0

I just started dabbling in to ASP.NET security. Have a few questions. 1) I used role management to restrict access to certain page. This was the section of my web.config

<profile>
    <providers>
        <clear />
        <add name="AspNetSqlProfileProvider" 
            type="System.Web.Profile.SqlProfileProvider, 
            System.Web, Version=2.0.0.0, Culture=neutral, 
            PublicKeyToken=b03f5f7f11d50a3a" 
            connectionStringName="LocalSqlServer" applicationName="/" />
    </providers>
</profile>
<roleManager enabled="true">
    <providers>
        <clear />
        <add connectionStringName="LocalSqlServer" 
            applicationName="/" name="AspNetSqlRoleProvider" 
            type="System.Web.Security.SqlRoleProvider, System.Web, 
            Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
        <add applicationName="/" name="AspNetWindowsTokenRoleProvider" 
            type="System.Web.Security.WindowsTokenRoleProvider, 
            System.Web, Version=2.0.0.0, 
            Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
    </providers>
</roleManager>

This works fine. But what happened was the connecitonStringName was set to "ApplicationServices" before. And it wouldn't work. I then changed it to "LocalSqlServer". It started working.

So I want to understand, why would that happen? Also, is LocalSqlServer just another arbitrary name for the connection string value? I checked the database, the roles aren't stored there. So where are the roles stored then?

These are newbie questions. I thank your patience in advance

Noctis
  • 11,507
  • 3
  • 43
  • 82
doglin
  • 1,651
  • 4
  • 28
  • 38
  • Further in your web.config, there should be a connection string named LocalSqlServer. That is where the Role data would be housed. – Garrison Neely Aug 13 '13 at 15:22

3 Answers3

0

Because when you declare the AspNetSqlProfileProvider, you specify connectionStringName="LocalSqlServer" to tell it which connection to use.

Fiona - myaccessible.website
  • 14,481
  • 16
  • 82
  • 117
0

Why would that happen?

Using the wrong connection string would mean the membership and role tables would not be found by your application.

Is LocalSqlServer just another arbitrary name for the connection string value?

In the web.config you'll see a connection string called LocalSqlServer

Where are the roles stored?

Have a look in the aspnet_Roles table if it's the old membership framework, or UserProfile if it's the newer SimpleMembershipProvider.

Joe Ratzer
  • 18,176
  • 3
  • 37
  • 51
  • I just checked my app. I saw this folder \Web\App_Data This folder has the ASPNETDB.MDF and aspnetdb_log.LDF. I think this would be it, correct? – doglin Aug 13 '13 at 15:56
  • That's the database yes. – Joe Ratzer Aug 13 '13 at 16:07
  • I am going to deploy them to our QA box. Right now, locally it works fine. I am going to deploy them to our QA box, hopefully that will work too. I shouldn't have to run aspnet_regsql.exe , correct? – doglin Aug 13 '13 at 17:39
  • You'll have to deploy the membership tables to your QA box yes. – Joe Ratzer Aug 14 '13 at 08:30
0

If you don't see Membership tables in your database, you should add them there. There is a special tool, which helps to do it:

Run the following command in VisualStudio command line: aspnet_regsql or find it here: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regsql.exe.

And just follow its instructions.

Andrey Gubal
  • 3,481
  • 2
  • 18
  • 21