• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 278
  • Last Modified:

Newbie, looking for samples on best practices of creating users for web site

I'm realatively new to ASP.net and I'm trying to figure out the best practice for managing users for a web site.

I want to know how to create a login screen where new users register by creating a user account and PW in a SQL DB and then log them on.  Question.. should I create a new user within SQL server or should I store the accounts as records in a table?

Also, when this function is performed  I asume I should use a stored account with administer rights to open the database first, then create the user.

I need sample code with comments explainging what's going on.  this way i can modify it to work on my machine and debug it and watch the process in order to learn.

how is this process most widely handled?

0
Steve7423
Asked:
Steve7423
  • 13
  • 11
2 Solutions
 
dabitbolCommented:
Hi,

If you are using ASP.Net 2.0 using VS 2005 use the ASP.NEt Website administration tool. Pretty straight forward and uses SQL Express.  Then you create a login.aspx web form and drag a user login control. Pretty Straight forward.

Look at this article: http://msdn2.microsoft.com/en-us/library/879kf95c(VS.80).aspx

Good Luck!
0
 
mmarksburyCommented:
ASP.NET has a lot of built in controls for this purpose as dabitbol has mentioned.

It sounds like you're still learning the web-app to DB connectivity.  I'd recommend you create a simple table (userId, username, password) in SQL, and build a simple page to login.  That will get you going on how the web-app to DB stuff works, which you'll need to know for other types of data access that ASP.NET does not provide.

There's a lot of great starer kits available at http://www.asp.net where you can download the code and the Databases and see different design approaches.  It's good to use the tools .NET provides because it saves you time, but it's also bad to ONLY use those, and not have the core competencies to build what you need, when you need it.

Good luck!
0
 
Steve7423Author Commented:
hey thanks guys.  I've just installed 2005 and will be testing each of your suggestions.  I'm familiar with App to DB connections but I'm curious to know the best practice for web login methods as it's a little different than windows forms.

give me a couple of days to digest your suggestions.

thanks

Steve.
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
Steve7423Author Commented:
dabitbol, I'm looking at some SQL express documentation and it appears to be a monolithic bear to administer.  there are so many questions I'm afraid to install it.  I can't see how the benefit out weighs the crap to get it working.  your feedback?
0
 
dabitbolCommented:
Well, actually SQL Server Express is pretty good when used with the good  tools. Problem is as you said to administer since Microsoft doesn't provide by default the necessary tools. But, of course their is solutions. After you install it consider installing the following:


1) http://www.microsoft.com/downloads/details.aspx?familyid=82afbd59-57a4-455e-a2d6-1d4c98d40f6e&displaylang=en

It is the Management Studio for Express, it is exactly the same as the you would use for pro, but designed to manage express editions of SQL Server Express.

Next month, you'll see SP1 with even advanced features which you can download the Preview Release here:

http://www.microsoft.com/downloads/details.aspx?familyid=57856cdd-da9b-4ad0-9a8a-f193ae8410ad&displaylang=en

Good Luck!
0
 
Steve7423Author Commented:
I assume it's possible to use sql server as the DB for the controls, correct?  I'm looking into this as well, as that's the default on my system.
0
 
dabitbolCommented:
Of course, if you want to use a regular db with these controls, you just have to prep them beforehand and use a SQLMemeberShipProvider as detailed here:

http://msdn2.microsoft.com/en-us/library/system.web.security.sqlmembershipprovider(VS.80).aspx

In addition you need to use a SQLProfileProvider as detailed here:

http://msdn2.microsoft.com/en-US/library/system.web.profile.sqlprofileprovider(VS.80).aspx
0
 
Steve7423Author Commented:
Ok, I'm official stupid.  

what am I doing wrong.

process:

I create a new blank web site.  I create a connection with the sqlconnection control.  then I add a login control via the wizard.  the part of the wizard that tests the aspnetsqlmembershipprovider returns the error; "can not make connection with the database."  

In the database connection control I've established the connection and tested it and it works fine.  why won't the membrshipprovider work?  what am i missing?
0
 
dabitbolCommented:
You need to configure the website first, go to Website -> Website administration tool
0
 
dabitbolCommented:
Sorry Website -> ASP.Net configuration
0
 
Steve7423Author Commented:
ok, I'm encountering an error: unable to connect to data store.  I'm looking into what might be causing this.  strange thing though, if I create a sqlconnection and test the connection it works but it won't work when testing the providers through the admin tool.  I'm not loged on as administrator, SQL server seems to be working fine, but through asp it causes the error.  I suspect it's permission based.

stay tuned.

0
 
Steve7423Author Commented:
Hey guys, I can't seem to overcome this connection problem.  I've re-installed SQL twice and I've gone in and set the properties and allowed remote connections, and registered the server.  I'm using the localhost server.  I've gone into VS and created a connection object pointing to the server and DB I want and tested it and it works fine.  I then go into website configuration.  On the provider tab I test the aspnetsqlprovider and I get the error;

"Could not establish a connection to the database. If you have not yet created the SQL Server database, exit the Web Site Administration tool, use the aspnet_regsql command-line utility to create and configure the database, and then return to this tool to set the provider."

I opened the aspnet_regsql utility the msg displayed is " you should now configure your provider for membership, role, personalization, to reflect changes made.... bla bla..

Ok, Question, do you know how to configure the provider and get this working?  I'll open a new question with your name with new points as this is a side question.
0
 
dabitbolCommented:
I just did this the other day, here are the steps I did:

1) Created a Blank Database, I gave the appropriate rights (ASPNET User, you, whatever is running the app or in your connection string)

2) Ran the aspnet_regsql on that db

3) Modified my web.config file to register the providers (as explained in the links I provided):

<configuration>
  <connectionStrings>
    <add name="SqlServices" connectionString=
      "Data Source=localhost;Integrated Security=SSPI;Initial Catalog=aspnetdb;" />
  </connectionStrings>

  <system.web>
    <authentication mode="Forms" >
      <forms loginUrl="login.aspx" name=".ASPXFORMSAUTH" />
    </authentication>
    <authorization>
      <deny users="?" />
    </authorization>
    <membership defaultProvider="SqlProvider"
      userIsOnlineTimeWindow="15">
      <providers>
        <clear/>
        <add name="SqlProvider"
          type="System.Web.Security.SqlMembershipProvider"
          connectionStringName="SqlServices"
          applicationName="SampleApplication"
          enablePasswordRetrieval="true"
          enablePasswordReset="true"
          passwordFormat="Encrypted"
          requiresQuestionAndAnswer="true" />
      </providers>
    </membership>

    <profile defaultProvider="SqlProvider">
      <providers>
        <clear />
        <add name="SqlProvider"
          type="System.Web.Profile.SqlProfileProvider"
          connectionStringName="SqlServices"
          applicationName="SampleApplication"
          description="SqlProfileProvider for SampleApplication" />
      </providers>

      </profile>
  </system.web>
</configuration>

4) Created a page called login.aspx, put a login control, set his provider property to SQLProvider

5) Open the ASP.Net configuration website to test everything, check if you can add users and roles, specifically check if you see the sqlprovider if you in the providers tab and click advanced

6) If you get into trouble because of your connection, you have to check 3 things:

1 - Connection string: Check you instance name, usuallu COMPUTERNAME\SQLExpress if you use SQL Express

2) If you use Integrated Security (SSPI) Check that you gave the rights to the ASPNET User if your website runs in anonymous, or your username if you use integrated security

3) Check Windows Firewall or any firewall you would have that cna block the ports.

In any case just post you web.config if you get in any trouble

Good Luck
0
 
Steve7423Author Commented:
dabitbol, my steps:

1  went into the database that I want to connect to (adventureworks, sample DB).  under security I set the users and DB Rolls to full access.

2  opend the aspnet_regsql and configured for the adventureworks DB

3  changed the web config to yours, using the following connection:

<configuration xmlns="http://schemas.microsoft.com/.NetConfiguration/v2.0">
    <connectionStrings>
        <add name="AdventureWorksConnectionString" connectionString="Data Source="localhost;Integrated" Security="SSPI;Initial" Catalog="aspnetdb";/>
    </connectionStrings>

Question, should the catalog be set to adventureworks ?

4  placed a login control on the form.  opened administer website and got an error:
 System.Configuration.ConfigurationErrorsException: 'localhost' is an unexpected token
Along with a list of other things.

the old connection string was: Data Source=COMP2-28;Initial Catalog=AdventureWorks;Integrated Security=True"

I changed it to the following: COMP2-28;Integrated" Security="SSPI;Initial" Catalog="adventureworks";/>

Still get: System.Configuration.ConfigurationErrorsException: 'COMP2-28' is an unexpected token

thoughts????
0
 
Steve7423Author Commented:
I changed the connection string and ran the regsql utility again using the adventureworks DB. removed the login control and replaced it with new.  Opened the web configuration.  selected security tab.  folowing msg:

There is a problem with your selected data store. This can be caused by an invalid server name or credentials, or by insufficient permission. It can also be caused by the role manager feature not being enabled. Click the button below to be redirected to a page where you can choose a new data store.

The following message may help in diagnosing the problem: The connection name 'SqlServices' was not found in the applications configuration or the connection string is empty. Line 18

Current config file:

<configuration xmlns="http://schemas.microsoft.com/.NetConfiguration/v2.0">
    <connectionStrings>
      <add name="AdventureWorksConnectionString" connectionString="Data Source=COMP2-28;Initial Catalog=AdventureWorks;Integrated Security=SSPI"/>
    </connectionStrings>
  <system.web>
    <authentication mode="Forms" >
      <forms loginUrl="login.aspx" name=".ASPXFORMSAUTH" />
    </authentication>
    <authorization>
      <deny users="?" />
    </authorization>
    <membership defaultProvider="SqlProvider"
      userIsOnlineTimeWindow="15">
      <providers>
        <clear/>
        <add name="SqlProvider"
          type="System.Web.Security.SqlMembershipProvider"  (Line 18)
          connectionStringName="SqlServices"
          applicationName="website2"
          enablePasswordRetrieval="true"
          enablePasswordReset="true"
          passwordFormat="Encrypted"
          requiresQuestionAndAnswer="true" />
      </providers>
    </membership>

    <profile defaultProvider="SqlProvider">
      <providers>
        <clear />
        <add name="SqlProvider"
          type="System.Web.Profile.SqlProfileProvider"
          connectionStringName="SqlServices"
          applicationName="website2"
          description="SqlProfileProvider for website2" />
      </providers>

    </profile>
  </system.web>
</configuration>


what could I be missing in the adventureworks DB ??
0
 
dabitbolCommented:
Your web.config file is not right you need to change the connectionstringname on your providers:

<membership defaultProvider="SqlProvider"
      userIsOnlineTimeWindow="15">
      <providers>
        <clear/>
        <add name="SqlProvider"
          type="System.Web.Security.SqlMembershipProvider"  (Line 18)
          connectionStringName="AdventureWorksConnectionString"
          applicationName="website2"
          enablePasswordRetrieval="true"
          enablePasswordReset="true"
          passwordFormat="Encrypted"
          requiresQuestionAndAnswer="true" />
      </providers>
    </membership>

    <profile defaultProvider="SqlProvider">
      <providers>
        <clear />
        <add name="SqlProvider"
          type="System.Web.Profile.SqlProfileProvider"
          connectionStringName="AdventureWorksConnectionString
          applicationName="website2"
          description="SqlProfileProvider for website2" />
      </providers>

    </profile>
0
 
dabitbolCommented:
oops little quotes missing:

<profile defaultProvider="SqlProvider">
      <providers>
        <clear />
        <add name="SqlProvider"
          type="System.Web.Profile.SqlProfileProvider"
          connectionStringName="AdventureWorksConnectionString"
          applicationName="website2"
          description="SqlProfileProvider for website2" />
      </providers>

    </profile>
0
 
Steve7423Author Commented:
Ok, this got me to the security tab..a sigh of releif..thanks.  Now I enabled rolls under the manage roll section on this tab.  that worked.  Now I tried running the security setup wizard and I get the following error:

The following message may help in diagnosing the problem:  Unable to connect to SQL Server database. at System.Web.Administration.WebAdminPage.CallWebAdminHelperMethod(Boolean isMembership, String methodName, Object[]

good greif, they haven't made this easy.  Something is nagging me about windows authentication.  do I have to set up the adventureworks database to allow me as a user.  Meaning in Active Directory I've set up a user called steve with a PW and that's the user that's creating the web site.  does this user have to be added in the database as well?  I understand it's not recommended to build web sites under the administrator user, correct?  

also, there are no providers listed on the providers tab.

It's obvious that the connection string is the problem.  
0
 
dabitbolCommented:
About the integrated security, of course you have to add yourself as a user or ASPNET also. I would suggest creating users in your DB with Administrative Role, and pass those on you connection string like so:

User in the db:

user: myuser
pass: mypass

Connection sTring in web.config:

<connectionStrings>
      <add name="AdventureWorksConnectionString" connectionString="Data Source=COMP2-28;Initial Catalog=AdventureWorks;User Id=myuser;Password=mypass"/>
    </connectionStrings>

Beleive after working with over 50 websites, I know it sucks!
0
 
Steve7423Author Commented:
AAAhhhgggggtg !!!!!!

I'm losin hair on this.  on the security tab of the web site configuration wizard, I get the msg:

There is a problem with your selected data store. This can be caused by an invalid server name or credentials, or by insufficient permission. It can also be caused by the role manager feature not being enabled. Click the button below to be redirected to a page where you can choose a new data store.

The following message may help in diagnosing the problem: A connection was successfully established with the server, but then an error occurred during the login process. (provider: Shared Memory Provider, error: 0 - No process is on the other end of the pipe.)

this is what I have done so far;

1  In sql config mgr I made sure all protocols were enabled, stop - restart.  same err

2  In Ent Mgr under DB properties I set it to tcp, restart service, same err

3  In Ent Mgr set DB properties to share memory, restart service, same err on security tab of web config wizard.

4  My domain is called Elliott and the computer I'm running this on is called comp2-28, in the conn str I changed it to  
Data Source=Elliott\COMP2-28;  Got another error referencing default settings for remote connections.  I've set remote connections in SQL config mgr yesterday, so this puzzles me.

AAAHHHGGGGG   what's going on.

0
 
dabitbolCommented:
Your initial Datasource is ok, it should be COMP2-28 (or just put the ip).

Try this man, weird problem though:

http://forums.microsoft.com/MSDN/ShowPost.aspx?PostID=275050&SiteID=1
0
 
Steve7423Author Commented:
dabitbol, I'm still not able to get this working, however it's obvious the problem is on my end and you should be be rewarded for your help.  I would however like to open a new question so we could try and resolve my problem.  If you could continue to assist i would really appreciate it.  I have a list of actions that I have taken to try and resolve my problems, which I will post in the next question.  Perhaps we could trace through my steps together because there's abviously something I'm missing, and a second look on things from you might catch my flaw.

let me know if you would like to start another question?

steve.
0
 
Steve7423Author Commented:
mmarksbury; my appologies for taking so long.  I've had an endless array of problems that has consumed my time.  I had a quick look at the page you posted and there were a lot of good ideas there which I will definately implement.  Unfortunately, due to my inability to get my site working properly I haven't had a chance to use that site.  

thanks for the tip.

Steve.
0
 
dabitbolCommented:
No problem, if you need any help, I'll keep my eyes opened for the question, though I'm leaving for a business trip till next week,

good luck
0
 
Steve7423Author Commented:
Considering you're busy,I'm pressed for time and pulling my hair out :)  I'm going to post a question called "unable to connect to DB through asp config security wizard"  You've been extremely helpfull and If I figure it out I'd like to keep you in the loop.  I followed the instructions in your previous links and it's not working.  There's a lot of details left out of MS how to's and it's madening.

enjoy your trip.
0

Featured Post

Prep for the ITIL® Foundation Certification Exam

December’s Course of the Month is now available! Enroll to learn ITIL® Foundation best practices for delivering IT services effectively and efficiently.

  • 13
  • 11
Tackle projects and never again get stuck behind a technical roadblock.
Join Now