Trying to set up security for web site for user authentication and creation...

I'm having a few problems and was hoping you guys might be able to help me out and point me in the right direction.

I'm trying to set up my website for use of web forms using the new security and authentication features included in asp.net 2.0+.  However, despite following 2 different guides and a book on setting up my web site for using this, I keep running into a snag at the same part and can't figure out what's going on.

I'm having some problems trying to set up my server to use the membership services and authentication built in to asp.net 2.0.

I tried a guide from 4guysfromrolla and also borrowed an ASP.Net 2.0 book but I still can't get it up and running after following either tutorial. Fact has it the book has me going through a very similar setup in setting up the access rules and everything to get it up and off the ground initially as the 4guysfromrolla site, which is where I ran into the snag on their tutorial.

It tells me that AspNetSqlProvider provides your application access to the data and that if you run aspnet_regsql.exe it should create the necessary database for your use.

I run the aspnet_regsql.exe and select the server NATHAN-VIRTUAL1 as my server, that is the instance of my current sql database I have set up on my virtual machine.

Then it tells you to go to the asp.net configuration using the web site administration tool and to click security and to click the select authentication type link.

This is where I run into problems. I get the message :

Quote:
There is a problem with your selected data store. This can be caused by an invalid server name or credentials, or by insufficient permission. It can also be caused by the role manager feature not being enabled. Click the button below to be redirected to a page where you can choose a new data store.

The following message may help in diagnosing the problem: Unable to connect to SQL Server database.

So I try to click the choose data store button after this and it brings up.

This gives me the options:
Quote:
Use this page to configure how Web site management data such as membership is stored. You can use a single provider for all the management data for your site or you can specify a different provider for each feature.

Your application is currently configured to use the provider: AspNetSqlProvider

Select a single provider for all site management data
Select a different provider for each feature (advanced)

I choose select a single provider for all site management data and it brings up a page with:
Quote:
Provider
AspNetSqlProvider Test
I click Test and it fails to connect to the database. What's going on? This was supposed to be automatically set up when I ran the aspnet_regsql.exe.

Running this all on my virtual pc drive that I'm required to develop on b/c the school refuses to work with the programmers to get computers with the necessary software to develop our applications on, which is fine.  Like I said, the sql database is installed as the instance NATHAN-VIRTUAL1, and the executable setup for the AspNetSqlProvider shows this database up as well as all the database tables within it, and installed the necessary database and tables that should be necessary for the authentication and security I'm going to be setting up.  However, going to the asp.net configuration to load up the local web site administration tool, it always fails to connect to the database it just connected to and found in the executable setup program.  What gives?

Can someone help me out?

 

0
nlraley
9/11/2008 6:16:42 PM
asp.net.security 27051 articles. 1 followers. Follow

9 Replies
618 Views

Similar Articles

[PageSpeed] 6

did you modify connectionstring in your web.config to point to your database...

check this: http://weblogs.asp.net/scottgu/archive/2005/08/25/423703.aspx

http://vstudiojourney.blogspot.com/2008/06/choosing-another-database-for.html

 


/GuruBhai
0
guru_sarkar
9/11/2008 8:55:53 PM
No, I thought it was doing that when I was running through the exe file to setup the default database.  Let me go try that and see where it gets me.
0
nlraley
9/11/2008 9:32:29 PM

The site you referred me to was doing exactly what I was trying to do to set this up.

 http://vstudiojourney.blogspot.com/2008/06/choosing-another-database-for.html

 

The step where it has you run the exe and it says don't click the list to pull the drop down to see your databases or you'll get the dreaded failed to connect message.  Well mine connects just fine and has all the databases listed there.  I just forgot to adjust the webconfig as I thought it would be smart enough to do that step for you when you select where to create the database.  Go figure.   Thanks for the help.   I'll be back if I get any other hiccups.

0
nlraley
9/11/2008 9:36:17 PM

 Here's one for you.  Before I start redeveloping this site in another manner.

 I am running this on a virtual server and have been doing my development on the virtual server.  I usually have my portable shared as a network folder, and have been doing all my saving to the portable hard drive.  However, I've noticed in doing this I get the error messages popping up:

Failed to start monitoring changes to 'Z:\N Space Project'.

What's up with this?  Also get these changes when trying to compile.  Should I not be able to have the site on a different drive than the host operating system, or is there something special I have to do in setting it up?

0
nlraley
9/12/2008 12:23:06 AM

 In the web.config file where am I supposed to put the:

 

<membership defaultProvider="MyProvider" userIsOnlineTimeWindow="30"> <providers> <clear/>
<add connectionstringname="MYDATABASE" applicationName="/" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="true" requiresUniqueEmail="false" 
maxInvalidPasswordAttempts="5" minRequiredPasswordLength="4" minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10" passwordStrengthRegularExpression="" name="MyProvider" 
type="System.Web.Security.SqlMembershipProvider" /> </providers> </membership>
 
and the:
  
<roleManager enabled="true" defaultProvider="MyProvider"> <providers> <clear/> <add connectionstringname="MYDATABASE" applicationName="/" name="MyProvider" 
type="System.Web.Security.SqlRoleProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" /> </providers> </roleManager> 
 

  Lines at.  Right now I seem to be connecting to the data store alright but when I click the security tab in my WSAT I get the error message:

There is a problem with your selected data store. This can be caused by an invalid server name or credentials, or by insufficient permission. It can also be caused by the role manager feature not being enabled. Click the button below to be redirected to a page where you can choose a new data store.


The following message may help in diagnosing the problem: The attribute 'connectionStringName' is missing or empty. (C:\N Space\web.config line 68) 

 

 

0
nlraley
9/12/2008 1:36:21 AM

 Okay, I'm lost here.

Code:
<configuration>

<connectionStrings>
<add name="MYDATABASE" connectionString="Data Source=NATHAN-VIRTUAL1;Initial Catalog=AFIDatabase;Integrated Security=True" providerName=".NET Framework Data Provider for SQL Server" />
</connectionStrings>

<system.web>
<membership defaultProvider="MyProvider" userIsOnlineTimeWindow="30">
<providers>
<clear/>
<add connectionstringname="MYDATABASE" applicationName="/" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="true" requiresUniqueEmail="true" maxInvalidPasswordAttempts="5" minRequiredPasswordLength="6" minRequiredNonalphanumericCharacters="1" passwordAttemptWindow="10" passwordStrengthRegularExpression="" name="MyProvider" type="System.Web.Security.SqlMembershipProvider" />
</providers>
</membership>
<roleManager enabled="true" defaultProvider="MyProvider">
<providers>
<clear/>
<add connectionstringname="MYDATABASE" applicationName="/" name="MyProvider" type="System.Web.Security.SqlRoleProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
</providers>
</roleManager>
</system.web>
</configuration>

This is what I have in my web.config, however when I try to go to the security tab in my WSAT I get the following message:
Quote:
There is a problem with your selected data store. This can be caused by an invalid server name or credentials, or by insufficient permission. It can also be caused by the role manager feature not being enabled. Click the button below to be redirected to a page where you can choose a new data store.

The following message may help in diagnosing the problem: The attribute 'connectionStringName' is missing or empty. (C:\N Space\web.config line 20)

What's going on?  Please help because as of this moment I'm pretty lost here.
0
nlraley
9/12/2008 1:56:09 AM
 
1    
2    <!-- 
3        Note: As an alternative to hand editing this file you can use the 
4        web admin tool to configure settings for your application. Use
5        the Website->Asp.Net Configuration option in Visual Studio.
6        A full list of settings and comments can be found in 
7        machine.config.comments usually located in 
8        \Windows\Microsoft.Net\Framework\v2.x\Config 
9    -->
10   <configuration>
11   
12     <connectionStrings>
13       <add name="MYDATABASE" connectionString="Data Source=NATHAN-VIRTUAL1;Initial Catalog=appservicesdb;Integrated Security=True" providerName="AspNetSqlProvider" />
14     </connectionStrings>
15   
16     <system.web>
17       <membership defaultProvider="MyProvider" userIsOnlineTimeWindow="30">
18         <providers>
19           <clear/>
20           <add connectionstringname="MYDATABASE" applicationName="/" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="true" requiresUniqueEmail="true" maxInvalidPasswordAttempts="5" minRequiredPasswordLength="6" minRequiredNonalphanumericCharacters="1" passwordAttemptWindow="10" passwordStrengthRegularExpression="" name="MyProvider" type="System.Web.Security.SqlMembershipProvider" />
21         </providers>
22       </membership>
23       <roleManager enabled="true" defaultProvider="MyProvider">
24         <providers>
25           <clear/>
26           <add connectionstringname="MYDATABASE" applicationName="/" name="MyProvider" type="System.Web.Security.SqlRoleProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
27         </providers>
28       </roleManager>
29     </system.web>
30   </configuration>
 

Okay, first just so I'm clear. 

I'm running a virtual machine.

On the virtual machine, I have Windows Sever 2003 and SQL Server 2005 Enterprise Edition, as well as Visual Studio 2008 installed onto the virtual machine. I'm doing all of my development for the site on the virtual machine and developing on Visual Studio that is installed on the virtual machine. Therefore, everything I am doing should be local and I should be able to use the WSAT.

In my earlier post I forgot to include the xml header information that was in my web.config file so its actually this:

Code:
And the error is pointing to this line:
Code: 
 <add connectionstringname="MYDATABASE" applicationName="/" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="true" requiresUniqueEmail="true" maxInvalidPasswordAttempts="5" minRequiredPasswordLength="6" minRequiredNonalphanumericCharacters="1" passwordAttemptWindow="10" passwordStrengthRegularExpression="" name="MyProvider" type="System.Web.Security.SqlMembershipProvider" />
 
0
nlraley
9/12/2008 2:56:20 PM

it should be connectionStringName ... it is case-sensitive...

you have : connectionstringname


/GuruBhai
0
guru_sarkar
9/12/2008 3:36:57 PM

 You have got to be kidding me that it was something so easy, that's what I get for piecing together bits from 3-4 different sources and not paying close enough attention. 

That's what I get for having 4 languages at the same time, java is driving me nuts with its casing...  hehe.

Thanks!

0
nlraley
9/12/2008 4:24:40 PM
Reply:

Similar Artilces:

Setting up secure and non secure webs
Using Apache 1.3 on NW sp4, We need our website so that there is a secure, password protected area as well. When, setting up the document folders, I have a volume called web. Do I create a separate root folder for the secure data, or can the directory be located under the public root folder? Darrell Darrell, > Do I create a separate root folder for the secure > data, or can the directory be located under the public root folder? > IIRC it can be either way. You then configure uthentication for that directory. - Anders Gustafsson, Engineer, CNE6, ASE NSC Volu...

I am trying to run a login sample, so in "Web Site Administration Tool" i clicked "Use the security Setup Wizard to configure security step by step." and got this famous error: An error was encountere
After this i have the lengthy description of the rror The following message may help in diagnosing the problem: Specified argument was out of the range of valid values. Parameter name: site at System.Web.Configuration.WebConfigurationHost.InitForConfiguration(String& locationSubPath, String& configPath, String& locationConfigPath, IInternalConfigRoot configRoot, Object[] hostInitConfigurationParams) at System.Configuration.Configuration..ctor(String locationSubPath, Type typeConfigHost, Object[] hostInitConfigurationParams) at System.Configuration.Internal.InternalConfigConfigur...

Security Settings for Web Sites
Name: Alex Kindler Email: akindler90_at_yahoo.com Product: Firefox Summary: Security Settings for Web Sites Comments: Internet Explorer has security zones, in which I can actually list web sites that I want to fully restrict. This means that any site I put in that list will not display. Is there an equivalent for Mozilla? Thanks. Browser Details: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1) Gecko/20061010 Firefox/2.0 ...

accessing secure information on a web site in a secure manner
Is it possible to write a script, for example using LWP::Simple, that would extract information from a secure web site in a secure manner completely automatically. Ideally, upon execution, the script would access the web page supplying user name and password, extract the desired information and download it without any likely compromise of the information or the password used. Paul -- -- Paul Schatz Chem Dept University of Virginia At 22:24 -0500 01.28.2001, Paul N. Schatz wrote: > Is it possible to write a script, for example using >LWP::Simple, that would extrac...

returning from secure site to non secure site
Hi, I want to return from secure site to non secure site using Response.Redirect method but it stays in secure site dowsn't redirect to non https site. How can I fix this problem, and why it is a problem. Kind regards,Fatih UÇAR To redirect between a SSL site to a non SSL site, you have to specify the full qualified url (including the protocol) as the parameter for response.redirect. For example: Response.Redirect("http://.....") or Response.Redirect("https://.....") Thanks zhuhua for your answer yes I have specified fully qualified name that's why an alert box appears by i...

when is secure, secure?
Lo everyone, I wrote a custom authentication handler for PureFTPD, using a combination of authentication methods, for about 4 different types of users. So far, from testing it, it does look to work properly, and does it's job pretty well (and fast). I use #!/usr/bin/perl -W as well as use Strict, and use warnings, and the code returns no errors or warnings when run. I am right to presume that this basically only really tells me the my syntax and structure of the application is right? What's a good way to see whether it is actually SECURE... There is a couple of lines of...

How secure is secure?
Thanks to this group and all the high tech individuals who frequent it I have learned how to protect my PC from the inside out. But what about security risks to my info 'before' it gets to my computer? Like my mail box on the server. Could someone hack into that and thumb through my mail? If so, how would I ever know? (The short story) We have a rogue employee at my work who one day decided to run the web site, she got in tight with the ISP, got tools to set and delete passwords on a protected directory on the server. Who knows if she has telnet access to other things, li...

security too secure
Name: joe Product: Firefox Summary: security too secure Comments: The security thing won't let me in this sight no matter how I accept, confirm, get certificate, etc. https://www.vtext.com/customer_site/jsp/messaging_lo.jsp Browser Details: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.4; en-GB; rv:1.9.1b4) Gecko/20090423 Firefox/3.5b4 From URL: http://hendrix.mozilla.org/ Note to readers: Hendrix gives no expectation of a response to this feedback but if you wish to provide one you must BCC (not CC) the sender for them to see it. ...

When loading gmail must always "reload" once unless using the secure loading site. When using the secure loading site loading takes four times as long. So I don't use the secure loading site, I just
Name: Dwight Metcalfe Email: dwmet1atgmaildotco Product: Firefox Summary: When loading gmail must always "reload" once unless using the secure loading site. When using the secure loading site loading takes four times as long. So I don't use the secure loading site, I just "reload" the other site once automatically just to save time. Hmmmmmmmm. Comments: Only been doing that about a month. Browser Details: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.0.3) Gecko/2008092417 Firefox/3.0.3 From URL: http://hendrix.mozilla.org/ Note to reade...

security for Statemanagement in Secure site
Hi All,   Can anybody tell me what type of security regarding stateManagement should we take while developing secure site.  Thanks in advance   Regards Shreeniwas...

no security lock on secure site
Name: David Armitage Email: gda141atgmaildotcom Product: Firefox Summary: no security lock on secure site Comments: I have version 3.0.1 Firefox and it is not displaying red & yellow change in the address bar or the lock symbol when I'm on a secure site. Is there a problem with this version of Firefox or do I have a security problem on my machine? I'm using both Norton and Adware security software. Thanks Dave Armitage Browser Details: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.1) Gecko/2008070208 Firefox/3.0.1 From URL: http://hendrix.moz...

Security Issues in file creation on Web Server(.net)
Hi,I'm developing an application in .net 2.0 in which there is a reporting feature wherein I'm creating the Excel file at runtime on user's request and user can download the file on his local machine. The problem comes when the file is created temporarily on the Web Server which requires admin rights. Not all the user's accessing application will have admin rights. Hence if a user who's not having the admin rights is not able to download the file. What all I need to do so that anyone can download the file?Thanks in advance.Kshitij RajhansInfosys Technologies Ltd,Pune...

Security Policy setting for ASPNet user in .Net 1.1
How would I change the security policy in web.config file for ASPNet user in .Net Framework 1.1, so that this user has the right to create a custom event log and also custom event log sources? This would allow creation of custom event logs in a dynamic manner through .Net code. Normally, only an admin user can create new custom event logs on a machine and if you try to create a custom log or source in code using methods in EventLog class, then the method fails because the ASPNet user under whom the code is executing does not have permission to create the event log.    s...

A question about Web Service security / secured web service Testing
Hi, I created a web service and secure it using SoapExtention. I implemented code from this link. http://www.developer.com/net/net/article.php/11087_2192901_2 Now if I create proxy class from my other webapplication and call any webmethod of my webservice, I must provide username password to access any of its webmethod, otherwise it is throwing SOAP Exception which works fine. But now when I open this webservice locally using its URL, in Internet Explorer, like http://localhost/MyWebService/poservice.asmx, it shows me all webmethods and I can invoke any webmethod from here without using ...

Web resources about - Trying to set up security for web site for user authentication and creation... - asp.net.security

Authentication - Wikipedia, the free encyclopedia
Authentication (from Greek : αὐθεντικός authentikos , "real, genuine," from αὐθέντης authentes , "author") is the act of confirming the truth ...

Authentication - Facebook-Entwickler
Please note: On October 3, 2012, the offline_access permission will be removed. If you are building...

Facebook Adds Two Factor Authentication for Login and Redesigns Family Safety Center
... announced the release of several new tools to help users stay safe while using the site. Soon, users will be able to enable two factor authentication ...

Lockdown - A better two-factor authentication experience on the App Store on iTunes
Get Lockdown - A better two-factor authentication experience on the App Store. See screenshots and ratings, and read customer reviews.


YouTube - How To Hack Twitter's New Two Factor Authentication
Veröffentlicht am 23.05.2013 Connect! http://toopher.com http://facebook.com/toopherinc http://twitter.com/toopher CEO Josh Alexander wants ...

SafeNet brings Cloud-based authentication service to A/NZ
SafeNet has released its new Cloud-based authentication service, billed as Authentication-as-a-Service, in A/NZ.

Two-factor authentication - cyber security -
Two recent hacking cases highlight how personal emails can impact overall business security through tiny weaknesses.

Digital authentication to become Google's next big focus
Streamlining the website login process a top priority, according to the company’s Australian business and consumer services manager Dan Metcalf. ...

Hands on: Twitter two-factor authentication
Optus and Vodafone customers need not apply when it comes to Twitter's two-factor authentication.

Resources last updated: 1/18/2016 7:42:12 AM