sessionState problem at .net mvc (MySQL) - asp.net

Have next problem: i setup the custom session state server (store sessions in Mysql). But the session data not added to database (the default .net session table is empty), but the authorization works (!). If I change the coockieless option to true, the session data start to add to database (but i dont want to use coockieless=true).
Sometimes I think that the framework choose what to use: inproc or my custom store...
My Config:
<sessionState mode="Custom" cookieless="false" timeout="20" customProvider="MySqlSessionStateStore">
<providers>
<add name="MySqlSessionStateStore" type="MySql.Web.SessionState.MySqlSessionStateStore, MySql.Web, Version=6.3.6.0, Culture=neutral, PublicKeyToken=c5687fc88969c44d" applicationName="/" description="" connectionStringName="MySqlMembershipConnection" writeExceptionsToEventLog="False" autogenerateschema="True" />
</providers>
</sessionState>
<authentication mode="Forms">
<forms loginUrl="~/Account/LogOn" timeout="2880" />
</authentication>
<membership defaultProvider="MySqlMembershipProvider">
<providers>
<clear />
<add name="MySqlMembershipProvider" type="MySql.Web.Security.MySQLMembershipProvider, MySql.Web, Version=6.3.6.0, Culture=neutral, PublicKeyToken=c5687fc88969c44d" applicationName="/" description="MySQL default application" connectionStringName="MySqlMembershipConnection" writeExceptionsToEventLog="False" autogenerateschema="True" enablePasswordRetrieval="False" enablePasswordReset="True" requiresQuestionAndAnswer="False" requiresUniqueEmail="True" passwordFormat="Hashed" maxInvalidPasswordAttempts="5" minRequiredPasswordLength="6" minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10" passwordStrengthRegularExpression="" />
</providers>
</membership>
<profile defaultProvider="MySqlProfileProvider">
<providers>
<clear />
<add name="MySqlProfileProvider" type="MySql.Web.Profile.MySQLProfileProvider, MySql.Web, Version=6.3.6.0, Culture=neutral, PublicKeyToken=c5687fc88969c44d" applicationName="/" description="" connectionStringName="MySqlMembershipConnection" writeExceptionsToEventLog="False" autogenerateschema="True" />
</providers>
</profile>
<roleManager enabled="true" defaultProvider="MySqlRoleProvider">
<providers>
<clear />
<add name="MySqlRoleProvider" type="MySql.Web.Security.MySQLRoleProvider, MySql.Web, Version=6.3.6.0, Culture=neutral, PublicKeyToken=c5687fc88969c44d" applicationName="/" description="" connectionStringName="MySqlMembershipConnection" writeExceptionsToEventLog="False" autogenerateschema="True" />
</providers>
</roleManager>
<connectionStrings>
<add name="photostorageEntities" connectionString="metadata=res://*/Models.Photos.csdl|res://*/Models.Photos.ssdl|res://*/Models.Photos.msl;provider=MySql.Data.MySqlClient;provider connection string="server=ip;User Id=user;password=pass;Persist Security Info=True;database=photostorage; Charset=utf8"" providerName="System.Data.EntityClient" />
<add name="MySqlMembershipConnection" connectionString="Data Source=ip;userid=user;password=pass;database=photostorage;Charset=utf8" providerName="MySql.Data.MySqlClient" />
</connectionStrings>

Fixed using separated connection string for Sessions (I don't know why it's not working in other way)

Related

Membership having problems creating users from different application

I have 2 applications (MVC) like this :
Website
and
Admininistration
In each of them, I'm using asp.net membership provider (using mysql) like this :
Website web.config
<roleManager enabled="true" defaultProvider="MySQLRoleProvider">
<providers>
<clear />
<add name="MySQLRoleProvider" type="MySql.Web.Security.MySQLRoleProvider, MySql.Web, Version=6.8.3.0, Culture=neutral, PublicKeyToken=c5687fc88969c44d" connectionStringName="mySqlConnectionString" applicationName="Website" />
</providers>
</roleManager>
<membership defaultProvider="MySQLMembershipProvider" hashAlgorithmType="SHA1">
<providers>
<clear />
<add name="MySQLMembershipProvider" autogenerateschema="false"
type="MySql.Web.Security.MySQLMembershipProvider, MySql.Web, Version=6.8.3.0, Culture=neutral, PublicKeyToken=c5687fc88969c44d"
connectionStringName="mySqlConnectionString"
enablePasswordRetrieval="false"
enablePasswordReset="true"
requiresQuestionAndAnswer="false"
applicationName="Website"
requiresUniqueEmail="true"
passwordFormat="Hashed"
maxInvalidPasswordAttempts="25"
minRequiredPasswordLength="6"
minRequiredNonalphanumericCharacters="0"
passwordAttemptWindow="10"
passwordStrengthRegularExpression="" />
</providers>
</membership>
Adminitration web.config
<roleManager enabled="true" defaultProvider="MySQLRoleProvider">
<providers>
<clear />
<add name="MySQLRoleProvider" type="MySql.Web.Security.MySQLRoleProvider, MySql.Web, Version=6.8.3.0, Culture=neutral, PublicKeyToken=c5687fc88969c44d" connectionStringName="mySqlConnectionString" applicationName="Administration" />
</providers>
</roleManager>
<membership defaultProvider="MySQLMembershipProvider" hashAlgorithmType="SHA1">
<providers>
<clear />
<add name="MySQLMembershipProvider" autogenerateschema="true" type="MySql.Web.Security.MySQLMembershipProvider, MySql.Web, Version=6.8.3.0, Culture=neutral, PublicKeyToken=c5687fc88969c44d" connectionStringName="mySqlConnectionString" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" applicationName="Glocalapps" requiresUniqueEmail="true" passwordFormat="Hashed" maxInvalidPasswordAttempts="5" minRequiredPasswordLength="6" minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10" passwordStrengthRegularExpression="" />
</providers>
</membership>
<profile defaultProvider="MySqlProfileProvider">
<providers>
<clear />
<add name="MySQLProfileProvider" type="MySql.Web.Profile.MySQLProfileProvider, MySql.Web, Version=6.8.3.0, Culture=neutral, PublicKeyToken=c5687fc88969c44d" connectionStringName="mySqlConnectionString" applicationName="Administration" />
</providers>
</profile>
Both use same connection string.
Everything works without a problem, I can register and login on both sites and users are created perfectly within it's own application.
I'm trying to implement a Create User from the Administration web application for the Website application like this :
Membership.ApplicationName = "Website";
var membership = Membership.CreateUser(username, password);
this does create the user without a problem, but if I try to log in from the website application, it returns a password error. I did testing and this is indeed a password error. (if i copy another hash/salt from other user created on the website I can then login with this new created user, so the user is created OK, but for some reason the password is not recognized when the user is created from the Administration application)
Anyone has already faced this problem or have any idea on why is not working ?
The problem was that on one config I have this :
<membership defaultProvider="MySQLMembershipProvider" hashAlgorithmType="SHA1">
while the other application
<membership defaultProvider="MySQLMembershipProvider">
adding the hashAlgorithType solved the issue. Application name CAN be changed on runtime.

Cant configure MVC 4 SqlMembershipProvider

I am setting up my MVC 4 website to use SqlMembershipProvider with data store as SQL Server Express 11.0.21xx
I have installed Universal Providers via NuGet
PM > Install-Package Microsoft.AspNet.Providers
When I run the app and go to localhost/Accounts/Register and submit the form, I get this error
To call this method, the "Membership.Provider" property must be an instance of "ExtendedMembershipProvider".
at this line
WebSecurity.CreateUserAndAccount(model.UserName, model.Password);
Accounts controller has attribute [InitializeSimpleMembership] set. But the tables are not created due to aforementioned error.
web.config section updated by NuGet
<profile defaultProvider="DefaultProfileProvider">
<providers>
<add name="DefaultProfileProvider"
type="System.Web.Providers.DefaultProfileProvider, System.Web.Providers, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"
connectionStringName="DefaultConnection"
applicationName="/" />
</providers>
</profile>
<membership defaultProvider="DefaultMembershipProvider">
<providers>
<add name="DefaultMembershipProvider"
type="System.Web.Providers.DefaultMembershipProvider, System.Web.Providers, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"
connectionStringName="DefaultConnection"
enablePasswordRetrieval="false"
enablePasswordReset="true"
requiresQuestionAndAnswer="false"
requiresUniqueEmail="false"
maxInvalidPasswordAttempts="5"
minRequiredPasswordLength="6"
minRequiredNonalphanumericCharacters="0"
passwordAttemptWindow="10"
applicationName="/" />
</providers>
</membership>
<roleManager enabled="true" defaultProvider="DefaultRoleProvider">
<providers>
<add name="DefaultRoleProvider"
type="System.Web.Providers.DefaultRoleProvider, System.Web.Providers, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"
connectionStringName="DefaultConnection"
applicationName="/" />
</providers>
</roleManager>
<sessionState mode="InProc" customProvider="DefaultSessionProvider">
<providers>
<add name="DefaultSessionProvider"
type="System.Web.Providers.DefaultSessionStateProvider, System.Web.Providers, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"
connectionStringName="DefaultConnection" />
</providers>
</sessionState>
ConnectionString
<add name="DefaultConnection" connectionString="server=servername\instance;Database=imdb;User Id=sa; Password=passbird;" providerName="System.Data.SqlClient" />
Where's the problem? Should I use universal providers at all? I dont believe I should run aspnet_regsql cos of the new Account controller.
All I had to do was change DefaultMembershipProvider to SimpleMembershipProvider in web.config. type attribute is important to get it right.
<membership defaultProvider="DefaultMembershipProvider">
<providers>
<add name="DefaultMembershipProvider"
type="WebMatrix.WebData.SimpleMembershipProvider, WebMatrix.WebData"
connectionStringName="DefaultConnection"
enablePasswordRetrieval="false"
enablePasswordReset="true"
requiresQuestionAndAnswer="false"
requiresUniqueEmail="false"
maxInvalidPasswordAttempts="5"
minRequiredPasswordLength="6"
minRequiredNonalphanumericCharacters="0"
passwordAttemptWindow="10"
applicationName="/" />
</providers>
</membership>
<roleManager enabled="true" defaultProvider="DefaultRoleProvider">
<providers>
<add name="DefaultRoleProvider"
type="WebMatrix.WebData.SimpleRoleProvider, WebMatrix.WebData"
connectionStringName="DefaultConnection"
applicationName="/" />
</providers>
</roleManager>

Length of the cookie text for caching RolePrincipal is always larger than 4096

I tried implementation ASP.NET role-based authorization for my project, but I never found cookie is saved in client browser. I tried some testing code like,
RolePrincipal rolePrincipal = new RolePrincipal(new GenericIdentity("a"));
string text1 = rolePrincipal.ToEncryptedTicket();
There's no roles in this such simple RolePrincipal object and Roles.CookieProtectionValue is set to 'none'. However the length of text1 is 4,688 which is larger than 4,096, so it fails to push the cookie into client browser.
It does not make sense otherwise it's not possible to use cookie to cache the roles.
What's wrong with it?
Thanks
Here's related sections in web.config
<authentication mode="Forms">
<forms loginUrl="~/Account/LogOn" timeout="2880" name=".TestAUTH"/>
</authentication>
<membership>
<providers>
<clear/>
<add name="AspNetSqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider" connectionStringName="ApplicationServices"
enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" requiresUniqueEmail="false"
maxInvalidPasswordAttempts="5" minRequiredPasswordLength="6" minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10"
applicationName="/" />
</providers>
</membership>
<profile>
<providers>
<clear/>
<add name="AspNetSqlProfileProvider" type="System.Web.Profile.SqlProfileProvider" connectionStringName="ApplicationServices" applicationName="/" />
</providers>
</profile>
<roleManager enabled="true" cookieName=".TestROLE" cookieProtection="None" cacheRolesInCookie="true" cookieTimeout="30" cookiePath="/" cookieRequireSSL="false" cookieSlidingExpiration="false" >
<providers>
<clear/>
<add name="AspNetSqlRoleProvider" type="System.Web.Security.SqlRoleProvider" connectionStringName="ApplicationServices" applicationName="/" />
<!--<add name="AspNetWindowsTokenRoleProvider" type="System.Web.Security.WindowsTokenRoleProvider" applicationName="/" />-->
</providers>
</roleManager>
Try adding default provider, so from this:
<roleManager enabled="true" cookieName=".TestROLE" cookieProtection="None" cacheRolesInCookie="true" cookieTimeout="30" cookiePath="/" cookieRequireSSL="false" cookieSlidingExpiration="false" >
<providers>
<clear/>
<add name="AspNetSqlRoleProvider" type="System.Web.Security.SqlRoleProvider" connectionStringName="ApplicationServices" applicationName="/" />
<!--<add name="AspNetWindowsTokenRoleProvider" type="System.Web.Security.WindowsTokenRoleProvider" applicationName="/" />-->
</providers>
</roleManager>
to this:
<roleManager defaultProvider="AspNetSqlRoleProvider" enabled="true" cookieName=".TestROLE" cookieProtection="None" cacheRolesInCookie="true" cookieTimeout="30" cookiePath="/" cookieRequireSSL="false" cookieSlidingExpiration="false" >
<providers>
<clear/>
<add name="AspNetSqlRoleProvider" type="System.Web.Security.SqlRoleProvider" connectionStringName="ApplicationServices" applicationName="/" />
<!--<add name="AspNetWindowsTokenRoleProvider" type="System.Web.Security.WindowsTokenRoleProvider" applicationName="/" />-->
</providers>
</roleManager>
Unfortunately this is by design due to changes in the underlying types in .NET 4.5. You can turn off storing of user roles in cookies to prevent this issue (http://msdn.microsoft.com/en-us/library/system.web.security.roles.cacherolesincookie.aspx).
https://connect.microsoft.com/VisualStudio/feedback/details/759157/net-4-5-binaryformatter-serialization-generates-too-long-string
fyi:
Microsoft has recently published an update which fixes this issue.
See KB 2750147

MySQLRoleProvider

I am using MySQL Connector/.NET and a custom MySQL membership provider.
Here is a part of the web.config:
<roleManager enabled="true" defaultProvider="MySQLRoleProvider">
<providers>
<clear />
<add applicationName="name" description=""
connectionStringName="MySQLMP" writeExceptionsToEventLog="False"
autogenerateschema="True" name="MySQLRoleProvider" type="MySql.Web.Security.MySQLRoleProvider, MySql.Web, Version=6.4.4.0, Culture=neutral, PublicKeyToken=c5687fc88969c44d" />
</providers>
</roleManager>
<membership defaultProvider="MySQLMembershipProvider">
<providers>
<clear />
<remove name="MySQLMembershipProvider" />
<add name="MySQLMembershipProvider" type="MySql.Web.Security.MySQLMembershipProvider, MySql.Web, Version=6.4.4.0, Culture=neutral, PublicKeyToken=c5687fc88969c44d" applicationName="name" description="MySQL default application" connectionStringName="MySQLMP" writeExceptionsToEventLog="False" autogenerateschema="True" enablePasswordRetrieval="False" enablePasswordReset="True" requiresQuestionAndAnswer="True" requiresUniqueEmail="True" passwordFormat="Hashed" maxInvalidPasswordAttempts="5" minRequiredPasswordLength="6" minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10" passwordStrengthRegularExpression="" />
</providers>
</membership>
<profile defaultProvider="MySQLProfileProvider">
<properties>
<add name="AccountNumber" type="string" provider="" />
<remove name="MySQLProfileProvider" />
<add name="MySQLProfileProvider" type="MySql.Web.Profile.MySQLProfileProvider, MySql.Web, Version=6.4.4.0, Culture=neutral, PublicKeyToken=c5687fc88969c44d"/>
</properties>
<providers>
<clear />
<add name="MySQLProfileProvider" connectionStringName="MySQLMP" applicationName="name" type="MySql.Web.Profile.MySQLProfileProvider, MySql.Web, Version=6.4.4.0, Culture=neutral, PublicKeyToken=C5687FC88969C44D" />
</providers>
</profile>
In addition to that I am using ASP.NET authentication form.
What I am trying to do is: after a user logs in, I want to check if he/she is an admin and redirect to a certain page. Easy, right?
I believe, I am supposed to use the following:
if(Role.IsUserInRole(lgnCustomer.UserName, "Administrator"))
lgnCustomer.DestinationPageUrl = "~/admin";
However, for some reason I cannot use "Role". It seems like its missing reference to the MySQLRoleProvider.
Everything else (user registration, log in, role differentiation) works...
Thank you in advance!
The answer is not as difficult as I thought.
Apparently, it does not matter that a membership provider is something other than default SQL provider. I had to use using System.Web.Security; in the beginning, not the using MySQL.Web.Security;

Custom RoleProvider Not Called

My application has custom Role and MembershipProviders. I've registered them in web.config, but when I try to do if(User.IsInRole("Blah")), neither of my breakpoints in the RoleProvider's Initialize or IsUserInRole are hit. The membership provider works fine, so I guess there must be something I've missed from web.config. This is what I have:
<system.web>
...
<membership defaultProvider="MyAppMembershipProvider" userIsOnlineTimeWindow="15">
<providers>
<clear />
<add name="MyAppMembershipProvider"
type="MyAppMembership.MyAppMembershipProvider"
connectionStringName="MyApp"
enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" writeExceptionsToEventLog="false" />
</providers>
</membership>
<roleManager defaultProvider="MyAppRoleProvider">
<providers>
<clear />
<add name="MyAppRoleProvider"
type="MyAppMembership.MyAppRoleProvider"
connectionStringName="MyApp"
enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" writeExceptionsToEventLog="false" />
</providers>
</roleManager>
</system.web>
Is there something else which I need?
The attribute enabled of the the <roleManager>-Element defaults to false! Try:
<roleManager enabled="true" defaultProvider="MyAppRoleProvider">
<providers>
<clear />
<add name="MyAppRoleProvider"
type="MyAppMembership.MyAppRoleProvider"
connectionStringName="MyApp"
enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" writeExceptionsToEventLog="false" />
</providers>
</roleManager>

Resources