how can I add default users in my web.config to test my asp: login control
Thanx
I was wrong wrong wrong in my initial answer. You can set default users in Web.config if you do some simple authentication by yourself, but it doesn't seem to work when you are using the Login control.
I did some research, and it seems that, if you use the Login control, you can't set default users in Web.config and you have no way but setting a provider (as in a database) to store users credentials.
You can follow this tutorial from MSDN to configure what database to use:
Configuring an ASP.NET Application to Use Membership
The Web.config stuff:
<configuration>
<connectionStrings>
<add name="MySqlConnection" connectionString="Data
Source=MySqlServer;Initial Catalog=aspnetdb;Integrated
Security=SSPI;" />
</connectionStrings>
<system.web>
<authentication mode="Forms" >
<forms loginUrl="login.aspx"
name=".ASPXFORMSAUTH" />
</authentication>
<authorization>
<deny users="?" />
</authorization>
<membership defaultProvider="SqlProvider" userIsOnlineTimeWindow="15">
<providers>
<clear />
<add
name="SqlProvider"
type="System.Web.Security.SqlMembershipProvider"
connectionStringName="MySqlConnection"
applicationName="MyApplication"
enablePasswordRetrieval="false"
enablePasswordReset="true"
requiresQuestionAndAnswer="true"
requiresUniqueEmail="true"
passwordFormat="Hashed" />
</providers>
</membership>
</system.web>
</configuration>
Related
I have maintained aspnetdb.mdf on a sqlserver instance which I am using in my ASP.net web site application for roles and memberships.
Problem is that when I add roles using ASP.net web site configuration tool these roles are not getting populated in my aspnet_Roles table in aspnetdb.
On the other hand Users and application settings are nicely getting inserted into tables aspnet_Users and aspnet_Applications table respectively?
I know there is something wrong in my web.config file but do not know what?
web.config
<configuration>
<appSettings>
<add key="ValidationSettings:UnobtrusiveValidationMode" value="None" />
</appSettings>
<connectionStrings>
<add name="SqlSequrityConnectionString"
connectionString="Data Source=NASEER\SQLEXPRESS;Initial Catalog=aspnetdb;Integrated Security=True"
providerName="System.Data.SqlClient" />
</connectionStrings>
<system.web>
<authorization>
<allow users="56013" />
</authorization>
<authentication mode="Forms" />
<roleManager enabled="true" />
<compilation debug="true" targetFramework="4.5.1" />
<httpRuntime targetFramework="4.5.1" />
<membership defaultProvider="SecurityTutorialsSqlMembershipProvider">
<providers>
<!-- Add a customized SqlMembershipProvider -->
<clear/>
<add name="SecurityTutorialsSqlMembershipProvider"
type="System.Web.Security.SqlMembershipProvider"
connectionStringName="SqlSequrityConnectionString"
enablePasswordRetrieval="false"
enablePasswordReset="true"
requiresQuestionAndAnswer="true"
applicationName="SecurityTutorials"
requiresUniqueEmail="true"
passwordFormat="Hashed"
maxInvalidPasswordAttempts="5"
minRequiredPasswordLength="7"
minRequiredNonalphanumericCharacters="1"
passwordAttemptWindow="10"
passwordStrengthRegularExpression=""/>
</providers>
</membership>
</system.web>
</configuration>
By adding following code I got it working........!
<roleManager enabled="true" defaultProvider="SqlRoleManager">
<providers>
<add name="SqlRoleManager"
type="System.Web.Security.SqlRoleProvider"
connectionStringName="SqlSequrityConnectionString"
applicationName="MyApplication" />
</providers>
</roleManager>
I'm trying to develop an ASP.NET website which has registration and login functions. To do this, I'm using Membership by following this guide:
http://msdn.microsoft.com/en-us/library/ff648345.aspx
I've run Aspnet_regsql.exe and set up the database, and also changed by Web.config file to reflect this:
<connectionStrings>
<add name="MsSqlConnection" connectionString="Data Source=fostvm;Initial Catalog=db_74;User ID=user74;password=mypassword;Integrated Security=SSPI;" />
</connectionStrings>
<authentication mode="Forms">
<forms loginUrl="Account/Login.aspx"
protection="All"
timeout="30"
name="AppNameCookie"
path="/FormsAuth"
requireSSL="false"
slidingExpiration="true"
defaultUrl="default.aspx"
cookieless="UseCookies"
enableCrossAppRedirects="false" />
</authentication>
<authorization>
<deny users="?" />
<allow users="*" />
</authorization>
<membership defaultProvider="SqlProvider" userIsOnlineTimeWindow="15">
<providers>
<clear />
<add
name="SqlProvider"
type="System.Web.Security.SqlMembershipProvider"
connectionStringName="MsSqlConnection"
applicationName="WebSite10"
enablePasswordRetrieval="false"
enablePasswordReset="true"
requiresQuestionAndAnswer="true"
requiresUniqueEmail="true"
passwordFormat="Hashed" />
</providers>
</membership>
I don't get any errors while loading the log in or registration page, but when I try to log in with dummy account data I get this error thrown:
Login failed. The login is from an untrusted domain and cannot be used with Windows authentication.
I've Googled it and found loads of threads from different forums and blogs but no solutions have worked.
Is there any glaring error in my config that I've missed?
Thanks.
My guess would be, that in your connection string you have.
Data Source=fostvm;Initial Catalog=db_74;User ID=user74;password=mypassword;Integrated Security=SSPI;
And can someone correct me, that when you have Integrated Security=SSPI specified, the User ID and password are ignored and windows authentication will be used? In this case most likly it would be Application Pool account, or maybe even IUSR_Account, for anonymous access, which may not have permissions to your database.
So to sum it up - try to remove the Integrated Security=SSPI from connection string, or replace it with Integrated Security=false
I have a asp.net web application with three webforms say SecuredWebForm.aspx,UnSecuredWebForm.aspx and LoginForm.aspx.
i want SecuredWebForm.aspx to be accessed only when user log in using LoginForm.aspx.
and for UnSecuredWebForm.aspx,there is no need to log in.
How do i achieve it?
Thanks in advance.
Here's a guide for it: http://www.codeproject.com/Articles/13872/Form-authentication-and-authorization-in-ASP-NET
Another guide how to do it:
http://support.microsoft.com/kb/301240/EN-US
http://support.microsoft.com/kb/316871
You can use this - based on location attribute
<configuration>
<location path="SecuredWebForm.aspx">
<system.web>
<authorization>
<allow users="..."/>
</authorization>
</system.web>
</location>
</configuration>
Nota : you adjust value of users
Link : http://msdn.microsoft.com/en-us/library/b6x6shw7%28v=vs.71%29.aspx
If you have security architecture , you can use IsAuthenticated property
Link : http://msdn.microsoft.com/en-us/library/system.web.httprequest.isauthenticated.aspx
if (HttpContext.Current.User.Identity.IsAuthenticated)
{
}
It would be good to use Membership class for this purpose. If you don`t have specific requirement.
If you have created the NewProject with WebApplication, then VisualStudio might have setup the all concern configuration for you in web.config something like following:
Edit web.config by adding <authorization...>...</authorization> elements. It will prevent anonymous user by accessing authorize contents.
<configuration>
<connectionStrings>
<add name="ApplicationServices" connectionString="ConnectionStringData" providerName="System.Data.SqlClient" />
</connectionStrings>
<system.web>
<authentication mode="Forms">
<forms loginUrl="~/Account/Login.aspx" timeout="2880" />
</authentication>
<authorization>
<deny users="?"/>
</authorization>
<membership>
<providers>
<clear/>
<add name="AspNetSqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider" connectionStringName="ApplicationServices"
enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" requiresUniqueEmail="false"
maxInvalidPasswordAttempts="5" minRequiredPasswordLength="6" minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10"
applicationName="/" />
</providers>
</membership>
...
...
</system.web>
...
...
</configuration>
You may also need to secure the webform from anonymous users, then you may write following:
protected void Page_Load(object sender, EventArgs e)
{
if (!User.Identity.IsAuthenticated)
Response.Redirect("Login.aspx");
// Todo add code here.
}
hello i found an error when i am working with the asp.net web administration tool security tab....and i am using the sqlProvider as the default provider.
There is a problem with your selected data store. This can be caused by an invalid server name or credentials, or by insufficient permission. It can also be caused by the role manager feature not being enabled. Click the button below to be redirected to a page where you can choose a new data store.
The following message may help in diagnosing the problem: An error occurred while attempting to initialize a System.Data.SqlClient.SqlConnection object. The value that was provided for the connection string may be wrong, or it may contain an invalid syntax. Parameter name: connectionString
Do you have a <connectionStrings /> element in your web.config file? You need this to be able to connect to your MembershipProvider and RoleProvider.
Here are the necessary elements you'll need to utilize the SqlMembershipProvider and the SqlRoleProvider.
Notice that there are the following sections:
<connectionStrings />
<membership /> (in the <system.web /> section)
<roleManager /> (in the <system.web /> section)
web.config
<configuration>
<connectionStrings>
<add name="YourConnectionString"
providerName="System.Data.SqlClient"
connectionString="data source=YOURSERVER;
initial catalog=YOURDB;user id=YOURINSTANCELOGIN;password=YOURPASSWORD;"/>
</connectionStrings>
<system.web>
<membership defaultProvider="AspNetSqlMembershipProvider" userIsOnlineTimeWindow="15">
<providers>
<clear/>
<add name="AspNetSqlMembershipProvider"
type="System.Web.Security.SqlMembershipProvider"
connectionStringName="YourConnectionString"
applicationName="YourApplicationName"/>
</providers>
</membership>
<roleManager
enabled="true"
defaultProvider="AspNetSqlRoleProvider">
<providers>
<clear />
<add
connectionStringName="YourConnectionString"
applicationName="YourApplicationName"
name="AspNetSqlRoleProvider"
type="System.Web.Security.SqlRoleProvider" />
</providers>
</roleManager>
<authentication mode="Forms">
<forms loginUrl="~/Account/LogOn" timeout="2880" />
</authentication>
</system.web>
</configuration>
I am trying to use the default ASPNetWindowsToken provider to authorize users in an application that I am using Windows impersonation to log users in. If I add a IsInRole to the code behind the page in the page load, I can see the user is in the proper roles, but when I add the authorization to the web.config, I am getting 401 unauthorized errors. Not sure if I am missing something or not, but any help you can give would be appreciated. Below is my web.config.
<system.web>
<compilation debug="true" targetFramework="4.0" />
<customErrors mode="Off" defaultRedirect="Error.aspx" redirectMode="ResponseRewrite" />
<profile>
<providers>
<clear />
<add name="AspNetSqlProfileProvider" type="System.Web.Profile.SqlProfileProvider" connectionStringName="ApplicationServices" applicationName="/" />
</providers>
</profile>
<authentication mode="Windows" />
<roleManager enabled="true" defaultProvider="AspNetWindowsTokenRoleProvider" />
<authorization>
<deny users="?" />
<allow roles="DOMAIN\Group" />
</authorization>
</system.web>