I develop some site, that uses authentication ticket from API of other service.
I have method GetSessionTicket() from API. And now question:
can i do asp.net authentication thats depends only from cookie?
Now i remove all section about Membership provider at web.config:
<add name="ApplicationServices"
connectionString="data source=.\SQLEXPRESS;Integrated Security=SSPI;AttachDBFilename=|DataDirectory|aspnetdb.mdf;User Instance=true"
providerName="System.Data.SqlClient" />
<membership>
<providers>
<clear/>
<add name="AspNetSqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider" connectionStringName="ApplicationServices"
enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" requiresUniqueEmail="false"
maxInvalidPasswordAttempts="5" minRequiredPasswordLength="6" minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10"
applicationName="/" />
</providers>
</membership>
<profile>
<providers>
<clear/>
<add name="AspNetSqlProfileProvider" type="System.Web.Profile.SqlProfileProvider" connectionStringName="ApplicationServices" applicationName="/" />
</providers>
</profile>-->
<roleManager enabled="false">
<providers>
<clear/>
<add name="AspNetSqlRoleProvider" type="System.Web.Security.SqlRoleProvider" connectionStringName="ApplicationServices" applicationName="/" />
<add name="AspNetWindowsTokenRoleProvider" type="System.Web.Security.WindowsTokenRoleProvider" applicationName="/" />
</providers>
</roleManager>
and left this:
<authentication mode="Forms">
<forms loginUrl="~/Account/LogOn" timeout="2880" />
</authentication>
LogOn logic looks like:
var ticket = SecurityService.GetSessionTicket(model.UserName, model.Password);
FormsAuthentication.SetAuthCookie(ticket.SessionUserId.ToString(), true);
Is it ok? Now my ASP.NET authorization based only on cookie and does not require sql server or aspnetdb.mdf, yes?
Yes it is fine to do this, what you are essentially doing is implementing Forms authentication, without the membership database. You are not required to use a membership datbase to achieve authentication, and setting the cookies in code is fine.
Related
I have an error in my index page and my hosting support tell me that the "web config" file has a problem
http://schoolearn.ir/pay
this is my website
<?xml version="1.0"?>
<!--
For more information on how to configure your ASP.NET application, please visit
http://go.microsoft.com/fwlink/?LinkId=169433
-->
<configuration>
<connectionStrings>
<add name="ApplicationServices"
connectionString="data source=.\SQLEXPRESS;Integrated Security=SSPI;AttachDBFilename=|DataDirectory|\aspnetdb.mdf;User Instance=true"
providerName="System.Data.SqlClient" />
</connectionStrings>
<system.web>
<compilation debug="true" strict="false" explicit="true" targetFramework="4.0" />
<authentication mode="Forms">
<forms loginUrl="~/Account/Login.aspx" timeout="2880" />
</authentication>
<membership>
<providers>
<clear/>
<add name="AspNetSqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider" connectionStringName="ApplicationServices"
enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" requiresUniqueEmail="false"
maxInvalidPasswordAttempts="5" minRequiredPasswordLength="6" minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10"
applicationName="/" />
</providers>
</membership>
<profile>
<providers>
<clear/>
<add name="AspNetSqlProfileProvider" type="System.Web.Profile.SqlProfileProvider" connectionStringName="ApplicationServices" applicationName="/"/>
</providers>
</profile>
<roleManager enabled="false">
<providers>
<clear/>
<add name="AspNetSqlRoleProvider" type="System.Web.Security.SqlRoleProvider" connectionStringName="ApplicationServices" applicationName="/" />
<add name="AspNetWindowsTokenRoleProvider" type="System.Web.Security.WindowsTokenRoleProvider" applicationName="/" />
</providers>
</roleManager>
</system.web>
<system.webServer>
<modules runAllManagedModulesForAllRequests="true"/>
</system.webServer>
</configuration>
I have no database and my pages are static but i need to implement my website using asp.net
As error says: This error can be caused by a virtual directory not being configured as an application in IIS, so in the IIS you should convert the pay directory to a application or move the files to the root of the host (instead of the pay directory) and try again.
I upload my project to IIS ,I used my custome sqlmembership provider.and createed roles and users ,but when I tring to edit/delete/update data ,It tell me "u dont have a permission to do that" but inside the roles already define it can do that.
Plus I am using VS ASP.NET configuration tool,to add user and roles but when click the test button onAspNetSqlRoleProvider ,it tell me not found database.It works fine with VS build-in server but I upload the IIs ,it give error.
here is the a part of web.config
<system.web>
<roleManager enabled="true" />
<customErrors mode="RemoteOnly" defaultRedirect="~/Admin/Hata.aspx" />
<authentication mode="Forms">
<forms cookieless="AutoDetect" loginUrl="~/Login.aspx" />
</authentication>
<membership defaultProvider="MySqlMembershipProvider">
<providers>
<clear/>
<!--Add a customized SqlMembershipProvider -->
<add name="MySqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider"
connectionStringName="OSProjeConnectionString" enablePasswordRetrieval="false"
enablePasswordReset="true" requiresQuestionAndAnswer="false" requiresUniqueEmail="false"
passwordFormat="Hashed" maxInvalidPasswordAttempts="15" minRequiredPasswordLength="5"
minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10"
passwordStrengthRegularExpression="">
</providers>
</membership>
<connectionStrings>
<add name="OSProjeConnectionString" connectionString="Data Source=.\SQLEXPRESS;Initial Catalog=OSProje;Integrated Security=SSPI; User ID=sa;Password=password;" />
</connectionStrings>
..............
...................
edıt :
I fix the problem adding this lines
<roleManager defaultProvider="roleProvider">
<providers>
<add connectionStringName="OSProjeConnectionString"
name="roleProvider"
type="System.Web.Security.SqlRoleProvider" />
</providers>
</roleManager>
Here is the line which is creating problem.
But you have not specified the DefaultProvider, so it takes AspNetSqlRoleProvider as the provider. Now you have to check the settings of AspNetSqlRoleProvider. Or you can add the following code:
<roleManager
enabled="false"
cacheRolesInCookie="false"
cookieName=".ASPXROLES"
cookieTimeout="30"
cookiePath="/"
cookieRequireSSL="false"
cookieSlidingExpiration="true"
cookieProtection="All"
defaultProvider="AspNetSqlRoleProvider"
createPersistentCookie="false"
maxCachedResults="25">
<providers>
<clear />
<add
connectionStringName="LocalSqlServer"
applicationName="/"
name="AspNetSqlRoleProvider"
type="System.Web.Security.SqlRoleProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
<add
applicationName="/"
name="AspNetWindowsTokenRoleProvider"
type="System.Web.Security.WindowsTokenRoleProvider, System.Web, Version=2.0.0.0,
Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
</providers>
</roleManager>
With some modifications.
Regarding App_Data folder, its automatically created for the application related data. For more details read this
I'm trying to allow users to login with either forms authentication or their AD account but having some problems. I'm logged into an AD accountno,w but Page.User.Identity.Name is blank. I have this in my web.config:
<connectionStrings>
<add name="ADConnectionString" connectionString="LDAP://full.domain.address:389/DC=mydomain,DC=blah,DC=uk"/>
<add name="myapp" connectionString="Data Source=myserver;Initial Catalog=myapp;User ID=myapp;Password=myapp" providerName="System.Data.SqlClient"/>
</connectionStrings>
<system.web>
<authentication mode="Forms">
<forms loginUrl="~/Account/Login.aspx" timeout="129600" name="CookieMonster" protection="All" slidingExpiration="true" cookieless="UseCookies"/>
</authentication>
<membership defaultProvider="ADMembershipProvider">
<providers>
<clear/>
<add name="AspNetSqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider"
connectionStringName="myapp" enablePasswordRetrieval="false" enablePasswordReset="true"
requiresQuestionAndAnswer="false" requiresUniqueEmail="false"
maxInvalidPasswordAttempts="5" minRequiredPasswordLength="6" minRequiredNonalphanumericCharacters="0"
passwordAttemptWindow="10" applicationName="/"/>
<add name="ADMembershipProvider" type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
connectionStringName="ADConnectionString"/>
</providers>
</membership>
<profile>
<providers>
<clear/>
<add name="AspNetSqlProfileProvider" type="System.Web.Profile.SqlProfileProvider" connectionStringName="myapp" applicationName="/"/>
</providers>
</profile>
Do I need to do something else to get this to work? I've tried logging in with my domain account and domain\myaccount to no avail.
When I try var u = Membership.GetUser("mydomain\\myuser"); I get an error: Usernames must not contain '\' when mapped to 'userPrincipalName'.
AD userPrincipalName might be something like user#full.domain.address. Try using the sAMAccountName value for the attributeMapUsername:
<add name="ADMembershipProvider"
type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
connectionStringName="ADConnectionString"
attributeMapUsername="sAMAccountName"/>
If you are unable to connect, you may need to add connectionUsername and connectionUserPassword attributes (check the MSDN documentation).
"sAMAccountName" does not include the domain. To resolve your problem, simply remove the domain qualifying form your username:
Instead of var u = Membership.GetUser("mydomain\\myuser");
use var u = Membership.GetUser("myuser");
This is because you specified the domain in the connection string, implicitly by connecting to a particular active directory.
I use method=get to send my data from one webform to the other. But I don't want to have in the URL query things like:
Search.aspx?__EVENTTARGET=&__EVENTARGUMENT=&__VIEWSTATE=%2FwEPDwUKLTYwODIwNTg5MQ9kFgJmD2QWAgIDDxYCHgZtZXRob2QFA2dldGRkGOirvzjoAxt%2BfOb915%2FpsYZXmAxLZZdpnK6UW7A9%2Fk83D&__PREVIOUSPAGE=cog5Yzt_1GerH9r2ERTIPbLWMCwMFYteZjmDYCbBO3vobCG4C_mWM7GZMNuBesyAjw77cvuNKl_aSUYzeajiW6W0CjI0tLB6ikjcM4t5Kbg1&__EVENTVALIDATION=%2FwEWAgKYsPjPDQKY24%2FQBBH4CPejKl3spy0A%2BtpMxb%2BCGVGJf73dYtmaEnIFF4IR&name=Amy&state=24&ctl00%24MainContent%24submit=Searchbut
I only want the name and the state to be in the Get query like:
?name=Amy&state=24
<configuration>
<authentication mode="Forms">
<forms loginUrl="~/Account/Login.aspx" timeout="2880" />
</authentication>
<membership>
<providers>
<clear/>
<add name="AspNetSqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider" connectionStringName="ApplicationServices"
enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" requiresUniqueEmail="false"
maxInvalidPasswordAttempts="5" minRequiredPasswordLength="6" minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10"
applicationName="/" />
</providers>
</membership>
<profile>
<providers>
<clear/>
<add name="AspNetSqlProfileProvider" type="System.Web.Profile.SqlProfileProvider" connectionStringName="ApplicationServices" applicationName="/"/>
</providers>
</profile>
<roleManager enabled="false">
<providers>
<clear/>
<add name="AspNetSqlRoleProvider" type="System.Web.Security.SqlRoleProvider" connectionStringName="ApplicationServices" applicationName="/" />
<add name="AspNetWindowsTokenRoleProvider" type="System.Web.Security.WindowsTokenRoleProvider" applicationName="/" />
</providers>
</roleManager>
</system.web>
<system.webServer>
<modules runAllManagedModulesForAllRequests="true"/>
</system.webServer>
</configuration>
Most of the additional parameters appear to be view state ones?
You could consider turning off view state – see this MSDN article which would get you closer to your desired URL.
Other options include switching to POST as the method or using some other mechanism to pass the additional data such as setting cookies.
Or moving to something like ASP.Net MVC which would allow your more control over how URLs are created/used.
i am facing a wierd problem
i use visual studio 2010, SQL express 2008 on win server 2008
after running the wizard of security (created single user, set permissions like deny anonymous and allow the created user) and pressing F5 --> the site works just fine.
when i move the folder to IIS 7 and "convert to application" the login page appears but it wont accept the password i provided.
i was told that only Stackoverflow geniuses will answer this question.
i am using .Net 4, manged pipleine mode --> inegrated
IIS settings:
Anonymous Auth. --> Enabled
Forms Auth. --> Enabled
ASP.Net Impersonation, Basic Auth, Digest Auth, Windows Auth--> Disabled
web.config
<configuration>
<connectionStrings>
<add name="ApplicationServices" connectionString="data source=.\SQLEXPRESS;Integrated Security=SSPI;AttachDBFilename=|DataDirectory|\aspnetdb.mdf;User Instance=true" providerName="System.Data.SqlClient"/>
</connectionStrings>
<system.web>
<authorization>
<deny users="?"/>
<allow users="statmaster"/>
</authorization>
<compilation debug="true" strict="false" explicit="true" targetFramework="4.0"/>
<authentication mode="Forms">
<forms loginUrl="~/Account/Login.aspx" timeout="2880"/>
</authentication>
<membership>
<providers>
<clear/>
<add name="AspNetSqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider" connectionStringName="ApplicationServices" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" requiresUniqueEmail="false" maxInvalidPasswordAttempts="5" minRequiredPasswordLength="6" minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10" applicationName="/"/>
</providers>
</membership>
<profile>
<providers>
<clear/>
<add name="AspNetSqlProfileProvider" type="System.Web.Profile.SqlProfileProvider" connectionStringName="ApplicationServices" applicationName="/"/>
</providers>
</profile>
<roleManager enabled="false">
<providers>
<clear/>
<add name="AspNetSqlRoleProvider" type="System.Web.Security.SqlRoleProvider" connectionStringName="ApplicationServices" applicationName="/"/>
<add name="AspNetWindowsTokenRoleProvider" type="System.Web.Security.WindowsTokenRoleProvider" applicationName="/"/>
</providers>
</roleManager>
</system.web>
<system.webServer>
<modules runAllManagedModulesForAllRequests="true"/>
</system.webServer>
</configuration>
the username exists in aspnet_Users table and the username "encrypted" in aspnet_Membership table
Read the article
Always set the "applicationName" property when configuring ASP.NET 2.0 Membership and other Providers
try creating a new website and put the application component in the root in case web.config application name = "/"
i hope this will solve it
<membership>
<providers>
<clear/>
<add name="AspNetSqlMembershipProvider"
type="System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
connectionStringName="LocalSqlServer"
enablePasswordRetrieval="false"
enablePasswordReset="true"
requiresQuestionAndAnswer="true"
requiresUniqueEmail="false"
passwordFormat="Hashed"
maxInvalidPasswordAttempts="5"
minRequiredPasswordLength="7"
minRequiredNonalphanumericCharacters="1"
passwordAttemptWindow="10"
passwordStrengthRegularExpression=""
applicationName="/"
/>
</providers>
</membership>
http://weblogs.asp.net/scottgu/archive/2006/04/22/Always-set-the-_2200_applicationName_2200_-property-when-configuring-ASP.NET-2.0-Membership-and-other-Providers.aspx