Joseph Michael Pesch
VP Programming

ASP.Net Membership Password Management

by 25. August 2008 23:31

Original source: http://mishler.net/PermaLink,guid,ea65afc0-2970-46f1-9412-4b57bbd906f4.aspx

The Asp.net membership provider was designed to allow for self-service password management but through an understanding of the configuration options as well as a combined use certain provider methods, web site administrators can effectively manage member passwords.  This article briefly summarizes the various settings and methods which can be combined to administratively manage passwords in an Asp.Net membership system based on the default SQLMembershipProvider.

The following (web.config) configuration options define how the AspNetSqlMembershipProvider behaves:

enablePasswordRetrieval – Enables/disables the membership provider’s GetPassword method. Note that GetPassword will always throw an exception if the user’s password is hashed. Default value is false.  Requires the password answer unless “requiresQuestionAndAnswer” in web.config is set to false.

enablePasswordReset – Enables/disables the membership provider’s ResetPassword method, which can be used to produce a randomly generated password. Default value is true.  ResetPassword requires the user’s passwordAnswer unless “requiresQuestionAndAnswer” in web.config is set to false.

requiresQuestionAndAnswer – Alters the behavior of the GetPassword and ResetPassword methods to require or not require the password answer parameter. Default value is true. This method is the key for administrative management of passwords since, by turning it off, administrators can retrieve or reset passwords.

passwordFormat – Defines how passwords will be stored when membership records are created. Note that once a membership record has been created, functions such as ChangePassword and ResetPassword will continue to store the credentials in the original passwordFormat, even if web.config is changed to use a different password format.

Clear the password and password answer are stored in clear text. The passwordSalt field (in the database) is left blank.
Encrypted the password, password answer and passwordSalt are stored in an encrypted format within the database using the key information supplied in the machineKey element of web.config
Hashed the password and password answer are hashed using a one-way hash algorithm and a randomly generated passwordSalt value.

Microsoft set the default value of passwordFormat to Hashed in order to promote their secure web initiative but for many applications, this level of security is overkill and can create inconveniences in managing passwords.

Given the above information, there are a number of approaches that can be taken to administratively manage membership passwords. Note that “administrative” management implies that the administrator does not know the member’s password or password answer.

Retrieving a member’s password

The GetPassword method may be used to retrieve a member’s password and, at first glance, appears to require the password answer. By setting “requiresQuestionAndAnswer” to false in web.config, the GetPassword method can be called with an empty password answer and therefore can be effectively used to administratively retrieve a member’s password. Note that “enablePasswordRetrieval” must be set to true in web.config to enable the GetPassword method:

If password is:

Clear Simply call the GetPassword method with the username and without the need for a password answer to retrieve the password.
Encrypted Simply call the GetPassword method with the username and without the need for a password answer to retrieve the password.
Hashed Not possible, however the password may be reset as described below.

In Visual Basic, you can call the shared GetPassword method as illustrated below. Note that the second parameter would be for the password answer if “requiresQuestionAndAnswer” were true in web.config.

Dim password As String = Membership.Provider.GetPassword(userName, String.Empty)

Resetting a member’s password

The ResetPassword method may be used to generate a new, randomly generated password and, at first glance, appears to require the user’s password answer. By setting “requiresQuestionAndAnswer” to false in web.config, the ResetPassword method can be called with an empty password answer to set a user’s password to some new randomly generated value.  ResetPassword works with all password formats (clear, encrypted, hashed).

In Visual Basic, you can call the shared ResetPassword method as illustrated below. Note that you can pass Nothing for the second parameter, passwordAnswer.

Dim newPassword As String = Membership.Provider.ResetPassword(username, Nothing)

Changing a member’s password

In some organizations, a Customer Service department may wish to change a user’s password to a new known value, perhaps in response to a customer request. The ChangePassword method, which appears to handle this need, unfortunately requires the original user password which is usually unavailable to the site administrator. By setting “requiresQuestionAndAnswer” to false, “enablePasswordRetrieval” to true and “enablePasswordReset” to true in web.config, the ResetPassword and ChangePassword methods can be used to change a user’s password to a known value, regardless of the password format:

Clear text Call the GetPassword method with the username and without the need for a password answer to retrieve the password. Now, armed with the password, call ChangePassword to set the password to a desired value.
Encrypted Call the GetPassword method with the username and without the need for a password answer to retrieve the password. Now, armed with the password, call ChangePassword to set the password to a desired value.
Hashed Call the ResetPassword method with the username and without the need for a password answer to reset the password to a new random value. Using the newly generated password, call ChangePassword to set the password to a desired value.

Changing a member’s Password Question and Password Answer

In some situations, the Customer Service department may wish to modify a member’s Password Question and Password Answer. This is easily accomplished if passwords are encrypted or maintained in clear text. For hashed passwords, however, a password-reset is also required since the provider method, ChangePasswordQuestionAndAnswer, requires the member’s password which is not retrievable. By setting “requiresQuestionAndAnswer” to false, “enablePasswordRetrieval” to true and “enablePasswordReset” to true in web.config, the member’s Password Question and Password Answer may be reset:

Clear text Call the GetPassword method with the username and without the need for a password answer to retrieve the password. Now, armed with the password, call ChangePasswordQuestionAndAnswer to set the Password Question and Password Answer to a desired value.
Encrypted Call the GetPassword method with the username and without the need for a password answer to retrieve the password. Now, armed with the password, call ChangePasswordQuestionAndAnswer to set the Password Question and Password Answer to a desired value.
Hashed Call the ResetPassword method with the username and without the need for a password answer to reset the password to a new random value. Using the newly generated password, call ChangePasswordQuestionAndAnswer to set the Password Question and Password Answer to a desired value. Optionally call ChangePassword to set the password to a more user-friendly value.

Changing the password format

As web sites mature, website administrators sometimes regret their original (sometimes unintended) choice in passwordFormat when using the AspNetSqlMembershipProvider. That is, membership passwords may be clear text when a hashed format is desired or vice versa. Microsoft’s decision to implement hashing in the default AspNetSqlMembershipProvider was wise and conservative but for many web sites with minimal security requirements, the password system can become cumbersome.  By directly calling a couple of the AspNet stored procedures, it is possible to change the password format:

Note: If the passwordFormat is initially “Clear” or “Encrypted”, use the membership.provider.GetPassword method to cache the original password before calling the stored procedures.

  1. Use the stored procedure aspnet Membership GetPasswordWithFormat to retrieve the current passwordSalt.
  2. Use the stored procedure aspnet Membership ResetPassword to set the passwordFormat to its intended (integer) value. The stored procedure requires readily available parameter values including passwordSalt (retrieved earlier), password (empty string) and passwordAnswer (Null).

At this point, the membership record has been placed into an initialized (unusable) state and the PasswordAnswer has been lost. If the original password was hashed, then it too will be unrecoverable.  The provider methods listed below and described in previous sections allow for resetting the credentials and, as they are used, the password and password answer will be stored in the new password format (clear, encrypted, hashed.)

  1. Call the ResetPassword method to generate and retrieve a new random Password. Remember that the second parameter (answer) is not required if “requiresQuestionAndAnswer” is set to false in web.config.
  2. Call the ChangePassword method, using the now-current password retrieved in the previous step, to set the password to a desired value.  If the original password was saved at the start of the procedure, it may be restored at this point.

For originally un-hashed passwords, the preceding steps allow for a change of passwordFormat with complete restoration of the original password.

The Password Answer could have easily been retrieved from the database at the outset if it was stored in clear text. In the case of an encrypted Password Answer, a more complicated approach which involves the provider’s protected DecryptPassword method could have been used to cache the original Password Answer.  If the original Password Answer were available, it could be restored with a call to the ChangePasswordQuestionAndAnswer provider method.

So, what can be done if the Password and/or Password Answer had to be sacrificed in favor of a new passwordFormat?  One solution might be to reset everyone’s credentials then send them by Email. Another solution might be to place a notice onto the web site that informs users and provides further instructions. Either way, the web site should leverage the self-service membership controls which allow the member to reset his/her own credentials.  The following outlines a series of steps that can be taken:

  1. A new arbitrary password can be assigned using either the ResetPassword or ChangePassword provider method. Similarly, a new arbitrary Password Question and Password Answer can be assigned using the ChangePasswordQuestionAndAnswer provider method.
  2. Since the user will not know his/her new credentials, ensure the Login Control includes the necessary properties (PasswordRecoveryText and PasswordRecoveryURL) to link the user to a page that includes a PasswordRecovery Control.
  3. Recall that the PasswordRecovery Control is driven by the provider settings in web.config. In particular, ensure that “requiresQuestionAndAnswer” is set to false so the PasswordRecovery Control does not prompt the user for a Password Answer. Also, ensure that the SMTP setting is specified in web.config so that the Email will be sent. If the membership record uses a hashed password format then a new (random) password will be sent, otherwise the password you assigned in the previous step will be sent.

Conclusion

Armed with a little knowledge, it is possible to use the membership provider methods to perform basic administrative functions for an otherwise self-service web site. It is possible (although probably undesirable) to have a mix of clear, encrypted and hashed passwords in the same database. Depending on the passwordFormat for a particular record, varying levels of administrative control are available. For the AspNetSqlMembershipProvider, it is possible to change the passwordFormat for a particular record using a combination of built-in stored procedure calls and membership provider methods.

Microsoft has done a good job in engineering the membership provider system and has really left no security holes. The procedures outlined here utilize a combination of built-in stored procedures as well as standard provider methods to accomplish certain activities that are routinely required of site administrators.

Tags:

ASP.Net

ASP.Net Accessing Page Object in WebControl

by 25. August 2008 15:47

Here is an example of performing a Page.Validate() from code in a WebControl...

Page page = HttpContext.Current.Handler as Page;
page.Validate("ConsumerProfile");

Tags:

ASP.Net

ASP.Net MessageBox Equivalent

by 21. August 2008 14:32

Tags:

ASP.Net

ASP.Net Streaming Flash Content

by 21. August 2008 14:23

Tags:

ASP.Net

ASP.Net Capturing HTML Stream

by 20. August 2008 23:31

Capture the stream during render...

protected override void Render(HtmlTextWriter output) {
    if ( (HasControls()) && (Controls[0] is LiteralControl) ) {
        output.Write("<H2>Your Message: " + ((LiteralControl) Controls[0]).Text + "</H2>");
    }
}


Generic code for ASP.Net web site...

The code below also demonstrates accessing web page context (things such as Server, Request, Response, etc.) from an external class (e.g. from a class that is being called by a web page) by using the System.Web.HttpContext.Current.

public static string ReadHtmlPage(string URL, bool RemoveTextLineFeeds)
{
  string html = "";
  if (URL.StartsWith("http"))
  {
    // For external http requests we need to use an actual http request.
    HttpWebRequest request = (HttpWebRequest)HttpWebRequest.Create(URL);
    using (Stream stream = request.GetResponse().GetResponseStream())
    {
      using (StreamReader reader = new StreamReader(stream))
      {
        html = reader.ReadToEnd();
      }
    }
  }
  else
  {
    // For non-http (i.e. internal) requests we assume a Server.Execute() will be appropriate.
    System.IO.StringWriter writer = new System.IO.StringWriter();
    System.Web.HttpContext.Current.Server.Execute(URL, writer);
    html = writer.ToString();
  }
  // When reading back the html into a string, it seems to typically have \r\n representation of line feeds that we can safely remove.
  if (RemoveTextLineFeeds)
    return html.Replace("\r\n", "");
  else
    return html;
}


Sample from HTSM360 Short Application form:

  ///<summary>

  /// Overridden to handle Confirmation of the order by

  /// capturing the HTTP output and emailing it.

  ///</summary>

  ///<param name="writer"></param>

  protected override void Render(HtmlTextWriter writer)

  {

    // *** Write the HTML into this string builder

    StringBuilder sb = new StringBuilder();

    StringWriter sw = new StringWriter(sb);

    HtmlTextWriter hWriter = new HtmlTextWriter(sw);

    base.Render(hWriter);

    // *** store to a string

    string PageResult = sb.ToString();

    // *** Write it back to the server

    writer.Write(PageResult);

    string ErrorMessage = "";

    if (ValidSubmission)

    {

      HowToTorial.Mail.SendMail("Sender", "Sender", "Receiver", "Short Application", true, PageResult, ref ErrorMessage);

    }

  }

 

 


Links to resources...

http://odetocode.com/Articles/162.aspx

http://bytes.com/forum/thread115349.html

http://forums.asp.net/p/471841/485661.aspx#485661

http://www.velocityreviews.com/forums/t97151-httpresponse-capture-or-redirect-stream.html

Not directly related, but interesting...

http://69.10.233.10/KB/aspnet/fastload.aspx?display=Print

Tags:

[None]

ASP.Net Custom Configuration Setting

by 19. August 2008 16:50

Sample Code

using System.Collections;
using System.Collections.Generic;
using System.Collections.Specialized;

void Test()
{
  IDictionary singleTag = (IDictionary)ConfigurationSettings.GetConfig("MySingleTagSection");
   NameValueCollection nameValue = (NameValueCollection)ConfigurationSettings.GetConfig("MyNameValueSection");
   Hashtable dictionary = (Hashtable)ConfigurationSettings.GetConfig("MyDictionarySection");
   NameValueCollection nameValueGroup = (NameValueCollection)ConfigurationSettings.GetConfig("MySectionGroup/MySection1");
   System.Diagnostics.Debug.WriteLine((string)singleTag["sample1"]);
   System.Diagnostics.Debug.WriteLine((string)nameValue["key1"]);
   System.Diagnostics.Debug.WriteLine((string)dictionary["key1"]);
   System.Diagnostics.Debug.WriteLine((string)nameValueGroup["key1"]);
}

 


App.Config

<?xml version="1.0" encoding="utf-8" ?>
<configuration>
  <configSections>
    <section name="MySingleTagSection" type="System.Configuration.SingleTagSectionHandler"/>
    <section name="MyDictionarySection" type="System.Configuration.DictionarySectionHandler"/>
    <section name="MyNameValueSection" type="System.Configuration.NameValueSectionHandler"/>
    <sectionGroup name="MySectionGroup">
      <section name="MySection1" type="System.Configuration.NameValueSectionHandler"/>
      <section name="MySection2" type="System.Configuration.NameValueSectionHandler"/>
    </sectionGroup>
  </configSections>
  <MySingleTagSection sample1="value1" sample2="value2" sample3="value3"/>
  <MyDictionarySection>
    <add key="key1" value="value1"/>
    <add key="key2" value="value2"/>
  </MyDictionarySection>
  <MyNameValueSection>
    <add key="key1" value="value1"/>
    <add key="key2" value="value2"/>
  </MyNameValueSection>
  <MySectionGroup>
    <MySection1>
      <add key="key1" value="value1"/>
      <add key="key2" value="value2"/>
    </MySection1>
    <MySection2>
      <add key="key1" value="value1"/>
      <add key="key2" value="value2"/>
    </MySection2>
  </MySectionGroup>
</configuration>

Tags:

[None]

SQL Server 2005 Authentication Mode

by 15. August 2008 14:44

Youcan change dht authentication mode between "Windows Authentication" and "Mixed Mode" after installation by changing a single registry value (shown below).  Value of 1 = "Windows Authentication Mode" value of 2 = "Mixed Authentication Mode".

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft SQL Server\MSSQL.1\MSSQLServer]
"LoginMode"=dword:00000001

Additionally, to enable the sa login by using Transact-SQL
Execute the following statements to enable the sa password and assign a password.

ALTER LOGIN sa ENABLE;
GO
ALTER LOGIN sa WITH PASSWORD = '';
GO

To enable the sa login by using Management Studio
In Object Explorer, expand Security, expand Logins, right-click sa, and then click Properties.
On the General page, you might have to create and confirm a password for the sa login.
On the Status page, in the Login section, click Enabled, and then click OK.

Tags:

SQL Server

ASP.Net File Manager

by 14. August 2008 14:44

Basic framework to support ASP.Net web page hosting of file management.  Consists of SQL script to install database objects along with ASP.Net web site components.

NOTE: This is built to work with the ASP.Net user framework (i.e. the aspnet_... objects).

Run %systemroot%\Microsoft.NET\Framework\v2.0.50727\aspnet_regsql.exe to install the ASP.Net user framework.

SQL Script: FileContentManager.sql (8.29 kb)

ASP.Net Web Site: FileManager.zip (42.26 kb)

Tags:

ASP.Net

ASP.Net Sending Email

by 13. August 2008 22:28

Web.Config Sample:
<system.net>
 <mailSettings>
   <smtp deliveryMethod="network" from="ASP.Net.Test@ImpacCompanies.com">
     <network host="mailrelay" port="25" defaultCredentials="true"/>
   </smtp>
 </mailSettings>
</system.net>

 

Tags:

[None]

Building Workflow Services (WF+WCF) with Visual Studio 2008

by 13. August 2008 15:25

WEBCAST: Building Workflow Services (WF+WCF) with Visual Studio 2008

The Windows Communication Foundation (WCF) and Windows Workflow Foundation (WF) are two very relevant technologies within .NET 3.x for Public Sector applications. WCF represents a total unification layer for building connected systems and WF provides a powerful foundation for process reengineering. Combine them and you have an unbelievable set of capabilities for building robust enterprise application that involve both process automation as well as human and machine to machine workflow and process communication. Come learn the basis of how to build WCF services using workflow foundation in Visual Studio 2008.

When

Friday, February 22, 2008

2:00P-3:30P EST (11:00A-12:30P PST)

Register at this link:

 

http://msevents.microsoft.com/CUI/EventDetail.aspx?EventID=1032366132&Culture=en-US

Tags:

Windows Communication Foundation | Workflow Foundation

SQL Server Identity Columns vs. Oracle Sequence Numbers

by 12. August 2008 21:28

In SQL server you create an identity column like the sample below which creates an identity column with seed value of 1 and increment value of 1.  Then when you insert records the column value is incremented and set automatically.

SQL Server Sample:
create table #MyTable(RecID int identity(1,1), MyData varchar(50))
insert into #MyTable(MyData) values('This is a test')
insert into #MyTable(MyData) values('This is another test')
select * from #MyTable
drop table #MyTable

Not so in Oracle.  There you create the integer column; however, you must manually increment and set the column value as part of your insert statement.  You can use a Sequence object (after you create one) as shown below.

create sequence MySequence minvalue 1 maxvalue 999999999999 start with 1 increment by 1 cache 20
create table imdw.MyTable(RecID int, MyData varchar2(50))
insert into imdw.MyTable(RecID, MyData) values(MySequence.nextval, 'This is a test')
insert into imdw.MyTable(RecID, MyData) values(MySequence.nextval, 'This is another test')
select * from imdw.MyTable
drop table imdw.MyTable
drop sequence MySequence

In both cases you should get the following result set:

 RecID MyData 
 1 This is a test 
 2 This is another test

Tags:

Oracle | SQL Server

SQL Server Split Function

by 12. August 2008 18:39

CREATE FUNCTION dbo.fnSplit(
    @sInputList VARCHAR(8000) -- List of delimited items
  , @sDelimiter VARCHAR(8000) = ',' -- delimiter that separates items
) RETURNS @List TABLE (recid int identity(1,1), item VARCHAR(8000))
BEGIN
-- Adapted from: http://searchvb.techtarget.com/tip/0,289483,sid8_gci932171,00.html
-- Added recid (identity column)
-- Tests
/*
  select * from fnSplit('12345', ',')
  select * from fnSplit('1,22,333,444,,5555,666', ',')
  select * from fnSplit('1##22#333##444','##')  --note second item has embedded #
  select * from fnSplit('1 22 333 444  5555 666', ' ')
*/
DECLARE @sItem VARCHAR(8000)
WHILE CHARINDEX(@sDelimiter,@sInputList,0) <> 0
 BEGIN
 SELECT
  @sItem=RTRIM(LTRIM(SUBSTRING(@sInputList,1,CHARINDEX(@sDelimiter,@sInputList,0)-1))),
  @sInputList=RTRIM(LTRIM(SUBSTRING(@sInputList,CHARINDEX(@sDelimiter,@sInputList,0)+LEN(@sDelimiter),LEN(@sInputList))))
 
 IF LEN(@sItem) > 0
  INSERT INTO @List SELECT @sItem
 END
IF LEN(@sInputList) > 0
 INSERT INTO @List SELECT @sInputList -- Put the last item in
RETURN
END
GO


Sample Usage via a Cursor:


declare
@recid int
, @item varchar(8000)
, @SampleData varchar(50)
set @SampleData = 'Item1,Item2,Item3,Item4,Item5'
declare split cursor for select * from dbo.fnSplit(@SampleData, ',')
open split
while 1=1 begin
fetch next from split into @recid, @item
if @@fetch_status <> 0 break
-- Do something here...
select @recid, @item
end
close split
deallocate split

Tags:

SQL Server

Workflow Hosted via Windows Communication Foundation

by 11. August 2008 22:22

Instance management techniques for WFC: http://msdn.microsoft.com/en-us/magazine/cc163590.aspx

Windows Communication Foundation (WCF), Windows Workflow Foundation (WF) and Windows CardSpace Samples

Brief Description
Samples for Windows Communication Foundation (WCF), Windows Workflow Foundation (WF) and Windows CardSpace

http://www.microsoft.com/downloads/details.aspx?FamilyId=2611A6FF-FD2D-4F5B-A672-C002F1C09CCD&displaylang=en

Tags:

Windows Communication Foundation | Workflow Foundation

Workflow Foundation

by 11. August 2008 18:18

Workflow Persistence to SQL Server database, recommended to create two separate databases and run scripts as shown below. 

WorkflowPersistence (db) WorkflowPersistence.bak (1.46 mb) SqlPersistenceService_Schema.sql (4.20 kb) SqlPersistenceService_Logic.sql (23.34 kb)

WorkflowTracking (db) WorkflowTracking.bak (1.89 mb) Tracking_Schema.sql (49.61 kb) Tracking_Logic.sql (372.66 kb)

Note: The default location of attached SQL scripts listed above is: C:\Windows\Microsoft.NET\Framework\v3.0\Windows Workflow Foundation\SQL\EN

 

 

Tags:

Workflow Foundation

Remote Desktop Connections

by 11. August 2008 16:57

Connecting remotely using %SystemRoot%\System32\mstsc.exe (run with /? for list of command line parameters).

When attempting to connect via RDC, the server will typically only support a fixed number of active connections (in my experience with various Windows servers it is typically 2).  This means that only two different users can be connected at the same time.  Also, when users don’t log off properly (i.e. by closing the client window vs. actually logging off) their session stays connected even though they no longer have a client window open to it.  This is usefull if you want to leave a process running, leave windows open, etc., close your client window and re-connect later to pick up where you left off.  However, the downside is that you will be blocking one of the available connections thus preventing other new sessions.  Should the machine become inaccessible due to too many active connections you have four basic options of recovery (shown below).

  1. Launch "All Programs" > "Administrative Tools" > “Terminal Services Manager” and then expand the "All Listed Servers" treeview on the left pane.  You should see your domain name there, double-click to load list of all available machines.  Find the machine in question and click on it to view the active connections in the right pane.  You can right-click on any of the connections in the right pane and perform several actions such as ("Send Message", "Disconnect","Reset", etc.).  Typically, you will select "Reset" on the connections that are inactive.
  2. mstsc /console” command. This will launch the same Remote Desktop Client you use every day; however, it will connect you in Console Mode. Console Mode means connecting to the server as if you were actually on the server using the server’s keyboard and mouse.  Only one person can be connected in console mode at a time.  Once you get on the machine in Console Mode you can launch “Terminal Service Manager” to view the disconnected sessions and reset them to reclaim the connections as described in option 1 above.
  3. qwinsta /SERVER:servername” command. This display the connections on the machine in question.  You can then run "rwinsta {sessionname | sessionid} /SERVER:servername" command to reset the desired connection.
  4. Method of last resort, get on the physical machine and perform option 1 above.  This is the same as option 1 and 2 other than you need to get on the physical machine. 

Tags:

Windows

Asp.Net Intermittent Login Error

by 10. August 2008 04:43

This was happening sporadically (e.g. I was able to login without this error several times and then got the error other times, John seemed to get the error every time he attempted to login).  The strangest part of this issue is that there is nothing in the configuration the points to a SQL Express database.  There was only one connection string entry and it pointed to the standard SQL database being used elsewhere in the site and in other sites (i.e. HTT, RoadAdz, etc.).  For testing purposes I created a new site with full copy of the original site, except for the web.config file which I created fresh in the new site.  So far the new site has not produced this error, emailed John 8/8 @ 11:02pm asking him to try the new site and provide me his feedback.  Waiting on Johns response to proceed.

Here is the error message: 

Server Error in '/' Application.


An error has occurred while establishing a connection to the server.  When connecting to SQL Server 2005, this failure may be caused by the fact that under the default settings SQL Server does not allow remote connections. (provider: Shared Memory Provider, error: 40 - Could not open a connection to SQL Server)

Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.
SQLExpress database file auto-creation error:

The connection string specifies a local Sql Server Express instance using a database location within the applications App_Data directory. The provider attempted to automatically create the application services database because the provider determined that the database does not exist. The following configuration requirements are necessary to successfully check for existence of the application services database and automatically create the application services database:

  1. If the applications App_Data directory does not already exist, the web server account must have read and write access to the applications directory. This is necessary because the web server account will automatically create the App_Data directory if it does not already exist.
  2. If the applications App_Data directory already exists, the web server account only requires read and write access to the applications App_Data directory. This is necessary because the web server account will attempt to verify that the Sql Server Express database already exists within the applications App_Data directory. Revoking read access on the App_Data directory from the web server account will prevent the provider from correctly determining if the Sql Server Express database already exists. This will cause an error when the provider attempts to create a duplicate of an already existing database. Write access is required because the web server accounts credentials are used when creating the new database.
  3. Sql Server Express must be installed on the machine.
  4. The process identity for the web server account must have a local user profile. See the readme document for details on how to create a local user profile for both machine and domain accounts.


Source Error:

An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.

Stack Trace:

 

[SqlException (0x80131904): An error has occurred while establishing a connection to the server.  When connecting to SQL Server 2005, this failure may be caused by the fact that under the default settings SQL Server does not allow remote connections. (provider: Shared Memory Provider, error: 40 - Could not open a connection to SQL Server)]   System.Data.SqlClient.SqlInternalConnection.OnError(SqlException exception, Boolean breakConnection) +800131   System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject stateObj) +186   System.Data.SqlClient.TdsParser.Connect(ServerInfo serverInfo, SqlInternalConnectionTds connHandler, Boolean ignoreSniOpenTimeout, Int64 timerExpire, Boolean encrypt, Boolean trustServerCert, Boolean integratedSecurity, SqlConnection owningObject) +737554   System.Data.SqlClient.SqlInternalConnectionTds.AttemptOneLogin(ServerInfo serverInfo, String newPassword, Boolean ignoreSniOpenTimeout, Int64 timerExpire, SqlConnection owningObject) +114   System.Data.SqlClient.SqlInternalConnectionTds.LoginNoFailover(String host, String newPassword, Boolean redirectedUserInstance, SqlConnection owningObject, SqlConnectionString connectionOptions, Int64 timerStart) +421   System.Data.SqlClient.SqlInternalConnectionTds.OpenLoginEnlist(SqlConnection owningObject, SqlConnectionString connectionOptions, String newPassword, Boolean redirectedUserInstance) +181   System.Data.SqlClient.SqlInternalConnectionTds..ctor(DbConnectionPoolIdentity identity, SqlConnectionString connectionOptions, Object providerInfo, String newPassword, SqlConnection owningObject, Boolean redirectedUserInstance) +173   System.Data.SqlClient.SqlConnectionFactory.CreateConnection(DbConnectionOptions options, Object poolGroupProviderInfo, DbConnectionPool pool, DbConnection owningConnection) +133   System.Data.ProviderBase.DbConnectionFactory.CreateNonPooledConnection(DbConnection owningConnection, DbConnectionPoolGroup poolGroup) +27   System.Data.ProviderBase.DbConnectionFactory.GetConnection(DbConnection owningConnection) +47   System.Data.ProviderBase.DbConnectionClosed.OpenConnection(DbConnection outerConnection, DbConnectionFactory connectionFactory) +105   System.Data.SqlClient.SqlConnection.Open() +111   System.Web.Management.SqlServices.GetSqlConnection(String server, String user, String password, Boolean trusted, String connectionString) +68[HttpException (0x80004005): Unable to connect to SQL Server database.]   System.Web.Management.SqlServices.GetSqlConnection(String server, String user, String password, Boolean trusted, String connectionString) +124   System.Web.Management.SqlServices.SetupApplicationServices(String server, String user, String password, Boolean trusted, String connectionString, String database, String dbFileName, SqlFeatures features, Boolean install) +86   System.Web.Management.SqlServices.Install(String database, String dbFileName, String connectionString) +25   System.Web.DataAccess.SqlConnectionHelper.CreateMdfFile(String fullFileName, String dataDir, String connectionString) +397

Version Information: Microsoft .NET Framework Version:2.0.50727.1433; ASP.NET Version:2.0.50727.1433

Tags:

[None]