Always set the "applicationName" property when configuring ASP.NET 2.0 Membership and other Providers

I helped out a few folks last night on the ASP.NET Forums with this problem, so I thought it might make sense to turn this into a blog post to help share information about this.

 

Scenario:

 

You develop an ASP.NET 2.0 application locally using the new ASP.NET 2.0 Membership, Roles or Profile features.  You create several new users and everything works fine.

 

You then copy the application to a remote server (or even another directory on your local server) and run the application.  For some reason it appears that you are able to connect to your membership database just fine – but when you try to login it doesn’t let you.  It doesn’t throw a connection error, but rather when you attempt to login you get an error message that says something like: “Login attempt unsuccessful, please try again.”

 

Cause:

 

The reason this usually happens is because a membership (or roles or profile) provider has been added in the application’s web.config file – but without an applicationName attribute being specified (assume below that the applicationName in bold was missing):

 

      <membership>

            <providers>

                <clear/>

                <add name="AspNetSqlMembershipProvider"

                    type="System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"

                    connectionStringName="LocalSqlServer"

                    enablePasswordRetrieval="false"

                    enablePasswordReset="true"

                    requiresQuestionAndAnswer="true"

  requiresUniqueEmail="false"

                    passwordFormat="Hashed"

                    maxInvalidPasswordAttempts="5"

                    minRequiredPasswordLength="7"

                    minRequiredNonalphanumericCharacters="1"

                    passwordAttemptWindow="10"

                    passwordStrengthRegularExpression=""

                    applicationName="/"

                />

            </providers>

      </membership>

 

When no applicationName attribute is configured, ASP.NET uses the application vroot path within the web-server to automatically calculate the applicationName to use when adding data to an ASP.NET Application Service database.  To see this in action, you can open up your ASPNETDB database, and look within the aspnet_Applications table:

 

 

This table stores a unique ApplicationID for each applicationName.  Because I didn’t specify an “applicationName” attribute when I registered users within my application, it calculated the application name as /website8 (which happened to be the name my dev machine was using at the time).

 

Users created with the membership API will then be associated with this ApplicationID and in turn the applicationName.  You can see this by opening up the aspnet_Users table:

 

 

This works fine when the application continues to run in the “/WebSite8” application virtual path.  But if it is copied to another location or server with a different virtual path (for example: “/app1” or more commonly just "/"), then when the Membership APIs are used they will not “see” the users already in our database – since they will lookup membership data using a different application name and filter the users in the application_Users table accordingly.  That is why you’ll get a “Login attempt unsuccessful, please try again.” message when you try to login.

 

How to Solve This

 

The easiest way to solve this is to open up the aspnet_Users and aspnet_Applications tables within the ASPNETDB database and figure out what application name was used when creating the users and other data during development (look in the aspnet_Application table to work this out).

 

You can then go back to your web.config file, and add an “applicationName” attribute to your provider declaration with that application name value.  For example, note how the applicationName value below is now the same as the one in the aspnet_Application table:

 

      <membership>

            <providers>

                <clear/>

                <add name="AspNetSqlMembershipProvider"

                    type="System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"

                    connectionStringName="LocalSqlServer"

                    enablePasswordRetrieval="false"

                    enablePasswordReset="true"

                    requiresQuestionAndAnswer="true"

  requiresUniqueEmail="false"

                    passwordFormat="Hashed"

                    maxInvalidPasswordAttempts="5"

                    minRequiredPasswordLength="7"

                    minRequiredNonalphanumericCharacters="1"

                    passwordAttemptWindow="10"

                    passwordStrengthRegularExpression=""

                    applicationName="/website8"

                />

            </providers>

      </membership>

 

When the applicationName is set like above, the Membership API will always use that application name when connecting to the ASP.NET application service database.  That means it will work regardless of where the application is deployed or what path is used.

 

You should also then make sure that you do this for any Roles, Profile, WebPartPersonalization or other providers you configure.

 

Your application will then work fine.

 

How to Prevent This in the First Place

 

The best way to prevent this from ever happening is to always specify the “applicationName” attribute when declaring your providers.  One good default value to use is “/” – which is the root application name.  This is the value specified for the default provider that ships with ASP.NET 2.0 (which by default stores the application service data within the ASPNETDB.MDF file under /app_data), and is why if you don’t override the provider settings it will work if you copy an app to another machine.

 

For other ASP.NET Security Links and Resources please check out (and bookmark) this large post of content I did.

 

Hope this helps,

 

Scott

 

P.S. In case it isn’t obvious, the reason why the applicationName setting even exists in the first place is so that you can map multiple applications and sites to the same database.

 

P.P.S. In hindsight, we should have defaulted the provider collection to have a value of "/" for applicationName if it wasn't specified.

97 Comments

  • Thanks for posting this, Scott. This has been on my TODO list for blogging about, as it's a common problem for students of mine when moving assignments from the lab computers to their home computers.

  • Scott,



    You really bailed me out on this - THANKS



    D Thomas

  • Good tip! Thanks for posting.

  • I found this out the hard way! Lots of hair pulling! Thanks for making it known!

  • Yeah - this post came 2 days too late for me :) .... had this problem, and worse in my case i had specified the app name for membership provider and not the roles provider. You can imagine the chaos. But a peep into the database solved it for me.

  • Great, very nice. I just recreated the users and roles, I only had 3 for my application. but did not think at all about this property until you posted it. thanks a lot.

  • Your post hit home with me, I am still struggling with getting everything setup. I have specified my applicationName in my &quot;membership&quot;, &quot;roleManager&quot;, and &quot;profile&quot; sections, yet I still get two applications (the one I specify, and my development appname).



    I've seemed to narrow it down to when I add webparts, the second app gets created, is there somewhere else I need to set the app name?



    Thanks so much,



    ~ Steve

  • Hi Steve,



    There is a &lt;webparts&gt;&lt;personalization&gt;&lt;/webparts&gt; section that you'll want to configure as well to specify the application name. That is the missing provider to configure.



    Hope this helps,



    Scott

  • I spent two days trying to figure out what was wrong, and this fixed it. THANKS!

  • This helped!!! Five days of struggle and this was the answer.... Thanks a million

  • Thanks for posting this important tip...

    Sure it will save a lot of time for beginners...



    Thx

    Dev

  • I used the aspnet_regsql.exe to create the required tables and stored procedures onto an exsisting SQL Server 2000 database on a server. I have also created a connectionstring to the database and directed the membership and role providers to point to the database. Now, when I run the web app locally, the login and roles I have created on the web admin tools works fine, but when i upload to web app to the IIS on the server, none of the login and roles seem to work. How can I fix this problem?

  • Hi Justin,

    I'd recommend looking at whether the web-server has access to the SQL server specififed. In particular, you should look to see whether you are connecting via SQL authentication or Windows Authentication. My guess is that on your dev box you might be connecting locally via windows authentication -- and when you deploy remotely you can't use windows auth to connect across machines because kerberos isn't enabled.

    Hope this helps,

    Scott

  • Justin's case as described above is precisely the problem I am trying to solve for a few days already. More precisely, it is not obvious what setup to use on the IIS server which lives in DMZ, and has no means to use Windows authentication to reach the server that runs the SQL 2005.
    The SQL 2005 server would happily accept the requests for authentication coming from the "end user" reaching IIS from Internet - but the IIS attempt to get SQL Server 2005 fails before even reaching SQL Server across the network (and through the firewall).
    The weird thing is that SQLCMD.exe somehow knows how to do it - it does not help however, since I want my ASP.NET to be able to do that.
    I would expect that the described setup is the most common one - the IIS outside firewall and SQL behind. Despite a multi-day search I found no answer. This really indicates that the Semantic Web cannot come too soon :-)
    Can you, help, please?
    Regards
    Nik

  • Hi Nik,

    I think the issue you are running into is the multi-machine hop when using Windows authentication to connect with the database.

    I'm not a windows security expert, but have helped enough people with this question to know that it is a hard one.

    I believe this article should help you a little: http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnpag2/html/paght000008.asp

    Hope this helps,

    Scott

  • I tried all that and it did not work, help please

  • Hi Pierre,

    Can you try creating a new user with the application and then check to see whether you can logout and log back in with that.

    If you can, then that verifies that the database is at least working.

    Assuming this is the case, I'd recommend looking in the membership table like i outline above to see what applicationName value is being used.

    Hope this helps,

    Scott

  • Thanks Scott!
    I was able to create new user but i was not able to login using those new users. I finally figure out the problem but i do not know the cause. I have delete the login control then i have drop a new one on my page. Since then everything is working fine. When i check the webconfig everything is the same as before and the property of the login control are also the same.
    So i do not know what was the problem but now it is working again.

  • I can not create a new user...... I get an error message......."Failed to update database "C:\INETPUB\WWWROOT\APP_DATA\ASPNETDB.MDF" because the database is read-only."

  • Hi Trees,

    The problem you are running into is that the IIS worker process account only has read-only access to the file-system. As such, it can't open the database.

    To change this, you should change the file-permissions of the c:\inetpub\wwwroot\app_data directory to have read and write access for the worker process identity.

    For IIS5/5.1 set this for the ASPNET account. For IIS6 set this for the NETWORKSERVICE account.

    Hope this helps,

    Scott

  • Changed file-permissions of the c:\inetpub\wwwroot\app_data directory to have read and write access.

    How do I do this? For IIS5/5.1 set this for the ASPNET account. I do not have an ASPNET account, that I know of?

  • Much appreciated.
    A fairly obvious solution to a problem that has had me tearing my hair out.

  • Hi Trees,

    ASP.NET creates an ASPNET account when it is registered on the system. What you'd want to-do is pull up the file-properties for the directory using the windows explorer, and go into the security tab to control the write permissions on that directory and grant the ASPNET account access.

    Hope this helps,

    Scott

  • Hi Scott,
    Thanx for bringing this up. It is an apt description of my problem. Unfortunately, your solution has not been able to solve it for me. After reading your piece, i deleted all the users and created new users and roles. I left everything is default state and i'm using the aspnetsqlprovider. The login system works in VWD environment but not with the copy i have on a virtual server on IIS. It's pretty frustrating and can't seem to think of anything else..Can you help??

  • Fantastic explanation. I was experiencing this exact problem and after browsing this article I was able to solve it in seconds!

    Thank You very much!!

  • I've been experimenting with applicationName in web.config as part of a general learning process. But I have an interesting problem/note? Let's say I create two apps:
    /App1
    with no applicationName
    /App2
    with the applicationName = "MyApp"
    Now I create two users User1 in /App1 and User2 in /App2

    Now I change web.config in /App1 to include:
    applicationName = "MyApp"

    What do I expect? For the list of users in /App1 to say User2

    What happens, do you ask? /App1 still lists User1 as its user!?!

    I've tried stopping starting the web site, removing & adding the Application /App1, but neither work.

    It seems that some how IIS and/or ASP.Net has permanently mapped /App1 to:
    applicationName = ""
    or in other words
    applicationName = "/App1"

    Any ideas?

  • Sorry to have bothered you... I took a walk, came back and found the solution, though I'm not sure why...

    Despite closing the browser (IE) it appears that it was caching the page I made to display the users (I'm going to have to look at that page's code to see if I can determine why or attribute it to wierd IE behavior.)

    Thanks, if you've already looked at it, and thanks for the post it clearly confirmed the behavior I had discovered in my own reading/experimentation.

    JL

  • In my dev environment, when I cick start the Site Administration Tool, the only thing I can do for providers management is to "Test" the AspNetSqlProvider option. I can not configure it. There is no "membership" section in my web.config. under which section should it be added in web.config, and what about the BublicKeyToken property, where do I get it from? Thx.

  • Hi DinoD,

    This blog post includes some samples that show how to configure the membership provider: http://odetocode.com/Articles/427.aspx

    Hope this helps,

    Scott

  • Hi Sylver,

    What error message do you get at runtime when this happens?

    It really sounds like the issue might be this one that you are running into. Can you double check using the steps in my post above that it isn't?

    Thanks,

    Scott

  • Hi Scott,
    The Application doesn't give an error at runtime only that the Login says that

    "Your login attempt was not successful. Please try again."

    When i try to log on with credentials that do work in the VWD (Visual Web Development) environment. In other words, it's exactly the problem describe in this your article it's just that your solution doesn't solve it for me even after following all the steps. I even configured the web.config file with the properties set as u highlighted above to no avail. Maybe i'm missing something?! HELP!

  • Hi Parker,

    Glad it helped!

    I think you can either add or remove the PublicTokenKey -- I don't believe it is necessary.

    Hope this helps,

    Scott

  • Hi Sylver,

    Can you .zip up and send me a sample showing the problem? Either that or just the web.config file for your app? My email address is: scottgu@microsoft.com

    Thanks,

    Scott

  • Hi, I find your article really interesting but I'm still unable to solve my problem.
    Here it is:
    I developed a Custom Membership provider for a Sybase ASE 12.5 database. As this is a single application, I ommited the applicationName field in the user's table. In the ASP.Net development server, the provider works fine, performing log in an so on. The problem arises when the application is moved to the wwwroot (published). The provider accesses the database and retrieves the MembershipUser but for some reason, the Log-in operation does not complete an I get no error message whatsoever. It just performs the Log-In operation but when I try to get the logged in user I always get null.
    Any Ideas?

  • I am new to website development using .Net Framework 2.0 (asp.net 2.0 ) and have recently used membership controls in my website. I have configured web.config file to allow localsqlserver connection to point to Sql Server 2000. The regsql.exe created membership database in my sql server. My problem is that although I can access the database using website administration tool, but I am unable to logon to my web application using the SQL server 2000 database.

    Scenario1: Development Database Server and Website is on developer's machine.

    Here is the error:

    **************************************************************

    An error has occurred while establishing a connection to the server. When connecting to SQL Server 2005, this failure may be caused by the fact that under the default settings SQL Server does not allow remote connections. (provider: Named Pipes Provider, error: 40 - Could not open a connection to SQL Server)

    Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

    Exception Details: System.Data.SqlClient.SqlException: An error has occurred while establishing a connection to the server. When connecting to SQL Server 2005, this failure may be caused by the fact that under the default settings SQL Server does not allow remote connections. (provider: Named Pipes Provider, error: 40 - Could not open a connection to SQL Server)

    **************************************************************

    I am not using sql server 2005, but still in the error above, it is mentioning about Server 2005. Why?

    Scenario2: I have also built a new server 2000 but i am not getting any error message but is unable to logon. The above changes to machine.config file and the aspnet_applications table did not help me logon to the (local) database.

    I have setup new windows 2000 server with .net framework 2.0 and SQL Server 2000 (local server) installed on it. Do I need to install any other software on this test server.

    Please let me know how to resolve this issue. Your help is deeply appreciated.

    With thanks,

    Mukul

  • Hi Andres,

    The issue you are describing actually sounds exactly like the one I listed above. Can you try setting the applicationName attribute and retrying your scenario again to see if it makes a difference?

    Thanks,

    Scott

  • Hi Mukul,

    The error message above is actually the standard error message that the ADO.NET API returns when it fails to connect to the database.

    Typically this is caused because the user or account accessing the database doesn't have security permissions to-do so.

    Hope this helps,

    Scott

  • We had this exact problem and tried changing the application name, but this didn&#39;t fix our problem. What finally worked was changing the permissions for Network Service on the actual database ASPNETDB.mdf and the log file to full permissions.

  • I set the application name using the section pasted above. The website renders fine, but try to login to an existing user or create a new one and I get the error described by Mukul above. Anyone run into this kind of an issue before?

  • Hi Mark,

    When a login fails, ASP.NET writes out an error message to the Windows Event Log (I believe under the application node). Can you open this up to see what error message was generated. This will help in debugging the issue.

    Thanks,

    Scott

  • Hi Mehdi,

    If you want to send me your web.config file via email (scottgu@microsoft.com) I can help you figure out what is going on.

    Thanks,

    Scott

  • OK, I have tried everything NOTHING works, it does create a new user and role for that user but there it quits. Create the new user to check it out if you would like, tried to log back in and that didn't help either same error can't find me. Changed the directory permissions etc. NOTHING seems to help this is flustrating. Spend 7.5 hours with MS yesterday with the reload the application to the server. In other words nothing they did worked.

    This has to be simple, I must be overlooking something really easy.

  • Hi Francis,

    Good questions. I don't think that the ADMembershipProvider uses the ApplicationName property -- although I'm not 100% sure. I would recommend still setting it, though, since it can't hurt.

    This tutorial of mine covers how to use the SqlRolesProvider together with Windows Authentication (it could also be used with the ADMembershipProvider), and I think could help with what it sounds like you are looking for: http://weblogs.asp.net/scottgu/archive/2006/07/23/Recipe_3A00_-Implementing-Role-Based-Security-with-ASP.NET-using-Windows-Authentication-and-SQL-Server.aspx

    Hope this helps,

    Scott

  • Hi Ralph,

    I believe the problem is that you are deploying a SQL Express version of your application on this server, and the IIS6 worker process doesn't have write access to the directory where it is stored (which by default is /app_data). I'd recommend going into your file-server explorer and make sure that the security ACLs are setup to allow the NetworkService account both read and write access to this directory and file.

    Hope this helps,

    Scott

  • I can get the login to work on both my localhost and the production server. But my localhost doesn't recognize my roles based code... My rolemanger is enabled in both of my web.configs.

    Any ideas????
    Thanks,
    Pam

  • Hi Scott,

    I am having a similar situation with the same error. Using VS2005 and the Login control with the default ASPNETDB.MDF database for members and roles. I used the web site admin tool to check the provider it tells me it is currently configured to AspNetSqlProvider. Even if I select the "select a different provider for each feature option", the page still says that I am configured to the AspNetSqlProvider. When I look at the web.config file, I do not see any reference to the providers. I went ahead and inserted the provider asp code for the Membership and Role providers with the application name = "/" property set (I checked the AspNetDB tables to see that the application name is set to "/", they are). I still get the same error on deployment. Not sure why my web.config file did not originally have any reference to the providers, and also why it is still not working? Help is appreciated.

    Thanks Pete


  • Hi Pete,

    Can you check to make sure that you are clearing our your previous providers when you declare the new one? Specifically, do you have a statement before your one?

    thanks,

    Scott

  • Hi Lucy,

    The error message you are seeing indicates that the membership provider isn't setup correctly. Can you double check that you have the connection string setup and pointed at a database correctly?

    Thanks,

    Scott

  • Hi Pete,

    Can you send me email with a copy of your web.config file attached? I can then help debug it for you.

    Thanks,

    Scott

  • Hi Polly,

    You shouldn't need to explictly set the applicationName attribute unless you are registering a new provider. If you aren't, then you can just use the defaults (which is to register the profider as a "/" application).

    Hope this helps,

    Scott

  • Hi Allan,

    Can you send me an email with more details of the problem and your configuration? I will then loop in a support engineer who will be able to help you debug it.

    One other thing to check is whether you have the right forms-auth timeout set for your application. This post talks about the change in timeout made in ASP.NET 2.0: http://weblogs.asp.net/scottgu/archive/2005/11/08/430011.aspx

    It could be that your auth cookies are timing out, which is why people seem to see that they got logged out.

    Thanks,

    Scott

  • Hello Mr. Scott,
    Greetings !

    Its a superb solution.I really appreciate you for publishing it !

    However I am still having the same problem. I tried all of your steps above but in vain. well let me explain to you what my issue is.

    I have developed a web app on a WinXP with IIS 5.1. There are altogether 4 webforms 2 of which use access DB, 1 login.aspx and the last uses Excel. There are two user groups naturally...access and excel....I m using Forms Authentication although I need to develop this prototype on Intranet. I have structured the authentication in a very simple manner like i have a common login for both the groups for eg.
    1. username: access password: XXXX for access group
    2. username: excel password YYYY for excel gtoup
    Now i have created a role "User" and i allow the user role to access the website and deny anon. users.

    When i enter access username and password a menu.aspx opens up which further takes me to 2nd webform with access DB and when excel is used I will taken directly to the excel.aspx (example)...Now the problem is that till it is on the VWDE IDE, the application works smooth.However as soon as I host it on the IIS, it keeps on giving me the Invalid Login error. I tried all your steps. I have given full control permission over the ASPNETDB files for the ASPNET user. Finally I have also tried to create a new security example using your steps again but in vain. Please help me with this. I shall be highly obliged.

    Thanks in advance !

    Thanks Rohan
    rohan.bhobe@bmw.de


  • Hi Rohan,

    Can you check the Windows EventLog (within the Administration Tools subfolder within the Control Panel) and see what error is displayed there? I suspect that the problem might be listed there.

    If not, can you send me email and include your web.config file to look at?

    Thanks,

    Scott

  • Hi Pepper,

    Can you send me an email that includes your web.config file along with the details of the error you are receiving?

    Thanks,

    Scott

  • Hi Jonny,

    I just responded to the forum thread.

    thanks,

    Scott

  • Great blog post. I ran into a problem having the applicationName set to a forward slash. I had multiple web applications running on a server each having the applicationName=&quot;/&quot;. If I logged into one and checked the Remember Me checkbox, then closed the browser and browsed to another one of my web apps, it would auto log me in with the user name I was logged into in the other application.

  • Hey Scott, seems like this is definitely a hot topic. I'm having a problem where I can seem to create users but I cannot login, I get the incorrect password error and I cannot log in with any of my original accounts either. to boot when I do create a user I get an error afterwards in the code I added to the createUserWizard where I add a user to a role, it tells me that the role does not exist, I'm guessing this is all due to the application name problem, although my application name is / and I've created custom providers for membership, roles and profiles each with the application name set to '/'. for my connection strings I did the remove step for LocalSqlServer and then created a connection string with the same name that pointed to my ASPNETDB database, except that I've renamed ASPNETDB.MDF to nvp_ASPNETDB.MDF because my hosting is shared and I cannot simply keep the default name.

    I'm not sure what to do now, do I go back and rename the application name to something other than '/' like the path of my internal hosting space and is there a command to generate the application id from it or what?

    I don't know what to do, shared hosting seems to be a nightmare!

  • Hi Ivan,

    Can you make sure that you've added a statement before every directive for the providers in your web.config file?

    Thanks,

    Scott

  • Hi there,
    thanks for the feedback, were also having a crisis and have been working on for days if anyone can help out or point us in the right direction we would appreciate it very much,
    We just finished to deploy and upload the site to the server, the problem is were unable to logon through anything, we receive no error messages or anything, but I imagine its a problem within the SQL connection,
    When trying to logon nothing happens it worked perfectly on local, we beleive it may be when it was uploaded to the server, and also the provider cannot assist in anyway, Im guessing somthing else is missing from the SQL connect string because its not communicating with the DB

    connectionString="DataSource=someprovider.name.com;
    Initial Catalog=mywebsite;User Id=fergus01;Password=test01;"
    providerName="System.Data.SqlClient"


    If ANYone can assist it would mean the world to me and il be happy to pass on knowledge i have to others thanks

  • Hi Scott
    I just gota say thanks a million, your wise behind your years, this solved our issue that providers did not have a clue about, and also reading over I had same issue and it worked with the '/' name issue, let me know if i can return the favour! please pay close attention to his statement "how to prevent this in the first place" it explains it the best your legend! please keep up these fantastic 5 star posts,here an irish thanks "gorabh maith agait"

  • Hi

    I have an admin website that will maintain the client loginID, thus, I'll have 2 profile providers on this site. I tried to add 2 profile providers on the web.config like this:











    but i failed to get switch the profile provider on the programming.
    i can change the membership by define the provider on the programming like the following, but cannot do in the same way for the profile, what should i do to switch the profile?

    MembershipUser wrkUser = Membership.Providers["ClientMembership"].GetUser(UserID, false);

    Thanks

  • I've just got my asp.net configuration manager set to a remote database. Scotts site has been terrific. My new (clear) database contains all the mambership tables ect. but has no details in the applications table.
    It sounds like it's necessary to have an application listed. Should I created some details withing enterprise manager or write code? Or should this setting be set by som other means?

  • Hi dupls,

    What happens when you create a new user using the Membership API? Does it work?

    Thanks,

    Scott

  • Though I would update my last email problems. I went back to a previous backup version and got things working again.
    But I still have a problem in that I can create an account but when I log out I can't log in. I have the roleManager and membership providers set to the same connectionStringName as the connectionStrings name.
    I'll go through the tutorials again and see if I've missed something.
    thanks for your help!

  • Hi Scott,

    I think that your blog will help me with my problem. But I don't have the , tabs that you have in the web.config file. I am using Visual Studio 2005 and I used the ASP.net config tool to create the login controls.

    Where should I put the tag to add the application name, if I don't have the Membership, Provider and Clear tabs.,

  • Nice Article. Your one of my idols BTW. :)

  • Scott, your blog always comes up in my web searches for solutions - thanks !!!

    "P.S. In case it isn’t obvious, the reason why the applicationName setting even exists in the first place is so that you can map multiple applications and sites to the same database."

    Does your comment imply that the db is the central repository for user/login information for separate applications? What if you want to share the same users across applications?

    We have a primary application that we host for many users. We also create custom applications that are hosted on different domains but all within our infrastructure. I want to create an SSO environment. How would I use the membership framework for this? Also, if/when we move to AD(AM) would we be able to continue such an SSO environment?

    Thanks again,

    troy

  • Hi Scott,

    great post, helps a lot, but my problem is the same as Billybob71a, used the config tool for the login controls,
    no custom membership.
    in the database, application name is "/"

    but after publishing to the local IIS, i can't login,

  • Hi Raido,

    Can you check this post to see if it fixes your problem: http://weblogs.asp.net/scottgu/archive/2006/11/20/common-gotcha-don-t-forget-to-clear-when-adding-providers.aspx

    thanks,

    Scott

  • Hi Troy,

    Yep -- you can optionally point multiple applications to use the same membership/profile/role database. Simply register each application to point at the same database, and then the users can use the same credentials to log in everywhere.

    If you want to implement a single sign on implementation, things get a little tricker - since you want to be able to have users access any of the apps and not have to re-login if they are already authenticated elsewhere.

    This is easiest if they are all under the same site-name domain - in which case the browser can share the forms-auth cookie. If you aren't under the same top-level domain, then you'll need to use some SSO software to handle the logins and redirects.

    Hope this helps,

    Scott

  • Hi Kody,

    Can you send me an email containing your web.config file and the details of your error? I can then work to fix it for you.

    Thanks,

    Scott

  • Great information. It could've saved me more than four hours of trial and errors if I found it yesterday. I hope other readers find it before they try resolving this the hard way.

  • Scott, thanks for that reply. I'm familiar with some very expensive enterprise management suites that can also manage SSO. Are you aware of anything smaller in scale? Something that maybe deals with just web apps?

    T.

  • Hi Troy,

    Unfortunately I'm not too familiar with SSO solutions myself.

    Sorry!

    Scott

  • I figured it out! It was permissions on the server, actually. It is really strange though; I had to apply the permissions to the _vti_* folders as well as the App_Data folder!?

    I only found it out because I added Everyone with full control to the whole project folder on the server, saw that it worked and added full control to the normal set of users I thought might be needed: ASPNET, IUSR, NETWORK, NETWORK SERVICE, (removing Everyone). Isn't NETWORK SERVICE the only user needed for asp.net applications on Server 2003 / IIS 6.0?

    Once that worked, I began lowering permissions for each of those user accounts. What was annoying was that I had to restart IIS (iisreset) after each permission change. I suspect re-compiling the project from Visual Studio may have done the same.

    So, I ended up with IUSR, ASPNET, and NETWORK SERVICE with write permissions on the App_Data and _vti_* folders. What's that about!?!?! 8^)

    As a side note, I thought all of my messing around with it may have screwed something up on the server with regards to that project/website, so I created a completely new project in another website/domain and experienced the exact thing.



    Anyway, it appears to be working. Maybe you have a few details that might explain what is going on? Or, is there an article or list of permissions and what folders need them for asp.net projects somewhere?

    By the way, you have the absolute best blog in the world.

    Thanks for your help!
    -Kody

  • Sorry.. I forgot to mention that I didn't try removing any more permissions from the users because, well.. it was working.. and it was about 3:30 this morning and I leave for work at 7:00, etc., etc. Tonight, I'll continue removing permissions until I know exactly what is required..

    -Kody

  • I am having a similar problem as described in this article. I have had no problems creating users and deploying the application to a Windows 2000 server with SQL 2000. The users can initially login without any problems. Seemingly, after a period of time, 1 maybe 2 weeks, the user can no longer log in. When they go to "forget your password" screen, the system can not find their user id. I have set the application name in all providers and actually have had that implemented from the very beginning. The only way I have had to get around this is to remove the user completely using the ASP.NET configuration tool and re-add them to the application. It then works fine again. I have also verified that only 1 application exists in the database and it has the name specified in my providers. Any ideas what might cause user ids and passwords to suddenly not be recognized by the membership provider?

  • Hi Rykema,

    Can you double check that you aren't running into this scenario: http://weblogs.asp.net/scottgu/archive/2006/11/20/common-gotcha-don-t-forget-to-clear-when-adding-providers.aspx

    Thanks,

    Scott

  • Hi Christian,

    You could send me an email (contact details are in the about link on this site) that includes your full web.config file as an attachment?

    I can then help figure out what is going wrong.

    Thanks,

    Scott

  • Thanks a lot, I was having the same problem.

  • Ok Scott, great post!! It has at least helped me narrow down the problem, but it's not fixed yet.

    I'm using Visual Web Developer Express and i used the ASP.NET configuration page to create users and roles therefore there are no entries about the provider in the Web.Config file. I looked into the ASPNETDB database to check the application name being used and it is "\".

    It seems like the only solution to this is to explicitly declare the providers and set the application name?!

    By the way, Windows Authentication works just fine!

    HELP!

  • Hi Sylvester,

    Are you using a SQL Express database, or do you have a separate SQL Server? If you are using the default SQL Express database then you shouldn't need to change anything for it to work.

    Thanks,

    Scott

  • Thanks. Yea, I'm happy! Going to bed now.

  • Hi Scott,

    I'm using SQL Express and apparently i need to change something to make it work.

    I should add that when my application encounters a run time error, it displays:

    \website name (i.e. not just "\") as the application name as having encountered the error.

    Would this be the real application name other than the one in the ASPNETDB database?

  • Hi Scott,
    I'm using the default SQL Express and the default Roles provider to do it all.

    Evidently, i still need to change something for it to work...

    I should mention that anytime there's a run time error in my application, the name displayed(as the application name) is different from the one in the ASPNETDB database? Is this significant?

  • Hi Luke,

    Two things to check:

    1) Do you have SQL Server Express installed on the Windows 2000 box?

    2) Are the security ACL's set correctly on the /app_data directive for the application? Specifically, you want to make sure that the ASPNET user account has both read and write access to the file.

    Once you are sure #1 and #2 are correct, check the EventLog on the computer to see exactly what is the error is when it is happening.

    Thanks,

    Scott

  • Hi Sylvester,

    Can you send me an email and attach a copy of you web.config file, as well as the exact error you are seeing? I can then try and help.

    Thanks,

    Scott

  • Hi Scott, new to asp.net 2.0. Building an online auction application using asp.net 2.0 and sql server express. i have created my tables, also i have been able to create a register page with saves the details into my Persons table. I am trying to create a login page which would validate ,the users credentials with details in my custom database.
    I am having problems trying to accomplish this. if you can help me i would be greatful

  • After 2 days of dealing with this problem I think I have finally solved it and thought i should share.

    Scenario: I created a web app on my local machine , win 2000 using IIS 5.x, and then copied the app to production and then had the logon problem detailed above.

    Soluton: The membership api requires that the database files have read write permissions set for the ASPNET user. I simply added the aspnet user to the permissions on my database files and it all started working. Obviously the permissions were removed when the file was coppied to producton because the operating systems are different.

    I think the reason it took so long to solve is because the membership controls dont behave as youd expected. If the app cant access the file you would expect a read and / or write error but instead you get nothing and the system error log says that you simply failed to authenticate...

    Anyhoo I hope this helps someone

  • Hi Ib,

    Sorry you ran into problems with this. You are write that if you don't have write access to the disk your database can't be created.

    Sorry for the confusion!

    Scott

  • Hi Taire,

    Can you provide more details on the problem you are running into? What is the error message you are seeing?

    Feel free to email me (scottgu@microsoft.com) with the details. Please also attach a copy of your web.config file.

    thanks,

    Scott

  • Hi,

    Seems there's lots of people with the same type of issue.

    read through it all and I seem to have a related issue, just not sure which path to follow to fix.

    Used VWD Express, with SQL express, everything works in Dev but when deployed on Win 2000 server with mssql 2005 express, memberships don't work. Can't login with any accounts that I created in Dev.

    Made some progress by giving ASPNET account access to ASPNETDB and ASPNETDB.log, now I can register a new user without an error. Thing is I can't login with the new account. I can request the password by using the security questions and an encrypted password is sent to my email address. Try to login with it and no good.

    I can send my web.config file along if it makes any diff.

    Side note: Still not sure how to manage users through a GUI on Prod site. The .Net WebAdmin tool seems nice but can't get it to work on Prod server (manage this with RDP through VPN).

    Starting to lose hair over this :-) Oh, and in case it wasn't obvious, I'm a newb.

    Cheers,

  • superb! thanks mate perfect!

  • I am successfully connecting from one application (WSSv3), but not another (the SSP for the WSS site that I extended to the extranet zone).

    Using SQL Profiler I see the call to [aspnet_Membership_GetPasswordWithFormat] go through, but I get the login failed error.

    Any ideas?

  • Hi Bob,

    Can you check the underlying database? Is the username within that?

    Also - can you check to make sure you aren't running into this issue: http://weblogs.asp.net/scottgu/archive/2006/11/20/common-gotcha-don-t-forget-to-clear-when-adding-providers.aspx

    Thanks,

    Scott

  • I'm so happy that I can't even express my self:) Thanks a lot...

  • Thanks man. Now I can see!

Comments have been disabled for this content.