So, I am converting an application from integrated security to forms authentication using the built-in membership provider and having the most bizarre behavior. Initially, I used the default sqlexpress configuration where it creates an aspnetdb.mdf file in your App_Data folder.
However, I wanted to move this to my SQL Server and did so by creating the procedures and tables in an SQL Server database and pointed my provider at that database. And yet, when I would run the Web Site Administration Tool, it would not look at the SQL Server.
It keeps creating an aspnetdb.mdf file and using that, even though my application appeared to be properly hitting the SQL database. Finally, I turned off the SQLEXPRESS service, and now is where the really odd bit happens.
Login works fine - Membership.Provider.ValidateUser(LoginUser.UserName, LoginUser.Password) returns true. However, when an IsInRole call is made, it times out failing to connect to the database. Clearly, it is trying to connect to the SQLEXPRESS database. I have restarted IIS, restarted the database service to no avail.
Is this not the right place to tell the membership service what database to hit:
<connectionStrings>
<add name="MyConnection" connectionString="user id=myuser;password=mypassword;data source=SERVER\INSTANCE;initial catalog=mycatalog;"/>
</connectionStrings>
<system.web>
<authentication mode="Forms">
<forms name="formsauth" protection="None" path="/" loginUrl="~/Account/Login.aspx" cookieless="UseCookies"/>
</authentication>
<roleManager enabled="true" />
<membership>
<providers>
<remove name="AspNetSqlMembershipProvider"/>
<add name="AspNetSqlMembershipProvider"
type="System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
connectionStringName="MyConnection"
enablePasswordRetrieval="false"
enablePasswordReset="true"
requiresQuestionAndAnswer="false"
applicationName="/MyApp"
requiresUniqueEmail="false"
minRequiredPasswordLength="6"
minRequiredNonalphanumericCharacters="0"
passwordFormat="Hashed"
maxInvalidPasswordAttempts="5"
passwordAttemptWindow="10"
passwordStrengthRegularExpression=""
/>
</providers>
First and foremost, the reason why the aspnetdb.mdf is being created is because you're using the ASP.NET Configuration Tool. It only works for the SQL Express instance. It can't be used on a fully fledged SQL Server. For that, you'll essentially need to re-create the administration panel within your own application.
If you wish to use Roles under the local SQL Server, you'll need to configure your web.config to point to your SQL Server for the role provider as well. By default it points to the aspnetdb.mdf file that the Membership provider also points to.
For example:
<system.web>
<roleManager defaultProvider="SqlRoleProvider" enabled="true">
<providers>
<clear />
<add name="SqlRoleProvider"
type="System.Web.Security.SqlRoleProvider"
connectionStringName="MyConnection"/> <!--- Point this to your sql server -->
</providers>
</roleManager>
</system.web>
For you it would look something like this:
<configuration>
<connectionStrings>
<add name="MyConnection" connectionString="user id=myuser;password=mypassword;data source=SERVER\INSTANCE;initial catalog=mycatalog;"/>
</connectionStrings>
<system.web>
<authentication mode="Forms">
<forms name="formsauth" protection="None" path="/" loginUrl="~/Account/Login.aspx" cookieless="UseCookies"/>
</authentication>
<membership>
<providers>
<remove name="AspNetSqlMembershipProvider"/>
<add name="AspNetSqlMembershipProvider"
type="System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
connectionStringName="MyConnection"
enablePasswordRetrieval="false"
enablePasswordReset="true"
requiresQuestionAndAnswer="false"
applicationName="/MyApp"
requiresUniqueEmail="false"
minRequiredPasswordLength="6"
minRequiredNonalphanumericCharacters="0"
passwordFormat="Hashed"
maxInvalidPasswordAttempts="5"
passwordAttemptWindow="10"
passwordStrengthRegularExpression=""/>
</providers>
</membership>
<roleManager defaultProvider="SqlRoleProvider" enabled="true">
<providers>
<clear />
<add name="SqlRoleProvider"
type="System.Web.Security.SqlRoleProvider"
connectionStringName="MyConnection"/> <!--- Point this to your sql server -->
</providers>
</roleManager>
</system.web>
</configuration>
See here for more details: Membership and Role Provider
Related
Any help appreciated!
What is needed so that the Login.aspx page is using the database as shown through the MyDatabaseConnection
I created an ASP.NET Web Forms application
Configured SQL Server Membership Provider (or so I thought) in the main web.config.
Added MyDatabaseConnection:
<connectionStrings>
<add name="DefaultConnection"
providerName="System.Data.SqlClient"
connectionString="Data Source=(LocalDb)\v11.0;Initial Catalog=aspnet-VideoProject-20131115191757;Integrated Security=SSPI;AttachDBFilename=|DataDirectory|\aspnet-VideoProject-20131115191757.mdf"/>
<add name="MyDatabaseConnection"
providerName="System.Data.SqlClient"
connectionString="Data Source=(LocalDb)\v11.0;Initial Catalog=videolibrary;Integrated Security=SSPI;AttachDBFilename=|DataDirectory|\videolibrary.mdf"/>
</connectionStrings>
MyDatabaseConnection points to the desired database that already has the tables, users and passwords configured (not by me).
<authentication mode="Forms">
<forms loginUrl="~/Account/Login" timeout="2880" defaultUrl="~/"/>
</authentication>
...
<membership defaultProvider="DefaultMembershipProvider">
<providers>
<add name="DefaultMembershipProvider" type="System.Web.Providers.DefaultMembershipProvider, System.Web.Providers, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" connectionStringName="MyDatabaseConnection" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" requiresUniqueEmail="false" maxInvalidPasswordAttempts="5" minRequiredPasswordLength="6" minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10" applicationName="/"/>
</providers>
</membership>
Created Secure.aspx in Secure folder.
Created web.config in the Secure folder with
<?xml version="1.0"?>
<configuration>
<system.web>
<authorization>
<deny users="?" />
</authorization>
</system.web>
</configuration>
Using Project\ASP.NET Configuration, I added a user TestAccount.
Added a link in the application that points to Secure.aspx.
When debugging the application, I select the link that points to Secure.aspx. Through login.aspx, I can login as TestAccount and the Secure.aspx page is displayed as expected.
When I use a login user/password from the MyDatabaseConnection database, it fails. That is, login is unsuccessful. It is not looking at this database but I do not know what else is needed for the login.aspx page to use it?
After this, I tried adding AspNetSqlMembershipProvider in the following of the main web.config:
<membership defaultProvider="DefaultMembershipProvider">
<providers>
<add name ="AspNetSqlMembershipProvider"
type="System.Web.Security.SqlMembershipProvider"
connectionStringName="MyDatabaseConnection"
applicationName="/" />
<add name="DefaultMembershipProvider" type="System.Web.Providers.DefaultMembershipProvider, System.Web.Providers, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" connectionStringName="MyDatabaseConnection" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" requiresUniqueEmail="false" maxInvalidPasswordAttempts="5" minRequiredPasswordLength="6" minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10" applicationName="/"/>
</providers>
</membership>
but received the following error immediately after trying to login:
Parser Error Message: The entry 'AspNetSqlMembershipProvider' has already been added.
Source Error:
Line 31:
Line 32:
Line 33:
Line 34: type="System.Web.Security.SqlMembershipProvider"
Line 35: connectionStringName="MyDatabaseConnection"
I searched for AspNetSqlMembershipProvider elsewhere (since said already used) within the web.config and did not see it. Note: Unfortunately, I could not use code formatting adequately due to issues using it.
Thanks,
Buck
I can't seem to create the aspnetdb.mdf via the Web Site Administration Tool.
I am using SQL Express 2008 and Visual Studio Web Developer 2010 Express.
I get following error in the Administration Tool:
There is a problem with your selected data store. This can be caused
by an invalid server name or credentials, or by insufficient
permission. It can also be caused by the role manager feature not
being enabled. Click the button below to be redirected to a page where
you can choose a new data store.
The following message may help in diagnosing the problem: An error
occurred during the execution of the SQL file 'InstallCommon.sql'. The
SQL error number is 5170 and the SqlException message is: Cannot
create file 'C:\USERS**\DOCUMENTS\VISUAL STUDIO
2010\WEBSITES\BUGZ-B-GONE\APP_DATA\ASPNETDB_TMP.MDF' because it
already exists. Change the file path or the file name, and retry the
operation. CREATE DATABASE failed. Some file names listed could not be
created. Check related errors. Creating the
ASPNETDB_97c73957a1fb4a189ccca0449aa7d754 database...
I also get this error when I delete the mdf file or change the path.
Underneath is the web.config file:
<configuration>
<connectionStrings>
<add name="ApplicationServices" connectionString="data source=.\SQLEXPRESS;Integrated Security=SSPI;AttachDBFilename=|DataDirectory|\aspnetdb.mdf;User Instance=true" providerName="System.Data.SqlClient"/>
<add name="DATABASEConnectionString" connectionString="Data Source=.\SQLEXPRESS;AttachDbFilename=|DataDirectory|\DATABASE.mdf;Integrated Security=True;User Instance=True" providerName="System.Data.SqlClient"/>
</connectionStrings>
<system.web>
<compilation debug="true" targetFramework="4.0">
<assemblies>
<add assembly="System.Data.Linq, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/>
</assemblies>
</compilation>
<authentication mode="Forms">
<forms loginUrl="~/Account/Login.aspx" timeout="2880"/>
</authentication>
<membership>
<providers>
<clear/>
<add name="AspNetSqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider" connectionStringName="ApplicationServices" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" requiresUniqueEmail="false" maxInvalidPasswordAttempts="5" minRequiredPasswordLength="6" minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10" applicationName="/"/>
</providers>
</membership>
<profile>
<providers>
<clear/>
<add name="AspNetSqlProfileProvider" type="System.Web.Profile.SqlProfileProvider" connectionStringName="ApplicationServices" applicationName="/"/>
</providers>
</profile>
<roleManager enabled="true">
<providers>
<clear />
<add connectionStringName="ApplicationServices" applicationName="/"
name="AspNetSqlRoleProvider" type="System.Web.Security.SqlRoleProvider" />
<add applicationName="/" name="AspNetWindowsTokenRoleProvider"
type="System.Web.Security.WindowsTokenRoleProvider" />
</providers>
</roleManager>
</system.web>
<system.webServer>
<modules runAllManagedModulesForAllRequests="true"/>
</system.webServer>
</configuration>
Your error says that the database is already present, so first delete it and then run WSAT. If not works then delete your web.config and add a new config file to your project and then run WSAT and add the aspnetdb database.
Also you can try aspnet_regsql
Path: C:\Windows\Microsoft.NET\Framework\v4.0.30319
Run it, then you can add or remove AspNet database tables from your database.
Read more detail on MSDN
When I login to my webform in my production environment ( IIS 7.5 + SQL Server 2008), my session expires after just a few couple of seconds (less than 1 minute).
But when I do the same in my dev environment (ASP.Net Development Server + SQL Server 2008) the session is persistant long enough... (several minutes).
I use the ASP.Net membership technology with Forms authentication mode and try to use Cookies.
It look like something on the server is overriding my parameters, but I don't have access to the production IIS configuration (I subscribed to a shared hosting)
Here are my web.config parmeters:
<system.web>
<compilation debug="true" targetFramework="4.0">
<assemblies>
<add assembly="System.Data.Entity, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />
</assemblies>
</compilation>
<authentication mode="Forms">
<forms loginUrl="~/Pages/Front/Login.aspx"
protection="All"
timeout="900"
path="/"
requireSSL="false"
slidingExpiration="true"
defaultUrl="~/Pages/Front"
cookieless="UseCookies"
name="MySite" />
</authentication>
<membership defaultProvider="AspNetSqlMembershipProvider">
<providers>
<clear />
<add name="AspNetSqlMembershipProvider"
type="System.Web.Security.SqlMembershipProvider, System.Web, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
connectionStringName="XXX"
enablePasswordRetrieval="false"
enablePasswordReset="true"
requiresQuestionAndAnswer="true"
applicationName="/"
requiresUniqueEmail="false"
passwordFormat="Hashed"
maxInvalidPasswordAttempts="5"
minRequiredPasswordLength="5"
minRequiredNonalphanumericCharacters="0"
passwordAttemptWindow="10"
passwordStrengthRegularExpression=""/>
</providers>
</membership>
<roleManager enabled="true"
cookieName="booble.com"
cookieProtection="All"
cookieSlidingExpiration="true"
cookieTimeout="90"
createPersistentCookie="true"
cookieRequireSSL="false">
<providers>
<clear />
<add name="AspNetSqlRoleProvider" type="System.Web.Security.SqlRoleProvider" connectionStringName="XXX" applicationName="/" />
<!--<add name="AspNetWindowsTokenRoleProvider" type="System.Web.Security.WindowsTokenRoleProvider" applicationName="/" />-->
</providers>
</roleManager>
<sessionState timeout="90" />
<customErrors defaultRedirect="Error.aspx" mode="On" redirectMode="ResponseRewrite" >
<error statusCode="404" redirect="Error404.aspx"/>
</customErrors>
<!-- needed because of my Provider-->
<pages enableViewStateMac="false" />
<siteMap enabled="true" defaultProvider="AspNetXmlSiteMapProvider">
<providers>
<clear />
<add siteMapFile="Web.sitemap" name="AspNetXmlSiteMapProvider"
type="System.Web.XmlSiteMapProvider, System.Web, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
securityTrimmingEnabled="true" />
</providers>
</siteMap>
</system.web>
Thanks a LOT in advance for your answers !
The problem was coming from my shared hosting provider, I contacted them in their help forum and on of their admin "changed" something on server-side, and now it works... they didn't want to tell me what they have modified.
FYI my shared hosting provider is named OVH.com, so if you have a session timeout problem (expiring every 30 sec to 1 min), even if you have configured your web.config correctly (to be sure,I even put my sessionState mode="SQLServer") , just contact them and they will do the necessary.
I'll post here if I get an explanation, thanks for your readings
Check if your session timeout is being set through code too.
<sessionState timeout="90" />
and
cookieTimeout="90"
Should have worked fine. Development servers are very forgiving about session timeouts.
Developement server doesn't represent a proper IIS 7 environment
This provides a convenient way to test your ASP.NET application
without IIS 7 - however, we recommend that you configure
Visual Studio to test your application by using the IIS 7 environment.
The reasons for this are: The ASP.NET Development Server does not
support hosting ASP.NET applications in Integrated mode, which is the
default mode of operation used by IIS 7. This may introduce
differences in application behavior.
Refer here
I am trying to configure my site with ASP.NET Membership to deal with the whole user's login.
For some reason, I can't connect to my DB from the ASP configuration screen. All the TCP/IP are enabled in the SQL server configuration, but for some reason my website can't connect.
The relevant things to check for this issue (that come to my mind) are all in the Web.config file for your application.
You should have a connection to the SQL server set up:
<configuration>
<connectionStrings>
<add name="ApplicationServices" connectionString="data source=ServerName;Initial Catalog=aspnetdb;User Id=sqlUser;Password=sqlPassword" providerName="System.Data.SqlClient"/>
Note: the "connection string" attribute there should point to your SQLExpress instance.
You should have a membership provider pointing to that connection (with some additional setup parameters:
<membership>
<providers>
<clear/>
<add name="AspNetSqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider" connectionStringName="ApplicationServices" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" requiresUniqueEmail="false" maxInvalidPasswordAttempts="5" minRequiredPasswordLength="4" minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10" applicationName="/"/>
</providers>
</membership>
And (possibly) you should have your authentication mode set to forms:
<authentication mode="Forms">
<forms loginUrl="~/Account/Login.aspx" timeout="2880"/>
</authentication>
I'm having a spot of trouble with ASP.NET 4.0 memberships. I want to have all my membership configuration in my web.config file and not use machine.config. I am storing the membership in a remote SQL Server 2008 R2 database server called MYSERVER\A. Here's the relevant sections of web.config
<connectionStrings>
<clear/>
<add name="MarksDB" connectionString="Server=MYSQLSERVER\A;Database=test_d; Trusted_Connection=Yes; Application Name=MarksDB"/>
</connectionStrings>
<system.web>
<authorization>
<allow roles="Admins" />
<deny users="?" />
</authorization>
<authentication mode="Forms">
<forms name="MarksDB" />
</authentication>
<membership defaultProvider="MarksDBMembershipProvider">
<providers>
<clear/>
<add
name="MarksDBMembershipProvider"
type="System.Web.Security.SqlMembershipProvider, System.Web, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
connectionStringName="MarksDB"
enablePasswordRetrieval="false"
enablePasswordReset="true"
requiresQuestionAndAnswer="true"
applicationName="MarksDBMembershipProvider"
requiresUniqueEmail="false"
passwordFormat="Hashed"
maxInvalidPasswordAttempts="5"
minRequiredPasswordLength="7"
minRequiredNonalphanumericCharacters="1"
passwordAttemptWindow="10"
passwordStrengthRegularExpression=""/>
</providers>
</membership>
<roleManager enabled="true" defaultProvider="MarksDBRoleProvider">
<providers>
<clear/>
<add
name="MarksDBRoleProvider"
type="System.Web.Security.SqlRoleProvider, System.Web, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
connectionStringName="MarksDB"
applicationName="MarksDBRoleProvider"
/>
</providers>
</roleManager>
In Visual Studio 2010, when I go to WebSite->ASP.NET Configuration, and click Add User on the Security tab, I get this error:
An error was encountered. Please return to the previous page and try again.
The following message may help in diagnosing the problem: The connection name 'MarksDB' was not found in the applications configuration or the connection string is empty. at System.Web.Util.SecUtility.GetConnectionString(NameValueCollection config) at System.Web.Security.SqlMembershipProvider.Initialize(String name, NameValueCollection config) at System.Web.Configuration.ProvidersHelper.InstantiateProvider(ProviderSettings providerSettings, Type providerType)
I am not sure how to troubleshoot this problem. Any ideas?
You should use the applicationName attribute both in membership provider and in role manager to specify your application (because you could have another application using the same database). But you are specifying the Application Name in the connection string.
I believe you would remove the applicationName from membership provider and from role provider.