"apparently it works"
Can you name reasons beyond good practices not to give these two:
connectionStringName and Membership Provider name the same string value?
could this be an issue?
as in:
<membership defaultProvider="MySqlConnection" userIsOnlineTimeWindow="45">
<providers>
<clear />
<add name="MySqlConnection"
type="System.Web.Security.SqlMembershipProvider"
connectionStringName="MySqlConnection"
applicationName="HQChannel"
enablePasswordRetrieval="true"
enablePasswordReset="true"
requiresQuestionAndAnswer="false"
requiresUniqueEmail="true"
passwordFormat="Hashed"
minRequiredNonalphanumericCharacters="0"
minRequiredPasswordLength="6" />
</providers>
</membership>
as per this post
Thanks
I wouldn't name it the same as the connection string for the following reasons:
I name connection strings with namespace prefixes, so you know which assembly they are related to (eg: MyApp.Web.MySqlConnection)
MySqlConnection doesn't imply a MembershipProvider
It can introduce confusion
Related
I'm developing a website in ASP.NET where users can register and login. I want to block users for 10 mins , after they introduce the wrong password for 3 times.Is there any other solution excepting the MembershipProvider ? I tried to implement it, but it failed.
After I introduce in web.config, the code below, what else should I do ? Thanks.
<membership
defaultProvider="MyMembershipProvider">
<providers>
<clear/>
<add name="MyMembershipProvider"
type="MyMembershipProvider"
autogenerateschema="true"
connectionStringName="MyConnectionString"
enablePasswordRetrieval="false"
enablePasswordReset="true"
requiresQuestionAndAnswer="false"
requiresUniqueEmail="false"
passwordFormat="Hashed"
maxInvalidPasswordAttempts="3"
minRequiredPasswordLength="8"
minRequiredNonalphanumericCharacters="1"
passwordAttemptWindow="5"
passwordStrengthRegularExpression=""
applicationName="/" />
</providers>
</membership>
Check the following example for ASP.net 2.0 Membership provider, it implements a way to unlock users automatically
http://www.wrox.com/WileyCDA/Section/Implementing-Automatic-Unlocking-in-ASP-NET-2-0-SqlMembershipProvider.id-292262.html
So the critical parts of my web config looks like:
<connectionStrings>
<add name="AppConnection" connectionString="Server=100.100.100.100;Database=AppDB;User Id=user;Password=password;" providerName="System.Data.SqlClient"/>
<add name="MemberConnection" connectionString="Server=100.100.100.100;Database=aspnetdb;User Id=user;Password=password;" providerName="System.Data.SqlClient"/>
</connectionStrings>
and within the membership providers section:
<membership defaultProvider="SqlProvider" userIsOnlineTimeWindow="15">
<providers>
<clear />
<add name="SqlProvider"
type="System.Web.Security.SqlMembershipProvider"
connectionStringName="MemberConnection"
applicationName="Consulate"
enablePasswordRetrieval="false"
enablePasswordReset="true"
requiresQuestionAndAnswer="false"
requiresUniqueEmail="true"
passwordFormat="Hashed"
maxInvalidPasswordAttempts="5"
minRequiredPasswordLength="6"
minRequiredNonalphanumericCharacters="0"
passwordAttemptWindow="10"
passwordStrengthRegularExpression="" />
</providers>
</membership>
As written, when I register, it connects to the incorrect database.
However, if I change all instances of "MemberConnection" to "DefaultConnection" it works.
Why does it have to use "Default" as part of the connection string name?
Within IdentityModels.cs, there the constructor for ApplicationDbContext inherited a hard-coded "DefaultConnection" string.
Changed that to the connection string that correlates to the aspnetdb (membership) and it worked.
I am trying to use Membership class for my asp.net mvc3 application with Entity framework to use Mysql database. I am using EF DbContext.
Following some threads i have changed the MySQLMembershipProvider of machine.config to
<add name="MySQLMembershipProvider" type="MySql.Web.Security.MySQLMembershipProvider, MySql.Web, Version=6.4.3.0, Culture=neutral, PublicKeyToken=c5687fc88969c44d" connectionStringName="book_shelfEntities" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="true" applicationName="/" requiresUniqueEmail="false" passwordFormat="Clear" maxInvalidPasswordAttempts="5" minRequiredPasswordLength="7" minRequiredNonalphanumericCharacters="1" passwordAttemptWindow="10" passwordStrengthRegularExpression="" autogenerateschema="true"/>
where book_shelfEntities is the name of my connection string.
My connectionStrings in web.config is as
<connectionStrings>
<add name="ApplicationServices"
connectionString="data source=.\SQLEXPRESS;Integrated Security=SSPI; AttachDBFilename=|DataDirectory|aspnetdb.mdf;User Instance=true" providerName="System.Data.SqlClient" />
<add name="book_shelfEntities" connectionString="metadata=res://*/Models.libs.csdl|res://*/Models.libs.ssdl|res://*/Models.libs.msl;provider=MySql.Data.MySqlClient;provider connection string='server=localhost;User Id=root;password=root;Persist Security Info=True;database=book_shelf'" providerName="System.Data.EntityClient" />
</connectionStrings>
and membership in web.config is as
<membership defaultProvider="MySqlMembershipProvider">
<providers>
<clear />
<add name="MySqlMembershipProvider" type="MySql.Web.Security.MySQLMembershipProvider, MySql.Web, Version=6.4.3.0, Culture=neutral, PublicKeyToken=c5687fc88969c44d" connectionStringName="book_shelfEntities" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" requiresUniqueEmail="false" maxInvalidPasswordAttempts="100" minRequiredPasswordLength="2" minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10" applicationName="/" />
</providers>
</membership>
i have a table named users with username and password fields.
When i try to use Membership.ValidateUser VS2010 throws an error
Keyword not supported.
Parameter name: metadata in my web.config file corresponding to my membership provider name
Please help me to resolve the issue as i am very new to asp.net
(i can use Mysql tables in other sections for adding , editing etc)
i have application that uses asp.net membership. Unfortunately users password are stored using PasswordFormat clear. I want to change password to hashed format without asking user to setting theirs again. Another restriction is that UserId in Membership table can't be changed. Does anyone have any idea how to do it ?
In your web.config go to
<membership defaultProvider="MyMembershipProvider">
<providers>
<clear/>
<add name="MyMembershipProvider"
type="MyProviders.SqlMembershipProvider"
connectionStringName="MyConnectionString"
maxInvalidPasswordAttempts="5"
passwordAttemptWindow="10"
minRequiredNonalphanumericCharacters="0"
minRequiredPasswordLength="4"
passwordStrengthRegularExpression=""
passwordFormat="Hashed"
enablePasswordReset="true"
enablePasswordRetrieval="false"
requiresQuestionAndAnswer="false"
requiresUniqueEmail="true" />
</providers>
</membership>
And there's a "key generator" snippet in this MSDN article, run it twice and shove them in your web.config as:
<system.web>
<machineKey
validationKey="<blah>"
decryptionKey="<blah>"
validation="SHA1"
decryption="AES"
/>
</system.web>
You can encrypt the passwords by configuring the membership provider setting & keys in web.config
<membership defaultProvider="SqlProvider" userIsOnlineTimeWindow="15">
<providers>
<add
name="SqlProvider"
type="System.Web.Security.SqlMembershipProvider"
connectionStringName="SqlServices"
enablePasswordRetrieval="true"
enablePasswordReset="true"
requiresQuestionAndAnswer="true"
passwordFormat="Hashed"
minRequiredPasswordLength="1"
minRequiredNonalphanumericCharacters="0"
passwordStrengthRegularExpression="^([1-zA-Z0-1#.\s]{1,255})$"
applicationName="NitinJS" />
</providers>
</membership>
In my test enviroment I created a Login and used the ASP.NET Configuration in Visual Studio. It worked perfectly.
But now after testing I imported an existing database to my sql-server and this database includes existing asp.net login tables(same structure). In my web-application I want to use these imported tables instead of those in my testing database. I already checked the web.config as well as the aspnetreg tool (don't know the exact name :p)
My question: How can I change the database used by my ASP.NET login?
you have to overwrite the default application services connection string to have it use your existing deployed DB
in the web.config connection string section change the default connection string
<add name="ApplicationServices" connectionString="data source=.\SQLEXPRESS;Integrated Security=SSPI;AttachDBFilename=|DataDirectory|aspnetdb.mdf;User Instance=true" providerName="System.Data.SqlClient"/>
to be whatever your connection string is
or if you want to use a different connection string you can change the name of the connection string used in the membership provider settings also in web.config
<membership>
<providers>
<clear/>
<add name="AspNetSqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" connectionStringName="ApplicationServices" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" requiresUniqueEmail="false" passwordFormat="Hashed" maxInvalidPasswordAttempts="5" minRequiredPasswordLength="6" minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10" passwordStrengthRegularExpression="" applicationName="/"/>
</providers>
</membership>
Change the name of the connectionStringName to something else
EDIT Role provider code
<roleManager enabled="true">
<providers>
<clear/>
<add connectionStringName="ApplicationServices" applicationName="/" name="AspNetSqlRoleProvider" type="System.Web.Security.SqlRoleProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"/>
</providers>
</roleManager>
Again you will want to change connectionStringName to your connection string.