Store ASP.NET User Security Inside Your SQL Database

This article deals with a specific problem, how to get rid of a separate ASPNETDB.MDF extraneous attached database file, and to store all your security information (users, roles) inside your custom SQL Database.


Step 01 – Create Security Tables in Your SQL Database

First, you need to create tables that will hold ASP.NET security information inside your SQL database.  There is a wizard for that.

ASP.NET SQL Server Setup Wizard is located  (Windows XP and Windows 2008 Server):


ASP.NET SQL Server Setup Wizard is located  (Windows 7 x64) in one of those:

 %WinDir%\ Microsoft.NET\Framework\v4.0.30319\aspnet_regsql.exe
 %WinDir%\Microsoft.NET\Framework64\v2.0.50727 \aspnet_regsql.exe

This self-guided wizard is very simple.   You pick your SQL Server (usually .\SQLExpress) and desired database and the wizard will create all required tables and objects to handle ASP.NET security inside your custom SQL database.


Step 02 – Generate a Machine Key

Passwords inside security tables are store encrypted.  You need to generate and record your unique machine key inside web.config file.

Visit and get a ready unique machine key neatly wraped in a few lines of code, ready for your web.config.  Generate your lines and place them inside <system.web> XML element:

... <machineKey
      decryption="AES" />

Step03 – Modify Your web.config

Modify your web.config to include membership, roles and profile providers.

Place code similar to these lines bellow inside <system.web> XML element.  Replace word “Your” with an appropriate name, matching your naming conventions.

<membership defaultProvider="YourMembershipProvider"> 
    <add connectionStringName="YourConnectionString" applicationName="/" 
       enablePasswordRetrieval="true" enablePasswordReset="true" requiresQuestionAndAnswer="false" 
       requiresUniqueEmail="true" passwordFormat="Encrypted"     maxInvalidPasswordAttempts="5" 
       passwordAttemptWindow="10" minRequiredPasswordLength="5" minRequiredNonalphanumericCharacters="0" 
       name="YourMembershipProvider" type="System.Web.Security.SqlMembershipProvider" /> 

<roleManager enabled="true" cacheRolesInCookie="true" cookieName="YOUR_ROLES" defaultProvider="YourRoleProvider"> 
    <add connectionStringName="YourConnectionString" applicationName="/" name="YourRoleProvider"
      type="System.Web.Security.SqlRoleProvider" /> 

 <profile defaultProvider="YourProfileProvider">
       <add name="YourProfileProvider" connectionStringName="YourConnectionString" 
      applicationName="/" type="System.Web.Profile.SqlProfileProvider" /> 

Now you can run ASP.NET Configuration inside Web Developer or Visual Studio and make sure that all new users are created inside your custom database, and not in /App_Data/ASPNETDB.MDF

(Visited 183 times, 2 visits today)

Be the first to comment

Your question, correction or clarification Ваш вопрос, поправка или уточнение