Got the following problem:
I've created simple mvc 5 project with individual user accounts authentication.
Everything works i can add users,roles,everything is stored in the database - all seems to be fine. Now i want to change authetication to organisational:
<system.webServer>
<modules>
<add name="WSFederationAuthenticationModule" type="System.IdentityModel.Services.WSFederationAuthenticationModule, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" preCondition="managedHandler" />
<add name="SessionAuthenticationModule" type="System.IdentityModel.Services.SessionAuthenticationModule, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" preCondition="managedHandler" />
</modules>
</system.webServer>
<system.identityModel>
<identityConfiguration>
<audienceUris>
<add value="myUrl" />
</audienceUris>
<securityTokenHandlers>
<remove type="System.IdentityModel.Tokens.SamlSecurityTokenHandler, System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
<add type="System.IdentityModel.Tokens.SamlSecurityTokenHandler, System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089">
<samlSecurityTokenRequirement>
<nameClaimType value="myClaim"/>
</samlSecurityTokenRequirement>
</add>
</securityTokenHandlers>
<certificateValidation certificateValidationMode="None" />
<issuerNameRegistry type="System.IdentityModel.Tokens.ValidatingIssuerNameRegistry, System.IdentityModel.Tokens.ValidatingIssuerNameRegistry">
<authority name="mySts">
<keys>
<add thumbprint="myThumb" />
</keys>
<validIssuers>
<add name="mySts" />
</validIssuers>
</authority>
</issuerNameRegistry>
</identityConfiguration>
</system.identityModel>
<system.identityModel.services>
<federationConfiguration>
<cookieHandler requireSsl="true" />
<wsFederation passiveRedirectEnabled="true" issuer="mySTs" realm="myUrl" requireHttps="true" />
</federationConfiguration>
</system.identityModel.services>
It works - i can authenticate,but when i want to add new user (based on User.Identity.Name to my existing database:
UserManager.CreateAsync(user);
I get weird error:
A network-related or instance-specific error occurred while establishing a connection to SQL Server. The server was not found or was not accessible. Verify that the instance name is correct and that SQL Server is configured to allow remote connections. (provider: SQL Network Interfaces, error: 50 - Local Database Runtime error occurred. Cannot create an automatic instance. See the Windows Application event log for error details.)
although i didn't change anything in connection,dbcontext and so on.
What could be a reason of such behavior?
Something seems to be missed in your web.config file. Try to add connectionStrings to your web.config by editing the code below according to your database and connection properties:
web.config:
<configuration>
<add name="DefaultConnection" providerName="System.Data.SqlClient" connectionString="Data Source=(localdb)\v11.0;
Initial Catalog=aspnet-YourDatabaseName; Integrated Security=SSPI; AttachDBFilename=|DataDirectory|\aspnet-YourDatabaseName.mdf" />
Related
I have an MVC application that I recently converted the authentication/authorization method from forms to federated. Everything works fine, but on the home page I have to create a cookie for the authorization of the rest of my site to work properly. When users navigate to the home page first it works great, if they navigate to a different page first where authorization is required they get a 401 unauthorized error page.
When I had the forms authentication implemented it would redirect users that were unauthorized to the login page, with federation I no longer have a login page so I would like to redirect to the home page. With forms authentication the redirection was automatic, how would I setup something similar for my federated application?
Here are the federated portions of my web.config that are relevant. Again, federated authentication/authorization works, just the unauthorized redirect that isn't.
<system.web>
<customErrors mode="Off"/>
<authentication mode="None"/>
<authorization>
<deny users="?"/>
</authorization>
<membership defaultProvider="ADMembershipProvider">
<providers>
<add name="ADMembershipProvider" type="System.Web.Security.ActiveDirectoryMembershipProvider" connectionProtection="Secure" attributeMapUsername="sAMAccountName" connectionStringName="ADConn" connectionUsername="UName" connectionPassword="Pass" />
</providers>
</membership>
<roleManager enabled="true" defaultProvider="ActiveDirectoryRoleProvider" cacheRolesInCookie="true" cookieName=".ADLibraryROLES" cookiePath="/" cookieTimeout="1440" cookieRequireSSL="false" cookieSlidingExpiration="true" createPersistentCookie="true" cookieProtection="All">
<providers>
<clear />
<add name="ActiveDirectoryRoleProvider" connectionStringName="ADConn" connectionUsername="UName" connectionPassword="Pass" attributeMapUsername="sAMAccountName" type="MyApp.ActiveDirectoryRoleProvider" />
</providers>
</roleManager>
</system.web>
<system.webServer>
<modules>
<add name="WSFederationAuthenticationModule" type="System.IdentityModel.Services.WSFederationAuthenticationModule, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" preCondition="managedHandler"/>
<add name="SessionAuthenticationModule" type="System.IdentityModel.Services.SessionAuthenticationModule, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" preCondition="managedHandler"/>
</modules>
</system.webServer>
<system.identityModel>
<identityConfiguration>
<audienceUris>
<add value="https://fed.example.com/"/>
</audienceUris>
<securityTokenHandlers>
<add type="System.IdentityModel.Services.Tokens.MachineKeySessionSecurityTokenHandler, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
<remove type="System.IdentityModel.Tokens.SessionSecurityTokenHandler, System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
</securityTokenHandlers>
<certificateValidation certificateValidationMode="None"/>
<issuerNameRegistry type="System.IdentityModel.Tokens.ValidatingIssuerNameRegistry, System.IdentityModel.Tokens.ValidatingIssuerNameRegistry">
<authority name="http://myfedservice.example.com/adfs/services/trust">
<keys>
<add thumbprint="mythumb"/>
</keys>
<validIssuers>
<add name="http://fed.example.com/adfs/services/trust"/>
</validIssuers>
</authority>
</issuerNameRegistry>
</identityConfiguration>
</system.identityModel>
<system.identityModel.services>
<federationConfiguration>
<cookieHandler requireSsl="true"/>
<wsFederation passiveRedirectEnabled="true" issuer="https://fed.example.com/adfs/ls/" realm="https://fed.example.com/" reply="https://fed.example.com/" requireHttps="true" persistentCookiesOnPassiveRedirects="true"/>
</federationConfiguration>
</system.identityModel.services>
You can configure this in the wsFederation section, see MSDN for further details. By setting the “passiveRedirectEnabled” to true, the WSFederationAuthenticationModule will look at all outgoing responses, trying to find HTTP 401s. If it finds a 401, it will modify the response and turn it into a redirect to the STS. Please note that in production you want to change requireHttps to true.
<system.identityModel.services>
<federationConfiguration>
<wsFederation passiveRedirectEnabled="true"
issuer="http://localhost:15839/wsFederationSTS/Issue"
realm="http://localhost:50969/" reply="http://localhost:50969/"
requireHttps="false"
signOutReply="http://localhost:50969/SignedOutPage.html"
signOutQueryString="Param1=value2&Param2=value2"
persistentCookiesOnPassiveRedirects="true" />
<cookieHandler requireSsl="false" />
</federationConfiguration>
Please note that you also need to add these modules:
<modules>
<add name="WSFederationAuthenticationModule" type="System.IdentityModel.Services.WSFederationAuthenticationModule, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" preCondition="managedHandler" />
<add name="SessionAuthenticationModule" type="System.IdentityModel.Services.SessionAuthenticationModule, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" preCondition="managedHandler" />
</modules>
and the following config sections:
<configSections>
<!-- For more information on Entity Framework configuration, visit http://go.microsoft.com/fwlink/?LinkID=237468 -->
<section name="system.identityModel" type="System.IdentityModel.Configuration.SystemIdentityModelSection, System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" />
<section name="system.identityModel.services" type="System.IdentityModel.Services.Configuration.SystemIdentityModelServicesSection, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" />
I have a .NET application which uses some images stored in a folder on a server. the folder does not belong to my application. The images in this folder are used as background images of some div within the application. I published the image folder to the web along with my application and so everything work fine. However, Is there a way to limit the access of the folder to my .net application or a setting that can be set so that the content of the folder is not browsable/searchable? Right now, my application uses a url like www.domain.com/iisfoldername/picture.png to set the background of divs. Similarly if you use such URL in a browser, an image will be served. Is it possible to prevent this URL from being served when it is not requested from my application? That is, if someone enters this url in the browser, the image is not displayed, but the image displays when my application requests it.
I know of setting a authentication for a folder. But How can I limit an http request to a user and then impersonate this user(if possible)?
'
EDIT
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<configSections>
<section name="entityFramework" type="System.Data.Entity.Internal.ConfigFile.EntityFrameworkSection, EntityFramework, Version=5.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" requirePermission="false" />
<section name="system.identityModel" type="System.IdentityModel.Configuration.SystemIdentityModelSection, System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" />
<section name="system.identityModel.services" type="System.IdentityModel.Services.Configuration.SystemIdentityModelServicesSection, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" />
</configSections>
<appSettings>
<add key="webpages:Version" value="1.0.0.0" />
<add key="ClientValidationEnabled" value="true" />
<add key="UnobtrusiveJavaScriptEnabled" value="true" />
<add key="ida:FederationMetadataLocation" value="https:ccc.com/Federation.xml" />
<add key="ida:Issuer" value="https://ccc.com" />
<add key="ida:ProviderSelection" value="productionSTS" />
</appSettings>
<location path="Federation">
<system.web>
<authorization>
<allow users="*" />
</authorization>
</system.web>
</location>
<system.web>
<authorization>
<deny users="?" />
</authorization>
<authentication mode="None" />
<compilation debug="true" targetFramework="4.5" />
<!--Commented by Identity and Access VS Package-->
<!--<authentication mode="Forms"><forms loginUrl="~/Account/LogOn" timeout="2880" /></authentication>-->
<pages>
<namespaces>
<add namespace="System.Web.Helpers" />
<add namespace="System.Web.Mvc" />
<add namespace="System.Web.Mvc.Ajax" />
<add namespace="System.Web.Mvc.Html" />
<add namespace="System.Web.Routing" />
<add namespace="System.Web.WebPages" />
</namespaces>
</pages>
<httpRuntime targetFramework="4.5" requestValidationMode="4.5" />
<profile defaultProvider="DefaultProfileProvider">
<providers>
<add name="DefaultProfileProvider" type="System.Web.Providers.DefaultProfileProvider, System.Web.Providers, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" connectionStringName="DefaultConnection" applicationName="/" />
</providers>
</profile>
<membership defaultProvider="DefaultMembershipProvider">
<providers>
<add name="DefaultMembershipProvider" type="System.Web.Providers.DefaultMembershipProvider, System.Web.Providers, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" applicationName="/" />
</providers>
</membership>
<roleManager defaultProvider="DefaultRoleProvider">
<providers>
<add name="DefaultRoleProvider" type="System.Web.Providers.DefaultRoleProvider, System.Web.Providers, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" connectionStringName="DefaultConnection" applicationName="/" />
</providers>
</roleManager>
<sessionState mode="InProc" customProvider="DefaultSessionProvider">
<providers>
<add name="DefaultSessionProvider" type="System.Web.Providers.DefaultSessionStateProvider, System.Web.Providers, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" connectionStringName="DefaultConnection" />
</providers>
</sessionState>
</system.web>
<runtime>
<assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">
<dependentAssembly>
<assemblyIdentity name="System.Web.Mvc" publicKeyToken="31bf3856ad364e35" />
<bindingRedirect oldVersion="1.0.0.0-2.0.0.0" newVersion="3.0.0.0" />
</dependentAssembly>
<dependentAssembly>
<assemblyIdentity name="itextsharp" publicKeyToken="8354ae6d2174ddca" culture="neutral" />
<bindingRedirect oldVersion="0.0.0.0-5.4.3.0" newVersion="5.4.3.0" />
</dependentAssembly>
</assemblyBinding>
</runtime>
<entityFramework>
<defaultConnectionFactory type="System.Data.Entity.Infrastructure.SqlConnectionFactory, EntityFramework" />
</entityFramework>
<connectionStrings>
</connectionStrings>
<system.webServer>
<modules>
<remove name="FormsAuthentication" />
<add name="WSFederationAuthenticationModule" type="System.IdentityModel.Services.WSFederationAuthenticationModule, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" preCondition="managedHandler" />
<add name="SessionAuthenticationModule" type="System.IdentityModel.Services.SessionAuthenticationModule, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" preCondition="managedHandler" />
</modules>
</system.webServer>
<system.identityModel>
<identityConfiguration>
<audienceUris>
<add value="https://localhost/App/" />
</audienceUris>
<!--Commented by Identity and Access VS Package-->
<!--<issuerNameRegistry type="System.IdentityModel.Tokens.ValidatingIssuerNameRegistry, System.IdentityModel.Tokens.ValidatingIssuerNameRegistry"><authority name="LocalSTS"><keys><add thumbprint="9B74CB2F320F7AAFC156E1252270B1DC01EF40D0" /></keys><validIssuers><add name="LocalSTS" /></validIssuers></authority></issuerNameRegistry>-->
<!--certificationValidationMode set to "None" by the the Identity and Access Tool for Visual Studio. For development purposes.-->
<certificateValidation certificateValidationMode="None" />
<issuerNameRegistry type="System.IdentityModel.Tokens.ValidatingIssuerNameRegistry, System.IdentityModel.Tokens.ValidatingIssuerNameRegistry">
<authority name="http://ccc.com">
<keys>
<add thumbprint="BA86062DD810B95F49FBF85F448507D63D15FB92" />
</keys>
<validIssuers>
<add name="http://ccc.com" />
</validIssuers>
</authority>
</issuerNameRegistry>
</identityConfiguration>
</system.identityModel>
<system.identityModel.services>
<federationConfiguration>
<cookieHandler requireSsl="true" />
<wsFederation passiveRedirectEnabled="true" issuer="https://ccc.com/" realm="https://localhost/App/" requireHttps="true" />
</federationConfiguration>
</system.identityModel.services>
</configuration>
Given your configuration, I believe your best option is to use URL rewriting. In this case, redirect users to a "fake" image if they are requesting images directly or as referred from some other website (but allowing access to them if referred from a page in your application).
To accomplish this, use Microsoft's IIS URL Rewrite extension, which you can download here:
http://www.iis.net/downloads/microsoft/url-rewrite
Once it is installed on your server, configure it by adding the following to your web.config (since you already have a system.webServer section in your web.config, just add the "rewrite" node into it). Note the inline comments and replacements required.
<system.webServer>
<rewrite>
<rules>
<rule name="Whitelist Image Access" stopProcessing="true">
<!-- Evaluated for all image file requests -->
<match url="(?:jpg|jpeg|png|gif|bmp)$" />
<conditions>
<!--
Rule applies when user tries to access URL directly (no referrer)
-->
<add input="{HTTP_REFERER}" matchType="Pattern" pattern="^$" ignoreCase="true" />
<!--
Rule does NOT apply when pages on our site are the referrer
*** NOTE: Replace "ccc" and "com" with appropriate parts form your domain ***
-->
<add input="{HTTP_REFERER}" matchType="Pattern" pattern="^https?://(.*\.)?ccc\.com/.*$" ignoreCase="true" negate="true" />
<!--
Rule does NOT apply when accessing the replacement image when real ones are refused
*** NOTE: replace "no_access.png" with the name of the "fake" image you want to use ***
-->
<add input="{REQUEST_FILENAME}" matchType="Pattern" pattern="no_access.png" ignoreCase="true" negate="true" />
</conditions>
<!--
Temporary redirect (status code 307) to "fake" image
*** NOTE: Replace the URL below with the "fake" image URL ***
-->
<action type="Redirect" url="http://ccc.com/images/no_access.png" appendQueryString="false" redirectType="Temporary" />
</rule>
</rules>
</rewrite>
</system.webServer>
I have implemented a custom STS and it works good with Saml token.
Now I need to obtain the token in JWT format, because I need to pass it later to WCF Rest based service.
I've installed the Jwt Token Handler from:
https://nuget.org/packages/System.IdentityModel.Tokens.Jwt/
This is a part of the Web.config in the Sts project:
<securityTokenHandlers name="ActAs">
<clear/>
<add type="System.IdentityModel.Tokens.JwtSecurityTokenHandler, System.IdentityModel.Tokens.Jwt"/>
<!--<add type="System.IdentityModel.Tokens.SamlSecurityTokenHandler, System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" />
<add type="System.IdentityModel.Tokens.Saml2SecurityTokenHandler, System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" />-->
<securityTokenHandlerConfiguration>
<audienceUris>
<add value="URL_RP_STS"/>
<add value="URL_CLIENT"/>
</audienceUris>
<issuerNameRegistry type="System.IdentityModel.Tokens.ConfigurationBasedIssuerNameRegistry, System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089">
<trustedIssuers>
<add thumbprint="..." name="StsCustom" />
</trustedIssuers>
</issuerNameRegistry>
</securityTokenHandlerConfiguration>
</securityTokenHandlers>
<audienceUris>
<add value="URL_RP_STS" />
</audienceUris>
<!--certificationValidationMode set to "None" by the the Identity and Access Tool for Visual Studio. For development purposes.-->
<certificateValidation certificateValidationMode="None" />
<issuerNameRegistry type="System.IdentityModel.Tokens.ValidatingIssuerNameRegistry, System.IdentityModel.Tokens.ValidatingIssuerNameRegistry">
<authority name="StsCustom">
<keys>
<add thumbprint="..." />
</keys>
<validIssuers>
<add name="StsCustom" />
</validIssuers>
</authority>
</issuerNameRegistry>
</identityConfiguration>
But the Sts continue to generate a SamlSecurityToken.
Is necessary some other configuration to set a specific token type? Is not suffice adding the Jwt token handler in the securityTokenHandlers section?
Thanks
How do you request the token? In WS-Trust you can pass in the token type in the RST. For WS-Federation you need to write code in the STS for that.
After hosting when i run the application am getting error like above. but that application worked on local machine with out any error.
web config file
<?xml version="1.0"?>
<!--
For more information on how to configure your ASP.NET application, please visit
http://go.microsoft.com/fwlink/?LinkId=169433
-->
<configuration>
<connectionStrings>
<add name="testConnectionString" connectionString="server=10.103.1.166;User Id=root;database=test;password=test123" providerName="MySql.Data.MySqlClient"/>
<!--<add name="testConnectionString" connectionString="server=10.103.200.138;User Id=root;database=test;password=test123" providerName="MySql.Data.MySqlClient"/>-->
<!--'LDAP://servername/ou=ouname,dc=domain,dc=com-->
<add name="ADConnection" connectionString="LDAP://sunbs.in:389/ou=sunbs,DC=sunbs,DC=in"/>
<!--<add name="TestDomain1ConnectionString" connectionString="LDAP://testdomain1.test.com/CN=Users,DC=testdomain1,DC=test,DC=com" />-->
</connectionStrings>
<system.web>
<compilation debug="true" strict="false" explicit="true" targetFramework="4.0">
<assemblies>
<add assembly="MySql.Data, Version=6.5.4.0, Culture=neutral, PublicKeyToken=C5687FC88969C44D"/>
<add assembly="System.Design, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"/>
<add assembly="System.Web.Extensions.Design, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
<add assembly="System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/>
<add assembly="System.DirectoryServices, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"/>
<add assembly="System.DirectoryServices.AccountManagement, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/></assemblies></compilation>
<!--<membership >
<providers >
<add name="NetForgeMembershipProvider" type="System.Web.Security.ActiveDirectoryMembershipProvider" connectionStringName="ADConnection" connectionUsername="sbsldap" connectionPassword="sbs#123" />
</providers>
</membership>-->
<membership defaultProvider="MyADMembershipProvider">
<providers>
<add name="MyADMembershipProvider" type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" connectionStringName="ADConnection" attributeMapUsername="sAMAccountName"/>
</providers>
</membership>
<customErrors mode="Off "></customErrors>
<!--<customErrors mode="RemoteOnly" defaultRedirect="mycustompage.htm"/>-->
</system.web>
</configuration>
How can I correct the error?
error description
Description: An application error occurred on the server. The current custom error settings for this application prevent the details of the application error from being viewed remotely (for security reasons). It could, however, be viewed by browsers running on the local server machine.
I'm integration testing an MVC controller that uses the membership API. I've added my app.config below. The tests attempt to run, but when they make a call to the api, they return null. I inspect the Membership object, and it doesn't contain my connection string, it contains the default one that comes from the machine.config. It also does not pick up my configured application name. It seems to me that I have an issue with my app.config to the point where the membership api is not picking up its settings.
Can anyone spot the error?
var usr = Membership.GetUser(AValidGuid); This is always null!!!!
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<configSections>
<section name="membership" type="System.Web.Configuration.MembershipSection, System.Web" />
<section name="roleManager" type="System.Web.Configuration.RoleManagerSection, System.Web" />
</configSections>
<connectionStrings>
<add connectionString="server=;user id=;password=;database=" name="SqlProvider" />
</connectionStrings>
<membership defaultProvider="AspNetSqlMembershipProvider">
<providers>
<remove name="AspNetSqlMembershipProvider"></remove>
<add name="AspNetSqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" connectionStringName="SqlProvider" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" requiresUniqueEmail="false" passwordFormat="Hashed" maxInvalidPasswordAttempts="5" minRequiredPasswordLength="6" minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10" passwordStrengthRegularExpression="" applicationName="/test" />
</providers>
</membership>
<roleManager enabled="true" defaultProvider="AspNetSqlProvider">
<providers>
<remove name="AspNetSqlRoleProvider"></remove>
<add connectionStringName="SqlProvider" applicationName="/test" name="AspNetSqlRoleProvider" type="System.Web.Security.SqlRoleProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
</providers>
</roleManager>
</configuration>
Your app.config will need to be updated for the application executing the test. Is that what the posted app.config applies to? I know that's a basic thing but a lot of people get hung up on which config is being utilized by the test runner.