Click here to Skip to main content
65,938 articles
CodeProject is changing. Read more.
Articles
(untagged)

ASP.NET Membership - Part 1

0.00/5 (No votes)
9 Jul 2008 1  
Step-by-Step guidelines to setup ASP.NET Membership Provider using VS 2005 / SQL Server 2005.

Introduction

Many ASP.NET developers face problem in setting up membership providers and using built-in login controls. So here is a simple How-To / basic steps to setup register and login features of a site using ASP.NET Membership and Login Controls.

Background

A bit familiarity with ASP.NET and Visual Studio 2005 is required. I will try to be simple. My local development machine which has VS2005, Microsoft SQL Server 2005 and .NET Framework 2.0. First we will develop this web application locally and then will deploy it on a webhost. We will be using SqlMembershipProvider and login controls.

Note: The Downloadable code has master page use also which is not mentioned here. But it is easy to understand whats going on when you look at the code.

Setting Up Site UI

  1. Start VS 2005.
  2. Create a New ASP.NET Web Application (File->New->Project->ASP.NET Web Application(C#)
  3. Add two new webForms - namely login.aspx, Register.aspx

login.aspx

  1. Drag and drop a Login Control from VS Toolbox onto login.aspx.
  2. Set these two properties for the login control you just added: CreateUserUrl="~/Register.aspx" --- CreateUserText="New User? Register Here!"

Register.aspx

  1. Drag and drop a CreateUserWizard(CUW) Control on to Register.aspx.
  2. Set these properties for CUW you just added:
    ContinueDestinationPageUrl="~/login.aspx" LoginCreatedUser="False"

Default.aspx

  1. Drag and drop LoginStatus and LoginName status on Default.aspx

Web.config

Set up you web.config as below . I will explain it later what we are doing in it.

<?xml version="1.0"?>
<configuration>
<appSettings/> 
<connectionStrings>
<remove name="LocalSqlServer"/>
<!--Replace yourConnectionString here with that which points to your database 
e.g.
<add name="LocalSqlServer" connectionString="Data Source=.\SQLExpress;
Initial Catalog=TestDB;Integrated Security=SSPI;Persist Security Info=True"/>
-->
<add name="LocalSqlServer" connectionString="YourConnectionString"/>
</connectionStrings> 
<system.web>
<compilation debug="false" />
<authentication mode="Forms">
<forms name=".TestAuth" loginUrl="~/login.aspx" defaultUrl="~/Default.aspx"></forms>
</authentication>
<authorization>
<deny users ="?"/>
</authorization> 
<membership defaultProvider="MyAspNetSqlMembershipProvider">
<providers>
<clear/>
<add name="MyAspNetSqlMembershipProvider"
type="System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.0.0, 
Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
connectionStringName="LocalSqlServer"
enablePasswordRetrieval="false"
enablePasswordReset="true"
requiresQuestionAndAnswer="true"
requiresUniqueEmail="false"
passwordFormat="Hashed"
maxInvalidPasswordAttempts="5"
minRequiredPasswordLength="4"
minRequiredNonalphanumericCharacters="1"
passwordAttemptWindow="10"
passwordStrengthRegularExpression=""
applicationName="/TestSiteApp"/>
</providers>
</membership>
</system.web>
<location path="Register.aspx">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>
</configuration>

connectionStrings Section: What we are doing here is removing any reference to connection string LocalServer which might be there by default in machine.config and adding a new one. Note the YourconnectionString. The value might change depending on the connection string pointing to your database.

authentication Section: We are using here Forms authentication. We have give a name to authentication cookie, set the loginUrl and defaultUrl attributes. Nothing real fancy.

authorization Section: Here we are denying access to anonymous users. So they will be direct to our the login page that we have set in loginUrl.

membership Section: First we have set the defaultProvider attribute to the provider name to which we want our login controls to point by default. We have tag so it will remove any membership providers defined in machine.config. Then add our provider. See we have name set to MyAspSqlMembershipProvider just to differentiate. You can give any name. Then we have different settings which, i won't go in deep. But I would consider you to take a note of applicationName property. It is highly recommended to set this property to a unique name.

location Section : Setting path="Register.aspx" and will allow any user to access our Register.aspx page. We need to state this explicitly as we are denying anonymos access to our site as mentiod in authorization section.

The Site front-end is all set. Now lets look at setting up the Database.

Setting up Membership Database

We are going to use the default ASP.NET membership database schema. I will be writing a seperate article on how to use custom schema which will discuss on writing a custom membership provider.

  1. Create an empty database on your local SQL Server 2005. e.g. TestDB
  2. Run the aspnet_regsql.exe which is located in the C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\. (This might be different but the basic idea is it will be under your Windows directory whichever drive it may be.)
  3. Follow the wizard until you hit the step - "Select the Server and Database.
  4. Here select your Server and authentication mode as per your setting with the SQL Server.
  5. Database - from the dropdownlist, select the database you created in step 1 above.
  6. Successful message should show up.

Testing the Setup on Development Machine

Note: You have to set the appropriate connection string to this newly created database in your web.config as mentioned above.

So now if everything is setup correctly we can go ahead and test what we have done so far. Run your application from VS 2005. You will be sent to login.aspx. Now there are no users as of now. So first click on the New User? link and you will be sent to register page. Create a new user. Once the user is successfully created, once again you will be sent to login.aspx. Now login using the user you just created. On successful login you will taken to default.aspx. It will show you a LogOut button and the name of the user logged in.

Moving onto your Webhost

For the testing purpose I got a free webhosting account from www.aspspider.com. Here are the steps I followed:

  1. First, detached my database TestDB.mdf from the SQL Server and uploaded it on to webhost using their database upload facility.
  2. Secondly, I attached my uploaded Database to their SQL Server 2005 Express. (Note I had SQL Server 2005 on local dev machine.)
  3. Uploaded all my files to the host machine.
  4. Changed the connection string in my web.config with the one that webhost company provided me for my database.
  5. Test the site and it should work.

Points of Interest

These are very basic steps. Nothing fancy and there are couple of advance articles around which you can go through. Post me comments if any problem. I will be writing part II with some more advance topics.

Useful Resources:

  1. Screenshots setting up database: http://www.asp.net/learn/security/tutorial-04-vb.aspx
  2. Why to always set applicationName for membership provider: http://weblogs.asp.net/scottgu/archive/2006/04/22/Always-set-the-_2200_applicationName_2200_-property-when-configuring-ASP.NET-2.0-Membership-and-other-Providers.aspx
  3. Free ASP.NET webhosting : http://www.aspspider.com

License

This article has no explicit license attached to it but may contain usage terms in the article text or the download files themselves. If in doubt please contact the author via the discussion board below.

A list of licenses authors might use can be found here