MSSQLMembershipProvider / MSSQLRoleProvider

This page will show you how to modify BlogEngine.NET to use the default SQL Membership and Role providers that are part of ASP.NET 2.0 Web Site Security. The steps detailed here were validated on a configuration using Windows Vista, Internet Information Services 7 (IIS 7) and SQL Server 2005 Express Edition

Assumptions

The steps to follow make the following assumptions:
  • You already have a virtual path or web site defined for BlogEngine.NET in IIS,
  • You already know about securing IIS to SQL communication,
  • You will be using the default Active Directory users to perform the integration and that you will be using Windows Authentication (or Integrated Security) to connect to SQL Server. If you create custom AD users for this communication you can change things accordingly,
  • You are running SQLExpress. For your particular server you can make changes to the necessary references that follow, and
  • The name of your database schema is Blog.

Steps

Some steps may not be exactly the same for your particular configuration. Please validate the steps and provide corrections representative to your configuration as needed.

Preparation

  1. Using Explorer (explorer.exe), change the security on the BlogEngine.NET folder to include IIS_IUSR and IUSR users. (This step will be different for other operating systems.)
  2. Using IIS Manager (inetmgr.exe)
    1. Create a new application pool, call it BlogAppPool and set the identity to NTAUTHORITY\NETWORK SERVICE. (This step assumes that you will be using Windows Authentication to connect to SQL Server. If this is not the case you don't need to do this.)
    2. Associate the new application pool to your existing BlogEngine.NET virtual path or web site.
  3. Using the command prompt (cmd.exe), run the following command that will create Membership and Role tables in the schema Blog for the server instance SQLExpress that is running on the local machine.
    1. aspnet_regsql.exe -s .\SQLExpress -E -A mr -d Blog
  4. Using SQL Server Management Studio (sqlwb.exe)
    1. Create a SQL Server Login. Under Security\Logins add a New Login... for the Windows user NTAUTHORITY\NETWORK SERVICE. (If you are using SQL Authentication instead of Windows Authentication, create your specific Login account.) Make sure to associate this new login account to the Blog database as dbdatareader and dbdatawriter. You may want to add db_ddladmin temporarily but more for convenience, you should not need it in a production environment.
    2. Grant execute rights to the application pool user (NTAUTHORITY\NETWORK SERVICE) to all aspnet stored procedures (they start with aspnet).

Modifying BlogEngine.NET

In web.config, make the following changes

<machineKey decryptionKey="AutoGenerate,IsolateApps"/>
<membership defaultProvider="MSSQLMembershipProvider">
  <providers>
    <clear />
    <!--<add name="XmlMembershipProvider"
             type="BlogEngine.Core.Providers.XmlMembershipProvider, BlogEngine.Core"
             description="XML membership provider"
             passwordFormat="Hashed" />-->
    <add name="MSSQLMembershipProvider"
         type="System.Web.Security.SqlMembershipProvider"
         connectionStringName="BlogEngine"
         applicationName="BlogEngine.NET" />
  </providers>
</membership>
<roleManager defaultProvider="MSSQLRoleProvider" enabled="true"
 cacheRolesInCookie="true" cookieName=".BLOGENGINEROLES">
  <providers>
    <clear />
    <!--<add name="XmlRoleProvider"
             type="BlogEngine.Core.Providers.XmlRoleProvider, BlogEngine.Core"
             description="XML role provider" />-->
    <add name="MSSQLRoleProvider"
         type="System.Web.Security.SqlRoleProvider"
         connectionStringName="BlogEngine"
         applicationName="BlogEngine.NET" />
  </providers>
</roleManager>
<connectionStrings>
    <add name="BlogEngine"
         connectionString="Data Source=.\SQLEXPRESS;Initial Catalog=Blog;Integrated Security=True"
         providerName="System.Data.SqlClient"/>
</connectionStrings>
NOTE: All XML providers have been commented out. If you leave them there, even though the default provider is specified to be the SQL equivalent, the application will fail to start. If you decide to use SQL Server Authentication you will need to change the above code accordingly to specify the user name and password instead of Integrated Security.

Configuring Initial Roles and Users

At this point you should have everything in place. However, in order to be able to manage users from within BlogEngine.NET you will need to create in the database the 2 roles (Administrators and Editors) and at least 1 user (i.e. Administrator) who must be a member of the Administrators roles.

The easiest way to do the initial population is to launch the ASP.Net Web Application Administration. To do this, in Visual Studio 2005, open the Solution Explorer and click on the toolbar button labeled ASP.NET Configuration, it will be the last toolbar button when you highlight a file from within the web application in Solution Explorer. Use the wizard and follow the steps.

You can now use your newly populated Blog database as a baseline for your production deployment. Or you can simply perform these steps on an existing database.

For details on the tool please refer to the ASP.NET Web Site Administration Tool pages in MSDN.

Last edited Mar 7, 2009 at 3:15 AM by BenAmada, version 1

Comments

No comments yet.