How Can I remove Functionality of max Invalid Password Attempts from Asp.Net Membership.?
<membership>
<providers>
<clear/>
<add name="AspNetSqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider"
connectionStringName="con"
enablePasswordRetrieval="false"
enablePasswordReset="true"
requiresQuestionAndAnswer="false"
requiresUniqueEmail="false"
maxInvalidPasswordAttempts="5"
minRequiredPasswordLength="6"
minRequiredNonalphanumericCharacters="0"
passwordAttemptWindow="10"
applicationName="/"/>
</providers>
</membership>
This thread might help you:
Disabling account lockout with the SqlMembershipProvider
Basically you could just set number of attempts to Int32.MaxValue. It's not exactly what you wanted but it will work for most cases.
Related
i have a web service call a method to authenticate user
the method is :
public bool getUser(string User, string Pass)
{
return( Membership.ValidateUser(TvId, TvPass));
}
but Membership.ValidateUser need to get connection to db, and I'm using Entity framework , any help?
We have two different connection strings defined, one for EF and one for the Membership provider, even though they're both the same DB.
So in the Web.config we have:
<configuration>
<connectionStrings>
<!-- Used by the EF DbContext -->
<add name="EFConnection" connectionString="metadata=res://*/Model.csdl|res://*/Model.ssdl|res://*/Model.msl;provider=System.Data.SqlClient;provider connection string="Data Source=localhost;Initial Catalog=MyDB;Persist Security Info=False;Trusted_Connection=yes;MultipleActiveResultSets=true;"" providerName="System.Data.EntityClient" />
<!-- Used for membership, see the Web.config entries below -->
<add name="ApplicationServices" connectionString="data source=localhost;initial catalog=MyDB;Persist Security Info=False;Trusted_Connection=yes;MultipleActiveResultSets=true;" providerName="System.Data.SqlClient" />
</connectionStrings>
<system.web>
<membership>
<providers>
<!-- Uses the ApplicationServices connection string defined above to set the connection information for the membership provider -->
<add name="AspNetSqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider" connectionStringName="ApplicationServices" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" requiresUniqueEmail="false" maxInvalidPasswordAttempts="5" minRequiredPasswordLength="6" minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10" applicationName="ePubDirect" />
</providers>
</membership>
</system.web>
</configuration>
There's a load of other stuff in the Web.config too of course, and your connection strings will likely be very different than my local dev environment, but this is the type of wiring you need for your Membership to just work.
Instead of System.Web.Security.SqlMembershipProvider you may need something more like:
<membership defaultProvider="DefaultMembershipProvider">
<providers>
<add name="DefaultMembershipProvider" type="System.Web.Providers.DefaultMembershipProvider, System.Web.Providers, Version=2.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" connectionStringName="DefaultConnection" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" requiresUniqueEmail="false" maxInvalidPasswordAttempts="5" minRequiredPasswordLength="6" minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10" applicationName="/" />
</providers>
</membership>
Or whatever membership provider you're using. Your detailed settings are likely to be different to these too.
It doesn't mean you r using entity framework or Ado.net classes to make the connection with the database. membership provider will work with entity framework as well. you need to define the membership connection string in the Web.config file
I have just created a brand new ASP.NET MVC 4 project and when I run the project, I get the following error:
Parser Error Message: Could not load file or assembly 'MySql.Web, Version=6.7.4.0, Culture=neutral, PublicKeyToken=c5687fc88969c44d' or one of its dependencies. The system cannot find the file specified.
Line 251: <providers>
Line 252: <add name="AspNetSqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider, System.Web, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" connectionStringName="LocalSqlServer" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="true" applicationName="/" requiresUniqueEmail="false" passwordFormat="Hashed" maxInvalidPasswordAttempts="5" minRequiredPasswordLength="7" minRequiredNonalphanumericCharacters="1" passwordAttemptWindow="10" passwordStrengthRegularExpression="" />
Line 253: <add name="MySQLMembershipProvider" type="MySql.Web.Security.MySQLMembershipProvider, MySql.Web, Version=6.7.4.0, Culture=neutral, PublicKeyToken=c5687fc88969c44d" connectionStringName="LocalMySqlServer" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="true" applicationName="/" requiresUniqueEmail="false" passwordFormat="Clear" maxInvalidPasswordAttempts="5" minRequiredPasswordLength="7" minRequiredNonalphanumericCharacters="1" passwordAttemptWindow="10" passwordStrengthRegularExpression="" />
Line 254: </providers>
Line 255: </membership>
Any clue as to how I can fix this?
Using the MySql installer, mysql-installer-community-5.6.15.0.exe, I removed Connector/Net 6.7.4. That removed all MySql references from machine.config and fixed the problem.
you have to add the assambelies of other project to one of project that run
Forms Authentication does not work. Auth cookies are not sent to server when SMF attempts to get access to *.ism/Manifest files on a server that requires specific user roles.
What i do:
1. Create new Silverlight Smooth Streaming template with supporting RIA WCF.
2. Configure web.config :
<connectionStrings>
<add name="ApplicationServices" connectionString="Data Source=[SERVER];Initial Catalog=[CATALOG];User ID=[USER];Pwd=[PASSWORD];" providerName="System.Data.SqlClient" />
<system.web>
<authentication mode="Forms">
<forms loginUrl="~/Account/LogOn" timeout="2880" />
</authentication>
<membership>
<providers>
<clear />
<add name="AspNetSqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider" connectionStringName="ApplicationServices" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" requiresUniqueEmail="false" maxInvalidPasswordAttempts="5" minRequiredPasswordLength="6" minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10" applicationName="/" />
</providers>
</membership>
<profile>
<providers>
<clear />
<add name="AspNetSqlProfileProvider" type="System.Web.Profile.SqlProfileProvider" connectionStringName="ApplicationServices" applicationName="/" />
</providers>
<properties>
<add name="Gender" />
<add name="Birthday" />
<add name="AvatarPath" />
</properties>
</profile>
<roleManager enabled="true">
<providers>
<clear />
<add connectionStringName="ApplicationServices" applicationName="/" name="AspNetSqlRoleProvider" type="System.Web.Security.SqlRoleProvider" />
<add applicationName="/" name="AspNetWindowsTokenRoleProvider" type="System.Web.Security.WindowsTokenRoleProvider" />
</providers>
</roleManager>
Add Authentification Service and correct User class (add 3 props).
On client side add this to app.xaml.cs:
public App()
{
//Default things...
InitializeWebContext();
}
private void InitializeWebContext()
{
WebContext webContext = new WebContext();
var fa = new FormsAuthentication();
var ac = new AuthenticationDomainService1();
fa.DomainContext = ac;
fa.Login(new LoginParameters("user", "password"), (y) =>
{
if (!y.HasError)
{
this.RootVisual = new MainPage();
}
}, null);
webContext.Authentication = fa;
ApplicationLifetimeObjects.Add(webContext);
Resources.Add("WebContext", WebContext.Current);
}
Access is restricted by web.config file in target directory:
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.web>
<authorization>
<allow roles="Role_name" />
<deny users="*" />
</authorization>
</system.web>
</configuration>
User exists in this role.
When I use the default video that's specified in Xaml (Big Bunny) - everything is fine. But when I change mediasource to a path to s restricted zone on my server I get an access error.
On the client side, I get user credentials succesfully.
Fiddler shows next thing:
When I try access to another resctricted methods ([RequiresAuthentication]) on RIA WCF, client send Auth cookies, but when SMFPlayer try access to media source, that cookie wasn`t sent.
What have I missed?
I found some workaround:
If you transfer the stream files into a subdirectory, and restrict access to it (instead of a directory with "ism" files). Manifest will be issued to anonymous users, but the data streams is only for registered (when player try touch data stream it sucessfully attach auth cookies).
I am trying to generate alphanumeric passwords and I did this in web.config:
enablePasswordRetrieval="false"
enablePasswordReset="true"
requiresQuestionAndAnswer="false"
requiresUniqueEmail="false"
passwordFormat="Clear"
maxInvalidPasswordAttempts="10"
minRequiredPasswordLength="6"
minRequiredNonalphanumericCharacters="0"
passwordAttemptWindow="10" passwordStrengthRegularExpression="^[a-zA-Z0-9]*$"/>
But still i get non-alpha numeric characters. please correct me if wrong.
http://msdn.microsoft.com/en-us/library/system.web.security.membershipprovider.resetpassword.aspx
The random password created by the ResetPassword method is not
guaranteed to pass the regular expression in the
PasswordStrengthRegularExpression property. However, the random
password will meet the criteria established by the
MinRequiredPasswordLength and MinRequiredNonAlphanumericCharacters
properties
I am going crazy, when I go into the Web Site Administration Tool to create some new users, it always tells me that my password is not 7 characters long.
Error msg:
Password length minimum: 7. Non-alphanumeric characters required: 1.
Here is my web.config, seems like it is not even looked at.
<membership userIsOnlineTimeWindow="20">
<providers>
<remove name="AspNetSqlProvider" />
<add name="AspNetSqlProvider" connectionStringName="LocalSqlServer"
type="System.Web.Security.SqlMembershipProvider"
applicationName="OCIS"
minRequiredPasswordLength="3"/>
</providers>
</membership>
I even went as far to modify the machine.config and after rebooting, still the same result.
Very frustrating.
You guys have any ideas why my web.config files seems to be ignored?
Thank you,
Steve
The AspNetSqlProvider is not the default provider name that is defined in the MembershipSection. Thus, you have to set the default provider name as follows.
<membership defaultProvider="AspNetSqlProvider">
<providers>
<add name="AspNetSqlProvider" ... />
</providers>
</membership>
You probably should never have need to modify machine.config but I understand your frustration.
First, try implementing all properties of the provider in your local config to your specs and see what happens..
<membership>
<providers>
<add
name="AspNetSqlMembershipProvider"
type="System.Web.Security.SqlMembershipProvider, ..."
connectionStringName="LocalSqlServer"
enablePasswordRetrieval="false"
enablePasswordReset="true"
requiresQuestionAndAnswer="true"
applicationName="/"
requiresUniqueEmail="false"
passwordFormat="Hashed"
maxInvalidPasswordAttempts="5"
minRequiredPasswordLength="7"
minRequiredNonalphanumericCharacters="1"
passwordAttemptWindow="10"
passwordStrengthRegularExpression=""
/>
</providers>
</membership>