Security :: Configuration Steps Required To Deploying Roles & Membership Based Application In IIS7, ASP.Net 3
May 19, 2010
As mentioned in subject line I'm not able to configure role based website in IIS7. Please find details below.
Environment Details:-
.Net Framework: 3.5
Server: Windows 2008
Webserver: IIS7
Database: SQL Server 2008
Authentication Type: Form Based
Roles/Membership Provider: User defnied.
Problem:-
After setuped my website in iis7 while trying to Login in web page even I entered correct password it says Incorrect password in Login control.After long googling I suspecty that we need to add "Provider to trusted provider" to Authorized provider. I have gone http://www.iis.net/ConfigReference/system.webServer/management/trustedProviders/add but didn't works for me.
Can you anyone please help me in this.
I have a custom membership provider and a custom role provider in a .NET assembly dll called Qws.Web. The full namespace path to the classes are Qws.Web.Providers.QwsMembershipProvider and Qws.Web.Providers.QwsRoleProvider They both inherit MembershipProvider and RoleProvider respectively When I include the assembly using a project reference in VS2010 it all works fine. The minute I publish the website and project to the staging server (using IIS7) i get the following error: Unable to find the requested .Net Framework Data Provider. It may not be installed. You can see the site at [URL] I've tried all of the usual stuff and been trawling the internet for the last two days.
1. The Qws.Web.dll file IS in the bin folder 2. My Web.Config file is below:
[Code]....
3. The providers are not in the GAC and not in the machine.config file as I only want them available for this site.
I've got an ASP MVC (1.0) application. It works fine locally via visual studio and on our dev server which runs IIS6. But when I try to deploy to the Test server (running IIS7 on Windows Server 2008 R2) I get only :"Could not load file or assembly '<ApplicationName>' or one of its dependencies. Access is denied" (where <ApplicationName> is the name of my application). This is followed by a "FileLoadException", a "ConfigurationErrorsException" and two "HttpException" (all with the same message as above)I deployed via publishing to an empty directory, whose contents were then zipped and transferred to the site directory on the test server. If I copy the directories contents to my IIS installation it works fine. I've checked that networkservices has permission to access the site directories and the temporary directories, which were the solutions I found via google,
so I have a fully functioning DynamicData website, and all works fine when debugging in VS2010But when I moved the site to a webserver (server 2008, IIS7) the default paeg comes up, but any links or pages after that are all sending 404 errors http://{IP address}/{table}/{action}.aspxdoes not work when on the server, but works fine in VS.What configuration am i missing from IIS7 to make this url work?
I have published my site using Visual Stuido's 2008 publish feature. I have then copied these files to a windows 2008 web server with IIS7 installed, it also has .net 3.5 sp1 and MVC installed In IIS I added the site using the 'Add a new site' right click option and then pointed this at the directory my site files are located in, I used the default application pool and it is set to integrated. Then when I attempt to browse I got the error message The Web server is configured to not list the contents of this directory. So I added Default.aspx to the default document list and I then get the following error message
HTTP Error 404.3 - Not Found The page you are requesting cannot be served because of the extension configuration. If the page is a script, add a handler. If the file should be downloaded, add a MIME map. Has anyone got any ideas on what I do next ? I have read lots of articles on this online but most are confusing and dont explain the solution in simple terms Surely it should be pretty straightforard to just deploy an MVC website to IIS7
I would like to use the Role Membership and User Security database as my application database too. That is, just add the tables and relationships required by my application's data access layer to the Membership and Roles Database to save on hosting fees, (I have to pay extra for having two databases instead of one). Of course, the connection string would have to be adjusted, but I don't see a downside considering the application's database is actually an Access database. What can I say, it was a requirement at the time.
Basically, I would like to do the opposite of this: http://forums.asp.net/p/1162485/1925262.aspx#1925262
What are the steps to execute the task above? the reason I want to do that now is because the web site is ready for deployment and we would like to deliver it as a DLL. I've heard of [aspnet_merge.exe] but I want to ofuscate my code with a 3rd party tool; and this ofuscator tool only works with Project-based projects.
I am using XAMPP to publish my a .net application. The server is working fine. I created a sample login.aspx file, and it works fine. I deleted the sample login file, and I build and copy all the files to the XAMPP directory. When I tried to acces the page, it gave an error message "Access forbidden! You don't have permission to access the requested object. It is either read-protected or not readable by the server. If you think this is a server error, contact the
My application have 2 Roles. Admin and Student. I created some tasks for these 2 roles by using LoginView ( Edit RoleGroup). As user login both can see there allocated tasks.
But I want to allocate some admin tasks to some student(s) not for all. How can I do it?
How can I test an application that I am publishing to a remote provider's IIS7 hosted site, with the VS2008 development server that is built in with VS2008 on an XP Machine?
My membership/roles work perfectly up on the remote host. On ths hosted IIS7 site when I try to access a secure directory it redirects to login, and I am able to login, however when I launch (debug - F5) from VS2008, it will provide that folder/resource, no questions asked. Same build, config, etc... nothing has changed.
I am running XP, and local IIS version installed is 5.1.
My guess is what is happening is that the new format required in the web.config is configured properly for IIS7 deployment, which is why it works remotely, but when running locally through VS2008/XP it is running with an older version on IIS and does not recoginize the new tags.
I have attempted to deploy my first WEB application and needed to include the Membership for Internet login. Application works fine when I use Visual Web Developer, but when I deploy to my provider when I attempt to Login, I eventually get the error message (this was after I turned on the debug="true" - full message is
[Code]....
When I copied the application to the WebSite, I assumed that the ASPNETDB.MDF needed to be copied too with everything that I defined for users and roles. Looked at the WEB.CONFIG and expected to see something defined here as to where it is located, etc. Do not see anything in my project with the name.
I'm about to roll out my web site soon, and was just wondering if there's a way to roll out the db I'm working with on my dev computer, or if I have to recreate everything on the production server. If I can roll out my dev db, will the uids be the same?
I need to implement Code Access Security, and URL based security using the roles & types...
For instance, the (Subscriber/Basic) would need to view a different set of pages, and have different access to things then a (Subscriber/Business).
I think I can handle the Code Access security with a custom attribute, but I am unsure to how enforce a User be apart of 2 roles in the URL Authorization.
I am currently using the web.config to deny/allow access to the directories/pages.
e.g.
/Areas/Admin/web.config
[Code]....
Is it possible to force the user to be apart of 2 roles with this technique?
Lets say that I have a database set up with a load of info in it and I decide I want to add the membership and roles functionality to my site but my hosting provider makes me pay for each database I use. I don't want to pay for another db, so how do I set it up so that instread of creating membership and roles tables in the the aspnetdb database, it creates them in my existing database?
in my app i want to create two types of users. (1) 'staff' (2) 'admin'
i have a page called registration which basically creates a user. i used the asp.net configuration wizard to create roles and set access rights to certain pages and this works great.
however, if i was to deploy this app then users wouldnt have access to the asp.net wizard therefore not be able to create users with roles/access.
so how can i do this in code? can i create a drop down in the registration page with two values (staff and admin) which will represent roles and then another drop down with access rights? (allow/deny)
how can i now program these drop down and make it work like i would normally do using asp.net configuration wizard?
I'm trying to build a portal kind of an application in asp.net, in which one of the functionality is letting people log in and upload their documents. The upload page is only accessible to registered users of the portal.
Problem:
I would like to track the user uploaded files according to their userIds.
Is it possible to use the FileUpload Control and C# to fetch the current user id, create a directory with the same name(as that of userID) in the file system and upload the files( multiple file upload, if necessary) into it?
Also another admin page would have to be able to see the list of files uploaded by the specific user and download it if necessary.
have a project where there are main 3 types of users i have to block them from accessing other pages but without using roles or membership is there any other way to do the same?
