Forms Authentication using SQL Provider

ovenforksqueeSecurity

Nov 3, 2013 (3 years and 9 months ago)

57 views

Forms Authentication using
SQL Provider

Scenario
: Want to make use of the
SQL membership provider for login

Forms Authentication Flow
:

Msdn :
http://msdn.microsoft.com/en
-
us/library/Aa480476


Steps:

Creating the database/tables/Sps for SQL membership provider

(1)

Open the Visual Studio Command Prompt

(2)

There are various ways we can configure the
db. If

you want to see the all
the available options wi
th description type

aspnet_regsql.exe /?


(3)

Here I will be making use of the Wizard to configure the db. Type


aspnet_regsql.exe

W











(4)

This screen will appear I your screen


(5)

Click On “Next”


(6)

In the next screen, select the first radio button (
Configure SQL Server for
application services) and click on “Next”.

(7)


Provide the server name, SQL Server authentication
mode,

the
credentials and the database name. Click Next.




(8)

Snapshot for the provided details will be shown on the next
screen.
Click

On Next.



(9)

Now you will get the confirmation screen for the new DB


Application Level Changes
:

(1)

In the application configuration file (web.config),

add a new connection
string key (Replace [] with <>)

[
connectionStrings
]


[
add

name
=
"
MySqlConnection
"

connectionString
=
"
Data

Source=BLRKEC143857D;Initial Catalog=aspnetdb;Integrated
Security=SSPI;
"

/] [
/
connectionStrings
]



(2)

Within the system.web tag of the config file add the details related to
membership

and role manager.


[
roleManager

enabled
=
"
true
"
/]


[
membership

defaultProvider
=
"
SqlProvider
"

]


[
providers
]


[
clear
/]



[
add

name
=
"
SqlProvider
"


connectionStringName
=
"
MySqlConnection
"


applicationName
=
"
MyApplication
"

type
=
"
System.Web.Security.SqlMembershipProvider, System.Web,
Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
"
/]
[
/
providers
]


[
/
membership
]


Note:



Connection string name should match with the name that we have
given inside the connection
string tag.



Application Name should match with the application name configured
in the DB

(3)

Update the authentication and authorization tag

[
authentication

mode
=
"
Forms
"
]


[
forms

loginUrl
=
"
~/Account/Login.aspx
"


name
=
"
SqlAuthCookie
"


timeout
=
"
10
"

/]


[
/
authentication
]



[
authorization
]


[
deny

users
=
"
?
"

/]


[
allow

roles
=
"
*

"

/]


[
/
authorization
]


Create new user/
roles:

(1)

In VS , go to Project>ASP.NET Configuration


(2)

Click on the Security link


(3)

We
can create roles/users and access roles from this screen
. From here
its pretty straight forward to add users/roles or access rules.