Configuring a Membership Provider


The example at the beginning of this chapter, the trade show demo approach, simply used the default Membership provider supplied in machine.config. After reading this far, you should have a much better understanding of the configuration options on the provider.

While you can live a full and happy life using the default provider configuration, we strongly advise you to use your own web.config file to specify provider settings, especially if you're going to use the SqlMembershipProvider, which is very popular. To do this, you'll need to add a <membership> section to your web.config file, and add a provider of your own. To avoid confusion, we like to start by clearing the provider list so that we don't accidentally use the default provider from machine.config. Listing 5-6 shows an example.

Listing 5-6. MyMembershipProvider

<connectionStrings>   <clear/>   <add name="asp"        connectionString="integrated security=sspi;                          database=myaspnetdb"        providerName="System.Data.SqlClient" /> </connectionStrings> <system.web>   <!-- other entries omitted for brevity -->   <membership defaultProvider="MyProvider">     <providers>       <clear/>       <add name="MyProvider"         type="System.Web.Security.SqlMembershipProvider"         connectionStringName="asp"         applicationName="MyApplication"         enablePasswordRetrieval="false"         enablePasswordReset="true"         requiresQuestionAndAnswer="true"         requiresUniqueEmail="false"         passwordFormat="Hashed"         maxInvalidPasswordAttempts="5"         minRequiredPasswordLength="7"         minRequiredNonalphanumericCharacters="1"         passwordAttemptWindow="10"         passwordStrengthRegularExpression="" />     </providers>   </membership> </system.web> 

Here we've created a new connection string so that we can have our own private membership database for this application. We also cleared out any inherited connection strings for clarity, since we're not using them.

Note how we set the defaultProvider attribute on the <membership> element. This is important: it tells the login controls and other ASP.NET infrastructure which provider to use by default. Controls that rely on membership (like Login and CreateUserWizard) expose a property called ProviderName that allows you to override this default and hardwire to a particular provider, but generally you'll use a single provider for your entire application, so setting the defaultProvider attribute should suffice.

When you're using SqlMembershipProvider, another important attribute to set is applicationName. This is because the SQL provider supports multiple Web applications in a single membership database, each of which can have its own unique user accounts. Each application is scoped by the applicationName attribute in its provider's configuration. Applications sharing the same applicationName will share the same set of users, whereas an application with a unique applicationName will see its own private set of users. If you look back at Listing 5-4, you'll see that the machine-wide default provider (whose name is AspNetSqlMembershipProvider) uses an applicationName of "/", so all applications that use this machine-wide default (like my trade show demo) end up seeing the same set of users. This is good to know when you're experimenting with membership.

Don't omit the applicationName attribute on your provider definition. If you do, the SQL provider will look at your Web application's virtual root and construct an application name from that. This can lead to trouble: If your application is moved to a new virtual directory, suddenly it can no longer see any users in its membership database. So be sure to set this value up front (even using a simple value of "/" is better than not setting it at all). Note that if you're using the AD provider, this value is ignoredall applications that use the AD provider with the same connection string see the same set of users.




Essential ASP. NET 2.0
Essential ASP.NET 2.0
ISBN: 0321237706
EAN: 2147483647
Year: 2006
Pages: 104

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net