.NET Tutorials, Forums, Interview Questions And Answers
Welcome :Guest
Sign In
Register
 
Win Surprise Gifts!!!
Congratulations!!!


Top 5 Contributors of the Month
Sharon Maxwell
Post New Web Links

security for membership database

Posted By:      Posted Date: October 02, 2010    Points: 0   Category :ASP.Net
 

Hi folks,

I am working on an asp.net application with membership controls and the SQL Server database.  I have this put together, however it appears that adjustments need to be made to enhance security.  Many websites have membership features, so I was wondering if there are some blog posts that describe the steps that need to be made to enhance security.  Can someone make a few recommendations?

thanks 




View Complete Post


More Related Resource Links

Asp.net web site security database

  

Hello all, I'm new to asp.net and I'm currently practising some few stuffs. I'm creating a hotel reservation system using ASP.net Web site in visual studio 2008 and I currently don't have an App_Data in my solution explorer unlike visual web developer.

1. I have planned to make users of the website login before making their reservations.

2. I have also planned to develop the website such that I will be able to know all reservations made by each user.

First and formost, I will like to know how I can access/View the security database?

Secondly, how do I link my custom made reservation database and the security database in order to achieve my second plan above.?


Someone help me.


Thank you.


unable to attach database, security setting?

  

Hi folks,

I am using VS 2010 Professional with SQL Server 2008 Developer.  I right click on the App_Data folder in solution explorer and add an existing item, then navigate to the correct database.  However, I receive a pop up that Access is Denied.  How do I fix this? 


connect client certificate to an account in a membership database

  
Hello I have created a web service that authenticates with username and password, works fine.Basically this one, http://msdn.microsoft.com/en-us/library/ff649647.aspxNow I also want to connect to this web service using client certificates, works finehttp://msdn.microsoft.com/en-us/library/cc948997.aspx But I would like to when authenticated via client certificates, connect that certificate to a user in the membership database.So that I can use Roles.IsUserInRole(...) and such.I thought that, well if I implement a Custom certificate Validatorhttp://msdn.microsoft.com/en-us/library/ms733806.aspxthen I could check for example subject and map that against a created username in the membership database.But in the class X509CertificateValidatorpublic override void Validate(X509Certificate2 certificate)I don't have the same ability as when the user is authenticatedlike  void OnAuthenticateRequest(object source, EventArgs eventArgs)HttpApplication app = (HttpApplication)source;Basically how can I do this app.Context.User = new GenericPrincipal(new GenericIdentity(username, "Membership Provider"),roles);withinpublic override void Validate(X509Certificate2 certificate)and if that is not possible, can this be solved differently?Bottom line, how do I connect a client certificate to a user account in the membership database. Is there a MSDN article

Webshop Security - Membership provider useful?

  
Hello,I have to implement a small webshop. Basically it's just a website with a huge backend ERP System and with the possibility to sell one (yap, really only one!) product on the website. The only requirement is a MySQL Server. The backend is almost finished (about 95%) and is secured with the .net MemberShip Provider for MySQL (the one in MySql.Web from the MySql Connector .NET).Now to my question: I can set up the membership system easily but I do not need such things like username or password-question but I would need a reference to an address table to store the users home address. So, it is possible to change or customize the membership system to for eg. a unique customer id instead of the username column and set this in codebehind when the user is creating a new account? And is it possible to insert new users/customers from codebehind in an easy way? (I mean without checking each foreign key and inserting the customer reference to the userinrole table and so on...)Some tips appreciated.. :-)Thanks and regardsChris 

Security problem with cross database chaining and stored procedures

  
I have a situation whereby ProcA exists on database A, but ProcA executes about 20 stored procedures scattered across different databases. To further complicate matters some procs that ProcA calls also call other procs in other databases, this then presents the problem of cross database chaining where you can’t really write to a database from a proc that resides in another database. I am wondering how I can get around this problem, I know I can simply let open cross database chaining and the problem will go away, the other option is to create a proxy which is very complicated and wouldn’t work in my environment. Is there any way around the problem.

user mapping to a database and role membership to that database

  
When assigning a 'user mapped Login' to a database and role membership to that database, is it redundent to check/enable db_datareader, db_datawriter as well as db_owner or will check/enable db_owner become all that is necessary to provide role membership to the database?

Membership as a security/administration model for upload/download of documents

  
Hi community, I'm working on a website where it should be possible for registered users to upload word documents. The administration of users is done through Membership and Profiles. When the documents have been uploaded, the following needs to be achieved: Non-registered users should not be allowed to download documents I should be able to control which users that has access to which documents I should be able to register which user downloads which documents I should be able to track how many times a document has been downloaded Can this be achieved be using Membership and Profiles? Thanks in advance Best regards Phecdaret

Repairing .NET Membership database

  
Hi! I have a problem with my Membership provider database. For example, when I try to delete a user in the Web Site Admin Tool, I get this message: The DELETE statement conflicted with the REFERENCE constraint "FK__aspnet_Me__UserI__40257DE4". The conflict occurred in database "intra", table "dbo.aspnet_Membership", column 'UserId'. The statement has been terminated. at System.Web.Administration.WebAdminPage.CallWebAdminHelperMethod(Boolean isMembership, String methodName, Object[] parameters, Type[] paramTypes) at ASP.security_users_manageusers_aspx.Yes_Click(Object sender, EventArgs e) at System.Web.UI.WebControls.Button.OnClick(EventArgs e) at System.Web.UI.WebControls.Button.RaisePostBackEvent(String eventArgument) at System.Web.UI.WebControls.Button.System.Web.UI.IPostBackEventHandler.RaisePostBackEvent(String eventArgument) at System.Web.UI.Page.RaisePostBackEvent(IPostBackEventHandler sourceControl, String eventArgument) at System.Web.UI.Page.RaisePostBackEvent(NameValueCollection postData) at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) I think it's because I copied the database from SQL Server 2000 to our new SQL Server 2007 and that they aren't fully compatible. I know about the aspnet_reqsql.exe tool, and I could probably delete the tables and

problem in setup database membership

  
 Hello everyoneThe teeming seen on this video http://www.asp.net/general/videos/how-do-i-set-up-the-sql-membership-provider Which explains the addition of a database to the project AlympirchibBut as they applied to explain and I had a problem, he says, Stop the server failed to note that I have is the name of the device and the database and set the defaultNo one can tell me what is the solution or the requirements for the work thanks

ASP.NET 2.0 Membership Security

  
I have a website running on iis 5.1 with asp.net 2.0.  Where in the windows registry can I change the requirtements for some the security features?  For example,  I do not want to enforce strong passwords and I do not want to use the secret question and answer features. Thanks

Migrating ASPNET Role/Membership Database to New Server

  

Hello,

I have an existing ASPNET role/membership database created on SQLExpress 2005 (WIndows 2003 Server). I created it under the .NET 3 framework many years ago using the aspnet_regsql.exe application in full GUI mode. 

I am setting up a new Windows 2008R2 server with .Net Framework 4 and SQL Server 2008R2. I don't want users to have to recreate accounts or create roles, etc.

So...

1. Should I backup the current database and import it into the new system, and if so do I even need to use the aspnet_regsql.exe application. (If so which version do I use, different aspnet_regsql.exe files exist in different directories (i.e., FrameWork, FrameWork64)


2. Should I just run aspnet_regsql.exe on its own and then somehow try to import the current data into those tables.


I am concerned that if I just import somehow the roles within SQL server will not be created properly. 

thanks in advance,

mitch


Website without any default membership Database. Is it possible?

  

I am in the initial stage of implementing a new webstie, which will use only twitter and facebook to login and use. So my approach is not use any Default memberhip database, just simple store the user data in my created "membership" database. I will set cookies and use sessions to restrict and grant access to various parts of the sites. So for example, the user creates an account and I set a cookie allowing him or her to traverse the site. And on each page request from the client browser check to see if my website cookie is there in the browser and if it has expired or not. Is this approach veasible? Thanks


database level security

  

Hi Team

 

How can we give a security on  a  database 

using DMV and login,user other secuirty options please guide me.

 

Tx

 


subu

Need Clarifications on SharePoint 2010 User Profile properties and Sync database security

  

Need few clarifications on SharePoint 2010 user profile sync. I’ve answered some of them but need confirmation/clarity on this front.

  1. Is there option to disable ‘email address’ import from AD?
    Yes. Can disable that property mapping.
  2. Possible to send mails (user alerts) from SharePoint without the user profile property ‘email address’ mapped?
    Yes. User alert mails from SharePoint will work without ‘email address’ mapped in user profile DB.
  3. In case email address too is imported into SharePoint, can we bulk export them from SharePoint? If Yes, how to security harden that database?
    Not Sure. I believe Farm admin account/sync account has access to do this profile DB.

 Thanks in advance for your advice.<

Could not establish connection database. ASP.NET Membership and Entity Framework

  

Ok, so this is my first Solution using the Entity Framework (EF). Here are my steps so far:

1) Created Database named: BSA with an owner of username/password (AspNetServicesUser/password)
2) Created Entity Data Model (EDM) in a separate project (contained within the same solution)
3) Created an ASP.NET Web Application with basic functionality (new project within the same solution)
4) Added Reference to the EDM in Web App and added Connection String to the EF
5) Decided I wanted ASP.NET Membership added to the Web App
6) Configured SQL Server for Application Services using aspnet_regsql.exe on BSA database

Now, I need to know:
a) Should I keep the ASP.NET Membership Tables in a Separate DB altogether?
b) Should I update the EDM to include the ASP.NET Membership Tables?
c) Then, how do I create the connectionString for the Web.config file in the WebApp?


FYI: I get this error using the ASP.NET Configuration Tool under the "Security" Tab:
Login failed for user 'AspNetServicesUser'.

FYI: I get this error using the ASP.NET Configuration Tool under the "Provider" Tab --> Select a single provider for all site management data --> Test
Could not establish a connection to the database. 
If you have not yet created the SQL Server database, exit the

ASP Membership database

  

I am working on a conversion of a website with user authentication. The new version now uses the ASP Membership login control and database. I want to transfer the users of the old site into the ASPMembership database. The password field of the current user table is not encrypted, so I cannot insert the usernames and passwords through a query into the table asp_membership the login, I would need the encryption algorythm that Microsoft put behind the login control. How can I de- and encrypt passwords before passing them into the table?


Unable to connect to Database | ASP.NET Membership and Entity Framework

  



Ok, so this is my first Solution using the Entity Framework (EF). Here are my steps so far:

1) Created Database named: BSA with an owner of username/password (AspNetServicesUser/password)
2) Created Entity Data Model (EDM) in a separate project (contained within the same solution)
3) Created an ASP.NET Web Application with basic functionality (new project within the same solution)
4) Added Reference to the EDM in Web App and added Connection String to the EF
5) Decided I wanted ASP.NET Membership added to the Web App
6) Configured SQL Server for Application Services using aspnet_regsql.exe on BSA database


Now, I need to know: 
a) How do I create the connectionString for the Web.config file in the WebApp?


Errors I receive:

I get this error using the ASP.NET Configuration Tool under the "Security" Tab:

Login failed for user 'AspNetServicesUser'.


I get this error using the ASP.NET Configuration Tool under the "Provider" Tab --> Select a single provider for all site management data --> Test

Could not establish a connection to the database. 

If you have not yet created the SQL Server database, exit the Web Site Administration tool, use the aspnet_regsql command-line utility to create and configure the database

Categories: 
ASP.NetWindows Application  .NET Framework  C#  VB.Net  ADO.Net  
Sql Server  SharePoint  Silverlight  Others  All   

Hall of Fame    Twitter   Terms of Service    Privacy Policy    Contact Us    Archives   Tell A Friend