Using Forms Authentication with Membership Providers in ASP.NET 2.0
page 5 of 6
by Sudeep G
Average Rating: This article has not yet been rated.
Views (Total / Last 10 Days): 67143/ 130

Part 4: Setting up and using SqlMembershipProvider & SQL Role Provider

Setting up SqlMembership Provider is pretty easy. As a required ingredient, you definitely need an instance of SQL Server 2000 or above. SqlMembershipProvider works only with SQL Server. (SQL Express versions are also supported, but should not be used in production).

Step 1: Setup SQL Server database

Run the run Aspnet_regsql.exe found in the %systemroot%\Microsoft.NET\Framework\ v2.0.50727 to bring up the GUI configuration mode and choose to configure all ASP.NET Features. From the GUI, you can connect to a SQL Server instance running on another box by typing: SQLServerName\InstanceName. If you do not provide the instance name, it connects to the default instance.

Step 2: configure the Connection String for SQL Server store and roles store

Internet Information Services 6.0

Open your application’s web.config and add the following under <configuration> element.

Listing 9

<add name="SQLConnection" connectionString="Data 
Source=DatabaseServer\Instance;Integrated Security=SSPI;Initial Catalog=aspnetdb;" />
And under <system.web>
<roleManager enabled="true" defaultProvider="MySqlRoleProvider">
<add name="MySqlRoleProvider" connectionStringName="SQLConnection" 
applicationName="SQLMembership" type="System.Web.Security.SqlRoleProvider, 
System.Web, Version=, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
<membership defaultProvider="SQLProvider">
<add connectionStringName="SQLConnection" applicationName="SQLMembership"
enablePasswordRetrieval="false" enablePasswordReset="true" 
requiresUniqueEmail="false" passwordFormat="Hashed" maxInvalidPasswordAttempts="5"
passwordAttemptWindow="10" name="SQLProvider" 
type="System.Web.Security.SqlMembershipProvider" />

Internet Information Services 7.0

1.    Open Internet Information Services Manager. Click Start, run and type “Inetmgr” without quotes and press ENTER.

2.    Expand the <ComputerName> node and then expand “Sites” node.

3.    Locate your website/virtual folder and click on it.

4.    Double click on the Connection Strings icon.

5.    In the Actions Pane, click on Add...

6.    Configure the following:

7.    Name: SQLConnection

8.    Click on Custom and then enter your connection string: Data Source=DBServer\Instance;Integrated Security=SSPI;Initial Catalog=aspnetdb;

9.    Click OK.

10. Click on the Back button in IIS User Interface.

11. Double click on the Providers icon.

12. From the Feature drop down, select .NET Roles.

13. In the Actions Pane, click on Add...

14. From the Type dropdown, select “SqlRoleProvider (System.Web.Security...).

15. In the name box type: “MySqlRoleProvider.”

16. Under ConnectionStringName, select SQLConnection.

17. Under ApplicationName, provide a name for the application.

18. Click OK.

19. Click on the Back button in the IIS User Interface.

20. Double click on the .NET Roles icon.

21. In the Actions Pane, click on Set Default Provider... and select MySqlRoleProvider and click OK.

22. In the Actions Pane, click on the Enable button.

23. Click on the Back button in IIS User Interface.

24. Double click on the Providers icon.

25. From the Feature drop down, select .NET Users.

26. In the Actions Pane, click on Add...

27. From the Type dropdown, select “SqLMembershipProvider (System.Web.Security...).

28. In the name box type: “SQLProvider.”

29. Under ConnectionStringName, select SqlConnection.

30. Under ApplicationName, provide a name for the application.

31. Click on the OK button.

32. Click on the Back button in the IIS User Interface.

So now we have wired these up as follows: Forms authentication (Uses) à Login Control (talks to) à MemberShipProvider & Role Providers(Uses) à specified connectionString.

Step 3: Test the Membership and roles using Configuration

1.    From the Website Menu in VS 2005 or later, click on ASP.NET configuration.

2.    Click on the Security tab and click on Authentication type. Ensure it is set to “Internet.”

3.    Click on Create or Manage roles and then add the roles you want. Eg: Managers & Engineers. Once finished click the Back button in the bottom right corner of the page.

4.    Click on Create User and then add 2 users - one that has membership in Managers role and another one in Engineers.

5.    Run your application and login with one of your user accounts that you created in step 4.

Step 4: Test Roles

Create a folder called Secured under your application folder and create a new ASP.NET web page called Secured.aspx in that folder.

Add a hyperlink to this page from Default.aspx page.

Add the following location tag to your web.config:

Listing 10

<location path="Secured">
      <deny users="*"/>
      <allow roles="Managers" />

Test with each user account to see if you can browse the secured page. Only the user with the Manager role will be allowed. Others should be redirected back to login page.

View Entire Article

User Comments

No comments posted yet.

Product Spotlight
Product Spotlight 

Community Advice: ASP | SQL | XML | Regular Expressions | Windows

©Copyright 1998-2021  |  Page Processed at 2021-12-07 7:15:19 PM  AspAlliance Recent Articles RSS Feed
About ASPAlliance | Newsgroups | Advertise | Authors | Email Lists | Feedback | Link To Us | Privacy | Search