Disable SQL Membership Provider (ASP.Net Forms Authentication)
Mar 30, 2011
I have setup a trivial preview website for a client that needs basic password protection. I'm using Forms Authentication with the credentials specified in web.config.
Everything works fine on my box (famous last words)
However, when I deploy to a production website running Win2008, the authentication code attempts to open a SQL Server database (I have no reference to anything SQL in web.config). How can I disable this behavior so that authentication is based on the credentials I have entered in web.config?
Exception in Event Log
Unable to connect to SQL Server database. at System.Web.Management.SqlServices.GetSqlConnection(String server, String user, String password, Boolean trusted, String connectionString) at System.Web.Management.SqlServices.SetupApplicationServices(String server, String user, String password, Boolean trusted, String connectionString, String database, String dbFileName, SqlFeatures features, Boolean install) at System.Web.DataAccess.SqlConnectionHelper.CreateMdfFile(String fullFileName, String dataDir, String connectionString) at System.Web.DataAccess.SqlConnectionHelper.EnsureSqlExpressDBFile(String connectionString)
... at System.Data.SqlClient.SqlConnection.Open() at System.Web.Management.SqlServices.GetSqlConnection(String server, String user, String password, Boolean trusted, String connectionString)(URL)
1. user can login by their AD account and password.
2. AD account can be assigned to different group.
I know there is a training video - [URL] to teach how to use the tool to provision the membership schema to SQL server for Forms authentication. but how can I use AD authentication with this?
I have implemented the .Net Membership provider with my website which is, for the most part, working well. However, occasionally a user will try and login and nothing will happen. There will be no error, they will just hit "Submit" from the login screen and continue to the homepage as an unauthenticated user. This behavior persists until they clear their web cache, or restart their machine... which makes me think it's some kind of cookie expiration error?
Does anyone have any ideas on how to troubleshoot this?
I am developing an MVC2 application an am using the built in Membership provider. I am just asking myself if the authentication is on the server or the client?
I have a SqlMembershipProvider store with Roles enabled. This is configured and has the user "devtest" in the roles "xxUser" and "xxAdmin".
I also have a WCF service, which I want to authenticate and authorize against. My problem is that:
the authorisation is not happening, code just executes despite the policy attribute I don't get any identity or security context so do not know who is calling the service I need: to know which user is calling the method some degree of rejecting users if permissions don't match (ideally this should be performed within the RoleProvider/MembershipProvider/WCF but can do it myself if I have to) SSL in transport
I have my service contract set up thus:
[ServiceContract] public interface ISupportService { [OperationContract] [PrincipalPermission(SecurityAction.Demand, Role = "ThisRoleDoesNotExist")] List<BaseInterestRate> GetAllBaseInterestRates(); } the code is simple enough: public class SupportService : ISupportService { public List<BaseInterestRate> GetAllBaseInterestRates() { OperationContext operationContext = OperationContext.Current; ServiceSecurityContext serviceSecurityContext = ServiceSecurityContext.Current; // is always null using (xxxEntities entities = new xxxEntities()) { return new List<BaseInterestRate>(entities.BaseInterestRates); } }} My service configuration is thus: --> <behaviors> <serviceBehaviors> <behavior name="SupportServiceBehavior"> <serviceMetadata httpGetEnabled="false" httpsGetEnabled="true" /> <serviceDebug includeExceptionDetailInFaults="false" /> <serviceAuthorization principalPermissionMode="UseAspNetRoles" roleProviderName="AspNetSqlRoleProvider" /> <serviceCredentials> <userNameAuthentication userNamePasswordValidationMode="MembershipProvider" membershipProviderName="SqlMembershipProvider" /> </serviceCredentials> </behavior> <behavior> <serviceMetadata httpGetEnabled="true"/> <serviceDebug includeExceptionDetailInFaults="false"/> </behavior> </serviceBehaviors> </behaviors> <serviceHostingEnvironment multipleSiteBindingsEnabled="true" />
I have followed the instructions at these pages to the letter:
How to: Use the SQL Server Role Provider with Windows Authentication in WCF Calling from Windows Forms (MSDN) How to: Create and Install Temporary Client Certificates in WCF During Development (MSDN) How to: Use wsHttpBinding with Username Authentication and TransportWithMessageCredentials in WCF Calling from Windows Forms (MSDN) Also quite useful found via SO: Use Asp.Net Membership provider with a WCF .svc service (Alkampfer's Place)
I would at lest expect an issue with certificates/transport/etc. to fail with exceptions, but I can debug right in and over the WCF call. I have no security context/ user context available to me and when I use a user not in the two mentioned roles (which I do in the code example above), I don't get "kicked out".
My client app is currently a Web App, but will ultimately also serve a Windows Forms app and Test suite. I'm currently using the ASP.NET WebDev server and am running .NET 4.0.
I've been asked to upgrade a few applications and I'm planning on merging all of them into one asp.net application. I'm fine with this decision and have spoken with fellow workers and they also think it's the best option to go with.
The application will be accessed from a small group of users which belong to a larger domain. I'm currently planning on using Windows authentication and only allow this small set of users to access the asp.net application. Also there must be some role management, so that only certain users can view certain functionality.
I really don't want to have many different windows groups; so I want to avoid having to assign different windows groups to different folders and control permissions in the web.config.
What I'd like to do is:
- Assign one windows group to the small group of users who will access the page.
- Create a custom membership provider and control the user who accesses the application. Depending on the user I will then assign his current set of roles.
- Add an application setting to the web.config, with the name of the current administrator, so if he logs in, he will be assigned all roles, and will be able to create and assign roles to other users.
I'm developing a web application using EF4, POCO's, WCF Data Services and the presentation tier (HTML, CSS, JavaScript, Ajax - NO WebForms). For security I would like using ASP.NET Membership Provider (Authentication Service): from a *.htm file calling the AuthenticationService. I executed aspnet_regsql.exe (to create the necessary database tables) and modified my web.config file:
I have watched the how to video on Creating a Custom Membership provider. So far it works great. My login control interacts well with it etc. Now i've created a Custom Role Provider. I've created a class that inherits the RoleProvider base class and i've added code to each Sub. My question is, what is the best way to implement the role provider, considering I get the Roles etc from the database?
i have implemented custom role provider and membership provider .
login page : SignIn.aspx
on successful login it redirects to (index-Homepage.aspx)
now PROBLEM is when it successfully logged in ,and redirects to 'index-Homepage.aspx' it gives Anornymoustemplate ..while its verifying the role correctly in index-Homepage.aspx.cs
1 - whats the difference between Role Provider and Membership provider ??
2- If we implement Custom Role Provider or Custom Membership provider then what does this means ? and which Provider do we use when we apply custom role provider or custom membership provider
i'm building an application and i need to manage roles, users and more things so i tought to use the membership provider but i have some questions about it: can i full extend it and can i override the functions to use a database table to store infos about config or i need to build my own provider?
VS says Profile is in System.Web.Profile Namespace. I then use it like this "System.Web.Profile.FirstName", but says first name does not exist in System.Web.Profile.FirstName namespace.
I set authentication mode to Windows in the web.config and I enable Windows Authentication and disable the Anonymous Authentication in IIS 7 on win 7, but HttpContext.Current.User is always null.It works fine when I host the web app in IIS 6.0.
I have a small windows forms application that uses the membership provider that is defined in my app.config file. I want to get rid of my app.config file and initialize the membership provider completely from code. The reason behind this is because I want to be able to dynamically connect to different databases containing asp.net user tables and I want the user to be able to enter the desired database information into a text box at run time. Is this possible or is it required that I have an app.config file?
This is my first membership provider; I converted the sample provider [URL] to SQL. I created a vb class provider and put it into the App_Code folder. After it was created I tried to modify my webconfig but the error pops up. I don't know what else to try, I don't know if I have missed something
I am building my first asp.net app from scratch. I have two different membership providers. One is a basic sql provider while the other is active directory. The user "role" is determined by how the user logs in. I want to use the Role Manager functionality of asp.net but I don't want to build the whole role provider part when I really don't have "roles" in my application, I have two membership types.
Is there a way to set the role of the user through the membership provider at login or in some way mark a logged in user as having been authenticated by sql or AD?
This is my first asp.net app, am I even thinking about this the right way?
I am using SQL Membership Provider to create user accounts for my web site and for some reason, the CreateDate and LastLoginDate fields are NOT saving the current time of my machine when I add a new user to the website. It is showing the previous day's date and the time is displayed as PM when it's AM and vise-versa in the CreateDate and LastLoginDate fields in aspnet_Membership table. I am developing and running the website via localhost on my laptop using IIS 7 (Windows 7). Does this have anything to do with my laptop's clock settings or is there something I need to configure in the web.config file or in IIS.
The default implementation is not very appropriate normally and I haven't seen so far a good implementation of a custom membership provider, probably because this is not possible.
I want to know how I can implement membership provider class to have ability to remember users who signed in. I have Membership provider class and I need functionality of "Remember Me" checkbox but I don't know how I can implement some methods
i want to use asp.net membership provider for my own database i have own table here is what have i done i extended the membership provider class with my own write all overided methords. is it right way to use membership provider class for custom use?? i also extend the rolemanagement class too.
i am planing an application that needs to handle different client logins. A user should be able to login under each clients url.The project will have a start page and multiple (database generated) client URLs.www.domain.com/ClientA www.domain.com/ClientB www.domain.com/ClientC I failed using MVC Routes to build up such a scenario with dynamically clients so i used an MVC area for the client space:www.domain.com/clients/ClientA www.domain.com/clients/ClientB www.domain.com/clients/ClientC Is there any client support for membership providers? All i found is made for a single client environment. I would love to take advantage of the mvc buildin attributes for authentication..
I have models based on EF Code First and I want to use them with default MembershipProvider, but I don't know how to write model correctly, so it will don't erase all my data on recreating tables when there were made changes to model.