tags:

views:

120

answers:

1
+3  Q: 

asp.net membership - sql authentication

I want to know whats the "right" way to setup membership in a new website.

When i have new project i can go to Website/ASP.NET Configuration. There i can setup Forms authentication and manage all users that will be using this page. I can make roles and rules on folders. All of this info are saved into table that will be saved locally in database App_Data/ASPNETDB.MDF. What i'm trying to do is that all this info would be on a host server along with the website but not locally.

What is the best way to connect my website that i made locally to a mssql server that is central. I want to be able to go to the asp.net configuration and manage users but i want the data to be saved in the tables on the mssql server not to the aspnetdb.mdf file.

I have already made the asp.net membership tables on the mssql server by using the aspnet_regsql.exe file.

Update: Never mind, i found out a way to to this. Just had to add <remove name="LocalSqlServer"/> in <ConnectionStrings> and then my own connection string. Now its working...

+3  A: 

There is a line command in the Visual Studio SDK called "aspnet_regsql". It opens a window, and you can use it to set up the ASP.NET membership, roles, and profile support in any SQL Server database.

For most applications, you'll probably end up writing your own membership admin pages. It's not hard, and most of the controls you need are in the toolbox in Visual Studio. Here's the cookbook I've given in presentations on security:

To add ASP.NET membership and roles to an existing SQL Server database:

  1. Open a Visual Studio 2008 command window.

    (If you must run SQL line commands in Administrator mode, you will need to open a command line in administrator mode, then set the path to include the Visual Studio SDK executables.)

  2. Run aspnet_regsql in that command window.

  3. For the SQL user logins that will use the database, add one or more of the following membership provider roles:

    aspnet_Membership_FullAccess - if users can register themselves or others aspnet_Membership_BasicAccess - users cannot register themselves aspnet_Membership_ReportingAccess - for membership statistics

  4. For the SQL user logins, add one or more of the following role provider roles:

    aspnet_Roles_FullAccess - create and delete roles aspnet_Roles_BasicAccess - use asp.net roles

  5. Configure your initial application and roles using SQL Server Management Studio:

    exec aspnet_Applications_CreateApplication @ApplicationName='Northwind',@ApplicationID=''

    exec aspnet_Roles_CreateRole @ApplicationName='Northwind', @RoleName='Employee'

    exec aspnet_Roles_CreateRole @ApplicationName='Northwind', @RoleName='Manager'

    exec aspnet_Roles_CreateRole @ApplicationName='Northwind', @RoleName='Master'

  6. Implement your "New User" page, but don't lock it down with forms authorization yet. You may want to implement your own form, assuming you have user records already existing in your database, and assuming that you'd like to add roles as part of the "create user" process. In any case, use this page to create an initial set of users for ASP.NET membership; it's easier this way than trying to make it work with stored procedures. See sample code for an implementation of user creation without using the ASP.NET LoginView control.

    Note that this "Add a User" page in the sample application assumes a number of things that are hard to do with the standard Login control in ASP.NET. If you're creating users as an administrative function, rather than letting users add themselves, you probably want to have multiple roles, and be able to select the role. Even more important, you may have "user" tables already established in your database, and need to integrate "new user" functionality with adding records to your application's user table. This is a prototype for creating your own Login control, collecting additional data and integrating the creation of user records, ASP.NET membership records, and ASP.NET role assignments. All of this is done within an ambient transaction, so they either succeed or fail as a single unit of work.

  7. Once you've created users and added them to roles, you can set up forms authentication and lock down your pages that require authorization. Notes:

    a. Don't require authentication for your top-level directory. Pages at this level should be publicly accessible. b. Add a web.config in each subdirectory where pages require authentication. Usually, setting the authentication level will be the only function in these web.config files.

Cylon Cat  2010-06-29 23:46:25

related questions

Backup SQL Schema Only?
Sql to query a dbs scheme
Timer-based event triggers
Sql query, count and group by
Paging SQL Server 2005 Results
SQL 2005 For XML Explicit - Need help formatting
How do I use T-SQL Group By
What all do I need to escape when sending a (My)SQL query?
Split String in SQL
Datatable vs Dataset
ASP.NET MVC "CRUD" Database Sample
Convert HashBytes to VarChar
Best Book for a new Database Developer
What is the best way to avoid SQL injection attacks?
What language do you use for Postgresql triggers and stored procedures?
What is the best way to handle multiple permission types?
How do I index a database field
Swap unique indexed column values in database.
cx_Oracle - what is the best way to iterate over a result set?
cx_Oracle - How do I access Oracle from Python?
Is there a version control system for database structure changes?
How to export data from SQL Server 2005 to MySQL
ASP.NET Site Maps
Decoding T-SQL CAST in C#/VB.net
Flat File Databases in PHP