Security :: Aspnet Sql Membership / Running On XP IIS Just Fine?
Feb 23, 2010
I have an asp.net site running on XP IIS just fine, with login using aspnetdb. However, I wrote a page that has a datasource that connects to the same db, with a gridview that displays users. I've done this before on 2003 server iis 6 no problem. Here I get,
Cannot open user default database. Login failed.Login failed for user (domainusername)This is the identity I set in IIS 6.0 under authentication methods for anonymous access. I had to do this because the site connects to a remote accessdb as well. I cant use a local account or aspnet account.I dont understand how I can use the same site to login and out, but not to access this page.This is my asp.net conection string
data source=.SQLEXPRESS;Integrated Security=SSPI;AttachDBFilename=|DataDirectory|aspnetdb.mdf;user instance=true
The web config has this:
<
add
name="ASPNETDBConnectionString"
connectionString="Data
Source=.SQLEXPRESS;AttachDbFilename=C:InetpubwwwrootApp_DataASPNETDB.MDF;Integrated Security=True;Connect Timeout=30;User Instance=true"
providerName="System.Data.SqlClient"
/>
Thats what the data source uses.Go figure when I remove and add again integrated security true, I can see the page. WHY I DONT KNOW!!!! But I also call membership.deleteuser() with a delete button, NOW THIS FAILS!Cannot open user default database. Login failed.Login failed for user '(computername)ASPNET'.
View 4 Replies
Similar Messages:
Apr 14, 2010
how to decrypt and encrypt password in table membership in aspnet databas ?
View 8 Replies
Jan 5, 2011
This is my first membership provider; I converted the sample provider [URL] to SQL. I created a vb class provider and put it into the App_Code folder. After it was created I tried to modify my webconfig but the error pops up. I don't know what else to try, I don't know if I have missed something
webconfig:
[code]....
View 1 Replies
Mar 29, 2010
I have strange problem with the membership provider on my mvc application.
I have a webforms page inside admin folder which calls the following code in the models directory.
public int SaveUploadedFile(HttpPostedFileBase fileBase)
View 2 Replies
Nov 24, 2010
I have a web service that uses ThreadPool to delegate a task to a thread but it runs on ASPNET (System.Environment.UserName) while the main thread runs as windows account. How can I make this thread run with same windows account. Note that I have impersonate=true in web.config. This is causing problems accessing database.
View 1 Replies
Oct 22, 2010
How can I sync up the aspnet membership tables among 2 different databases?
View 1 Replies
May 7, 2010
i am trying to show a list of users of my application "school", when admin logs in then he can view all the users in list but when school principals logins, he should get only users of his school, So i thought to get the current loggedIn userId first and then by that userId i'll get schoolId since userId is foreign key in school table...once i'll get the schoolId i can show the members of that school.
But my problem is how to get the UserID of currently loggedIn. I'm using MVC 1.0 Asp.Net -- "Membership" if my logic above is wrong then tell me the alternate good idea, so that principal can see only his users list.
View 3 Replies
Mar 26, 2010
Can we change the table or column name of aspnet membership.If yes? then what will be the effects ?
View 1 Replies
Feb 17, 2011
I have a .NET 2.0 web application which is running fine in file system. When I configure the same in IIS 6.0, I am getting config errors. Source Error:
Line 6: <system.web>
Line 7: <pages>
Line 8: <controls>
Line 9: <add tagPrefix="asp" namespace="System.Web.UI" assembly="System.Web.Extensions, Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"/>
Line 10: </controls>
Here's the entire web.config file:
<?xml version="1.0"?>
<configuration>
<configSections>
</configSections>
<system.web>
<pages>
<controls>
<add tagPrefix="asp" namespace="System.Web.UI" assembly="System.Web.Extensions, Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"/>
</controls>
<tagMapping>
<add tagType="System.Web.UI.WebControls.CompareValidator" mappedTagType="Sample.Web.UI.Compatibility.CompareValidator, Validators, Version=1.0.0.0"/>
<add tagType="System.Web.UI.WebControls.CustomValidator" mappedTagType="Sample.Web.UI.Compatibility.CustomValidator, Validators, Version=1.0.0.0"/>
<add tagType="System.Web.UI.WebControls.RangeValidator" mappedTagType="Sample.Web.UI.Compatibility.RangeValidator, Validators, Version=1.0.0.0"/>
<add tagType="System.Web.UI.WebControls.RegularExpressionValidator" mappedTagType="Sample.Web.UI.Compatibility.RegularExpressionValidator, Validators, Version=1.0.0.0"/>
<add tagType="System.Web.UI.WebControls.RequiredFieldValidator" mappedTagType="Sample.Web.UI.Compatibility.RequiredFieldValidator, Validators, Version=1.0.0.0"/>
<add tagType="System.Web.UI.WebControls.ValidationSummary" mappedTagType="Sample.Web.UI.Compatibility.ValidationSummary, Validators, Version=1.0.0.0"/>
</tagMapping>
</pages>
<!-- Set compilation debug="true" to insert debugging symbols into the compiled page. Because this affects performance, set this value to true only during development.-->
<compilation debug="true">
<assemblies>
<add assembly="System.Web.Extensions, Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"/>
<add assembly="System.Transactions, Version=2.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/>
<add assembly="System.Data, Version=2.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/>
<add assembly="System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/>
<add assembly="System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"/>
<add assembly="System.Xml, Version=2.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/></assemblies>
</compilation>
<httpHandlers>
<remove verb="*" path="*.asmx"/>
<add verb="*" path="*.asmx" validate="false" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"/>
<add verb="*" path="*_AppService.axd" validate="false" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"/>
<add verb="GET,HEAD" path="ScriptResource.axd" type="System.Web.Handlers.ScriptResourceHandler, System.Web.Extensions, Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" validate="false"/>
</httpHandlers>
<httpModules>
<add name="ScriptModule" type="System.Web.Handlers.ScriptModule, System.Web.Extensions, Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"/>
</httpModules>
</system.web>
<!--<system.web.extensions>
<scripting>
<webServices>
--><!-- Uncomment this line to customize maxJsonLength and add a custom converter --><!--
--><!--
<jsonSerialization maxJsonLength="500">
<converters>
<add name="ConvertMe" type="Acme.SubAcme.ConvertMeTypeConverter"/>
</converters>
</jsonSerialization>
--><!--
--><!-- Uncomment this line to enable the authentication service. Include requireSSL="true" if appropriate. --><!--
--><!--
<authenticationService enabled="true" requireSSL = "true|false"/>
--><!--
--><!-- Uncomment these lines to enable the profile service. To allow profile properties to be retrieved
and modified in ASP.NET AJAX applications, you need to add each property name to the readAccessProperties and
writeAccessProperties attributes. --><!--
--><!--
<profileService enabled="true"
readAccessProperties="propertyname1,propertyname2"
writeAccessProperties="propertyname1,propertyname2" />
--><!--
</webServices>
--><!--
<scriptResourceHandler enableCompression="true" enableCaching="true" />
--><!--
</scripting>
</system.web.extensions>-->
<!--<system.webServer>
<validation validateIntegratedModeConfiguration="false"/>
<modules>
<add name="ScriptModule" preCondition="integratedMode" type="System.Web.Handlers.ScriptModule, System.Web.Extensions, Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"/>
</modules>
<handlers>
<remove name="WebServiceHandlerFactory-Integrated"/>
<add name="ScriptHandlerFactory" verb="*" path="*.asmx" preCondition="integratedMode" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"/>
<add name="ScriptHandlerFactoryAppServices" verb="*" path="*_AppService.axd" preCondition="integratedMode" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"/>
<add name="ScriptResource" preCondition="integratedMode" verb="GET,HEAD" path="ScriptResource.axd" type="System.Web.Handlers.ScriptResourceHandler, System.Web.Extensions, Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"/>
</handlers>
</system.webServer>-->
View 2 Replies
Apr 30, 2010
After all the answers to my last question about fine-tuning turned out to be more useful than I expected, I thought that I would ask another similar Question about the MembershipProviders as well.
Okay, so firstly, to clarify: I know what a Membership, Role, and Profile provider is, how to implement my own, and how to configure them, and most of the things about them. Implementing a role and profile provider is pretty straightforward, because they only require simple CRUD most of the time. (A single line of LINQ is enough for about half of the RoleProvider's methods.)
However, the Membership provider is a differend beast. Many of you may realize that it violates the SR (Single Responsibility) principle, because it has to do EVERYTHING related to user management. While this leaves a lot of room for customizations, it has its downsides as well. There is no information on the Internet about what their EXACT expected behaviour is, such as when should they throw exceptions or simply return null, and stuff like that.
I use this sample implementation for reference, but it also contains several contradictions.
For example, it uses its own ValidateUser method for checking for credentials in the ChangePassword method. But the ValidateUser also updates the user's LastLoginDate to the current date. So, does the framework expect that I set it in my own provider as well, or is it simply a mistake in the sample? The other is: the ChangePassword method throws an exception every time when validating the new password, but CreateUser doesn't ever throw an exception, it simply returns false. And last, but not least: it counts the invalid password attempts of the user and locks them if it passes a threshold. While this is good, but it requires manual action to unlock the users. Is it a problem if my provider automatically unlocks the user after a certain amount of time? (EDIT) I almost forgot: the CreateUser method in the sample inserts the ID from the method parameter. I actually think this is bad practice, because I use inters with auto incement as IDs, so inserting them from some method parameter is not an option. Should I just ignore the parameter, or require that its value is null and throw an exception if it isn't?
All in all, does ASP.NET have any assumptions about the behaviour of a MembershipProvider? Is there any documentation which describes when should I throw an exception or just return null?
I also tried to find a set of generic unit tests which would provide some guidance about the expected behaviour, but no luck, I found plenty of articles about "Unit testing is good", and "How to unit test a MembershipProvider", but not one where there would be any actual tests.
View 1 Replies
Apr 12, 2010
I have a requirement to develop an application in Excel VBA to talk to an MSSQL database.The client wants a login facility for a number of named users - I am going to setup these users in the aspnet tables in my database (aspnet_users, aspnet_membership etc).There is no facility in VBA to do automatic verification of a users credentials like there is in ASP.Net so I have developed a simple login form for the user to enter their username and password and send these to a stored procedure in the database. I am looking for a stored procedure that implements the ASP.Net hashing routine to convert the user supplied password into the same format as the database stored password so I can compare and return a true or false.
View 1 Replies
Sep 7, 2010
I have a web service which is running fine when i call it from a handler page (.ashx).
My web service returns a zip file.
But when i call the same code from my aspx page then i get a corrupted zip file. Code for calling is below and is same in both ashx class and aspx page.
[code]....
View 1 Replies
Jun 29, 2010
I have created a we app. using win authentication. When type the server ip addres in chrome I get the login window and it works just fine with my organizations credentials, however when doing the same using Internet Explorer I have to login with the server credentials as my account is not valid.
View 1 Replies
Jan 29, 2010
I got the login to work fine- go to [URL]if you want to give it a try. Here is the thing. The profile functionality doesn't work. It draws from the same set of files, it used the same connection string as the users, it work on my local machine, but blows up on GoDaddy because it cannot find the file, and when it tries to create it. The file it uses for the profile, aspnet_Profiles, is on there along with the rest of the membership files. The connection string is not defined individually. Why is it finding the user files, but not the profile file.
Here are the files
aspnet_Applications
aspnet_Memberships
aspnet_Paths
aspnet_PersonalizationAllUsers
aspnet_PersonalizationPerUser
aspnet_Profile
aspnet_Roles
aspnet_SchemaVersions
aspnet_Users
aspnet_UserInRoles
aspnet_WebEvents_Events
Here is the Wec.config
[Code]....
Here is the Profile User Control
[Code]....
Here is the profile wrapper
[Code]....
View 3 Replies
Aug 6, 2010
I have an ASP.net application hosted on Win2003 server. When I set the Authenticated Access to just Integrated Windows Authentication, IE7 & IE8 started failing in loging into the site with an error 401.1 ("You are not authorized to view this page"). But Firefox has no issues in loging into the site. why IE is failing to login with Integrated Windows Authentication where FireFox works perfectly?
View 1 Replies
Mar 17, 2011
We are using membership provider for LDAP authentication. It is working as it should.
But what all configuration settings I have to do so that
all the future requests to this application run under the security context of the Logged in user account not through the some default user set in IIS.
We need to have this working because all the permissions on the database are based on the logged in user.
We are using form authentication for LDAP authentication. And having impersonation = true in web.config.
View 1 Replies
Sep 9, 2010
I'm working on a website where it should be possible for registered users to upload word documents. The administration of users is done through Membership and Profiles. When the documents have been uploaded, the following needs to be achieved:Non-registered users should not be allowed to download documents I should be able to control which users that has access to which documents I should be able to register which user downloads which documents I should be able to track how many times a document has been downloaded
Can this be achieved be using Membership and Profiles?
View 1 Replies
Feb 28, 2011
I'm trying to use the Membership.CreateUser method without passing a security question and answer. I set them to string.empty, but no go. I have my provider set to not require a question in my web.config. What am I doing wrong?
[Code]....
View 2 Replies
Feb 9, 2010
I have started to implement asp membership. I go the administration page and click provider. I have a database on a server on the local network that i want to install my members tables in. When i run the
aspnet_regsq.exe it doesn't ask me what SQL database i want to use and seems to default to my local SQL Server 2005 installation. How I change this to use my SQL Express database on a local server?
View 6 Replies
Aug 10, 2010
I have to implement a small webshop. Basically it's just a website with a huge backend ERP System and with the possibility to sell one (yap, really only one!) product on the website. The only requirement is a MySQL Server. The backend is almost finished (about 95%) and is secured with the .net MemberShip Provider for MySQL (the one in MySql.Web from the MySql Connector .NET).
Now to my question: I can set up the membership system easily but I do not need such things like username or password-question but I would need a reference to an address table to store the users home address. So, it is possible to change or customize the membership system to for eg. a unique customer id instead of the username column and set this in codebehind when the user is creating a new account? And is it possible to insert new users/customers from codebehind in an easy way? (I mean without checking each foreign key and inserting the customer reference to the userinrole table and so on...)
View 10 Replies
Apr 14, 2010
I am building a site and I want to use the default membership controls provided with asp.net like Login View Control etc. I don't want to use the ASP.Net Membership DB as I want to use my own Security structure and I don't want to inherit the ASP.Net membership class either. In my case how can I use these controls to aid me like how will a login view control detect if someone is authenticated or not.
View 7 Replies
Jan 7, 2011
I deployed a website where a logged user or an anonymous user can select data and download a XML file. The website generate the XML file in the server and then deliver it.
It works fine in my development environment, but after deployment, the anonymous user can download the file, but the logged user receive this error:
System.UnauthorizedAccessException: Access to the path 'd:HostsLocalUserheringerwebsiteUpload20110107094051.xml' is denied.
It is weird that as anonymous i can do it.
The website server help states this:
"Grant write, modify, delete access rights on website's folder
Your website executes under unique user account that by default has full control over the website's folder.
So your application can create, open, read, write and delete files and folders inside of your root folder.
There is no need and no way to change this permissions.
If, when running ASP.Net application, you still unable to create file or update it, you have to check your Web.Config file for "<Identity impersonate..." tag and remove it.
The only exception is when the application tries to modify a file or folder in "Application_Start" event of Global.asax file. This is by design that user authenticated only after the Application_Start even. Before the user is authenticated your website runs under an identity of Application Pool which is "Network services". That account doesn't have access to the folder of your website.
To make it work you eather have to move the code that tries to modify files or folders out of the "Application_Start" event of the Global.asax file or inside the event you'll need to impersonate your user by code."
But i am not using impersonate and the tag is not in my web.config.
View 2 Replies
Jan 21, 2010
I've set up a system with forms based authentication and using the asp:Login control. When I put in an invalid password I get the approriate invalid password message. However when I put in a valid password, it does nothing...just returns to the login page again. I'm triple checked the login info. There is no error message, and the invalid attempts counter doesn't increment. When I put a break point in the Login_LoggedIn event of the Login form, it hits it, but User.Identity.IsAuthenticated is false. I'm not 100% sure it should be true at this point, as I'm pretty new to .NET but it seems kind of odd.
My user database is stored in a sqlserver 2005 db that already existed. I've added a new connection for it.In the authorization I have
<authorization>deny
users="?"/><authorization>
View 2 Replies
Jul 22, 2010
I created a soultion and used membership for login and I have the site working fine you can log in and out and I can see that my roles are working. I created a folder called Admin and I created a webpage in there that I can edit my data table that I wanted to be able to edit when I am logged in as a user with Admin role thats working... well it works...
anyone can get to this webpage and edit my data. I have it set in the membership using the role managment to deny users * and allow users with Admin role however I can open up a new browser with out login into my site and type in the web information and it pops right up says Welcome:Guest [LOGIN] theres my data and I can edit it see do whatever and this page shouldn't be able to be seen.
What did I do wrong?
example www.domainname.com/admin/editmydata.aspx
View 3 Replies
Oct 1, 2010
am working on an asp.net application with membership controls and the SQL Server database. I have this put together, however it appears that adjustments need to be made to enhance security. Many websites have membership features, so I was wondering if there are some blog posts that describe the steps that need to be made to enhance security.
View 3 Replies
