ASP.NET 2.0 Security Questions and Answers - Others

From Guidance Share

Jump to: navigation, search

How do I set up a SQL Server or SQL Express database for Membership, Profiles and Role Management?

The ASP.NET 2.0 Membership, Profiles and Role Management features require the use of a data store. The default provider for each of these features is the SqlMembershipProvider, SqlProfileProvider and SqlRoleProvider respectively.

If you configure your application to use any of these features without explicitly defining a provider, then the default provider is used. The first time your application calls any of the default providers, ASP.NET automatically creates a SQL Express database in the App_Data folder of your application to store the data supporting the feature.

If you want to use an alternative SQL Server or SQL Express database server, you must configure your application so that the providers for Membership, Profiles and/or Role management use an alternative database server. See ???? for details of how to configure providers. You must also create or configure the database.

Use Aspnet_regsql.exe to create and configure the database. For example, from a Visual Studio 2005 Command Prompt, run the following command:

aspnet_regsql -S (local) -E -A mpr

-S specifies the server, which is (local) in this example.

-E specifies to use Windows authentication to connect to SQL Server.

-A mpr specifies to add support for the membership, profiles and roles features.

For a complete list of the commands, run Aspnet_regsql /?.

The aspnetdb database that Aspnet_regsql configures uses database roles to control access to data in the database. You must grant access to the database to the account used to run your ASP.NET application in order for it to use the aspnetdb database. For example, run the following in SQL Query Analyzer to allow the Network Service account to manipulate data for the membership feature:

--Create a SQL Server login for the Network Service account
sp_grantlogin 'NT AUTHORITY\Network Service'

--Grant the login access to the membership database
USE aspnetdb
sp_grantdbaccess 'NT AUTHORITY\Network Service', 'Network Service'

-- Add user to database role
USE aspnetdb
sp_addrolemember 'aspnet_Membership_FullAccess', 'Network Service'
Personal tools