Setting up SimpleMembership in MVC4 - asp.net-mvc

I am reading that in MVC4 to set up simple membership I should do this step:
In the AppSettings include a line:
<add key="enableSimpleMembership" value="true" />
However when I look at the samples generated from the templates they only have:
<appSettings>
<add key="webpages:Version" value="2.0.0.0" />
<add key="webpages:Enabled" value="false" />
<add key="PreserveLoginUrl" value="true" />
<add key="ClientValidationEnabled" value="true" />
<add key="UnobtrusiveJavaScriptEnabled" value="true" />
</appSettings>
So why do I keep reading it's necessary to set the enableSimpleMembership key?

By default the SimpleMembershipProvider is enabled when you create a new ASP.NET MVC 4 application. But some hosting providers might disable it by overriding this setting in a higher level web.config.
Quote from an article about SimpleMembership:
If you see an error that tells you that a property must be an
instance of ExtendedMembershipProvider, the site might not be
configured to use the ASP.NET Web Pages membership system
(SimpleMembership). This can sometimes occur if a hosting provider's
server is configured differently than your local server. To fix this,
add the following element to the site's Web.config file:
<appSettings>
<add key="enableSimpleMembership" value="true" />
</appSettings>
This setting is used by the WebMatrix.WebData.PreApplicationStartCode method which executes automatically when your site runs and will use the value of this setting to enable the simple membership provider.
Actually configuring the SimpleMembershipProvider explicitly is what I would recommend you:
<membership defaultProvider="SimpleMembershipProvider">
<providers>
<clear/>
<add name="SimpleMembershipProvider"
type="WebMatrix.WebData.SimpleMembershipProvider, WebMatrix.WebData"/>
</providers>
</membership>
<roleManager enabled="true" defaultProvider="SimpleRoleProvider">
<providers>
<clear/>
<add name="SimpleRoleProvider" type="WebMatrix.WebData.SimpleRoleProvider, WebMatrix.WebData"/>
</providers>
</roleManager>
Now, there's no room for confusion anymore. Both the membership and role providers are configured explicitly.

Related

ASP.Net MVC: elmah.axd will be accessible for admin role only

i read this article to implement elmah http://www.c-sharpcorner.com/UploadFile/858292/exception-logging-in-mvc-using-elmah/
but i want only authorized person with admin role can see the elmah.axd file. how could i do it? guide me.
i found one way to attach elmah.axd file with admin role. here is code
https://blog.elmah.io/elmah-tutorial/
<location path="elmah.axd">
<system.web>
<httpHandlers>
<add verb="POST,GET,HEAD"
path="elmah.axd"
type="Elmah.ErrorLogPageFactory, Elmah" />
</httpHandlers>
<authorization>
<allow roles="admin" />
<deny users="*" />
</authorization>
</system.web>
<system.webServer>
<handlers>
<add name="ELMAH"
verb="POST,GET,HEAD"
path="elmah.axd"
type="Elmah.ErrorLogPageFactory, Elmah"
preCondition="integratedMode" />
</handlers>
</system.webServer>
</location>
tell me the above way is the only way to protect elmah.axd file for admin role.
from this link https://blog.elmah.io/elmah-security-and-allowremoteaccess-explained/
i found this one
<appSettings>
<add key="elmah.mvc.requiresAuthentication" value="true" />
<add key="elmah.mvc.allowedRoles" value="Admin" />
<add key="elmah.mvc.allowedUsers" value="Thomas" />
</appSettings>
if i add the above entry in web.config file then no authorized user other than admin role can not access elmah.axd file.......i have doubt. please some one guide me.
As I understand it from the docs, the first example is a general solution for ASP.NET. This has some issues with MVC, specifically with MVC's HandleErrorAttribute as well as getting custom errors.
The second example is for Elmah.MVC, a package specifically catering to ASP.NET MVC. This is the recommended way to set up Elmah when using the MVC framework.
<appSettings>
<add key="elmah.mvc.requiresAuthentication" value="true" />
<add key="elmah.mvc.allowedRoles" value="Admin" />
<add key="elmah.mvc.allowedUsers" value="Thomas" />
</appSettings>
What about ASP.NET MVC?
ELMAH were originally created for ASP.NET. Different features
available in ASP.NET MVC have been causing a lot of head-scratching
since introduced back in 2007. Some of you may have struggled with
MVC's HandleErrorAttribute as well as getting custom errors and ELMAH
working at the same time. In 2011, Alexander Beletsky created the
Elmah.MVC package to help MVC developers using ELMAH. We highly
recommend MVC projects to use this package, since it removes a lot of
the frustrations that people are having with MVC and ELMAH.
https://blog.elmah.io/elmah-security-and-allowremoteaccess-explained/

Users don't load Sitefinity

I'm having an issue with SitefinityMembershipProvider in Sitefinity 9.1
When I login to the backend, navigate to Administration -> Users:Page keeps loading.
When I checked the error log it tells me that "Provider must implement the class 'System.Web.Security.MembershipProvider".
But my class inherits sitefinity membership provider i.e. MembershipDataProvider
which is of type Telerik.Sitefinity.Security.Data.
My web config have the following membership defined.
<membership defaultProvider="Default">
<providers>
<clear />
<add name="Default" type="Telerik.Sitefinity.Security.Data.SitefinityMembershipProvider, Telerik.Sitefinity" />
<add name="CredentialServiceProvider" type="SitefinityWebApp.Providers.CredentialServiceProvider" />
</providers>
You need to register the provider in the Security settings as explained here:
http://docs.sitefinity.com/custom-membership-provider-add-the-new-provider-to-the-sitefinity-providers-collection
Additionally, I had to remove the custom provider from the web.config
<providers>
<clear />
<add name="Default" type="Telerik.Sitefinity.Security.Data.SitefinityMembershipProvider, Telerik.Sitefinity" />
</providers>

How to specify the networkCredential param using xml in Serilog.Sinks.Email

I'm trying to setup this sink Serilog.Sinks.Email using xml
<add key="serilog:write-to:Email.restrictedToMinimumLevel" value="Warning" />
<add key="serilog:write-to:Email.from" value="email-from" />
<add key="serilog:write-to:Email.to" value="email-to" />
<add key="serilog:write-to:Email.mailServer" value="mail-server" />
<add key="serilog:write-to:Email.outputTemplate" value="tmpl" />
<add key="serilog:write-to:Email.networkCredential" value="???" />
since networkCredential implements ICredentialsByHost, is possible to specify it using xml?
This is a limitation in the config for the email sink, and/or appsettings support at the moment.

Error Unable connect to SQL Server when add <roleManager enabled="true">

When I add
<roleManager enabled="true"></roleManager>
to my web.config, I get an error
Unable to connect to SQL Server database
occurs on this line of code:
System.Web.Security.Roles.AddUserToRole(m.UserName, "admin");
I added this to the web.config and it solved my problem:
<system.web>
<roleManager enabled="true" defaultProvider="CustomizedRoleProvider">
<providers>
<add name="CustomizedRoleProvider" type="System.Web.Security.SqlRoleProvider" connectionStringName="DefaultConnection" />
</providers>
</roleManager>
</system.web>
I had the exact same error when I had enabled believing I was enabling ASP.NET Identity 2. They are not the same! The enabled an old version of identity management which uses a different table structure to ASP.NET Identity 2 (which doesn't need "enabling" by the way - it's just there).
check the connection String.
If you are intentionally using the old role-manager and still getting the error you might be looking at the default localdb instead of your database, in which case you can modify to point at any connection string you want:
<roleManager
enabled="true"
cacheRolesInCookie="true"
defaultProvider="OurSqlRoleProvider"
>
<providers>
<add
connectionStringName="DefaultConnection"
applicationName="/"
name="OurSqlRoleProvider"
type="System.Web.Security.SqlRoleProvider" />
</providers>
</roleManager>
If you are are after using ASP.NET Identity 2, here's an article on it:
http://johnatten.com/2014/04/20/asp-net-mvc-and-identity-2-0-understanding-the-basics/

using custom Profile provider in ASP.net MVC?

im currently trying to implement a profile provider for my site a few days now and having a hard time working on it, im a php programer and i just shift to asp.net recently
Im using Linq to sql and follow this http://www.codeproject.com/KB/aspnet/LINQCustomProfileProvider.aspx tutorial.
the reason im using my own because i having different structure than any default of asp.net have. The profile data is inside my user table.
The compile was fine, login was fine.
but i tried
<% CMSProfile profile = HttpContext.Current.Profile as CMSProfile;%>
<%= profile.NickName %>
it won't work and throw me a System.NullReferenceException...
so how can i automatically get my Profile into the HTTPCONtext so that i can call out easily everytime.
If you need any more data, i can provide.
Thank you very much.
Web.config:
<roleManager enabled="false" defaultProvider="CMSRoleProvider">
<providers>
<clear />
<add name="CMSRoleProvider" type="P014.ProviderClass.CMSRoleProvider" connectionStringName="P014ConnectionString" applicationName="/" />
</providers>
</roleManager>
How have you registered the provider in web.config? You shouldn't have to instantiate the provider yourself it should be done by the app at startup. If you give more info I might be able to help.
EDIT: Here is my web.config, maybe it will be of help to you.
<profile defaultProvider="SWIntranetProfile" enabled="true">
<providers>
<clear/>
<add name="SWIntranetProfile" type="SWIntranetProfile"/>
</providers>
<properties>
<clear/>
<!-- SID is really LOGON_USER -->
<add name="SID" allowAnonymous="false" type="System.String" readOnly="true"/>
<add name="PersonID" allowAnonymous="false" type="System.Int32" readOnly="true"/>
<add name="EmailAddress" allowAnonymous="false" type="System.String" readOnly="true"/>
<add name="Position" allowAnonymous="false" type="System.String" readOnly="true"/>
<add name="Name" allowAnonymous="false" type="System.String" readOnly="true"/>
<add name="FirstName" allowAnonymous="false" type="System.String" readOnly="true"/>
<add name="LastName" allowAnonymous="false" type="System.String" readOnly="true"/>
<add name="ImageName" allowAnonymous="false" type="System.String" readOnly="true"/>
<add name="PhoneExt" allowAnonymous="false" type="System.String" readOnly="true"/>
<add name="LastIP" allowAnonymous="false" type="System.String" readOnly="false"/>
<add name="IntranetTheme" allowAnonymous="false" type="System.String" readOnly="false"/>
<add name="UnionID" allowAnonymous="false" type="System.Int32" readOnly="true"/>
<add name="UnionName" allowAnonymous="false" type="System.String" readOnly="true"/>
<add name="OfficeID" allowAnonymous="false" type="System.Int32" readOnly="true"/>
</properties>
</profile>
I noticed that the author of the article didn't give a code sample for binding the profiler or Workflow to the HttpContext.
Have you written your own class to do this? If so, have you set this up correctly in the web.config?
If your using IIS7 you also need to register your IHttpModule under the webServer section of the web.config file.
EDIT
To be able to run the code snippet you have show to you need to have placed your custom Profiler to the HttpContext.
You can do this in two ways, either on a per request basis or on the application start.
For the per request basis you would need to create a class that implements IHttpModule and register it in the web.config.
For the Application start you need to attach your CMSProfile to the HttpContext.Current in the Application_OnStart method.
Their is a sample application attached to the article you posted, have you downloading and checked sample application?

Resources