locked
Custom Forms Authentication in Web Pages RRS feed

  • Question

  • User325035487 posted

    My application is currently running using Windows Authentication and I am using UserInRole extensively to control access to parts. But new business needs require me to give Individual employees access to the application and hence need to switch to Forms authentication as it is not practical to add around 4500 Employees into AD.

    I already have all the users in a table and hence want to go for custom authentication as mentioned here http://www.codeproject.com/Articles/578374/AplusBeginner-27splusTutorialplusonplusCustomplusF

    I set up a test server. And created custom login page with my custom Password hashing function.

    Getting this error when I try to set

    bool validpass = PasswordHash.ValidatePassword(currentpass, hash);
        if (validpass) //Set Session variables and Redirect
                {
                  FormsAuthentication.SetAuthCookie(Emp_ID, false); //Error when I add this line
                  //Set session variables
                  .......
                 }

    Stack trace shows its trying to create some local sqlexpress database. I cant find anywhere on the net examples for other than MVC

    I want to use existing employee table. Just want to set Encrypted cookee so that I can store user roles.

    A network-related or instance-specific error occurred while establishing a connection to SQL Server. The server was not found or was not accessible. Verify that the instance name is correct and that SQL Server is configured to allow remote connections. (provider: SQL Network Interfaces, error: 26 - Error Locating Server/Instance Specified) 
      Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code. 
    
     SQLExpress database file auto-creation error: 
    
    
    The connection string specifies a local Sql Server Express instance using a database location within the application's App_Data directory. The provider attempted to automatically create the application services database because the provider determined that the database does not exist. The following configuration requirements are necessary to successfully check for existence of the application services database and automatically create the application services database:
    
    1.If the application is running on either Windows 7 or Windows Server 2008R2, special configuration steps are necessary to enable automatic creation of the provider database. Additional information is available at: http://go.microsoft.com/fwlink/?LinkId=160102. If the application's App_Data directory does not already exist, the web server account must have read and write access to the application's directory. This is necessary because the web server account will automatically create the App_Data directory if it does not already exist.
    2.If the application's App_Data directory already exists, the web server account only requires read and write access to the application's App_Data directory. This is necessary because the web server account will attempt to verify that the Sql Server Express database already exists within the application's App_Data directory. Revoking read access on the App_Data directory from the web server account will prevent the provider from correctly determining if the Sql Server Express database already exists. This will cause an error when the provider attempts to create a duplicate of an already existing database. Write access is required because the web server account's credentials are used when creating the new database.
    3.Sql Server Express must be installed on the machine.
    4.The process identity for the web server account must have a local user profile. See the readme document for details on how to create a local user profile for both machine and domain accounts.
    

    Sunday, August 2, 2015 3:02 AM

Answers

  • User325035487 posted

    That was not what I was looking for. Finally put my head to work and solved like this. I cant believe it was so simple.

    I just went ahead and put in the AppStart File like this.

    WebSecurity.InitializeDatabaseConnection("data", "UserProfile", "UserId", "Emp_ID", autoCreateTables: true);
    

    That is I am creating empty tables there.. Then to connect my existing users to give them login using their Emp_ID I create a registerfrombackend.cshtml file in a restricted admin folder

        var db = Database.Open("data");
    
        var empsql = "SELECT Emp_ID FROM Employees WHERE Active=1";
        var employees = db.Query(empsql);
        string username = "";
        string password = "";
        foreach (var r in employees)
        {
            if (r.Emp_ID != null)
            {
                username = r.Emp_ID.ToLower();
                password = r.Emp_ID.ToLower();
                WebSecurity.CreateUserAndAccount(username, password, null, false);
            }
        }

    One click i registered all the employees from back end. Then i wrote extra code to ensure that employees are forced to change their password if their password is same as username in the login.cshtml page. Simple....

    Beware. The above code doesnt check if a username already exists before registering them. To check that

     if(WebSecurity.UserExists(username)){
            errorMessage = String.Format("User '{0}' already exists.", username); // Or do something else to log the error
          }
          else{
            WebSecurity.CreateUserAndAccount(username,password,null,false);
          }

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Sunday, August 16, 2015 1:50 AM

All replies

  • User325035487 posted

    Any ideas? I mean how I can switch to forms authentication without having to ask all the employees to register. I want to set the passwords from backend. Then force them to change password on first login

    Thursday, August 6, 2015 3:05 PM
  • User100579902 posted

    I mean how I can switch to forms authentication without having to ask all the employees to register

    As I know, this is feasible in MVC, set anonymous authentication for some pages, and set form/windows authentication for other pages.

    Friday, August 7, 2015 2:16 AM
  • User325035487 posted

    That was not what I was looking for. Finally put my head to work and solved like this. I cant believe it was so simple.

    I just went ahead and put in the AppStart File like this.

    WebSecurity.InitializeDatabaseConnection("data", "UserProfile", "UserId", "Emp_ID", autoCreateTables: true);
    

    That is I am creating empty tables there.. Then to connect my existing users to give them login using their Emp_ID I create a registerfrombackend.cshtml file in a restricted admin folder

        var db = Database.Open("data");
    
        var empsql = "SELECT Emp_ID FROM Employees WHERE Active=1";
        var employees = db.Query(empsql);
        string username = "";
        string password = "";
        foreach (var r in employees)
        {
            if (r.Emp_ID != null)
            {
                username = r.Emp_ID.ToLower();
                password = r.Emp_ID.ToLower();
                WebSecurity.CreateUserAndAccount(username, password, null, false);
            }
        }

    One click i registered all the employees from back end. Then i wrote extra code to ensure that employees are forced to change their password if their password is same as username in the login.cshtml page. Simple....

    Beware. The above code doesnt check if a username already exists before registering them. To check that

     if(WebSecurity.UserExists(username)){
            errorMessage = String.Format("User '{0}' already exists.", username); // Or do something else to log the error
          }
          else{
            WebSecurity.CreateUserAndAccount(username,password,null,false);
          }

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Sunday, August 16, 2015 1:50 AM