I have created a user by using CreateUserWizard - control.
My web.config file is as follows:
<?xml version="1.0"?>
<configuration>
<appSettings/>
<connectionStrings>
<remove name="LocalSqlServer"/>
<add name="ConnString1" connectionString="Data Source=.\SQLEXPRESS;Initial Catalog=IceWebPortal_SQL2K5;user=sa;password=;integrated security=true;" providerName="System.Data.SqlClient"/>
<add name="LocalSqlServer" connectionString="Data Source=localhost;Initial Catalog=aspnet_membership_test;Integrated Security=True" providerName="System.Data.SqlClient"/>
</connectionStrings>
<system.web>
<!--
Set compilation debug="true" to insert debugging
symbols into the compiled page. Because this
affects performance, set this value to true only
during development.
-->
<compilation debug="true" />
<!--
The <authentication> section enables configuration
of the security authentication mode used by
ASP.NET to identify an incoming user.
-->
<authentication mode="Forms">
<forms
name="CookieDemo"
loginUrl="Default.aspx"
protection="All"
timeout="30"
path="/"
/>
</authentication>
<!--<authorization>
<deny users="?"/>
</authorization>-->
</system.web>
<location path="Default.aspx">
<system.web>
<authorization>
<allow users="*"></allow>
</authorization>
</system.web>
</location>
</configuration>
I am finding that, FormsAuthentication.Authenticate(username, password); is always returning false.
string username = this.usernameTextBox.Text;
string password = this.passwordTextBox.Text;
bool success = FormsAuthentication.Authenticate(username, password);
if (success)
{
}
What can be the problem?
You need to add e.g. a MembershipProvider configuration or add users directly to web.config (which is probably not a good idea)-
Example:
<membership>
<providers>
<clear />
<add name="AspNetSqlMembershipProvider"
type="System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
connectionStringName="ApplicationServices"
enablePasswordRetrieval="false"
enablePasswordReset="true"
requiresQuestionAndAnswer="false"
requiresUniqueEmail="false"
passwordFormat="Hashed"
maxInvalidPasswordAttempts="5"
minRequiredPasswordLength="6"
minRequiredNonalphanumericCharacters="0"
passwordAttemptWindow="10"
passwordStrengthRegularExpression=""
applicationName="/" />
</providers>
</membership>
Related
I have maintained aspnetdb.mdf on a sqlserver instance which I am using in my ASP.net web site application for roles and memberships.
Problem is that when I add roles using ASP.net web site configuration tool these roles are not getting populated in my aspnet_Roles table in aspnetdb.
On the other hand Users and application settings are nicely getting inserted into tables aspnet_Users and aspnet_Applications table respectively?
I know there is something wrong in my web.config file but do not know what?
web.config
<configuration>
<appSettings>
<add key="ValidationSettings:UnobtrusiveValidationMode" value="None" />
</appSettings>
<connectionStrings>
<add name="SqlSequrityConnectionString"
connectionString="Data Source=NASEER\SQLEXPRESS;Initial Catalog=aspnetdb;Integrated Security=True"
providerName="System.Data.SqlClient" />
</connectionStrings>
<system.web>
<authorization>
<allow users="56013" />
</authorization>
<authentication mode="Forms" />
<roleManager enabled="true" />
<compilation debug="true" targetFramework="4.5.1" />
<httpRuntime targetFramework="4.5.1" />
<membership defaultProvider="SecurityTutorialsSqlMembershipProvider">
<providers>
<!-- Add a customized SqlMembershipProvider -->
<clear/>
<add name="SecurityTutorialsSqlMembershipProvider"
type="System.Web.Security.SqlMembershipProvider"
connectionStringName="SqlSequrityConnectionString"
enablePasswordRetrieval="false"
enablePasswordReset="true"
requiresQuestionAndAnswer="true"
applicationName="SecurityTutorials"
requiresUniqueEmail="true"
passwordFormat="Hashed"
maxInvalidPasswordAttempts="5"
minRequiredPasswordLength="7"
minRequiredNonalphanumericCharacters="1"
passwordAttemptWindow="10"
passwordStrengthRegularExpression=""/>
</providers>
</membership>
</system.web>
</configuration>
By adding following code I got it working........!
<roleManager enabled="true" defaultProvider="SqlRoleManager">
<providers>
<add name="SqlRoleManager"
type="System.Web.Security.SqlRoleProvider"
connectionStringName="SqlSequrityConnectionString"
applicationName="MyApplication" />
</providers>
</roleManager>
I'm integrating security into an existing asp classic website. and I'd like to keep the anonymous users able to still access the site until I'm ready to flip the switch. Shouldn't setting allow users="*" let everyone in and not redirect? Right now it's redirecting all pages until you authenticate.
<configuration>
<connectionStrings>
<add name="foConnectionString" connectionString="Data Source=;Initial Catalog=fo;Persist Security Info=True;User ID=foSecurity;Password=" providerName="System.Data.SqlClient"/>
</connectionStrings>
<system.web>
<authorization>
<allow users="*"/>
</authorization>
<authentication mode="Forms">
<forms loginUrl="~/Account/Login.aspx" timeout="2880"/>
</authentication>
<membership>
<providers>
<clear/>
<add name="AspNetSqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider" connectionStringName="foSecurityConnectionString" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" requiresUniqueEmail="false" maxInvalidPasswordAttempts="5" minRequiredPasswordLength="6" minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10" applicationName="/foSecurity"/>
</providers>
</membership>
<profile>
<providers>
<clear/>
<add name="AspNetSqlProfileProvider" type="System.Web.Profile.SqlProfileProvider" connectionStringName="foSecurityConnectionString" applicationName="/foSecurity"/>
</providers>
</profile>
<roleManager enabled="true">
<providers>
<clear />
<add connectionStringName="foSecurityConnectionString" applicationName="/foSecurity"
name="AspNetSqlRoleProvider" type="System.Web.Security.SqlRoleProvider" />
<add applicationName="/foSecurity" name="AspNetWindowsTokenRoleProvider"
type="System.Web.Security.WindowsTokenRoleProvider" />
</providers>
</roleManager>
<customErrors mode="Off"/>
</system.web>
<system.webServer>
<defaultDocument>
<files>
<add value="index.asp" />
</files>
</defaultDocument>
<modules runAllManagedModulesForAllRequests="true"/>
</system.webServer>
</configuration>
SOLUTION: <allow users="*"/> changed to <allow users="?"/> did the trick for me.
I have a problem that started to occur when i moved my asp.net website to my webserver (Windows Webserver 2008 R2 - IIS7).
I use VS2010 and run the project asp.net configuration and set deny all on root folder on my website.
Then when accessing the website externally i was correctly forwarded to /Account/Login.aspx but then the css file was not loaded.
So i added a allow all on the /Styles folder.
Still same problem.
If i login and then logout the css seems to load..
I dont really know what to look for here, is it a web.config problem, iis7 config problem or something else?
This is the web.config located at /Account/
<?xml version="1.0"?>
<configuration>
<location path="~/Styles/Site.css">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>
</configuration>
And this is my websites base web.config:
<?xml version="1.0"?>
<configuration>
<location path="~/Styles/Site.css">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>
<connectionStrings>
<remove name="halldbConnectionString"/>
<remove name="ApplicationServices"/>
<add name="ApplicationServices" connectionString="Data Source=xxx.xxx.xxx.xxx;Initial Catalog=xxxxxx;Persist Security Info=True;User ID=xxx;Password=xxx" providerName="System.Data.SqlClient"/>
<add name="halldbConnectionString" connectionString="Data Source=xxx.xxx.xxx.xxx;Initial Catalog=xxxxxx;Persist Security Info=True;User ID=xxx;Password=xxx" providerName="System.Data.SqlClient"/>
</connectionStrings>
<system.web>
<compilation debug="true" targetFramework="4.0">
<assemblies>
<add assembly="System.Web.Extensions.Design, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
<add assembly="System.Design, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"/>
<add assembly="System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/></assemblies></compilation>
<authentication mode="Forms">
<forms loginUrl="~/Account/Login.aspx" defaultUrl="~/Väljhall.aspx"
timeout="2880" />
</authentication>
<membership>
<providers>
<clear/>
<remove name="AspNetSqlMembershipProvider"/>
<add name="AspNetSqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider" connectionStringName="ApplicationServices" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" requiresUniqueEmail="false" maxInvalidPasswordAttempts="5" minRequiredPasswordLength="6" minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10" applicationName="/"/>
</providers>
</membership>
<profile>
<providers>
<clear/>
<add name="AspNetSqlProfileProvider" type="System.Web.Profile.SqlProfileProvider" connectionStringName="ApplicationServices" applicationName="/"/>
</providers>
</profile>
<roleManager enabled="false">
<providers>
<clear/>
<add name="AspNetSqlRoleProvider" type="System.Web.Security.SqlRoleProvider" connectionStringName="ApplicationServices" applicationName="/"/>
<add name="AspNetWindowsTokenRoleProvider" type="System.Web.Security.WindowsTokenRoleProvider" applicationName="/"/>
</providers>
</roleManager>
</system.web>
<system.webServer>
<modules runAllManagedModulesForAllRequests="true"/>
</system.webServer>
</configuration>
First of all please explore what requests to the css files respond. (Is it 404, 500, 302 response codes). You can do it with any http watcher like HttpAnalyzer.
If css files response contains the information that request was not authorize - try to set AppPool to classic mode
<allow users="*"/>
changed to
<allow users="?"/>
did the trick for me
I have a application that connects to a remote sql server. I am able to create users and they are stored in the DB. Then I can go to the login page and login. But after a while, I am unable to log in and it just sits at the login page. The user is still in the DB
Help?
<configuration>
<connectionStrings>
<add name="LoginSQL" providerName="System.Data.SqlClient"
connectionString="Data Source=xx.xx.xx.xx;Initial Catalog=xxxx;UID=xxxxx;pwd=xxxx;"/>
</connectionStrings>
<system.web>
<compilation debug="true" targetFramework="4.0"/>
<authentication mode="Forms">
<forms name="Login" loginUrl="Default.aspx" protection="All" timeout="20"/>
</authentication>
<authorization>
<deny users="?" />
<allow users="*" />
</authorization>
<membership defaultProvider="MySqlLoginProvider">
<providers>
<add name="MySqlLoginProvider" type="System.Web.Security.SqlMembershipProvider" connectionStringName="LoginSQL" applicationName="Login" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="true" requiresUniqueEmail="true" passwordFormat="Hashed" maxInvalidPasswordAttempts="3" passwordAttemptWindow="30" minRequiredPasswordLength="6" minRequiredNonalphanumericCharacters="0"/>
</providers>
</membership>
<profile>
<providers>
<clear/>
<add name="AspNetSqlProfileProvider" type="System.Web.Profile.SqlProfileProvider" connectionStringName="ApplicationServices" applicationName="/"/>
</providers>
</profile>
<roleManager defaultProvider="MyRoleProvider" enabled="true" cacheRolesInCookie="true" cookieName=".ASPRoles" cookiePath="/" cookieTimeout="60" cookieSlidingExpiration="true" cookieProtection="All">
<providers>
<add name="MyRoleProvider" type="System.Web.Security.SqlRoleProvider" connectionStringName="LoginSQL" applicationName="Login"/>
</providers>
</roleManager>
</system.web>
<system.webServer>
<modules runAllManagedModulesForAllRequests="true"/>
</system.webServer>
</configuration>
Hello I have a problem with my connection string below:
<configuration>
<connectionStrings>
<add name="ApplicationServices"
connectionString="data source=.\SQLEXPRESS;Integrated Security=SSPI;AttachDBFilename=|DataDirectory|\aspnetdb.mdf;User Instance=true"
providerName="System.Data.SqlClient" />
<add name="ConnectionString"
connectionString="Data Source=.\SQLEXPRESS;AttachDbFilename=|DataDirectory|\ASPNETDB.MDF;Integrated Security=True;User Instance=True"
providerName="System.Data.SqlClient" />
</connectionStrings>
<system.web>
<customErrors defaultRedirect="~/error.aspx" mode="RemoteOnly"/>
<authentication mode="Forms">
<forms loginUrl="~/login.aspx" />
</authentication>
<authorization>
<allow users="*" />
</authorization>
<roleManager enabled="true" />
<compilation debug="true" />
<membership>
<providers>
<remove name="AspNetSqlMembershipProvider" />
<add name="AspNetSqlMembershipProvider"
type="System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
connectionStringName="LocalSqlServer"
enablePasswordRetrieval="false"
enablePasswordReset="true"
requiresQuestionAndAnswer="true"
applicationName="/"
requiresUniqueEmail="false"
passwordFormat="Hashed"
maxInvalidPasswordAttempts="5"
minRequiredPasswordLength="1"
minRequiredNonalphanumericCharacters="0"
passwordAttemptWindow="10"
passwordStrengthRegularExpression=""/>
</providers>
</membership>
</system.web>
<location path="~/securepage.aspx">
<system.web>
<authorization>
<deny users="?"/>
</authorization>
</system.web>
</location>
</configuration>
Can anyone let me know were the proble is coming front? I don't know if the problem is coming from
add name="ApplicationServices".
I will appreciate ur help
You're referencing connectionStringName="LocalSqlServer" which doesn't exist. The two connection strings you have registered are ApplicationServices and ConnectionString.
Rename your second connection string entry to:
<add name="LocalSqlServer" ...