What are the minimum permissions for connectionUsername when using ActiveDirectoryMembershipProvider - asp.net

I am writing an ASP.NET application using ActiveDirectoryMembershipProvider, similar to the scenario outlined here:
http://channel9.msdn.com/wiki/securitywiki/aspnet2formsauthtoadrolesinadintranet/
As part of this setup, I configured ASP.NET Membership as follows:
<membership defaultProvider="MyADMembershipProvider">
<providers>
<add
name="MyADMembershipProvider"
type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web, Version=2.0.0.0,
Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
connectionStringName="ADConnectionString"
connectionUsername="testdomain\administrator"
connectionPassword="password"/>
</providers>
</membership>
This works, but in production I would like to use a connectionUsername with minimum permissions to anything else, instead of "Administrator". What are the minimum permissions that should be assigned to this account?

See the note in the "Connecting to Active Directory" section at http://msdn.microsoft.com/en-us/library/ms998360.aspx.

Related

Membership and Role Providers when using Oracle Managed Driver

I had some 32bit/64bit issues in one of my web applications after the DB was upgraded to 64 bit 12C and after researching the problems I had encountered, the almost universal answer was "Use Managed Driver and not worry about 32/64 bit issue". So I did. I
downloaded and installed "ODAC 12c Release 4 and Oracle Developer Tools for Visual Studio (12.1.0.2.4)" from here,
removed references to Oracle.Web and Oracle.DataAccess (unmanaged
drivers) in my app and added reference to new managed driver "Oracle.ManagedDataAccess"
changed all the "using Oracle.Web", "using Oracle.DataAccess.Client"
to "using Oracle.ManagedDataAccess.Client"
But I cannot find one document that tells me how web config file needs to be modified to use managed driver.
Do I need to make any changes to <connectionStrings> section?
Do I need to add additional sections to make use of managed driver?
What do I need to change in Membership and Role Providers sections? The existing providers refer to Oracle.Web.Security.OracleRoleProvider and once upgrading to Managed version, all references to Oracle.Web and Oracle.DataAccess has to be removed.
If anyone has gone through the pain, please share your solutions to these, any other issues I might run into once these are resolved.
This is a sample of current web config file that I think needs to be changed/removed:
<connectionStrings>
<clear/>
<add name="MSAConnectionString" connectionString="User Id=Some_User;Password=SomePwd;Data Source=(DESCRIPTION =(ADDRESS_LIST =(ADDRESS = (PROTOCOL = TCP)(HOST = 10.20.30.40)(PORT = 1521)))(CONNECT_DATA =(SID = MSA))); Min Pool Size=10;Max Pool Size=300;Incr Pool Size=5;Decr Pool Size=2;"/>
</connectionStrings>
<compilation defaultLanguage="c#" debug="true" targetFramework="4.0">
<assemblies>// next two line will have to be removed, since DLLs no longer referenced
<add assembly="Oracle.DataAccess, Version=2.121.2.0, Culture=neutral, PublicKeyToken=89B483F429C47342"/>
<add assembly="Oracle.Web, Version=2.121.2.0, Culture=neutral, PublicKeyToken=89B483F429C47342"/>
<add assembly="System.DirectoryServices, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"/>
<add assembly="System.DirectoryServices.AccountManagement, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/>
</assemblies>
</compilation>
<membership defaultProvider="DSSOracleMembershipProvider">
<providers>
<add name="DSSOracleMembershipProvider" type="Oracle.Web.Security.OracleMembershipProvider, Oracle.Web, Version=2.121.2.0, Culture=neutral, PublicKeyToken=89b483f429c47342" connectionStringName="MSAConnectionString" applicationName="/" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" requiresUniqueEmail="false" passwordFormat="Hashed" maxInvalidPasswordAttempts="4" minRequiredPasswordLength="9" passwordAttemptWindow="8"/>
</providers>
</membership>
<roleManager enabled="true" defaultProvider="DSSOracleRoleProvider">
<providers>
<add name="DSSOracleRoleProvider" type="Oracle.Web.Security.OracleRoleProvider, Oracle.Web, Version=2.121.2.0, Culture=neutral, PublicKeyToken=89b483f429c47342" connectionStringName="MSAConnectionString" applicationName="/"/>
</providers>
</roleManager>
A few thoughts:
1) Membership is part of Oracle.Web - so you will still need those references - I like to add this to the runtime section in the web.config for good measure:
<assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">
<dependentAssembly>
<assemblyIdentity name="Oracle.Web" publicKeyToken="89b483f429c47342" />
<bindingRedirect oldVersion="0.0.0.0-4.121.2.1" newVersion="4.121.2.1" />
</dependentAssembly>
</assemblyBinding>
2) VS2015 NuGet can help you get the Oracle managed client installed; however, it could be as simple as global substituting Oracle.ManagedDataAccess.Client for Oracle.DataAccess.Client. (Leave Oracle.Web alone!)
3) additional tuning for your ADO.net pool may be required (in connection strings) - see here: ODP.NET error in IIS: ORA-12357 Network Session End of file
Also the 2.x drivers are for ASP.NET 2.0 - the 4.x are ASP.NET 4.0 - looks like your pointing to the wrong framework.

Asp.Net Unit Testing: Membership TypeLoadException for DefaultMembershipProvider

I have an ASP.Net Web Forms application and I am now writing some unit tests for it.
The test code throws a TypeLoadException at the following line:
if (Membership.GetUser("some name") == null)
The exception text says that "System.Web.Providers.DefaultMembershipProvider" in the assembly "System.Web, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" could not be loaded. When the running the application normally, everything works fine on the built-in test server as well as on the live IIS server. I have simply copied the Web.config from the Web forms application to the Unit test project. I should also mention that other database connections (e.g. Entity Framework) work fine. Here is the relevant config section:
<membership defaultProvider="ClientAuthenticationMembershipProvider">
<providers>
<clear />
<add name="DefaultMembershipProvider" type="System.Web.Providers.DefaultMembershipProvider" connectionStringName="DefaultConnection" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" requiresUniqueEmail="false" maxInvalidPasswordAttempts="10" minRequiredPasswordLength="6" minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10" applicationName="/" passwordFormat="Hashed" />
<add name="ClientAuthenticationMembershipProvider" type="System.Web.ClientServices.Providers.ClientFormsAuthenticationMembershipProvider, System.Web.Extensions, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" serviceUri="" />
</providers>
</membership>
I have also set a reference to System.Web in the Unit test project, but I still get the mentioned exception. Does anybody have a clue why this is not working in the Unit test project?
Update: the following line works fine, so the cause must be somehwere in the initialization of my DefaultMembershipProvider:
System.Web.Providers.DefaultMembershipProvider test= new System.Web.Providers.DefaultMembershipProvider();
The problem was "ClientAuthenticationMembershipProvider" was set as default provider. I don't know where it can from; it must have been added by NuGet or something. In my original Web.Config, it it not present. By removing it, everything worked again.

ASP.NET MVC 4 Template project fails to find 'MySql.Web

I have created a new project in ASP.NET MVC 4. Normally you just hit F5 and it runs as a semi empty project. Instead I'm getting:
Parser Error Message: Could not load file or assembly 'MySql.Web,
Version=6.7.4.0, Culture=neutral, PublicKeyToken=c5687fc88969c44d' or
one of its dependencies. The system cannot find the file specified.
This makes no sense. I have no such entries in my config file and dont event want to use MySql. What has changed in MVC 4? What do I need to do?
I guess your machine.config file has been changed, I suggest take a look at that in either of these locations:
32-bit
x:\Windows\Microsoft.NET\Framework\[version]\config\machine.config
64-bit
x:\Windows\Microsoft.NET\Framework64\[version]\config\machine.config
as suggested by Petoj in this post
Where Is Machine.Config?
I was having the same issue ..adding following tags to web.config file worked for me :
<membership defaultProvider="SimpleMembershipProvider">
<providers>
<clear/>
<add name="SimpleMembershipProvider"
type="WebMatrix.WebData.SimpleMembershipProvider, WebMatrix.WebData"
/>
</providers>
</membership>
<roleManager defaultProvider="SimpleRoleProvider">
<providers>
<clear/>
<add name="SimpleRoleProvider"
type="WebMatrix.WebData.SimpleRoleProvider, WebMatrix.WebData"
/>
</providers>
</roleManager>

SimpleMembershipProvider not working

I started a new internet project with VS2012 and am trying to just restructure my project a bit and I can't seem to keep the SimpleMemberhsipProvider working. Basically, all I've done is move the models objects into a core project along with a couple other items. I've implemented Ninject and am trying to abstract Entity a bit by using a repository pattern to get my data. I really don't feel as though I've changed much with the current project, but for some reason when I start the application now I get:
{"The Role Manager feature has not been enabled."}
The ActionFilter that is supplied by the framework is where the error is thrown when:
WebSecurity.InitializeDatabaseConnection("DefaultConnection", "UserProfile", "Id", "UserName", autoCreateTables: true);
is called.
Here is some of the stacktrace:
[ProviderException: The Role Manager feature has not been enabled.]
System.Web.Security.Roles.EnsureEnabled() +9561885
System.Web.Security.Roles.get_Provider() +8
WebMatrix.WebData.WebSecurity.InitializeProviders(DatabaseConnectionInfo
connect, String userTableName, String userIdColumn, String
userNameColumn, Boolean autoCreateTables) +104
WebMatrix.WebData.WebSecurity.InitializeDatabaseConnection(String
connectionStringName, String userTableName, String userIdColumn,
String userNameColumn, Boolean autoCreateTables) +100
InoutBoard.Core.Infrastructure.Filters.SimpleMembershipInitializer..ctor()
in c:\Users\Kyle\Documents\Visual Studio
2012\Projects\InoutBoard\InoutBoard.Core\Infrastructure\Filters\InitializeSimpleMembershipAttribute.cs:42
[InvalidOperationException: The ASP.NET Simple Membership database
could not be initialized. For more information, please see
http://go.microsoft.com/fwlink/?LinkId=256588]
InoutBoard.Core.Infrastructure.Filters.SimpleMembershipInitializer..ctor()
in c:\Users\Kyle\Documents\Visual Studio
2012\Projects\InoutBoard\InoutBoard.Core\Infrastructure\Filters\InitializeSimpleMembershipAttribute.cs:46
I'm hosting the code on github at the following link https://github.com/keroger2k/InoutBoard
First way
Check the sphair's answer out (in current thread).
Second way
Add following assemblies to the web.config:
<system.web>
<compilation debug="true" targetFramework="4.5">
<assemblies>
<add assembly="WebMatrix.Data, Version=2.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"/>
<add assembly="WebMatrix.WebData, Version=2.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"/>
</assemblies>
</compilation>
</system.web>
Update
The WebMatrix.WebData assembly contains a start up method to initialize Membership/Role providers and enable RoleManager (PreApplicationStartCode.Start). But ASP.NET couldn't find that to run in your case. By adding these two lines of code, we force ASP.NET to search these assemblies for PreApplicationStartMethodAttribute(s).
In case others are getting this error and the above solution doesn't work, like in my case. It said invalid child object when I tried to add in the assemblies markup. I had to specify the roleManager and membership tags as below. Once I did that the update-database worked.
<roleManager enabled="true" defaultProvider="SimpleRoleProvider">
<providers>
<clear/>
<add name="SimpleRoleProvider" type="WebMatrix.WebData.SimpleRoleProvider, WebMatrix.WebData"/>
</providers>
</roleManager>
<membership defaultProvider="SimpleMembershipProvider">
<providers>
<clear/>
<add name="SimpleMembershipProvider"
type="WebMatrix.WebData.SimpleMembershipProvider, WebMatrix.WebData"/>
</providers>
</membership>
I had the exact same error running at my hosting company (WinHost.com - they are excellent BTW).
My solution was to add to the web.config:
<appSettings>
<add key="enableSimpleMembership" value="true" />
</appSettings>
Instead of adding the assemblies to the web.config as Mehdi Golchin suggests, an alternative is to change the assembly references on WebMatrix.Data and WebMatrix.WebData to CopyLocal=True.
add the key to the Web.Config as the page:
http://devbla.wordpress.com/2013/07/03/corrigindo-o-erro-no-aspnet-the-role-manager-feature-has-not-been-enabled/
[]'s

Attached DB Can login but not create user "invalid value for key 'attachdbfilename'"

I have a application running on our server (it works fine on my computer not that it matters).
It is a windows server 2003, Sql Express 2008 r2 server.
Im using a attached DB for storing users (the asp.net supplied db).
I can login to the web application with no problem but when i try to create a user it just says invalid value for key 'attachdbfilename' with the yellow screen of death.
here you have the connection string in the web.config
<add name="ConnectionStringASPNETDB.MDF" connectionString="Data Source=localhost\SQLEXPRESS_2008;AttachDbFilename=|DataDirectory|\ASPNETDB.MDF;Integrated Security=True;User Instance=True" providerName="System.Data.SqlClient" />
and the membership provider
<add name="daganteckning" type="System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.3600.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
connectionStringName="ConnectionStringASPNETDB.MDF"
enablePasswordRetrieval="false"
enablePasswordReset="false"
requiresQuestionAndAnswer="false"
applicationName="/"
requiresUniqueEmail="false"
passwordFormat="Hashed"
description="Stores and retrieves membership data from a Microsoft SQL Server database." />
My only guess is that there is some sort of directory/file security permission i must set but i have no idea what user iis/sql uses to access the database file.
Any one got a idea?
Edit:
I tryed by replacing localhost\sqlexpress_2008 with .\sqlexpress_2008 and now i got
Unable to open the physical file
"C:\Inetpub\wwwroot\MEDLEM_TEST\App_Data\ASPNETDB.MDF".
Operating system error 32: "32(The
process cannot access the file because
it is being used by another
process.)". An attempt to attach an
auto-named database for file
C:\Inetpub\wwwroot\MEDLEM_TEST\App_Data\ASPNETDB.MDF
failed. A database with the same name
exists, or specified file cannot be
opened, or it is located on UNC share.
Check if your server's antivirus or any other process could be accessing the file.
You could also try recycling the application after making the change you listed.
Also if you use the Asp.Net Configuration tool it will attach to the mdf file and your application will create that error while you are connected through that.
After browsing around i found that i was not using the defined provider unless i stated that i wanted to use it by name.. so i solved it by adding <clear /> to the Providers tag and adding the attribute defaultProvider="daganteckning" to the membership tag.
<membership defaultProvider="daganteckning">
<providers>
<clear />
<add name="daganteckning" type="System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.3600.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
connectionStringName="ConnectionStringASPNETDB.MDF"
enablePasswordRetrieval="false"
enablePasswordReset="false"
requiresQuestionAndAnswer="false"
applicationName="/"
requiresUniqueEmail="false"
passwordFormat="Hashed"
description="Stores and retrieves membership data from a Microsoft SQL Server database." />
</providers>
....

Resources