locked
Bypass Forms authentication in LightSwitch beta 2 RRS feed

  • Question

  • Hi,

    I am making an application in LightSwitch (beta 2) and there is an login page (my own page which checks the credentials from the database) and then redirects to the appropriate page (depending upon the user is admin or not).

    I am using Forms Authentication, The problem is when I publish the application, it does come up with its own login page (it asks for the credentials you enter in the publishing wizard) and after a successful login, my application starts up and as I mentioned above, it also checks the credentials in the database.

    This is my web.config file...

    <membership defaultProvider="AspNetMembershipProvider">
          <providers>
            <clear />
            <add name="AspNetMembershipProvider" type="System.Web.Security.SqlMembershipProvider" connectionStringName="_IntrinsicData" applicationName="OLGA" requiresUniqueEmail="false" requiresQuestionAndAnswer="false" />
          </providers>
        </membership>
        <roleManager enabled="True" defaultProvider="AspNetRoleProvider">
          <providers>
            <clear />
            

    These are two connection strings...

    connectionStrings>
        <add name="_IntrinsicData" connectionString="Data Source=|SqlExpressInstanceName|;AttachDbFilename=|ApplicationDatabasePath|;Integrated Security=True;Connect Timeout=30;MultipleActiveResultSets=True" />
    
        <add name="d6de0402-26e6-44e4-9fd5-d3d0911c894c" connectionString="Data Source=esql2k1201.*******;Initial Catalog=*****;Persist Security Info=True;User ID=*****;Password=***" />
      </connectionStrings>

    I thought to change the connection string name from "_Intrinsic data" to "d6de0402-26e6-44e4-9fd5-d3d0911c894c" in the web.config file; but it does not seem to be working. Am I missing something here ?

    Can somebody please tell me whether is there any way where in I can skip or bypass the by default Forms Authenitication LogOn page and use my own login page; as its not good to ask for credentials twice (from end users point of view) ?

    Thanks,

    Gautam

    Tuesday, May 14, 2013 10:05 AM

Answers

All replies

  • The connection string "_IntrinsicData" is for the intrinsic database that LightSwitch creates for security information (& also for any tables that you add using the table designer). The name must not be changed, as that's what LightSwitch looks for.

    Where did the other connection string come from?

    Usually there's only connection strings with GUIDs as the name when you add an external data source.


    Yann Duran
         - Co-Author of Pro Visual Studio LightSwitch 2011
         - Author of the  LightSwitch Central Blog

    FREE Download: Luminous Tools for LightSwitch
    (a Visual Studio productivity extension for LightSwitch)
     
    Click Mark as Answer, if someone's reply answers your question
    Click  Vote as Helpful, if someone's reply is helpful
     
    By doing this you'll help everyone find answers faster.

    Tuesday, May 14, 2013 2:06 PM
    Moderator
  • Thanks for your reply Yann :)

    Actually I am using a web hosting company for my application and the second connection represents the credentials required to connect to their 'database'. Thus, in my login page I am checking the credentials of the users against that 'database'

    The connection string for "_IntrinsicData" was already in the web.config file and then I added the second connection string. 

    Tuesday, May 14, 2013 2:16 PM
  • OK, thanks for the explanation. That all sounds fine.

    In basic terms, if you use a different mechanism to authenticate your user, you need to inform the ASP.NET membership provider that the user has been authenticated. If the user has been authenticated this way, LightSwitch will not ask for credentials.


    Yann Duran
         - Co-Author of Pro Visual Studio LightSwitch 2011
         - Author of the  LightSwitch Central Blog

    FREE Download: Luminous Tools for LightSwitch
    (a Visual Studio productivity extension for LightSwitch)
     
    Click Mark as Answer, if someone's reply answers your question
    Click  Vote as Helpful, if someone's reply is helpful
     
    By doing this you'll help everyone find answers faster.

    Tuesday, May 14, 2013 2:31 PM
    Moderator
  • Hi Yann,

    I just came across a topic in your book "Sharing Forms Authentication data with ASP.NET" under "Authentication your Users" chapter. If I am getting your point right, I feel that it could help in achieving what I am trying to do. 

    "In basic terms, if you use a different mechanism to authenticate your user, you need to inform the ASP.NET membership provider that the user has been authenticated. If the user has been authenticated this way, LightSwitch will not ask for credentials."

    Lightswitch asks for the credentials which we give in the publishing wizard for authentication. So any ideas or suggestions by which it will read from the external database? 

    One more thing, in the data base connection string (in publishing wizard), I am using my "second" connection string and NOT the "_IntrinsicData" one. Am I missing something?

    Thanks



    Tuesday, May 14, 2013 3:07 PM
  • Wednesday, May 15, 2013 1:31 AM
  • I didn't write that chapter, my co-author wrote it, which is why my reply was so vague.

    Michael's examples should show you how to do what you want.


    Yann Duran
         - Co-Author of Pro Visual Studio LightSwitch 2011
         - Author of the  LightSwitch Central Blog

    FREE Download: Luminous Tools for LightSwitch
    (a Visual Studio productivity extension for LightSwitch)
     
    Click Mark as Answer, if someone's reply answers your question
    Click  Vote as Helpful, if someone's reply is helpful
     
    By doing this you'll help everyone find answers faster.

    Wednesday, May 15, 2013 5:53 AM
    Moderator