Security :: Write Custom MemberShip Provider Only To Read Connection String From Other File
Sep 16, 2010
In asp.net mvc project I am using MYSQlMemberShipProvider. Now I want that instead of reading the connection string from web.config file, it will read the connection string from external file every time. So that I am implementing the cutsom mebership provider class, this class inherits the MemberShipProvider class. But the problem is that if I inherits the MemberShipProvider class then I have to impelment all of its method in my cutsom membership provider class, But I want to use all other inbuilt methods of MemeberShip. What can i do. I only want to add the code like below:
public class CustomSqlMembershipProvider :MembershipProvider
{
public override void Initialize(string name, NameValueCollection configs)
{
base.Initialize(name, configs);
Connectionstring objProducts = // redaing the connection string.
}
}
But on compiltaion it is giving me the error does not implement inherit abstract member.
I have Membership configured with IIS7, tables for it located in my own database, created with aspnet_regsql utility, and I am using custom connection string to access it.
This is part of web.config related to Membership :
i am receiving this error when trying to use my membership provider: After googling the error most peoples problems are fixed by removing the old connection string first but this has not worked for me.
I have used a simple custom memberhip provider with one table.
On shared hosting with 123-reg.
The SSE Provider did not find the database file specified in the connection string. At the configured trust level (below High trust level), the SSE provider can not automatically create the database file.Description: An unhandled exception occurred during the execution of the current web request. review the stack trace for more information about the error and where it originated in the code.
Exception Details: System.Configuration.Provider.ProviderException: The SSE Provider did not find the database file specified in the connection string. At the configured trust level (below High trust level), the SSE provider can not automatically create the database file.
I have a very basic web site that uses a standard login control. It was original built using ASP.NET 2.0, and when I preformed a few site improvments, VS 2010 upgraded the site to version 4.0. Locally, everything is fine. But live, everything is working except the login authentication. All other pages that use the database work fine.
does the upgrade process affect the database? As this is the only thing I've not replaced on the live server.
The error I get with the login is:
The SSE Provider did not find the database file specified in the connection string. At the configured trust level (below High trust level), the SSE provider can not automatically create the database file Any thoughts?
i have implemented custom role provider and membership provider .
login page : SignIn.aspx
on successful login it redirects to (index-Homepage.aspx)
now PROBLEM is when it successfully logged in ,and redirects to 'index-Homepage.aspx' it gives Anornymoustemplate ..while its verifying the role correctly in index-Homepage.aspx.cs
i'm building an application and i need to manage roles, users and more things so i tought to use the membership provider but i have some questions about it: can i full extend it and can i override the functions to use a database table to store infos about config or i need to build my own provider?
This is my first membership provider; I converted the sample provider [URL] to SQL. I created a vb class provider and put it into the App_Code folder. After it was created I tried to modify my webconfig but the error pops up. I don't know what else to try, I don't know if I have missed something
I am developing an application in which I can connect to the ASPNETDB.MDF if it is on my machine, however, when I want to put it on another machine and try to remote connect it, I get the error:
An error occurred while attempting to initialize a System.Data.SqlClient.SqlConnection object. The value that was provided for the connection string may be wrong, or it may contain an invalid syntax. Parameter name: connectionString and my connection string is as follows:
I create custom principal for implement logic for users. In identity I store Id, Name. But it abnormally - this classes must use for authenticate and authorize.
I can implement custom MembershipUser, custom Roles and Membership provider.
I have the request to build a custom control for ASP.NET membership. The control is a kind of CreateUserWizard, but somewhat special. The users are created by our account executives. At their first log in the users enter their user name and initial password, change the password and enter additional information (email) in one transaction!
Building this by customizing CreateUserWizard or another built-in control seems to be the wrong way. I want to build a custom control by using string resources of the built-in controls. Is there a way to access just the resources of ASP.NET membership? Is their a public accessible resource manager or something similar?
I'm new to ASP.NET and I don't exactly understand some features.
I have a custom membership provider TestMembershipProvider which inherits from MembershipProvider. It has the following CreateUser method:
[Code]....
It's absolutely simple code.Then I have two text boxes (login, password) and the button to register a new user. I thas a following code:
[Code]....
[Code]....
Authentication in web.config is set like this:
[Code]....
No matter what I write into textboxes, following error is being returned:
The password retrieval question provided is invalid.
I don't know why. Either in web.config or in get RequiresQuestionAndAnswer I have false value. When I instantiate my TestMembershipProvider and call CreateUser directly instead of using static Membership.CreateUser, it works fine. Do I have to use instance of my TestMembershipProvider or did I missed anything?
i'm new to the mvc framework but i used forms authentification in an asp.net webapplication. Because im forced to use Sybase SQL Anywhere server i use membership / profile / role provider from sybase.Why i can't login in the MVC Application? When i create a user via mvc web control i'm logged in. But when i logout and try to login i get a error that username or password is not correct.Maybe someone has an idea? Could it be a problem with the application name? Both have the applicationname " / " ?Both applications has these web.config entries:
My question relates to membership providers. I have two websites that run on two different servers. One website is a community website that uses Telligent community server 2007. The other is a website that contains information. I have a form where users can request more information. What I would like to do is when a user requests more information, automatically create a user account in my community website. I was told that I can create a custom asp.net membership provider that will create a new user account in my community website. I have read some info at msdn and asp.net websites, but I am still unclear as to how I can create a custom membership provider that will work across different websites running on different servers.
I've implemented my custom membership provider. I use third server for authentication (call web method that validates user/password). I need this user/password for retrieve some additional data from this server. Asp.net MVC uses FormsAuthentication and cookie for keep 'login state' by default. It works well when I login on site first time. But when I close and open site again sometime after, cookie keeps it 'login'but I don't have credential for access to server data. I can change cookieless attribute (to 'UseUri' for example) in configure file but in this case I should login again if I open second tab with this app in same browser.My questions:
Is way to call SingOut of FormsAuthentication (remove authentication ticket from browser) when user closes asp.net mvc app?Is secure way to pass user/password data through session? Because server is unstable and interrupt connection often and app should have possibility for silent reconnect.
For three days now I have been going from one tutorial/video/sourcecode to the other about how to create the membership-part of my website, but I am still none the wiser :S
I have been looking through this video and these tutorials on the subject, but either they are not what I am looking for or they are too advanced, that I would just write my own user-procedures like I would in classic ASP..
The standard sql membership provider is nice and all, but I really favor using my own database-logic and not drown the website/database with tables, views, stores procedures and highly custimizable features that I'll never use.. That's why I'm trying to build my own custom membership provider
I think I'm on the right track with building a class that inherits from System.Web.Security.MembershipProvider, but when I tell VS to "Implement abstract class" I already have a problem with what I'm seeing: public override string ApplicationName
I know what the applicationname is for, but I am fairly certain that I will never be using the same database for several websites for this project, so why do I need to implement that functionality?
I guess what my problem is, is that although a method like Create-/DeleteUser is handy, I would like to determine whether or notI want to implement that.. Of course the CreateUser is of need to the CreateUserWizard control, but is the ApplicationName really neccesary?
Maybe I just need a little adwise from people that have had a need of custom database-structure - that's actually all I need, I don't think I will see a need for extra functionality codewise..
I've bee successfully using the Asp.Net Membership Provider in my VB.Net 3.5/SQL 2005 web app for a year now (Site A). However, I've added 2 new sites (B and C) (both with their own DB) and now I see a problem. It looks like users that get created for sites B and C also get created in site A. Roles that I create for B and C only get created in A. I think it is a conn string problem.When I created A, I adde the conn string to my machine.config (not sure why I did this or if it is even needed)...
We are trying to implement Custom Role membership provider for our web app. For authorization we want to check for one more field like Facilityid for the logged on user along with role he has. eg. my User1 having Role1 with Facility1 can access some option and same user role for Facility2 have different option. So is there a way we can extend the existing role/profile provider to authorize user with this additional field along with role assigned.
I have a custom SQL membership provider (NOT using aspdb files but our own 'People' table) that was working fine under development but doesn't even connect when it is deployed on web server. DB connection string has been changed to point to db server (checked against another web site & is fine there). The membership code (in VB) is in App_code directory so am I correct in thinking I don't need a separate DLL ? No error messages nothing just reports failed to login when I type some user credentials.
I am using a custom membership provider with a custom ValidateUser method. The ValidateUser sends and additional parameter to authenticate my users (Username, Password, and Dealer). I created a custom stored procedure for ValidateUser to call. I copied over all my users from another table and encrypted all the passwords in the aspnet_membership table using the code below. My question is, how do I take the password the user enters in the login form and validate that against what is in my aspnet_membership Here is the code I used to encrypt the passwords (not even sure this was the right way to encrypt. Please tell me if I did this wrong):
public static string EncodePasswordNow(string originalPassword) { Byte[] originalBytes;
so after a short talk with some people around ASP.NET MVC forum I took a huge step and chose to create my own Custom Membership Data provider.. so I logged into sweet google and started searching , it doesnt look that hard and seems totally possible for me , that's what i thought...
So now I opened visual studio , and started to think on few things .. So before I would start typing code , I would like to ask those questionsSo i would know better
1. when I build an SQL object , or XML or w.e object, how do I know which fields I need for my table ? should i just copy them from aspnetdb or is there somewhere it is written?
2. how the heck do I copy lines from webconfig ? and should I get those lines like "reset password" from web config or not?
3. I saw some parameters in "create User" called providerKey or something like that, and also MembershipState ? what exacly are those ?
4. last question: the functions get username , and password and stuff like that , but what If i want to create my own User Entity , is there a way to change what the function gets ? or should i just make another class that get my custom UserEntity and let the first class to send her the userentity as repository ?
I just created a custom membership provider I would like to know if I can make calls to my data access layer and not put my data access code inside the membership methods will that prevent my custom membership provider from being thread safe, for example:
public override [Code].... CreateUser(string username, string password, string email, out MembershipCreateStatus status){ // DB calls to my data layer}v.s.public override [Code].... CreateUser(string username, string password, string email, out MembershipCreateStatus status){ // data access }
I am working on implementing a custom membership provider that works against an existing schema in my database and have a few thoughts/question.The login control will automatically call the ValidateUser method of the membership provider, so no matter how I implement the provider the only thing the login control cares about the bool value returned by this method. What I am confused about is there could be numerous reasons why a login attempt failed; user is locked out, too many tries in a period of time, etc. There is no way that I see to convey that to the control so it could display the proper message. Other properties of the membership provider such as PasswordStrengthRegularExpression have absolutely no effect on the login control as well (out of the box), I would have hoped that it would automatically somehow translate into regular expression validators, but that doesn't seem to be the case. So it seems that I need to initialize the login control properties with these settings out of the provider configuration if I want them to take on the control itself.
If the only thing that the Login control does out of the box (without manually handling events and doing the initialization as described above) is call the ValidateUser method on the membership provider, I see no way to convey back to the Login control why the validation failed or even doing things like throttling the validation requests based on a certain time window. Ultimately my question is why would I even use the membership provider then in conjunction with the login control? It seems like it was only designed for a Yes/No type response, which is very restrictive. If I want to build in logic with different messages back to the user I need to handle the login control events and call my own authentication classes that will handle all of my business requirements as well as return a custom error message back to the Login control to display to the user so they know why their attempt is invalid.
Unless I am wrong in my assumptions, it seems that the interface between the Login control as the membership API is too restrictive to be useful. Perhaps the API works better for other auth controls like ChangePassword better but for the actual Login control I don't see the point.
I am trying to build my own custom Membership Provider in an MVC 3 Web Application using C#.
Here is my code:
[Code]....
As you can see, I am just starting with it, and yet I've encountered problems. According to this tutorial when I right click on MembershipProvider, I should get the option to [ Implement Abstract Class ], but I don't get that ! I am using Visual Studio 2010.
I've implemented a custom membership provider (as the user credentials are stored in a legacy application), however, the website is exhibiting two behaviours which it shouldn't. Firstly, it's not tracking invalid password attempts. My website does not use questions and answers, but according to MSDN (http://msdn.microsoft.com/en-us/library/f1kyba5e(v=VS.90).aspx) the "ValidateUser" method should still track them. When I put a breakpoint on the MaxInvalidPasswordAttempts property it is never even accessed.
Secondly, when I manually lock out a user, I can still log in with those credentials (I have confirmed that the MembershipUser object returned by the GetUser method during the login has the "IsLockedOut" property set correctly).The config file lists only the provider name and type - at the moment I'm hard-coding the provider's properties. (For this reason I'm not overriding the Initialize method.)Either I'm doing something wrong, or I have to track these invalid attempts myself, and fail authentication when the user is locked out - which would seem a little silly, since itappears like the membership provider infrastructure should handle that for you...