Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > ASP .Net Security > What is the "correct & supported" way to setup SqlRoleProvider

Thread Tools

What is the "correct & supported" way to setup SqlRoleProvider

David Thielen
Posts: n/a

When installing an ASP.NET application using SqlRoleProvider and
SqlMembershipProvider we need to create the initial roles and the inital
admin user from our Windows installer application (not ASP.NET).

We must do this in the installer as otherwise we either have no users and
therefore no one can log in to create users. Or we create the initial admin
user with a standard name & password which is a bad security hole.

So question 1 is what is the correct & supported way to add roles and a user
to the database after creating it from a windows forms app? I have this
working but I don't know if the way I am doing this is correct.

Question 2 is how do I set the database connection string for the
SqlRoleProvider and SqlMembershipProvider. At present I am puttile it in the
app.exe.config file and that works fine if it is right the first time.
However, if it is wrong, both classes continue to use the initial value that
they cached in a helper class.

Again, what is the correct & supported way to set the connection string? I
assume the correct way allows it to be changed as users will make mistakes.

To the MS support team, if you don't know - can you please ask the
development team for the solution? They must have one as the database does
need to be set up to start.

thanks - dave

Cubicle Wars -

Reply With Quote
Steven Cheng[MSFT]
Posts: n/a
Hello Dave,

As for intializing SQLServer membership & role database in non-ASP.NET
application, the suggested means is just directly call the Membership and
Role API in non-ASP.NET application as long as the configuration in the
app.config file is correct(match your ASP.NET application). And this is the
supported means as I've ever discussed with some ASP.NET dev engineers

Also, for the connectionstring, in a former thread I've mentioned that this
configuration is forced to be loaded from configuration file and after it
is first time loaded, the runtime will always access the one from
configuration cache and can not directly modify the cached one in-memory.
This is just like the configuration setting in ASP.NET application, when
the ASP.NET application has started, all the necessary cofiguration info
will be loaded only once, and if anything needed to be modified, the
application must be restarted.

If you think it is necessary to let your application be able to dynamically
modify the connectionstring of the membership & role at runtime without
restart the application, you may consider run all those code in a separate
AppDomain(created by your self), thus, if you want to redo the intializing
task with a different configuration, you can start a new AppDomain and run
the code in it.


Steven Cheng

Microsoft MSDN Online Support Lead

This posting is provided "AS IS" with no warranties, and confers no rights.

Reply With Quote

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
SqlRoleProvider & windows authentication SpaceMarine ASP .Net Security 2 07-09-2008 05:21 PM
ActiveDirectoryMembershipProvider and SqlRoleProvider Max2006 ASP .Net 1 06-10-2008 02:57 AM
Windows authentication and SqlRoleProvider ASP .Net Security 1 05-10-2006 07:32 AM
SqlRoleProvider =?Utf-8?B?RnJhbmNpcyBSZWVk?= ASP .Net 0 04-10-2006 05:53 PM
how to make SqlRoleProvider.ApplicationName thread safe Francis Reed ASP .Net 2 04-08-2006 03:03 AM