Security :: Setup Multiple MySQLRoleManager Providers?
Aug 12, 2010
I have the following connectionStrings in my web.config file:
...
<add name="myApp1_dev" connectionString="Server=localhost;user id=root;password=;persist security info=True;Database=dbOne" providerName="MySql.Data.MySqlClient" />
<add name="myApp2_dev" connectionString="Server=localhost;user id=root;password=;persist security info=True;Database=dbTwo" providerName="MySql.Data.MySqlClient" />
...
I also have the following roleManager defined:
...
<roleManager enabled="true" defaultProvider="MySQLRoleProvider" cacheRolesInCookie="true" createPersistentCookie="false" cookieProtection="All">
<providers>
<clear/>
<add name="MySQLRoleProvider" type="MySql.Web.Security.MySQLRoleProvider, MySql.Web, Version=6.1.3.0, Culture=neutral, PublicKeyToken=c5687fc88969c44d" connectionStringName="myApp1_dev" applicationName="/"/>
</providers>
</roleManager>
...
I dont know if this was the best way (somewhat new to vb.net), but in my Login.aspx page, I set global session variable to one of the two connection strings. If the user logs into App1, it uses connectionString myApp1_dev; if user selects App2, it uses myApp2_dev. My question / problem is: Each of the two databases have their own MySQL membership and role tables. If the user logs into App1, I would like to the dbOne database tables. If user selects App2, select dbTwo tables. Can I support Roles from multiple databases?
View 9 Replies
Similar Messages:
Feb 25, 2010
In my web application am using ASP.Net Membership for authentication ann role management.But now i have a situation where i need to authenticate multiple clients against different DB based upon the URL request being send. Below is my web.Config Details.
<authentication>
<forms loginUrl="Login.aspx" defaultUrl="Login.aspx" />
</authentication>
<membership defaultProvider="QuickStartMembershipSqlProvider">
<providers>
<clear/>
<add connectionStringName="MEMBERSHIP_AND_ROLES" minRequiredPasswordLength="5"
minRequiredNonalphanumericCharacters="0"
enablePasswordReset="true"
requiresQuestionAndAnswer="false"
applicationName="SecurityQuickStart"
requiresUniqueEmail="true" passwordFormat="Hashed" name="QuickStartMembershipSqlProvider" type="System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"/>
</providers>
</membership>
<roleManager enabled="true" defaultProvider="QuickStartRoleManagerSqlProvider">
<providers>
<clear/>
<add connectionStringName="MEMBERSHIP_AND_ROLES" applicationName="SecurityQuickStart" name="QuickStartRoleManagerSqlProvider" type="System.Web.Security.SqlRoleProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"/>
</providers>
</roleManager>
ConnectionString.Config:
<add name="MEMBERSHIP_AND_ROLES" connectionString="Data Source=x.x.x.x;Initial Catalog=xxx;User ID=xxx;Password=xxx" providerName="System.Data.SqlClient"/>
Am using form authentication for user authentication. In my login page am using Membership.ValidateUser(username,password),which is using default membership provider. Now my situation is i need to override the default DB and connect to multiple DB based on URL request send to my web server.
View 1 Replies
Oct 13, 2010
I have two connection strings being used:
<add
name="db1"
connectionString="Server=localhost;user
id=root;password=;persist security info=True;Database=db1"
providerName="MySql.Data.MySqlClient"/>
<add
name="db2"
connectionString="Server=localhost;user
id=root;password=;persist security info=True;Database=db2"
providerName="MySql.Data.MySqlClient"/>
I would like to have two different Role Providers using these connection strings:
<roleManager
enabled="true"
defaultProvider="rp1"
cacheRolesInCookie="true"
createPersistentCookie="false"
cookieProtection="All">
<providers>
<clear/>
<add
name="rp1"
type="MySql.Web.Security.MySQLRoleProvider,
MySql.Web, Version=6.1.3.0, Culture=neutral, PublicKeyToken=c5687fc88969c44d"
connectionStringName="db1"
applicationName="test"/>
<add
name="rp2"
type="MySql.Web.Security.MySQLRoleProvider, MySql.Web, Version=6.1.3.0, Culture=neutral,
PublicKeyToken=c5687fc88969c44d"
connectionStringName="db1"
applicationName="test"/>
My application starts with a login screen. Based on what the user selects, I would like to control which database to connect to. (DB1 vs DB2). The problem is, when the application starts the Role Provider defaults to "rp1". Is there a way I can change the default provider during runtime?
View 5 Replies
Jul 1, 2010
I want to know if we can use multiple membership providers simultaneously in a single ASP.net application.
View 1 Replies
Aug 9, 2010
In my web.config I have:
[Code]....
If I just have ADProvider1 it works, when I add ADProvider2, even though for testing I only use ADProvider1 I get an error: "Unable to establish secure connection with the server" Am I adding the second provider to the membership section incorrectly?
View 11 Replies
Sep 21, 2010
I'm having trouble setting up a custom NEW User Screen. Here is my situation, I have a Request for Access Screen that uses the CreateNewUser Wizard Control. I want to leave the Question and Answer for this, however I also want a custom NEW User Setup which I build myself to allow the system administrators to setup users, but for this setup I don't want the administrators to have to pick the question and answer for the NEW user, so I would like to bypass this for this setup. However, my Membership.CreateUser keeps asking for it. How can I accomplish this? I've included a copy of my current web.config file. You will notice a AspNetAdminMemberhip which I use to allow the System Administrators to reset passwords.
<?
<
<
<
<
<
<
<
<
</
</
</
</
<
<
<
<
</
<
<
<
<
xml
version="1.0"?><configuration>configSections>sectionGroup
name="system.web.extensions"
type="System.Web.Configuration.SystemWebExtensionsSectionGroup,
System.Web.Extensions, Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35">sectionGroup
name="scripting"
type="System.Web.Configuration.ScriptingSectionGroup,
System.Web.Extensions, Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35">section
name="scriptResourceHandler"
type="System.Web.Configuration.ScriptingScriptResourceHandlerSection,
System.Web.Extensions, Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"
requirePermission="false"
allowDefinition="MachineToApplication"/>sectionGroup
name="webServices"
type="System.Web.Configuration.ScriptingWebServicesSectionGroup,
System.Web.Extensions, Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35">section
name="jsonSerialization"
type="System.Web.Configuration.ScriptingJsonSerializationSection,
System.Web.Extensions, Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"
requirePermission="false"
allowDefinition="Everywhere"/>section
name="profileService"
type="System.Web.Configuration.ScriptingProfileServiceSection,
System.Web.Extensions, Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"
requirePermission="false"
allowDefinition="MachineToApplication"/>section
name="authenticationService"
type="System.Web.Configuration.ScriptingAuthenticationServiceSection,
System.Web.Extensions, Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"
requirePermission="false"
allowDefinition="MachineToApplication"/>sectionGroup>sectionGroup>sectionGroup>configSections>connectionStrings>add
name="LBX_ChangeControlConnectionString"
connectionString="Data
Source=10.31.30.26;Initial Catalog=LBX_ChangeControl;Persist Security Info=True;User ID=sa;Password=wstinol"
providerName="System.Data.SqlClient"/>remove
name="LocalSqlServer"/>add
name="LocalSqlServer"
connectionString="Data
Source=10.31.30.26;Initial Catalog=LBX_ChangeControl;Persist Security Info=True;User ID=sa;Password=wstinol"
providerName="System.Data.SqlClient"/>connectionStrings>system.web>membership>providers>add
name="AspNetAdminMembership"
type="System.Web.Security.SqlMembershipProvider"
connectionStringName="LocalSqlServer"
applicationName="/"
enablePasswordReset="true"
requiresQuestionAndAnswer="false"
enablePasswordRetrieval="false"
maxInvalidPasswordAttempts="5"
minRequiredPasswordLength="8"
minRequiredNonalphanumericCharacters="1"
/>
</
</
<
<
<
<
<
<
<
<
providers>membership>roleManager
enabled="true"/>authentication
mode="Forms"/>profile
enabled="true">properties>add
name="FirstName"
type="string"/>add
name="LastName"
type="string"/>add
name="Gender"
type="string"/>add
name="ProfileImageID"
type="string"/>add
name="Department"
type="string"/>add
name="PhoneNumber"
type="string"/>properties>profile>pages>controls>add
tagPrefix="asp"
namespace="System.Web.UI"
assembly="System.Web.Extensions,
Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"/>controls>pages>
Set compilation debug="true" to insert debugging
symbols into the compiled page. Because this affects performance, set this value to true only during development.
<
<
<
<
<
<
</
<
<
-->compilation
debug="true">assemblies>add
assembly="System.Web.Extensions,
Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"/>add
assembly="System.Design,
Version=2.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"/>add
assembly="System.Web.Extensions.Design,
Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>add
assembly="System.Windows.Forms,
Version=2.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/><add
assembly="CrystalDecisions.CrystalReports.Engine,
Version=10.2.3600.0, Culture=neutral, PublicKeyToken=692fbea5521e1304"/><add
assembly="CrystalDecisions.ReportSource,
Version=10.2.3600.0, Culture=neutral, PublicKeyToken=692fbea5521e1304"/><add
assembly="CrystalDecisions.Shared,
Version=10.2.3600.0, Culture=neutral, PublicKeyToken=692fbea5521e1304"/><add
assembly="CrystalDecisions.Web,
Version=10.2.3600.0, Culture=neutral, PublicKeyToken=692fbea5521e1304"/><add
assembly="CrystalDecisions.ReportAppServer.ClientDoc,
Version=10.2.3600.0, Culture=neutral, PublicKeyToken=692fbea5521e1304"/><add
assembly="CrystalDecisions.Enterprise.Framework,
Version=10.2.3600.0, Culture=neutral, PublicKeyToken=692fbea5521e1304"/><add
assembly="CrystalDecisions.Enterprise.InfoStore,
Version=10.2.3600.0, Culture=neutral, PublicKeyToken=692fbea5521e1304"/></assemblies>compilation>httpHandlers>remove
verb="*"
path="*.asmx"/>add
verb="*"
path="*.asmx"
validate="false"
type="System.Web.Script.Services.ScriptHandlerFactory,
System.Web.Extensions, Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"/>add
verb="*"
path="*_AppService.axd"
validate="false"
type="System.Web.Script.Services.ScriptHandlerFactory,
System.Web.Extensions, Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"/>add
verb="GET,HEAD"
path="ScriptResource.axd"
type="System.Web.Handlers.ScriptResourceHandler,
System.Web.Extensions, Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"
validate="false"/>add
verb="GET"
path="CrystalImageHandler.aspx"
type="CrystalDecisions.Web.CrystalImageHandler,
CrystalDecisions.Web, Version=10.2.3600.0, Culture=neutral, PublicKeyToken=692fbea5521e1304"/></httpHandlers>httpModules>add
name="ScriptModule"
type="System.Web.Handlers.ScriptModule,
System.Web.Extensions, Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"/>httpModules>system.web>system.webServer>validation
validateIntegratedModeConfiguration="false"/>modules>add
name="ScriptModule"
preCondition="integratedMode"
type="System.Web.Handlers.ScriptModule,
System.Web.Extensions, Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"/>modules>handlers>remove
name="WebServiceHandlerFactory-Integrated"/>add
name="ScriptHandlerFactory"
verb="*"
path="*.asmx"
preCondition="integratedMode"
type="System.Web.Script.Services.ScriptHandlerFactory,
System.Web.Extensions, Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"/>add
name="ScriptHandlerFactoryAppServices"
verb="*"
path="*_AppService.axd"
preCondition="integratedMode"
type="System.Web.Script.Services.ScriptHandlerFactory,
System.Web.Extensions, Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"/>add
name="ScriptResource"
preCondition="integratedMode"
verb="GET,HEAD"
path="ScriptResource.axd"
type="System.Web.Handlers.ScriptResourceHandler,
System.Web.Extensions, Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"/>handlers>system.webServer>location
allowOverride="true"
inheritInChildApplications="true">appSettings>add
key="CrystalImageCleaner-AutoStart"
value="true"
/>add
key="CrystalImageCleaner-Sleep"
value="60000"
/>add
key="CrystalImageCleaner-Age"
value="120000"
/>appSettings>location>system.net>mailSettings>smtp
from="Lockbox@tdbanknorth.com">network
host="ME6AWMAIL01.bkng.net"
password=""
userName=""
/>smtp>mailSettings>system.net>configuration>
View 1 Replies
Oct 15, 2010
There is the following design: the back-end implemented as WCF, the public front site and two intranet sites (all three talking to the back-end). I believe that authentication on the sites is not enough (i.e. passing ClientID to WCF in each request as a parameter) and i want to protect my back-end (WCF) with authentication to perform double-check and have PrincipalPermission on the methods with roles specified.
I'm sure that identity names from both providers do not cross (public logins are digits only and the intranet will be something like 'DOMAINLogin'). The front site uses forms auth and its provider returns GenericPrincipal. The intranet sites use Windows auth and i have WindowsPrincipal attached to Page.User.
Is it possible to configure WCF to use two membership providers (custom one that the front site uses and Windows) out of the box, without writing another custom code? Is it important how my WCF is hosted? Currently it's windows service. Do i need to switch to IIS 7?
View 1 Replies
Apr 1, 2011
I know this question is asked (and answered) a lot already, but I believe my situation is unique.
We are using the ASP.NET SqlMembershipProvider. However, we also have some less-secure content we would like to secure by adding users directly to the web.config, like so...
<forms loginUrl="login.aspx" defaultUrl="default.aspx">
<credentials passwordFormat="Clear">
<user name="user1" password="123" />
<user name="user2" password="456" />
</credentials>
</forms>
Is it possible to use this method alongside a SQL Membership Provider? If so, how?
I know it's bad practice to do this. This is only a stepping stone as we move parts of our website into the asp.net application. We would like some of those password to be easily editable without going to the database.
View 2 Replies
Sep 2, 2010
I have created two custome membership providers that I would like to add to my web.config. The first one would be the default that the asp.net application would use. The second would be called by a WCF service that I have in the same application.
The providers in the membership section of my web.config looks like the following:
<add name="SiteProvider" type="MyNameSpace.SiteProvider, MyNameSpace" ApplicationName="Si2" EnablePasswordReset="true" PasswordStrengthRegularExpression="(?=[w$#_ ]{8,})(?=.*?d)(?=.*?[A-z])[w$#_ ]*" ResetPasswordMinimumLength="8" ResetPasswordPattern="USL9SLU9SLU9SLLLL" ResetPasswordAllowDuplicateCharacters="false" />
<add name="WCFProvider" type="MyNameSpace.WCFProvider, MyNameSpace" ApplicationName="Si2" EnablePasswordReset="true" PasswordStrengthRegularExpression="(?=[w$#_ ]{8,})(?=.*?d)(?=.*?[A-z])[w$#_ ]*" ResetPasswordMinimumLength="8" ResetPasswordPattern="USL9SLU9SLU9SLLLL" ResetPasswordAllowDuplicateCharacters="false" />
I receive the error "Item has already beed added. Key in dictionary: 'SiteProvider' Key being added: 'SiteProvider'" any time I browse to the site.
This doesnt make sense to me sense they have unique names. If i remove the second provider the site is browseable.
View 1 Replies
Sep 10, 2010
Is it possible to hook multiple role providers with one service? I want client A to connect to service A with roleprovidername A & client B to connect to service A with roleprovidername B
View 3 Replies
Mar 22, 2010
I am writing a login routine that uses a .NET login control and I have a membership provider as well and set it all up in the config file. But I don't plan on using a connection string as I will be calling a web service in my ValidateUser function. Do I need the connection string in the config because it seems to throw an error if I don't have it.
In that case if you need it then wouldn't it be better to treat this membership provider class more as a normal class and just make calls to it directly like any class and not put any setting on my login control and remove the entry from my web.config
View 5 Replies
Apr 3, 2010
I'd like to know if its possible to use two membership providers within a single application. I need to have a membership provider "power users" and administrators on a site and a different one for clients and customers who will want to register on the site. I'd like to know if its possible to have two different membership providers to handle these two different sets of users. If it is, how do i go about it?
View 4 Replies
Mar 27, 2010
I'd like to know how membership providers works under the hood, if it uses cookies, session, the principal and identity thread objects, etc.. etc.. where can I find information?
View 3 Replies
May 20, 2010
I am new to using the membership provider. I have been working in a small shop that has very focused programming and we are starting to venture out as our needs have grown. My question is the following:
Once I have created the asp schema and I set up users. How do I perform database access using those user accounts? I know how to perform access using a database account (schema), but do not understand how to use a user that only exists in a user table to access data tables.
Do I use an anonymous account and control access on the front end?
How to I track audit fields?
View 9 Replies
Nov 15, 2010
I want to know the name of the ISP provider and webhosting provider name for given Domain.
is it possible to know the ISPs name and webhosting providers name through Dotnet or manulally?
View 1 Replies
Feb 16, 2011
After running the aspnet_regsql.exe tool, i notice a bunch of different tables pertaining to the ASPNET security (e.g. aspnet_Applications, aspnet_Membership, aspnet_Paths, aspnet_Personalations, aspnet_Profile, aspnet_Roles, aspnet_SchemaVersion, aspnet_Users, aspnet_UsersInRoles). Do the different providers (AspNetSqlMembershipProvider, AspNetSqlProfileProvider, AspNetSQLRoleProvider) relate or associated with certain aspnet_xyz tables? I imagine the AspNetSQLProfileProvider is responsible for the aspnet_Profile table correct? The AspNetSQLRoleProvider probably is tied to the aspnet_Users, aspnet_Roles, aspnet_UsersInRoles table? Any links documenting the relationship between teh providers and the aspnet_xyz tables?
View 1 Replies
Jan 12, 2010
This is the first time i would be using .net membership providers and i need to add some extra columns and chage a couple of existing datatypes of the exising columns.
my Q is:
1)can i do this without having to suffer down the road.
2)can i modify the existing sp's in sql08 or would i need to use additional sp's for the new columns that i add.
View 4 Replies
Mar 11, 2011
I am creating an application hosted on GoDaddy.com. The base files are kept in a folder called /sky while the Admin files and User files are kept in /sky/Admin and /sky/User respectively. I'm having difficulty configuring the security so that when a user tries to access Admin or User files they should be redirected to the login.aspx file in the /sky folder. I keep getting an error that its trying to access sky/sky/login.aspx instead of just sky/login.aspx.
Here are the relevant sections of my web.config file.
<?xml version="1.0"?>
<configuration>
...
<location path="sky/admin">
<system.web>
<authorization>
<allow roles="Admin" />
<deny users="*"/>
</authorization>
</system.web>
</location>
<location path="user">
<system.web>
<authorization>
<allow roles="Admin,User" />
<deny users="*"/>
</authorization>
</system.web>
</location>
<system.web>
<customErrors mode="Off" />
<authentication mode="Forms">
<forms name="login" loginUrl="login.aspx" />
</authentication>
...
</system.web>
...
</configuration>
Can someone point me to articles or provide assistance with the proper configuration?
View 3 Replies
Aug 6, 2010
I'm trying to update/create the user profile for a specific user that will not be the logged on user of the moment. I'm able to do this with the following code:
'Dim p As ProfileBase = ProfileBase.Create(Email, False)
View 3 Replies
Sep 28, 2010
is it possible to create a Setup project within Visual Studio that will allow the generated installer to allow for the user to install the application multiple times? I would imagine there would be changes needed for checking if the destination folder already has an installation there but what about removing the "already exist" detection or how to change the Add/Remove Programs to show nothing at all or each individual instance of the installation.
View 2 Replies
Mar 8, 2010
I have built a website and now the customer wants to split it between three different domains. What is the best way to do this? This is what I have so far.
c:/website1/ points to www.website1.com
c:/website1/vd1/ points to www.website2.com
c:/website1/vd2/ points to www.website3.com
The webhost I'm working with has done it the following way, but now I'm getting a bunch of errors that seems like it's not seeing the App_code folder. Do I need to make a lot of changes? How does this affect the location references?
View 2 Replies
Jul 15, 2010
Brief introduction:I have this ASP.NET Webforms site with the particularity that it doesn't have only 1 database, it has many.Why? Because you can create new "instances" of the site on-the-fly. Every "instance" share the same codebase, but has its own database. These all databases have the same schema (structure) but of course different data. Don't ask 'why don't you put everything in one database and use InstanceId to know which is" because it's a business policy thing.
The application knows which instance is being requested because of the url. There is one extra database to accomplish this (I do know its connection string in design time). This database has only 2 tables and associates urls to 'application instances'. Then, of course, each 'application instance' has its associated connection string.
Current situation: There is nothing being used right now to help us with the job of mantaining every instance database in sync (propagating schema changes to every one). So we are doing it by hand, which of course it's a total mess.
Question: I'd like to use a rails-migration way to handle schema changes, preferably migratordotnet, but could use any other if it's easier to setup.The problem is that migratordotnet needs the connnection string to be declare in the proj.build file and I don't know them until runtime. What it would be REALLY useful is some kind of method running on *Application_Start* that applies the latest migration to every database.How could this be done with migratordotnet or any similar?
View 4 Replies
Sep 4, 2010
Because my new provider doesn't have SQL server, I have to connect to a MySql database.
My connectiostring in the web.config =
[Code]....
When I go to ASP.net webconfigurationpage and go to security I get the following message: An exception occurred.
I have really no idea what I'm doing wrong. Where do I have to search for?
View 3 Replies
Feb 4, 2011
I have an MVC web app and want to setup the security in a fashion that is NOT persisted. The problem is that if a user logs in and closes the browser (all instances) and open a new browser, goes to the site heshe is logged in automatically. I want the "session" to expire if you close the browser but I cannot seem to get the answer.
I have authentication mode="Forms" in the web.config and all my usernamepasswords are kept in a custom SQL DB. I can see that on login, Asp.net drop a cookie called ".ASPXAUTH" that expires in 30 minutes. I changed it to expire "At end of session" but if I close the tab I can see that that cookie is still active.
What do I need to do to get the browser to force a login if the user closes the tab or browser?
View 4 Replies
Aug 12, 2010
Where can I find a good tutorial on setting up roles and authorizing them? I'm using Windows Authentication for an intra-net based app and need to figure out how to grant the users access to the various pages.
View 5 Replies