What is the "correct & supported" way to setup SqlRoleProvider

Discussion in 'ASP .Net Security' started by David Thielen, Jan 6, 2007.

  1. Hi;

    When installing an ASP.NET application using SqlRoleProvider and
    SqlMembershipProvider we need to create the initial roles and the inital
    admin user from our Windows installer application (not ASP.NET).

    We must do this in the installer as otherwise we either have no users and
    therefore no one can log in to create users. Or we create the initial admin
    user with a standard name & password which is a bad security hole.

    So question 1 is what is the correct & supported way to add roles and a user
    to the database after creating it from a windows forms app? I have this
    working but I don't know if the way I am doing this is correct.

    Question 2 is how do I set the database connection string for the
    SqlRoleProvider and SqlMembershipProvider. At present I am puttile it in the
    app.exe.config file and that works fine if it is right the first time.
    However, if it is wrong, both classes continue to use the initial value that
    they cached in a helper class.

    Again, what is the correct & supported way to set the connection string? I
    assume the correct way allows it to be changed as users will make mistakes.

    To the MS support team, if you don't know - can you please ask the
    development team for the solution? They must have one as the database does
    need to be set up to start.

    thanks - dave

    Cubicle Wars - http://www.windwardreports.com/film.htm
    David Thielen, Jan 6, 2007
    1. Advertisements

  2. Hello Dave,

    As for intializing SQLServer membership & role database in non-ASP.NET
    application, the suggested means is just directly call the Membership and
    Role API in non-ASP.NET application as long as the configuration in the
    app.config file is correct(match your ASP.NET application). And this is the
    supported means as I've ever discussed with some ASP.NET dev engineers

    Also, for the connectionstring, in a former thread I've mentioned that this
    configuration is forced to be loaded from configuration file and after it
    is first time loaded, the runtime will always access the one from
    configuration cache and can not directly modify the cached one in-memory.
    This is just like the configuration setting in ASP.NET application, when
    the ASP.NET application has started, all the necessary cofiguration info
    will be loaded only once, and if anything needed to be modified, the
    application must be restarted.

    If you think it is necessary to let your application be able to dynamically
    modify the connectionstring of the membership & role at runtime without
    restart the application, you may consider run all those code in a separate
    AppDomain(created by your self), thus, if you want to redo the intializing
    task with a different configuration, you can start a new AppDomain and run
    the code in it.


    Steven Cheng

    Microsoft MSDN Online Support Lead

    This posting is provided "AS IS" with no warranties, and confers no rights.
    Steven Cheng[MSFT], Jan 8, 2007
    1. Advertisements

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Francis Reed
    Erik Funkenbusch
    Apr 8, 2006
  2. =?Utf-8?B?RnJhbmNpcyBSZWVk?=


    =?Utf-8?B?RnJhbmNpcyBSZWVk?=, Apr 10, 2006, in forum: ASP .Net
    Apr 10, 2006
  3. Max2006
    Steven Cheng [MSFT]
    Jun 10, 2008
  4. Replies:
    Dominick Baier [DevelopMentor]
    May 10, 2006
  5. SpaceMarine

    SqlRoleProvider & windows authentication

    SpaceMarine, Jul 5, 2008, in forum: ASP .Net Security
    Joe Kaplan
    Jul 9, 2008

Share This Page