Develop Reference

Local App_Data\ASPNETDB.MDF keeps being created

Writing an MVC5 app. For some reason, a local App_Data\ASPNETDB.MDF db keeps being created, even though in my web.config the only db I specify is a totally different one on the network (and is working fine.) What could be creating this db (and recreating, if I delete it)? I searched my solution for ASPNETDB.MDF and nothing appears, so it's not in any type of config file, etc....
The connectionStrings section of my web.config....
<connectionStrings>
<remove name="ZZZ_SpringContext" />
<add name="ZZZ_SpringContext"
connectionString="Data Source=mypc\sql2012;Initial Catalog=ZZZ_Spring;Integrated Security=True;MultipleActiveResultSets=True"
providerName="System.Data.SqlClient" />
</connectionStrings>
***** UPDATE *****
I tried deleting the db again. Then in my web.config I changed the rolemanager line to false and the db is NOT recreating now. That helps me to see what is creating the db. But, how can I get around this? Here's the line in the web.config....
<roleManager enabled="false" />
I had to change it back to "true" so my app would work correctly.

In the past I had nearly same problem where ASPNETDB.mdf file still recreate even it already deleted. It turns that ASP.NET Identity instance uses machine.config file outside the project which has the following line:
<connectionStrings>
<add name="LocalSqlServer" connectionString="data source=.\SQLEXPRESS;Integrated Security=SSPI;AttachDBFilename=|DataDirectory|aspnetdb.mdf;User Instance=true" providerName="System.Data.SqlClient"/>
</connectionStrings>
And in the end of configuration file I found the membership element, which seems controlling Membership provider behavior:
<system.web>
<membership>
<providers>
<add name="AspNetSqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider, System.Web, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" connectionStringName="LocalSqlServer" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="true" applicationName="/" requiresUniqueEmail="false" passwordFormat="Hashed" maxInvalidPasswordAttempts="5" minRequiredPasswordLength="7" minRequiredNonalphanumericCharacters="1" passwordAttemptWindow="10" passwordStrengthRegularExpression=""/>
</providers>
</membership>
<profile>
<providers>
<add name="AspNetSqlProfileProvider" connectionStringName="LocalSqlServer" applicationName="/" type="System.Web.Profile.SqlProfileProvider, System.Web, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"/>
</providers>
</profile>
<roleManager>
<providers>
<add name="AspNetSqlRoleProvider" connectionStringName="LocalSqlServer" applicationName="/" type="System.Web.Security.SqlRoleProvider, System.Web, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"/>
<add name="AspNetWindowsTokenRoleProvider" applicationName="/" type="System.Web.Security.WindowsTokenRoleProvider, System.Web, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"/>
</providers>
</roleManager>
</system.web>
Note that connectionStringName="LocalSqlServer" refers to ASPNETDB.mdf as shown in connectionStrings element before.
Then, in web.config inside the project, this line determines if RoleManager instance is enabled:
<roleManager enabled="true">
<providers>
<clear/>
<add name="AspNetSqlRoleProvider" type="System.Web.Security.SqlRoleProvider" connectionStringName="ApplicationServices" applicationName="/" />
<add name="AspNetWindowsTokenRoleProvider" type="System.Web.Security.WindowsTokenRoleProvider" applicationName="/" />
</providers>
</roleManager>
The lines given above tells that ASP.NET Membership provider is enabled as current user management, which defeats purpose of ASP.NET Identity.
Hence, if the ASPNETDB.mdf database is not exist & Membership provider support being enabled, the Membership provider will initialize with default configuration settings in machine.config, and automatically generates ASPNETDB.mdf and its log file using default table definitions.
To prevent re-creation of that DB, in addition to change <roleManager enabled="false">, you can use these steps in web.config:
Clear existing or predefined connection strings before defining your own.
<connectionStrings>
<clear />
<remove name=LocalSqlServer /> <== this is maybe optional
<add name="ZZZ_SpringContext"
connectionString="Data Source=mypc\sql2012;Initial Catalog=ZZZ_Spring;Integrated Security=True;MultipleActiveResultSets=True"
providerName="System.Data.SqlClient" />
</connectionStrings>
Remove RoleManager provider in module definition.
<modules>
<remove name="RoleManager" />
</modules>
Comment out all membership, profile & roleManager elements if necessary to do so.
If your account model code has UsersContext class, ensure it pointed to current connection string defined on your own.
public class UsersContext : DbContext
{
public UsersContext() : base("ZZZ_SpringContext")
{
}
}
Related issue:
How do I stop using ASPNETDB.MDF in LocalDB? (WebForms version)

Issue: creating AD FS claims aware application in Visual Studio 2013

I am new to trying to use AD FS and I have been running in circles.
Trying to make a claims aware application
The organization handles its own authentication
I have gotten my test application to verify authentication but it seems wrong.
Create new application in Visual Studio
Choose Web -> Visual Studio
Choose .Net Framework 4.5
Select ASP.Net MVC 4 Web Application
Add Reference to System.Identity
Add Reference to System.Identity.Services
Edit my web.Config file
in the configsection -- add the following
<section name="system.identityModel" type="System.IdentityModel.Configuration.SystemIdentityModelSection, System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" />
<section name="system.identityModel.services" type="System.IdentityModel.Services.Configuration.SystemIdentityModelServicesSection, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" />
then add
<appSettings>
<add key="webpages:Version" value="3.0.0.0" />
<add key="webpages:Enabled" value="false" />
<add key="ClientValidationEnabled" value="true" />
<add key="UnobtrusiveJavaScriptEnabled" value="true" />
<add key="ida:FederationMetadataLocation" value="https://fedtest.xxxxxxxx.com/FederationMetadata/2007-06/FederationMetadata.xml" />
<add key="ida:Realm" value="https://myappNameHere.xxxxxx.com" />
<add key="ida:AudienceUri" value="http://myappNameHere.xxxxxxx.com" />
<add key="loginUrl" value="~/Home" />
</appSettings>
Then add
<location path="Home">
<system.web>
<authorization>
<allow users="*" />
</authorization>
</system.web>
</location>
<location path="Logout.html">
<system.web>
<authorization>
<allow users="*" />
</authorization>
</system.web>
</location>
Then add
<system.web>
<compilation debug="true" targetFramework="4.5" />
<httpRuntime targetFramework="4.5" />
<authorization>
<deny users="?" />
</authorization>
<authentication mode="None" />
</system.web>
Then add
<identityConfiguration>
<audienceUris>
<add value="http://myappName.xxxxxx.com/" />
</audienceUris>`
<issuerNameRegistry type="System.IdentityModel.Tokens.ValidatingIssuerNameRegistry, System.IdentityModel.Tokens.ValidatingIssuerNameRegistry">
<authority name="http://fedtest.xxxxxxx.com/adfs/services/trust">
<keys>
<add thumbprint="12345567890asdasfsdgdfhdfgjdf123124" />
</keys>
<validIssuers>
<add name="http://fedtest.xxxxxxxx.com/adfs/services/trust" />
</validIssuers>
</authority>
</issuerNameRegistry>
<securityTokenHandlers>
<add type="System.IdentityModel.Services.Tokens.MachineKeySessionSecurityTokenHandler, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />
<remove type="System.IdentityModel.Tokens.SessionSecurityTokenHandler, System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />
</securityTokenHandlers>
<certificateValidation certificateValidationMode="None" />
</identityConfiguration>
</system.identityModel>
<system.identityModel.services>
<federationConfiguration>
<cookieHandler requireSsl="true" />
<wsFederation passiveRedirectEnabled="true"
issuer="https://fedtest.xxxxxxxxx.com/adfs/ls/"
realm="https://myappName.xxxxxxxx.com/"
reply="https://myappName.xxxxxxxxx.com/"
requireHttps="true" />
</federationConfiguration>
</system.identityModel.services>
Why do I think all this is wrong?? Well I got all those lines of web.config from the following steps...
go back to step 5 and do the following
Under Tempalte click web
chose the only option --- ASP.NET Web Application
Wizard comes up and click the 'change Authentication'
Choose Organizational accounts
change drop down to 'On Premises'
fill out 'On-Premises Authority'
Fill out 'App ID URI'
Look at web.config
But using the application that those steps produce will create a redirect loop that I have never been able to trouble shoot.
So -- suggestions on what I am doing wrong. It can't be considered right to generate the web.config in a standard way and paste it into a previous version to get it to work.

Refer: Use the On-Premises Organizational Authentication Option (ADFS) With ASP.NET in Visual Studio 2013.
In terms of the redirect loop. the usual reason is that for your ADFS RP, you configured the endpoint without a trailing slash.
Add the missing "/" and ensure it matches the string in your web.config.

Enable SSL in your application and set the SSL URL as the default in your web properties.

Okay -- what the answer ended up being...
1) I started down this route because i kept getting a redirect loop that I thought was caused by the web.config.
It wasn't the web.config.
2) So create the the application as you are supposed to in VS 13 -- namely go to c# -> web -> and then click the ASP.NET Web Application and set up the on premise authentication
3) My redirect loop was caused by multiple LDAP claims bundled together coming from AD FS
4) Sent my claims one rule at a time and worked like magic.
If anyone can shed light as to why this should be true I am curious.

Unit test membership

I'm integration testing an MVC controller that uses the membership API. I've added my app.config below. The tests attempt to run, but when they make a call to the api, they return null. I inspect the Membership object, and it doesn't contain my connection string, it contains the default one that comes from the machine.config. It also does not pick up my configured application name. It seems to me that I have an issue with my app.config to the point where the membership api is not picking up its settings.
Can anyone spot the error?
var usr = Membership.GetUser(AValidGuid); This is always null!!!!
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<configSections>
<section name="membership" type="System.Web.Configuration.MembershipSection, System.Web" />
<section name="roleManager" type="System.Web.Configuration.RoleManagerSection, System.Web" />
</configSections>
<connectionStrings>
<add connectionString="server=;user id=;password=;database=" name="SqlProvider" />
</connectionStrings>
<membership defaultProvider="AspNetSqlMembershipProvider">
<providers>
<remove name="AspNetSqlMembershipProvider"></remove>
<add name="AspNetSqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" connectionStringName="SqlProvider" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" requiresUniqueEmail="false" passwordFormat="Hashed" maxInvalidPasswordAttempts="5" minRequiredPasswordLength="6" minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10" passwordStrengthRegularExpression="" applicationName="/test" />
</providers>
</membership>
<roleManager enabled="true" defaultProvider="AspNetSqlProvider">
<providers>
<remove name="AspNetSqlRoleProvider"></remove>
<add connectionStringName="SqlProvider" applicationName="/test" name="AspNetSqlRoleProvider" type="System.Web.Security.SqlRoleProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
</providers>
</roleManager>
</configuration>

Your app.config will need to be updated for the application executing the test. Is that what the posted app.config applies to? I know that's a basic thing but a lot of people get hung up on which config is being utilized by the test runner.

Problem running MVC3 app in IIS 7

I am having a problem getting a MVC 3 project running in IIS7 on a computer running Windows 7 Home-64 bit. Here is what I did.
Installed IIS 7.
Accessed the server and got the IIS welcome page.
Created a directory named d:\MySite and copied the MVC application to it. (The MVC app is just the standard app that is created when you create a new MVC3 project in visual studio. It just displays a home page and an account logon page. It runs fine inside the Visual Studio development server and I also copied it out to my hosting site and it works fine there)
Started IIS management console.
Stopped the default site.
Added a new site named "MySite" with a physical directory of "d:\Mysite"
Changed the application pool named MySite to use .Net Framework 4.0, Integrated pipeline
When I access the site in the browser I get a list of the files in the d:\MySite directory. It is as if IIS is not recognizing the contents of d:\MySite as an MVC application.
What do I need to do to resolve this?
As requested, here is the web.config:
<?xml version="1.0"?>
<!--
For more information on how to configure your ASP.NET application, please visit
http://go.microsoft.com/fwlink/?LinkId=152368
-->
<configuration>
<connectionStrings>
<add name="ApplicationServices"
connectionString="data source=.\SQLEXPRESS;Integrated Security=SSPI;AttachDBFilename=|DataDirectory|aspnetdb.mdf;User Instance=true"
providerName="System.Data.SqlClient" />
</connectionStrings>
<appSettings>
<add key="ClientValidationEnabled" value="true"/>
<add key="UnobtrusiveJavaScriptEnabled" value="true"/>
</appSettings>
<system.web>
<compilation debug="true" targetFramework="4.0">
<assemblies>
<add assembly="System.Web.Abstractions, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
<add assembly="System.Web.Helpers, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
<add assembly="System.Web.Routing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
<add assembly="System.Web.Mvc, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
<add assembly="System.Web.WebPages, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
</assemblies>
</compilation>
<authentication mode="Forms">
<forms loginUrl="~/Account/LogOn" timeout="2880" />
</authentication>
<membership>
<providers>
<clear/>
<add name="AspNetSqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider" connectionStringName="ApplicationServices"
enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" requiresUniqueEmail="false"
maxInvalidPasswordAttempts="5" minRequiredPasswordLength="6" minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10"
applicationName="/" />
</providers>
</membership>
<profile>
<providers>
<clear/>
<add name="AspNetSqlProfileProvider" type="System.Web.Profile.SqlProfileProvider" connectionStringName="ApplicationServices" applicationName="/" />
</providers>
</profile>
<roleManager enabled="false">
<providers>
<clear/>
<add name="AspNetSqlRoleProvider" type="System.Web.Security.SqlRoleProvider" connectionStringName="ApplicationServices" applicationName="/" />
<add name="AspNetWindowsTokenRoleProvider" type="System.Web.Security.WindowsTokenRoleProvider" applicationName="/" />
</providers>
</roleManager>
<pages>
<namespaces>
<add namespace="System.Web.Helpers" />
<add namespace="System.Web.Mvc" />
<add namespace="System.Web.Mvc.Ajax" />
<add namespace="System.Web.Mvc.Html" />
<add namespace="System.Web.Routing" />
<add namespace="System.Web.WebPages"/>
</namespaces>
</pages>
</system.web>
<system.webServer>
<validation validateIntegratedModeConfiguration="false"/>
<modules runAllManagedModulesForAllRequests="true"/>
</system.webServer>
<runtime>
<assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">
<dependentAssembly>
<assemblyIdentity name="System.Web.Mvc" publicKeyToken="31bf3856ad364e35" />
<bindingRedirect oldVersion="1.0.0.0-2.0.0.0" newVersion="3.0.0.0" />
</dependentAssembly>
</assemblyBinding>
</runtime>
</configuration>

I posted this question on "ServerFault" as well and got a resolution to the issue here.
The answer is:
Since IIS was installed after .NET 4, you likely need to run the aspnet_regiis.exe tool to register all the .NET 4 stuff with IIS.

I like to add some details:
After registering ASP.NET 4 using aspnet_regiis -i I also had to update the web application using aspnet_regiis -s W3SVC/1/ROOT/SampleApp1 in order to fix the problem.
The /1/ in W3SVC/1/ROOT/SampleApp1 is the instance of your web application. You can find it by looking into your IIS Manager in the column ID.
The ROOT/SampleApp1 in W3SVC/1/ROOT/SampleApp1 is your application path. If you want to update all sites, just do aspnet_regiis -s W3SVC/.
Afterwards it worked fine for me.

I had 403.14 errors when running an MVC 3 website on the server. Server was 32 bit. 2008. IIS7. The problem was that the HTTP Redirection feature was not installed. Server Manager -> Roles -> Web Server -> Roles Services -> HTTP Redirection. This is the only thing that fixed it for me. The web.config needed no change.

I think the majority of IIS7 website setup problems is due to folder security. If you try to create a website by copying the application folders directly from your dev environment to a folder not under wwwroot, the security on your folders will be wrong and you will fight it for hours getting ambiguous errors. The EASY way to get it correct, is to inspect and inetpub/wwwroot folder, examine it and add permissions to your folder, starting with computername\IIS_IUSRS and computername\Users. For mvc, make sure you have a web.config AND global.asax at the root. You do not need a default document for mvc and you should not allow directory browsing. If using aspnet_regiis, you may want to use the -ir if there are other sites being hosted on the machine.

Have you checked the websites default document in IIS is at the top of the list.
I think it defaults to default.asp with default.aspx either not there or at the bottom of the list

I didn't solve this problem until I install .net v4.0.30319 ,before that .net version on my machine is v4.0.30128 . It takes me a long time to figure out the problem,hope this can help someone.

Getting an ASP.MVC2/VS2010 application to work in IIS 7.5

I've recently downloaded beta 2 of VS2010 and started playing with ASP.NET MVC2. Initial development was done with Casini, but now I wanted to run the application from IIS 7.5 (I'm running Windows 7).
I've installed the IIS6 metabase compatiblity and I run VS2010 as administrator so I can use the "Create Virtual Directory" button from the "Web" tab of the project settings.
This created the web application entry in IIS, but it doesn't work.
When I go to the main page (http://localhost/MyMvcApp/) I get a HTTP 403 error. When I go directly to one of the sub-pages (http://localhost/MyMvcApp/Home/) I get an HTTP 404.
So I guess for some reason the URL routing isn't working.
I've already added UrlRouting as a module and a handler to the web.config. In my searches this is offered as a solution for some similair problems. But for me this still doesn't work.
The interesting part of my web.config looke like this:
<system.web>
<compilation debug="true" targetFramework="4.0">
<assemblies>
<add assembly="System.Web.Abstractions, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
<add assembly="System.Web.Routing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
<add assembly="System.Web.Mvc, Version=2.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
</assemblies>
</compilation>
<authentication mode="Forms">
<forms loginUrl="~/Account/LogOn" timeout="2880" />
</authentication>
<membership>
<providers>
<clear />
<add name="AspNetSqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider" connectionStringName="ApplicationServices" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" requiresUniqueEmail="false" maxInvalidPasswordAttempts="5" minRequiredPasswordLength="6" minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10" applicationName="/" />
</providers>
</membership>
<profile>
<providers>
<clear />
<add name="AspNetSqlProfileProvider" type="System.Web.Profile.SqlProfileProvider" connectionStringName="ApplicationServices" applicationName="/" />
</providers>
</profile>
<roleManager enabled="false">
<providers>
<clear />
<add name="AspNetSqlRoleProvider" type="System.Web.Security.SqlRoleProvider" connectionStringName="ApplicationServices" applicationName="/" />
<add name="AspNetWindowsTokenRoleProvider" type="System.Web.Security.WindowsTokenRoleProvider" applicationName="/" />
</providers>
</roleManager>
<pages>
<namespaces>
<add namespace="System.Web.Mvc" />
<add namespace="System.Web.Mvc.Ajax" />
<add namespace="System.Web.Mvc.Html" />
<add namespace="System.Web.Routing" />
</namespaces>
</pages>
<httpHandlers>
<add verb="*" path="*.mvc" validate="false" type="System.Web.Mvc.MvcHttpHandler" />
</httpHandlers>
<customErrors mode="Off" />
</system.web>
<system.webServer>
<validation validateIntegratedModeConfiguration="false" />
<modules runAllManagedModulesForAllRequests="true" >
<remove name="UrlRoutingModule"/>
<add name="UrlRoutingModule" type="System.Web.Routing.UrlRoutingModule, System.Web.Routing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
</modules>
<handlers>
<remove name="MvcHttpHandler" />
<add name="MvcHttpHandler" preCondition="integratedMode" verb="*" path="*.mvc" type="System.Web.Mvc.MvcHttpHandler" />
<add name="UrlRoutingHandler" preCondition="integratedMode" verb="*" path="UrlRouting.axd" type="System.Web.HttpForbiddenHandler, System.Web, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
</handlers>
<httpErrors errorMode="Detailed" />
</system.webServer>

I've just had this problem, and unfortunately the fix here didn't work for me.
What did work was running this:
%windir%\Microsoft.NET\Framework64\v4.0.30319\aspnet_regiis.exe -ir
in a command window...works like a dream now!
(So, is ASP.Net not installed into IIS by default when you install VS2010?)

After more checking and trying I noticed in the "Turn Windows features on or off" dialog that "HTTP Errors" and "HTTP Redirection" were missing.
This is strange because as far as I can remember this was installed automatically by the Microsoft Web Platform Installer.
In any case "HTTP Redirection" seemed like a need-to-have feature when working with MVC. So after I installed it everything seemed to work perfectly.

Add this to your web.config file:
<system.webServer>
<modules runAllManagedModulesForAllRequests="true" />
<!-- rest of config -->
</system.webServer>

It is such a pain doing this manually. But definitely doable! I managed it and summed it up in this step by step guide on adding an mvc 2 project to an exisitng web forms solution here. Hope this helps... it took me ages to work though all the config settings and there seem to be so few resources on the subject.

Please note that you must run aspnet_regiis.exe -ir as administrator, it seems obvious but when you are tired of trying things with no success to solve that, you could pass it.
Just to say a big THANK YOU to all the responses, after many hours trying different things, finally I could get work my MVC 2 app in IIS.

What Helped to me is using classic pipeline for AppPool instead of integrated:

I was building an MVC2 application on my laptop Windows 7, using .net beta 2 and
VS 2010 beta 2. When I installed the entire development environment on Windows Server 2008, including VS, built the solution and ran it, the routing worked fine.
The next step was to create a production server on Windows Server 2008, on which I deployed the .net 4.0 beta but none of the other stuff which came with the VS 2010 beta download.
Under this configuration the routing never worked until I enable HTTP Redirection as indicated by Jeroen.
Hope this helps someone who might be in the same boat.

Just wanted to note that I was having the same problem with 403 and 404s but adding the system.webServer and all the elements from the system.web/pages/namespaces node resolved it for me.