What is the "correct & supported" way to setup SqlRoleProvider

D

David Thielen

Hi;

When installing an ASP.NET application using SqlRoleProvider and
SqlMembershipProvider we need to create the initial roles and the inital
admin user from our Windows installer application (not ASP.NET).

We must do this in the installer as otherwise we either have no users and
therefore no one can log in to create users. Or we create the initial admin
user with a standard name & password which is a bad security hole.

So question 1 is what is the correct & supported way to add roles and a user
to the database after creating it from a windows forms app? I have this
working but I don't know if the way I am doing this is correct.

Question 2 is how do I set the database connection string for the
SqlRoleProvider and SqlMembershipProvider. At present I am puttile it in the
app.exe.config file and that works fine if it is right the first time.
However, if it is wrong, both classes continue to use the initial value that
they cached in a helper class.

Again, what is the correct & supported way to set the connection string? I
assume the correct way allows it to be changed as users will make mistakes.

To the MS support team, if you don't know - can you please ask the
development team for the solution? They must have one as the database does
need to be set up to start.

--
thanks - dave
david_at_windward_dot_net
http://www.windwardreports.com

Cubicle Wars - http://www.windwardreports.com/film.htm
 
S

Steven Cheng[MSFT]

Hello Dave,

As for intializing SQLServer membership & role database in non-ASP.NET
application, the suggested means is just directly call the Membership and
Role API in non-ASP.NET application as long as the configuration in the
app.config file is correct(match your ASP.NET application). And this is the
supported means as I've ever discussed with some ASP.NET dev engineers
previously.

Also, for the connectionstring, in a former thread I've mentioned that this
configuration is forced to be loaded from configuration file and after it
is first time loaded, the runtime will always access the one from
configuration cache and can not directly modify the cached one in-memory.
This is just like the configuration setting in ASP.NET application, when
the ASP.NET application has started, all the necessary cofiguration info
will be loaded only once, and if anything needed to be modified, the
application must be restarted.

If you think it is necessary to let your application be able to dynamically
modify the connectionstring of the membership & role at runtime without
restart the application, you may consider run all those code in a separate
AppDomain(created by your self), thus, if you want to redo the intializing
task with a different configuration, you can start a new AppDomain and run
the code in it.


Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead


This posting is provided "AS IS" with no warranties, and confers no rights.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Correct way to create a remote Desktop on windows 10 with Session Isolation in mind. 0
Express router not routing to correct route due to problem with passport 0
Using Principal.GenericPrincipal vs SqlRoleProvider 1
accessing membership DB from windows (not ASP) app 15
urllib2: correct way how to add a header to the *initial* request? 0
urllib2: correct way how to add a header to the *initial* request? 0
What is the correct way to define __hash__? 3
what is the correct way to extend native methods? 14

Members online

Total: 31 (members: 1, guests: 30)
Robots: 156

Forum statistics

Threads
473,756
Messages
2,569,533
Members
45,007
Latest member
OrderFitnessKetoCapsules

Latest Threads

Top