I've written a custom MembershipProvider that uses a custom database schema for storing the members, but I am having trouble figuring out how to deploy the provider. My target server is running IIS7, and I am able to navigate to a dialog for a adding a .NET User Provider, but instead of allowing me to select the assembly containing the provider & then the class, it provides a drop-down with a couple of MS written providers.
Do I need to drop my assembly in a specific location so that my MembershipProvider class is discovered by IIS? If so, what where does the .dll need to go? Otherwise, how do tell ASP.Net to use my MembershipProvider? Every example I've seen simply references the fully qualified class name, but makes no mention of how the file needs to be deployed.
If you look in the web.config file for your application, you should have a section called system.web. Within that there is a membership element with a list of providers. You should be able to add your provider and set a default provider there. Once your membership provider is registered in this way, you should be able to select it as a default for that application from IIS as well.
<system.web>
...
<membership defaultProvider="MyMembershipProvider"
userIsOnlineTimeWindow="15">
<providers>
<add name="MyMembershipProvider"
type="Common.Auth.MyMembershipProvider, Common"
connectionStringName="MyAuthDBConnectionString"
enablePasswordRetrieval="true"
enablePasswordReset="true"
requiresQuestionAndAnswer="true"
writeExceptionsToEventLog="false" />
</providers>
</membership>
...
</system.web>
The providers element allows you to register multiple providers to choose from. Another feature is that you can clear out membership providers registered in other configuration files on the machine. This can make configuring your application less error prone later on. To do so, add the <clear/> element before the first membership provider (the <add/> element) in the list.
<system.web>
...
<membership defaultProvider="MembershipProvider1">
<providers>
<clear />
<add name="MembershipProvider1" ... />
<add name="MembershipProvider2" ... />
</providers>
</membership>
...
</system.web>
If you want to register the same provider with multiple web applications just using IIS Manager, you will need to put the assembly in the GAC and add the provider to one of the machine config files instead. This is usually more work for little benefit when deploying a single application.
Related
I am working on a project in ASP.NET using MembershipProvider for my login system. Our issue is that the ASPNETDB file generated by ASP.NET upon creation of the login system seems to be empty or is not properly storing member information. Our project is a Web Site project, and we ran into a weird case of not being able to maintain login info. I gave my colleague my ASPNETDB file, he overwrote his and yet the login system was still using his old member information, it would not recognize the new ASPNETDB file. So I'm assuming the issue is that the member information is not being stored in that specific file as I was expecting.
How do we remedy this? We need to install this system for a client, so we will probably host the site sometime soon, how do we localize the membership information so that it's consistent across multiple workstations? Right now the membership info seems to be tied to specific computers. And when we go into the ASPNETDB file there doesn't seem to be anything there.
Can anyone shine some light on this? Its been happening for a while now.
I still don't know how to make it so that it always pulls from the
same location (project directory) instead of SQL server.
In ASP.NET Membership, connection strings for memership and roleManager are in web.config. You just need to update them accordingly.
<configuration>
<connectionStrings>
<remove name="SqlConnection"/>
<add name="SqlConnection" connectionString="..."/>
</connectionStrings>
<system.web>
<membership>
<providers>
<clear/>
<add connectionStringName="SqlConnection" ... />
</providers>
</membership>
<roleManager enabled="true">
<providers>
<clear/>
<add connectionStringName="SqlConnection" ../>
</providers>
</roleManager>
</configuration>
I would like to use mvc4 Simple membership provider. So I set up a new MVC4 internet application. Click Debug and I see that db and tables were created for me.
Is this all I need to do?.
Some articles:
http://weblogs.asp.net/jgalloway/archive/2012/08/29/simplemembership-membership-providers-universal-providers-and-the-new-asp-net-4-5-web-forms-and-asp-net-mvc-4-templates.aspx
http://blog.longle.net/2012/09/25/seeding-users-and-roles-with-mvc4-simplemembershipprovider-simpleroleprovider-ef5-codefirst-and-custom-user-properties/
tell me to add
<membership defaultProvider >...
section. is this necessary?
Also:
I can't get ASP.Net configuration tool to work. It says "An error was encountered. Please return to the previous page and try again. "
??
If you created a new MVC 4 web application using the Internet template it should have wired up SimpleMembership for a basic log-on/log-off functionality. It should have already updated your web.config with the proper settings. It should have setup the membership and roles and they should looks something like this.
<roleManager enabled="true" defaultProvider="SimpleRoleProvider">
<providers>
<clear/>
<add name="SimpleRoleProvider" type="WebMatrix.WebData.SimpleRoleProvider, WebMatrix.WebData"/>
</providers>
</roleManager>
<membership defaultProvider="SimpleMembershipProvider">
<providers>
<clear/>
<add name="SimpleMembershipProvider" type="WebMatrix.WebData.SimpleMembershipProvider, WebMatrix.WebData" />
</providers>
</membership>
SimpleMembership does not use the ASP.NET Configuration Tool used with the traditional ASP.NET membership. You have to create your own web pages for managing roles and users.
The Internet template just creates the basic functionality for authentication and authorization in your application. But SimpleMembership is very extensible. For example it is fairly easy to customize what type of information you want to capture in the user profile or setup email confirmation of new users.
In an ASP.NET website it is possible with a few short additions to the Web.Config section to add auto-magically wired properties to the user profile.
So for example with some XML like this.
<profile>
<providers>
<clear/>
<add name="AspNetSqlProfileProvider" connectionStringName="LocalSqlServer" applicationName="/" type="System.Web.Profile.SqlProfileProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"/>
</providers>
<properties>
<add name="Name" allowAnonymous="true"/>
<add name="VisitedOn" type="System.DateTime" allowAnonymous="true"/>
</properties>
</profile>
You would end up with the ability to do this. Without having to declare any further code.
Profile.Name = "Some Test Value";
Profile.VisitedOn = DateTime.Now;
Profile.Save();
I have attempted to duplicate this functionality in an ASP.NET Web App and can't even seem to find the base Profile declaration let alone the custom properties.
I have however found that System.Web.Profile.DefaultProfile.Properties does infact contain the custom declared properties I define in the Web.Config.
So where might I be going wrong? What is the process for getting auto wired properties in web apps working?
The properties are created during the Compilation of ASP.NET Web Application when the first request arrives.
Ref: ASP.NET Application Life Cycle Overview for IIS 5.0 and 6.0
Profile properties defined in the Web.config file If profile
properties are defined in the application's Web.config file, an
assembly is generated that contains a profile object.
You can hook into this Compilation by writing a custom BuildProvider and registering the same. This build provider can be used for generating the auto wired properties.
Objective:
I want to create a web service that allows me to connect to it (through ASP.NET Web Application) and then authenticate users just as Membership Provider Does/Role Provider Does.
I do not want to use Membership/Role Provider by configuring at the ASP.NET Web Application's Web.config. Instead, what i would like, is to have some sort of configuration that points my Asp.net Web Application to a webservice (the one i want to create), that than authenticates the user.
Expected Solution:
what i found after some google research, that the solution might be: WCF Authentication Service. But I am unable to get it working. I created this service, did all the configuration as it says in this article:
http://msdn.microsoft.com/en-us/library/bb398990.aspx
but i am not sure, how do i now configure my Asp.Net Web Application, to use this service as the Membership/Role Provider.
I may be going in complete wrong direction, and this service may not be the solution to my problem. Can you please help me out.
Thanks,
Your Dev Brother ... :)
You are going in the right direction.
ClientFormsAuthenticationMembershipProvider is a membership provider you are looking for.
Below is sample web.config configuration to use it:
<appSettings>
<add key="ClientSettingsProvider.ServiceUri" value="" />
</appSettings>
<system.web>
<compilation debug="true" targetFramework="4.0" />
<membership defaultProvider="ClientAuthenticationMembershipProvider">
<providers>
<clear/>
<add name="ClientAuthenticationMembershipProvider"
type="System.Web.ClientServices.Providers.ClientFormsAuthenticationMembershipProvider, System.Web.Extensions, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"
serviceUri="http://localhost:49712/Authentication_JSON_AppService.axd" />
</providers>
</membership>
</system.web>
Configuration may be tricky. I spent hours before figure out that ClientSettingsProvider.ServiceUri should be added.
You may add temp WinForms or WPF project to your solution to build configuration. these types of projects have special tab - Services tab in project settings that provide GUI for configuration. Sample below is for .NET 3.5 but idea is the same for 4.0.
http://www.codeproject.com/Articles/27670/Implementing-Application-Security-with-Client-Appl
This is sort of a two part question. So I'll start with the first which will lead into the second. I'm hosting a site at GoDaddy where at the root is the main web application. However in a sub-folder I have created a second web application. Both of which use Forms Authentication backed with ASP.NET Membership on a shared database. Meaning both are using the database aspnetdb. What I'm trying to accomplish is the ability to log into one and therefore be logged into both. A Single Sign On (SSO) if you will. What I have found so far is if the applications are on the same server (IIS instance) they therefore share the same MachineKey. From what I have found and from my understanding Forms Authentication uses the MachineKey to generate the Authentication Ticket. So therefore should be no modifications necessary as long as the application name for the Membership, Role and Profile providers match.
Am I accurate so far?
But I have not been able to get this to work. So I tried two other ideas with no prevail.
I added the following to both Web.config files (separately, not together of course).
<machineKey decryptionKey="AutoGenerate"
validation="SHA1" validationKey="AutoGenerate" />
or
<machineKey
validationKey="93A258D47F48AF07AB8BE3EF56C9D32897B9C458F2E14DB6F9AA47D77E40F4CA763D4BD56C2900B507073023F4C43C583A1F7086C2DD327C879368B0449EFB10"
decryptionKey="6BE371E3CDE768B71D0D261370127BAE094984D207EFD4B55FB24384FE1795D1"
validation="SHA1" decryption="AES" />
Generated from http://aspnetresources.com/tools/machineKey
And an example Membership configuration
<membership
defaultProvider="SqlProvider"
userIsOnlineTimeWindow="20">
<providers>
<remove name="AspNetSqlProvider" />
<add name="SqlProvider"
type="System.Web.Security.SqlMembershipProvider"
connectionStringName="aspnetdb"
enablePasswordRetrieval="false"
enablePasswordReset="true"
requiresQuestionAndAnswer="true"
passwordFormat="Hashed"
applicationName="/" />
</providers>
</membership>
So my first question, will this work and am I on the right track? Because I have not been able to get this to work.
The next question is, if this works and someone were to download an application and load it to their website. And, if in the application Web.config the MachineKey is specified, like the one generated above, and they leave the default application name, like '/', could this be a security risk? Meaning if person A loaded an app and person B loaded the same app could a user authenticate on one and therefore be authenticated on the second installation. Mind you person A and person B have no relationship other than they both loaded the same application and left it with the default settings.
References:
http://msdn.microsoft.com/en-us/library/ff649308.aspx
http://help.ablecommerce.com/faqs/ablecommerce_7/how_do_i_install_to_a_shared_hosting_environment_.htm
http://rtur.net/blog/post/2009/03/30/Using-machineKey-with-ASPNET-Membership.aspx
Using one Asp.net Membership database with multiple applications Single Sign On
[Update]
- I'm determined to find the solution to this issue soon. If you are also search for a solution stay tuned...