given that I can add various attributes to the stock membership provider I assume I can do the same with my own provider implementation.
<add name="MyMembershipProvider" type="Portal.Infrastructure.MyMembershipProvider"
enablePasswordRetrieval="false"
enablePasswordReset="true"
requiresQuestionAndAnswer="true"
[...] />
My question now: How do I access these values in the code? I understand that the ConfigurationManager can be used to access key value pairs in the appSettings section but this is different.
I don't know what section you trying to acces but genearl idea is that you can access WebConfig directly by:
Configuration config = WebConfigurationManager.OpenWebConfiguration(configPath);
// Get the object related to the <identity> section.
IdentitySection section = (IdentitySection)config.GetSection("system.web/identity");
Instead of IdentitySection put your section.
Related
I've been trying to use the CreateUser method to add users to my database. One thing I want is that password questions and answers aren't required, and so I have this in my Web.config:
membership>
<providers>
<clear/>
<add name="AspNetSqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider"
connectionStringName="CBCFXConnString"
enablePasswordRetrieval="false"
enablePasswordReset="true"
requiresQuestionAndAnswer="false"
requiresUniqueEmail="false"
maxInvalidPasswordAttempts="5"
minRequiredPasswordLength="8"
minRequiredNonalphanumericCharacters="0"
passwordAttemptWindow="10"
applicationName="CBCFX"/>
as you can see, I've set the requiresQuestionAndAnswer to false. This setting has been in my configuration ever since I started programming, and I am just dumbfounded as to why that InvalidAnswer persists when I try adding a user with this line:
fxSMP.CreateUser(userName, passWord, eMail, null, null, true, null, out status);
I've even tried passing empty strings to the question and answer arguments:
string pwQuestion = "";
string pwAnswer = "";
fxSMP.CreateUser(userName, passWord, eMail, pwQuestion, pwAnswer, true, null, out status);
but still nothing. What can I do to make this work?
EDIT: I've gone around the internet some more, and there appears to be an overload method wherein you could only input a UserName, Password and Email. Why does this overload not seem to be available in my instance of SqlMembershipProvider?
In your question I can't see how you are declaring the membership element in the web.config file but make sure you set the defaultProvider attribute...just in case. Also, I'd suggest you to use a different overload of the CreateUser method...
System.Web.Security.Membership.CreateUser(string username, string password, string email)
Edit
Now, since you are using the SqlMembershipProvider this overload will not be available. Why? First, because you are NOT supposed to be calling this method directly on your client code. You should rather use the Membership class. If you set the defaultProvider of the membership element in the web.config file and set the requiresQuestionAndAnswer to false then you shouldn't have any issues whatsoever.
By the way, check out this MSDN Documentation
I want use custom membership and custom role providers. I have this classes:
public class CustomRoleProvider : RoleProvider
{
//override methods
}
public class CustomMembershipProvider : MembershipProvider
{
//override methods
}
I want set web.config, Is correct this code?
<membership defaultProvider="CustomMembershipProvider">
<providers>
<clear />
<add name="CustomMembershipProvider" type="Login1.Code.CustomMembershipProvider, Login1, Version=1.0.0.0, Culture=neutral" connectionStringName="LoginDB1Entities" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" requiresUniqueEmail="false" maxInvalidPasswordAttempts="5" minRequiredPasswordLength="6" minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10" applicationName="/" />
</providers>
</membership>
<roleManager enabled="true" defaultProvider="CustomRoleProvider">
<providers>
<clear />
<add name="CustomRoleProvider" type="Login1.Code.CustomRoleProvider" connectionStringName="LoginDB1Entities" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" writeExceptionsToEventLog="false" />
</providers>
</roleManager>
Because when I go to the ASP.NET Configuration, and Security tab, but get this message:
There is a problem with your selected data store. This can be caused by an invalid server name or credentials, or by insufficient permission. It can also be caused by the role manager feature not being enabled. Click the button below to be redirected to a page where you can choose a new data store.
The following message may help in diagnosing the problem: The method or operation is not implemented.
Issue here seems to be originating from your connectionStringName property.
make sure you define/add the connection string in your Web.config's <connectionStrings> section
<connectionStrings>
<add name="LoginDB1Entities" ... />
</connectionStrings>
Also, if you ahve added already as above, then make sure you are using the correct settings.
First check where exactly your database is? Find out which instance of the SQL Server is the database of your application using. Modify the connection string to point to that instance.
The method or operation is not implemented
This is the message get if you throw NotImplementedException without any arguments.
The most obvious reason is that one of your custom providers has not implemented one of the expected methods. If you can get a stack trace, you'll see which one.
UPDATE in response to comment:
my custom membership is working in site
The membership and role providers contain methods for two purposes:
Methods needed at runtime for authentication (MembershipProvider) and authorization (RoleProvider). For example, at runtime a RoleProvider only uses the methods IsUserInRole and GetRolesForUser.
Methods needed to manage users (MembershipProvider), and roles / role membership (RoleProvider). These methods are needed if you want to manage your provider's data store using the ASP.NET Configuration and Security tab.
It's perfectly valid to create a provider that only provides the runtime functionality - a so-called "readonly" provider, in which case you'll have to provide some other outside mechanism for managing the provider's data store. For example, WindowsTokenRoleProvider is a readonly provider. But if you do this, you won't be able to manage your provider store using the ASP.NET Configuration and Security tab.
It appears you have failed to implement one or more of the management methods, and instead are throwing NotImplementedException.
Incidentally, NotImplementedException is not the best exception to throw for unsupported methods in a readonly provider. It should only normally used to indicate a method has not yet been implemented in a version under development.
If you don't ever intend to implement the method, it's better to throw NotSupportedException - or in the case of a provider, perhaps a ProviderException.
Bottom Line Up Front
Should I be seeing multiple user records in aspnet_Users for each user mapping to each of the applications specified in the aspnet_Applications table?
The Situation
I have a web application using ASP.NET forms security. Having created a number of users, I decided to take a look in the AspApplicationServices database which is specified as my provider. In the aspnet_Applications table there are two application records ("/", and "/MyAppNameHere") each with its unique application id.
In the aspnet_Users table, I noticed that I have twice as many users as I expected. One each for both applications (i.e. each user has a record specifying the ID of the "/" and "/MyAppNameHere" application records).
Is this the way it is supposed to work? I have looked about and have found no mention of this activity, or whether it is by design and what it might be for. If it is by design I have to conclude that any changes in user information will be propagated to all of the matching user recods, not just the "root" or the other.
Note: These users were created both through the application (using Membership.Create()) and through the configuration mini-app (Security->Create User).
web.config
<roleManager enabled="true">
<providers>
<clear />
<add applicationName="/" name="AspNetSqlRoleProvider" type="System.Web.Security.SqlRoleProvider" connectionStringName="ApplicationServices" />
<add applicationName="/" name="AspNetWindowsTokenRoleProvider" type="System.Web.Security.WindowsTokenRoleProvider" />
</providers>
</roleManager>
The reason is that you have different Application names in your Membership provider and Role manager provider.
You set the application name of your membership provider to "/MyAppNameHere".
Initially you didn't set the application name of your role manager provider. By default it uses the ApplicationVirtualPath as documented in http://msdn.microsoft.com/en-us/library/system.web.security.roleprovider.applicationname.aspx. Usually it is the virtual path of your web site ("/" in many cases).
As a result, when you call Membership.CreateUser(), it creates two records in aspnet_users. One for membership application id and one for role provider's application id. The two records have the same user name but have different user Ids (one for each application id).
The call also creates one record in aspnet_membership table (application id, userid, password etc). the Applicatin id and user id are from the record corresponding to the membership provider's application name, i.e., "/MyAppNameHere".
When you create a user role using call such as Roles.AddUserRole(), it will create a record in aspnet_UsersInRoles that uses the user id corresponding to the application id of role manager provider.
I couldn't find official document but http://weblogs.asp.net/gurusarkar/archive/2010/01/09/asp-net-mebership-creates-two-users-in-aspnet-users-table.aspx has some explanation. This diagram helps understand the table relationships.
You're most likely adding a user with a role, without having the out-of-box RoleProvider properly configured.
If you don't specify an ApplicationName in the roleManager section of the web.config it will create another user with the default application name "/" when you try and create a user.
<system.web>
<roleManager enabled="true">
<providers>
<clear/>
<add name="AspNetSqlRoleProvider"
connectionStringName="[ConnectionStringName]"
applicationName="[ApplicationName]"
type="System.Web.Security.SqlRoleProvider" />
</providers>
</roleManager>
</system.web>
Until asawyer posts an answer with his comments, I will just mark an answer myself.
Looks like the multiple records tie application specific users together. There is a general record created, and an application related record created, presumably to provide continuity between applications.
I am working on an ASP.NET 4.0 C# project. The CreateUserWizard is working fine, but the login controls I built are always showing this message:
Your login attempt was not successful. Please try again.
This started happening after I changed the membership and connection string settings in machine.config to experiment, which I changed to default later i.e.:
Here's the connection string settings:
<connectionStrings>
<add name="LocalSqlServer" connectionString="data source=.\SQLEXPRESS;Integrated Security=SSPI;AttachDBFilename=|DataDirectory|aspnetdb.mdf;User Instance=true" providerName="System.Data.SqlClient"/>
</connectionStrings>
And here is the membership section:
<membership>
<providers>
<add name="AspNetSqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider, System.Web, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" connectionStringName="LocalSqlServer" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="true" applicationName="/" requiresUniqueEmail="false" passwordFormat="Hashed" maxInvalidPasswordAttempts="5" minRequiredPasswordLength="7" minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10" passwordStrengthRegularExpression=""/>
</providers>
</membership>
Also, I have changed my default database to store my websites data to login controls default data i.e. ASPNEDB.mdf by writing two lines in every code behind of page
SqlConnection con = new SqlConnection("data source=.\\SQLEXPRESS;Integrated Security=SSPI;AttachDBFilename=|DataDirectory|aspnetdb.mdf;User Instance=true");
SqlCommand cmd = new SqlCommand();
Even when I finish CreateUserWizard1 successfully and redirect to my homepage.aspx, where I have used default label of asp.net LoginName, the label is showing blank.
And if I manually put Label1 and type Label1.Text = HttpContext.Current.User.Identity.Name;, its still not working.
Will you please help me. I have to show this project to my college and not only that but my team will fail due to my EXPERIMENT.
There are several potential issues here:
You changed the machinekey in the web.config. If so, change it back. If you can't change it back then delete all the users in your table and recreate them. You're using a one way hash algorithm that requires the machinekey to hash the entered password for comparison.
You made changes to the connection string. Are you sure the database even has those user records in it? Next, did you happen to delete / recreate the database? If so those users are gone. See #1.
More to the point it's obvious you haven't put everything back like it was.
So, why are you getting login failed? Potential options are:
The database being accessed isn't the one you think it is.
The user truly doesn't exist in the database its looking at.
The user does exist but the password you are providing isn't the correct one.
The user exists and the password is correct, but the machinekey has changed and therefore the system can't hash it correctly.
Basically it's probably time to start over by clearing out your database and adding users into it again.
We use the ASP.NET profile subsystem to associate key-value pairs of information with users.
I am implementing functionality for the deletion of users.
I have been using the ProfileManager.DeleteProfile(string userName) method, but I have noticed that this leaves a row in the aspnet_Users table in the aspnetdb database we use to store the profile information.
Clearly, I could manipulate the database directly, but I am reluctant to do so.
What is the best way to ensure all information assocaited with a user is deleted from the aspnetdb?
PS: there is a tantalising Membership.DeleteUser(string userName, bool deleteEverything) method, but this returns a database connection error. A web.config issue?
Add a membership section to web.config, linked to a connection string containing valid credentials (here: "SqlServices"):
<membership defaultProvider="SqlProvider" userIsOnlineTimeWindow="20">
<providers>
<remove name="AspNetSqlProvider" />
<add name="SqlProvider"
type="System.Web.Security.SqlMembershipProvider"
connectionStringName="SqlServices"
enablePasswordRetrieval="false"
enablePasswordReset="true"
requiresQuestionAndAnswer="true"
passwordFormat="Hashed"
applicationName="/" />
</providers>
</membership>
Ensure the aspnet_SchemaVersions table in the aspnetdb database contains the row:
membership 1 true
You may then use the membership api (Membership.DeleteUser).