MSSQLMembershipProvider / MSSQLRoleProvider
This page will show you how to modify BlogEngine.NET
to use the default SQL
providers that are part of
ASP.NET 2.0 Web Site Security
. The steps detailed here were validated on a configuration using
Internet Information Services 7 (IIS 7)
SQL Server 2005 Express Edition
The steps to follow make the following assumptions:
- You already have a virtual path or web site defined for BlogEngine.NET in IIS,
- You already know about securing IIS to SQL communication,
- You will be using the default Active Directory users to perform the integration and that you will be using Windows Authentication (or Integrated Security) to connect to SQL Server. If you create custom AD users for this communication you can change things
- You are running SQLExpress. For your particular server you can make changes to the necessary references that follow, and
- The name of your database schema is Blog.
Some steps may not be exactly the same for your particular configuration. Please validate the steps and provide corrections representative to your configuration as needed.
- Using Explorer (explorer.exe), change the security on the BlogEngine.NET folder to include
IIS_IUSR and IUSR users. (This step will be different for other operating systems.)
- Using IIS Manager (inetmgr.exe)
- Create a new application pool, call it BlogAppPool and set the identity to
NTAUTHORITY\NETWORK SERVICE. (This step assumes that you will be using Windows Authentication to connect to SQL Server. If this is not the case you don't need to do this.)
- Associate the new application pool to your existing BlogEngine.NET virtual path or web site.
- Using the command prompt (cmd.exe), run the following command that will
create Membership and Role tables in the schema Blog for the server instance SQLExpress that is
running on the local machine.
- aspnet_regsql.exe -s .\SQLExpress -E -A mr -d Blog
- Using SQL Server Management Studio (sqlwb.exe)
- Create a SQL Server Login. Under
Security\Logins add a New Login... for the Windows user NTAUTHORITY\NETWORK SERVICE. (If you are using SQL Authentication instead of Windows Authentication, create your specific Login account.) Make sure to associate this new login account
to the Blog database as dbdatareader and dbdatawriter. You may want to add
db_ddladmin temporarily but more for convenience, you should not need it in a production environment.
- Grant execute rights to the application pool user (NTAUTHORITY\NETWORK SERVICE) to all aspnet stored procedures (they start with
, make the following changes
description="XML membership provider"
<roleManager defaultProvider="MSSQLRoleProvider" enabled="true"
description="XML role provider" />-->
connectionString="Data Source=.\SQLEXPRESS;Initial Catalog=Blog;Integrated Security=True"
: All XML providers have been commented out. If you leave them there, even though the default provider is specified to be the SQL equivalent, the application will fail to start
. If you decide to use SQL Server Authentication you will need
to change the above code accordingly to specify the user name and password instead of Integrated Security.
Configuring Initial Roles and Users
At this point you should have everything in place. However, in order to be able to manage users from within BlogEngine.NET you will need to create in the database the 2 roles (Administrators
) and at least 1 user (i.e. Administrator
) who must be a member of the
The easiest way to do the initial population is to launch the ASP.Net Web Application Administration
. To do this, in
Visual Studio 2005
, open the Solution Explorer
and click on the toolbar button labeled
, it will be the last toolbar button when you highlight a file from within the web application in Solution Explorer. Use the wizard and follow the steps.
You can now use your newly populated Blog database as a baseline for your production deployment. Or you can simply perform these steps on an existing database.
For details on the tool please refer to the
ASP.NET Web Site Administration Tool
pages in MSDN