My application has custom Role and MembershipProviders. I've registered them in web.config, but when I try to do if(User.IsInRole("Blah")), neither of my breakpoints in the RoleProvider's Initialize or IsUserInRole are hit. The membership provider works fine, so I guess there must be something I've missed from web.config. This is what I have:
<system.web>
...
<membership defaultProvider="MyAppMembershipProvider" userIsOnlineTimeWindow="15">
<providers>
<clear />
<add name="MyAppMembershipProvider"
type="MyAppMembership.MyAppMembershipProvider"
connectionStringName="MyApp"
enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" writeExceptionsToEventLog="false" />
</providers>
</membership>
<roleManager defaultProvider="MyAppRoleProvider">
<providers>
<clear />
<add name="MyAppRoleProvider"
type="MyAppMembership.MyAppRoleProvider"
connectionStringName="MyApp"
enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" writeExceptionsToEventLog="false" />
</providers>
</roleManager>
</system.web>
Is there something else which I need?
The attribute enabled of the the <roleManager>-Element defaults to false! Try:
<roleManager enabled="true" defaultProvider="MyAppRoleProvider">
<providers>
<clear />
<add name="MyAppRoleProvider"
type="MyAppMembership.MyAppRoleProvider"
connectionStringName="MyApp"
enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" writeExceptionsToEventLog="false" />
</providers>
</roleManager>
Related
I have 2 applications (MVC) like this :
Website
and
Admininistration
In each of them, I'm using asp.net membership provider (using mysql) like this :
Website web.config
<roleManager enabled="true" defaultProvider="MySQLRoleProvider">
<providers>
<clear />
<add name="MySQLRoleProvider" type="MySql.Web.Security.MySQLRoleProvider, MySql.Web, Version=6.8.3.0, Culture=neutral, PublicKeyToken=c5687fc88969c44d" connectionStringName="mySqlConnectionString" applicationName="Website" />
</providers>
</roleManager>
<membership defaultProvider="MySQLMembershipProvider" hashAlgorithmType="SHA1">
<providers>
<clear />
<add name="MySQLMembershipProvider" autogenerateschema="false"
type="MySql.Web.Security.MySQLMembershipProvider, MySql.Web, Version=6.8.3.0, Culture=neutral, PublicKeyToken=c5687fc88969c44d"
connectionStringName="mySqlConnectionString"
enablePasswordRetrieval="false"
enablePasswordReset="true"
requiresQuestionAndAnswer="false"
applicationName="Website"
requiresUniqueEmail="true"
passwordFormat="Hashed"
maxInvalidPasswordAttempts="25"
minRequiredPasswordLength="6"
minRequiredNonalphanumericCharacters="0"
passwordAttemptWindow="10"
passwordStrengthRegularExpression="" />
</providers>
</membership>
Adminitration web.config
<roleManager enabled="true" defaultProvider="MySQLRoleProvider">
<providers>
<clear />
<add name="MySQLRoleProvider" type="MySql.Web.Security.MySQLRoleProvider, MySql.Web, Version=6.8.3.0, Culture=neutral, PublicKeyToken=c5687fc88969c44d" connectionStringName="mySqlConnectionString" applicationName="Administration" />
</providers>
</roleManager>
<membership defaultProvider="MySQLMembershipProvider" hashAlgorithmType="SHA1">
<providers>
<clear />
<add name="MySQLMembershipProvider" autogenerateschema="true" type="MySql.Web.Security.MySQLMembershipProvider, MySql.Web, Version=6.8.3.0, Culture=neutral, PublicKeyToken=c5687fc88969c44d" connectionStringName="mySqlConnectionString" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" applicationName="Glocalapps" requiresUniqueEmail="true" passwordFormat="Hashed" maxInvalidPasswordAttempts="5" minRequiredPasswordLength="6" minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10" passwordStrengthRegularExpression="" />
</providers>
</membership>
<profile defaultProvider="MySqlProfileProvider">
<providers>
<clear />
<add name="MySQLProfileProvider" type="MySql.Web.Profile.MySQLProfileProvider, MySql.Web, Version=6.8.3.0, Culture=neutral, PublicKeyToken=c5687fc88969c44d" connectionStringName="mySqlConnectionString" applicationName="Administration" />
</providers>
</profile>
Both use same connection string.
Everything works without a problem, I can register and login on both sites and users are created perfectly within it's own application.
I'm trying to implement a Create User from the Administration web application for the Website application like this :
Membership.ApplicationName = "Website";
var membership = Membership.CreateUser(username, password);
this does create the user without a problem, but if I try to log in from the website application, it returns a password error. I did testing and this is indeed a password error. (if i copy another hash/salt from other user created on the website I can then login with this new created user, so the user is created OK, but for some reason the password is not recognized when the user is created from the Administration application)
Anyone has already faced this problem or have any idea on why is not working ?
The problem was that on one config I have this :
<membership defaultProvider="MySQLMembershipProvider" hashAlgorithmType="SHA1">
while the other application
<membership defaultProvider="MySQLMembershipProvider">
adding the hashAlgorithType solved the issue. Application name CAN be changed on runtime.
I have Custom Membership Provider in asp.net 4. it's:
public class CustomMembershipProvider : SqlMembershipProvider
{
}
and Custom Role Provider:
public class CustomRoleProvider : RoleProvider
{
}
I use this code for set Custom Membership in web.config:
<membership defaultProvider="CustomMembershipProvider">
<providers>
<clear/>
<add name="CustomMembershipProvider" type="Login1.Code.CustomMembershipProvider" connectionStringName="LoginDB1Entities" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" requiresUniqueEmail="false" maxInvalidPasswordAttempts="5" minRequiredPasswordLength="6" minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10" applicationName="/" />
</providers>
</membership>
<roleManager enabled="true" defaultProvider="CustomRoleProvider">
<providers>
<clear/>
<add name="CustomRoleProvider" type="Login1.Code.CustomRoleProvider" connectionStringName="LoginDB1Entities" applicationName="/" />
<add name="AspNetWindowsTokenRoleProvider" type="System.Web.Security.WindowsTokenRoleProvider" applicationName="/" />
</providers>
</roleManager>
<profile>
<providers>
<clear/>
<add name="AspNetSqlProfileProvider" type="System.Web.Profile.SqlProfileProvider" connectionStringName="ApplicationServices" applicationName="/" />
</providers>
</profile>
and this connection string:
<connectionStrings>
<add name="LoginDB1Entities" connectionString="metadata=res://*/Code.EFModel.csdl|res://*/Code.EFModel.ssdl|res://*/Code.EFModel.msl;provider=System.Data.SqlClient;provider connection string="Data Source=.;Initial Catalog=LoginDB1;Integrated Security=True;MultipleActiveResultSets=True"" providerName="System.Data.EntityClient" />
</connectionStrings>
my application its working in localhost but i use this site in host and get this error:
Server Error in '/' Application.
I tried implementation ASP.NET role-based authorization for my project, but I never found cookie is saved in client browser. I tried some testing code like,
RolePrincipal rolePrincipal = new RolePrincipal(new GenericIdentity("a"));
string text1 = rolePrincipal.ToEncryptedTicket();
There's no roles in this such simple RolePrincipal object and Roles.CookieProtectionValue is set to 'none'. However the length of text1 is 4,688 which is larger than 4,096, so it fails to push the cookie into client browser.
It does not make sense otherwise it's not possible to use cookie to cache the roles.
What's wrong with it?
Thanks
Here's related sections in web.config
<authentication mode="Forms">
<forms loginUrl="~/Account/LogOn" timeout="2880" name=".TestAUTH"/>
</authentication>
<membership>
<providers>
<clear/>
<add name="AspNetSqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider" connectionStringName="ApplicationServices"
enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" requiresUniqueEmail="false"
maxInvalidPasswordAttempts="5" minRequiredPasswordLength="6" minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10"
applicationName="/" />
</providers>
</membership>
<profile>
<providers>
<clear/>
<add name="AspNetSqlProfileProvider" type="System.Web.Profile.SqlProfileProvider" connectionStringName="ApplicationServices" applicationName="/" />
</providers>
</profile>
<roleManager enabled="true" cookieName=".TestROLE" cookieProtection="None" cacheRolesInCookie="true" cookieTimeout="30" cookiePath="/" cookieRequireSSL="false" cookieSlidingExpiration="false" >
<providers>
<clear/>
<add name="AspNetSqlRoleProvider" type="System.Web.Security.SqlRoleProvider" connectionStringName="ApplicationServices" applicationName="/" />
<!--<add name="AspNetWindowsTokenRoleProvider" type="System.Web.Security.WindowsTokenRoleProvider" applicationName="/" />-->
</providers>
</roleManager>
Try adding default provider, so from this:
<roleManager enabled="true" cookieName=".TestROLE" cookieProtection="None" cacheRolesInCookie="true" cookieTimeout="30" cookiePath="/" cookieRequireSSL="false" cookieSlidingExpiration="false" >
<providers>
<clear/>
<add name="AspNetSqlRoleProvider" type="System.Web.Security.SqlRoleProvider" connectionStringName="ApplicationServices" applicationName="/" />
<!--<add name="AspNetWindowsTokenRoleProvider" type="System.Web.Security.WindowsTokenRoleProvider" applicationName="/" />-->
</providers>
</roleManager>
to this:
<roleManager defaultProvider="AspNetSqlRoleProvider" enabled="true" cookieName=".TestROLE" cookieProtection="None" cacheRolesInCookie="true" cookieTimeout="30" cookiePath="/" cookieRequireSSL="false" cookieSlidingExpiration="false" >
<providers>
<clear/>
<add name="AspNetSqlRoleProvider" type="System.Web.Security.SqlRoleProvider" connectionStringName="ApplicationServices" applicationName="/" />
<!--<add name="AspNetWindowsTokenRoleProvider" type="System.Web.Security.WindowsTokenRoleProvider" applicationName="/" />-->
</providers>
</roleManager>
Unfortunately this is by design due to changes in the underlying types in .NET 4.5. You can turn off storing of user roles in cookies to prevent this issue (http://msdn.microsoft.com/en-us/library/system.web.security.roles.cacherolesincookie.aspx).
https://connect.microsoft.com/VisualStudio/feedback/details/759157/net-4-5-binaryformatter-serialization-generates-too-long-string
fyi:
Microsoft has recently published an update which fixes this issue.
See KB 2750147
Have next problem: i setup the custom session state server (store sessions in Mysql). But the session data not added to database (the default .net session table is empty), but the authorization works (!). If I change the coockieless option to true, the session data start to add to database (but i dont want to use coockieless=true).
Sometimes I think that the framework choose what to use: inproc or my custom store...
My Config:
<sessionState mode="Custom" cookieless="false" timeout="20" customProvider="MySqlSessionStateStore">
<providers>
<add name="MySqlSessionStateStore" type="MySql.Web.SessionState.MySqlSessionStateStore, MySql.Web, Version=6.3.6.0, Culture=neutral, PublicKeyToken=c5687fc88969c44d" applicationName="/" description="" connectionStringName="MySqlMembershipConnection" writeExceptionsToEventLog="False" autogenerateschema="True" />
</providers>
</sessionState>
<authentication mode="Forms">
<forms loginUrl="~/Account/LogOn" timeout="2880" />
</authentication>
<membership defaultProvider="MySqlMembershipProvider">
<providers>
<clear />
<add name="MySqlMembershipProvider" type="MySql.Web.Security.MySQLMembershipProvider, MySql.Web, Version=6.3.6.0, Culture=neutral, PublicKeyToken=c5687fc88969c44d" applicationName="/" description="MySQL default application" connectionStringName="MySqlMembershipConnection" writeExceptionsToEventLog="False" autogenerateschema="True" enablePasswordRetrieval="False" enablePasswordReset="True" requiresQuestionAndAnswer="False" requiresUniqueEmail="True" passwordFormat="Hashed" maxInvalidPasswordAttempts="5" minRequiredPasswordLength="6" minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10" passwordStrengthRegularExpression="" />
</providers>
</membership>
<profile defaultProvider="MySqlProfileProvider">
<providers>
<clear />
<add name="MySqlProfileProvider" type="MySql.Web.Profile.MySQLProfileProvider, MySql.Web, Version=6.3.6.0, Culture=neutral, PublicKeyToken=c5687fc88969c44d" applicationName="/" description="" connectionStringName="MySqlMembershipConnection" writeExceptionsToEventLog="False" autogenerateschema="True" />
</providers>
</profile>
<roleManager enabled="true" defaultProvider="MySqlRoleProvider">
<providers>
<clear />
<add name="MySqlRoleProvider" type="MySql.Web.Security.MySQLRoleProvider, MySql.Web, Version=6.3.6.0, Culture=neutral, PublicKeyToken=c5687fc88969c44d" applicationName="/" description="" connectionStringName="MySqlMembershipConnection" writeExceptionsToEventLog="False" autogenerateschema="True" />
</providers>
</roleManager>
<connectionStrings>
<add name="photostorageEntities" connectionString="metadata=res://*/Models.Photos.csdl|res://*/Models.Photos.ssdl|res://*/Models.Photos.msl;provider=MySql.Data.MySqlClient;provider connection string="server=ip;User Id=user;password=pass;Persist Security Info=True;database=photostorage; Charset=utf8"" providerName="System.Data.EntityClient" />
<add name="MySqlMembershipConnection" connectionString="Data Source=ip;userid=user;password=pass;database=photostorage;Charset=utf8" providerName="MySql.Data.MySqlClient" />
</connectionStrings>
Fixed using separated connection string for Sessions (I don't know why it's not working in other way)
How do I change the required password format in membership?
From http://msdn.microsoft.com/en-us/library/ff648345.aspx :
In your web.config :
<system.web>
...
<membership defaultProvider="SqlProvider" userIsOnlineTimeWindow="15">
<providers>
<clear />
<add
name="SqlProvider"
type="System.Web.Security.SqlMembershipProvider"
connectionStringName="MySqlConnection"
applicationName="MyApplication"
enablePasswordRetrieval="false"
enablePasswordReset="true"
requiresQuestionAndAnswer="true"
requiresUniqueEmail="true"
passwordFormat="Hashed" />
</providers>
</membership>
Modify passwordFormat to what you'd like :
The SQL Server membership provider
supports Clear, Encrypted, and Hashed
password formats.
I think that you need parameters like these in your config: minRequiredPasswordLength, minRequiredNonalphanumericCharacters and passwordStrengthRegularExpression.
From http://weblogs.asp.net/owscott/archive/2005/05/11/Changing-the-Password-Complexity-in-ASP.NET-V2.0.aspx:
<membership>
<providers>
<remove name="AspNetSqlMembershipProvider" />
<add name="AspNetSqlMembershipProvider"
type="System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
connectionStringName="LocalSqlServer"
enablePasswordRetrieval="false"
enablePasswordReset="true"
requiresQuestionAndAnswer="true"
applicationName="/"
requiresUniqueEmail="false"
minRequiredPasswordLength="1"
minRequiredNonalphanumericCharacters="0"
passwordFormat="Hashed"
maxInvalidPasswordAttempts="5"
passwordAttemptWindow="10"
passwordStrengthRegularExpression="" />
</providers>
</membership>