i am facing a wierd problem
i use visual studio 2010, SQL express 2008 on win server 2008
after running the wizard of security (created single user, set permissions like deny anonymous and allow the created user) and pressing F5 --> the site works just fine.
when i move the folder to IIS 7 and "convert to application" the login page appears but it wont accept the password i provided.
i was told that only Stackoverflow geniuses will answer this question.
i am using .Net 4, manged pipleine mode --> inegrated
IIS settings:
Anonymous Auth. --> Enabled
Forms Auth. --> Enabled
ASP.Net Impersonation, Basic Auth, Digest Auth, Windows Auth--> Disabled
web.config
<configuration>
<connectionStrings>
<add name="ApplicationServices" connectionString="data source=.\SQLEXPRESS;Integrated Security=SSPI;AttachDBFilename=|DataDirectory|\aspnetdb.mdf;User Instance=true" providerName="System.Data.SqlClient"/>
</connectionStrings>
<system.web>
<authorization>
<deny users="?"/>
<allow users="statmaster"/>
</authorization>
<compilation debug="true" strict="false" explicit="true" targetFramework="4.0"/>
<authentication mode="Forms">
<forms loginUrl="~/Account/Login.aspx" timeout="2880"/>
</authentication>
<membership>
<providers>
<clear/>
<add name="AspNetSqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider" connectionStringName="ApplicationServices" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" requiresUniqueEmail="false" maxInvalidPasswordAttempts="5" minRequiredPasswordLength="6" minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10" applicationName="/"/>
</providers>
</membership>
<profile>
<providers>
<clear/>
<add name="AspNetSqlProfileProvider" type="System.Web.Profile.SqlProfileProvider" connectionStringName="ApplicationServices" applicationName="/"/>
</providers>
</profile>
<roleManager enabled="false">
<providers>
<clear/>
<add name="AspNetSqlRoleProvider" type="System.Web.Security.SqlRoleProvider" connectionStringName="ApplicationServices" applicationName="/"/>
<add name="AspNetWindowsTokenRoleProvider" type="System.Web.Security.WindowsTokenRoleProvider" applicationName="/"/>
</providers>
</roleManager>
</system.web>
<system.webServer>
<modules runAllManagedModulesForAllRequests="true"/>
</system.webServer>
</configuration>
the username exists in aspnet_Users table and the username "encrypted" in aspnet_Membership table
Read the article
Always set the "applicationName" property when configuring ASP.NET 2.0 Membership and other Providers
try creating a new website and put the application component in the root in case web.config application name = "/"
i hope this will solve it
<membership>
<providers>
<clear/>
<add name="AspNetSqlMembershipProvider"
type="System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
connectionStringName="LocalSqlServer"
enablePasswordRetrieval="false"
enablePasswordReset="true"
requiresQuestionAndAnswer="true"
requiresUniqueEmail="false"
passwordFormat="Hashed"
maxInvalidPasswordAttempts="5"
minRequiredPasswordLength="7"
minRequiredNonalphanumericCharacters="1"
passwordAttemptWindow="10"
passwordStrengthRegularExpression=""
applicationName="/"
/>
</providers>
</membership>
http://weblogs.asp.net/scottgu/archive/2006/04/22/Always-set-the-_2200_applicationName_2200_-property-when-configuring-ASP.NET-2.0-Membership-and-other-Providers.aspx
Related
I have an error in my index page and my hosting support tell me that the "web config" file has a problem
http://schoolearn.ir/pay
this is my website
<?xml version="1.0"?>
<!--
For more information on how to configure your ASP.NET application, please visit
http://go.microsoft.com/fwlink/?LinkId=169433
-->
<configuration>
<connectionStrings>
<add name="ApplicationServices"
connectionString="data source=.\SQLEXPRESS;Integrated Security=SSPI;AttachDBFilename=|DataDirectory|\aspnetdb.mdf;User Instance=true"
providerName="System.Data.SqlClient" />
</connectionStrings>
<system.web>
<compilation debug="true" strict="false" explicit="true" targetFramework="4.0" />
<authentication mode="Forms">
<forms loginUrl="~/Account/Login.aspx" timeout="2880" />
</authentication>
<membership>
<providers>
<clear/>
<add name="AspNetSqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider" connectionStringName="ApplicationServices"
enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" requiresUniqueEmail="false"
maxInvalidPasswordAttempts="5" minRequiredPasswordLength="6" minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10"
applicationName="/" />
</providers>
</membership>
<profile>
<providers>
<clear/>
<add name="AspNetSqlProfileProvider" type="System.Web.Profile.SqlProfileProvider" connectionStringName="ApplicationServices" applicationName="/"/>
</providers>
</profile>
<roleManager enabled="false">
<providers>
<clear/>
<add name="AspNetSqlRoleProvider" type="System.Web.Security.SqlRoleProvider" connectionStringName="ApplicationServices" applicationName="/" />
<add name="AspNetWindowsTokenRoleProvider" type="System.Web.Security.WindowsTokenRoleProvider" applicationName="/" />
</providers>
</roleManager>
</system.web>
<system.webServer>
<modules runAllManagedModulesForAllRequests="true"/>
</system.webServer>
</configuration>
I have no database and my pages are static but i need to implement my website using asp.net
As error says: This error can be caused by a virtual directory not being configured as an application in IIS, so in the IIS you should convert the pay directory to a application or move the files to the root of the host (instead of the pay directory) and try again.
I upload my project to IIS ,I used my custome sqlmembership provider.and createed roles and users ,but when I tring to edit/delete/update data ,It tell me "u dont have a permission to do that" but inside the roles already define it can do that.
Plus I am using VS ASP.NET configuration tool,to add user and roles but when click the test button onAspNetSqlRoleProvider ,it tell me not found database.It works fine with VS build-in server but I upload the IIs ,it give error.
here is the a part of web.config
<system.web>
<roleManager enabled="true" />
<customErrors mode="RemoteOnly" defaultRedirect="~/Admin/Hata.aspx" />
<authentication mode="Forms">
<forms cookieless="AutoDetect" loginUrl="~/Login.aspx" />
</authentication>
<membership defaultProvider="MySqlMembershipProvider">
<providers>
<clear/>
<!--Add a customized SqlMembershipProvider -->
<add name="MySqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider"
connectionStringName="OSProjeConnectionString" enablePasswordRetrieval="false"
enablePasswordReset="true" requiresQuestionAndAnswer="false" requiresUniqueEmail="false"
passwordFormat="Hashed" maxInvalidPasswordAttempts="15" minRequiredPasswordLength="5"
minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10"
passwordStrengthRegularExpression="">
</providers>
</membership>
<connectionStrings>
<add name="OSProjeConnectionString" connectionString="Data Source=.\SQLEXPRESS;Initial Catalog=OSProje;Integrated Security=SSPI; User ID=sa;Password=password;" />
</connectionStrings>
..............
...................
edıt :
I fix the problem adding this lines
<roleManager defaultProvider="roleProvider">
<providers>
<add connectionStringName="OSProjeConnectionString"
name="roleProvider"
type="System.Web.Security.SqlRoleProvider" />
</providers>
</roleManager>
Here is the line which is creating problem.
But you have not specified the DefaultProvider, so it takes AspNetSqlRoleProvider as the provider. Now you have to check the settings of AspNetSqlRoleProvider. Or you can add the following code:
<roleManager
enabled="false"
cacheRolesInCookie="false"
cookieName=".ASPXROLES"
cookieTimeout="30"
cookiePath="/"
cookieRequireSSL="false"
cookieSlidingExpiration="true"
cookieProtection="All"
defaultProvider="AspNetSqlRoleProvider"
createPersistentCookie="false"
maxCachedResults="25">
<providers>
<clear />
<add
connectionStringName="LocalSqlServer"
applicationName="/"
name="AspNetSqlRoleProvider"
type="System.Web.Security.SqlRoleProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
<add
applicationName="/"
name="AspNetWindowsTokenRoleProvider"
type="System.Web.Security.WindowsTokenRoleProvider, System.Web, Version=2.0.0.0,
Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
</providers>
</roleManager>
With some modifications.
Regarding App_Data folder, its automatically created for the application related data. For more details read this
Error while deploying Asp.Net application to IIs server.
HTTP Error 500.19 - Internal Server Error
This configuration section cannot be used at this path. This happens when the section is locked at a parent level. Locking is either by default (overrideModeDefault="Deny"), or set explicitly by a location tag with overrideMode="Deny" or the legacy allowOverride="false".
<authentication mode="Forms">
<forms loginUrl="~/Account/Login.aspx" timeout="2880" />
</authentication>
<membership>
<providers>
<clear/>
<add name="AspNetSqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider" connectionStringName="ApplicationServices"
enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" requiresUniqueEmail="false"
maxInvalidPasswordAttempts="5" minRequiredPasswordLength="6" minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10"
applicationName="/" />
</providers>
</membership>
<profile>
<providers>
<clear/>
<add name="AspNetSqlProfileProvider" type="System.Web.Profile.SqlProfileProvider" connectionStringName="ApplicationServices" applicationName="/"/>
</providers>
</profile>
<roleManager enabled="false">
<providers>
<clear/>
<add name="AspNetSqlRoleProvider" type="System.Web.Security.SqlRoleProvider" connectionStringName="ApplicationServices" applicationName="/" />
<add name="AspNetWindowsTokenRoleProvider" type="System.Web.Security.WindowsTokenRoleProvider" applicationName="/" />
</providers>
</roleManager>
I am new to ASP.Net.
Help me how to solve this problem.
Thank you in advance.
The solution was to make a change in the applicationHost.config file.
Browse to “C:\Windows\System32\inetsrv\config” (you will need
administrator rights here)
Open applicationHost.config
Find the section that showed up in the “config source” part of the
error message page. For me this has typically been “modules” or
“handlers”
Change the overrideModeDefault attribute to be “Allow”
So the whole line now looks like:
After saving the file, the page loaded up fine in my browser.
For more info: http://blog.thinkoriginally.com/2010/02/17/asp-net-config-error-this-configuration-section-cannot-be-used-at-this-path/
I'm trying to allow users to login with either forms authentication or their AD account but having some problems. I'm logged into an AD accountno,w but Page.User.Identity.Name is blank. I have this in my web.config:
<connectionStrings>
<add name="ADConnectionString" connectionString="LDAP://full.domain.address:389/DC=mydomain,DC=blah,DC=uk"/>
<add name="myapp" connectionString="Data Source=myserver;Initial Catalog=myapp;User ID=myapp;Password=myapp" providerName="System.Data.SqlClient"/>
</connectionStrings>
<system.web>
<authentication mode="Forms">
<forms loginUrl="~/Account/Login.aspx" timeout="129600" name="CookieMonster" protection="All" slidingExpiration="true" cookieless="UseCookies"/>
</authentication>
<membership defaultProvider="ADMembershipProvider">
<providers>
<clear/>
<add name="AspNetSqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider"
connectionStringName="myapp" enablePasswordRetrieval="false" enablePasswordReset="true"
requiresQuestionAndAnswer="false" requiresUniqueEmail="false"
maxInvalidPasswordAttempts="5" minRequiredPasswordLength="6" minRequiredNonalphanumericCharacters="0"
passwordAttemptWindow="10" applicationName="/"/>
<add name="ADMembershipProvider" type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
connectionStringName="ADConnectionString"/>
</providers>
</membership>
<profile>
<providers>
<clear/>
<add name="AspNetSqlProfileProvider" type="System.Web.Profile.SqlProfileProvider" connectionStringName="myapp" applicationName="/"/>
</providers>
</profile>
Do I need to do something else to get this to work? I've tried logging in with my domain account and domain\myaccount to no avail.
When I try var u = Membership.GetUser("mydomain\\myuser"); I get an error: Usernames must not contain '\' when mapped to 'userPrincipalName'.
AD userPrincipalName might be something like user#full.domain.address. Try using the sAMAccountName value for the attributeMapUsername:
<add name="ADMembershipProvider"
type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
connectionStringName="ADConnectionString"
attributeMapUsername="sAMAccountName"/>
If you are unable to connect, you may need to add connectionUsername and connectionUserPassword attributes (check the MSDN documentation).
"sAMAccountName" does not include the domain. To resolve your problem, simply remove the domain qualifying form your username:
Instead of var u = Membership.GetUser("mydomain\\myuser");
use var u = Membership.GetUser("myuser");
This is because you specified the domain in the connection string, implicitly by connecting to a particular active directory.
I develop some site, that uses authentication ticket from API of other service.
I have method GetSessionTicket() from API. And now question:
can i do asp.net authentication thats depends only from cookie?
Now i remove all section about Membership provider at web.config:
<add name="ApplicationServices"
connectionString="data source=.\SQLEXPRESS;Integrated Security=SSPI;AttachDBFilename=|DataDirectory|aspnetdb.mdf;User Instance=true"
providerName="System.Data.SqlClient" />
<membership>
<providers>
<clear/>
<add name="AspNetSqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider" connectionStringName="ApplicationServices"
enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" requiresUniqueEmail="false"
maxInvalidPasswordAttempts="5" minRequiredPasswordLength="6" minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10"
applicationName="/" />
</providers>
</membership>
<profile>
<providers>
<clear/>
<add name="AspNetSqlProfileProvider" type="System.Web.Profile.SqlProfileProvider" connectionStringName="ApplicationServices" applicationName="/" />
</providers>
</profile>-->
<roleManager enabled="false">
<providers>
<clear/>
<add name="AspNetSqlRoleProvider" type="System.Web.Security.SqlRoleProvider" connectionStringName="ApplicationServices" applicationName="/" />
<add name="AspNetWindowsTokenRoleProvider" type="System.Web.Security.WindowsTokenRoleProvider" applicationName="/" />
</providers>
</roleManager>
and left this:
<authentication mode="Forms">
<forms loginUrl="~/Account/LogOn" timeout="2880" />
</authentication>
LogOn logic looks like:
var ticket = SecurityService.GetSessionTicket(model.UserName, model.Password);
FormsAuthentication.SetAuthCookie(ticket.SessionUserId.ToString(), true);
Is it ok? Now my ASP.NET authorization based only on cookie and does not require sql server or aspnetdb.mdf, yes?
Yes it is fine to do this, what you are essentially doing is implementing Forms authentication, without the membership database. You are not required to use a membership datbase to achieve authentication, and setting the cookies in code is fine.