locked
Membership configuration in Web.config RRS feed

  • Question

  • User-1793215261 posted

    Hello

    I have two Web.config files. The 'normal' one and one in my Account folder (they are part of Microsoft's WebFormsIdentity template):

    <?xml version="1.0"?>
    <configuration>
    
      <location path="Manage.aspx">
        <system.web>
          <authorization>
            <deny users="?"/>
          </authorization>
        </system.web>
      </location>
    
    </configuration>

    Do I need that file, please?

    Basically, I am trying to configure my 'normal' Web.config in order to cater for Identity Membership. In the WebFormsIdentity template, Microsoft have omitted the configuration, but I am working towards something like this:

    'ASP.NET Membership
    
      <membership>
          <providers>
            <clear />
             <add 
              name="System.Data.SqlClient"
              type="System.Web.Security.SqlMembershipProvider"
              connectionStringName="MySqlConnection"
              applicationName="WebFormsIdentity"
              enablePasswordRetrieval="false"
              enablePasswordReset="true"
              requiresQuestionAndAnswer="false"
              requiresUniqueEmail="true"
              passwordFormat="Hashed" />
          </providers>
        </membership>
    

    In my connectionStrings in Web.config, I have:

    <add name="DefaultConnection" connectionString="Data Source=(LocalDb)\MSSQLLocalDB;AttachDbFilename=|DataDirectory|\aspnet-WebFormsIdentity-20190319020136.mdf;Initial Catalog=aspnet-WebFormsIdentity-20190319020136;Integrated Security=True"
          providerName="System.Data.SqlClient" />
      </connectionStrings>
    

    and the target framework is 4.6.1

    Basically, what I am trying to do is allow the user to reset his lost password by clicking a link in an email he receives from the 'password reset' form and, possibly in the future, allow users to log-in via Google, etc.

    Thanks.

    Thursday, April 11, 2019 10:22 AM

All replies

  • User475983607 posted

    Is there a question somewhere? 

    Basically, what I am trying to do is allow the user to reset his lost password by clicking a link in an email he receives from the 'password reset' form

    Are you having a problem crafting a password set using the ancient Membership Provider?

    possibly in the future, allow users to log-in via Google, etc.

    I recommend moving to ASP.NET Identity.

    https://docs.microsoft.com/en-us/aspnet/identity/overview/getting-started/introduction-to-aspnet-identity

    Thursday, April 11, 2019 10:31 AM
  • User-1793215261 posted

    Thanks for your reply.

    I was asking if I need that Web.config file in my Account folder in Solution Explorer and how I may configure Membership in my usual Web.config file. So far, as I say, I have this:

    'ASP.NET Membership
    
      <membership>
          <providers>
            <clear />
             <add 
              name="System.Data.SqlClient"
              type="System.Web.Security.SqlMembershipProvider"
              connectionStringName="MySqlConnection"
              applicationName="WebFormsIdentity"
              enablePasswordRetrieval="false"
              enablePasswordReset="true"
              requiresQuestionAndAnswer="false"
              requiresUniqueEmail="true"
              passwordFormat="Hashed" />
          </providers>
        </membership>

    but I am not sure if all the values, for example, MySqlConnection, are correct.

    No, I am working off the WebFormsIdentity template on these lines: Identity

    Thanks

    Thursday, April 11, 2019 3:25 PM
  • User-893317190 posted

    Hi Bluenose ,

    Whether you need that web.config file in account folder depends on the logic of your webappliction.

    If you don't want users to access your Manage.aspx  anonymously , you could  use this web.config.

    You could also configure access to Manage.aspx in your normal web.config through  location node.

    Please refer to https://weblogs.asp.net/gurusarkar/setting-authorization-rules-for-a-particular-page-or-folder-in-web-config

    About your connectionStrinName , you should ensure that you have a connection string in your web.config named MySqlConnection.

    Please refer to the link below to learn how to configure membership in web.config.

    http://mahedee.net/asp-net-membership-step-by-step/

    Best regards,

    Ackerly Xu

    Friday, April 12, 2019 3:17 AM
  • User-1793215261 posted

    Thanks again, Ackerly

    In the mahedee link you refer to, the author speaks of 'Add the following code snippet in MasterPage.master'.

    Does this mean I have to create a file called MasterPage.master - what type of file?

    Regards

    Friday, April 12, 2019 3:22 PM
  • User-893317190 posted

    Hi Bluenose,

    This is not necessary.

    If you must use masterpage. You could refer to https://docs.microsoft.com/en-us/aspnet/web-forms/overview/older-versions-getting-started/master-pages/creating-a-site-wide-layout-using-master-pages-cs to learn about master page.

    Best regards,

    Ackerly Xu

    Monday, April 15, 2019 1:15 AM