Joseph Michael Pesch
VP Programming

aspnet_... Security Configuration

by 21. November 2008 19:36

Consists of SQL script to install database objects along with ASP.Net web site components.

Run %systemroot%\Microsoft.NET\Framework\v2.0.50727\aspnet_regsql.exe to install the ASP.Net user framework objects (tables, procs, etc.) into a SQL server database. 


Script to create database objects (in lieu of running the exe above): 
aspnet_Security.sql (238.96 kb)

Backup copy of emtpy database containing just the standard security objects: aspnet_Security.bak (1.83 mb)

Script to export data from: aspnet_Applications, aspnet_Users, aspnet_Membership, aspnet_Roles and aspnet_UsersInRoles tables: aspnet_SecurityDataExport.sql (4.80 kb)

See sample web.config and Login.aspx with some security features in code-behind: Sample.zipx (2.81 kb)

Adding a user to basic security roles:

EXEC sp_addrolemember 'aspnet_Membership_BasicAccess', 'usernamehere'
GO
EXEC sp_addrolemember 'aspnet_Personalization_BasicAccess', 'usernamehere'
GO
EXEC sp_addrolemember 'aspnet_Profile_BasicAccess', 'usernamehere'
GO
EXEC sp_addrolemember 'aspnet_Roles_BasicAccess', 'usernamehere'
GO
EXEC sp_addrolemember 'db_datareader', 'usernamehere'
GO
EXEC sp_addrolemember 'db_datawriter', 'usernamehere'
GO

Script to add new user to application and role (adds the application and role also if necessary)

declare
  @appName varchar(50)
, @userName varchar(50)
, @emailAddress varchar(100)
, @roleName varchar(50)

select
  @appName = 'ApplicationNameHere'
, @userName = 'UserNameHere'
, @emailAddress = 'UserEmailHere@Something.com'
, @roleName = 'RoleNameHere'

declare
  @appId uniqueidentifier
, @userId uniqueidentifier
, @roleId uniqueidentifier

select @appId = ApplicationId from dbo.aspnet_Applications where ApplicationName = @appName
if(@appId is null) begin
  set @appId = newid()
  insert into aspnet_Applications values(@appName, lower(@appName), @appId, @appId)
end

select @roleId = RoleId from dbo.aspnet_Roles where RoleName = @roleName
if(@roleId is null) begin
  set @roleId = newid()
  insert into aspnet_Roles values(@appId, @roleId, @roleName, lower(@roleName), @roleName)
end

set @userId = newid()
insert into aspnet_Users values(@appId, @userId, @userName, lower(@userName), null, 0, '1/1/1900')
insert into aspnet_Membership values(@appId, @userId, '5lxSnTx3kTUzWgnLr8C2xHXOZYM=', 2, 't8DHyWEWq+/Yr/RNBvo6hw==', null, @emailAddress, lower(@emailAddress), null, null, 1, 0, getdate(), '1/1/1900', '1/1/1900', '1/1/1900', 0, '1/1/1900', 0, '1/1/1900', null)

insert into aspnet_UsersInRoles values(@userId, @roleId)

Tags:

ASP.Net | Security

Comments are closed