Setting up SqlMembership Provider is pretty easy. As a
required ingredient, you definitely need an instance of SQL Server 2000 or
above. SqlMembershipProvider works only with SQL Server. (SQL Express versions
are also supported, but should not be used in production).
Step 1: Setup SQL Server database
Run the run Aspnet_regsql.exe found in the %systemroot%\Microsoft.NET\Framework\
v2.0.50727 to bring up the GUI configuration mode and choose to configure all
ASP.NET Features. From the GUI, you can connect to a SQL Server instance
running on another box by typing: SQLServerName\InstanceName. If you do not
provide the instance name, it connects to the default instance.
Step 2: configure the Connection
String for SQL Server store and roles store
Internet Information Services 6.0
Open your application’s web.config and add the following
under <configuration> element.
Listing 9
<connectionStrings>
<add name="SQLConnection" connectionString="Data
Source=DatabaseServer\Instance;Integrated Security=SSPI;Initial Catalog=aspnetdb;" />
</connectionStrings>
And under <system.web>
<roleManager enabled="true" defaultProvider="MySqlRoleProvider">
<providers>
<add name="MySqlRoleProvider" connectionStringName="SQLConnection"
applicationName="SQLMembership" type="System.Web.Security.SqlRoleProvider,
System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
</providers>
</roleManager>
<membership defaultProvider="SQLProvider">
<providers>
<add connectionStringName="SQLConnection" applicationName="SQLMembership"
enablePasswordRetrieval="false" enablePasswordReset="true"
requiresQuestionAndAnswer="true"
requiresUniqueEmail="false" passwordFormat="Hashed" maxInvalidPasswordAttempts="5"
passwordAttemptWindow="10" name="SQLProvider"
type="System.Web.Security.SqlMembershipProvider" />
</providers>
</membership>
Internet Information Services 7.0
1.
Open Internet Information Services Manager. Click Start, run and type
“Inetmgr” without quotes and press ENTER.
2.
Expand the <ComputerName> node and then expand “Sites” node.
3.
Locate your website/virtual folder and click on it.
4.
Double click on the Connection Strings icon.
5.
In the Actions Pane, click on Add...
6.
Configure the following:
7.
Name: SQLConnection
8.
Click on Custom and then enter your connection string: Data
Source=DBServer\Instance;Integrated Security=SSPI;Initial Catalog=aspnetdb;
9.
Click OK.
10. Click
on the Back button in IIS User Interface.
11. Double
click on the Providers icon.
12. From
the Feature drop down, select .NET Roles.
13. In
the Actions Pane, click on Add...
14. From
the Type dropdown, select “SqlRoleProvider (System.Web.Security...).
15. In
the name box type: “MySqlRoleProvider.”
16. Under
ConnectionStringName, select SQLConnection.
17. Under
ApplicationName, provide a name for the application.
18. Click
OK.
19. Click
on the Back button in the IIS User Interface.
20. Double
click on the .NET Roles icon.
21. In
the Actions Pane, click on Set Default Provider... and select MySqlRoleProvider
and click OK.
22. In
the Actions Pane, click on the Enable button.
23. Click
on the Back button in IIS User Interface.
24. Double
click on the Providers icon.
25. From
the Feature drop down, select .NET Users.
26. In
the Actions Pane, click on Add...
27. From
the Type dropdown, select “SqLMembershipProvider (System.Web.Security...).
28. In
the name box type: “SQLProvider.”
29. Under
ConnectionStringName, select SqlConnection.
30. Under
ApplicationName, provide a name for the application.
31. Click
on the OK button.
32. Click
on the Back button in the IIS User Interface.
So now we have wired these up as follows: Forms
authentication (Uses) à
Login Control (talks to) à
MemberShipProvider & Role Providers(Uses) à specified connectionString.
Step 3: Test the Membership and roles
using ASP.net Configuration
1.
From the Website Menu in VS 2005 or later, click on ASP.NET
configuration.
2.
Click on the Security tab and click on Authentication type. Ensure it is
set to “Internet.”
3.
Click on Create or Manage roles and then add the roles you want. Eg:
Managers & Engineers. Once finished click the Back button in the bottom
right corner of the page.
4.
Click on Create User and then add 2 users - one that has membership in
Managers role and another one in Engineers.
5.
Run your application and login with one of your user accounts that you
created in step 4.
Step 4: Test Roles
Create a folder called Secured under your application folder
and create a new ASP.NET web page called Secured.aspx in that folder.
Add a hyperlink to this page from Default.aspx page.
Add the following location tag to your web.config:
Listing 10
<location path="Secured">
<system.web>
<authorization>
<deny users="*"/>
<allow roles="Managers" />
</authorization>
</system.web>
</location>
Test with each user account to see if you can browse the
secured page. Only the user with the Manager role will be allowed. Others
should be redirected back to login page.