I have added the SQL Role Provider and SQL Membership Provider to an existing application and set the authentication mode to Windows. I have created roles, but I cannot add users.
In the Security Tab of Web Site Administration Tool, I search for my user name and get the following:
No users found for this search.
It is my expectation that the tool would search AD for users. Am I supposed to add users to the aspnet_Users table manually? Or is there some key configuration element I'm supposed to set in the Web.config?
Here is an article by Scott Gu on how to do what you want.
Forms authentication should be used in order to add users through the WebSite Administration Tool. WHen using Windows authentication new users must be added by creating a new account in ActiveDirectory on the domain.
Related
I actually want to create/list/edit asp.net membership users from a page authenticating with Windows-Authentication, the website uses ASP.Net MVC4. This is the administration website for another website using the forms authentication with asp.net membership on an SQL database. So this should allow company users to administer external users.
I can't use Membership-API, because the actual context does not support the asp.net membership.
Using the stored procedures requires manually hashing the password etc and this is not recommended. Also inserting the users directly into the tables would have this problem.
So is there a working example for administering asp.net membership users from a windows forms authenticated website?
I just managed to solve this problem using a webservice to decouple Windows-Domain authentication from asp.net-Membership:
Windows Domain Website for administration uses Webservice
Webservice offers functionality to manage users of asp.net membership
Webservice access has to be restricted to local server (so only the Windows Domain website can use it) and allows anonymous access (or with a special account).
Webservice needs to be configured like an asp.net membership website and to use the same membership database like the "normal users Website"
I have an ASP.NET MVC3 web application. I use Windows Authentication. I need to achieve the following:
create an admin Role
add specific user to admin Role.
create a database table to map users to their role to allow the application to check access permissions
The third point is the most important point. How do I do that?
If you want to use the default Membership and Role Provider please refer to this msdn article on how creating an intranet application with asp.net mvc 3. But if you want to implement your own membership and role provider i recommend to use this library.
Just insert in the web.config the call to the membershipRoleProvider.
than for implementing the roles just call the AddRole, while to check if a user is in a role just call IsUserInRole.
You can find samples and documentation here and here
i'd like to create a Unique Web Site Administration Tool (UWSAT) to admin all users for all my websites on production server.
Basically the idea is to have the UWSAT with only an admin user; when the admin log the tool he could navigate the applications, select one and see its users . He could add new user to an existing application, or create a user specifying a new application name (as far as i know that create the application too).
The problem i'm facing is that to add a user to an application i have to set the Membership.ApplicationName but i read this should be avoided.
So i ask you : should i create a different MembershipProvider for each application and call it when i have to manage users for that application?
Thanks.
I recommend creating a role, and assigning it to the users. The role would be the application they should have access to.
The RoleProvider is one way to do this.
Hallo,
i have created a web site with Asp.Net by using Sql Membership Provider, sitemap and security trimming enabled.
Based on these i have set web.config files into directories for allowing or not the users access according to their roles.
After some time i removed the MembershipProvider and i creted by hand the "standard" login procedure which cretaed a ticket and a authentication cookie and sets the GenericPrincipal into the Application_AuthenticateRequest.
The problem after these changes is that althought the sitemap displays the right pages for each different user according to his roles, when i click on this page the system redirects me to the "default.aspx" page such as the user is not allowed to enter that page!
It is strange that the sitemap and security trimming is working BUT actually i cannot enter the pages!!!!!
You can add users and roles with IIS management tool. This way you can avoid any typing error.
If I am using Windows Authentication in an ASP.NET app, and I want to use custom roles instead of using Windows security groups as roles, do I need to write a custom Role provider? The solution needs to be able to map Windows users and groups to application specific roles.
If I understand your question - no you don't need to use roles from Active Directory security groups as roles for your ASP.NET application. And you dont need to implement a custom Role provider. The default one simply retrieves the Roles from the ASP.NET application database.
You can simply have application defined roles in this database, that you create with the aspnet_regsql.exe utility (in the .NET 2.0 framework folder).
Probably the greatest collections of resources/information on this topic:
http://weblogs.asp.net/scottgu/archive/2006/02/24/ASP.NET-2.0-Membership_2C00_-Roles_2C00_-Forms-Authentication_2C00_-and-Security-Resources-.aspx
Actually you CAN use the built in ASP.NET security configuration web site. You have to temporarily switch to Internet Mode, Then you can add users DOMAIN\username as username, enter some password (it won't be used once you switch back), you can then assign these to roles. Once you switch back to Windows mode these users will be used automatically.