Hi,
Is there a way to disable ASP.Net membership provider from using a web.config?
Currently it stores a connection string and a sqlMembershipProvider in a web.config which is not where i'd like it to be.
Thank you
+1
A:
The provider plumbing is configuration driven.
Depending on your level of experience, you might be able to roll your own providers that are initialized other ways but it is definitely not a trivial task and is fraught with subtle pitfalls that will surface at the most inopportune moments, perhaps when your boss logs in and his network password is leaked.
Attempting to initialize the intrinsic providers programmatically will be an exercise in frustration.
It might help if you were to explain why you don't like using a configuration file for, umm, configuration?
Sky Sanders
2010-07-20 10:08:52
All other connection strings are stored in a central location and I don't want them laying around web.configIt's frustrating that asp.net membership provider just adds them for you and then few days later you stumble across connection string in a web.config...
vikp
2010-07-20 10:49:03
@vikp - ok, don't get me wrong, i am not trying to pick a fight with ya, but I have to ask where your preferred location for connection string is and it might help me understand better how to help you get where you want to go.
Sky Sanders
2010-07-20 10:53:11
I didn't get that impression at all so no worries :)Other connection strings are stored in the registry since the platform for the application will always be Windows. Web.config is available in web application, when app.config is available in non-web applications, this means that i'll have to maintain connection strings in two places, instead of one.
vikp
2010-07-20 11:13:50
@vikp - see comment on steven's answer. I think you have a winner there. I have no idea why I spaced out on the solution. I use the same to test providers, but am apparently getting used to giving 'best/better practices' answers that I did you a disservice. I am losing touch with my 'just get it done' self. cheers.
Sky Sanders
2010-07-22 16:43:21
Could you not have both config files import the connection string from a shared include file? See http://www.devx.com/vb2themax/Tip/18880 for details…
Owen Blacker
2010-10-13 13:01:22
@owen - sure, but the story is OP wants no .config.
Sky Sanders
2010-10-13 13:37:34
@Sky: Yeah, though, reading why, that *might* solve the same problem for him.
Owen Blacker
2010-10-14 09:21:17
+2
A:
You can typically use a provider just after calling its default constructor and call Initialize on it. However, it is impossible to use the System.Web.Security.Membership abstraction, without the web.config, because the Membership class is hard-wired to the configuration file. When using the Membership class, it will instantiate types that you configured in the configuration file.
As I said, when you don't want to configure it in the configuration file, you can create it in code. This would be a nice approach, especially when you have your own IoC framework (you could see the Membership facade as an IoC implementation just for types deriving from MembershipProvider). Here is an example of how for create a SqlMembershipProvider:
var configuration = new NameValueCollection();
configuration.Add("name", "SqlProvider");
configuration.Add("connectionStringName", "SqlServices");
configuration.Add("applicationName", "MyApplication");
configuration.Add("enablePasswordRetrieval", "false");
configuration.Add("enablePasswordReset", "true");
configuration.Add("requiresQuestionAndAnswer", "true");
configuration.Add("requiresUniqueEmail", "false");
configuration.Add("passwordFormat", "Hashed");
configuration.Add("maxInvalidPasswordAttempts", "5");
configuration.Add("passwordAttemptWindow=", "10");
var provider = new SqlMembershipProvider();
provider.Initialize("SqlProvider", configuration);
// And here store it in a static field or register it with your
// favorite IoC container.
container.RegisterSingle<MembershipProvider>(provider);
Good luck.
Steven
2010-07-20 10:13:44
This would remove the providers, but I need the membership provider to connect to the database, but without reading anything from web.config. Is this possible?
vikp
2010-07-20 10:49:39
++ Steven, I completely spaced out this obvious solution. I use the same setup to test providers. In any case, to answer @vikp, just place a dummy connection string in the configuration file and after initialization, use reflection to set the connection string (it is not public, use reflector to find it) from your registry right after .Initialize .
Sky Sanders
2010-07-22 16:41:35