CODEWITHSUNDEEP
asp.netasp.net-membership
sydneyos
sydneyos

Reputation: 4557

ASP.NET Membership Mystery

So, I am converting an application from integrated security to forms authentication using the built-in membership provider and having the most bizarre behavior. Initially, I used the default sqlexpress configuration where it creates an aspnetdb.mdf file in your App_Data folder.

However, I wanted to move this to my SQL Server and did so by creating the procedures and tables in an SQL Server database and pointed my provider at that database. And yet, when I would run the Web Site Administration Tool, it would not look at the SQL Server.

It keeps creating an aspnetdb.mdf file and using that, even though my application appeared to be properly hitting the SQL database. Finally, I turned off the SQLEXPRESS service, and now is where the really odd bit happens.

Login works fine - Membership.Provider.ValidateUser(LoginUser.UserName, LoginUser.Password) returns true. However, when an IsInRole call is made, it times out failing to connect to the database. Clearly, it is trying to connect to the SQLEXPRESS database. I have restarted IIS, restarted the database service to no avail.

Is this not the right place to tell the membership service what database to hit:

<connectionStrings> 
    <add name="MyConnection" connectionString="user id=myuser;password=mypassword;data source=SERVER\INSTANCE;initial catalog=mycatalog;"/>
</connectionStrings>

<system.web>
    <authentication mode="Forms">
        <forms name="formsauth" protection="None" path="/" loginUrl="~/Account/Login.aspx" cookieless="UseCookies"/>
    </authentication>
    <roleManager enabled="true" />
    <membership>
        <providers>
            <remove name="AspNetSqlMembershipProvider"/>
            <add name="AspNetSqlMembershipProvider" 
     type="System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" 
     connectionStringName="MyConnection" 
     enablePasswordRetrieval="false" 
     enablePasswordReset="true" 
     requiresQuestionAndAnswer="false" 
     applicationName="/MyApp" 
     requiresUniqueEmail="false" 
     minRequiredPasswordLength="6" 
     minRequiredNonalphanumericCharacters="0" 
     passwordFormat="Hashed" 
     maxInvalidPasswordAttempts="5" 
     passwordAttemptWindow="10" 
     passwordStrengthRegularExpression=""
     />
        </providers>

Upvotes: 1

Views: 215

Answers (1)

Mike Bailey
Mike Bailey

Reputation: 12817

First and foremost, the reason why the aspnetdb.mdf is being created is because you're using the ASP.NET Configuration Tool. It only works for the SQL Express instance. It can't be used on a fully fledged SQL Server. For that, you'll essentially need to re-create the administration panel within your own application.

If you wish to use Roles under the local SQL Server, you'll need to configure your web.config to point to your SQL Server for the role provider as well. By default it points to the aspnetdb.mdf file that the Membership provider also points to.

For example:

<system.web>
    <roleManager defaultProvider="SqlRoleProvider" enabled="true">
      <providers>
        <clear />
        <add name="SqlRoleProvider"
             type="System.Web.Security.SqlRoleProvider"
             connectionStringName="MyConnection"/> <!--- Point this to your sql server -->
      </providers>
    </roleManager>
</system.web>

For you it would look something like this:

<configuration>
  <connectionStrings>   
    <add name="MyConnection" connectionString="user id=myuser;password=mypassword;data source=SERVER\INSTANCE;initial catalog=mycatalog;"/>
  </connectionStrings>

  <system.web>
    <authentication mode="Forms">
      <forms name="formsauth" protection="None" path="/" loginUrl="~/Account/Login.aspx" cookieless="UseCookies"/>
    </authentication>

    <membership>
      <providers>
        <remove name="AspNetSqlMembershipProvider"/>
        <add name="AspNetSqlMembershipProvider" 
             type="System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" 
             connectionStringName="MyConnection" 
             enablePasswordRetrieval="false" 
             enablePasswordReset="true" 
             requiresQuestionAndAnswer="false" 
             applicationName="/MyApp" 
             requiresUniqueEmail="false" 
             minRequiredPasswordLength="6" 
             minRequiredNonalphanumericCharacters="0" 
             passwordFormat="Hashed" 
             maxInvalidPasswordAttempts="5" 
             passwordAttemptWindow="10" 
             passwordStrengthRegularExpression=""/>
      </providers>
    </membership>

    <roleManager defaultProvider="SqlRoleProvider" enabled="true">
      <providers>
        <clear />
        <add name="SqlRoleProvider"
             type="System.Web.Security.SqlRoleProvider"
             connectionStringName="MyConnection"/> <!--- Point this to your sql server -->
      </providers>
    </roleManager>
  </system.web>
</configuration>

See here for more details: Membership and Role Provider

Upvotes: 5

Related Questions