Thursday, September 11, 2008

To install the membership database

Open the Visual Studio 2005 command prompt, and run the following command: aspnet_regsql.exe -E -S localhost -A m

Where:

  • -E indicates authenticate using the Windows credentials of the currently logged on user.
  • -S (server) indicates the name of the server where the database will be installed or is already installed.
  • -A m indicates add membership support. This creates the tables and stored procedures required by the membership provider.

aspnet_regsql.exe on it's own bring up a wizard which can be used to create the procedure


Web.config Settings

Athentication Mode needs to be changed from "Windows" to "Forms"

  • loginUrl points to the login page. You should place this in a folder that requires Secure Sockets Layer (SSL) for access.
  • protection is set to "All" to specify privacy and integrity for the forms authentication ticket.
  • timeout is used to specify a limited session lifetime.
  • name and path are set to unique values for the current application.
  • requireSSL is set to "false". This configuration means that authentication cookie can be transmitted over channels that are not SSL-protected. If you are concerned about session hijacking, you should consider setting this to "true". For more information, see Additional Considerations in this document.
  • slidingExpiration is set to "true" to enforce a sliding session lifetime. This means that the timeout is reset after each request to your application.
  • defaultUrl is set to the Default.aspx page for the application.
  • cookieless is set to "UseCookies" to specify that the application uses cookies to send the authentication ticket to the client.
  • enableCrossAppRedirects is set to "false" to indicate that the application cannot redirect requests outside the application scope.

Example:


<authentication mode="Forms">

<forms name="FormLogIn"loginUrl="login.aspx"
protection="All"
requireSSL="false"
timeout="10"
slidingExpiration="true"/>
</authentication>

<membership defaultProvider="SQLMembershipProvider">

<providers>
<clear/>
<add
name="SQLMembershipProvider"
type="System.Web.Security.SqlMembershipProvider"
connectionStringName="RUMC_ConnectionString"
enablePasswordRetrieval="False"
enablePasswordReset="True"
requiresQuestionAndAnswer="True"
requiresUniqueEmail="True"
passwordFormat="Hashed"
maxInvalidPasswordAttempts="3"
/>
</providers>
</membership>

<roleManager
enabled="true" defaultProvider="SQLRoleProvider">
<providers>
<clear/>
<add

name="SQLRoleProvider" type="System.Web.Security.SqlRoleProvider"

connectionStringName="RUMC_ConnectionString"

/>

</providers>
</roleManager>

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)