I need to implement a Single Sign on where a Com+ component should be called to authenticate the user & provide the roles. In short, I need to bypass the default mechanism in MVC 4 where it tries to access the aspnetdb database. So I started with a new MVC4 internet project and added the following code.
In Global.asax
public void FormsAuthentication_OnAuthenticate(object sender, FormsAuthenticationEventArgs args)
{
bool retval = CreateUserObject("John", "pwd");
}
private bool CreateUserObject(string userName, string password)
{
string[] currentUserRoles = { "Admin", "User" };
GenericPrincipal userPrincipal = new GenericPrincipal(new GenericIdentity(userName), currentUserRoles);
HttpContext.Current.User = userPrincipal;
//Thread.CurrentPrincipal = userPrincipal;
return true;
}
Within the HomeController.cs, I added the [Authorize] attribute for the "About" action as below and it works as expected
[Authorize]
public ActionResult About()
However if I modify the [Authorize] attribute to permit only "Admin" role as below I get a runtime error (at the bottom). Is there a way around this to use my own collection of roles for the logged in user, instead of querying the database? I also need to do something similar to the user Profile as well (i.e, instead of database, I should populate the values from the Com+ application.
[Authorize(Roles = "Admin")]
public ActionResult About()
Server Error in '/' Application.
A network-related or instance-specific error occurred while establishing a connection to SQL Server. The server was not found or was not accessible. Verify that the instance name is correct and that SQL Server is configured to allow remote connections. (provider: SQL Network Interfaces, error: 26 - Error Locating Server/Instance Specified)
Maybe you need to create a Custom RoleProvider, like this:
namespace DemoApp.Providers
{
public class MyCustomRoleProvider : System.Web.Security.SqlRoleProvider
{
public override string[] GetRolesForUser(string username)
{
string[] currentUserRoles = { "Admin", "User" };
return currentUserRoles;
}
}
}
And in the web.config of the application, change the default role provider:
<system.web>
<roleManager enabled="true" defaultProvider="DefaultRoleProvider">
<providers>
<add name="DefaultRoleProvider" type="DemoApp.Providers.MyCustomRoleProvider, DemoApp"/>
</providers>
</roleManager>
<system.web>
Related
From as far as I can tell all of the questions that relate to this have not solved my issue.
I have an sql database hosted by Azure. Super simple, I want to connect it to my ASP.Net MVC app using Entity Framework.
Data Model has been added and edmx file is present,
Connection string
<connectionStrings><add name="MyDatabase" connectionString="...serverinfo"
providerName="System.Data.EntityClient" /></connectionStrings>
I go to my IdentityModels.cs and change the following
public class ApplicationDbContext : IdentityDbContext<ApplicationUser>
{
public ApplicationDbContext()
: base("MyDatabase", throwIfV1Schema: false)
{
}
When i go to register a user in hopes that the users information will be added to my Azure database i get the following; "The entity type ApplicationUser is not part of the model for the current context."
I am kind of at my end on this. If someone can point me to documentation to build and applicaiton based upon a previously created database that I can follow or know what I am missing please let me know. Thank you
Edit your Connection String and Modify your code as Follow -
<connectionStrings>
<add name="MyDatabasedbEntitiesapplication" providerName="System.Data.SqlClient" connectionString="database and username password;MultipleActiveResultSets=False;Encrypt=True;TrustServerCertificate=False;Connection Timeout=30;" />
<add name="MyDatabasedbEntities" connectionString="metadata=res://*/Model1.csdl|res://*/Model1.ssdl|res://*/Model1.msl;provider=System.Data.SqlClient;provider connection string="data source=yourdatasource,1433;initial catalog=yourdbname;user id=username;password=***;MultipleActiveResultSets=True;App=EntityFramework"" providerName="System.Data.EntityClient" />
</connectionStrings>
Modify the code:
public class ApplicationDbContext : IdentityDbContext<ApplicationUser>
{
public ApplicationDbContext()
: base("MyDatabase", throwIfV1Schema: false)
{
}
public static ApplicationDbContext Create()
{
return new ApplicationDbContext();
}
}
Modify AutomaticMigrationsEnabled = true; in Configuration class under Migrations folder.
I've created a new application with ASP.NET MVC5, using Individual User Accounts for security and Code-First Migrations for the Models/Database modeling. All options are default.
I want to setup custom Users and Roles to it, so i created a Seed using RoleManager and UserManager just to populate the Database. It works fine, create 3 Users, 3 Roles and set each User's Role correctly.
I can log in to the application correctly. The problem is that i can't execute any Identity method using the
User, which is the logged User, the only things that i can get is the User.Identity.IsAuthenticated value, and the User.Identity.Name, which are correct. Every other method like Roles.GetRolesForUser("John"), or User.IsInRole("Student"), always generates this exception:
ProviderException : The Role Manager feature has not been enabled.
So okay, as in this article, i managed to insert the the <roleManager enabled="true" /> in the Web.config, and now it takes a really long time to respond, and generates Exceptions like:
Referring to:
Roles.IsUserInRole("Student")
Generates:
HttpException
Referring to:
Roles.GetRolesForUser(User.Identity.Name)
Generates:
NullReferenceException
Accessing the About page with a User in Student role logged in:
[Authorize(Roles="Teacher")]
public ActionResult About()
{
ViewBag.Message = "Your application description page.";
return View();
}
Generates:
SqlException
HttpException
It's like i have no connection to the Database at all, which is LocalDB, automatically generated and i could populate in the Seed Method and even make Login to the application.
I could even load data from the AspNetUsers table and show it in the View using the code below:
using (Models.ApplicationDbContext db = new Models.ApplicationDbContext())
{
List<Models.ApplicationUser> Users = db.Users.ToList();
ViewBag.Users = Users;
}
return View();
PLEASE HELP :'(
Here's the Seed code, that works fine, so it can connect to the Database using the Identity engine.
protected override void Seed(LocalBDAuthTest.Models.ApplicationDbContext context)
{
#region Create Roles Student, Teacher e Administrator
var RoleManager = new RoleManager<IdentityRole>(new RoleStore<IdentityRole>(context));
// Student
if (!RoleManager.RoleExists("Student"))
{
RoleManager.Create(new IdentityRole("Student"));
}
// Teacher
if (!RoleManager.RoleExists("Teacher"))
{
RoleManager.Create(new IdentityRole("Teacher"));
}
// Administrator
if (!RoleManager.RoleExists("Administrator"))
{
RoleManager.Create(new IdentityRole("Administrator"));
}
#endregion
#region Create Users for Student, Teacher e Administrator Roles.
var UserManager = new UserManager<ApplicationUser>(new UserStore<ApplicationUser>(context));
// Create a Student user and set it's role to Student
if (!context.Users.Any(u => u.UserName == "John"))
{
var Student = new ApplicationUser() { UserName = "John" };
var Result = UserManager.Create(Student, "123456");
}
if (!UserManager.FindByName("John").Roles.Any())
{
UserManager.AddToRole(UserManager.FindByName("John").Id, "Student");
}
// Create a Teacher user and set it's role to Teacher
if (!context.Users.Any(u => u.UserName == "Arnold"))
{
var Teacher = new ApplicationUser() { UserName = "Arnold" };
var Result = UserManager.Create(Teacher, "123456");
UserManager.AddToRole(Teacher.Id, "Teacher");
}
if (!UserManager.FindByName("Arnold").Roles.Any())
{
UserManager.AddToRole(UserManager.FindByName("Arnold").Id, "Teacher");
}
// Create a Administrator user and set it's role to Administrator
if (!context.Users.Any(u => u.UserName == "Caroline"))
{
var Administrator = new ApplicationUser() { UserName = "Caroline" };
var Result = UserManager.Create(Administrator, "123456");
UserManager.AddToRole(Administrator.Id, "Administrator");
}
if (!UserManager.FindByName("Caroline").Roles.Any())
{
UserManager.AddToRole(UserManager.FindByName("Caroline").Id, "Administrator");
}
#endregion
}
This is due to having a mix of both ASP.NET Identity and ASP.NET Membership, having done this:
<system.web>
<roleManager enabled="true" />
</system.web>
You enabled membership SqlRoleProvider, which use the role store in the default SQL Express instance in a database in your Web site's \app_dir folder.
If you open your machine.config, you'll find:
<connectionStrings>
<add name="LocalSqlServer"
connectionString="data source=.\SQLEXPRESS;Integrated Security=SSPI;
AttachDBFilename=|DataDirectory|aspnetdb.mdf;User Instance=true"
providerName="System.Data.SqlClient"/>
</connectionStrings>
.
.
.
<roleManager>
<providers>
<add name="AspNetSqlRoleProvider" connectionStringName="LocalSqlServer" ...
</providers>
</roleManager>
Most likely you don't have SQL Express installed, and that's why you are getting timeouts and SQL exceptions.
For ASP.NET Identity DON'T use System.Web.Security.Roles (it is part of the ASP.NET Membership) but use Microsoft.AspNet.Identity.RoleManager instead.
I have a .NET Web solution with an Azure Cloud Service project and a single webrole. I deploy it to the East coast West coast data/compute centers for failover purposes and have been asked to automate the deployment using Powershell MSBuild and Jenkins.
The problem is i need to change the Sql Azure database connectionString in the Web.config prior to packaging and publishing to each deployment. Seems simple enough.
I understand that the webrole properties Settings tab allows you to add custom configuration properties to each deployment with a type of either "string" or "Connection String" but it looks like the "Connection String" option applies to only Blob, Table or Queue storage. If I use the "String" and give it an Sql Azure connection string type it writes it out as an key/value pair and Entity Framework and the Membership Provider do not find it.
Is there a way to add a per-deployment connection string setting that points to Sql Azure?
Thanks,
David
Erick's solution is completely valid and I found an additional way to solve the problem so I thought I'd come back and put it up here since I had such trouble finding an answer.
The trick is getting the Entity Framework and any providers like asp.net Membership/profile/session etc... to read the connection string directly from the Azure service configuration rather than the sites web.config file.
For the providers I was able to create classes that inherit the System.Web.Providers.DefaultMembershipProvider class and override the Initialize() method where I then used a helper class I wrote to retrieve the connection string using the RoleEnvironment.GetConfigurationSettingValue(settingName); call, which reads from the Azure service config.
I then tell the Membership provider to use my class rather than the DefaultMembershipProvider. Here is the code:
Web.config:
<membership defaultProvider="AzureMembershipProvider">
<providers>
<add name="AzureMembershipProvider" type="clientspace.ServiceConfig.AzureMembershipProvider" connectionStringName="ClientspaceDbContext" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" requiresUniqueEmail="false" maxInvalidPasswordAttempts="5" minRequiredPasswordLength="6" minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10" applicationName="/" />
</providers>
Note the custom provider "AzuremembershipProvider"
AzuremembershipProvider class:
public class AzureMembershipProvider : System.Web.Providers.DefaultMembershipProvider
{
public override void Initialize(string name, System.Collections.Specialized.NameValueCollection config)
{
string connectionStringName = config["connectionStringName"];
AzureProvidersHelper.UpdateConnectionString(connectionStringName, AzureProvidersHelper.GetRoleEnvironmentSetting(connectionStringName),
AzureProvidersHelper.GetRoleEnvironmentSetting(connectionStringName + "ProviderName"));
base.Initialize(name, config);
}
}
And here's the helper class AzureProvidersHelper.cs:
public static class AzureProvidersHelper
{
internal static string GetRoleEnvironmentSetting(string settingName)
{
try
{
return RoleEnvironment.GetConfigurationSettingValue(settingName);
}
catch
{
throw new ConfigurationErrorsException(String.Format("Unable to find setting in ServiceConfiguration.cscfg: {0}", settingName));
}
}
private static void SetConnectionStringsReadOnly(bool isReadOnly)
{
var fieldInfo = typeof (ConfigurationElementCollection).GetField("bReadOnly", BindingFlags.Instance | BindingFlags.NonPublic);
if (
fieldInfo != null)
fieldInfo.SetValue(ConfigurationManager.ConnectionStrings, isReadOnly);
}
private static readonly object ConnectionStringLock = new object();
internal static void UpdateConnectionString(string name, string connectionString, string providerName)
{
SetConnectionStringsReadOnly(false);
lock (ConnectionStringLock)
{
ConnectionStringSettings connectionStringSettings = ConfigurationManager.ConnectionStrings["name"];
if (connectionStringSettings != null)
{
connectionStringSettings.ConnectionString = connectionString;
connectionStringSettings.ProviderName = providerName;
}
else
{
ConfigurationManager.ConnectionStrings.Add(new ConnectionStringSettings(name, connectionString, providerName));
}
}
SetConnectionStringsReadOnly(true);
}
}
The key here is that the RoleEnvironment.GetConfigurationSettingValue reads from the Azure service configuration and not the web.config.
For the Entity Framework that does not specify a provider I had to add this call to the Global.asax once again using the GetRoleEnvironmentSetting() method from the helper class:
var connString = AzureProvidersHelper.GetRoleEnvironmentSetting("ClientspaceDbContext");
Database.DefaultConnectionFactory = new SqlConnectionFactory(connString);
The nice thing about this solution is that you do not end up having to deal with the Azure role onstart event.
Enjoy
dnash
David,
A good option is to use the Azure configurations. If you right click on the Azure project, you can add an additional configuration. Put your connection string(s) in the correct configuration (e.g., ServiceConfiguration.WestCoast.cscfg, ServiceConfiguration.EastCoast.cscfg, etc).
In your build script, pass the TargetProfile property to MSBuild with the name of the configuration, and those settings will be built into the final cscfg.
Let me know if you run into any problems. I did the approach, and it took a few tries to get it working right. Some details that might help.
Erick
I'm trying to add to a MVC4 webapi project the simple membership provider authentication mechanism found in a MVC 4 web application project, for a hybrid application serving its pages with a rich JS content, which uses AJAX calls to webapi actions to perform its tasks. I need the app users to authenticate before they can work with the apps provided in these pages, so I think I'll be fine with the forms authentication. I thus need to add it to the existing WebApi project and let my authorized-only actions return a 302 (redirect user to login page) rather than a 401.
Anyway, I'm missing something because as soon as I try to use a WebSecurity method I get the following exception:
System.InvalidOperationException was caught
Message=To call this method, the "Membership.Provider" property must be an instance of "ExtendedMembershipProvider".
Source=WebMatrix.WebData
Could anyone suggest a fix? Here are the steps I took for adding authorization:
1) Web.config: add to system.web:
<authentication mode="Forms">
<forms loginUrl="~/Account/Login" timeout="2880" />
</authentication>
Add to appsettings (the 2nd entry is for replacing 401 with 302):
<add key="enableSimpleMembership" value="true"/>
<add key="webapi:EnableSuppressRedirect" value="false" />
Also remove profile, membership and rolemanager sections from the original template (they are not intended to be used with simple membership).
2) add NuGet packages for OpenAuth (DotNetOpenAuth Core, DotNetOpenAuth ext for ASP.NET, DotNetOpenAuth 1.0(a) consumer, DotNetOpenAuth 1.0(a), DotNetOpenAuth OpenID Core, DotNetOpenAuth OpenID Relying Party).
3) add InitializeSimpleMembership.cs to Filters (the code is pretty standard, see below).
4) copy from an MVC web app project the models in AccountModels.cs, all the views in Views/Account, and the AccountController.cs.
The InitializeSimpleMembership code is here:
[AttributeUsage(AttributeTargets.Class | AttributeTargets.Method, AllowMultiple = false, Inherited = true)]
public sealed class InitializeSimpleMembershipAttribute : ActionFilterAttribute
{
private static SimpleMembershipInitializer _initializer;
private static object _initializerLock = new object();
private static bool _isInitialized;
public override void OnActionExecuting(ActionExecutingContext filterContext)
{
LazyInitializer.EnsureInitialized(ref _initializer, ref _isInitialized, ref _initializerLock);
}
private class SimpleMembershipInitializer
{
private static void SeedData()
{
// seed data: users and roles
if (!WebSecurity.UserExists("TheAdminGuyName"))
WebSecurity.CreateUserAndAccount("TheAdminGuyName", "password");
if (!Roles.RoleExists("administrator")) Roles.CreateRole("administrator");
if (!Roles.IsUserInRole("TheAdminGuyName", "administrator"))
Roles.AddUserToRole("TheAdminGuyName", "administrator");
}
public SimpleMembershipInitializer()
{
Database.SetInitializer<UsersContext>(null);
try
{
using (var context = new UsersContext())
{
if (!context.Database.Exists())
{
((IObjectContextAdapter)context).ObjectContext.CreateDatabase();
}
}
WebSecurity.InitializeDatabaseConnection("DefaultConnection", "User", "UserId", "UserName", autoCreateTables: true);
SeedData();
}
catch (Exception ex)
{
throw new InvalidOperationException("The ASP.NET Simple Membership database could not be initialized. For more information, please see http://go.microsoft.com/fwlink/?LinkId=256588", ex);
}
}
}
}
This might be relevant, as it mentions your error specifically:
http://weblogs.asp.net/jgalloway/archive/2012/08/29/simplemembership-membership-providers-universal-providers-and-the-new-asp-net-4-5-web-forms-and-asp-net-mvc-4-templates.aspx
New to MVC 4. What I do not want to do is used the built-in Account management that comes with MVC 4. However, I have created an Account folder under Views, an AccountModel, and AccountController.
What I would like to do is restrict access to Views within the Account folder. for this, in my AccountController, I use the following:
[Authorize]
public class AccountController : Controller
{
[AllowAnonymous]
public ActionResult Login(string returnUrl)
{
ViewBag.ReturnUrl = returnUrl;
return View();
}
public ActionResult bob()
{
return View();
}...
On my home page, I have a link to the bob view under the Accounts view which now reroutes me to the login page (which is correct).
Now, upon form submittal, with the right credentials (anything goes) I should be able to see bob, but instead I am redirected back to the Login because I was not authorized. The code:
public ActionResult Login(LoginModel model, string returnUrl)
{
if (ModelState.IsValid)
{
return RedirectToLocal(returnUrl);
}...
I do not want to use the built-in connect to the DB, but rather what do I need to check the username against a string and then keep an authorization = true so that I can view bob?
In the long run, I plan on connecting to a DB and pulling info back with a SPROC, so right now, I just want the user to be authenticed based upon a string that is checked.
You continue to be Redirected until ASP.net sees a Forms Authenticated cookie.
FormsAuthentication.SetAuthCookie(theUsersNameasString, boolForSessionOrPersistentCookie);
Assuming your Web.Config is configured for Forms Authentication
<authentication mode="Forms">
<forms loginUrl="~/Account/Login" timeout="2880" />
</authentication>
ASP.Net will look for .ASPXAUTH cookie unless the name of this cookie was altered in WEB.CONFIG