I've got multiple membership providers in my web.config and in my login control,
I am going to use the provider based on a drop down list with the name of the provider.
Web.config:
<system.web>
<membership>
<providers>
<remove clear />
<add name="MyOwnProvider1" .... />
<add name="MyOwnProvider2" .... />
</providers>
</membership>
</system.web>
In Login.ascx.cs:
I am selecting the provider based on a drop down list like so:
MembershipProvider provider = Membership.Providers[dropDownList.SelectedItem.Text];
Problem is whenever I hit this line, it always tries to connect to MyOwnProvider1 when in fact MyOwnProvider2 was selected!
Any ideas?
The cause of the problem you are having is that when the app is spun up, either the provider flagged as defaultProvider in the membership element OR the first provider encountered, starting with your web.config and moving upstream to the root web.config in the .net framework/config directory, is initialized, making it the membership provider.
Couple this behavior with the fact that all of the baked in plumbing and controls are expecting to work with a single provider and you are uscwap.
In order to make something like this work, you are going to have to implement a single custom membership provider that acts as a facade or aggregator for your multiple authentication sources and add that as the single provider in web.config.
Cheers
Is it possible to dynamically select a provider that way? I've always assumed not (though I've never tried it), in this instance I'd guess that when it loads Membership.Providers it stops at the first one it comes to, MyOwnProvider1 in your case.
Related
How to make simple Membership provider from empty web application template in ASP.NET MVC4
I searched a lot on google, bing and many others, but I din't get positive responce about membership provider
can some one tell me basic of membership provider?
please
I followed these steps:
So before starting I am assuming you have setup your database models including a users model which we will use for simple membership. Go ahead and add a "username" column and an "id" column (if you don't already have one) in the model and create the database. Remember already having a database is necessary if you want to use simple membership with your existing user's table. Simple membership will add it's table to your existing database.
1.Install Webmatrix.webdata and webmatrix.data from Nuget Packet manager.
2.In your web.config enable simple membership by
<add key="enableSimpleMembership" value="true" />
in appsettings
3.Next step is to define profile, role and membership providers in system.web by
<profile defaultProvider="SimpleProfileProvider">
<providers>
<add name="SimpleProfileProvider" type="WebMatrix.WebData.SimpleMembershipProvider, WebMatrix.WebData" connectionStringName="YOUR_CONNECTION_STRING" applicationName="/" />
</providers>
</profile>
<membership defaultProvider="SimpleMembershipProvider">
<providers>
<add name="SimpleMembershipProvider" type="WebMatrix.WebData.SimpleMembershipProvider, WebMatrix.WebData" />
</providers>
</membership>
<roleManager enabled="true">
<providers>
<add name="SimpleRoleProvider" type="WebMatrix.WebData.SimpleRoleProvider, WebMatrix.WebData" />
</providers>
</roleManager>
4.Next step is to connect your user table with simple membership. Now the Internet Application Template which is being provided by default uses a filter but we're going to skip it. We're going to directly initialize simple membership in global.asax by
if (!WebSecurity.Initialized)
{
WebSecurity.InitializeDatabaseConnection("YOUR_DB_CONTEXT", "USER_TABLE", "ID_COLUMN", "USERNAME_COLUMN", true);
}
And you are done with the setup.
Now to actually create users, there are two options, Create User and Account and Create Account only. How the create user and account works is that it will you will provide the user's information and it will create a user in your user table and then create a membership account. I personally use the latter, which means I create the users separately, and then create a membership account for that user using
WebSecurity.CreateAccount("Username","Password");
Just create an Internet template, and copy the code out of it into your empty project.. although, honestly at that point you've essentially got the Internet template anyways, other than the default layout.
There's a lot of code that goes into supporting the Membership system, so study the Internet template and it will tell you everything you need to know.
When you create the new project, select the Internet Template.
When you register your first user it will automatically create the table structure in your db
So you want to use simple membership in asp.net MVC4 .
Follow the steps mentioned in this tutorial : Simple Membership
This will provide the all the basic information of how to setup simple membership in asp.net mvc4.
This is sort of a two part question. So I'll start with the first which will lead into the second. I'm hosting a site at GoDaddy where at the root is the main web application. However in a sub-folder I have created a second web application. Both of which use Forms Authentication backed with ASP.NET Membership on a shared database. Meaning both are using the database aspnetdb. What I'm trying to accomplish is the ability to log into one and therefore be logged into both. A Single Sign On (SSO) if you will. What I have found so far is if the applications are on the same server (IIS instance) they therefore share the same MachineKey. From what I have found and from my understanding Forms Authentication uses the MachineKey to generate the Authentication Ticket. So therefore should be no modifications necessary as long as the application name for the Membership, Role and Profile providers match.
Am I accurate so far?
But I have not been able to get this to work. So I tried two other ideas with no prevail.
I added the following to both Web.config files (separately, not together of course).
<machineKey decryptionKey="AutoGenerate"
validation="SHA1" validationKey="AutoGenerate" />
or
<machineKey
validationKey="93A258D47F48AF07AB8BE3EF56C9D32897B9C458F2E14DB6F9AA47D77E40F4CA763D4BD56C2900B507073023F4C43C583A1F7086C2DD327C879368B0449EFB10"
decryptionKey="6BE371E3CDE768B71D0D261370127BAE094984D207EFD4B55FB24384FE1795D1"
validation="SHA1" decryption="AES" />
Generated from http://aspnetresources.com/tools/machineKey
And an example Membership configuration
<membership
defaultProvider="SqlProvider"
userIsOnlineTimeWindow="20">
<providers>
<remove name="AspNetSqlProvider" />
<add name="SqlProvider"
type="System.Web.Security.SqlMembershipProvider"
connectionStringName="aspnetdb"
enablePasswordRetrieval="false"
enablePasswordReset="true"
requiresQuestionAndAnswer="true"
passwordFormat="Hashed"
applicationName="/" />
</providers>
</membership>
So my first question, will this work and am I on the right track? Because I have not been able to get this to work.
The next question is, if this works and someone were to download an application and load it to their website. And, if in the application Web.config the MachineKey is specified, like the one generated above, and they leave the default application name, like '/', could this be a security risk? Meaning if person A loaded an app and person B loaded the same app could a user authenticate on one and therefore be authenticated on the second installation. Mind you person A and person B have no relationship other than they both loaded the same application and left it with the default settings.
References:
http://msdn.microsoft.com/en-us/library/ff649308.aspx
http://help.ablecommerce.com/faqs/ablecommerce_7/how_do_i_install_to_a_shared_hosting_environment_.htm
http://rtur.net/blog/post/2009/03/30/Using-machineKey-with-ASPNET-Membership.aspx
Using one Asp.net Membership database with multiple applications Single Sign On
[Update]
- I'm determined to find the solution to this issue soon. If you are also search for a solution stay tuned...
I'm creating a custom Role provider based on the ASP.NET Role provider. I have 3 tables. One for Users, one for Roles, one for UsersInRoles.The Users table has no password column because the users are authenticated with ActiveDirectory. That's my approach so far. I can't get the cusstom Role Provider to work, anyone has the same situation like me. How do you make a custom Role provider works with AD?
What I did: create a class which inherits from System.Web.Security.RoleProvider, and choose "Implement abstract class" from the context menu when clicking on : Roleprovider. I only implemented the method GetRolesForUser (the other methods throw NotImplementedException).
At a certain point I thought I also needed to implement the MembershipProvider, but a simple addition to web.config fixed it (since the assembly is not in the GAC, in the type-attribute, you only need to mention the namespace+type-name; not the assembly name and other parameters):
<configuration>
<system.web>
<roleManager enabled="true" defaultProvider="MyRoleProvider">
<providers>
<clear />
<add name="MyRoleProvider" type="Namespace.To.MyRoleProvider" />
</providers>
</roleManager>
</system.web>
</configuration>
There is no need to implement the ValideUser method on a MembershipProvider.
You should be able to write the role provider in a manner to where you override the ValidateUser() method and force it to perform the AD lookup there. After that, most of the built in stuff should take over.
I have a 3-tier ASP.NET 2.0 app. I want to use the Membership.ValidateUser method of the membership class using the credentialls added with the login control. As stupid as it seems, I can't figure out how to have the ValidateUser control call anything but the db specified in the web.config. What I need is it to call down to the middle tier which will authenticate against the db. I can't have the presentation layer authenticate against the db directly.
You just need to create a custom membership provider, inherit from MembershipProvider then wire it up in the web.config. The provider could go in your App_Code folder then call your middle tier
<membership defaultProvider="CustomProvider">
<providers>
<add
name="CustomProvider"
type="YourNameSpace.YourCustomProvider"
connectionStringName="ConnectionString" />
</providers>
</membership>
I've written a custom MembershipProvider that uses a custom database schema for storing the members, but I am having trouble figuring out how to deploy the provider. My target server is running IIS7, and I am able to navigate to a dialog for a adding a .NET User Provider, but instead of allowing me to select the assembly containing the provider & then the class, it provides a drop-down with a couple of MS written providers.
Do I need to drop my assembly in a specific location so that my MembershipProvider class is discovered by IIS? If so, what where does the .dll need to go? Otherwise, how do tell ASP.Net to use my MembershipProvider? Every example I've seen simply references the fully qualified class name, but makes no mention of how the file needs to be deployed.
If you look in the web.config file for your application, you should have a section called system.web. Within that there is a membership element with a list of providers. You should be able to add your provider and set a default provider there. Once your membership provider is registered in this way, you should be able to select it as a default for that application from IIS as well.
<system.web>
...
<membership defaultProvider="MyMembershipProvider"
userIsOnlineTimeWindow="15">
<providers>
<add name="MyMembershipProvider"
type="Common.Auth.MyMembershipProvider, Common"
connectionStringName="MyAuthDBConnectionString"
enablePasswordRetrieval="true"
enablePasswordReset="true"
requiresQuestionAndAnswer="true"
writeExceptionsToEventLog="false" />
</providers>
</membership>
...
</system.web>
The providers element allows you to register multiple providers to choose from. Another feature is that you can clear out membership providers registered in other configuration files on the machine. This can make configuring your application less error prone later on. To do so, add the <clear/> element before the first membership provider (the <add/> element) in the list.
<system.web>
...
<membership defaultProvider="MembershipProvider1">
<providers>
<clear />
<add name="MembershipProvider1" ... />
<add name="MembershipProvider2" ... />
</providers>
</membership>
...
</system.web>
If you want to register the same provider with multiple web applications just using IIS Manager, you will need to put the assembly in the GAC and add the provider to one of the machine config files instead. This is usually more work for little benefit when deploying a single application.