tags:

views:

29

answers:

2
+2  Q: 

Is a .Net membership database portable, or are accounts somehow bound to the originating Web site or server?

I have an ASP.Net Web site using .Net Membership with a SQL Server provider, so the users and roles are stored in the SQL tables created by Aspnet_regsql.exe.

Is this architecture totally self-contained and portable, or are users in it somehow bound to the specific Web site on which they create their account?

Put another way, if we create a bunch of users in dev or UAT, the back up and restore this database to another server, accessed under another domain name, should it still work just fine?

We're seeing some odd behavior when we move the database, like users losing group affiliation and such, and I'm curious how portable and environment-agnostic this database really is. I have a sneaking suspicion that something is bound to the machine key or the domain.

A: 

The users are bound to the application name. You could check it and see if the application name each user is linked to corresponds to the application name on the web.config on your production server.

Apart from that, when you are porting membership to another database, you should make sure that you are taking not only tables but all the stored procedures as well. If, for any reason, you are just porting your database schema, you should run Aspnet_regsql.exe before you port it.

Daniel C.S.  2010-04-23 13:57:37
But in a backup and restore situation, wouldn't all the stored procs come over anyway?
Deane  2010-04-23 14:05:43
A: 

Yes they should work fine.

Only place where you need to be careful is password management. .Net membership providers may use machine specific keys to encrypt or hash the passwords. But there's a work-around where in you tell the asp.net application to use specific machine key and not the auto-generated machine specific keys.

In my application, I keep my passwords encrypted and I have specified my machine-key as below for encryption/decryption. When I do this, I can port my development database to production server or also migrate database from one production server to another very much easily.

  <machineKey validationKey="<your-validation-key>" decryptionKey="<your-decryption-key>" validation="SHA1"/>

There's nothing else you need to worry about regarding migration while working with MembershipProviders.

this. __curious_geek  2010-04-23 14:07:13
If you didn't do this, and just let the provider has the passwords with the auto-generated machine key, is there anyway to recover from this? I don't know if this is my problem, but if we assume that the password hash was specific to a particular machine...what do you do about that?
Deane  2010-04-23 14:11:13
I have never actually looked into this situation since we pro-actively took care of it by doing it this way. I think you should be able to retrieve the machine-key from machine.config in your case. Will write back here if I find something fruit-ful on this subject.
this. __curious_geek  2010-04-23 14:13:10

related questions

Store user id in Principal or Identity? ASP.Net/OpenID.
Converting Single DB ASP.NET Site into MultiTenant - Membership and Roles Dilema
customize asp.net membership by changing "userid" type to integer
ASP Membership cannot handle encrypted connection strings in web.config
what is the best way to make some pages in asp.net require login?
Looking for a Yahoo Groups (CMS) replacement
Why should I Use ASP.NET Membership security model?
ASP.NET: Does implementing a custom MembershipProvider class needs you to implement a custom Membership class too?
How to set the Principal in an ASP.Net app
How can you test if an ASP.NET membership password will meet configured complexity requirements?
ExpressionEngine Multiple Site Manager and Member Groups
Locking out a user in an ASP .Net Custom Membership Provider
ASP.NET Application to authenticate to Active Directory or SQL via Windows Authentication or Forms Authentication
Not using e-mail address in a custom MembershipProvider?
How to get current user in Asp.Net MVC
programmatic login with .net membership provider
ASP.NET Forms Authentication With Only UserName
Unit test Custom membership provider with NUnit throws null reference error
How to access UserId in ASP.NET Membership without using Membership.GetUser() ?
How can I wire users with their respective folders in ASP.NET?
Grabbing Users with a specific value in their profile
How do you pass an authenticaticated session between app domains
What's the best way to authenticate over WCF?
Memcached chunk limit
ASP.NET Site Maps