Hoping you may be able to help with a peculiar issue I'm facing with my SimpleMembershipProvider.
I have an MVC4 application that uses the SimpleMembership feature to store user and role information. This all works perfectly from the front end MVC4 application.
We also have a web service which will call the same SimpleMembershipProvider to validate the user credentials from a mobile app using the standard ValidateUser() method.
However, before I get to my ValidateUser() method I need to initialise my WebSecurity object using the WebSecurity.InitializeDatabaseConnection method. This is causing the below error:
"The Role Manager feature has not been enabled."
I'm initialising the WebSecurity object within the services startup, using the same code pulled from my Portal:
if (!WebSecurity.Initialized)
{
WebSecurity.InitializeDatabaseConnection("PortalContext", "UserProfile", "UserId", "UserName", autoCreateTables: true);
}
I've checked that my web.config of my web service contains the appSettings key
<add key="enableSimpleMembership" value="true" />
I've also included the rolemanager and membership details within my system.web section of my web.config.
<roleManager enabled="true" defaultProvider="SimpleRoleProvider">
<providers>
<clear />
<add name="SimpleRoleProvider" type="WebMatrix.WebData.SimpleRoleProvider, WebMatrix.WebData" />
</providers>
</roleManager>
<membership defaultProvider="SimpleMembershipProvider">
<providers>
<clear />
<add name="SimpleMembershipProvider" type="WebMatrix.WebData.SimpleMembershipProvider, WebMatrix.WebData" />
</providers>
</membership>
I'm now completely at a loss and have spent all morning googling for a possible solution.
Can anyone think of a reason why this might be occurring?
If you have multiple projects in the same solution and are using migrations, make the as the startup project the one containing the migrations (in Solution Explorer, Right click Project name > "Set as startup project") before running database-update.
Related
I'm configuring the Active Directory Module 1.2 for CMS 7.2-8.0 and despite the fact that everything works great, I prefer to use integrated security (following the customer's policy). However, the manual does not say anything about using integrated security for the role provider. The LightLDAP.SitecoreADRoleProvider has username and password properties and doesn't use a connectionstring for this:
<roleManager defaultProvider="switcher" enabled="true" xdt:Transform="SetAttributes" xdt:Locator="Match(enabled)">
<providers>
<add name="ad" xdt:Transform="Insert" xdt:Locator="Match(name)"
type="LightLDAP.SitecoreADRoleProvider"
connectionStringName="ADSitecoreUsers"
applicationName="sitecore"
username="usr"
password="pass"
attributeMapUsername="sAMAccountName" cacheSize="2MB" />
</providers>
</roleManager>
<profile defaultProvider="switcher" enabled="true" inherits="Sitecore.Security.UserProfile, Sitecore.Kernel" xdt:Transform="SetAttributes" xdt:Locator="Match(enabled)">
<providers>
<add xdt:Transform="Insert" xdt:Locator="Match(name)" name="ad" type="LightLDAP.SitecoreADProfileProvider"
connectionStringName="ADSitecoreUsers"
applicationName="sitecore"
username="usr"
password="pass"
sitecoreMapDomainName="ad" />
</providers>
</profile>
looking this question up in Google is quite hard, because of course, Integrated Security is part of the functionality the AD module delivers, so each hit is about integrated security as well, but I'm looking for the provider to configure with integrated security (my app pool user is a service account that has been logged in via the app pool and that user has the correct rights on AD and databases).
Just finished setting up AD integration without username and password.
From my experience, if the server is joined to the domain or a domain that has trust with the users domain it should not require a username and password. I just omitted the connectionUsername and connectionPassword attributes from the config.
However, we do not allow changing username and passwords (that writes back to AD) in our setup, so your mileage may vary based on your setup.
I'm trying to add Azure Authentication to an existing website with Visual Studio 2013. It looks like this used to be a bit easier in 2012 but seems the recommended path for 2013 is to set this up when creating the project.
I created a new project with AAD (which works) to compare to the changes being made to the project I need to add authentication to. I copied the authentication classes and config settings but it still seems like there is something wrong in web.config:
For AppSettings I have:
<add key="ida:FederationMetadataLocation" value="https://login.windows.net/_____/FederationMetadata/2007-06/FederationMetadata.xml" />
<add key="ida:Realm" value="https://AADPath/Application" />
<add key="ida:AudienceUri" value="https://AADPath/Application" />
For System.identityModel I have:
<system.identityModel>
<identityConfiguration>
<issuerNameRegistry type="RegistryClassPath, ProjectName" />
<audienceUris>
<add value="https://AADPath/Application"/>
</audienceUris>
<securityTokenHandlers>
For system.identityModel.services I have:
<federationConfiguration>
<cookieHandler requireSsl="true" />
<wsFederation passiveRedirectEnabled="true"
issuer="https://login.windows.net/AADPath/wsfed"
realm="https://AADPath/Application"
requireHttps="true" />
When I run the site, I'm redirected to the login page as I expect but after logging in I'm presented with the WIF10201: No valid key mapping found for securityToken error.
It was not the configuration but rather I didn't copy the data from the embedded database to the existing project. All seems to be working now.
I have a maddening situation here with an MVC4 site. At the outset, you need to know it uses Windows authentication, and I also want to use simplemembership roles (but I don't think this is working--but this is not the focus of my question). Basically, the site works on my dev machine (with IIS Express) and a test machine (with regular IIS). But it doesn't work in production environment. We get an error "could not load file or assembly WebMatrix.WebData, version=2.0.0.0.
The WebMatrix.WebData reference has CopyLocal = False. (This works in dev and test.) If I set CopyLocal = True, then the authentication goes haywire. Specifically, when you visit the site, it attempts a redirect to login.aspx (obviously not an MVC component). So, my question is Why is this happening? How do I fix?
Here's what I've got under my system.web element in the config:
<roleManager enabled="true">
<providers>
<clear/>
<add name="simple" type="WebMatrix.WebData.SimpleRoleProvider, WebMatrix.WebData"/>
</providers>
</roleManager>
<membership>
<providers>
<clear/>
</providers>
</membership>
<authentication mode="Windows" />
I've played around with this quite a bit trying to understand the problem, but I don't really know what I'm doing with this config section/what all can be done. I wonder if there's a problem clearing all the membership providers.... while trying to use the SimpleRoleProvider. (I tried cutting out SimpleRoleProvider, but this had no effect on problem.)
My MVC application works perfectly in the development machine but when I deploy into the production server it always gives various error messages, for example:
You must call the "WebSecurity.InitializeDatabaseConnection" method before you call any other method of the "WebSecurity" class. This call should be placed in an _AppStart.cshtml file in the root of your site.
WebMatrix.WebData've changed the version to 2.0 and set Copy Local = true to, and I copied these lines into the web.config:
<roleManager enabled="true" defaultProvider="SimpleRoleProvider">
<providers>
<clear/>
<add name="SimpleRoleProvider" type="WebMatrix.WebData.SimpleRoleProvider,WebMatrix.WebData"/>
</providers>
</roleManager>
<membership defaultProvider="SimpleMembershipProvider">
<providers>
<clear/>
<add name="SimpleMembershipProvider" type="WebMatrix.WebData.SimpleMembershipProvider, WebMatrix.WebData" />
</providers>
</membership>
I do not know what the reason is.
I need help.
If you are working with simpleMembership, i would encourage that you take a look at this BlogPost, it was really helpful in my case as it keeps you in control of all the membership tables and also make them Part of Your Entity Framework Model
Anyways, there should be a InitializeSimpleMembershipAttribute.cs file in the Filters directory of your MVC project. Go to that file and take this:
if (!WebSecurity.Initialized)
WebSecurity.InitializeDatabaseConnection("DefaultConnection", "UserProfile", "UserId", "UserName", autoCreateTables: true);
and put it into Global.asax.cs file. This way it will always be initialized. Also after you do this, there is not need to keep InitializeSimpleMembershipAttribute.cs and i would suggest that you take [InitializeSimpleMembership] off your AcccountController
I am developing asp.net mvc2 application and I use asp.net membership provider which uses ASPNETDB.mdf database. I have also my own database and now I wonder how to upload these 2 databases to server? Should I upload them as .mdf file or should I use SQL server? I prefer using SQL server and if someone knows the shortest way to convert and upload these 2 databases it would help me a lot.
Thanks in advance,
Ilija
Funny I just finished doing the same thing. The basic steps are as follows:
From Visual Studio, load your .mdf and choose "publish to provider" to make a .sql file.
Open SQL Management Studio, open a connection to your database and load the sql file. Add a "use yourdbname;" on top to have it output the tables to your database, then run it.
Now you should have the full table structure. What's left is to modify web.config to read the new tables:
First the membership provider:
<membership>
<providers>
<clear/>
<add name="AspNetSqlMembershipProvider"
type="System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a "
connectionStringName="ConnectionStringLoginInfo"
enablePasswordRetrieval="false"
enablePasswordReset="true"
requiresQuestionAndAnswer="false"
requiresUniqueEmail="false"
passwordFormat="Hashed"
maxInvalidPasswordAttempts="5"
minRequiredPasswordLength="6"
minRequiredNonalphanumericCharacters="0"
passwordAttemptWindow="10"
passwordStrengthRegularExpression=""
applicationName="/"
/>
</providers>
</membership>
Now the role provider:
<roleManager enabled="true">
<providers>
<clear/>
<add name="AspNetSqlRoleProvider"
type="System.Web.Security.SqlRoleProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a "
connectionStringName="ConnectionStringLoginInfo"
applicationName="/"
/>
</providers>
</roleManager>
And lastly the WebPart provider, if you use it:
<webParts>
<personalization defaultProvider="SqlDatabaseProviderDRDBLoginInfo">
<providers>
<clear/>
<add connectionStringName="ConnectionStringLoginInfo"
type="System.Web.UI.WebControls.WebParts.SqlPersonalizationProvider"
name="SqlDatabaseProviderDRDBLoginInfo"/>
</providers>
</personalization>
</webParts>
In this example I called the connection string ConnectionStringLoginInfo, but whatever you name it, make sure you set it in the connection strings part. Not gonna paste that too :)
This all took me way more than I care to say, but when I saw my app working flawlessly with the App_Data folder deleted, that was quite the moment!
Your simplest option for a hosted solution (i.e. your hosting plan is not a Virtual Private Server) is to generate SQL scripts of your database, exporting these to *.sql files and then run them in your hosted SQL connection.
I would normally connect to my web host's SQL instance using SQL Server Management Studio and either open or paste in the scripts generated by my local copy.
Depending on whether or not your web host provides the service, you might also be able to use the "Publish to provider..." option in Visual Studio.
As a supplement to Blindy's answer I wanted to mention that another way to configure the providers is to change the connection string settings of the default ConnectionString used by most of the providers, which is LocalSqlServer. To do this you just override that particular ConnectionString in your web.config like so:
<connectionStrings>
<clear />
<add name="LocalSqlServer" connectionString="change this to be the details of your host database" providerName="System.Data.SqlClient" />
</connectionStrings>
Also, if you don't want to clear the entire connectionStrings section you can just remove the particular connection string like this:
<connectionStrings>
<remove name="LocalSqlServer" />
<add name="LocalSqlServer" connectionString="change this to be the details of your host database" providerName="System.Data.SqlClient" />
</connectionStrings>
This works, because all providers that default to using Sql Server for their Data Store - such as the membership provider - use the "LocalSqlServer" connection string by default. Thus, if you override it, you don't have to change each provider to point to a different Connection String.
Also, for security reasons, you might want to look into encrypting the connectionString section of your web.config file. The following two articles provide more info.
Encrypting and Decrypting Configuration Sections
How To: Encrypt Configuration Sections in ASP.NET 2.0 Using RSA