Labels

Mobile Apps (5)

Tuesday, February 3, 2009

Always set the "applicationName" property with Providers

Hi,

 

This blog post summarizes - Implement Role Based Security within an Intranet ASP.NET Web application.

 

Scenario:

 

You develop an ASP.NET 2.0 application locally using the new ASP.NET 2.0 Membership, Roles or Profile features.  You create several new users and everything works fine.

 

You then copy the application to a remote server (or even another directory on your local server) and run the application.  For some reason it appears that you are able to connect to your membership database just fine – but when you try to login it doesn’t let you.  It doesn’t throw a connection error, but rather when you attempt to login you get an error message that says something like: “Login attempt unsuccessful, please try again.”

 

Cause:

 

The reason this usually happens is because a membership (or roles or profile) provider has been added in the application’s web.config file – but without an applicationName attribute being specified.

Assume below that the applicationName in bold was missing:

 

      <membership>

            <providers>

                <clear/>

                <add name="AspNetSqlMembershipProvider"

                    type="System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"

                    connectionStringName="LocalSqlServer"

                    enablePasswordRetrieval="false"

                    enablePasswordReset="true"

                    requiresQuestionAndAnswer="true"

        requiresUniqueEmail="false"

                    passwordFormat="Hashed"

                    maxInvalidPasswordAttempts="5"

                    minRequiredPasswordLength="7"

                    minRequiredNonalphanumericCharacters="1"

                    passwordAttemptWindow="10"

                    passwordStrengthRegularExpression=""

                    applicationName="/"  <!-- Assume it to be missing -- >

                />

            </providers>

      </membership>

 

 

When no applicationName attribute is configured, ASP.NET uses the Application Vroot Path within the web-server to automatically calculate the applicationName to use when adding data to an ASP.NET Application Service database.

 

To see this in action, you can open up your ASPNETDB database, and look within the aspnet_Applications table: See the first & second row.

 

Because I didn’t specify an “applicationName” attribute when I registered users within my application, it calculated the application name as /Security Cafe Site – Which is the name of Application Virtual Path under root.

 

 

 

 

Even this Will do –

 

This works fine when the application continues to run in the “/Security Cafe Site” application virtual path.  But if it is copied to another location or server with a different virtual path -  That is why you’ll get a “Login attempt unsuccessful, please try again.” message when you try to login.

 

 

Resolution –

 

Set the application name to the name of your WebSite name.

 

           

Hope this helps.

 

Arun Manglick

 

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)