.NET Tutorials, Forums, Interview Questions And Answers
Welcome :Guest
Sign In
Win Surprise Gifts!!!

Top 5 Contributors of the Month
Gaurav Pal
Post New Web Links

ASP.NET 2.0 Membership Security

Posted By:      Posted Date: September 18, 2010    Points: 0   Category :ASP.Net
I have a website running on iis 5.1 with asp.net 2.0.  Where in the windows registry can I change the requirtements for some the security features?  For example,  I do not want to enforce strong passwords and I do not want to use the secret question and answer features. Thanks

View Complete Post

More Related Resource Links

Webshop Security - Membership provider useful?

Hello,I have to implement a small webshop. Basically it's just a website with a huge backend ERP System and with the possibility to sell one (yap, really only one!) product on the website. The only requirement is a MySQL Server. The backend is almost finished (about 95%) and is secured with the .net MemberShip Provider for MySQL (the one in MySql.Web from the MySql Connector .NET).Now to my question: I can set up the membership system easily but I do not need such things like username or password-question but I would need a reference to an address table to store the users home address. So, it is possible to change or customize the membership system to for eg. a unique customer id instead of the username column and set this in codebehind when the user is creating a new account? And is it possible to insert new users/customers from codebehind in an easy way? (I mean without checking each foreign key and inserting the customer reference to the userinrole table and so on...)Some tips appreciated.. :-)Thanks and regardsChris 

Membership as a security/administration model for upload/download of documents

Hi community, I'm working on a website where it should be possible for registered users to upload word documents. The administration of users is done through Membership and Profiles. When the documents have been uploaded, the following needs to be achieved: Non-registered users should not be allowed to download documents I should be able to control which users that has access to which documents I should be able to register which user downloads which documents I should be able to track how many times a document has been downloaded Can this be achieved be using Membership and Profiles? Thanks in advance Best regards Phecdaret

security for membership database


Hi folks,

I am working on an asp.net application with membership controls and the SQL Server database.  I have this put together, however it appears that adjustments need to be made to enhance security.  Many websites have membership features, so I was wondering if there are some blog posts that describe the steps that need to be made to enhance security.  Can someone make a few recommendations?


SharePoint Tutorial - Security

Security in SharePoint is comprised of users, groups and roles.

Users, Groups and Roles

A user account comes from the authentication system. For example, if Active Directory is used to authenticate then the user accounts will come from it.

There are two types of groups SharePoint uses: domain groups and SharePoint groups.

Asp.net web site security database


Hello all, I'm new to asp.net and I'm currently practising some few stuffs. I'm creating a hotel reservation system using ASP.net Web site in visual studio 2008 and I currently don't have an App_Data in my solution explorer unlike visual web developer.

1. I have planned to make users of the website login before making their reservations.

2. I have also planned to develop the website such that I will be able to know all reservations made by each user.

First and formost, I will like to know how I can access/View the security database?

Secondly, how do I link my custom made reservation database and the security database in order to achieve my second plan above.?

Someone help me.

Thank you.



hello i have the following problem

i have upload my content to hosting server but i get the following error

Security Exception

Description: The application attempted to perform an operation not allowed by the security policy.  To grant this application the required permission please contact your system administrator or change the application's trust level in the configuration file.

Exception Details: System.Security.SecurityException: Request for the permission of type 'System.Web.AspNetHostingPermission, System, Version=, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.

Source Error:

An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.

Stack Trace:

[SecurityException: Request for the permission of typ

Multiple membership providers



In my web.config I have:

        <add name="ADProvider1"
        <add name="ADProvider2"

If I just have ADProvider1 it works, when I add ADProvider2, even though for testing I only use ADProvider1 I get an error: "Unable to establish secure connection with the server"

Am I adding the second provider to the membership section incorrectly?



Replacement options for Membership


Hi everyone,
     I tried to use Microsoft's Membership option for signing up new users and authenticating them on subsequent pages, but it has not worked very well. The biggest issue has been with the REMEMBER ME function. With this checked, I am randomly logged out in the middle of some functions and some pages always show me as not authenticated, while others properly show me as authenticated. I built a site based on VB.
I was wondering what other people are using ro register users and monitor authentication and also if anyone has had better experiences with other solutions. 

Hi everyone,

     I tried to use Microsoft's Membership option for signing up new users and authenticating them on subsequent pages, but it has not worked very well. The biggest issue has been with the REMEMBER ME function. With this checked, I am randomly logged out in the middle of some functions and some pages always show me as not authenti

System.Security.SecurityException: Request for the permission of type 'System.Web.AspNetHostingPerm


Good Day all,

Having an issue with an outside user accessing my IIS7 box. I do not have this problem when running the website from my host machine. I found this post: Http://forums.asp.net/t/1371394.aspx. I assure you that this is not a solution because I am not storing any of my files on a network share. 

What do you think my approach should be. 

I already have read rights to IIS user to my BIN folder. 

Thanks for the help. 

XBAP Security


We have a small XBAP file upload app that we are having trouble deploying. We were getting security errors when we were pushing this application that we don't get when running in our development environments on our machines. We gave the XBAP app full permissions and still got errors. Then we created a personal certificate and were able to get this to work. But that means we have to load a client side certificate for each and every machine that wants to run this which is ridiculous. Does anyone have a solution for this?

Intranet Users Challenged When Using Windows Integrated Security


We've setup an intranet site using Windows Integrated Security. Its up and running and users can access it. However, they are being challenged with a login dialog for the server when they initially access the site.

Isn't is possible to configure the server so that the users aren't challenged AND are recognized as being already authenticated by Windows? We're trying to go with a seamless experience, whereby all they have to do is login to their machine like normal and then go from there.

Security Question Answer Retrieval


I know there is a method built in for retrieving the encrypted password, but how do I retrieve the encrypted security answer?

What I want to do is have a member profile update screen that the end user can update their password and security question and answer. However, when they get to this page, I want to already be showing the security question (the easy part) and its answer (the not so easy part).

I have updated web.config with passwordFormat=Encrypted and have added a machineKey with the generator (forgot the link, but located on eggheadcafe somewhere).

I haven't done ANYTHING yet, since I already have a user store with hashed information. I wanted to get some functionality done before publishing, wiping the store and recreating users (only a couple developers).


Pass ASP.NET membership identity object across domain?


I am trying to figure a way to SSO with ASP.NET membership and role model.

I can implement custom membership provider which consume web services hosting on a server.

With encryption of data. No problem.

But my question is, If I sign on a website with my provider, got my identity object on that application,

could I pass it to another website on another domain which use the same provider and by doing so, do not need to login again?

If this is possible, I am going to implement this solution. Please tell me what's your take on this.

Membership Search user


Is there a membership function to search a username Like this:   LIKE '%UserName%' ?

This is not working.

MembershipUser User = Membership.GetUser("%" + TextBox1.Text + "%");

Thank you.

Membership Provider Conn String


Hello. I've bee successfully using the Asp.Net Membership Provider in my VB.Net 3.5/SQL 2005 web app for a year now (Site A). However, I've added 2 new sites (B and C) (both with their own DB) and now I see a problem. It looks like users that get created for sites B and C also get created in site A. Roles that I create for B and C only get created in A. I think it is a conn string problem.

When I created A, I adde the conn string to my machine.config (not sure why I did this or if it is even needed)...


         <add name="LocalSqlServer" connectionString="Data Source=VS689\SQLEXPRESS;Initial Catalog=SiteA;USER ID=sa;PASSWORD=123456"/>


                <add name="AspNetSqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider, System.Web, Version=, Culture=neutral, PublicKeyToken=blahblah" connectionStringName="LocalSqlS

Use Membership but bypass / disable password usage for users


I have an application that does LDAP authentication. The authentication is done on the code behind page of my Login.aspx page. Once the user passes LDAP authentication, a cookie is set and I redirect:

FormsAuthentication.RedirectFromLoginPage(UserName.Text, False)

I would like to setup membership in my application and keep track of some user information. But due to company security requirements, I cannot store user passwords on my application. That must stay on the LDAP server only.

Is there a way to store users but disable password storage on the aspnet_membership table?

ASP.NetWindows Application  .NET Framework  C#  VB.Net  ADO.Net  
Sql Server  SharePoint  Silverlight  Others  All   

Hall of Fame    Twitter   Terms of Service    Privacy Policy    Contact Us    Archives   Tell A Friend