ASP.Net在调用Membership.CreateUser()时设置正确的连接字符串

时间:2012-02-05 23:34:25

标签: c# asp.net web

这是我上一个问题的延续:“内部数据库 - 用户创建的ASP.NET自动网站注册”。我正在运行以下代码。这只是一个代码测试块。它的工作原理但我的问题是它在App_Data目录中创建了默认的SQLEXPRESS ASPNETDB.MDF。这不是我想要的。

// Create a MembershipCreateStatus Status for Reporting...
MembershipCreateStatus status = new MembershipCreateStatus();
// Setup SqlMembershipProvider for Initialization...
SqlMembershipProvider sqlProvider = new SqlMembershipProvider();
// Setup a NameValueCollection...
NameValueCollection config = new NameValueCollection();
// Set the Connection Name of the SQL Connection String...
string SQLDBNameString = "My Company Database.Properties.Settings.ConnectionString";
// Update the private connection string field in the base class. 
string connectionString = "Data Source=Server;Initial Catalog=’My Company Database';User ID=USERNAME;Password=PASSWORD";
// Username of the account to add...
string username = "User121";
// Generate a dynamic Password....
string password = Membership.GeneratePassword(8, 1);
// Email Address of the User...
string email = "email@email.com";

try
{
    string Name = "My Company Database";

    config.Add("applicationName", "My Company Database");
    config.Add("maxInvalidPasswordAttempts", "5");
    config.Add("passwordAttemptWindow", "10");
    config.Add("minRequiredPasswordLength", "8");
    config.Add("passwordStrengthRegularExpression", "");
    config.Add("enablePasswordReset", "True");
    config.Add("enablePasswordRetrieval", "False");
    config.Add("requiresQuestionAndAnswer", "False");
    config.Add("requiresUniqueEmail", "True");
    config.Add("passwordFormat", "Hashed");
    config.Add("connectionStringName", SQLDBNameString);

    sqlProvider.Initialize(Name, config);

    ConnectionStringSettings ConnectionStringSettings = ConfigurationManager.ConnectionStrings[SQLDBNameString];
    if ((ConnectionStringSettings == null) || (ConnectionStringSettings.ConnectionString.Trim() == String.Empty))
    {
        throw new Exception("Connection string cannot be blank.");
    }

    // connectionString = ConnectionStringSettings.ConnectionString;

    MembershipUser newUser = Membership.CreateUser(username, password, email, "Whats My Password", password, true, out status);
}
catch (Exception ex)
{
    String message = "Error...\r\n\r\n" + ex.ToString();
    String caption = "Error";
    MessageBoxButtons button = MessageBoxButtons.OK;
    MessageBoxIcon icon = MessageBoxIcon.Asterisk;
    MessageBox.Show(message, caption, button, icon);
}

MessageBox.Show("Account Creation   : " + status.ToString() + "\r\n" 
              + "Username is        : " + username + "\r\n" 
              + "Password is        : " + password + "\r\n" 
              + "Email              : " + email);

此代码在C#Application,SQL前端数据库中运行,它应该自动创建一个用户,这样一旦我将它们添加到我的数据库,他们就可以登录到网页。此代码未在ASP网站应用程序中运行。我的“配置”并没有被我所看到的所有。任何帮助都很有帮助!

2 个答案:

答案 0 :(得分:1)

最后一个解决方案贯穿我的网站和C#内部数据库。

我的学习曲线陡峭。它实际上比我想象的要简单得多。以下是需要进入需要在C#项目中的app.config文件的代码:

<configuration>
<configSections>
</configSections>
<connectionStrings>
<add name="My Company Database.Properties.Settings.ConnectionString"
    connectionString="Data Source=Server;Initial Catalog='My Company Database';Persist Security Info=True;User ID=MyUserName;Password=MyPassword"
    providerName="System.Data.SqlClient" />
</connectionStrings>

<system.web>
<compilation debug="true" targetFramework="4.0" />

<authentication mode="Forms">
<forms loginUrl="~/Account/Login.aspx" timeout="2880" />
</authentication>

<membership>
<providers>
<clear/>
<add name="AspNetSqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider" connectionStringName="My Company Database.Properties.Settings.ConnectionString"
         enablePasswordRetrieval="False" enablePasswordReset="true" requiresQuestionAndAnswer="false" requiresUniqueEmail="false"
         maxInvalidPasswordAttempts="5" minRequiredPasswordLength="6" minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10"
         applicationName="/" />
</providers>
</membership>

</system.web>

</configuration>

以下是使用默认MembershipProvider()的代码:

// Create a MembershipCreateStatus Status for Reporting...
MembershipCreateStatus status = new MembershipCreateStatus();

// Username of the account to add...
string username = "User121";
// Generate a dynamic Password....
string password = "P@55W0Rd";
// Email Address of the User...
string email = "email@email.com";
// Password Question of the User...
string passwordQuestion = "My Password Question?";
// Password Answer of the User...
string passwordAnswer = "My Password Answer!";

try
{
Membership.CreateUser(username, password, email, passwordQuestion, passwordAnswer, true, out status);
}
catch (Exception ex)
{
    this.richTextBox1.Text = "Error...\r\n\r\n" + ex.ToString();
}

this.richTextBox1.Text = ("Account Creation   : " + status.ToString() + "\r\n"
                                + "Username is        : " + username + "\r\n"
                                + "Password is        : " + password + "\r\n"
                                + "Email              : " + email);

我确实尝试添加与ASP.NET Web应用程序相同的web.config,但这失败了。我甚至没想到将配置放到app.config中,直到今天。尝试解决问题时,大脑有多么有效。

Password Hashing和Salting全部由.NET内置的默认MembershipProvider类处理。无需做任何疯狂的编码哈希和腌制。

答案 1 :(得分:0)

我有这个代码工作:

// Create MembershipUser...
MembershipUser membershipUser = null;

// Create a MembershipCreateStatus Status for Reporting...
MembershipCreateStatus status = new MembershipCreateStatus();

// Update the private connection string field in the base class. 
string connectionString = "Data Source=SERVER;Initial Catalog='My Company Database';User ID=USERNAME;Password=PASSWORD";

// Application Name...
string applicationName = "My Company Database";
// Username of the account to add...
string username = "NewUser";
// Generate a dynamic Password....
string password = Membership.GeneratePassword(12, 3);
// Email Address of the User...
string email = "email@email.com";
// The Password Question...
string passwordQuestion = "What is my Password?";
// The Password Answer...
string passwordAnswer = "My Password is: .....";
// Is Approved...
bool isApproved = true;
// Current Time Utc...
DateTime dateTimeUtc = DateTime.UtcNow;
// Create Date...
DateTime createDateTime = DateTime.Now;
// uniqueEmail = 
int uniqueEmail = 1;
// Password Format...
int passwordFormat = 1;
// Set the GUID...
Guid guid= Guid.NewGuid();

if (membershipUser == null)
{
    SqlConnection sqlConnection = new SqlConnection(connectionString);
    SqlCommand sqlCommand = new SqlCommand("aspnet_Membership_CreateUser", sqlConnection);

    sqlCommand.CommandType = CommandType.StoredProcedure;

    sqlCommand.Parameters.Add("@ApplicationName", SqlDbType.NVarChar, 255).Value = applicationName;    // Input Parameter...
    sqlCommand.Parameters.Add("@UserName", SqlDbType.NVarChar, 255).Value = username;                  // Input Parameter...
    sqlCommand.Parameters.Add("@Password", SqlDbType.NVarChar, 127).Value = password;                  // Input Parameter...
    sqlCommand.Parameters.Add("@PasswordSalt", SqlDbType.NVarChar, 127).Value = password;              // Input Parameter...
    sqlCommand.Parameters.Add("@Email", SqlDbType.NVarChar, 255).Value = email;                        // Input Parameter...
    sqlCommand.Parameters.Add("@PasswordQuestion", SqlDbType.NVarChar, 255).Value = passwordQuestion;  // Input Parameter...
    sqlCommand.Parameters.Add("@PasswordAnswer", SqlDbType.NVarChar, 127).Value = passwordAnswer;      // Input Parameter...
    sqlCommand.Parameters.Add("@IsApproved", SqlDbType.Bit).Value = isApproved;                        // Input Parameter...
    sqlCommand.Parameters.Add("@CurrentTimeUtc", SqlDbType.DateTime, 7).Value = dateTimeUtc;           // Input Parameter...
    sqlCommand.Parameters.Add("@CreateDate", SqlDbType.DateTime, 7).Value = createDateTime;            // Input Parameter...
    sqlCommand.Parameters.Add("@UniqueEmail", SqlDbType.Int, 3).Value = uniqueEmail;                   // Input Parameter...
    sqlCommand.Parameters.Add("@PasswordFormat", SqlDbType.Int, 3).Value = passwordFormat;             // Input Parameter...
    sqlCommand.Parameters.Add("@UserId", SqlDbType.UniqueIdentifier, 15).Value = guid;                 // Output Parameter...

    try
    {
    sqlConnection.Open();
    sqlCommand.ExecuteNonQuery();
    status = MembershipCreateStatus.Success;
    }
    catch (SqlException ex)
    {
        richTextBox1.Text = ex.ToString();
        status = MembershipCreateStatus.ProviderError;
    }
    finally
    {
        sqlConnection.Close();
    }
        this.textBox1.Text = status.ToString();

显而易见的是,目前我没有检查现有用户,电子邮件等。我还需要哈希密码答案并修复SaltPassword设置。

以下是CreateUser的默认ASP提供程序SQL存储过程:

ALTER PROCEDURE [dbo].[aspnet_Membership_CreateUser]
@ApplicationName                        nvarchar(256),
@UserName                               nvarchar(256),
@Password                               nvarchar(128),
@PasswordSalt                           nvarchar(128),
@Email                                  nvarchar(256),
@PasswordQuestion                       nvarchar(256),
@PasswordAnswer                         nvarchar(128),
@IsApproved                             bit,
@CurrentTimeUtc                         datetime,
@CreateDate                             datetime = NULL,
@UniqueEmail                            int      = 0,
@PasswordFormat                         int      = 0,
@UserId                                 uniqueidentifier OUTPUT
AS
BEGIN
DECLARE @ApplicationId uniqueidentifier
SELECT  @ApplicationId = NULL

DECLARE @NewUserId uniqueidentifier
SELECT @NewUserId = NULL

DECLARE @IsLockedOut bit
SET @IsLockedOut = 0

DECLARE @LastLockoutDate  datetime
SET @LastLockoutDate = CONVERT( datetime, '17540101', 112 )

DECLARE @FailedPasswordAttemptCount int
SET @FailedPasswordAttemptCount = 0

DECLARE @FailedPasswordAttemptWindowStart  datetime
SET @FailedPasswordAttemptWindowStart = CONVERT( datetime, '17540101', 112 )

DECLARE @FailedPasswordAnswerAttemptCount int
SET @FailedPasswordAnswerAttemptCount = 0

DECLARE @FailedPasswordAnswerAttemptWindowStart  datetime
SET @FailedPasswordAnswerAttemptWindowStart = CONVERT( datetime, '17540101', 112 )

DECLARE @NewUserCreated bit
DECLARE @ReturnValue   int
SET @ReturnValue = 0

DECLARE @ErrorCode     int
SET @ErrorCode = 0

DECLARE @TranStarted   bit
SET @TranStarted = 0

IF( @@TRANCOUNT = 0 )
BEGIN
    BEGIN TRANSACTION
    SET @TranStarted = 1
END
ELSE
    SET @TranStarted = 0

EXEC dbo.aspnet_Applications_CreateApplication @ApplicationName, @ApplicationId OUTPUT

IF( @@ERROR <> 0 )
BEGIN
    SET @ErrorCode = -1
    GOTO Cleanup
END

SET @CreateDate = @CurrentTimeUtc

SELECT  @NewUserId = UserId FROM dbo.aspnet_Users WHERE LOWER(@UserName) = LoweredUserName AND @ApplicationId = ApplicationId
IF ( @NewUserId IS NULL )
BEGIN
    SET @NewUserId = @UserId
    EXEC @ReturnValue = dbo.aspnet_Users_CreateUser @ApplicationId, @UserName, 0, @CreateDate, @NewUserId OUTPUT
    SET @NewUserCreated = 1
END
ELSE
BEGIN
    SET @NewUserCreated = 0
    IF( @NewUserId <> @UserId AND @UserId IS NOT NULL )
    BEGIN
        SET @ErrorCode = 6
        GOTO Cleanup
    END
END

IF( @@ERROR <> 0 )
BEGIN
    SET @ErrorCode = -1
    GOTO Cleanup
END

IF( @ReturnValue = -1 )
BEGIN
    SET @ErrorCode = 10
    GOTO Cleanup
END

IF ( EXISTS ( SELECT UserId
              FROM   dbo.aspnet_Membership
              WHERE  @NewUserId = UserId ) )
BEGIN
    SET @ErrorCode = 6
    GOTO Cleanup
END

SET @UserId = @NewUserId

IF (@UniqueEmail = 1)
BEGIN
    IF (EXISTS (SELECT *
                FROM  dbo.aspnet_Membership m WITH ( UPDLOCK, HOLDLOCK )
                WHERE ApplicationId = @ApplicationId AND LoweredEmail = LOWER(@Email)))
    BEGIN
        SET @ErrorCode = 7
        GOTO Cleanup
    END
END

IF (@NewUserCreated = 0)
BEGIN
    UPDATE dbo.aspnet_Users
    SET    LastActivityDate = @CreateDate
    WHERE  @UserId = UserId
    IF( @@ERROR <> 0 )
    BEGIN
        SET @ErrorCode = -1
        GOTO Cleanup
    END
END

INSERT INTO dbo.aspnet_Membership
            ( ApplicationId,
              UserId,
              Password,
              PasswordSalt,
              Email,
              LoweredEmail,
              PasswordQuestion,
              PasswordAnswer,
              PasswordFormat,
              IsApproved,
              IsLockedOut,
              CreateDate,
              LastLoginDate,
              LastPasswordChangedDate,
              LastLockoutDate,
              FailedPasswordAttemptCount,
              FailedPasswordAttemptWindowStart,
              FailedPasswordAnswerAttemptCount,
              FailedPasswordAnswerAttemptWindowStart )
     VALUES ( @ApplicationId,
              @UserId,
              @Password,
              @PasswordSalt,
              @Email,
              LOWER(@Email),
              @PasswordQuestion,
              @PasswordAnswer,
              @PasswordFormat,
              @IsApproved,
              @IsLockedOut,
              @CreateDate,
              @CreateDate,
              @CreateDate,
              @LastLockoutDate,
              @FailedPasswordAttemptCount,
              @FailedPasswordAttemptWindowStart,
              @FailedPasswordAnswerAttemptCount,
              @FailedPasswordAnswerAttemptWindowStart )

IF( @@ERROR <> 0 )
BEGIN
    SET @ErrorCode = -1
    GOTO Cleanup
END

IF( @TranStarted = 1 )
BEGIN
    SET @TranStarted = 0
    COMMIT TRANSACTION
END

RETURN 0
    Cleanup:

IF( @TranStarted = 1 )
BEGIN
    SET @TranStarted = 0
    ROLLBACK TRANSACTION
END

RETURN @ErrorCode
    END

对我来说,默认的MembershipProvider有一个很大的限制,如果你想做一些简单的事情,比如我想在ASP Web应用程序之外创建新用户的情况。也许有另一种方法可以做到这一点更简单?

如果有人有更好的答案,那么我真的应该接受输入吗?

感谢。