plz help with one issue.
I have Membership configured with IIS7, tables for it located in my own database, created with aspnet_regsql utility, and I am using custom connection string to access it.
This is part of web.config related to Membership :
<connectionStrings>
<add connectionString="Server=CORESERVER\SQLExpress;Database=Shop;User ID=Tema;Password=Matrix" name="CustomSqlConnection" />
</connectionStrings>
<profile enabled="true">
<providers>
<add name="CustomSqlProfileProvider" type="System.Web.Profile.SqlProfileProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" connectionStringName="CustomSqlConnection" />
</providers>
</profile>
<roleManager defaultProvider="AspNetSqlRoleProvider" enabled="true">
<providers>
<add name="CustomSqlRoleProvider" type="System.Web.Security.SqlRoleProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" connectionStringName="CustomSqlConnection" />
</providers>
</roleManager>
<membership defaultProvider="CustomSqlMemberProvider">
<providers>
<add name="CustomSqlMemberProvider" type="System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" connectionStringName="CustomSqlConnection" enablePasswordReset="true" enablePasswordRetrieval="false" passwordFormat="Hashed" requiresQuestionAndAnswer="true" requiresUniqueEmail="true" applicationName="/" maxInvalidPasswordAttempts="10" minRequiredPasswordLength="6" minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10" passwordStrengthRegularExpression="" />
</providers>
</membership>
<authentication mode="Forms">
<forms cookieless="UseCookies" loginUrl="login.aspx" name="WebShopAuthentication" protection="All" timeout="30" path="/" requireSSL="false" defaultUrl="~/admin/default.aspx" />
</authentication>
<authorization>
<allow users="*" />
</authorization>
And ... Forms authorization, getting user and his membership info is OK.
But ... getting roles is always FALSE.
MembershipUser userData = Membership.GetUser(HttpContext.Current.User.Identity.Name); // OK !!! IT IS GREAT :)
var a = new RolePrincipal(HttpContext.Current.User.Identity);
var aa = a.getRoles(); // {string[0]} - EMPTY!!!
var b = Roles.IsUserInRole("Administrator", "Administrator"); // FALSE!!!
var c = Roles.Providers["CustomSqlRoleProvider"].GetAllRoles(); // {string[0]} - EMPTY!!!
var d = Roles.IsUserInRole(HttpContext.Current.User.Identity.Name, "Administrator"); // FALSE!!!
var e = HttpContext.Current.User.IsInRole("Administrator"); // FALSE !!!
WHYYYY???
What am i doing wrong???
Just to refine ... authorization works fine and uses roles correctly. Another part of my web.config :
<location path="Admin">
<system.web>
<pages styleSheetTheme="Admin" theme="Admin">
</pages>
<authorization>
<deny users="?" />
<allow roles="Administrator" />
</authorization>
</system.web>
<appSettings>
<add key="ThemeName" value="Admin" />
</appSettings>
</location>
And then in code is used :
Membership.ValidateUser(userName.Text, userPassword.Text) // AND IT WORKS - USER IS LOGGED IN
The answer is that i didn't add applicationName parameter to web.config correctly - after adding i should restart IIS and if needed recreate roles.
This is final version of web.config :
<roleManager defaultProvider="CustomSqlRoleProvider" enabled="true">
<providers>
<add name="CustomSqlRoleProvider" type="System.Web.Security.SqlRoleProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" connectionStringName="CustomSqlConnection" applicationName="/" />
</providers>
</roleManager>
Related
Hi i just started to use telerik components.
i use radgrid in aspx page and it has datasourceid:
<asp:SqlDataSource ID="SqlDataSource1" ConnectionString="<%$
ConnectionStrings:F8CONNECTION %>"
ProviderName="Devart.Data.Oracle" SelectCommand="SELECT DISTINCT TANIM
FROM f8crm_proje_qry" runat="server"></asp:SqlDataSource>
When i publish to server i got an error:
My web.config:
<configuration>
<connectionStrings>
<add name="F8CONNECTION" connectionString="Data Source=(DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=hostanme)(PORT=1111))(CONNECT_DATA=(SERVICE_NAME=db)));User Id=user;Password=pass" providerName="ORACLE" />
</connectionStrings>
<system.webServer>
<validation validateIntegratedModeConfiguration="false" />
<handlers>
<add name="Telerik_Web_UI_WebResource_axd" verb="*" preCondition="integratedMode" path="Telerik.Web.UI.WebResource.axd" type="Telerik.Web.UI.WebResource" />
</handlers>
</system.webServer>
<system.web>
<customErrors mode="Off" />
<compilation targetFramework="4.0" debug="true">
<assemblies>
<add assembly="System.Design, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A" />
<add assembly="System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" />
<add assembly="System.Management, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A" />
<add assembly="PresentationCore, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
<add assembly="System.Speech, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
</assemblies>
</compilation>
<httpRuntime requestValidationMode="2.0" />
<pages validateRequest="false" />
<authentication mode="Forms">
<forms loginUrl="~/Login.aspx" timeout="2880" />
</authentication>
<authorization>
<allow users="*" />
</authorization>
<membership>
<providers>
<clear />
<add name="AspNetSqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider" connectionStringName="ApplicationServices" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" requiresUniqueEmail="false" maxInvalidPasswordAttempts="5" minRequiredPasswordLength="6" minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10" applicationName="/" />
</providers>
</membership>
<profile>
<providers>
<clear />
<add name="AspNetSqlProfileProvider" type="System.Web.Profile.SqlProfileProvider" connectionStringName="ApplicationServices" applicationName="/" />
</providers
Taken from https://msdn.microsoft.com/en-us/library/92ceczx1(v=vs.85).aspx
System.Data.OracleClient managed provider requires Oracle client software version 8.1.7 or higher to be installed on the computer where the ASP.NET Web page runs.
Probably the server does not have the Oracle client installed, but your dev box has it.
I have a website folder on my local machine. I have already used aspnet_regsql.exe on the SQL Server hosted on windows server. I have to deploy this website to a different server (on IIS).
When i user visual studio on my local machine to create roles, so that I can deploy it afterwards. But I am getting the below error,
Line 44: public static bool ValidLogin(string username, string password)
Line 45: {
Line 46: return Membership.ValidateUser(username, password);
Line 47: }
Line 48:
My connection string is:
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<connectionStrings>
<add name="UBCATDB" connectionString="Data Source=\sqlexpress;Initial Catalog=UB_CAT;" providerName="System.Data.SqlClient" />
<add name="UBCATEntities" connectionString="metadata=res://*/App_Code.UBCATDB.csdl|res://*/App_Code.UBCATDB.ssdl|res://*/App_Code.UBCATDB.msl;provider=System.Data.SqlClient;provider connection string="Data Source=\sqlexpress;Initial Catalog=UB_CAT;Persist Security Info=True;MultipleActiveResultSets=True" " providerName="System.Data.EntityClient" />
</connectionStrings>
<system.web>
<identity impersonate="true" />
<authorization>
<allow roles="Administrator" />
<allow users="ubcat" />
</authorization>
<customErrors mode="Off"></customErrors>
<authentication mode="Forms">
<forms name="UBCATSqlAuthCookie" loginUrl="~/Account/Login.aspx"
timeout="60" />
</authentication>
<sessionState timeout="60" />
<membership defaultProvider="UBCATSqlMembershipProvider" userIsOnlineTimeWindow="60">
<providers>
<clear />
<add name="UBCATSqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider" connectionStringName="UBCATDB" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" applicationName="UBCAT" requiresUniqueEmail="false" passwordFormat="Hashed" maxInvalidPasswordAttempts="5" minRequiredPasswordLength="7" minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10" />
</providers>
</membership>
<roleManager enabled="true" defaultProvider="UBCATSqlRoleProvider" cookieTimeout="60">
<providers>
<clear />
<add connectionStringName="UBCATDB" applicationName="UBCAT" name="UBCATSqlRoleProvider" type="System.Web.Security.SqlRoleProvider" />
</providers>
</roleManager>
<compilation debug="true" targetFramework="4.0">
<assemblies>
<add assembly="System.Security, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A" />
<add assembly="System.Data.Entity, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" />
<add assembly="System.Data.Entity.Design, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" />
</assemblies>
<buildProviders>
<add extension=".edmx" type="System.Data.Entity.Design.AspNet.EntityDesignerBuildProvider" />
</buildProviders>
</compilation>
</system.web>
</configuration>
I have a register page where the user is assigned to a role as follows once the user clicks on the submit button:
MembershipUser oMU;
if (!(Roles.RoleExists("Stream")))
{
Roles.CreateRole("Stream");
}
oMU = Membership.CreateUser(txtUserName.Text.Trim(), txtPassword.Text.Trim(), txtEmail.Text.Trim());
Membership.UpdateUser(oMU);
Roles.AddUserToRole(oMU.UserName, "Stream");
When the user goes to a login screen, I have the following:
When the user logs in, I need to make sure that they indeed are part of that role:
if (User.IsInRole("Stream"))
{
}
but it never goes into the User.IsInRole block. What do I need to do in order to have the user who registered be part of the Role such that it works with User.IsInRole.
Note that I have a folder as such so I need them to be part of the Streaming Role:
<?xml version="1.0"?>
<configuration>
<system.web>
<authorization>
<deny users="*" />
<allow roles="Stream" />
</authorization>
</system.web>
</configuration>
Move <allow roles="Stream" /> above <deny users="*" />. Otherwise, all users will be denied.
<configuration>
<system.web>
<authorization>
<allow roles="Stream" />
<deny users="*" />
</authorization>
</system.web>
</configuration>
Make sure to you have membership and RoleManager in web.config
Here is the sample -
<membership defaultProvider="DefaultMembershipProvider">
<providers>
<clear/>
<add name="DefaultMembershipProvider" type="System.Web.Providers.DefaultMembershipProvider, System.Web.Providers, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" connectionStringName="XXXXXSqlConnection" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" requiresUniqueEmail="false" maxInvalidPasswordAttempts="5" minRequiredPasswordLength="6" minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10" applicationName="XXXXX"/>
</providers>
</membership>
<roleManager enabled="true" cacheRolesInCookie="false" defaultProvider="DefaultRoleProvider">
<providers>
<clear/>
<add name="DefaultRoleProvider" type="System.Web.Providers.DefaultRoleProvider, System.Web.Providers, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" connectionStringName="XXXXXSqlConnection" applicationName="XXXXX"/>
</providers>
</roleManager>
Try using HttpContext to get current login user:
if (HttpContext.Current.User.IsInRole("Stream"))
{
}
I have a html landing page for my asp.net website however i cannot give it to display it always goes to the login.
What can i set in web.config to fix this?
I have tried
<authentication mode="Forms">
<forms defaultUrl="index.html" loginUrl="~/Account/Login.aspx" timeout="2880" />
</authentication>
<location path="index.html">
<system.web>
<authorization>
<allow users="?" />
</authorization>
</system.web>
<defaultDocument>
<files>
<clear />
<add value="index.html" />
</files>
</defaultDocument>
All with no luck. Please help
Thanks in advance
Here is my full web.config
<configuration>
<connectionStrings>
<!--<add name="ApplicationServices" connectionString="Data Source=.\sqlexpress;Initial Catalog=ArctixDb;Integrated Security=SSPI;"/>-->
<add name="ApplicationServices" connectionString="" />
<add name="ArctixDbEntities" connectionString="" />
</connectionStrings>
<system.web>
<customErrors mode="Off" />
<httpHandlers>
<add path="Reserved.ReportViewerWebControl.axd" verb="*" type="Microsoft.Reporting.WebForms.HttpHandler, Microsoft.ReportViewer.WebForms, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
validate="false" />
</httpHandlers>
<compilation debug="true" targetFramework="4.0">
<assemblies>
<add assembly="Microsoft.ReportViewer.WebForms, Version=10.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A" />
<add assembly="Microsoft.ReportViewer.Common, Version=10.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A" />
<add assembly="Microsoft.Build.Framework, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A" />
<add assembly="System.Management, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A" />
<add assembly="System.Design, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A" />
</assemblies>
<buildProviders>
<add extension=".rdlc" type="Microsoft.Reporting.RdlBuildProvider, Microsoft.ReportViewer.WebForms, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
</buildProviders>
</compilation>
<authentication mode="Forms">
<forms defaultUrl="index.html" loginUrl="~/Account/Login.aspx" timeout="2880" />
</authentication>
<membership>
<providers>
<clear/>
<add name="AspNetSqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider" connectionStringName="ApplicationServices" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" requiresUniqueEmail="false" maxInvalidPasswordAttempts="5" minRequiredPasswordLength="6" minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10" applicationName="/" />
</providers>
</membership>
<profile>
<providers>
<clear/>
<add name="AspNetSqlProfileProvider" type="System.Web.Profile.SqlProfileProvider" connectionStringName="ApplicationServices" applicationName="/" />
</providers>
</profile>
<roleManager enabled="false">
<providers>
<clear/>
<add name="AspNetSqlRoleProvider" type="System.Web.Security.SqlRoleProvider" connectionStringName="ApplicationServices" applicationName="/" />
<add name="AspNetWindowsTokenRoleProvider" type="System.Web.Security.WindowsTokenRoleProvider" applicationName="/" />
</providers>
</roleManager>
<authorization>
<deny users="?" />
</authorization>
</system.web>
<location allowOverride="true">
<appSettings>
<add key="SMTPServer" value="" />
<add key="SMTPServerPort" value="25" />
<add key="SMTPServerSSL" value="false" />
<add key="SMTPUsername" value="" />
<add key="SMTPPassword" value="" />
<add key="SystemEmailAddress" value="" />
<add key="SystemEmailAddressName" value="" />
</appSettings>
</location>
<location path="Styles">
<system.web>
<authorization>
<allow users="?" />
</authorization>
</system.web>
</location>
<location path="Account">
<system.web>
<authorization>
<allow users="?" />
</authorization>
</system.web>
</location>
<location path="images">
<system.web>
<authorization>
<allow users="?" />
</authorization>
</system.web>
</location>
<location path="index.html">
<system.web>
<authorization>
<allow users="*" />
</authorization>
</system.web>
</location>
<system.webServer>
<modules runAllManagedModulesForAllRequests="true" />
<defaultDocument>
<files>
<clear />
<add value="index.html" />
</files>
</defaultDocument>
<validation validateIntegratedModeConfiguration="false" />
<handlers>
<add name="ReportViewerWebControlHandler" preCondition="integratedMode" verb="*" path="Reserved.ReportViewerWebControl.axd" type="Microsoft.Reporting.WebForms.HttpHandler, Microsoft.ReportViewer.WebForms, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
</handlers>
</system.webServer>
</configuration>
I eventually just set my login page to the landing page
Can you structure your site as follows?
Allow the root directory / styles / etc to permit anonymous access
Add a 'secure' directory with its own web.config, specifying forms authentication
Anything outside 'secure' will be accessible.
Have next problem: i setup the custom session state server (store sessions in Mysql). But the session data not added to database (the default .net session table is empty), but the authorization works (!). If I change the coockieless option to true, the session data start to add to database (but i dont want to use coockieless=true).
Sometimes I think that the framework choose what to use: inproc or my custom store...
My Config:
<sessionState mode="Custom" cookieless="false" timeout="20" customProvider="MySqlSessionStateStore">
<providers>
<add name="MySqlSessionStateStore" type="MySql.Web.SessionState.MySqlSessionStateStore, MySql.Web, Version=6.3.6.0, Culture=neutral, PublicKeyToken=c5687fc88969c44d" applicationName="/" description="" connectionStringName="MySqlMembershipConnection" writeExceptionsToEventLog="False" autogenerateschema="True" />
</providers>
</sessionState>
<authentication mode="Forms">
<forms loginUrl="~/Account/LogOn" timeout="2880" />
</authentication>
<membership defaultProvider="MySqlMembershipProvider">
<providers>
<clear />
<add name="MySqlMembershipProvider" type="MySql.Web.Security.MySQLMembershipProvider, MySql.Web, Version=6.3.6.0, Culture=neutral, PublicKeyToken=c5687fc88969c44d" applicationName="/" description="MySQL default application" connectionStringName="MySqlMembershipConnection" writeExceptionsToEventLog="False" autogenerateschema="True" enablePasswordRetrieval="False" enablePasswordReset="True" requiresQuestionAndAnswer="False" requiresUniqueEmail="True" passwordFormat="Hashed" maxInvalidPasswordAttempts="5" minRequiredPasswordLength="6" minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10" passwordStrengthRegularExpression="" />
</providers>
</membership>
<profile defaultProvider="MySqlProfileProvider">
<providers>
<clear />
<add name="MySqlProfileProvider" type="MySql.Web.Profile.MySQLProfileProvider, MySql.Web, Version=6.3.6.0, Culture=neutral, PublicKeyToken=c5687fc88969c44d" applicationName="/" description="" connectionStringName="MySqlMembershipConnection" writeExceptionsToEventLog="False" autogenerateschema="True" />
</providers>
</profile>
<roleManager enabled="true" defaultProvider="MySqlRoleProvider">
<providers>
<clear />
<add name="MySqlRoleProvider" type="MySql.Web.Security.MySQLRoleProvider, MySql.Web, Version=6.3.6.0, Culture=neutral, PublicKeyToken=c5687fc88969c44d" applicationName="/" description="" connectionStringName="MySqlMembershipConnection" writeExceptionsToEventLog="False" autogenerateschema="True" />
</providers>
</roleManager>
<connectionStrings>
<add name="photostorageEntities" connectionString="metadata=res://*/Models.Photos.csdl|res://*/Models.Photos.ssdl|res://*/Models.Photos.msl;provider=MySql.Data.MySqlClient;provider connection string="server=ip;User Id=user;password=pass;Persist Security Info=True;database=photostorage; Charset=utf8"" providerName="System.Data.EntityClient" />
<add name="MySqlMembershipConnection" connectionString="Data Source=ip;userid=user;password=pass;database=photostorage;Charset=utf8" providerName="MySql.Data.MySqlClient" />
</connectionStrings>
Fixed using separated connection string for Sessions (I don't know why it's not working in other way)