When using the login wizard, how do I run an event that I want after the user logs in?

I used onauthenticate but that makes me unable to login (with this attribute I get an error message saying login was unsuccessful)

Is this the way to go or should I use another attibute or what?

I also used OnLoggedIn but that does not trigger the event...

<asp:Login ID="Login1" runat="server" OnLoggedIn="onLogin" ></asp:Login>

should trigger:

protected void onLogin(object sender, EventArgs e)
{
var r = System.Web.HttpContext.Current.User.Identity.Name;
int i = mmm.addLoggedIn(r);
Response.Write(r);
Response.Write(r);
Response.Write(r);
}

Protected Sub Login1_LoggedIn(sender As Object, e As EventArgs) Handles Login1.LoggedIn
        Dim currentuser As MembershipUser
        Dim strEmail As String
        currentuser = Membership.GetUser()
        strEmail = currentuser.Email

The above is code that should work, but doesn't.  I put in the username and password, then I log in, and then I want to get the email (and other information) about the person who has just logged in (in this case, me).  But 'currentuser.email' throws an exception, because currentuser is NOTHING.  Maybe the authentication ticket hasn't been posted yet, and if thats the case, I could solve the problem by redirecting to a special page that just executed this code, but then I'd still to have to go to whatever page the user clicked on when he was redirected to the log-in page.  If thats the problem, how would I know what page that was?

On my website when I come to register a user (http://www.ecovidadesign.com/Register.aspx) it works on my local but when I upload it (shared hosting) it gives me the below error:

Security Exception

Description: The application attempted to perform an operation not allowed by the security policy.  To grant this application the required permission please contact your system administrator or change the application's trust level in the configuration file.

Exception Details: System.Security.SecurityException: Request for the permission of type 'System.Security.Permissions.FileIOPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.

You can try it for yourself.

When I asked me hosting company they said:

The error you are receiving is caused by the trust level of your hosting plan.

Trust level refers to permissions set in the Web.config file that dictate what operations can and cannot be performed by Web applications. OurASP.NET 3.5 shared hosting servers use the default Medium trust level with the addition of OleDbPermission, OdbcPermission, and a less-restrictive WebPermission.

Applications operating under a Medium trust level have no registry access, no access to the Windows event log, and cannot use ReflectionPermission (but can use Reflection). Such applications can communicate only with a defined range of network addresses and file system access is limited to the application's virtual directory hierarchy.

Using a Medium trust level prevents applications from accessing shared system resources and eliminates the potential for application interference. Adding OleDbPermission and OdbcPermission allows applications to use those data providers to access databases. WebPermission is modified to allow outbound http and https traffic.

Know I don't know what to do any advice (my coding is with C sharp).

Here is my webconfig:

<?xmlversion="1.0"?>

<!--

   Note: As an alternative to hand editing this file you can use the

   web admin tool to configure settings for your application. Use

   the Website->Asp.Net Configuration option in Visual Studio.

   A full list of settings and comments can be found in

   machine.config.comments usually located in

   \Windows\Microsoft.Net\Framework\v2.x\Config

-->

<configuration>

     <configSections>

           <sectionGroupname="system.web.extensions"type="System.Web.Configuration.SystemWebExtensionsSectionGroup, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35">

                 <sectionGroupname="scripting"type="System.Web.Configuration.ScriptingSectionGroup, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35">

                       <sectionname="scriptResourceHandler"type="System.Web.Configuration.ScriptingScriptResourceHandlerSection, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"requirePermission="false"allowDefinition="MachineToApplication"/>

                       <sectionGroupname="webServices"type="System.Web.Configuration.ScriptingWebServicesSectionGroup, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35">

                             <sectionname="jsonSerialization"type="System.Web.Configuration.ScriptingJsonSerializationSection, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"requirePermission="false"allowDefinition="Everywhere"/>

                             <sectionname="profileService"type="System.Web.Configuration.ScriptingProfileServiceSection, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"requirePermission="false"allowDefinition="MachineToApplication"/>

                             <sectionname="authenticationService"type="System.Web.Configuration.ScriptingAuthenticationServiceSection, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"requirePermission="false"allowDefinition="MachineToApplication"/>

                             <sectionname="roleService"type="System.Web.Configuration.ScriptingRoleServiceSection, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"requirePermission="false"allowDefinition="MachineToApplication"/></sectionGroup></sectionGroup></sectionGroup></configSections><appSettings>

           <addkey="com.msn.search.soap.webservices"value="http://soap.search.msn.com/webservices.asmx"/>

           <addkey="Microsoft.SharePoint.WebServices.Proxies.search"value="http://vmwin2003/_vti_bin/search.asmx"/>

           <addkey="Search.Provider"value="LiveSearchProvider"/>

           <addkey="Search.ResultsPerPage"value="5"/>

           <addkey="Search.Culture"value="en-US"/>

           <addkey="Search.HighlightEnabled"value="True"/>

           <addkey="LiveSearch.AppID"value="4D716C030CCD61E623A930D79B3769AF3EB65CED"/>

           <addkey="LiveSearch.TargetSite"value="http://www.ecovidadesign.com/"/>

           <addkey="SharePointSearch.TargetScope"value="MSDNMag"/>

     </appSettings>

     <connectionStrings>

           <addname="DataSourceConnectionString"connectionString="Data Source=xxxxxx;Persist Security Info=True;User ID=xxxxx;Password=xxxxxxx"providerName="System.Data.SqlClient"/>

     </connectionStrings>

     <system.web>

           <!--

           Set compilation debug="true" to insert debugging

           symbols into the compiled page. Because this

           affects performance, set this value to true only

           during development.

       -->

           <compilationdebug="true">

                 <assemblies>

                       <addassembly="System.Windows.Forms, Version=2.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/>

                       <addassembly="System.Core, Version=3.5.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/>

                       <addassembly="System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>

                       <addassembly="System.Xml.Linq, Version=3.5.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/>

                       <addassembly="System.Data.DataSetExtensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/>

                       <addassembly="System.Data.Linq, Version=3.5.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/></assemblies>

           </compilation>

           <!--

           The <authentication> section enables configuration

           of the security authentication mode used by

           ASP.NET to identify an incoming user.

       -->

           <authenticationmode="Windows"/>

           <!--

           The <customErrors> section enables configuration

           of what to do if/when an unhandled error occurs

           during the execution of a request. Specifically,

           it enables developers to configure html error pages

           to be displayed in place of a error stack trace.

       <customErrors mode="RemoteOnly" defaultRedirect="GenericErrorPage.htm">

           <error statusCode="403" redirect="NoAccess.htm" />

           <error statusCode="404" redirect="FileNotFound.htm" />

       </customErrors>

       -->

           <customErrorsmode="Off"></customErrors>

           <pages>

                 <controls>

                       <addtagPrefix="asp"namespace="System.Web.UI"assembly="System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>

                       <addtagPrefix="asp"namespace="System.Web.UI.WebControls"assembly="System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/></controls></pages>

           <httpHandlers>

                 <removeverb="*"path="*.asmx"/>

                 <addverb="*"path="*.asmx"validate="false"type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>

                 <addverb="*"path="*_AppService.axd"validate="false"type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>

                 <addverb="GET,HEAD"path="ScriptResource.axd"validate="false"type="System.Web.Handlers.ScriptResourceHandler, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/></httpHandlers>

           <httpModules>

                 <addname="ScriptModule"type="System.Web.Handlers.ScriptModule, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/></httpModules></system.web>

     <system.codedom>

           <compilers>

                 <compilerlanguage="c#;cs;csharp"extension=".cs"type="Microsoft.CSharp.CSharpCodeProvider,System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"warningLevel="4">

                       <providerOptionname="CompilerVersion"value="v3.5"/>

                       <providerOptionname="WarnAsError"value="false"/></compiler>

                 <compilerlanguage="vb;vbs;visualbasic;vbscript"extension=".vb"type="Microsoft.VisualBasic.VBCodeProvider, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"warningLevel="4">

                       <providerOptionname="CompilerVersion"value="v3.5"/>

                       <providerOptionname="OptionInfer"value="true"/>

                       <providerOptionname="WarnAsError"value="false"/></compiler></compilers></system.codedom>

     <!--

       The system.webServer section is required for running ASP.NET AJAX under Internet

       Information Services 7.0.  It is not necessary for previous version of IIS.

   -->

     <system.webServer>

           <validationvalidateIntegratedModeConfiguration="false"/>

           <modules>

                 <removename="ScriptModule"/>

                 <addname="ScriptModule"preCondition="managedHandler"type="System.Web.Handlers.ScriptModule, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/></modules>

           <handlers>

                 <removename="WebServiceHandlerFactory-Integrated"/>

                 <removename="ScriptHandlerFactory"/>

                 <removename="ScriptHandlerFactoryAppServices"/>

                 <removename="ScriptResource"/>

                 <addname="ScriptHandlerFactory"verb="*"path="*.asmx"preCondition="integratedMode"type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>

                 <addname="ScriptHandlerFactoryAppServices"verb="*"path="*_AppService.axd"preCondition="integratedMode"type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>

                 <addname="ScriptResource"verb="GET,HEAD"path="ScriptResource.axd"preCondition="integratedMode"type="System.Web.Handlers.ScriptResourceHandler, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/></handlers></system.webServer>

     <runtime>

           <assemblyBindingxmlns="urn:schemas-microsoft-com:asm.v1">

                 <dependentAssembly>

                       <assemblyIdentityname="System.Web.Extensions"publicKeyToken="31bf3856ad364e35"/>

                       <bindingRedirectoldVersion="1.0.0.0-1.1.0.0"newVersion="3.5.0.0"/></dependentAssembly>

                 <dependentAssembly>

                       <assemblyIdentityname="System.Web.Extensions.Design"publicKeyToken="31bf3856ad364e35"/>

                       <bindingRedirectoldVersion="1.0.0.0-1.1.0.0"newVersion="3.5.0.0"/></dependentAssembly></assemblyBinding></runtime></configuration>

Thanks

Hello,

I have been searching online for good examples of a web service that is used explicitly for authenticating the credentials for users. This web service needs to be able to accept calls from varoius web applications and authenticate that the user trying to gain access is authorized to do so.

Does anyone know of any C# ASP .NET 4.0 examples out there that I could pattern this after? Any help will be GREATLY appreciated, thanks!

Hi,

I'm using SQL Server 2008 session states in my web app and also SQL Server Authentication.  The website is intended for deployment on the Internet and only authenticated users are supposed to access it.  I created a SQL Server database that stores the authorized users information.  I haven't deployed the web app yet.

But testing on the dev machine, I could still access the Home.aspx web page just by typing its address on the browser.  I've added this to my web config file:

<location path="Home.aspx">
  <system.web>
    <authorization>
      <allow users="*" />
      <deny users="?" />
    </authorization>
  </system.web>
</location>

My Login page is not using ASP.NET control.  I just used username/password textboxes.  I salted and hashed the password and validate credentials based on username and password.  I'm not using any Membership because of SQL Server Authentication mode.

Appreciate any help on how to get this working.

Hi all,

I have a asp.net 4.0 application that create PDF files with ITextSharp and upload files. The application also use authentication forms. In my Web.Config I create the security rules for authorization and authentication. When I test the application in my machine, all works perfectly, but when I publish the application and try to upload files or create PDFs the application send me to login page, as if the user not have permisions to access this folders. My ISP use impersonate.

The Upload folder are inside "Contenido" Folder.

The PDF Folders are in root.

Can someone help me?

Here I show part of my web config.

<authentication mode="Forms">

<forms name=".BiaPlussAUTH" loginUrl="~/Default.aspx" protection="All" path="/" timeout="2880"/>
</authentication>
<authorization>
<allow users="*"/>
</authorization>

<location path="Contenido">
<system.web>
<authorization>
<allow roles="OPER, OWNER, SUPER, CONF"/>
<deny users="?"/>
</authorization>
</system.web>
</location>

<location path="PDFBia">
<system.web>
<authorization>
<allow roles="OPER, OWNER, SUPER, CONF"/>
<deny users="?"/>
</authorization>
</system.web>
</location>

<location path="PDFBia">
<system.web>
<authorization>
<allow roles="OPER, OWNER, SUPER, CONF"/>
<deny users="?"/>
</authorization>
</system.web>
</location>

The user which I Connect has "OPER" Role

i wan't limit a user for access on my web site like take a topic access some pages and ...

i wan't know can i change my webconfig? 

pleaas help me

thank you for all

I want to upload files in to the SFTP server using public key authentication. I cant use any 3rd party tools. I have store my public key in the server and my private key store in my local machine. I want to upload and download files to server using public key authentication. I got to know that I can exchange keys using Diffie-Hellman Key exchange algorithm. but I don't have much idea about authenticated socket using public key. if anyone have done this before please help me.   

Hi,

This question may have been asked earlier, but I could not find it, sorry.

How do I allow a folder to be accessed by authenticated users only. I am using form authentication.

I only see ? (anonymous) and * (all) symbols for the allow/deny elements in web.config. Is there one for authenticated users so that I can use it in the <location> element?

Thanks in advance!

When I create new users while debugging, they are saved to the database but not visible when I open the website admin tool. Also, I cannot log in with the users that were first created in the website admin tool. I do not have this problem when working with an MVC 3 application.  With MVC 3, the users I created while debugging will be present in website admin tool and I am also able to log in to the website with the any user that was first created within the tool. How can I get the same functionality in my MVC 4 application?

The Goal

Get an unmanaged user application (the "server" in a client-sever relationship) to multiple web clients via websockets, IIS8, a custom ASHX, and several MemoryMappedFile objects.

The Story So Far...

• An legacy unmanaged user application (written in Delphi) loads up a C# assembly (WebTransport.DLL) through C++/CLI.
• IIS 8 serves up a custom ASPX page, which contains javascript to connect a websocket to 'websocket.ashx'. This custom ASHX works great, and also loads WebTransport.DLL to allow communication back to the user application.
• WebTransport.DLL uses two C# MemoryMappedFile objects (one send, one receive) to communicate between the two parties. One instance of this object is created per client, with the potential for dozens of concurrent clients.

The relevant portions of WebTransport.DLL are simply the opening of the MemoryMappedFile objects...

try
{
    myFile = MemoryMappedFile.OpenExisting(myFileName, MemoryMappedFileRights.ReadWrite, System.IO.HandleInheritability.Inheritable);
}
catch
{
    myFileSize = offsetTotal + (myFileCount * itemSize_Total);
    SecurityIdentifier sid = new SecurityIdentifier(WellKnownSidType.WorldSid, null);
    MemoryMappedFileSecurity mSec = new MemoryMappedFileSecurity();
    mSec.AddAccessRule(new AccessRule<MemoryMappedFileRights>(sid, MemoryMappedFileRights.FullControl, AccessControlType.Allow));
    myFile = MemoryMappedFile.CreateOrOpen(myFileName, myFileSize, MemoryMappedFileAccess.ReadWrite, MemoryMappedFileOptions.None, mSec, System.IO.HandleInheritability.Inheritable);
}

The Good

Running in the development environment, attached to IISExpress, this works phenomenally well. I'm actually really impressed with the memory usage and access times, even through long run times and large access chunks. I've come to learn that this only works so well due to both IISExpress and my legacy server running user the same session, which leads us to...

The Bad

Running in IIS failed miserably, saying that it could not find the specified file or folder. Looking into the issue further, I discovered the 'Global\' addition to the file name was required to share between IIS (session 0) and the user application (Session 2 or otherwise).

Preforming this addition, opening the memory mapped files looks like...

myFile = MemoryMappedFile.OpenExisting(@"Global\" + myFileName, MemoryMappedFileRights.ReadWrite, System.IO.HandleInheritability.Inheritable);

and

myFile = MemoryMappedFile.CreateOrOpen(@"Global\" + myFileName, myFileSize, MemoryMappedFileAccess.ReadWrite, MemoryMappedFileOptions.None, mSec, System.IO.HandleInheritability.Inheritable);

The Ugly

• Unless Visual Studio is running in administrator mode, the server application will not 

  OpenExisting

   or

  CreateOrOpen

   the mapped memory file, throwing a 

  UnauthorizedAccessException

  . What's odd about that is the currently running user (me) is both an administrator on the box, and has the 

  SE_CREATE_GLOBAL_NAME

   privilege. In an attempt to get around having to run Visual Studio in Administrator mode (or at least to have it ask me for permissions), I added the "app.manifest" file to WebTransport.DLL and modified the access level as 

  <requestedExecutionLevel level="requireAdministrator" uiAccess="false" />

  . This seems to have had no impact. I'm relatively certain that due to the C++/CLI stuff, the privileges never got pushed back to the legacy application. It seems to have had no effect both in the IDE and at runtime. Running Studio as Administrator, at least the server gets up and runs. Is there any way for the final userapplication to not require the "Run as Administrator" flag? Or at least to inform the old legacy application that Administrator access is required?
• The second problem is far worse. The IIS application pool identity is set to a specifically created user on the box which is an administrator (hoping that doesn't have to be permanent) and contains the

  SE_CREATE_GLOBAL_NAME

   privilege as well. Both in IISExpress and full-blown IIS, I can't seem to get around the 

  UnauthorizedAccessException

  . I believe that this has to do with the IIS application pool not being able to "Run as Administrator" like a user can, but I'm honestly not sure.

Any thoughts? Suggestions? Stuff to try?

i am an IT student and we are developing an inventory systemfor our thesis requirement , what is one of the best way of where to store the database for login accounts etc. I appreciate some help 

<configuration><connectionStrings><add name="ActiveDirectory" connectionString="LDAP://DC1:389/DC=smstest,DC=local"/><add name="PEXConnectionString" connectionString="Data Source=.\sqlexpress;Initial Catalog=LUSD;Integrated Security=True" providerName="System.Data.SqlClient"/></connectionStrings><system.web><membership defaultProvider="ADMembershipProvider"><providers><add name="ADMembershipProvider" type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"  connectionStringName="ActiveDirectory" connectionUsername="smstest\administrator" connectionPassword="****" attributeMapUsername="sAMAccountName" applicationName="PEx-SchoolTool" /></providers></membership><roleManager defaultProvider="WindowsProvider"
  enabled="true"
  cacheRolesInCookie="true"><providers><add name="WindowsProvider"
          type="System.Web.Security.WindowsTokenRoleProvider" /></providers></roleManager><authentication mode="Windows"></authentication><trust level="Full" originUrl=""/><compilation debug="true" targetFramework="4.0"/><httpRuntime/></system.web></configuration>

Hello All.

I have a Website built on .NET with the following specificatoin:

- dot net framework 2.0.

- windows server 2003.

- IIS6 .

- Used Role Provider and sitemap to generate my main menu for each user Role .

- Used web.config files in each subfolder to secure access to pages acording to users roles.

Every thing was working fine ,until I Upgraded  from framework 2.0 to framework 4.0 , i faced two problems that appears sometimes :

1 - security trimming does not work, such that all sitemap nodes are apears for all users regradless the node in their role or not. 

2- when user A request information he gots information requested by User B.

Notes:

* after restart IIS (some time the server machin) every thing works fine.

* I notced that this problem ocurres when there is alot of requests come to the server .

* the same site ( Code ) works fine localy ( in VS2010 ) .

have anybody have such situation and can help ? 

thanks in advance .

shadi

I just uploaded my site to GoDaddy and I get "

CREATE DATABASE permission denied in database 'master'"

I think it is trying to create the aspnet database? I have the connection string pointed to my sql database and all of the membership stuff in web.config are set to use that connection string (ApplicationServices). 

Any ideas?

Hi,

I would like to know how you would test application and websites for security?

Can you recommend the best way of testing web applications for vulnerabilities?

Thank you

From James Burton

Hi All,

I have a web application with a menu that is generated based on the role the user is in using the sqlsitemapprovider. This works great and if a user does not have access to a page the link is not rendered. The problem is if the user just uses the url ( for example another user might send it to him) he/she will still be able to access the page.

What the best way to check if the user actualy has access to the page when the page is loaded? i would prefer to have the code reside on the master page for the applcation.

Situation - In my previous post I asked for a basic authentication solution for a small website. Somebody told me to use the 'ASP.net membership system. Because I'm a total amature I never heard of this so I tought I would just learn about it.

I had:

• Visualstudio 2012
• MSSQL 2008 on my amature server 2008 r8 on the network
• and ofcouse my ASP 4.0 website which I'm very proud off

To gain basic authentication - I ended up:

• Installing SQLExpress on my laptop
• Installing MS SQL server management studio on my laptop
• SQL Server datatools 2012
• at some point I installed MYSQL assembly because a tutorial told me too
• using that executable from the frameworks 4 folder: Added a aspnetdb to the SQLEXPRESS
  
  

problem - the problem is that each time I launch that ASP.net configuration .. That opens up this nice website in IE ... And I got to security ... I get:

There is a problem with your selected data store. This can be caused by an invalid server name or credentials, or by insufficient permission. It can also be caused by the role manager feature not being enabled. Click the button below to be redirected to a page where you can choose a new data store.

The following message may help in diagnosing the problem:  Could not load file or assembly 'MySql.Web, Version=6.7.4.0, Culture=neutral, PublicKeyToken=c5687fc88969c44d' or one of its dependencies. Het systeem kan het opgegeven bestand niet vinden. (C:\Windows\Microsoft.NET\Framework\v4.0.30319\Config\machine.config line 251)

Now  I got to be honest here the reason it gives me, changed a few times. So i'm not exactly sure if it is MySQL.web bla bla that is bust

Méh I keep my hopes up and try that button it told me to select a provider ... It jumps to the provider page giving me only:

AspNetSqlProvider ... and a TEST button. Noooo execute buttons or anyother options of whatever kind.

So ofcourse I bravely click:

Could not establish a connection to the database. 
 If you have not yet created the SQL Server database, exit the Web Site Administration tool, use the aspnet_regsql command-line utility to create and configure the database, and then return to this tool to set the provider.

I thinks my computer is lying to me because I dragged a gridview to an empty page and used it to retrieve a table from that database these tutorials all wanted me to install.

Question - I'm an amature , I know only enough to make the basic stuff, I'm in need of basic authentication (need to be able to add user accounts but not hardcoded as per the official tutorial onwww.asp.net. G'what should I do ?

I'd been following a series of tutorials that described how to website that connects to a database created using SQL Server 2008.

At the end of the course, it shows how to implement forms authentication by dragging login and regester controls onto the webpage and allowing Visual Web Developer to automatically create a second database.

I since decided to create my own website using the same techniques, but now I'm running into problems with using two seperate databases.  The website I'm creating is an online store where users can add items to a basket, purchase them and track their orders.

IMO, the most sensible way to get this working would be to just use one database for everything, but I'm not sure where to start.  I've done quite a lot on the website so far and really don't want to have to start from scratch.

I've found discussions on the web that seem related to my issue, but a lot of them are really old, too specific (code samples which are nothing like mine) or are refering to web applications (I'm not sure those are exactly the same as websites).  The approaches I've seen setting up controls that look like login/register controls and implementing their functionality manually, having one database use key fields from the other, using a custom database, SQL Reporting Services.

Can anyone suggest which of these would be most suitable for my situation?  I'm looking for something as straight forward as possible and with security at least as good as in the automatically generated database, although I realise I might have to comprimise between the two.

      I get this particular error only in our production environment. I have goggled and found lots of solutions. But none of them worked. My application is launched in a clustered environment (4 Web servers). And I am getting this error in all servers. I able to re-produce this error in my local environment by removing "Read & Execute" permission for this component. If this is a root cause of this particular error, then this error should occur for all other components implements in my project.

I also verified the permission type for all others DLLs and found that they have same access as the error generating DLLs. So don't think this is related to any access issue. here with I copied the exact error message , your help would much appreciated