SqlMembershipProvider database reusage

  • Thread starter Thread starter glebovech
  • Start date Start date
G

glebovech

Is it possible to reuse existing SQLSERVER database containing
membership information for different application? Basically this is a
situation.

1. Created application App1 where with a help of standard Login
control membership user has been created.
2. Created application App2 which pointed to the existing database.
Login fails in standard Login contriol. On attempt to get user
password with Membership.GetPassword an exception about invalid
padding occurs. But the user itself is visible. So the problem is in
password encoding/decoding.
3. Login is successful only if App1 and App2 have the same name, i.e
App2 rename to App1. Is web application name somehow used in the
password encoding?

Both applications have identical "connectionStrings" "machineKey" and
"membership" settings.

<machineKey

validationKey="d39e99d66aed2c499a1df4e14a87c9f1e1d33053872cfe59aeeb45292062277ca4b340956bb9f4c2a1f5eeb32424b544301de184ede8bd9092de10598d8c5d31,IsolateApps"

decryptionKey="bce3637636b67a5c7e6832e71a406bdff3dc92c218268168,IsolateApps"
validation="3DES"
decryption="AES"/>
<membership userIsOnlineTimeWindow="60">
<providers>
<remove name="AspNetSqlMembershipProvider"/>
<add
connectionStringName="LocalSqlServer"
enablePasswordRetrieval="true"
enablePasswordReset="false"
requiresQuestionAndAnswer="false"
applicationName="/"
requiresUniqueEmail="false"
passwordFormat="Encrypted"
maxInvalidPasswordAttempts="5"
minRequiredPasswordLength="7"
minRequiredNonalphanumericCharacters="1"
passwordAttemptWindow="10"
passwordStrengthRegularExpression=""
name="AspNetSqlMembershipProvider"
type="System.Web.Security.SqlMembershipProvider, System.Web,
Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"/>
</providers>
</membership>
<authentication mode="Forms">
<!-- Detailed configuration options -->
<forms name="FAWSCCookie" loginUrl="~/login.aspx" timeout="60"
slidingExpiration="true" cookieless="AutoDetect" protection="All"
requireSSL="false" enableCrossAppRedirects="false"
defaultUrl="home.aspx" path="/"/>
</authentication>
<authorization>
<deny users="?"/>
</authorization>

Thank you for any help.
 
If you want to share the information in the database across apps, then all
have the same name, as far as membership goes. If, instead, you desire to
use a single membership database across many apps, without sharing, you can
use different app names.

The other option is a custom membership provider.
http://www.devx.com/asp/Article/29256

--
Gregory A. Beamer
MVP, MCP: +I, SE, SD, DBA

*************************************************
| Think outside the box!
|
*************************************************
 
Thank you for clarification, Gregory. I thought giving the same value
to the "applicationName" attribute of the "membership" element along
with the same machine key and other membership settings will make
password encription/decryption identical for any web application which
uses that database. I have applicationName="/" in web config file for
each web application.
After all each application successfully founds the same user record in
the membership table based on the same application id, but only web
application who actually encrypted password initially can decrypt it.
Probably Microsoft should give some more explanation in the
documentation about this limitation.
 
ApplicationName, from the standpoint of the database, is simply a way of
storing like information in a semi-segregated way.

Make sure you use the same keys (in config) for all of the sites or it will
be a very harsh ride. :-)

--
Gregory A. Beamer
MVP, MCP: +I, SE, SD, DBA

*************************************************
| Think outside the box!
|
*************************************************
 
Back
Top