George's Bio  Bio    Blog    Articles    Books    Presentations RSS 2.0 Atom 1.0 CDF  
George Wesolowski's .NET Weblog - Using Membership and Personalization with ASP.NET 2.0 ...
 
George Wesolowski
George's Bio
Archive
<November 2008>
SunMonTueWedThuFriSat
2627282930311
2345678
9101112131415
16171819202122
23242526272829
30123456
Categories
 Articles
Blogroll
 Michael Stiefel
 Rob Daigneau
 Scott Jamison
Contact
Send mail to the author(s) Email Me

Disclaimer
The opinions expressed herein are my own personal opinions and do not represent my employer's view in anyway.

Powered by
newtelligence dasBlog 1.8.5223.1

Sign In
 Thursday, December 22, 2005
Using Membership and Personalization with ASP.NET 2.0 ...

I built a simple photo album ASP.NET applicatioin with Visual Studio 2005 and I decided to use forms-based authentication to "password-protect" the application.  The good news is that I didn't write a single line of code to provide a login page.  However, there was a bit of configuration and installation that I had to do to get the SQL Server 2005 personalization database setup and working with my application.  Once I got it setup, deploying it to my production server was a breeze ...

Here are the important steps:

1.  Run the aspnet_regsql.exe application from the Visual Studio 2005 command prompt to create the aspnetdb database,

2.  Be sure to grant your anonymous Internet login aspnet_Membership_BasicAccess, aspnet_Personalization_BasicAccess, aspnet_Profile_BasicAccess, and aspnet_Roles_BacisAccess role memberships for the aspnetdb database,

3.  Using Visual Studio 2005, configure your web.config file with a connection string to the aspnet database, as well as membership, roleManager, and authorization nodes as shown below:

<?xml version="1.0"?>
<!--
Note: As an alternative to hand editing this file you can use the
web admin tool to configure settings for your application. Use
the Website->Asp.Net Configuration option in Visual Studio.
A full list of settings and comments can be found in
machine.config.comments usually located in
\Windows\Microsoft.Net\Framework\v2.x\Config
-->
<configuration xmlns="http://schemas.microsoft.com/.NetConfiguration/v2.0">
    <appSettings/>
    <connectionStrings>
        <add
name="MySqlConnection"
connectionString="Data Source=<your SQL Server here>;Initial Catalog=aspnetdb;Integrated Security=SSPI;" />
    
    <system.web>
        <!--
Set compilation debug="true" to insert debugging
symbols into the compiled page. Because this
affects performance, set this value to true only
during development.
-->
        <compilation debug="true"/>

        <authorization>
<allow users="guest" />
<deny users="*" />
</authorization>
        <!--
The <authentication> section enables configuration
of the security authentication mode used by
ASP.NET to identify an incoming user.
-->
        <membership defaultProvider="SqlProvider" userIsOnlineTimeWindow="15">
            <providers>
                <clear />
                <add
name="SqlProvider"
type="System.Web.Security.SqlMembershipProvider"
connectionStringName="MySqlConnection"
applicationName="<your app name here>"
enablePasswordRetrieval="false"
enablePasswordReset="true"
requiresQuestionAndAnswer="true"
requiresUniqueEmail="true"
passwordFormat="Hashed" />
            </providers>
        </membership>
        
        <roleManager>
            <providers>
                <clear />
                <add
connectionStringName="MySqlConnection"
applicationName="<your app name here>"
name="AspNetSqlRoleProvider"
type="System.Web.Security.SqlRoleProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
                <add
applicationName="PatsPhotos"
name="AspNetWindowsTokenRoleProvider"
type="System.Web.Security.WindowsTokenRoleProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
            </providers>
        </roleManager>

        <authentication mode="Forms">
            <forms name=".ASPXFORMSAUTH" />
        </authentication>

        <!--
The <customErrors> section enables configuration
of what to do if/when an unhandled error occurs
during the execution of a request. Specifically,
it enables developers to configure html error pages
to be displayed in place of a error stack trace.

<customErrors mode="RemoteOnly" defaultRedirect="GenericErrorPage.htm">
<error statusCode="403" redirect="NoAccess.htm" />
<error statusCode="404" redirect="FileNotFound.htm" />
</customErrors>
-->
    </system.web>
</configuration>

4.  From the Website, ASP.NET Configuration menu in Visual Studio 2005, add the appropriate users, roles, and access rules using the Website Administration Tool,

5.  For my app, I created a new, blank ASP.NET page named login.aspx and dragged a Login control onto the page from the Toolbox.  I selected one of the built-in auto formats for the Login control ...

Et voila!  I had added forms-based authentication using a SQL Server 2005 database without writing a single line of ASP.NET code!

After testing my application, I repeated steps 1 and 2 on my production SQL Server, and modified my web.config file to add a "production" connection string ...

12/22/2005 9:14:28 PM (Eastern Standard Time, UTC-05:00)  #       | 
Copyright © 2008 George D. Wesolowski
newtelligence dasBlog 1.8.5223.1