Iam new to asp.net membership & I need help to change its connection string programmatically.
What I have tried till now is
I have create a class project name Sample as namespace** and extends the System.Web.Security.SqlMembershipProvider
code as
namespace Sample
{
public class Connectionstring : SqlMembershipProvider
{
public override void Initialize(string name, System.Collections.Specialized.NameValueCollection config)
{
string connectionString = "server=xx.xx.xx;database=db;user id=un;password=pwd";
// Set private property of Membership provider.
FieldInfo connectionStringField = GetType().BaseType
.GetField("_sqlConnectionString", BindingFlags.Instance |
BindingFlags.NonPublic);
connectionStringField.SetValue(this, connectionString);
}
}
}
and altered web config file in membership tag as
<membership defaultProvider="SQLMembershipProvider">
<providers>
<add name="SQLMembershipProvider" type="sample.Connectionstring,sample" connectionStringName="SQLMembershipConnString" applicationName="#######" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" requiresUniqueEmail="false" passwordFormat="Hashed" />
</providers>
</membership>
and while running the web application project the connection string which i am changing is not get altered?
waiting for your valuable responses and comments
What i have also found on the net about problem is this here:
A simpler, albeit somewhat eyebrow-raising solution is just modifying
the connection string in the providers early enough in the request's
lifecycle:
private void SetProviderConnectionString(string connectionString)
{
var connectionStringField =
Membership.Provider.GetType().GetField("_sqlConnectionString",
BindingFlags.Instance | BindingFlags.NonPublic);
if (connectionStringField != null)
connectionStringField.SetValue(Membership.Provider, connectionString);
}
Calling this method from Global.asax.cs inside
Application_PreRequestHandlerExecute does the job. Haven't tested it
too much, but even if something doesn't work, it just means it needs
to be done earlier. No guarantees this will work with future versions
of the framework, although most likely it will.
So, the 'SetProviderConnectionString' method can be called manually (after the Initialize method is finished), instead of expecting the framework to call the overwritten Initialize method when the Membership.Provider is referenced for a first time.
You don't appear to be calling base.Initialize from your Initialize override. I'm surprised anything works in this case.
In .NET 4 (not sure about earlier versions), you should be able to add the connection string to the configuration collection before calling base.Initialize as follows:
public override void Initialize(string name, NameValueCollection config)
{
config["connectionString"] = ... whatever ...;
base.Initialize(name, config);
}
This avoid the need to use reflection to access a private field.
For what reason are you not using a connection string in the web config?
Typically the web server will access the database using the web server's credentials, not an individual user's credentials.
This is a generic setup guide for asp.net authentication.
http://vstudiojourney.blogspot.com/2008/06/choosing-another-database-for.html
Related
QA team discovered that when the webserver (serving embedded device UI) runs on a system where the primary DNS server is unreachable, the UI becomes unbearably unresponsive - taking some 16s for each action.
First I figured that serving static pages did not suffer from this problem.
Excluding my first suspect - logging - I have finally pinpointed the cause to Intelligencia.UrlRewriter (nuget package ver. 2.0.0.9). It appears that on each request, the rewriter makes a copy of all server variables, which includes "REMOTE_HOST". This is a dynamic variable and is only run when needed. This in turn involves a call to HttpRequest.UserHostName.
Question is simple: how to avoid reverse address lookups in web applications that use the UrlRewriter?
I offer a big hammer answer myself, but would like to hear other options.
I have added another class library project with a simple http module:
public sealed class NoRemoteHostLookup : IHttpModule
{
public void Dispose()
{
}
public void Init(HttpApplication context)
{
context.BeginRequest += ContextOnBeginRequest;
}
private void ContextOnBeginRequest(object sender, EventArgs eventArgs)
{
var request = HttpContext.Current?.Request;
if (request != null)
request.ServerVariables["REMOTE_HOST"] = request.ServerVariables["REMOTE_ADDR"];
}
}
This is then referenced by the web app project and configured in web.config before the UrlRewriter:
<system.web>
<httpModules>
<add type="NoRemoteHostLookupModule.NoRemoteHostLookup, NoRemoteHostLookupModule" name="NoRemoteHostLookup" />
<add type="Intelligencia.UrlRewriter.RewriterHttpModule, Intelligencia.UrlRewriter" name="UrlRewriter" />
</httpModules>
</system.web>
Once the "REMOTE_HOST" variable is set, the framework refrains from resolving it later on when accessed by UrlRewriter.
Well this is a theory. It works in my Visual Studio debugging session, but not on our mono target framework where I get a System.NotSupportedException.
I made a bug report https://github.com/sethyates/urlrewriter/issues/9
Meanwhile I transferred the rewrite rules to the nginx configuration and stripped away UrlRewriter in production.
I'm build my webapi project based on this article: A simple POC using ASP.NET Web API, Entity Framework, Autofac, Cross Domain Support
However, I need to pass a connection string to the DbContext because a user that connects to the webapi can select a different database to work with.
Where and what is that best way to implement this? In the controller, having a separate 'service' or a singleton?
I'm currently building a website that requires multiple databases also. This is the basics (for now). It may not be the best/efficient way, but it does the job so that I can continue working on the site.
Let's say you have this connection and everything there is correct, except the database name can change.
<add name="MyDbContext" connectionString="Server=SomeConnection;Database=SomeDatabase;"providerName="System.Data.SqlClient" />
You can create a connection string on the fly with this
public MyDbContext CreateDbContext(string databaseName)
{
SqlConnectionStringBuilder sqlBuilder = new SqlConnectionStringBuilder(System.Configuration.ConfigurationManager.ConnectionStrings["MyDbContext"].ConnectionString); // Gets the default connection
sqlBuilder.InitialCatalog = databaseName; // Update the database name
return new MyDbContext(sqlBuilder.ToString());
}
Also, unless you want to automatically create a database if it doesn't exist, possibly from incorrect database name, you need to set the initializer. Simply pass the initializer null to prevent ef from automatically creating one. I set this in the constructor of MyDbContext
public class MyDbContext : DbContext
{
/* some other constructors */
public MyDbContext(string nameOrConnectionString, bool createDb)
: base(nameOrConnectionString)
{
if(!createdDb)
{
System.Data.Entity.Database.SetInitializer<MyDbContext>(null);
}
}
}
One way would be to have multiple ConnectionStrings in your web config. You could then select which ConnectionString to use depending on a parameter passed to your webapi:
In your web config:
<connectionStrings>
<add name="dataBase1" connectionString="/*db info here*/" providerName="System.Data.SqlClient" />
<add name="dataBase2" connectionString="/*db info here*/" providerName="System.Data.SqlClient" />
</connectionStrings>
Then in your code:
public someobject GetData(/*arguments*/, string dbType)
{
var connectionString = dbType == 'dataBase1'
? ConfigurationManager.ConnectionString['dataBase1'].toString()
: ConfigurationManager.ConnectionString['dataBase2'].toString()
/*then pass connectionString to dbContext*/
var dbContext = new DbContext(connectionString);
}
First post, I'm a complete .Net/C# novice thrown in at the deep end!
I've inherited a C# wed application due to someone leaving at work and me being the only one with bandwidth! But not the .Net, C# knowledge!
The app is used by people on different sites all over the world. They log in using the corporate login details and as such they log into different servers depending on where they are located, (Europe, America or India).
The guy who wrote the app couldn't work out how to switch the ConnectionString in web.config depending on location, so duplicated the whole app for each domain! With the only variation being a single IP address in web.config for each duplicated version of the app! Then did a simple web front page which took the user to "their" version of the app depending on where they said they were in the world!
The first thing I want to do is to move to a single version to maintain, so I need to be able to switch the connection string or how to login?
I've spent several days trying to work out how I get to ConnectionString (defined in web.config) from my Login class, only to discover the values set in web.config seem to be read only, so I can't alter them.
So I guess the first question is, am I barking up the wrong tree? Can I just set all the information that AspNetActiveDirectoryMembershipProvider (see code later) requires and call it from my login class? Or is the ConnectionString route the Ipso facto way to set up connections in .Net/C#? So therefor I do need to find out how to change/specify/add the value at runtime.
Three possibilities I can think of:- (The first is the one I've ground to a hult with)
Change the ConnectionString for ADService in my web.config from my Login class?
Change what AspNetActiveDirectoryMembershipProvider uses, so from my Login class magicly get it to use EMEA_ADService or PACIFIC_ADService as defined in web.config?
Is it possible to define a new connectionString and call AspNetActiveDirectoryMembershipProvider all from my Login class, not using web.config for this connection at all?
Here's a bit of my/his web.config file and my Login class
Cuttings from Web.config
<connectionStrings>
<add name="ADService" connectionString="LDAP://12.345.67.8" /> *---- Original ConnectionString (IP address changed)----*
<add name="EMEA_ADService" connectionString="LDAP://12.345.67.8" /> *---- Added by me playing around unsuccessfully! ----*
<add name="PACIFIC_ADService" connectionString="LDAP://12.345.67.9" /> *---- Added by me playing around unsuccessfully! ----*
~
</connectionStrings>
<authentication mode="Forms">
<forms loginUrl="~/Login.aspx" timeout="2880" /> *---- The background class for this popup (Login.aspx.cs) is where I'm currently trying to affect ConnectionString----*
</authentication>
*---- Pretty sure this is the bit that actually does the login verification----*
<membership defaultProvider="AspNetActiveDirectoryMembershipProvider">
<providers>
<clear />
<add name="AspNetActiveDirectoryMembershipProvider" type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web, Version=4.0.0.0, Culture=neutral, PublicKeyToken=12345678" connectionStringName="ADService" applicationName="/." description="ADService" />
</providers>
</membership>
This is as far as I've got in my class before finding out that I don't appear to be able to alter ConnectionString!
Cuttings from Login.aspx.cs
public partial class Login : System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e)
{
ConnectionStringSettingsCollection connections = ConfigurationManager.ConnectionStrings; //this is now working :)
string userDomain = Environment.UserDomainName; //Probably don't need this, it seems to give the login domain on the machine. Don't know yet if that will be the users machine or the server the app runs on?
if (connections.Count != 0)
{
foreach (ConnectionStringSettings connection in connections)
{
string testname = connections["ADService"].Name;
string testConnectionString = connections["ADService"].ConnectionString;
connections["ADService"].ConnectionString = "LDAP://12.345.67.9";
testConnectionString = connections["ADService"].ConnectionString;
Any hint would be very welcome!
P.S. I have requested a .Net/C# course at work! ;)
You wouldn't want to alter the existing connection string. Rather, you'd want to alter which connection string your Data Access Layer was using to call different service stacks. You could then choose a connection string at runtime based on whatever input parameters you wanted to use. which in your case might be an IP range.
asp.net mvc multiple connection strings
Handling multiple connection strings in ONE DataAccess Layer
http://msdn.microsoft.com/en-us/library/aa479086.aspx
The microsoft article is particularly interesting since it actually takes an architectural look at proper patterns for resolving dilemmas like yours. I think you got stuck with the short end of the stick! Best of luck!
The Web.config cannot be modified at Runtime. I would suggest setting some kind of flag via a login link or combobox on the website for people to use to choose where they want to login. It is not the job of the server to figure out what a user wants to do.
Normally use authorization settings to interact with the roles.
<location path="Register.aspx">
<system.web>
<authorization>
<allow roles="Administrator"/>
<deny users="?"/>
</authorization>
</system.web>
</location>
But I would like to have this setup in the database in a table
tblAuthorization
-IdAuthorization (Identy(1,1))
-IdCompany=5
-IdRol=5 (Administrator”)
-Path=”Register.aspx”
Is there a setting for a class to do this? There is something like Profile, RoleProvider ..
<roleManager enabled="true" defaultProvider="MyAccessRolProvider">
<providers>
<clear />
<add name="MyAccessRolProvider" type="MyAccessRolProvider" connectionStringName="MyConnectionString" applicationName="/" />
<add name="AspNetWindowsTokenRoleProvider" type="System.Web.Security.WindowsTokenRoleProvider" applicationName="/" />
</providers>
</roleManager>
Right now the only I think that can to implement a validation in the Page_Load event
And if it is invalid making a Redirect but I would do a little more "Professional"
protected void Page_Load(object sender, EventArgs e)
{
if (!IsPostBack)
{
if(!ValidateAuthorization())
{
Response.Redirect("Login.aspx");
}
}
}
Could help me with examples?
Thank you very much in advance
Your best bet is to implement a custom RoleProvider - you seem to be heading in this direction as your question includes a configuration section with a custom RoleProvider (MyAccessRolProvider).
You need to specify the fully-qualified name of your RoleProvider, e.g. MyNamespace.MyAccessRoleProvider, MyAssembly.
MSDN describes how to do this, including a sample implementation.
With the understanding that you are taking about authorization at the page level you could add a HTTP module (IHttpModule) and use your module to do the authorization checking. If the authorization failed then you could redirect as appropriate.
Something like this might work:
public class MyAuthorizationModule : IHttpModule
{
public void Init(HttpApplication application)
{
application.AuthorizeRequest += (new EventHandler(AuthorizeRequest));
}
private void AuthorizeRequest(Object source, EventArgs e)
{
bool isAuthorized = //your code here to check page authorization
if (!isAuthorized)
{
var response = //will need to get current response
response.Redirect("Login.aspx", true);
}
}
}
Note: Don't forget you'll need to add the module to your web application.
There is no out of the box support for this as far as I know however I would suggest you implement something as follows:
Create a new class that derives from AuthorizeAttribute, add an ID property and override the "AuthorizeCore" method.
public class CustomAutorizeAttribute : AuthorizeAttribute
{
public Guid ActionId { get; set; }
protected override bool AuthorizeCore(HttpContextBase httpContext)
{
//Check user has access to action with ID = ActionId
//implementation omitted
}
}
You can add a new database table to hold on the Actions and their associated ID values. You can either add the record to the table manually or write some code to do this using reflection (I would advise this if you have quite a few actions and are likely to add more in the future).
Once this is done you can assign users or application roles access to these actions.
In you custom Authorize attribute you have to check whether the user has access to the given action returning true or false accordingly from the AuthorizeCore method.
I would advise grabbing a collection of all actions a user has access to when a user logs in and storing them in either the server cache or some kind of distributed cache so that you aren't hitting your database on every request.
UPDATE - Sorry just realised you're using ASP.NET Forms and not MVC. My approach is for an MVC application so its probably not relevant although I'll leave it up here in case any MVC developers happen to stumble across your question.
I have multiple calls to Membership.GetUser() and can't seem to find anything built in to cope with this (without hitting the database multiple times).
I first looked into static variables before realising this was not suitable. I know I can use sessions but I would need to hash/encrypt the userID to make it safe, which is fine but I didn't want to do this without checking if there was a built in way to do this within the .net membership provider
Is there a built in way of remembering a value like the UserID and safely storing that for the current user?
I recommend using the Singleton-per-Request pattern which uses the HttpContext.Items property.
public class UserPerRequest
{
/// <summary>
/// Returns the result of Membership.GetUser(), but will cache the results within the
/// current request so it's only called once per request.
/// </summary>
public static MembershipUser Current
{
get
{
const string key = "UserPerRequest";
if (HttpContext.Current.Items[key] == null)
HttpContext.Current.Items[key] = Membership.GetUser();
return (MembershipUser)HttpContext.Current.Items[key];
}
}
}
So everywhere you'd call Membership.GetUser() just call UserPerRequest.Current instead. The only time you'll still get multiple calls to the database during a request is if Membership.GetUser() returns null.
Membership.GetUser() is an indirect call to the class MembershipProvider's method:
public abstract MembershipUser GetUser(string username, bool userIsOnline);
So, you can write a class that derives from the MembershipProvider you're using (for example SqlMembershipProvider or ActiveDirectoryMembershipProvider, or a custom one) and override this method using some clever cache mechanism.
Then you will need to change the web.config to declare this new MembershipProvider class:
<membership defaultProvider="MyProvider">
<providers>
<clear/>
<add name="MyProvider" type="...MyProvider" ... />
</providers>
</membership>