in ASP.net, but need to change it in 2 ways.
The database which stores the users is Access, and I want to salt the password(etc) plus ask the user to enter details like links to their facebook pages etc which are stored in the database.
So how do I use access with the system?
And how can I change/add fields which are stored in the database (i know how to create them in the database btw, just how I get the membership system to ask for it and store it)
(I could make my own registration/user login system, except I don't know how to restrict access to pages, so how could I go about this?)
Links to tutorials/references would be great
And another on how to write a custom membership provider for the Access Database.
1) Use SQL Server Express edition. It's free, it's good, it works out of the box.
2) Check out the Profile providers for personalisation. http://msdn.microsoft.com/en-us/library/2y3fs9xs.aspx
Here's a link explaining how to use Access:
http://msdn.microsoft.com/en-us/library/44w5aswa.aspx
As for storing extra user information. Asp.NET provides this via personalization. Here are two links to get you going:
Video: http://www.asp.net/learn/videos/video-43.aspx
Article: http://msdn.microsoft.com/en-us/magazine/cc163724.aspx
one more...
Membership Provider MSAccess