tags:

views:

1788

answers:

7
+3  Q: 

ASP.Net Membership.DeleteUser

In testing, the user on a db i've used was a big jefe. in production, he only has Execute.

When i called 

Membership.DeleteUser(user)

in testing, it worked. I try the same in production, and i get this:

The DELETE statement conflicted with the REFERENCE constraint "FK__aspnet_Us__UserI__37703C52". The conflict occurred in database "Testing", table "dbo.aspnet_UsersInRoles", column 'UserId'.

In my seargles (searches on google), I came across this link: http://www.dougdossett.com/Details.aspx?Detail=35 where the dude was saying, "

Error: The DELETE statement conflicted with the REFERENCE constraint "FK__aspnet_Me__UserI__15502E78". The conflict occurred in database "YourDBName", table "dbo.aspnet_Membership", column 'UserId'.

Took me a while to find a solution to this across multiple sites and options as the error and possible solutions were rather misleading. Turns out, at least in my case, it was a problem with permissions on the membership database. The user I'm using to connect had access to view the membership details within the database itself, but as part of the aspnet_Users_DeleteUser stored procedure it selects from the sysobjects table. The membership connection user apparently did not have sufficient rights to do that select so the overall delete failed.

The fix for me was to add the user to the aspnet_Membership_FullAccess role for the membership database. "

but when i did that it didnt work. Anyone have any ideas on how to deal with this?

+1  A: 

I believe your 'REFERENCE' constraint is actually a Foreign key in the database that exists between the aspnet_Users table and the aspnet_UsersInRoles table. I would figure that the user you are trying, has it's UserId in both tables, and before you can remove it from the Users table, it has to be removed from the UsersInRoles table also.

Have you tried http://msdn.microsoft.com/en-us/library/system.web.security.roleprovider.removeusersfromroles.aspx to ensure that all the roles are removed from this user? You could verify too by inspecting the rows of these two tables in the database.

Kyle B.  2009-01-23 14:36:18
A: 

Hmm, KyleB, i dont think that's it. Mind you, it's letting me delete the user, when i use a SQL server user who is in dbo and has sa and all that. But when i try with a user who only has Execute permissions, it does buss. So, i wanted to know specifically what permissions i need to give to that user who only has Execute permission. Thanks

Irwin  2009-01-23 14:50:12
I still feel that it is a foreign key constraint with the database, as that is what the error message implies, but for what it is worth, I use db_datareader and db_datawriter for my database users.
Kyle B.  2009-01-23 15:20:18
A: 

Gang! Alert! Alert! So i'm still searching the google for issues like this to resolve it, and i came across this link: http://www.findwebhosting.us/aspnet-membershipdeleteuser/

IT'S THE EXACT SAME POST I ORIGINALLY PUT UP, in some other kind of "chain up" forum. ...anybody ever notice that?

Irwin  2009-01-23 18:49:40
Holy crap! Not only yours, but all of SO's posts. They're just ripping it off verbatim.
Mike Robinson  2009-01-23 18:51:50
Ok I reviewed that site a little more - talk about Black Hat SEO techniques!
Mike Robinson  2009-01-23 18:54:22
+1  A: 

OK, guess what? I read this: http://forums.asp.net/t/1254087.aspx

Ok, few minutes after sending my post I found the solution :) It turns out that SELECT PERMISSION had to be added for ASPNET user on vw_aspnet_MembershipUsers view.

But it is still mystery why I didn’t get an error concerning lack of permission. EXIST statement was just returning false.

and gave the production user SELECT permission and voila! It works! Thanks guys!

Irwin  2009-01-23 19:14:37
This doesn't make sense.. If the user has execute permissions on the stored procedure aspnet_Users_DeleteUser, the SELECT permissions on the view shouldn't matter. Just like having DELETE permissions on any of the aspnet tables doesn't matter.
Duke  2010-07-07 18:37:57
meh. it is what it is.
Irwin  2010-07-08 11:41:22
A: 

If the error (or similar) still persists after granting the ASP user SELECT on the vw_aspnet_MembershipUsers, you may want to grant SELECT for some of the other vw_aspnet_???? views too. Especially "profile" and "UsersInRoles". Otherwise - for some reasons, the DeleteUser SP gets an empty result when SELECTING from those views and refuses to delete existing entries from them first.

 2009-04-09 10:04:14
+2  A: 

I also had this issue and it was caused by missing views, to correct I just used the create script from another database and recreated all the vw_aspnet_* views.

 2009-04-28 17:03:54
Thanks man - those missing views caught me up too!
Sam Schutte  2009-07-07 05:00:06
The cause for me was also the missing views. Thanks a lot!
Brian Kim  2009-09-18 21:51:47
A: 

After a little inspection I found the issue is this line in the aspnet_Users_DeleteUser stored procedure:

IF ((@TablesToDeleteFrom & 1) <> 0 AND
    (EXISTS (SELECT name FROM sysobjects WHERE (name = N'vw_aspnet_MembershipUsers') AND (type = 'V'))))

There are 3 other similar lines for 3 other tables. The issue is that if the user executing the stored proc doesn't have access to vw_aspnet_MembershipUsers it won't turn up when selecting from sysobjects. I'm curious to know why that whole EXISTS statement is necessary.

Regardless, the following discussion, "Access to sysobjects to view user tables without having access to the user tables directly in SQL Server Security", has the answer. By granting "VIEW DEFINITION" on the views in question, the EXISTS statements will now succeed and you don't have to grant unneeded, unwanted, or excessive permissions to the user in your application's connection string.

Duke  2010-07-08 14:40:00
thanks. good stuff.
Irwin  2010-07-09 18:07:45

related questions

Is it better to create Model classes, or just stick with generic database utility class?
What are effective options for embedding video in an ASP.NET web site?
Visual Studio 2008 debugger already attached work-around
Tracking state using ASP.NET AJAX / ICallbackEventHandler
ASP.NET Display SVN Revision Number
ASP.NET URL Rewriting
How can I change the background of a masterpage from the code behind of a content page?
Easy way to AJAX WebControls
How do I define custom web.config sections with potential child elements and attributes for the properties?
ASP.NET MVC "CRUD" Database Sample
Are Multiple DataContext classes ever appropriate?
How to RedirectToAction in ASP.NET MVC without losing request data
Triple Quotes? How do I delimit a databound Javascript string parameter in ASP.NET?
ASP.NET built in user profile, Vs old stile user class/tables
What's a good book for learning ASP?
Bandwith throttling in IIS 6 by IP Address
ASP .Net Custom Client-Side Validation
How to get the value of built, encoded ViewState?
Decent, simple, GIS/mapping component for ASP.NET?
Checklist for IIS 6/ASP.NET Windows Authentication?
How to write to Web.Config in Medium Trust ?
ASP.NET, Visual Studio and Subversion - how to integrate?
Floating Point Number parsing: Is there a Catch All algorithm?
How do I sync the SVN revision number with my ASP.NET web site?
ASP.NET Site Maps