MVC :: AspNetDB Membership / Role Provider Not Working 'outside' Server?
Jul 6, 2010
I have deployed an MVC application that uses ASPNetDB for Membership and Role Provider.
now when i browse to the site on the actual server where it was deployed to i can use the login page to login on to the site and gain access to views that are restricted to users like myself by role.
However when i try and access the web application from any client computer who has access to sites on the server since the server is on the same domain - i experience the following strange behaviour:
when i navigate to my login page and enter my username and password (as stored in the aspnetdb database)
and click login
the page refreshes (looses my userid and name) and it does not go to the view i requested.
it also does not show in the top right links that i am logged on.
it is as though it spits out my username and password and refresh the page and that is that!
Why does it work on the server where the site is hosted - but not from external clients?
i can access all pages that do not require users to be logged on or haev a specific role - but cannot log on and view them since login is broken?
I have an application in Asp.net and using sql server to store user information. There is a table named dbo.member which stores user information - fname, lastname, email, phone etc. We use LDAP for authentication. The entire application works on this member table. There is a unique userid(not password) associated with each member. I installed default aspnet_membership, aspnet_role tables by running aspnet_regsql.exe utility. Now with increasing number of applications, handling members' information is becoming nightmare. I hope Membership providers will solve this problem but I have doubts.
How can I integrate existing member table with default aspnet_membership table? Or should I integrate since it is very limited? Same is the case with aspnet_Profile - it is very limited and I have stored all profile information into member table. We store more information and we want to query all that information for a user. Should I create my own provider that will use dbo.Member table instead of dbo.Membership table and also with Profile provider?
I am trying to create a Forms Authenticated site and have already used the aspnet_regsql tool to create the necessary logic in my SQL Server DB to hold my data. Now, I am looking to create a custom Membership, User and Role provider for my DB model. I was looking at the following video: [URL]
Now, I get the concept on how to go about it but I notice that this guy uses custom DB Procedures as to the ones that are generated by the aspnet_regsql tool. Can anyone direct me on where I can find info on how to go about building the Membership, User and Role provider class using the DB structure that aspnet_regsql generates? So much junk on google that I am having a hard time finding good guidance.
I have watched the how to video on Creating a Custom Membership provider. So far it works great. My login control interacts well with it etc. Now i've created a Custom Role Provider. I've created a class that inherits the RoleProvider base class and i've added code to each Sub. My question is, what is the best way to implement the role provider, considering I get the Roles etc from the database?
1. user can login by their AD account and password.
2. AD account can be assigned to different group.
I know there is a training video - [URL] to teach how to use the tool to provision the membership schema to SQL server for Forms authentication. but how can I use AD authentication with this?
i have implemented custom role provider and membership provider .
login page : SignIn.aspx
on successful login it redirects to (index-Homepage.aspx)
now PROBLEM is when it successfully logged in ,and redirects to 'index-Homepage.aspx' it gives Anornymoustemplate ..while its verifying the role correctly in index-Homepage.aspx.cs
1 - whats the difference between Role Provider and Membership provider ??
2- If we implement Custom Role Provider or Custom Membership provider then what does this means ? and which Provider do we use when we apply custom role provider or custom membership provider
I am in the begininng stages of designing (or redisigning) a site. I am using VWD Express 2010 and the project is configured for .net 4.0. I am designing it offline so its currently just on my laptop, which is also running sql server express 2008 R2.
When I ran the ASP.Net Configuration tool, it automatically created a database called aspnetdb in the app_data folder where it stores all the user and roll info. How can I use a different database that has the same schema as well as some additional tables of my own. I want to point it to mylocally running sql server.
I am building my first asp.net app from scratch. I have two different membership providers. One is a basic sql provider while the other is active directory. The user "role" is determined by how the user logs in. I want to use the Role Manager functionality of asp.net but I don't want to build the whole role provider part when I really don't have "roles" in my application, I have two membership types.
Is there a way to set the role of the user through the membership provider at login or in some way mark a logged in user as having been authenticated by sql or AD?
This is my first asp.net app, am I even thinking about this the right way?
I started out with the following code which worked fine, no problems:
[Code]....
I've since expanded the above so that it uses different providers according to the current logged in user. Here's the code since my changes:
[Code]....
I'm not getting any error messages but when I view the web page in the browser, it is stuck in a continuous loop where the page displays (correctly), then posts back to the server and displays again.
We are trying to implement Custom Role membership provider for our web app. For authorization we want to check for one more field like Facilityid for the logged on user along with role he has. eg. my User1 having Role1 with Facility1 can access some option and same user role for Facility2 have different option. So is there a way we can extend the existing role/profile provider to authorize user with this additional field along with role assigned.
I'm building an application that will be used by a number of different schools who want completely separate databases so I've decided to have multiple connection strings and membership/role providers in my web.config file. In my code, I'm trying to set which connection string and provider to use at runtime for the correct database according to the logged in user.
I'm coming into a lot of bits in my code that previously worked fine, that now don't. For example, I used to use:
[Code]....
But now that I've changed it to this, it doesn't work anymore:
[Code]....
The compiler tells me that AddUserToRole is not a member of 'r'. I've had similar problems not just with Roles but Membership too, like with calling CreateUser.
I'd still like to be able to use all these methods that I was using before which are extremely handy. I just want to be able to set the membership/role provider at runtime rather than use the default one. Am I doing something wrong? Is there a simpler way to go about this?
So i would like that the page "pag1.aspx" is reached bypassing the "main.aspx" so If I try to digit directly on the server http://localhost/forms/pag1.aspx?C=159 ......correctly appears the login page....and the URL became..
http://localhost/Forms/LogIn.aspx?ReturnUrl=%2fForms%2fpag1.aspx%3fC%3d151&C=159 and after login I can see correctly the page1.aspx . when I try to reach the page from my browser..I digit
http://myserver/forms/pag1.aspx?C=159 .... the login page appears...but the url became..
http://myserver/Forms/main.aspx
and after login I cannot see the page1.aspx....but main.aspx
I am developing an application in which I can connect to the ASPNETDB.MDF if it is on my machine, however, when I want to put it on another machine and try to remote connect it, I get the error:
An error occurred while attempting to initialize a System.Data.SqlClient.SqlConnection object. The value that was provided for the connection string may be wrong, or it may contain an invalid syntax. Parameter name: connectionString and my connection string is as follows:
I have Membership configured with IIS7, tables for it located in my own database, created with aspnet_regsql utility, and I am using custom connection string to access it.
This is part of web.config related to Membership :
I created a custom forms authentication and membership provider and it seems to work fine opening up in WAT, creating roles and adding users. Also when I in my mvc app use it to log users in, it works fine. However it seems to fail to determine a user's role (no errors, but just jump over User.IsInRole(...) lines and Roles.GetRolesForUser(); comes up empty. I got a gut feeling I did something wrong with my configuration, so for now I'll post just that:
I am creating a interface for User Role Management based on built in membership provider.I want to display all the roles as check boxes for a selected user. I am able to display all the roles in the database, but not able to load the specific user roles. For example, I am able to publish role 1 role 2 role3 role 4 as check boxes. But if the user is already flagged as role 1 and role 3, I am not able to show that data (role1 and 3 should be checked when form loads, but right now, they are not checked)...How do I get the roles as checked boxes display on a page.I am using a repeater control to display roles as check boxes on the page..
I have encountered a very strange issue. Whenever I use the .NET membership provider to reset a password, it generates strange characters, which don't represent the password at all.An example of the password it generates is:
쥳â®èîèÖ¡á¡å£I#BAhy(ox32+y*
It does this on every password. Has anyone seen this before or know a fix?
I have a SqlMembershipProvider store with Roles enabled. This is configured and has the user "devtest" in the roles "xxUser" and "xxAdmin".
I also have a WCF service, which I want to authenticate and authorize against. My problem is that:
the authorisation is not happening, code just executes despite the policy attribute I don't get any identity or security context so do not know who is calling the service I need: to know which user is calling the method some degree of rejecting users if permissions don't match (ideally this should be performed within the RoleProvider/MembershipProvider/WCF but can do it myself if I have to) SSL in transport
I have my service contract set up thus:
[ServiceContract] public interface ISupportService { [OperationContract] [PrincipalPermission(SecurityAction.Demand, Role = "ThisRoleDoesNotExist")] List<BaseInterestRate> GetAllBaseInterestRates(); } the code is simple enough: public class SupportService : ISupportService { public List<BaseInterestRate> GetAllBaseInterestRates() { OperationContext operationContext = OperationContext.Current; ServiceSecurityContext serviceSecurityContext = ServiceSecurityContext.Current; // is always null using (xxxEntities entities = new xxxEntities()) { return new List<BaseInterestRate>(entities.BaseInterestRates); } }} My service configuration is thus: --> <behaviors> <serviceBehaviors> <behavior name="SupportServiceBehavior"> <serviceMetadata httpGetEnabled="false" httpsGetEnabled="true" /> <serviceDebug includeExceptionDetailInFaults="false" /> <serviceAuthorization principalPermissionMode="UseAspNetRoles" roleProviderName="AspNetSqlRoleProvider" /> <serviceCredentials> <userNameAuthentication userNamePasswordValidationMode="MembershipProvider" membershipProviderName="SqlMembershipProvider" /> </serviceCredentials> </behavior> <behavior> <serviceMetadata httpGetEnabled="true"/> <serviceDebug includeExceptionDetailInFaults="false"/> </behavior> </serviceBehaviors> </behaviors> <serviceHostingEnvironment multipleSiteBindingsEnabled="true" />
I have followed the instructions at these pages to the letter:
How to: Use the SQL Server Role Provider with Windows Authentication in WCF Calling from Windows Forms (MSDN) How to: Create and Install Temporary Client Certificates in WCF During Development (MSDN) How to: Use wsHttpBinding with Username Authentication and TransportWithMessageCredentials in WCF Calling from Windows Forms (MSDN) Also quite useful found via SO: Use Asp.Net Membership provider with a WCF .svc service (Alkampfer's Place)
I would at lest expect an issue with certificates/transport/etc. to fail with exceptions, but I can debug right in and over the WCF call. I have no security context/ user context available to me and when I use a user not in the two mentioned roles (which I do in the code example above), I don't get "kicked out".
My client app is currently a Web App, but will ultimately also serve a Windows Forms app and Test suite. I'm currently using the ASP.NET WebDev server and am running .NET 4.0.
I have implemented the .Net Membership provider with my website which is, for the most part, working well. However, occasionally a user will try and login and nothing will happen. There will be no error, they will just hit "Submit" from the login screen and continue to the homepage as an unauthenticated user. This behavior persists until they clear their web cache, or restart their machine... which makes me think it's some kind of cookie expiration error?
Does anyone have any ideas on how to troubleshoot this?
I want to use Full SQL Server 2005 as a data store for my role provider. I installed the aspnetdb using the wizard. in my application I added the following connection string
if (Roles.RoleExists("RoleName")) Roles.CreateRole("RoleName");
but when I check my aspnetdb from the SQL management studio I found that the table aspnet_Roles has no records and that the roles where not inserted. so is there anything wrong with these steps or something missing ?
I have an existing ASPNET role/membership database created on SQLExpress 2005 (WIndows 2003 Server). I created it under the .NET 3 framework many years ago using the aspnet_regsql.exe application in full GUI mode.
I am setting up a new Windows 2008R2 server with .Net Framework 4 and SQL Server 2008R2. I don't want users to have to recreate accounts or create roles, etc.
So...
1. Should I backup the current database and import it into the new system, and if so do I even need to use the aspnet_regsql.exe application. (If so which version do I use, different aspnet_regsql.exe files exist in different directories (i.e., FrameWork, FrameWork64)
2. Should I just run aspnet_regsql.exe on its own and then somehow try to import the current data into those tables.
I am concerned that if I just import somehow the roles within SQL server will not be created properly.
I used Integrated Security for a database connection for the first time for a website. The website pool uses Network Service as a user. I added Network Service as a SQL Server user mapped to public, then allowed it access to my database as websiteuser. There are many aspnet_... roles to choose from. Any links out there that explains which ones to use? Do I just check them all since there's only one login coming from the website?
Apparently Mono replaces references to SQL Server membership provider with sqlite membership provider (see ASP.NET_Settings_Mapping). Is there any way to convince Mono to use SQL Server for the membership provider?
When I try to log in to my web app, I get the following:
System.Configuration.Provider.ProviderException: Operation aborted due to an exception (see Trace for details). at System.Web.Security.SqliteMembershipProvider.ValidateUser (string,string) <0x003bb> at DirectMail.Controllers.AccountMembershipService.ValidateUser (string,string) [0x00000] in [file].cs:404 at DirectMail.Controllers.AccountController.ValidateLogOn (string,string) [0x00040] in [file].cs:346 at DirectMail.Controllers.AccountController.LogOn (string,string,bool,string) [0x00000] in [file].cs:79 at (wrapper dynamic-method) System.Runtime.CompilerServices.ExecutionScope.lambda_method (System.Runtime.CompilerServices.ExecutionScope,System.Web.Mvc.ControllerBase,object[]) <0x001c1> at System.Web.Mvc.ActionMethodDispatcher.Execute (System.Web.Mvc.ControllerBase,object[]) <0x00028> at System.Web.Mvc.ReflectedActionDescriptor.Execute (System.Web.Mvc.ControllerContext,System.Collections.Generic.IDictionary`2<string, object>) <0x0015b> at System.Web.Mvc.ControllerActionInvoker.InvokeActionMethod (System.Web.Mvc.ControllerContext,System.Web.Mvc.ActionDescriptor,System.Collections.Generic.IDictionary`2<string, object>) <0x00036> at System.Web.Mvc.ControllerActionInvoker/<InvokeActionMethodWithFilters>c__AnonStoreyB.<>m__E () <0x00092> at System.Web.Mvc.ControllerActionInvoker.InvokeActionMethodFilter (System.Web.Mvc.IActionFilter,System.Web.Mvc.ActionExecutingContext,System.Func`1<System.Web.Mvc.ActionExecutedContext>) <0x00125>
The top of the file /usr/local/etc/mono/4.0/settings.map on one Debian Linux machine is:
