I have a web site in asp.net (web forms not MVC) with .NET framework 4.6.1 with standard Microsoft authentication on SQL Server:
<membership defaultProvider="SecuritySqlMembershipProvider">
<providers>
<add name="SecuritySqlMembershipProvider"
type="System.Web.Security.SqlMembershipProvider"
connectionStringName="ManageUsers"
enablePasswordRetrieval="false"
enablePasswordReset="true"
requiresQuestionAndAnswer="false"
applicationName="SecurityTutorials"
requiresUniqueEmail="false" passwordFormat="Hashed"
maxInvalidPasswordAttempts="5" minRequiredPasswordLength="7"
minRequiredNonalphanumericCharacters="1"
passwordAttemptWindow="10" passwordStrengthRegularExpression="" />
</providers>
</membership>
<roleManager enabled="true"
defaultProvider="SecuritySqlRoleProvider">
<providers>
<add name="SecuritySqlRoleProvider"
type="System.Web.Security.SqlRoleProvider"
applicationName="SecurityTutorials"
connectionStringName="ManageUsers" />
</providers>
</roleManager>
Now we've changed from Microsoft to Oracle and I need to adapt provider to manage membership.
I am unable to find anything good to make this work.
I found this article but it is incomplete.
Any suggestions? Thanks in advance.
Solved on my own way.
View at
GitHub
I am working on a legacy MVC3 application which uses Forms authentication and SQLMembership Provider for authorizing user access. It has the folowing configuration:
<authentication mode="Forms">
<forms loginUrl="~/Account/Login" timeout="2880" />
</authentication>
<membership>
<providers>
<clear />
<add name="AspNetSqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider" connectionStringName="ApplicationServices" enablePasswordRetrieval="true" enablePasswordReset="true" requiresQuestionAndAnswer="false" requiresUniqueEmail="true" maxInvalidPasswordAttempts="5" minRequiredPasswordLength="3" minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10" applicationName="/TimeSheets" passwordFormat="Clear" />
</providers>
</membership>
<profile inherits="Timesheets.Services.UserProfile">
<providers>
<clear />
<add name="AspNetSqlProfileProvider" type="System.Web.Profile.SqlProfileProvider" connectionStringName="ApplicationServices" applicationName="/TimeSheets" />
</providers>
</profile>
<roleManager enabled="true">
<providers>
<clear />
<add name="AspNetSqlRoleProvider" type="System.Web.Security.SqlRoleProvider" connectionStringName="ApplicationServices" applicationName="/TimeSheets" />
<add name="AspNetWindowsTokenRoleProvider" type="System.Web.Security.WindowsTokenRoleProvider" applicationName="/TimeSheets" />
</providers>
</roleManager>
If I create a new MVC application using Windows Authentication this configuration seems to be replaced with configuration like this:
<authentication mode="Windows" />
<authorization>
<deny users="?" />
</authorization>
I have tried just changing the configuration of the legacy MVC site to use this new authentication mode, but this fails to authenticate (I get an Error message "401.2.: Unauthorized: Logon failed due to server configuration.")
However the new web project runs and authenticates correctly (so it's not an AD or local permissions issue)
I had thought to try just putting all the legacy code into the new project but it is rather large and complex and getting everything lined up again in the new site could be very time consuming.
I'm hoping that changing the Auth model should be simpler and less intrusive - But what additional steps would I need to perform to configure the legacy site for Windows Authentication?
The missing part of my configuration change was in the .proj file. This is due to using the IIS Express within Visual Studio.
In order to get the Windows Auth to work in the IIS Express for debugging you need to configure it in the project settings:
The lines:
<IISExpressAnonymousAuthentication />
<IISExpressWindowsAuthentication />
Need to be replaced with:
<IISExpressAnonymousAuthentication>disabled</IISExpressAnonymousAuthentication>
<IISExpressWindowsAuthentication>enabled</IISExpressWindowsAuthentication>
For whatever reason, the site I was working on (after a bit of pause) begun screaming about an sql server connection for the asp.net membership. I'm using mysql without asp.net membership so it was weird. However just to be sure I've decided to remove anything related to it, including role providers.
I've added these to the web.config
<membership>
<providers>
<clear />
</providers>
</membership>
<roleManager enabled="false">
<providers>
<clear />
</providers>
</roleManager>
<profile enabled="false">
<providers>
<clear />
</providers>
</profile>
However, it still throws exception: "Configuration Error, Default Role Provider could not be found." . What can I do?
I think I found what was missing: I had to remove the RoleManager module also.
<system.webServer>
<modules runAllManagedModulesForAllRequests="true">
<remove name="RoleManager" />
</modules>
</system.webServer>
I have just uploaded my MVC3 ASP.net web application to my server 2008 R2 IIS 7.5 Express webserver.
The web app loads fine, but when clicking on the logon link and either trying to register a user account or log a existing user account on I get the following error:
"Sorry, an error occurred while processing your request."
If I browse the web app on my webserver (from within IIS7.5) and try the logon link I get the following ASP error:
"A network-related or instance-specific error occurred while establishing a connection to SQL Server. The server was not found or was not accessible. Verify that the instance name is correct and that SQL Server is configured to allow remote connections. (provider: SQL Network Interfaces, error: 26 - Error Locating Server/Instance Specified)"
"Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code."
"Exception Details: System.Data.SqlClient.SqlException: A network-related or instance-specific error occurred while establishing a connection to SQL Server. The server was not found or was not accessible. Verify that the instance name is correct and that SQL Server is configured to allow remote connections. (provider: SQL Network Interfaces, error: 26 - Error Locating Server/Instance Specified)"
"Source Error:
An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below."
Would someone mind helping me trouble shoot please?
I have two databases configured in my Web.Config:
<connectionStrings>
<add name="DatabaseDBContext" connectionString="data source=|DataDirectory|Content_Database.sdf" providerName="System.Data.SqlServerCe.4.0"/>
<add name="ApplicationServices" connectionString="data source=.\SQLEXPRESS;Integrated Security=SSPI;AttachDBFilename=|DataDirectory|aspnetdb.mdf;User Instance=true" providerName="System.Data.SqlClient"/>
</connectionStrings>
The SQL Compact (Content_Database.sdf) database works fine. I only get the error when trying to access the aspnetdb.mdf database.
The ASPNETDB.mdf database is practically in identical state to what you get given when loading the Microsoft MVC3 Razor template / tutorial from Visual Web Developer Express 2010.
I tried installing SQL Express 2008 on my webserver just in case this was the issue, made no difference.
The whole web application works perfectly on my Visual Web Developer 2010 Express development server (I can create users and log them on and off successfully). It just fails as soon as it is uploaded to the webserver.
Help appreciated - many thanks :-)
Full Web.Config:
<?xml version="1.0"?>
<!--
For more information on how to configure your ASP.NET application, please visit
http://go.microsoft.com/fwlink/?LinkId=152368
-->
<configuration>
<connectionStrings>
<add name="DatabaseDBContext" connectionString="data source=|DataDirectory|\Content_Database.sdf" />
<add name="ApplicationServices" connectionString="data source=|DataDirectory|\aspnetdb.sdf" />
<!--<add name="ApplicationServices"
connectionString="data source=.\SQLEXPRESS;Integrated Security=SSPI;AttachDBFilename=|DataDirectory|aspnetdb.mdf;User Instance=true"
providerName="System.Data.SqlClient" />-->
</connectionStrings>
<appSettings>
<add key="webpages:Version" value="1.0.0.0"/>
<add key="ClientValidationEnabled" value="true"/>
<add key="UnobtrusiveJavaScriptEnabled" value="true"/>
</appSettings>
<system.web>
<compilation debug="true" targetFramework="4.0">
<assemblies>
<add assembly="System.Web.Abstractions, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
<add assembly="System.Web.Helpers, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
<add assembly="System.Web.Routing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
<add assembly="System.Web.Mvc, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
<add assembly="System.Web.WebPages, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
</assemblies>
</compilation>
<authentication mode="Forms">
<forms loginUrl="~/Admin/LogOn" timeout="2880" />
</authentication>
<membership>
<providers>
<clear/>
<add name="SqlCeMembershipProvider" type="Project1.Domain.SqlCeMembershipProvider" connectionStringName="ApplicationServices" applicationName="/"
enablePasswordRetrieval="false" requiresQuestionAndAnswer="false" requiresUniqueEmail="true" passwordFormat="Hashed" writeExceptionsToEventLog="false" />
<!--<add name="AspNetSqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider" connectionStringName="ApplicationServices"
enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" requiresUniqueEmail="false"
maxInvalidPasswordAttempts="5" minRequiredPasswordLength="6" minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10"
applicationName="/" />-->
</providers>
</membership>
<profile>
<providers>
<clear/>
<add name="AspNetSqlProfileProvider" type="System.Web.Profile.SqlProfileProvider" connectionStringName="ApplicationServices" applicationName="/" />
</providers>
</profile>
<roleManager defaultProvider="SqlCeRoleProvider"
enabled="true"
cacheRolesInCookie="true"
cookieName=".ASPROLES"
cookieTimeout="30"
cookiePath="/"
cookieRequireSSL="false"
cookieSlidingExpiration="true"
cookieProtection="All">
<providers>
<clear/>
<add name="SqlCeRoleProvider" type="System.Web.Security.SqlCeRoleProvider" connectionStringName="ApplicationServices" applicationName="/" writeExceptionsToEventLog="true" />
<!--<add name="AspNetSqlRoleProvider" type="System.Web.Security.SqlRoleProvider" connectionStringName="ApplicationServices" applicationName="/" />-->
<add name="AspNetWindowsTokenRoleProvider" type="System.Web.Security.WindowsTokenRoleProvider" applicationName="/" />
</providers>
</roleManager>
<pages>
<namespaces>
<add namespace="System.Web.Helpers" />
<add namespace="System.Web.Mvc" />
<add namespace="System.Web.Mvc.Ajax" />
<add namespace="System.Web.Mvc.Html" />
<add namespace="System.Web.Routing" />
<add namespace="System.Web.WebPages"/>
</namespaces>
</pages>
</system.web>
<system.webServer>
<validation validateIntegratedModeConfiguration="false"/>
<modules runAllManagedModulesForAllRequests="true"/>
</system.webServer>
<runtime>
<assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">
<dependentAssembly>
<assemblyIdentity name="System.Web.Mvc" publicKeyToken="31bf3856ad364e35" />
<bindingRedirect oldVersion="1.0.0.0-2.0.0.0" newVersion="3.0.0.0" />
</dependentAssembly>
</assemblyBinding>
</runtime>
</configuration
>
It looks like your DatabaseDBContext/SDF if a Sql Compact database. This engine is extremely different from an administrators point of view. Basically, it is very simple to setup and get working.
Your ApplicationServices/mdf file is not a Compact database, it uses the normal sql (express, dev, workgroup, standard, enterprise etc) engine. This does require a bit of tweaking to get working. Your data source= option is configuring the SqlClient to use a specific engine installed on the local machine to open the database (this would require sql to be installed on the local machine as an instanced install with the name SqlExpress) and properly configured to allow connections (possibly remote). The Integrated Security is configuring the SqlClient to connect to the server as the user configued in the AppPool to connect to the database, which requires that user to have access to the file where the database is stored, the database itself (inside as security), and all the other security requirements of SSPI (which I would highly recommend you keep).
Update
I have a few projects running exclusively on Compact Framework (because for small projects, it's so much easier to maintain/administer).
To use SQL Server Compact 4, you need to install the Visual Studio Tools for SQL Server Compact 4. I use erikej SQL Compact Providers (Membership and Role) for asp.net and haven't run into any issues. The nice part about the providers is that most of the code you've written against the current providers won't change, you're just replacing the provider and database.
Either way, happy coding!
Update 2
My web.config has the following entries:
<connectionStrings>
<add name="membershipDatabase"
connectionString="data source=|DataDirectory|\Membership.sdf" />
</connectionStrings>
<membership defaultProvider="SqlCeMembershipProvider">
<providers>
<clear />
<add name="SqlCeMembershipProvider"
type="Project1.Domain.SqlCeMembershipProvider"
connectionStringName="membershipDatabase"
applicationName="/"
enablePasswordRetrieval="false"
requiresQuestionAndAnswer="false"
requiresUniqueEmail="true"
passwordFormat="Hashed"
writeExceptionsToEventLog="false" />
</providers>
</membership>
<roleManager defaultProvider="SqlCeRoleProvider"
enabled="true"
cacheRolesInCookie="true"
cookieName=".ASPROLES"
cookieTimeout="30"
cookiePath="/"
cookieRequireSSL="false"
cookieSlidingExpiration="true"
cookieProtection="All">
<providers>
<clear />
<add name="SqlCeRoleProvider"
type="Project1.Domain.SqlCeRoleProvider"
connectionStringName="membershipDatabase"
applicationName="/"
writeExceptionsToEventLog="true" />
</providers>
</roleManager>
Following the article shanselman i'm trying to use "System.Web.Providers" so you can use memberships, rules and profiles with Sql Server Compact.
I installed via Nuget, created a Users.sdf database and copied to the App_Data folder.
My Web.config was as follows:
<profile defaultProvider="DefaultProfileProvider">
<providers>
<clear />
<add
name="DefaultProfileProvider"
type="System.Web.Providers.DefaultProfileProvider"
connectionStringName="DefaultConnection"
applicationName="/" />
</providers>
</profile>
<membership defaultProvider="DefaultMembershipProvider">
<providers>
<clear />
<add connectionStringName="DefaultConnection" enablePasswordRetrieval="false"
enablePasswordReset="true" requiresQuestionAndAnswer="false"
requiresUniqueEmail="false" maxInvalidPasswordAttempts="5" minRequiredPasswordLength="6"
minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10"
applicationName="/" name="DefaultMembershipProvider" type="System.Web.Providers.DefaultMembershipProvider" />
</providers>
</membership>
<roleManager defaultProvider="DefaultRoleProvider">
<providers>
<clear />
<add connectionStringName="DefaultConnection" applicationName="/"
name="DefaultRoleProvider" type="System.Web.Providers.DefaultRoleProvider" />
</providers>
</roleManager>
<sessionState mode="Custom" customProvider="DefaultSessionProvider">
<providers>
<add
name="DefaultSessionProvider"
type="System.Web.Providers.DefaultSessionStateProvider"
connectionStringName="DefaultConnection"
applicationName="/" />
</providers>
</sessionState>
<connectionStrings>
<add name="Sql_CE" connectionString="Data Source=|DataDirectory|\Users.sdf;"
providerName="System.Data.SqlServerCe.4.0"/>
</connectionStrings>
I can not use "aspnet_regsql" because it generates the tables to a SQL Server based
The following error occurs when trying to access the "Web Site Administration Tool" on page security
There is a problem with your selected
data store. This can be caused by an
invalid server name or credentials, or
by insufficient permission. It can
also be caused by the role manager
feature not being enabled. Click the
button below to be redirected to a
page where you can choose a new data
store.
The following message may help in
diagnosing the problem: The
pre-application start initialization
method Start on type
WebMatrix.WebData.PreApplicationStartCode
threw an exception with the following
error message: This method cannot be
called during the application's
pre-start initialization stage.
First rename your connection string to DefaultConnection and remove the \ in front of Users.sdf like so:
<connectionStrings>
<add name="DefaultConnection" connectionString="Data Source=|DataDirectory|Users.sdf;"
providerName="System.Data.SqlServerCe.4.0"/>
</connectionStrings>
You say that you
created a Users.sdf database
how? The Providers framework and SqlCe should do this for you. Try deleting the Users.sdf from the App_Data folder and try accessing the "Web Site Administration Tool" again. The provider engine should recreate it for you.