Forms based authentication provider

Discussion in 'ASP .Net' started by karlman, Sep 3, 2007.

  1. karlman

    karlman Guest

    Is there a way to make a SQL 2005 server the provider for the user and
    roles database for form based authentication?

    Maybe I am going about this the wrong way?

    I want to have more control over the process so I figure it would be
    easier if everything was in the same database. I want to be able to
    extend the database with additional user information.

    Here is how I would imagine this to go:

    1. An admin person gets a new hire request.
    2. The admin goes to a page and creates a new user and assigns roles.
    3. An email is sent to the new user with login info.
    4. The new user logs in.
    5. New user must change password and set security question.
    6. New user ready for use.

    Alternatively I could have the new user create their own account. I
    would then need the admin to be able to come in later and assign
    roles.

    I see that I can access a lot of this info through security objects
    but what is the best way to relate user identity into my many other
    tables when the user table is in another database?

    Thank
    Karl
    karlman, Sep 3, 2007
    #1
    1. Advertising

  2. karlman

    John Mott Guest

    You need a "custom membership provider" -- that will let you hook up to an
    existing 'users' table, for instance.

    http://msdn2.microsoft.com/en-us/library/f1kyba5e.aspx

    john


    "karlman" <> wrote in message
    news:...
    > Is there a way to make a SQL 2005 server the provider for the user and
    > roles database for form based authentication?
    >
    > Maybe I am going about this the wrong way?
    >
    > I want to have more control over the process so I figure it would be
    > easier if everything was in the same database. I want to be able to
    > extend the database with additional user information.
    >
    > Here is how I would imagine this to go:
    >
    > 1. An admin person gets a new hire request.
    > 2. The admin goes to a page and creates a new user and assigns roles.
    > 3. An email is sent to the new user with login info.
    > 4. The new user logs in.
    > 5. New user must change password and set security question.
    > 6. New user ready for use.
    >
    > Alternatively I could have the new user create their own account. I
    > would then need the admin to be able to come in later and assign
    > roles.
    >
    > I see that I can access a lot of this info through security objects
    > but what is the best way to relate user identity into my many other
    > tables when the user table is in another database?
    >
    > Thank
    > Karl
    >
    John Mott, Sep 3, 2007
    #2
    1. Advertising

  3. I would have avoided implementing custom membership and role provider
    by myself because there already exist standard providers for Sql
    Server. Custom membership and role providers are probably more than a
    week job in order to do it properly (I have done it once for MySql).

    If all you want is to have user's membership and role information
    stored in the same Sql Server database as data, you can easily
    configure database of your choice to have membership and role tables
    by running aspnet_regsql (usually in C:\windows\Microsoft.NET\Framework
    \vx.x.x.x) from windows explorer (because windows mode has easier
    GUI).


    After running aspnet_regsql for explicitly chosen database, you would
    also need entries like following in web.config

    <membership defaultProvider="ABCAspNetSqlMembershipProvider"
    userIsOnlineTimeWindow="15">
    <providers>
    <clear/>
    <add name="ABCAspNetSqlMembershipProvider"
    type="System.Web.Security.SqlMembershipProvider"
    connectionStringName="ABCConnectionString"
    applicationName="ABC"
    enablePasswordRetrieval="false"
    enablePasswordReset="true"
    requiresQuestionAndAnswer="false"
    requiresUniqueEmail="false"
    maxInvalidPasswordAttempts="5"
    passwordAttemptWindow="10"
    passwordFormat="Hashed"
    passwordStrengthRegularExpression=""
    minRequiredPasswordLength="6"
    minRequiredNonalphanumericCharacters="0"
    />
    </providers>
    </membership>
    <roleManager enabled="true"
    defaultProvider="ABCAspNetSqlRoleProvider">
    <providers>
    <remove name="AspNetSqlRoleProvider"/>
    <add connectionStringName="ABCConnectionString"
    applicationName="ABC"
    name="ABCAspNetSqlRoleProvider"
    type="System.Web.Security.SqlRoleProvider"/>
    </providers>
    </roleManager>
    Muhammad Naveed Yaseen, Sep 3, 2007
    #3
  4. karlman

    karlman Guest

    Thank you Muhammad, that is exactly what I was looking for. I think it
    will be easier for this application to stay within the confines of the
    supplied classes rather than trying to create everything myself. In
    looking at the link John gave I should be able to extend the schema
    using the Custom Membership User.

    Thank you both!
    Karl



    On Sep 3, 12:05 pm, Muhammad Naveed Yaseen <> wrote:
    > I would have avoided implementing custom membership and role provider
    > by myself because there already exist standard providers for Sql
    > Server. Custom membership and role providers are probably more than a
    > week job in order to do it properly (I have done it once for MySql).
    >
    > If all you want is to have user's membership and role information
    > stored in the same Sql Server database as data, you can easily
    > configure database of your choice to have membership and role tables
    > by running aspnet_regsql (usually in C:\windows\Microsoft.NET\Framework
    > \vx.x.x.x) from windows explorer (because windows mode has easier
    > GUI).
    >
    > After running aspnet_regsql for explicitly chosen database, you would
    > also need entries like following in web.config
    >
    > <membership defaultProvider="ABCAspNetSqlMembershipProvider"
    > userIsOnlineTimeWindow="15">
    > <providers>
    > <clear/>
    > <add name="ABCAspNetSqlMembershipProvider"
    > type="System.Web.Security.SqlMembershipProvider"
    > connectionStringName="ABCConnectionString"
    > applicationName="ABC"
    > enablePasswordRetrieval="false"
    > enablePasswordReset="true"
    > requiresQuestionAndAnswer="false"
    > requiresUniqueEmail="false"
    > maxInvalidPasswordAttempts="5"
    > passwordAttemptWindow="10"
    > passwordFormat="Hashed"
    > passwordStrengthRegularExpression=""
    > minRequiredPasswordLength="6"
    > minRequiredNonalphanumericCharacters="0"
    > />
    > </providers>
    > </membership>
    > <roleManager enabled="true"
    > defaultProvider="ABCAspNetSqlRoleProvider">
    > <providers>
    > <remove name="AspNetSqlRoleProvider"/>
    > <add connectionStringName="ABCConnectionString"
    > applicationName="ABC"
    > name="ABCAspNetSqlRoleProvider"
    > type="System.Web.Security.SqlRoleProvider"/>
    > </providers>
    > </roleManager>
    karlman, Sep 3, 2007
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Eric
    Replies:
    2
    Views:
    1,385
    Tommy
    Feb 13, 2004
  2. vcuankitdotnet
    Replies:
    3
    Views:
    2,239
    vcuankitdotnet
    Mar 19, 2008
  3. Keltex
    Replies:
    1
    Views:
    385
    Dominick Baier [DevelopMentor]
    Jan 24, 2006
  4. Eric
    Replies:
    2
    Views:
    462
  5. am
    Replies:
    0
    Views:
    140
Loading...

Share This Page