Showing posts with label asp.net. Show all posts
Showing posts with label asp.net. Show all posts

Sunday, April 14, 2013

Creating .Net Membership Services


I'm tired of looking up the specific directions for setting up Membership Services.  So, these are the quick steps for setting up the MSFT services that give you membership.

1. Setup the db with the Aspnet_regsql.exe tool.  Use the one that is in the correct .Net version.  For instance: C:\WINDOWS\Microsoft.NET\Framework\4.0\aspnet_regsql.exe

There is command line version with options here. An explanation of the Roles and Views that are setup is here.

2. Now for a website, add this to the web.config file within the system.web:

    <authentication mode="Forms" >
      <forms loginUrl="logincs.aspx"
      name=".ASPXFORMSAUTH" />
    </authentication>
    <authorization>
      <deny users="?" />
         <allow roles="Administrators" />
         <deny users="*" />
    </authorization>
    <membership defaultProvider="SqlProvider" userIsOnlineTimeWindow="15">
      <providers>
        <add 
          name="SqlProvider" 
          type="System.Web.Security.SqlMembershipProvider" 
          connectionStringName="SqlServices"
          enablePasswordRetrieval="false"
          enablePasswordReset="false"
          requiresQuestionAndAnswer="false" 
          passwordFormat="Hashed" 
          applicationName="SampleApplication" />
      </providers>
    </membership>
    <roleManager defaultProvider="SqlProvider" 
      enabled="true"
      cacheRolesInCookie="true"
      cookieName=".ASPROLES"
      cookieTimeout="30"
      cookiePath="/"
      cookieRequireSSL="true"
      cookieSlidingExpiration="true"
      cookieProtection="All" >
      <providers>
        <add
          name="SqlProvider"
          type="System.Web.Security.SqlRoleProvider"
          connectionStringName="SqlServices" 
          applicationName="SampleApplication" />
      </providers>
    </roleManager>

3. Finally, just configure the web.config items to fit your need. You can omit the <authorization> area if you don't want it to automatically go to the login page. That should be in a later directory.