Joseph Michael Pesch
VP Programming

aspnet_... Security Configuration

by 21. November 2008 19:36

Consists of SQL script to install database objects along with ASP.Net web site components.

Run %systemroot%\Microsoft.NET\Framework\v2.0.50727\aspnet_regsql.exe to install the ASP.Net user framework objects (tables, procs, etc.) into a SQL server database. 

Script to create database objects (in lieu of running the exe above): 
aspnet_Security.sql (238.96 kb)

Backup copy of emtpy database containing just the standard security objects: aspnet_Security.bak (1.83 mb)

Script to export data from: aspnet_Applications, aspnet_Users, aspnet_Membership, aspnet_Roles and aspnet_UsersInRoles tables: aspnet_SecurityDataExport.sql (4.80 kb)

See sample web.config and Login.aspx with some security features in code-behind: Sample.zipx (2.81 kb)

Adding a user to basic security roles:

EXEC sp_addrolemember 'aspnet_Membership_BasicAccess', 'usernamehere'
EXEC sp_addrolemember 'aspnet_Personalization_BasicAccess', 'usernamehere'
EXEC sp_addrolemember 'aspnet_Profile_BasicAccess', 'usernamehere'
EXEC sp_addrolemember 'aspnet_Roles_BasicAccess', 'usernamehere'
EXEC sp_addrolemember 'db_datareader', 'usernamehere'
EXEC sp_addrolemember 'db_datawriter', 'usernamehere'

Script to add new user to application and role (adds the application and role also if necessary)

  @appName varchar(50)
, @userName varchar(50)
, @emailAddress varchar(100)
, @roleName varchar(50)

  @appName = 'ApplicationNameHere'
, @userName = 'UserNameHere'
, @emailAddress = ''
, @roleName = 'RoleNameHere'

  @appId uniqueidentifier
, @userId uniqueidentifier
, @roleId uniqueidentifier

select @appId = ApplicationId from dbo.aspnet_Applications where ApplicationName = @appName
if(@appId is null) begin
  set @appId = newid()
  insert into aspnet_Applications values(@appName, lower(@appName), @appId, @appId)

select @roleId = RoleId from dbo.aspnet_Roles where RoleName = @roleName
if(@roleId is null) begin
  set @roleId = newid()
  insert into aspnet_Roles values(@appId, @roleId, @roleName, lower(@roleName), @roleName)

set @userId = newid()
insert into aspnet_Users values(@appId, @userId, @userName, lower(@userName), null, 0, '1/1/1900')
insert into aspnet_Membership values(@appId, @userId, '5lxSnTx3kTUzWgnLr8C2xHXOZYM=', 2, 't8DHyWEWq+/Yr/RNBvo6hw==', null, @emailAddress, lower(@emailAddress), null, null, 1, 0, getdate(), '1/1/1900', '1/1/1900', '1/1/1900', 0, '1/1/1900', 0, '1/1/1900', null)

insert into aspnet_UsersInRoles values(@userId, @roleId)


ASP.Net | Security

Agile Development

by 18. November 2008 15:39


Neudesic - Microsoft - Agile Training (4.59 mb)

William Salazar – Development Contact for all development technologies including Visual Studio.


Infrastructure Optimization (IO)


Grady Booch - Object Solutions: Managing the object oriented project, 1996

People are more important than any process. Good people with a good process will outperform good people with no process every time.


Alistar Cockburn - Agile Software Development, 2002

I found no interesting correlation in the projects that I studied among process, language or tools and process success.  A well functioning team of adequate people will complete a project almost regardless of process, or technology they are asked to use.


A big process with heavy "Ceremonies and Artifacts" will not improve the likelihood of a successful project.  Having good people, with "enough" process provides the best likelihood of a successful project.


Repeatability vs. Invention

“Repeatability” of end product must have deviation of less than 3%.

“Invention” is process of defining new product (i.e. larger deviation from existing product), often involves a lot of research in addition to normal design and development (research time can be especially hard to estimate).


Extreme innovation, Sydney opera house, original estimate 3 years and 7 Million dollars, actually took 7 years and 100 Million dollars.  Construction keeps incredible statistics on building process estimations; as opposed to Software development which has no statistics to look at.  This points out the significant challenge that Software development faces specifically in the realm of estimation.


Statistically, small and medium size projects experience 25% change from conception to completion, large projects experience 35% change.


Responding to Change

·         “Loading the boat” vs. “Packing light”

·         Predicatively planned projejcts typically waste time on unneeded scope.


“Scope Bloat” – Example, winning year’s worth of groceries:

·         Style 1:  List everything you will need for the year (once and only once)

·         Style 2:  Request items as needed throughout the year

·         NOTE: With style 1 you will inevitably forget some things and request others you may not really need, just to be safe.


1988 study by the Standish Group:

·         45%  of features built are never used

·         19% are rarely used

·         16% sometimes

·         13% often

·         7% regularly


Predictive vs. Adaptive – Game of chess:  As complicated as chess is from a perspective of number of possible moves, building software is even more complicated.  We can invest heavily in an illusion of predictability in software development; however, that is all it is “an illusion”.


Command and Control vs. Empowered Teams – “Walk to your car and get me a pen”:  Stand up, turn left, 10 steps forward, turn left 20 steps forward, etc.  Most likely, he will get off track somewhere along the way, if he deviates from the plan and fails it will be his fault, if he sticks to the bad plan he will fail but at least it will be the planners fault rather than his.  The alternative is to just request a pen and let the capable person improvise and find a pen by his own means.


< Adaptive   Preditive >
Agile Iterative Waterfall

MSF 4.0 for Agile 2006 **

MSF 4.0 2006 **

MSF 4.0 for CMM 2006 **

Scrum 1993

MSF 1994 **



CMM 1991 *

CMM 1991 *


Rational Unified Process 1981


* CMM (Capacity Maturity Model) – Not necessarily a process; however, it is typically misused as a label that you are CMM Level X… (Example of correct use: Scrum is a CMM Level III process).** Not a specific/rigid methodology; but rather, a framework for creation/adaptation into a custom methodology of your own.*** Other Agile Methods: Crystal Clear 2005, Lean, Adaptive (ASD) 2003, Feature Driven (FDD) 2000, Extreme Programming 1999, DSDM 1995, Test Driven Development (TDD). 

Agile Software Development Manifesto (

“We are uncovering better ways of developing software by doing it and helping others do it.”

Through this work we have come to value:

·         Individuals and interactions over processes and tools

·         Working software over comprehensive documentation

·         Customer collaboration over contract negotiation

·         Responding to change over following a plan

That is, while there is value in the items on the right, we value the items on the left more.


Not “No Documentation”; but rather, what is the minimally sufficient level of documentation.


With all projects seeing an average of 25-35% change, why fight change, need to embrace it and work with it.  Need to be on same side of table (i.e. “our problem” vs. “their problem”) with the customer.


“Some problems are just hard, some people are just difficult, and processes cannot solve these issues.”

  Key Principals of Agile

·         Deliver actual working software (not demo software)

·         Harness change vs. fighting change

·         Start with teams of motivated people

·         Continuous open communication (identifying and solving issues, not getting into “blame game”)

·         “Empowered teams” over “command and control”

·         Time-boxed iterations in weeks

·         Strive for “sustainable page”

·         Team motivation, vs. individual motivation

Key stumbling block is horizontal development (e.g. UI developer waiting on DBA, etc.), need to work on “unblocking” self (e.g. define your interfaces as needed if the source developer is not available to do so).

 What agile feels like

·         Committed to “DONE” software list

·         People help each other and interact face-to-face

·         People don’t wait a day to communicate

·         Team members know to “give and take”

·         Team members remove roadblocks that other can’t or won’t

·         Non-team members “help” remove roadblocks, and avoid becoming roadblocks

·         Team members willing to “wear multiple hats”

·         Team members pull their weight

·         Team members help each other to pull more weight

·         “I know and trust that we are doing what will best move the project forward today.”


The Agile Toolkit Podcast


Avoid “Velocity Pressure” which can create “Code Debt”, that is, pressure to meet unrealistic goal may result in short-cuts taken that will need to be cleaned up at some later point.


Fibinachi sequence (1, 2, 3, 5, 8, 13) plus epics 20, 40, 100 (where epics represent big features not yet broken down e.g. report generator).


Relative estimates (e.g. how complex/large one task is compared to another), should remain constant across team member abilities; whereas, velocity estimation is unique to peoples skills, ability, motivation/performance, environment, tools, team makeup, etc.  Good velocity planning is really only achievable after one or two sprints at which point you can apply the actual history of velocity against remaining tasks.





Windows File Copy/Move Permissions Rules

by 18. November 2008 14:28

When copying or moving files in windows, the following matrix of rules applies to how permissions are either retained from the source or inherited from the target.

Permission Matrix











Target Location 




RoboCopy Usage Info

by 18. November 2008 14:25

   ROBOCOPY     ::     Robust File Copy for Windows                             

  Started : Mon Aug 25 09:31:13 2008

              Usage :: ROBOCOPY source destination [file [file]...] [options]

             source :: Source Directory (drive:\path or \\server\share\path).
        destination :: Destination Dir  (drive:\path or
               file :: File(s) to copy  (names/wildcards: default is "*.*").

:: Copy options :
                 /S :: copy Subdirectories, but not empty ones.
                 /E :: copy subdirectories, including Empty ones.
             /LEV:n :: only copy the top n LEVels of the source directory tree.

                 /Z :: copy files in restartable mode.
                 /B :: copy files in Backup mode.
                /ZB :: use restartable mode; if access denied use Backup mode.
            /EFSRAW :: copy all encrypted files in EFS RAW mode.

  /COPY:copyflag[s] :: what to COPY for files (default is /COPY:DAT).
                       (copyflags : D=Data, A=Attributes, T=Timestamps).
                       (S=Security=NTFS ACLs, O=Owner info, U=aUditing info).

           /DCOPY:T :: COPY Directory Timestamps.

               /SEC :: copy files with SECurity (equivalent to /COPY:DATS).
           /COPYALL :: COPY ALL file info (equivalent to /COPY:DATSOU).
            /NOCOPY :: COPY NO file info (useful with /PURGE).

            /SECFIX :: FIX file SECurity on all files, even skipped files.
            /TIMFIX :: FIX file TIMes on all files, even skipped files.

             /PURGE :: delete dest files/dirs that no longer exist in source.
               /MIR :: MIRror a directory tree (equivalent to /E plus /PURGE).

               /MOV :: MOVe files (delete from source after copying).
              /MOVE :: MOVE files AND dirs (delete from source after copying).

     /A+:[RASHCNET] :: add the given Attributes to copied files.
     /A-:[RASHCNET] :: remove the given Attributes from copied files.

            /CREATE :: CREATE directory tree and zero-length files only.
               /FAT :: create destination files using 8.3 FAT file names only.
               /256 :: turn off very long path (> 256 characters) support.

             /MON:n :: MONitor source; run again when more than n changes seen.
             /MOT:m :: MOnitor source; run again in m minutes Time, if changed.

      /RH:hhmm-hhmm :: Run Hours - times when new copies may be started.
                /PF :: check run hours on a Per File (not per pass) basis.

             /IPG:n :: Inter-Packet Gap (ms), to free bandwidth on slow lines.

                 /SL:: copy symbolic links versus the target.
:: File Selection Options :
                 /A :: copy only files with the Archive attribute set.
                 /M :: copy only files with the Archive attribute and reset it.
    /IA:[RASHCNETO] :: Include only files with any of the given Attributes set.
    /XA:[RASHCNETO] :: eXclude files with any of the given Attributes set.

 /XF file [file]... :: eXclude Files matching given names/paths/wildcards.
 /XD dirs [dirs]... :: eXclude Directories matching given names/paths.

                /XC :: eXclude Changed files.
                /XN :: eXclude Newer files.
                /XO :: eXclude Older files.
                /XX :: eXclude eXtra files and directories.
                /XL :: eXclude Lonely files and directories.
                /IS :: Include Same files.
                /IT :: Include Tweaked files.

             /MAX:n :: MAXimum file size - exclude files bigger than n bytes.
             /MIN:n :: MINimum file size - exclude files smaller than n bytes.

          /MAXAGE:n :: MAXimum file AGE - exclude files older than n days/date.
          /MINAGE:n :: MINimum file AGE - exclude files newer than n days/date.
          /MAXLAD:n :: MAXimum Last Access Date - exclude files unused since n.
          /MINLAD:n :: MINimum Last Access Date - exclude files used since n.
                       (If n < 1900 then n = n days, else n = YYYYMMDD date).

                /XJ :: eXclude Junction points. (normally included by default).

               /FFT :: assume FAT File Times (2-second granularity).
               /DST :: compensate for one-hour DST time differences.

               /XJD :: eXclude Junction points for Directories.
               /XJF :: eXclude Junction points for Files.

:: Retry Options :
               /R:n :: number of Retries on failed copies: default 1 million.
               /W:n :: Wait time between retries: default is 30 seconds.

               /REG :: Save /R:n and /W:n in the Registry as default settings.

               /TBD :: wait for sharenames To Be Defined (retry error 67).

:: Logging Options :
                 /L :: List only - don't copy, timestamp or delete any files.
                 /X :: report all eXtra files, not just those selected.
                 /V :: produce Verbose output, showing skipped files.
                /TS :: include source file Time Stamps in the output.
                /FP :: include Full Pathname of files in the output.
             /BYTES :: Print sizes as bytes.

                /NS :: No Size - don't log file sizes.
                /NC :: No Class - don't log file classes.
               /NFL :: No File List - don't log file names.
               /NDL :: No Directory List - don't log directory names.

                /NP :: No Progress - don't display % copied.
               /ETA :: show Estimated Time of Arrival of copied files.

          /LOG:file :: output status to LOG file (overwrite existing log).
         /LOG+:file :: output status to LOG file (append to existing log).

       /UNILOG:file :: output status to LOG file as UNICODE (overwrite existing log).
      /UNILOG+:file :: output status to LOG file as UNICODE (append to existing log).

               /TEE :: output to console window, as well as the log file.

               /NJH :: No Job Header.
               /NJS :: No Job Summary.

           /UNICODE :: output status as UNICODE.

:: Job Options :
       /JOB:jobname :: take parameters from the named JOB file.
      /SAVE:jobname :: SAVE parameters to the named job file
              /QUIT :: QUIT after processing command line (to view parameters).
              /NOSD :: NO Source Directory is specified.
              /NODD :: NO Destination Directory is specified.
                /IF :: Include the following Files.



SSIS Setting Variables in SQL Agent Job Scheduler (Job Properties)

by 30. October 2008 14:39

You can use the "Set Values" tab on the "Job Step" properties page to set SSIS variable values by placing the path to the variable in the "Property Path" column (e.g. Global variable syntax: "\Package.Variables[User::MyGlobalVariable].Properties[Value]" Object variable syntax: "\Package\MyObject.Variables[User::MyObjectVariable].Value") and the corresponding value in the "Value" column (e.g. "This is a static string variable value...").  NOTE: Do not include quotes in the "Property Path" and "Value" data when entering it into the editor.  Here is a screenshot example:



SSIS Error Converting String to Number (Possible Data Truncation)

by 23. October 2008 13:43



Oracle Equivelant of SQL sysobjects and syscolumns

by 22. October 2008 15:36

Tables: all_tables Columns: all_tab_columns



Oracle | SQL Server

Windows System Startup and Registry Research Tools

by 20. October 2008 19:06

msconfig (run from Start > Run)




Error Using Interop.SourceTypeLib.dll on Machine without VSS Installation

by 20. October 2008 14:27

Error: Retrieving the COM class factory for component with CLSID {783CD4E4- 9D54-11CF-B8EE-00608CC9A71F} failed due to the following error: 80040154.

Received when installing a .MSI (built in VS2008) onto a server that doesn't contain VSS application installation.  The VS2008 project was referencing Interop.SourceSafeTypeLib.dll (which was being copied into the insallation directory).  To resolve this issue I needed to also copy SSAPI.dll (from the local development machine VSS program directory) into the deployment folder on the target machine and register it (e.g. regsvr32 .../ssapi.dll where .../ is the actual path of the dll file).  Additionally, you will need a sub-folder (in the folder containing the ssapi.dll) and a copy of the ssui.dll in that folder (see diagram below).  The attached zip file contains the 3 dll's referenced below.


C:\Program Files\Microsoft Visual SourceSafe\ssapi.dll  [Target]\ssapi.dll (run regsvr32 on this one) 
C:\Program Files\Microsoft Visual SourceSafe\1033\ssui.dll [Target]\1033\ssui.dll (must be in 1033 sub-folder)
<Don't know where it originates from> [Target]\Interop.SourceSafeTypeLib.dll (488.50 kb)



ASP.Net File System Website Build/Run Error

by 17. October 2008 14:00

Error 16 Request for the permission of type 'System.Web.AspNetHostingPermission, System, Version=, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.

In my case this error was most likely due to a file/folder level permission issue.  I was running a file system website in my VS2008 and received this error when attempting to build/run the web site.  When I moved the web site folder from the original network location (my H: drive) to my local C: drive the error went away.





C# convert ArrayList into delimited string

by 14. October 2008 13:47

System.Collections.ArrayList myArrayList = new System.Collections.ArrayList();
for(int i = 0; i < 10; i++)
string myDelimeter = ",";
string myDelimitedList = string.Join(myDelimiter, (string[])myArrayList.ToArray(typeof(string)));
// output would be: "1,2,3,4,5,6,7,8,9"



HTML Format Issue - Gaps around images in table cells

by 7. October 2008 15:04

Having a line feed in the HTML source can cause an gap (what would appear to be a padding issue).

    <td> <!-- the line feed here can cause spacing issues -->
      <img src="..." style="width: 100px; height: 100px" />
    </td> <!-- the line feed here can cause spacing issues -->

    <td><img src="..." style="width: 100px; height: 100px" /></td>



LINQ to SQL Error: Cannot access a disposed object.

by 3. October 2008 14:48

LINQ to SQL Error:

Cannot access a disposed object.
Object name: 'DataContext accessed after Dispose.'.

One case that case cause this error is when related table/object doesn't have any rows and the parent object is used outside of the scope of the DataContext object that instantiated it.


public static tbl_LoanRequest GetLoanRequest(Guid LoanRequestID)
  using (BidMortgageDataContext bmdb = new BidMortgageDataContext())
    tbl_LoanRequest LoanRequestTable = bmdb.tbl_LoanRequests.SingleOrDefault(r => r.LoanRequestID == LoanRequestID);
    if (LoanRequestTable == null)
      LoanRequestTable = new tbl_LoanRequest();
    else if (LoanRequestTable.LoanRequestBids.Count() == 0)
      LoanRequestTable.LoanRequestBids = new System.Data.Linq.EntitySet<LoanRequestBid>();  // This line prevents the error.
    return LoanRequestTable;



Virtual PC - Copying image that was connected to a domain

by 29. September 2008 15:59

Virtual PC - Copying image that was connected to a domain
There are a few issues that you need to deal with if the VM is joined to the domain. You will need to copy the relevant .vhd (disk image) and .vmc (config) files from the source, and then either:

  1. Run sysprep on your copy (may break some software installs)
  2. Or, manually change machine name
    • remove your copy from the domain (must be while disconnected from the network)
    • run newsid on the vm (available from sysinternals)
    • rename the vm
    • rejoin the vm to the domain


Virtual PC

LINQ to SQL Links

by 14. September 2008 03:52



SQL Transfer Object Between Schemas

by 14. September 2008 02:36

alterschema NewSchemaHere transfer ExistingSchemaHere.ObjectNameHere

Example: alter schema dbo transfer jpesch.tbl_SomeTable

This would transfer the table (tbl_SomeTable) from jpesch to dbo



SQL Server

C# Regular Expression Date

by 12. September 2008 20:19

Author: Pujitha Sendanayake    01 Sep 2006 
Original Article:
c# Date validator function with Leap Year handling
public bool isDate(string strDate)
string strRegex = @"((^(10|12|0?[13578])([/])(3[01]|[12][0-9]|0?[1-9])([/])((1[8-9]\d{2})|([2-9]\d{3}))$)|(^(11|0?[469])([/])(30|[12][0-9]|0?[1-9])([/])((1[8-9]\d{2})|([2-9]\d{3}))$)|(^(0?2)([/])(2[0-8]|1[0-9]|0?[1- 9])([/])((1[8-9]\d{2})|([2-9]\d{3}))$)|(^(0?2)([/])(29)([/])([2468][048]00)$)|(^(0?2)([/])(29)([/])([3579][26]00)$)|(^(0?2)([/])(29)([/])([1][89][0][48])$)|(^(0?2)([/])(29)([/])([2-9][0-9][0][48])$)|(^(0?2)([/])(29)([/])([1][89][2468][048])$)|(^(0?2)([/])(29)([/])([2-9][0-9][2468][048])$)|(^(0?2)([/])(29)([/])([1][89][13579][26])$)|(^(0?2)([/])(29)([/])([2-9][0-9][13579][26])$))";

Regex re = new Regex(strRegex);
if (re.IsMatch(strDate))
return (true);
return (false);

This function will validate any date from 1800 -to 9999.
Also It will handle leap years.
Allowed formats are mm/dd/yyyy , m/dd/yyyy , mm/d/yyyy , m/d/yyyy.




C# Regular Expression Date Validation

by 12. September 2008 20:15

Author: Pujitha Sendanayake    01 Sep 2006 
Original Article:
c# Date validator function with Leap Year handling
public bool isDate(string strDate)
string strRegex = @"((^(10|12|0?[13578])([/])(3[01]|[12][0-9]|0?[1-9])([/])((1[8-9]\d{2})|([2-9]\d{3}))$)|(^(11|0?[469])([/])(30|[12][0-9]|0?[1-9])([/])((1[8-9]\d{2})|([2-9]\d{3}))$)|(^(0?2)([/])(2[0-8]|1[0-9]|0?[1- 9])([/])((1[8-9]\d{2})|([2-9]\d{3}))$)|(^(0?2)([/])(29)([/])([2468][048]00)$)|(^(0?2)([/])(29)([/])([3579][26]00)$)|(^(0?2)([/])(29)([/])([1][89][0][48])$)|(^(0?2)([/])(29)([/])([2-9][0-9][0][48])$)|(^(0?2)([/])(29)([/])([1][89][2468][048])$)|(^(0?2)([/])(29)([/])([2-9][0-9][2468][048])$)|(^(0?2)([/])(29)([/])([1][89][13579][26])$)|(^(0?2)([/])(29)([/])([2-9][0-9][13579][26])$))";

Regex re = new Regex(strRegex);
if (re.IsMatch(strDate))
return (true);
return (false);

This function will validate any date from 1800 -to 9999.
Also It will handle leap years.
Allowed formats are mm/dd/yyyy , m/dd/yyyy , mm/d/yyyy , m/d/yyyy.




SQL Server Convert UTC to Local Time

by 27. August 2008 19:06

The following SQL statement assumes you have a variable named @UTCDate that contains a UTC date value, the result will be the conversion of that UTC date value into a local time zone value (based on the server configuration settings from which you are running the statement).

select dateAdd(hour, datediff(hour, getutcdate(), getdate()), @UTCDate)

Side Note: ASP.Net Authentication, Workflow Foundation Persistence, etc. stores dates (such as aspnet_Membership.LastLoginDate, aspnet_Users.LastActivityDate, dbo.nextTimer, etc. in UTC time).


SQL Server

ASP.Net Authentication/Role Management Problem - Losing Authentication

by 26. August 2008 19:46

Strange behavior was occurring on a web application, user login, access secure pages, when a page would reference User.IsInRole() method the user would lose their authentication (i.e. they would be logged off without realizing it).  The page making the call would finish loading properly; however, the next page request (either back to that page or to any other secure page) would result in the user being immediately kicked back out to the login screen.  It turns out in this case the issue was due to conflicting (or more specifically overlapping) web.config settings as it pertains to the security settings.  Specifically, the system.web/authentication/forms@name setting cannot be the same as the system.web/roleManager@cookieName.  As shown in the sample below, they have been appropriately given different values (i.e. ".MyAppAuth" and ".MyAppRoles" respectively).  The problem occurs if both settings have the same values they will overwrite each others cookies, in this case the call to the User.IsInRole() was writing over the authentication cookie thereby effectively causing the user to lose their authentication.

<!-- BEG: Security -->
<authentication mode="Forms">
  <forms name=".MyAppAuth" loginUrl="Login.aspx" defaultUrl="Menu.aspx" protection="All" timeout="30" path="/"
         requireSSL="false" slidingExpiration="true" cookieless="UseDeviceProfile" domain="" enableCrossAppRedirects="false">
    <credentials passwordFormat="SHA1"/>
<!-- BEG: Membership -->
<membership defaultProvider="MyAppSecurity">
    <add name="MyAppSecurity" type="System.Web.Security.SqlMembershipProvider" connectionStringName="SQL"
         enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" applicationName="MyApp"
         requiresUniqueEmail="true" passwordFormat="Hashed" maxInvalidPasswordAttempts="3" minRequiredPasswordLength="6"
         minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="5" passwordStrengthRegularExpression="" />
<!-- END: Membership -->
<!-- BEG: Roles -->
<roleManager enabled="true" cacheRolesInCookie="true" cookieName=".MyAppRoles" cookieTimeout="30" cookiePath="/"
             cookieRequireSSL="false" cookieSlidingExpiration="true" cookieProtection="All" defaultProvider="MyAppRoles">
    <add name="MyAppRoles" type="System.Web.Security.SqlRoleProvider" connectionStringName="SQL" applicationName="MyApp" />
<!-- END: Roles -->
  <deny users="?"></deny>
<!-- BEG: Security -->