Setting up a remote database for membership
By default, just quickly creating the ASP.NET application with the login controls on the website will cause the ASP.NET server to attempt to generate a database in the App_Data directory but I wanted to have the membership tables that ASP.NET will create be located on my database server with in my main database. This was a little bit trickier and there are a lot of different sites out there that propose ways of doing this but none of them seemed to work.
The simplest way I found was from the Discountasp.net forums. I am using Discountasp.net but when I run web application on my localhost and just connect to the Discountasp.net server, it works so I suspect this should work for all instances where you just need a simple remote membership database.
How to configure the ASP.NET 2.0 Membership/Roles Provider to use SQL 2000 or SQL 2005?
The information in this article applies to:
• ASP.NET 2.0
• MS SQL 2000
• MS SQL 2005
SUMMARY
This article describes how to configure the ASP.NET 2.0 Membership/Roles provider to use SQL 2000 or SQL 2005.
DETAILS
The following steps create the full Application Services database schema on our SQL Server database.
Open the command prompt on your local computer, and navigate to: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727
Execute the command: aspnet_regsql.exe -S [DB Server Name] -U [DB login] -P [Password] -A all -d [Database name]
Currently, there is no management interface to manage the membership database besides using Visual Web Developer or creating your own application using the membership provider class.
Below is an example of how to configure Visual Web Developer to manage the membership database.
Create a web application in Visual Web Developer or Visual Studio 2005.
Open the web.config.
The default membership provider uses a connection string called "LocalSqlServer".
Therefore, replace:
<connectionStrings/>
with
<connectionStrings>
<remove name="LocalSqlServer"
/>
< add name="LocalSqlServer" connectionString="Data Source=<
DB_Server>;Integrated Security=false;
Initial Catalog=<
DB_Name>;
User ID=<
DB_User>;Password=<DB_password>" providerName="System.Data.SqlClient" />
</connectionStrings>
Save and close the web.config.
Go to Website menu, and run the ASP.NET Configuration tool. This will open the Web Site Administration tool.
In the Web Site Administration tool, go to the Security tab.
Click on "Select authentication type".
Select "From the internet". Click the Done button.
Create your admin roles and users.
Then create access rules.
Create a rule that applies to the "Anonymous users" with "Deny" permissions.
Create another rule that applies to the admin role you created with "Allow" permissions.
Your application is now ready to use the membership provider, and you can begin creating your login forms.
User logged in checked programmatically
You’ll need to check this a lot. Actually, it might be better to write your own methods to encapsulate this check but the easiest and fastest way to check if a user is logged in is to use the code.
The variable _loginPanel is a panel that contains the login form. If they’re logged in, it shouldn’t show up.
if (User.Identity.IsAuthenticated)
_loginPanel.Visible = false;
else
_loginPanel.Visible = true;
Get the UserID of the user
There is going to come a point where you’ll need to access the UserID and it’s better to use the UserID when referring to the user than to use the UserName because the UserID column is the primary key by default in the database that the membership tools generate and so searching is going to be faster.
MembershipUser newUser = Membership.GetUser(User.Identity.Name);
Response.Write("User key " + newUser.ProviderUserKey.ToString());
In order for this code to work though, the user must be logged in so you need to check to make sure the user is logged in before using this code otherwise you’ll receive an error.
Adding events after a user is created
When using the Create User control, there is an event on the CreateUserWizard called CreatedUser that fires after the new user has been saved to the database. This is handy if you need to add anything extra to the database after the user was generated.
protected void Page_Load(object sender, EventArgs e)
{
CreateUserWizard1.CreatedUser += _newUserCreated;
}
protected void _newUserCreated(object sender, EventArgs e)
{
CreateUserWizard userWizard = (CreateUserWizard)sender;
MembershipUser newUser = Membership.GetUser(userWizard.UserName);
Response.Write("User key" + newUser.ProviderUserKey.ToString());
}
Maintain scroll position when the user is created (On postback)
There are a couple of ways to do this. If you’re familiar with the AJAX libraries (formerly ATLAS) from Microsoft, it’s pretty easy to add an update panel so that only the User Creation control updates asynchronously but if you want a really fast way, adding the line
MaintainScrollPositionOnPostback="true"
to the top line of your aspx page is probably the fastest method for doing this. So my code looks like this.
<%@ Page Language="C#" MasterPageFile="~/MasterPage.master" AutoEventWireup="true" CodeFile="Default.aspx.cs" Inherits="_Default" Title="Untitled Page" MaintainScrollPositionOnPostback="true" %>
Redirect after a user is created
One of the problems with the Create User control is that there are so many properties that all seem like they do the same thing. If you need to redirect the user to a members only page once they’ve registered, it’s pretty easy but the user must be authenticated which doesn’t happen when the CreateUserWizard.CreatedUser event is fired. But what happens is that a little lable replaces the original signup textboxes now alerting the user that they have successfully registered and there is a continue button. When the user presses this button, it then redirects them. I’m also assuming that clicking the button also signs the user into the site as well. So you need to set the CreateUserWizard property ContinueDestinationPageUrl to the page you want the user to be redirected to after they signup.
I’ve written quite a few encryption classes over the last month for File Phantom and I wrote this one while doing some testing that I thought was pretty simple to use if you need to do a quick encryption in C# using the Rijndael method. It takes a password that’s basically going to become the encryption key, creates the encryption key from the password and then creates the encrypted file and the last parameter sets whether the file that is being encrypted should become the encrypted file. If so, I replace the original and delete the newly created encrypted file. This last step might not be the most efficient but it seems safer than actually deleting one of the copies entirely and leaving the other in memory.
The part of the code where I assemble the key I got from here.
¶ 7:49 PM 1 Comments
using System;
using System.Collections.Generic;
using System.Text;
using System.IO;
using System.Security.Cryptography;
using System.Timers;
namespace FileEncrypterC
{
/// <summary>
/// This class is used to encrypt files.
/// </summary>
public class EncryptFileTools
{
/// <summary>
/// Encrypts a file. Takes time.
/// </summary>
/// <param name="password">The password key. This is what determines the encryption method used.</param>
/// <param name="_path">Path of the file that is to be encrypted.</param>
/// <param name="_outputFile">Path of the encrypted file.</param>
public static void Encrypt(String password, String _path, String _outputFile, bool _saveToSameLocationAsPath)
{
// This code came from another guide online.
{
if (password.Length > 8)
password = password.Substring(0, 8);
else if (password.Length < 8)
{
int add = 8 - password.Length;
for (int i = 0; i < add; i++)
password = password + i;
}
}
UnicodeEncoding UE = new UnicodeEncoding();
byte[] key = UE.GetBytes(password);
FileStream fsCrypt = new FileStream(_outputFile, FileMode.Create);
RijndaelManaged RMCrypto = new RijndaelManaged();
CryptoStream cs = new CryptoStream(fsCrypt, RMCrypto.CreateEncryptor(key, key), CryptoStreamMode.Write);
FileStream fsIn = new FileStream(_path, FileMode.OpenOrCreate);
int data;
while ((data = fsIn.ReadByte()) != -1)
cs.WriteByte((byte)data);
fsIn.Close();
cs.Close();
fsCrypt.Close();
// The GC will collect the old objects faster
cs = null;
fsIn = null;
//fsCrypt = null;
// Now that the encrypted file is created, we'll replace the original file file with the output file
// and delete the old file.
if (_saveToSameLocationAsPath)
{
File.Replace(_outputFile, _path, _outputFile + ".backup");
File.Delete(_outputFile + ".backup");
}
}
/// <summary>
/// Decrypt a file and save it to an outputed file.
/// </summary>
/// <param name="password">Password key</param>
/// <param name="_path">File that's already encrypted.</param>
/// <param name="_outputFilePath">File that results from decryption</param>
public static void Decrypt(String password, String _path, String _tempOutputFilePath, bool _saveToSameLocationAsPath)
{
if (password.Length > 8)
password = password.Substring(0, 8);
else if (password.Length < 8)
{
int add = 8 - password.Length;
for (int i = 0; i < add; i++)
password = password + i;
}
UnicodeEncoding UE = new UnicodeEncoding();
byte[] key = UE.GetBytes(password);
// Filestream of the new file that will be decrypted.
FileStream fsCrypt = new FileStream(_tempOutputFilePath, FileMode.Create);
RijndaelManaged RMCrypto = new RijndaelManaged();
CryptoStream cs = new CryptoStream(fsCrypt, RMCrypto.CreateDecryptor(key, key), CryptoStreamMode.Write);
// FileStream of the file that is currently encrypted.
FileStream fsIn = new FileStream(_path, FileMode.OpenOrCreate);
int data;
while ((data = fsIn.ReadByte()) != -1)
cs.WriteByte((byte)data);
cs.Close();
fsIn.Close();
fsCrypt.Close();
// The GC will collect the old objects faster
cs = null;
fsIn = null;
fsCrypt = null;
// Now that the encrypted file is created, we'll replace the original file file with the output file
// and delete the old file.
if (_saveToSameLocationAsPath)
{
File.Replace(_tempOutputFilePath, _path, _tempOutputFilePath + ".backup");
File.Delete(_tempOutputFilePath + ".backup");
}
}
}
/// <summary>
/// My little program to encrypt and decrypt a file using the
// Rijndael RijndaelManaged class in the .NET System.Security.Cryptography library
/// </summary>
public class Program
{
static void Main(string[] args)
{
String _path = @"C:\Documents and Settings\Paul Mendoza\My Documents\TOOL.mp3";
String _outputPathForDecrypedFile = @"C:\Folder.jpg";
String _encodedFilePath = @"C:\newFolder.jpg";
Console.WriteLine("Press any key to encrypt the file: " + _outputPathForDecrypedFile);
Console.ReadKey();
EncryptFileTools.Encrypt("paulmendoza", _outputPathForDecrypedFile, _encodedFilePath, true);
Console.WriteLine("File encrypted.");
Console.WriteLine(Environment.NewLine + "Press a key to decrypt: " + _outputPathForDecrypedFile);
Console.ReadKey();
EncryptFileTools.Decrypt("paulmendoza", _outputPathForDecrypedFile, _encodedFilePath, true);
Console.WriteLine("File decrypted...." + Environment.NewLine);
}
}
}
