Iis6 - Application With Windows Authentication And Custom Membership Provider Advice
Feb 15, 2011
I've been asked to upgrade a few applications and I'm planning on merging all of them into one asp.net application. I'm fine with this decision and have spoken with fellow workers and they also think it's the best option to go with.
The application will be accessed from a small group of users which belong to a larger domain. I'm currently planning on using Windows authentication and only allow this small set of users to access the asp.net application. Also there must be some role management, so that only certain users can view certain functionality.
I really don't want to have many different windows groups; so I want to avoid having to assign different windows groups to different folders and control permissions in the web.config.
What I'd like to do is:
- Assign one windows group to the small group of users who will access the page.
- Create a custom membership provider and control the user who accesses the application. Depending on the user I will then assign his current set of roles.
- Add an application setting to the web.config, with the name of the current administrator, so if he logs in, he will be assigned all roles, and will be able to create and assign roles to other users.
View 1 Replies
Similar Messages:
Nov 2, 2010
I have a web application that will be used by the public. This application has a login credentials requirement.
I don't want to create yet another site that you have to create a custom username/password combination unless you really want too. I would like to support 3rd party logins like Facebook, Twitter, etc...
In the end this website could run in the Azure cloud as well so I am open to anything special to that.
One thing to note is the Microsoft Membership Provider that is part of ASP.NET is a great way to have custom login/passwords with a nice integration into MVC code. What I would love is that Provider opened up to allow 3rd party logins.
View 1 Replies
Feb 19, 2011
I am trying to build my own custom Membership Provider in an MVC 3 Web Application using C#.
Here is my code:
[Code]....
As you can see, I am just starting with it, and yet I've encountered problems. According to
this tutorial when I right click on MembershipProvider, I should get the option to [ Implement Abstract Class ], but I don't get that ! I am using Visual Studio 2010.
View 9 Replies
Jul 27, 2010
I am trying to build an application that
1. user can login by their AD account and password.
2. AD account can be assigned to different group.
I know there is a training video - [URL] to teach how to use the tool to provision the membership schema to SQL server for Forms authentication. but how can I use AD authentication with this?
View 1 Replies
Sep 27, 2010
I have watched the how to video on Creating a Custom Membership provider. So far it works great. My login control interacts well with it etc. Now i've created a Custom Role Provider. I've created a class that inherits the RoleProvider base class and i've added code to each Sub. My question is, what is the best way to implement the role provider, considering I get the Roles etc from the database?
View 11 Replies
Dec 1, 2010
i have implemented custom role provider and membership provider .
login page : SignIn.aspx
on successful login it redirects to (index-Homepage.aspx)
now PROBLEM is when it successfully logged in ,and redirects to 'index-Homepage.aspx' it gives Anornymoustemplate ..while its verifying the role correctly in index-Homepage.aspx.cs
View 1 Replies
Jan 5, 2011
This is my first membership provider; I converted the sample provider [URL] to SQL. I created a vb class provider and put it into the App_Code folder. After it was created I tried to modify my webconfig but the error pops up. I don't know what else to try, I don't know if I have missed something
webconfig:
[code]....
View 1 Replies
Dec 19, 2010
I have a site on domain1. I need to open a ModalDialog with a Page on domain2. My Domain2 is protected not to allow anonymous access so i get a login window like:
My problem is, for this one functionality, i want users to be able to see that ASPX, through the ModalDialog, without authenticating.
I tried using the ftp way:(URL)
and i get a javascript error.
My site is hosted in IIS6, Windows Server 2003 and i have full access to the server.
View 1 Replies
Jul 31, 2010
I am having an issue with IIS6 and intergrated windows authentication that is driving me nuts, and I am hoping one of you guys can point me in the right direction.
I have written an ASP.net 3.5 application, and have installed it on a Windows 2003 R2 SP2. I have turned on intergrated windows authentication on, turned off anonymous access. using local host on the server itself I have no problems, it works, picks up the NTlogin.
However when I go to a clients machine (logged in as one of the users of the domain) and try to access the website
http://10.1.1.22/ I get asked for a username and password. If i enter a valid user name and password then I have no probelms. The NTlogin is picked up, application works.
But my issue is why does it come up with a username and password at all? shouldn't it just know this user is already in the domain, just go straight through to iis? how can i get rid of this? I have read multiple forums about server delegation etc... metabase.xml... nothing seems to work
View 4 Replies
Mar 27, 2010
i'm building an application and i need to manage roles, users and more things so i tought to use the membership provider but i have some questions about it: can i full extend it and can i override the functions to use a database table to store infos about config or i need to build my own provider?
View 4 Replies
Dec 16, 2010
<profile>
<providers>
<clear/>
<add name="AspNetSqlProfileProvider" type="System.Web.Profile.SqlProfileProvider" connectionStringName="ApplicationServices" applicationName="/"/>
</providers>
<properties>
<add name="FirstName"/>
<add name="LastName"/>
</properties>
</profile>
I have the code snippet above in my webconfig file. I am attempting to set the FirstName property in codebehind on a register.aspx page. Like this:
Profile.FirstName = ((TextBox)RegisterUser.CreateUserStep.ContentTemplateContainer.FindControl("FirstName")).Text;
VS says Profile is in System.Web.Profile Namespace. I then use it like this "System.Web.Profile.FirstName", but says first name does not exist in System.Web.Profile.FirstName namespace.
How do I set the property and later retrieve it?
View 3 Replies
Oct 13, 2010
I create custom principal for implement logic for users. In identity I store Id, Name. But it abnormally - this classes must use for authenticate and authorize.
I can implement custom MembershipUser, custom Roles and Membership provider.
How to do it? What best practices are?
View 5 Replies
Mar 21, 2010
I'm new to ASP.NET and I don't exactly understand some features.
I have a custom membership provider TestMembershipProvider which inherits from MembershipProvider. It has the following CreateUser method:
[Code]....
It's absolutely simple code.Then I have two text boxes (login, password) and the button to register a new user. I thas a following code:
[Code]....
[Code]....
Authentication in web.config is set like this:
[Code]....
No matter what I write into textboxes, following error is being returned:
The password retrieval question provided is invalid.
I don't know why. Either in web.config or in get RequiresQuestionAndAnswer I have false value. When I instantiate my TestMembershipProvider and call CreateUser directly instead of using static Membership.CreateUser, it works fine. Do I have to use instance of my TestMembershipProvider or did I missed anything?
View 1 Replies
Apr 16, 2010
I have created my custom MembershipProvider. I have used an instance of the class DBConnect within this provider to handle database functions. Please look at the code below:
public class SGIMembershipProvider : MembershipProvider
{
#region "[ Property Variables ]"
private int newPasswordLength = 8;
private string connectionString;
private string applicationName;
private bool enablePasswordReset;
private bool enablePasswordRetrieval;
private bool requiresQuestionAndAnswer;
private bool requiresUniqueEmail;
private int maxInvalidPasswordAttempts;
private int passwordAttemptWindow;
private MembershipPasswordFormat passwordFormat;
private int minRequiredNonAlphanumericCharacters;
private int minRequiredPasswordLength;
private string passwordStrengthRegularExpression;
private MachineKeySection machineKey;
**private DBConnect dbConn;**
#endregion
.......
public override bool ChangePassword(string username, string oldPassword, string newPassword)
{
if (!ValidateUser(username, oldPassword))
return false;
ValidatePasswordEventArgs args = new ValidatePasswordEventArgs(username, newPassword, true);
OnValidatingPassword(args);
if (args.Cancel)
{
if (args.FailureInformation != null)
{
throw args.FailureInformation;
}
else
{
throw new Exception("Change password canceled due to new password validation failure.");
}
}
SqlParameter[] p = new SqlParameter[3];
p[0] = new SqlParameter("@applicationName", applicationName);
p[1] = new SqlParameter("@username", username);
p[2] = new SqlParameter("@password", EncodePassword(newPassword));
bool retval = **dbConn.ExecuteSP("User_ChangePassword", p);**
return retval;
} //ChangePassword
public override void Initialize(string name, NameValueCollection config)
{
if (config == null)
{
throw new ArgumentNullException("config");
}
......
ConnectionStringSettings ConnectionStringSettings = ConfigurationManager.ConnectionStrings[config["connectionStringName"]];
if ((ConnectionStringSettings == null) || (ConnectionStringSettings.ConnectionString.Trim() == String.Empty))
{
throw new ProviderException("Connection string cannot be blank.");
}
connectionString = ConnectionStringSettings.ConnectionString;
**dbConn = new DBConnect(connectionString);
dbConn.ConnectToDB();**
......
} //Initialize
......
} // SGIMembershipProvider
I have instantiated dbConn object within Initialize() event. My problem is that how could i dispose off this object when object of SGIMembershipProvider is disposed off. I know the GC will do this all for me, but I need to explicitly dispose off that object. Even I tried to override Finalize() but there is no such overridable method. I have also tried to create destructor for SGIMembershipProvider.
View 2 Replies
Feb 7, 2011
I was made a custom membership provider.
All works good. My problem is Logs.
[Code]....
[Code]....
I dont know how to get user's ip.
I tried these methods...
Dim req as httprequest
ip = req.servervariables("remote_host") 'result = nothing
Dim req as new httprequest
ip = req.servervariables("remote_host") 'result = nothing
Dim req as requestcontext
ip = req.request.servervariables("remote_host") 'result = nothing...
View 2 Replies
Dec 20, 2010
I am developing an MVC2 application an am using the built in Membership provider. I am just asking myself if the authentication is on the server or the client?
View 2 Replies
Mar 30, 2011
I have setup a trivial preview website for a client that needs basic password protection. I'm using Forms Authentication with the credentials specified in web.config.
Everything works fine on my box (famous last words)
However, when I deploy to a production website running Win2008, the authentication code attempts to open a SQL Server database (I have no reference to anything SQL in web.config). How can I disable this behavior so that authentication is based on the credentials I have entered in web.config?
Exception in Event Log
Unable to connect to SQL Server database. at System.Web.Management.SqlServices.GetSqlConnection(String server, String user, String password, Boolean trusted, String connectionString) at System.Web.Management.SqlServices.SetupApplicationServices(String server, String user, String password, Boolean trusted, String connectionString, String database, String dbFileName, SqlFeatures features, Boolean install) at System.Web.DataAccess.SqlConnectionHelper.CreateMdfFile(String fullFileName, String dataDir, String connectionString) at System.Web.DataAccess.SqlConnectionHelper.EnsureSqlExpressDBFile(String connectionString)
... at System.Data.SqlClient.SqlConnection.Open() at System.Web.Management.SqlServices.GetSqlConnection(String server, String user, String password, Boolean trusted, String connectionString)(URL)
web.config (relevant portion)
<system.web>
<compilation targetFramework="4.0" />
<authentication mode="Forms">
<forms name="appNameAuth" path="/" loginUrl="Login.aspx" protection="All" timeout="30">
<credentials passwordFormat="SHA1"
<user name="me" password="SHA1OfMyPassword" />
</credentials>
</forms>
</authentication>
<authorization>
<deny users="?"/>
<allow users="me" />
</authorization>
</system.web>
View 1 Replies
Oct 27, 2010
I have a SqlMembershipProvider store with Roles enabled. This is configured and has the user "devtest" in the roles "xxUser" and "xxAdmin".
I also have a WCF service, which I want to authenticate and authorize against. My problem is that:
the authorisation is not happening, code just executes despite the policy attribute I don't get any identity or security context so do not know who is calling the service I need: to know which user is calling the
method some degree of rejecting users if permissions don't match (ideally this should be performed
within the RoleProvider/MembershipProvider/WCF but can do it myself if I have to) SSL in transport
I have my service contract set up thus:
[ServiceContract]
public interface ISupportService
{
[OperationContract]
[PrincipalPermission(SecurityAction.Demand, Role = "ThisRoleDoesNotExist")]
List<BaseInterestRate> GetAllBaseInterestRates();
}
the code is simple enough:
public class SupportService : ISupportService
{
public List<BaseInterestRate> GetAllBaseInterestRates()
{
OperationContext operationContext = OperationContext.Current;
ServiceSecurityContext serviceSecurityContext = ServiceSecurityContext.Current; // is always null
using (xxxEntities entities = new xxxEntities())
{
return new List<BaseInterestRate>(entities.BaseInterestRates);
}
}}
My service configuration is thus:
-->
<behaviors>
<serviceBehaviors>
<behavior name="SupportServiceBehavior">
<serviceMetadata httpGetEnabled="false" httpsGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="false" />
<serviceAuthorization principalPermissionMode="UseAspNetRoles" roleProviderName="AspNetSqlRoleProvider" />
<serviceCredentials>
<userNameAuthentication userNamePasswordValidationMode="MembershipProvider"
membershipProviderName="SqlMembershipProvider" />
</serviceCredentials>
</behavior>
<behavior>
<serviceMetadata httpGetEnabled="true"/>
<serviceDebug includeExceptionDetailInFaults="false"/>
</behavior>
</serviceBehaviors>
</behaviors>
<serviceHostingEnvironment multipleSiteBindingsEnabled="true" />
Having already configured the MembershipProvider:
<membership defaultProvider="SqlMembershipProvider" >
<providers>
<clear/>
<add name="SqlMembershipProvider"
connectionStringName="SqlMembershipProvider"
applicationName="xxx"
type="System.Web.Security.SqlMembershipProvider" />
</providers>
</membership>
<roleManager enabled="true">
<providers>
<clear />
<add connectionStringName="SqlMembershipProvider" applicationName="xxx"
name="AspNetSqlRoleProvider" type="System.Web.Security.SqlRoleProvider" />
<add applicationName="xxx" name="AspNetWindowsTokenRoleProvider
type="System.Web.Security.WindowsTokenRoleProvider" />
</providers>
</roleManager>
I have followed the instructions at these pages to the letter:
How to: Use the SQL Server Role Provider with Windows Authentication in WCF Calling from Windows Forms (MSDN)
How to: Create and Install Temporary Client Certificates in WCF During Development (MSDN)
How to: Use wsHttpBinding with Username Authentication and TransportWithMessageCredentials in WCF Calling from Windows Forms (MSDN)
Also quite useful found via SO: Use Asp.Net Membership provider with a WCF .svc service (Alkampfer's Place)
I would at lest expect an issue with certificates/transport/etc. to fail with exceptions, but I can debug right in and over the WCF call. I have no security context/ user context available to me and when I use a user not in the two mentioned roles (which I do in the code example above), I don't get "kicked out".
My client app is currently a Web App, but will ultimately also serve a Windows Forms app and Test suite. I'm currently using the ASP.NET WebDev server and am running .NET 4.0.
Am I missing something?
View 1 Replies
Jun 11, 2010
How i can realise my own Membership Provider for my social network example project where i want to use more extended registration with new fields?
View 3 Replies
Mar 22, 2011
i am planing an application that needs to handle different client logins. A user should be able to login under each clients url.The project will have a start page and multiple (database generated) client URLs.www.domain.com/ClientA www.domain.com/ClientB www.domain.com/ClientC
I failed using MVC Routes to build up such a scenario with dynamically clients so i used an MVC area for the client space:www.domain.com/clients/ClientA www.domain.com/clients/ClientB www.domain.com/clients/ClientC Is there any client support for membership providers? All i found is made for a single client environment. I would love to take advantage of the mvc buildin attributes for authentication..
View 2 Replies
May 3, 2010
I have implemented the .Net Membership provider with my website which is, for the most part, working well. However, occasionally a user will try and login and nothing will happen. There will be no error, they will just hit "Submit" from the login screen and continue to the homepage as an unauthenticated user. This behavior persists until they clear their web cache, or restart their machine... which makes me think it's some kind of cookie expiration error?
Does anyone have any ideas on how to troubleshoot this?
Here is the relevant section of my webconfig:
<membership defaultProvider="AspNetSqlMembershipProvider">
<providers>
<clear/>
<add name="AspNetSqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider" connectionStringName="ASPWebAuthConnectionString" maxInvalidPasswordAttempts="10000000" enablePasswordRetrieval="false" enablePasswordReset="true" applicationName="nvpumps"
requiresUniqueEmail="false" minRequiredNonalphanumericCharacters="0" minRequiredPasswordLength="5" requiresQuestionAndAnswer="false"/>
</providers>
</membership>
View 3 Replies
Feb 12, 2010
When is the LastActivityDate supposed to be updated? When I click on any other pages in my web application as an authenticated user, the LastActivityDate does not get updated.
I would imagine it should be updated when a user clicks on any page, whether it be to do with membership (change password, GetUser(), etc) or not. But the examples that I have seen, seem only to update it on ValidateUser().
http://msdn.microsoft.com/en-us/library/system.web.security.membershipuser.lastactivitydate.aspx
Under Remarks, it says to do it under ValidateUser method.
When do you update the LastActivityDate? Just inside ValidateUser()?
Update: Clarified question.
View 1 Replies
Apr 3, 2011
Now this might just be straightforward, but I can't seem to figure it out..
I have set up the Custom Membership provider, and gave it the proper connection stuff.
What I know is that it connects to the correct database, but I know for sure that it doesn't look at the correct table.
How would I set it up to use a specific table? As the table already has users in them.
The table name is: members_info.
the column names are: member___id(key), member_name, member__pwd, member_perm
member___id => Being the Key and the account name to login with
member_name => Being the users Name or Nickname
member__pwd => 10 chars long (for now)
member_perm => holds 1 of the following values: 0) User 1)Admin 2)Banned
now I know that the later one is to be setup by the Role Provider, and I'm sure once I know how to do the membership one that one is similar in some way.
So my question is, how do I point the Custom Membership Provider to the table: members_info and to use member___id for username, members__pwd for password (and possibly get member_name out to say: Welcome {member_name}! when they login).
===
Added info.
Members__uid is the key value as it increases on each new entry.
===
Since you can't tell it to use a specific table
How can I set it up so, that it works with the tool provided in visual studio? (Website > ASP.net Configuration).
As it now says 0 users, on the security tab. I want to be able to manage the users through here too.
View 1 Replies
May 5, 2010
How do I create a custom membership for ASP.NET MVC 2 based on the ASP.NET membership provider?
View 5 Replies
Oct 27, 2010
i'm new to the mvc framework but i used forms authentification in an asp.net webapplication. Because im forced to use Sybase SQL Anywhere server i use membership / profile / role provider from sybase.Why i can't login in the MVC Application? When i create a user via mvc web control i'm logged in. But when i logout and try to login i get a error that username or password is not correct.Maybe someone has an idea? Could it be a problem with the application name? Both have the applicationname " / " ?Both applications has these web.config entries:
[Code]....
View 3 Replies
