Hello all,

I'm facing a problem and after countless hours of googling did nothing, here's what's happening (and missing). The whole thing is an Asp.Net WebForms project (the AD authentication will be done by a WCF service on the same machine using the NTLM data)

1. User goes to website, get a 401 (launched via my code) and I ask for NTLM or Negociate authentication.
2. User enter his domain user/pass, everything is sent to the server. I catch the Authorize header (with NTLM data)
3. Now I have the NTLM data and I need to validate it against AD. <-- This is where I am stuck now

I know that IIS can do all that via the Windows Authentication Auth, but that's what I need to avoid currently. I'm aware of the SSPI API but writing a wrapper around it would take too long for the time I have.

Any suggestion?

Hi all, 

I am currently integrating a new feature to my website. Basically, the feature will enable people to post data into my website from the third party pages hosted in other websites but launched in a iframe from my website. I am using a HTTP handler to handle the post request. However, I found that some pages using Java Applet will not maintain the session and cookie from my website (at least i cannot find the session or cookie in the context object). Moreover, since it is a web request, i cannot require the log in.

Under this circumstance, how can I secure my HTTP handler? it can be directly accessed via internet and post the data into my website.

By the way, I can send a string to the third party page and the string will be posted back, but the string is visible by the user. 

Anyone has good idea towards my issue?

Thank you.

Jessie

Dear All,

I just updated Visual Studio and face with new membership provider. Since, I really need oAuth, it is really interesting. Now, I want to modify some database procedures since they are not available yet. Where are they?

Notice that I want to improve "GetUserByEmail" and I am using windows forms!

Thanks

hi everyone!

i saw the alpha version of Microsoft.AspNet.Identity and i didnt see any tables to supportapplication roles. So i would like to know if it's something that you will support before the RTM version or if we can adapt the model easly on our side to support application's roles.

thank you!

alexandre jobin

Situation - after tossing and turning I ended up using the ASP.NET configuration tool to make the roles and membership for my ASP.NET 4 website. But upon deployment to our new webhost, everything worked except the darn authentication :(

I'm once again totally lost and in need of guidance 

Extrainfo

1. I use VS2012 > publish selection (using file system) to desktop > upload to http folder on my webhost using filezilla
2. It did occur to me that the connection string might need to be updated so after some digging I found 'asp.net configuration' on the control panel of my webhost giving me an 'aspnetdbConnectionString' starting with 'Data Source= [CENSOR TO BE SAFE]'
   ... So I went to the config file and changed it to what the control panel gave me?
3. Might also be important - when i added roles it is not included in the visual studio 2012 project? I hope this is normal ? because there is an mdf file in app_data that does not get transported to the webhost because of this ? (just putting it out there)

When I tried to login > It told me that the application wasn't allowed to make directories ... So I made the App_Data folder myself in the root of the application directory (where the website I made goes with ftp)

When I tried to login >

Server Error in '/' Application.

A network-related or instance-specific error occurred while establishing a connection to SQL Server. The server was not found or was not accessible. Verify that the instance name is correct and that SQL Server is configured to allow remote connections. (provider: SQL Network Interfaces, error: 26 - Error Locating Server/Instance Specified)

Description:An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

Exception Details: System.Data.SqlClient.SqlException: A network-related or instance-specific error occurred while establishing a connection to SQL Server. The server was not found or was not accessible. Verify that the instance name is correct and that SQL Server is configured to allow remote connections. (provider: SQL Network Interfaces, error: 26 - Error Locating Server/Instance Specified)

Source Error:

An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.

Stack Trace:

[SqlException (0x80131904): A network-related or instance-specific error occurred while establishing a connection to SQL Server. The server was not found or was not accessible. Verify that the instance name is correct and that SQL Server is configured to allow remote connections. (provider: SQL Network Interfaces, error: 26 - Error Locating Server/Instance Specified)]
   System.Data.SqlClient.SqlInternalConnection.OnError(SqlException exception, Boolean breakConnection, Action`1 wrapCloseInAction) +5295887
   System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject stateObj, Boolean callerHasConnectionLock, Boolean asyncClose) +242
   System.Data.SqlClient.TdsParser.Connect(ServerInfo serverInfo, SqlInternalConnectionTds connHandler, Boolean ignoreSniOpenTimeout, Int64 timerExpire, Boolean encrypt, Boolean trustServerCert, Boolean integratedSecurity, Boolean withFailover) +5307831
   System.Data.SqlClient.SqlInternalConnectionTds.AttemptOneLogin(ServerInfo serverInfo, String newPassword, SecureString newSecurePassword, Boolean ignoreSniOpenTimeout, TimeoutTimer timeout, Boolean withFailover) +145
   System.Data.SqlClient.SqlInternalConnectionTds.LoginNoFailover(ServerInfo serverInfo, String newPassword, SecureString newSecurePassword, Boolean redirectedUserInstance, SqlConnectionString connectionOptions, SqlCredential credential, TimeoutTimer timeout) +920
   System.Data.SqlClient.SqlInternalConnectionTds.OpenLoginEnlist(TimeoutTimer timeout, SqlConnectionString connectionOptions, SqlCredential credential, String newPassword, SecureString newSecurePassword, Boolean redirectedUserInstance) +307
   System.Data.SqlClient.SqlInternalConnectionTds..ctor(DbConnectionPoolIdentity identity, SqlConnectionString connectionOptions, SqlCredential credential, Object providerInfo, String newPassword, SecureString newSecurePassword, Boolean redirectedUserInstance, SqlConnectionString userConnectionOptions) +434
   System.Data.SqlClient.SqlConnectionFactory.CreateConnection(DbConnectionOptions options, DbConnectionPoolKey poolKey, Object poolGroupProviderInfo, DbConnectionPool pool, DbConnection owningConnection, DbConnectionOptions userOptions) +5310375
   System.Data.ProviderBase.DbConnectionFactory.CreatePooledConnection(DbConnectionPool pool, DbConnectionOptions options, DbConnectionPoolKey poolKey, DbConnectionOptions userOptions) +37
   System.Data.ProviderBase.DbConnectionPool.CreateObject(DbConnectionOptions userOptions) +558
   System.Data.ProviderBase.DbConnectionPool.UserCreateRequest(DbConnectionOptions userOptions) +67
   System.Data.ProviderBase.DbConnectionPool.TryGetConnection(DbConnection owningObject, UInt32 waitForMultipleObjectsTimeout, Boolean allowCreate, Boolean onlyOneCheckConnection, DbConnectionOptions userOptions, DbConnectionInternal& connection) +1052
   System.Data.ProviderBase.DbConnectionPool.TryGetConnection(DbConnection owningObject, TaskCompletionSource`1 retry, DbConnectionOptions userOptions, DbConnectionInternal& connection) +78
   System.Data.ProviderBase.DbConnectionFactory.TryGetConnection(DbConnection owningConnection, TaskCompletionSource`1 retry, DbConnectionOptions userOptions, DbConnectionInternal& connection) +167
   System.Data.ProviderBase.DbConnectionClosed.TryOpenConnection(DbConnection outerConnection, DbConnectionFactory connectionFactory, TaskCompletionSource`1 retry, DbConnectionOptions userOptions) +143
   System.Data.SqlClient.SqlConnection.TryOpen(TaskCompletionSource`1 retry) +83
   System.Data.SqlClient.SqlConnection.Open() +96
   System.Web.DataAccess.SqlConnectionHolder.Open(HttpContext context, Boolean revertImpersonate) +88
   System.Web.DataAccess.SqlConnectionHelper.GetConnection(String connectionString, Boolean revertImpersonation) +239
   System.Web.Security.SqlMembershipProvider.GetPasswordWithFormat(String username, Boolean updateLastLoginActivityDate, Int32& status, String& password, Int32& passwordFormat, String& passwordSalt, Int32& failedPasswordAttemptCount, Int32& failedPasswordAnswerAttemptCount, Boolean& isApproved, DateTime& lastLoginDate, DateTime& lastActivityDate) +821
   System.Web.Security.SqlMembershipProvider.CheckPassword(String username, String password, Boolean updateLastLoginActivityDate, Boolean failIfNotApproved, String& salt, Int32& passwordFormat) +88
   System.Web.Security.SqlMembershipProvider.ValidateUser(String username, String password) +106
   System.Web.UI.WebControls.Login.AuthenticateUsingMembershipProvider(AuthenticateEventArgs e) +59
   System.Web.UI.WebControls.Login.OnAuthenticate(AuthenticateEventArgs e) +113
   System.Web.UI.WebControls.Login.AttemptLogin() +119
   System.Web.UI.WebControls.Login.OnBubbleEvent(Object source, EventArgs e) +75
   System.Web.UI.Control.RaiseBubbleEvent(Object source, EventArgs args) +37
   System.Web.UI.WebControls.Button.OnCommand(CommandEventArgs e) +114
   System.Web.UI.WebControls.Button.RaisePostBackEvent(String eventArgument) +159
   System.Web.UI.WebControls.Button.System.Web.UI.IPostBackEventHandler.RaisePostBackEvent(String eventArgument) +10
   System.Web.UI.Page.RaisePostBackEvent(IPostBackEventHandler sourceControl, String eventArgument) +13
   System.Web.UI.Page.RaisePostBackEvent(NameValueCollection postData) +35
   System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +1724

Version Information: Microsoft .NET Framework Version:4.0.30319; ASP.NET Version:4.0.30319.17929

My web.config from my webhost that i updated looks like this:

<?xml version="1.0"?>
<!--
  For more information on how to configure your ASP.NET application, please visit
  http://go.microsoft.com/fwlink/?LinkId=169433
  -->
<configuration>
  <connectionStrings>
    <add name="aspnetdbConnectionString" connectionString="Data Source=localhost\SQLEXPRESS;Initial Catalog=aspnetdb;Integrated Security=True"
      providerName="System.Data.SqlClient" />    
  </connectionStrings>
 

 
  <system.web>
    <customErrors mode="Off" />
 
    <roleManager enabled="true" />
    <authentication mode="Forms">
    </authentication>

    <machineKey
      decryption="AES"
      validation="SHA1"

      decryptionKey="[CENSOR]"
      validationKey="[CENSOR]"
    />

    
    
    <compilation targetFramework="4.0">
      <assemblies>
        <add assembly="System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/>
      </assemblies>
    </compilation>
    
    <httpRuntime/>
    <pages controlRenderingCompatibilityVersion="4.0"/>
  </system.web>
 
  <system.data>
      <DbProviderFactories>
    <add name="MySQL Data Provider"
         invariant="MySql.Data.MySqlClient"
         description=".Net Framework Data Provider for MySQL"
         type="MySql.Data.MySqlClient.MySqlClientFactory, MySql.Data, Version=6.4.4.0, Culture=neutral, PublicKeyToken=c5687fc88969c44d" />
  </DbProviderFactories>
  </system.data>

</configuration>

As u can see I turned customErrors mode ="off" on my public website

Does my web.config look ok?

I’m using Visual Studio 2010. I setup my site security using the Web Site Administration Tool. It stores the user id and user name in a table called aspnet_users.

My question is: If I want to write a stored procedure or query to insert the current user id (which is a unique identifier) into some other table, how do I access the current user ID used in the database?

Thanks

Hi
How to execute exe form asp.net.if i run form local drive it will work ,but if i run form server(publish in IIS),it only running process in task manager ,but not view to user.

Dim myApp As New System.Diagnostics.Process()
myApp.StartInfo.FileName = "C:\Windows\notepad.exe"
myApp.Start()

Regards

  Aravind

Dear team,

I'm having security issue with my asp.net application, that our security scan system detect a Cross Frame Scripting issue that refers to WebResources.axd. When I view source my page it has webresource.axd that loaded on the form, for e.g like this :

WebResource.axd?d=yUHOCGMIYUolGxzV4Lw0PFhY8OTQCZ-zVBW_qyWXa0pSrWywfc1rqvghOJFFvpMa4rqbpWVaxUc3wE3VVCfy3RLrgycsQb-Pwpz2kuQvbRY1&t=634773918900000000

and when I open that url, I found bunch of javascripts code which I believe is generate by ASP.NET :

function WebForm_PostBackOptions(eventTarget, eventArgument, validation, validationGroup, actionUrl, trackFocus, clientSubmit) {
    this.eventTarget = eventTarget;
    this.eventArgument = eventArgument;
    this.validation = validation;
    this.validationGroup = validationGroup;
    this.actionUrl = actionUrl;
    this.trackFocus = trackFocus;
    this.clientSubmit = clientSubmit;
}

function WebForm_DoPostBackWithOptions(options) {
....
....
....
}
var __pendingCallbacks = new Array();
var __synchronousCallBackIndex = -1;
function WebForm_DoCallback(eventTarget, eventArgument, eventCallback, context, errorCallback, useAsync) {
    var postData = __theFormPostData +"__CALLBACKID=" + WebForm_EncodeCallback(eventTarget) +"&__CALLBACKPARAM=" + WebForm_EncodeCallback(eventArgument);
    if (theForm["__EVENTVALIDATION"]) {
        postData += "&__EVENTVALIDATION=" + WebForm_EncodeCallback(theForm["__EVENTVALIDATION"].value);
    }
    var xmlRequest,e;
    try {
        xmlRequest = new XMLHttpRequest();
    }
    catch(e) {
        try {
            xmlRequest = new ActiveXObject("Microsoft.XMLHTTP");
        }
        catch(e) {
        }
    }
    var setRequestHeaderMethodExists = true;
    try {
        setRequestHeaderMethodExists = (xmlRequest && xmlRequest.setRequestHeader);
    }
    catch(e) {}
    var callback = new Object();
    callback.eventCallback = eventCallback;
    callback.context = context;
    callback.errorCallback = errorCallback;
    callback.async = useAsync;
    var callbackIndex = WebForm_FillFirstAvailableSlot(__pendingCallbacks, callback);
    if (!useAsync) {
        if (__synchronousCallBackIndex != -1) {
            __pendingCallbacks[__synchronousCallBackIndex] = null;
        }
        __synchronousCallBackIndex = callbackIndex;
    }
    if (setRequestHeaderMethodExists) {
        xmlRequest.onreadystatechange = WebForm_CallbackComplete;
        callback.xmlRequest = xmlRequest;
        // e.g. http:
        var action = theForm.action || document.location.pathname, fragmentIndex = action.indexOf('#');
        if (fragmentIndex !== -1) {
            action = action.substr(0, fragmentIndex);
        }
        if (!__nonMSDOMBrowser) {
            var queryIndex = action.indexOf('?');
            if (queryIndex !== -1) {
                var path = action.substr(0, queryIndex);
                if (path.indexOf("%") === -1) {
                    action = encodeURI(path) + action.substr(queryIndex);
                }
            }
            else if (action.indexOf("%") === -1) {
                action = encodeURI(action);
            }
        }
        xmlRequest.open("POST", action, true);
        xmlRequest.setRequestHeader("Content-Type", "application/x-www-form-urlencoded; charset=utf-8");
        xmlRequest.send(postData);
        return;
    }
    callback.xmlRequest = new Object();
    var callbackFrameID = "__CALLBACKFRAME" + callbackIndex;
    var xmlRequestFrame = document.frames[callbackFrameID];
    if (!xmlRequestFrame) {xmlRequestFrame = document.createElement("IFRAME");xmlRequestFrame.width = "1";xmlRequestFrame.height = "1";xmlRequestFrame.frameBorder = "0";xmlRequestFrame.id = callbackFrameID;xmlRequestFrame.name = callbackFrameID;xmlRequestFrame.style.position = "absolute";xmlRequestFrame.style.top = "-100px"xmlRequestFrame.style.left = "-100px";try {if (callBackFrameUrl) {xmlRequestFrame.src = callBackFrameUrl;}}
        catch(e) {}
        document.body.appendChild(xmlRequestFrame);
    }
    var interval = window.setInterval(function() {
        xmlRequestFrame = document.frames[callbackFrameID];
        if (xmlRequestFrame && xmlRequestFrame.document) {
            window.clearInterval(interval);
            xmlRequestFrame.document.write("");
            xmlRequestFrame.document.close();
            xmlRequestFrame.document.write('<html><body><form method="post"><input type="hidden" name="__CALLBACKLOADSCRIPT" value="t"></form></body></html>');
            xmlRequestFrame.document.close();
            xmlRequestFrame.document.forms[0].action = theForm.action;
            var count = __theFormPostCollection.length;
            var element;
            for (var i = 0; i < count; i++) {
                element = __theFormPostCollection[i];
                if (element) {
                    var fieldElement = xmlRequestFrame.document.createElement("INPUT");
                    fieldElement.type = "hidden";
                    fieldElement.name = element.name;
                    fieldElement.value = element.value;
                    xmlRequestFrame.document.forms[0].appendChild(fieldElement);
                }
            }
            var callbackIdFieldElement = xmlRequestFrame.document.createElement("INPUT");
            callbackIdFieldElement.type = "hidden";
            callbackIdFieldElement.name = "__CALLBACKID";
            callbackIdFieldElement.value = eventTarget;
            xmlRequestFrame.document.forms[0].appendChild(callbackIdFieldElement);
            var callbackParamFieldElement = xmlRequestFrame.document.createElement("INPUT");
            callbackParamFieldElement.type = "hidden";
            callbackParamFieldElement.name = "__CALLBACKPARAM";
            callbackParamFieldElement.value = eventArgument;
            xmlRequestFrame.document.forms[0].appendChild(callbackParamFieldElement);
            if (theForm["__EVENTVALIDATION"]) {
                var callbackValidationFieldElement = xmlRequestFrame.document.createElement("INPUT");
                callbackValidationFieldElement.type = "hidden";
                callbackValidationFieldElement.name = "__EVENTVALIDATION";
                callbackValidationFieldElement.value = theForm["__EVENTVALIDATION"].value;
                xmlRequestFrame.document.forms[0].appendChild(callbackValidationFieldElement);
            }
            var callbackIndexFieldElement = xmlRequestFrame.document.createElement("INPUT");
            callbackIndexFieldElement.type = "hidden";
            callbackIndexFieldElement.name = "__CALLBACKINDEX";
            callbackIndexFieldElement.value = callbackIndex;
            xmlRequestFrame.document.forms[0].appendChild(callbackIndexFieldElement);
            xmlRequestFrame.document.forms[0].submit();
        }
    }, 10);
}
....
....
....

If we look carefully at these codes that I mark as bold, there is a code that trying to create an iFrame element and set the attribute src, which might detected as CFS vunerable attack. 

Could you help us to figure out or find a workaround to avoid the XFS? I'm not sure where I can handle this WebResource.axd since it loaded automatically. Any advice will be appreciated.

Hi,

We have two websites, A and B. published in internet.

Website A will access files from website B.

Initially it was working fine. but this days there was some server manintance and from then.

Site A is unable to access files from B.

Server team suggested us to provide Trusted level in web.config.

We tried the options in below link, but it was not working.

http://msdn.microsoft.com/en-us/library/wyts434y%28v=vs.100%29.aspx

Please Suggest, are we missing something?

Below error occures.

[SecurityException: Request for the permission of type 'System.Net.WebPermission, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.] System.Security.CodeAccessSecurityEngine.Check(Object demand, StackCrawlMark& stackMark, Boolean isPermSet) +0 System.Security.CodeAccessPermission.Demand() +58 System.Net.HttpWebRequest..ctor(Uri uri, ServicePoint servicePoint) +147 System.Net.HttpRequestCreator.Create(Uri Uri) +26 System.Net.WebRequest.Create(Uri requestUri, Boolean useUriBase)+216 System.Net.WebRequest.Create(Uri requestUri) +31

....

hi all, i am trying to dynamically create a folder in my website directory heirarchy . it gives me error as i do not have the permission to do the same thing. The error says  "Accesss Denied"

path = "~/" + NameBuilder.ToString();// it has "test" in the namebuilder string.
Directory.CreateDirectory(path);

what shall i do to resolve the issue please suggest !

also tell me if there are any security hazards

In my intanet site i have a list of documents grid, when the user clicks the on any document i have to open the document in a new window (for PDF, Tiff , jpg, etc.) but for office documents it should close the window after the document is opened when the user clicks it gets the url to the document on the server . and pass that to the client side and on the client side using the

url = url= "https://example.com:7541/document&id={2EE6AD9B-D66B-402A-AC5D-64405182CEB1}"

Window.open(url);

am opening the window but the window remains open after the office documents are opened, user has to close to manually this is bothering the users and also for office documents every time a document is opened the user is prompted for winodws credentials.

is there any other way i can open a docuemnt using the server url and mange the window and also it doesnt propmt the user for windows credentials.

I'm unable to launch the web site administration tool from both applications (developer and studio 2010).  This shouldn't be an issue, just clicking the button should render the expected behavior.  

 From an asp.net website application or asp.net website There are only two ways to access the wizard and that is using the solution explorer pane and clicking on the icon that looks like a globe and a red hammer.  The other way is to locate the master site page and right click on the login object at the top right corner. 

 I have spent all day trying to figure this out and after googling the issue I discovered the only solution was to rename the project file and remove any spaces or characters.  As you can see below I removed all spaces and characters and it still doesn't work.

http://localhost:50462/asp.netwebadminfiles/default.aspx?applicationPhysicalPath=D:\Projects\WebSite1\&applicationUrl=/WebSite1 

Other things I tried:

1. Reset internet explorer settings

2. Turned off the firewall

3. Restarted the server

4. Re-created the project in both VS Studio & Developer

5. Set the default browser to Internet Explorer

6. Changed server from IIS Express to Visual Studio Dev Server (vice versa)

7. Opened the root path to the Web Site Admin tool and it's there but it doesn't launch the from the VS Studio 2010 or Web Developer 2010.

The app folder is there and there is no database or mdf file inside but I'm not sure if that is really necessary.  I've opened up every project and website I have on my system and I get the same behavior and error from Internet Explorer. 

I get this error message after running the diagnostic tool:

The device or resource (localhost) is not set up to accept connections on port "40472".

Is this a network error or an application error?

What am I missing here?  I could use any suggestions. 

Hello All.

I have a Website built on .NET with the following specificatoin:

- dot net framework 2.0.

- windows server 2003.

- IIS6 .

- Used Role Provider and sitemap to generate my main menu for each user Role .

- Used web.config files in each subfolder to secure access to pages acording to users roles.

Every thing was working fine ,until I Upgraded  from framework 2.0 to framework 4.0 , i faced two problems that appears sometimes :

1 - security trimming does not work, such that all sitemap nodes are apears for all users regradless the node in their role or not. 

2- when user A request information he gots information requested by User B.

Notes:

* after restart IIS (some time the server machin) every thing works fine.

* I notced that this problem ocurres when there is alot of requests come to the server .

* the same site ( Code ) works fine localy ( in VS2010 ) .

have anybody have such situation and can help ? 

thanks in advance .

shadi

Thanks in advance.....

Im working with visual studion3.5 and windows server 2003,iis 7.0 with windows authentication....in ie8, it is prompting for credentials both in intranet and internet environment for all the users. But the same is not working in ie9 i.e. it is not prompting instead it is displaying "Internet explorer cannot display the webpage.". Can somebody through some light on how to set the application so that it must prompt in ie9.

Thanks,

Pradeep

Hi,

I want to provide security layer on top of my WCF/WCF RESTful service using NuGet.

WCF/WCF Restful service used  (SSO : Twitter, FaceBook, Live, LinkedIn, Gmail, Yahoo, Instagram) for User login in .net 4.0 framework .

I am starter to this oauth security.

Please let me know how can we do this.  Its very urgent, I am tight deadline.

Thanks In Advance

P

Hi All,

Application Structure info:

Presentation Layer - HTML & Javascripts only (It contains all the controls and communicate to processing layer by using jquery Ajax json service.)

Processing Layer - Asp.net (It contains common web service/method to process the presentation layer all request (authendication, check users in database and data manipulations from db)). Actually it's an intermediate for database and client UI.

My BIG question is,

What are the methods to secure this structure? and how to solve the below security issues in this structure? 

1. Login page Authentication for all the HTML pages
2. Need to check referrer for all the HTML pages
3. JSON Hijacking  
4. Cross Site Request Forgery or Cross Site Scripting (XSS)
5. JavaScript + CSS files security
6. Remote code execution
7. SQL injection
8. Format string vulnerabilities
9. URLs Visibility

Please help me. Thanks in advance.

Thanks & Regards,

Sathiskumar.P

Hello!

I have this code

Membership.ValidateUser(Username, Password);

And when user with this name exist, but password is wrong i get SqlNullValueException, otherwise all right.

This is my MembershipSettings.config file:

<?xml version="1.0"?><membership defaultProvider="MySQLMembershipProvider" hashAlgorithmType="SHA256"><providers><remove name="MySQLMembershipProvider"/><add name="MySQLMembershipProvider" autogenerateschema="true" type="MySql.Web.Security.MySQLMembershipProvider, MySql.Web, Version=6.5.4.0, Culture=neutral, PublicKeyToken=my_public_key" connectionStringName="LocalMySqlServer" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" applicationName="iWellScada" requiresUniqueEmail="false" passwordFormat="Hashed" maxInvalidPasswordAttempts="5" minRequiredPasswordLength="7" minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10" passwordStrengthRegularExpression="" /></providers></membership>

Hi All,

i am experiencing the above issue while i was configure my site with custom authentication

i.e.,

<authenticationmode="None">

    </authentication>

    <authorization>

      <denyusers="?" />

    </authorization>

if i change the above setting to either windows or forms then it works fine.But with the above settings why it is not opening anybody knows why?

Thanks,
Burepalli V S Rao.

Dear All,

I just updated Visual Studio and face with new membership provider. Since, I really need oAuth, it is really interesting. Now, I want to modify some database procedures since they are not available yet. Where are they?

Notice that I want to improve "GetUserByEmail" and I am using windows forms!

Thanks

I am using MS VWD 2010 Express. In my opinion Microsoft have done something very stupid, allowing us to manipulate an application locally with the ASP.NET Web Site Administration Tool, but not on the remote server. So, how can we make changes when application is on remote server. How can we upgrade, change or manipulate roles, membership, etc.  If there is anyway to do it, I need help with this. Can I do it with  ASP.NET Web Site Administration Tool or I need something else. Thanks for your help !!