asp.net membership - sql authentication
I want to know whats the "right" way to setup membership in a new website.
When i have new project i can go to Website/ASP.NET Configuration. There i can setup Forms authentication and manage all users that will be using this page. I can make roles and rules on folders. All of this info are saved into table that will be saved locally in database App_Data/ASPNETDB.MDF. What i'm trying to do is that all this info would be on a host server along with the website but not locally.
What is the best way to connect my website that i made locally to a mssql server that is central. I want to be able to go to the asp.net configuration and manage users but i want the data to be saved in the tables on the mssql server not to the aspnetdb.mdf file.
I have already made the asp.net membership tables on the mssql server by using the aspnet_regsql.exe file.
Update:
Nev开发者_开发问答er mind, i found out a way to to this.
Just had to add
<remove name="LocalSqlServer"/>
in <ConnectionStrings>
and then my own connection string. Now its working...
There is a line command in the Visual Studio SDK called "aspnet_regsql". It opens a window, and you can use it to set up the ASP.NET membership, roles, and profile support in any SQL Server database.
For most applications, you'll probably end up writing your own membership admin pages. It's not hard, and most of the controls you need are in the toolbox in Visual Studio. Here's the cookbook I've given in presentations on security:
To add ASP.NET membership and roles to an existing SQL Server database:
Open a Visual Studio 2008 command window.
(If you must run SQL line commands in Administrator mode, you will need to open a command line in administrator mode, then set the path to include the Visual Studio SDK executables.)
Run aspnet_regsql in that command window.
For the SQL user logins that will use the database, add one or more of the following membership provider roles:
aspnet_Membership_FullAccess - if users can register themselves or others aspnet_Membership_BasicAccess - users cannot register themselves aspnet_Membership_ReportingAccess - for membership statistics
For the SQL user logins, add one or more of the following role provider roles:
aspnet_Roles_FullAccess - create and delete roles aspnet_Roles_BasicAccess - use asp.net roles
Configure your initial application and roles using SQL Server Management Studio:
exec aspnet_Applications_CreateApplication @ApplicationName='Northwind',@ApplicationID=''
exec aspnet_Roles_CreateRole @ApplicationName='Northwind', @RoleName='Employee'
exec aspnet_Roles_CreateRole @ApplicationName='Northwind', @RoleName='Manager'
exec aspnet_Roles_CreateRole @ApplicationName='Northwind', @RoleName='Master'
Implement your "New User" page, but don't lock it down with forms authorization yet. You may want to implement your own form, assuming you have user records already existing in your database, and assuming that you'd like to add roles as part of the "create user" process. In any case, use this page to create an initial set of users for ASP.NET membership; it's easier this way than trying to make it work with stored procedures. See sample code for an implementation of user creation without using the ASP.NET LoginView control.
Note that this "Add a User" page in the sample application assumes a number of things that are hard to do with the standard Login control in ASP.NET. If you're creating users as an administrative function, rather than letting users add themselves, you probably want to have multiple roles, and be able to select the role. Even more important, you may have "user" tables already established in your database, and need to integrate "new user" functionality with adding records to your application's user table. This is a prototype for creating your own Login control, collecting additional data and integrating the creation of user records, ASP.NET membership records, and ASP.NET role assignments. All of this is done within an ambient transaction, so they either succeed or fail as a single unit of work.
Once you've created users and added them to roles, you can set up forms authentication and lock down your pages that require authorization. Notes:
a. Don't require authentication for your top-level directory. Pages at this level should be publicly accessible. b. Add a web.config in each subdirectory where pages require authentication. Usually, setting the authentication level will be the only function in these web.config files.
精彩评论