Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 638
  • Last Modified:

Using the same membership for multiple websites in asp.net

Background:
I have four websites that allow users to enter information into different tables in a  database. Now I need to restrict access to the pages in each website.  I want to set up one membership that each webiste can use.

Currently:
I've set up a membership for logging in to website 1.  I used the asp.net configuration in the solution explorer (to automatically create the ASPNET.MDF), and added several users.  The log in controls (log in / log out / change password) work fine on website  1.

Now I would like for website 2 to use the same login database to log in and change passwords etc.  I added the connection to the membership database in the server explorer, but I'm not sure what I'm supposed to do with the web.config file in order for my log in controls in website 2 to use the membership from website one.  

My web.config file in website 1 just displays the connection string to my data entry database:

<connectionStrings>
    <add name="myConnectionString" connectionString="...string info here......"
</connectionStrings>

The web.config in website 2 displays the connection strings to the data entry database and the new aspnet database:

<connectionStrings>
    <add name="myConnectionString" connectionString="...string info here......"
    <add name="ASPNETConnectionString" connectionString="...string info here......"
</connectionStrings>

I added login controls to website 2, but they are unable to retrieve the log in information from the ASPNET database.


Any help is appriciated,

Thanks
0
CoopIS
Asked:
CoopIS
  • 2
  • 2
1 Solution
 
Alan WarrenCommented:
<listening>
0
 
Roopesh ReddyIT AnalystCommented:
Hi,

You have to keep the database in common location and accessed by the two web application!

So you cannot keep the database in App_Data folder of one web application!

Hope it helps u...
0
 
Alan WarrenCommented:
I don't see an issue with this, the asp .net membership server is geared for multiple applications.

If you have a hosted sql server db, with the membership objects (tables, stored procedures and views) installed. And you have a valid login to for the db, from which you can create a valid connection string; then any number of sites can implement that membership server to manage their member base.

Step 1 - Create a hosted SQL Database with valid login credentials, your host will usually provide this info.

Step 2 - Migrate the asp .net membership objects to the hosted SQL db using aspnet_regsql.exe, more info here.

Step 3 - Create a new web site using VS or VWDE, name site1

Step 4 -  Repeat steps 3 and 4 for a new site named site2.

Step 5 - Modify the web.config of both sites to implement the hosted membership server db.

This means populating all instances of ApplicationName="xxx" in the web.configs with your site name ApplicationName="site1" and ApplicationName="site2" respectively.

And modify the connection string to connect to the hosted db.

Example: Web.config for site1: (site2 web.config is the same except for the ApplicationName= parts.)
<?xml version="1.0"?>
<!--
  For more information on how to configure your ASP.NET application, please visit
  http://go.microsoft.com/fwlink/?LinkId=169433
  -->
<configuration>
  <connectionStrings>
     <remove name="cn"/>
    <add name="cn" connectionString="Data Source=someserver;Initial Catalog=SessionTest;Connect Timeout=15; pooling='true'; Max Pool Size=200;Persist Security Info=True;User ID=someuser;Password=somepwd" providerName="System.Data.SqlClient"/>
  </connectionStrings>
  <system.web>
    <compilation debug="true" strict="false" explicit="true" targetFramework="4.0"/>
    <authentication mode="Forms">
      <forms loginUrl="~/Account/Login.aspx" timeout="5"/>
    </authentication>
    <membership>
      <providers>
        <clear/>
        <add name="AspNetSqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider" connectionStringName="cn" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" requiresUniqueEmail="false" maxInvalidPasswordAttempts="5" minRequiredPasswordLength="6" minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10" applicationName="site1"/>
      </providers>
    </membership>
    <profile>
      <providers>
        <clear/>
        <add name="AspNetSqlProfileProvider" type="System.Web.Profile.SqlProfileProvider" connectionStringName="cn" applicationName="site1"/>
      </providers>
    </profile>
    <roleManager enabled="false">
      <providers>
        <clear/>
        <add name="AspNetSqlRoleProvider" type="System.Web.Security.SqlRoleProvider" connectionStringName="cn" applicationName="site1"/>
        <add name="AspNetWindowsTokenRoleProvider" type="System.Web.Security.WindowsTokenRoleProvider" applicationName="site1"/>
      </providers>
    </roleManager>
  </system.web>
  <system.webServer>
    <modules runAllManagedModulesForAllRequests="true"/>
  </system.webServer>
</configuration>

Open in new window


Step 6 - Run each site and use the asp .net configuration tool in the solution explorer to create a new user for each site.asp .net configuration tool
Step 7 - Check the records on the aspnet_applications and aspnet_users tables in the db.
They should return results similar to this:
SELECT [ApplicationId]
      ,[UserId]
      ,[UserName]
FROM [dbo].[aspnet_Users]

ApplicationId	UserId	UserName
677098AD-CB22-49F3-BB48-875D423DA875 | 0F1FEB6F-371F-4F93-8A9C-41106199C309 | Site2_User
A6E4EDBC-A9DB-4093-A1F5-AC46CB959F36 | 67C1224E-96E8-4E04-A91E-80658B9827E0 | Site1_User

SELECT [ApplicationName]
      ,[ApplicationId]
FROM [dbo].[aspnet_Applications]

ApplicationName	ApplicationId
site1	| A6E4EDBC-A9DB-4093-A1F5-AC46CB959F36
site2	 | 677098AD-CB22-49F3-BB48-875D423DA875

Open in new window

P.S. you can do all this on localhost if you have Sql Server and Sql Server management Studio installed.

Alan ";0)
0
 
CoopISAuthor Commented:
Thanks for all the responses.  I don't have sql server management studio on my current computer, am I am unable to run aspnet_regsql.exe.

I will have to wait to test this until later this week when I get my new computer at work with SSMS.


Cooper IS
0
 
CoopISAuthor Commented:
Thank you Alan.

 I just got my new pc with ssms on it and was able to use the same membership database on all my websites by following your instructions.

Cooper IS
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now