.NET Tutorials, Forums, Interview Questions And Answers
Welcome :Guest
Sign In
Win Surprise Gifts!!!

Top 5 Contributors of the Month
Gaurav Pal
Post New Web Links

information on membership/authentication

Posted By:      Posted Date: September 05, 2010    Points: 0   Category :ASP.Net
Hi all,I am having a hard time deciding what sort of authentication method to use in my project.I will give you a run down on what I am trying to do.I am developing a project to use internally, but this project will probably be released main stream at one point. The user authentication needs custom fields defined for access to certian parts of the program. Now I don't fully understand the membership function in ASP.NET. But, can I use the default SQL provider for this? For example, we have an admin user that only has access to accounts. How can we specify this using the memembership system. How can I then create a user, who might be a customer who is only allowed to see their data.Basically I need to set a whole bunch of custom stuff in the database. Can this be achieved using the existing membership system?

View Complete Post

More Related Resource Links

Who Goes There?: Upgrade Your Site's Authentication with the New ASP.NET 2.0 Membership API


Here Dino Esposito and Andrea Saltarello cover the plumbing of the Membership API and its inherently extensible nature, based on pluggable providers. To demonstrate the features, they take an existing ASP.NET 1.x authentication mechanism and port it to ASP.NET 2.0, exposing the legacy authentication mechanism through the new Membership API.

Dino Esposito and Andrea Saltarello

MSDN Magazine November 2005

Planning common membership provider for different authentication providers

I am trying to implement form based authentication (FBA) membership provider that is able to support multiple authentication mechanisms. Take it as an self-training experiment. In this posting I will introduce bases of my experiment and introduce my current plans and ideas. Why membership provider for multiple authentication mechanisms? There are many people in the world who are users of some social network or some open services provider. Today Facebook and Twitter are very popular social networks. Also Google and Microsoft Live services are very popular although they are not social networks. But all mentioned systems provide their own authentication channels also to other applications. The question is: why should I have another username and password if I have already one at some of systems I mentioned before? Here, in Estonia, we are building local Microsoft community portal with local Microsoft. We analyzed the situation and decided to use Live ID as authentication mechanism in our portal. We were a little it worried too because we were afraid that there are load of users who are not happy with Live ID as authentication mechanism. And guess what - as time has shown us there is no reason to worry! Our ~2000 users (Estonia is small country) are all happy with Live ID and the ones who doesn't have Live ID yet can go and join Live ID - it's free. If you have no idea where I l

Use ASP.NET Membership store for user settings with Windwos Authentication

I am evaluating ASP.NET Membership for an intranet Silverlight app. I want users to be automatically authenticated for my application with their windows logon.Thus I configured Windows Authentication.I would like to store user settings like email-address in using the SqlMembershipProvider and not AD. It seems that storing user settings using the SqlMembershipProvider is not supported with Windows Authentication. Is this really so (using .NET 4)? If so: What is the rationale behind this?IMHO authentication, user settings and authorization are distinct aspects.User settings could easily be stored (identified by user name) using the SqlMembershipProvider with authentication and password management being supplied by Windows. What is the recommended solution for my scenario?

WCF Membership Authentication and Winform Client Application Services

I am needing more validation of what I am doing versus solving a problem. I have a winforms application that uses Client Application Services to validate a user against a customer membership provider all over SSL.  This works fine.  My winforms application validates correctly. The winforms application uses WCF to call services that are installed on the same IIS server that is providing the membership services for the Client Application Services.  The WCF services use wsHTTP binding, transport security, username credentials, and validate against the same membership provider as the Client Application Services. It appears that although the service and Client Application Services are at the same URL, they do not share credentials between them.  Ideally, once I log into Client Application Services, any calls to a WCF service at that location would be automatically authenticated.  However, this is not true.  I have to pass the username and password into the credentials for the WCF service.  This works as expected where the username and password are validated prior to allowing a service call.  On subsequent services calls, it does not validate again since it has established the secure channel. So, does this sound like the best approach?  Is there a way to pass credentials from the Client Application Services to WCF automatically?  I

Authentication and ASPXAUTH size when using Client Application Services; MemberShip.ValidateUser alw


Apologies if this is the incorrect forum. Please let me know if it should have been posted elsewhere. Please let me know if I need to clarify anthing. Thanks in advance for any suggestions, direction pointing, etc.
I have been using all three features of  client application services (authentication, profiles, and roles) in my windows app (DotNet 3.5 framework) for almost two years now. Up until now, I have not had any problems. This week I hit a brick wall and am pretty stumped with two seperate but related issues.

In development, we decided to upgrade our websites/services to DotNet 4.0. All applications upgraded successfully. However we are unable to log into our application using Client Application services. No matter what user we use, Membership.ValidateUser returns false. Since we know the username and passwords, we thought this was strange. When debugging the application, we found that Membership.ValidateUser was throwing an InvalidOperationException (see below for complete exception) stating that the ASPXAUTH property was too long, longer that the schema created in the SQL/CE database. (See below for things tried).

In production .. A user all of the sudden could no longer gain access to the application. Upon inspection, his ASPXAUTH cookie was 264 characters long (9 characters longer than the schemas nvarchar(256)). E

ASP.Net membership Authentication and ASPXAUTH cookie size


Apologies if this is the incorrect forum, I did already try to post in the Windows WPF forum but "Bob" said I should post here.. Please let me know if it should have been posted elsewhere. Also, let me know if I need to clarify anthing. Thanks in advance for any suggestions, direction pointing, etc.

Without reading the whole text below, since this is on the ASP.Net side  ... basically I think I need to know if there is a way to reduce the size of the forms authentication cookie. When using a DotNet 2.0 website, the ASPXAUTH cookie is about 232 bytes ... when using the same source code but upgraded to DotNet 4.0. the cookie is approximately 264 bytes, setting the ticketCompatabilityMode does not reduce the size since I think the default setting is Framework20. I length of the cookie, including the its' name can not be larger than 256 bytes in order to use it with the "Client Application Services".

I only did a cursory search of the asp.net forums, but will dilligently look for an existing solution.

Again, thanks in advance for any assistance.
I have been using all three features of  client application services (authentication, profiles, and roles) in my windows app (DotNet 3.5 framework) for almost two years now. Up until now, I have not had any probl

After membership authentication,no redirection to the original page occurs.Why?



I am sorry. I wrote a similar post. Maybe i didn't make myself clear so nobody gives me a reply. So I rewrote my question:

We have multiple web applications(in one machine), we want all those  web applications to be authenticated by a single login page, that is, after logging in, you can visit any page in all those web applications. The login page is placed in a dedicated web application called Membership. The following is the config of the Membership web app.

    <add name="MyMembershipConnString" connectionString="server=.;database=aspnetdb;trusted_connection=true" providerName="System.Data.SqlClient"/>


<membership defaultProvider="MyMembershipProvider">
        <add name="MyMembershipProvider" type="System.Web.Security.SqlMembershipProvider"
        connectionStringName="MyMembershipConnString" enablePasswordRetrieval="false"
        enablePasswordReset="true" requiresQuestionAndAnswer="true" applicationName="MyMembership"

How to get more information about the exceptions that can happen in SharePoint 2010 projects?

In case there is an exception anywhere in the SharePoint 2010 project (most common place an exception would happen is during deployment of your SharePoint project, custom deployment configuration or custom deployment steps), there's a registry key EnableDiagnostics available for you to use.

Explained: Forms Authentication in ASP.NET

This module explains how forms authentication works in ASP.NET version 2.0. It explains how IIS and ASP.NET authentication work together, and it explains the role and operation of the FormsAuthenticationModule class.

Using Forms Authentication in ASP.NET - Part 1

Classic ASP developers often had to "roll their own" authentication scheme, however, in ASP.NET much of the grunt work has been taken out. This article outlines how things have changed and how FormsAuthentication can be used to secure a Web site with a minimal amount of code.

ASP.NET Forms Authentication - Part 1

Often, in legacy Web applications, users authenticate themselves via a Web form. This Web form submits the user's credentials to business logic that determines their authorization level. Upon successful authentication, the application then submits a ticket in the form of a cookie, albeit a hard cookie or session variable. This ticket contains anything from just a valid session identification access token to customized personalization values.

ASP.NET forms authentication with roles

.A timeout is specified in minutes. This is "time since last request" not the "time since login". If a login is indicated to be persistent (described later) this is ignored.
.A protection method is specified for the cookie.
Next I wanted to specify a folder to which access is restricted to people who have logged in. To do this I entered the following code in the web.config file (beneath

Forms Authentication in ASP.NET

In this tutorial you will learn about Forms Authentication in ASP.NET 2.0 - Forms Authentication class, Cookie Domain, Forms Cookies, The Login Control, Signin, Signout, Authenticate, Redirect, Login Status, Login Name and Login View Controls.

Web Matrix + Windows Authentication


I'm curious if its possible to get windows auth working with asp.net webpages/webmatrix.

I've got it published to IIS with windows auth turned on and anonymous/forms/basic turned off.

I'm guessing the WebSecurity Helper probably won't work here but can you access User.Identity.Name etc?

Sorry for the newbie questions, I've only just started working with asp.net ^^,

Problems with Forms Authentication in DD 4 site


Hello,  I am seeing a strange problem with Forms Authentication in my DD site.   A user logs into and can view/edit/delete data all day, but when they execute a Custom Filter against data (for example , a control DynamicData/Filters/CustomerLastNameSearch.ascx ) then the site auth fails, and redirects to the log in screen.

in web.config I have

     <authentication mode="Forms">
            <forms name=".Star" loginUrl="~/Login.aspx" protection="All" defaultUrl="~/Default.aspx" path="/" timeout="43200" cookieless="UseCookies" />     

Offhand, I am thinking two things : that DynamicData/Filters path requires some special handling for some reason, or the control extension ascx is causing auth to get confused.   Has anyone else experienced this or have any suggestions?  Thanks!

Multiple membership providers



In my web.config I have:

        <add name="ADProvider1"
        <add name="ADProvider2"

If I just have ADProvider1 it works, when I add ADProvider2, even though for testing I only use ADProvider1 I get an error: "Unable to establish secure connection with the server"

Am I adding the second provider to the membership section incorrectly?



Replacement options for Membership


Hi everyone,
     I tried to use Microsoft's Membership option for signing up new users and authenticating them on subsequent pages, but it has not worked very well. The biggest issue has been with the REMEMBER ME function. With this checked, I am randomly logged out in the middle of some functions and some pages always show me as not authenticated, while others properly show me as authenticated. I built a site based on VB.
I was wondering what other people are using ro register users and monitor authentication and also if anyone has had better experiences with other solutions. 

Hi everyone,

     I tried to use Microsoft's Membership option for signing up new users and authenticating them on subsequent pages, but it has not worked very well. The biggest issue has been with the REMEMBER ME function. With this checked, I am randomly logged out in the middle of some functions and some pages always show me as not authenti

ASP.NetWindows Application  .NET Framework  C#  VB.Net  ADO.Net  
Sql Server  SharePoint  Silverlight  Others  All   

Hall of Fame    Twitter   Terms of Service    Privacy Policy    Contact Us    Archives   Tell A Friend