Search Results

Search found 11785 results on 472 pages for 'password protection'.

Page 138/472 | < Previous Page | 134 135 136 137 138 139 140 141 142 143 144 145  | Next Page >

  • SQL query INSERT not working inserting values into my DB.

    - by Aiden Ryan
    Hello, I'm trying to insert registration data into a database but my php code isn't inserting the values into the DB although I'm not getting any errors either, can someone help me? this is the code i'm currently using: $connect = mysql_connect("localhost","myusername","mypassword"); mysql_select_db("application"); $queryreg = mysql_query('INSERT INTO users("username","password","email","date") VALUES("$username","$password","$email","$date")'); die ("You Have Been Registered."); I just need to add the username password email and date into the fields i have specified but it won't work, please someone help!

    Read the article

  • mysqli insert into database

    - by Simon
    Hello all i have this script and i will not insert into the database and i get no errors :S, do you know what it is? function createUser($username, $password) { $mysql = connect(); if($stmt = $mysql->prepare('INSERT INTO users (username, password, alder, hood, fornavn, efternavn, city, ip, level, email) VALUES (?,?,?,?,?,?,?,?,?,?)')) { $stmt->bind_param('ssssssssss',$username,$password, $alder, $hood, $fornavn, $efternavn, $city, $ip, $level, $email); $stmt->execute(); $stmt->close(); } else { echo 'error: ' . $mysql->error; }

    Read the article

  • Custom Rails Validation (Doesn't seem to be working)

    - by Karl Entwistle
    Hey guys ive got the following Model for Accounts require 'net/http' require 'uri' require 'date' class Account < ActiveRecord::Base validates_presence_of :username, :password, :on => :update validate :valid_expiry_date, :on => :update def valid_expiry_date reply = Net::HTTP.get URI.parse("http://api.rapidshare.com/cgi-bin/rsapi.cgi?sub=getaccountdetails_v1&type=prem&login=" + username + "&password=" + password) account = Time.at(reply[80..90].to_i) if (Time.now + 2419200) <= account return true else return false errors.add_to_base("Sorry this account isnt valid") end end end I know the code works in a ruby.rb file and will return true or false, however I seem to be having rather a lot of difficultly trying to translate this code into an actual validation, any help would be much appreciated. Thanks :) Its also defiantly at least connecting to the website as my firewall asked me if the Terminal was aloud to access it. At the moment not only is it displaying no errors its actually letting anything through and saving it.

    Read the article

  • rake db:migrate and rake db:create both work on test database, not development database

    - by geography_guy
    I am new to Stack Overflow and Ruby on Rails. My problem is, when I run the command rake db:create or rake db:migrate, the test database is affected, but the development database is not. rails (3.2.2) my database.yml: # Warning: The database defined as "test" will be erased and # re-generated from your development database when you run "rake". # Do not set this db to the same as development or production. test: &test adapter: postgresql encoding: unicode database: ticketee_test pool: 5 username: ticketee password: my_password_here development: adapter: postgresql encoding: unicode database: ticketee_development pool: 5 username: ticketee password: my_password_here production: adapter: postgresql encoding: unicode database: ticketee_production pool: 5 username: ticketee password: my_password_here cucumber: <<: *test

    Read the article

  • Multiple databases support in Symfony

    - by Ngu Soon Hui
    I am using Propel as my DAL for my Symfony project. I can't seem to get my application to work across two or more databases. Here's my schema.yml: db1: lkp_User: pk_User: { type: integer, required: true, primaryKey: true, autoIncrement: true } UserName: { type: varchar(45), required: true } Password: longvarchar _uniques: Unique: [ UserName ] db2: tesco: Id: { type: integer, required: true, primaryKey: true, autoIncrement: true } Name: { type: varchar(45), required: true } Description: longvarchar And here's the databases.yml: dev: db1: param: classname: DebugPDO test: db1: param: classname: DebugPDO all: db1: class: sfPropelDatabase param: classname: PropelPDO dsn: 'mysql:dbname=bpodb;host=localhost' #where the db is located username: root password: #pass encoding: utf8 persistent: true pooling: true db2: class: sfPropelDatabase param: classname: PropelPDO dsn: 'mysql:dbname=mystore2;host=localhost' #where the db is located username: root password: #pass encoding: utf8 persistent: true pooling: true When I call php symfony propel-build-model, only db1 is generated, db2 is not. Any idea how to fix this problem?

    Read the article

  • Cannot get principal id on my Spock test

    - by Ant's
    I have a controller like this : @Secured(['ROLE_USER','IS_AUTHENTICATED_FULLY']) def userprofile(){ def user = User.get(springSecurityService.principal.id) params.id = user.id redirect (action : "show", params:params) } I want to test the controller above controller in spock, so I wrote a test code like this: def 'userProfile test'() { setup: mockDomain(User,[new User(username:"amtoasd",password:"blahblah")]) when: controller.userprofile() then: response.redirectUrl == "/user/show/1" } When I run my test, this test fails with this error message : java.lang.NullPointerException: Cannot get property 'principal' on null object at mnm.schedule.UserController.userprofile(UserController.groovy:33) And in case of Integration test: class UserSpec extends IntegrationSpec { def springSecurityService def 'userProfile test'() { setup: def userInstance = new User(username:"antoaravinth",password:"secrets").save() def userInstance2 = new User(username:"antoaravinthas",password:"secrets").save() def usercontroller = new UserController() usercontroller.springSecurityService = springSecurityService when: usercontroller.userprofile() then: response.redirectUrl == "/user/sho" } } I get the same error as well. What went wrong? Thanks in advance.

    Read the article

  • Strange DataMapper (0.10.2) error. Please help!

    - by Joel M.
    See the full error here: http://notesapp.heroku.com/ I'm using DataMapper and dm-validations 0.10.2. No matter how much I tweak my models, I get the same error, or another one. Here's how my model looks like: class User include DataMapper::Resource attr_accessor :password, :password_confirmation property :id, Serial, :required => true property :email, String, :required => true, :format => :email_address, :unique => true property :hashed_password, String property :salt, String, :required => true property :created_at, DateTime, :default => Time.now property :permission_level, Integer, :default => 1 validates_present :password_confirmation, :unless => Proc.new { |t| t.hashed_password } validates_present :password, :unless => Proc.new { |t| t.hashed_password } validates_is_confirmed :password

    Read the article

  • check for several conditions when a user logs in

    - by paul
    I would like to accomplish the following: If a username or password field is null, notify the user. If user name already exists, do not insert into the database and notify user to create a different name. if the username is unique and password is not null, return the username to the user. As of now it always returns "Please enter a different user name." I believe the issue has to do with the database query but I am not sure. If anyone can have a look and see if I am making an error, I greatly appreciate it, thanks. if ($userName or $userPassword = null) { echo "Please enter a user name and password or return to the homepage."; } elseif (mysql_num_rows(mysql_query("SELECT count(userName) FROM logininfo WHERE userName = '$userName'")) ==1) { echo "Please enter a different user name."; } elseif ($userName and $userPassword != null) { echo "Your login name is: $userName"; }

    Read the article

  • Django & custom auth backend (web service) + no database. How to save stuff in session?

    - by Infinity
    I've been searching here and there, and based on this answer I've put together what you see below. It works, but I need to put some stuff in the user's session, right there inside authenticate. How would I store acme_token in the user's session, so that it will get cleared if they logged out? class AcmeUserBackend(object): # Create a User object if not already in the database? create_unknown_user = False def get_user(self, username): return AcmeUser(id=username) def authenticate(self, username=None, password=None): """ Check the username/password and return an AcmeUser. """ acme_token = ask_another_site_about_creds(username, password) if acme_token: return AcmeUser(id=username) return None ################## from django.contrib.auth.models import User class AcmeUser(User): objects = None # we cannot really use this w/o local DB def save(self): """saving to DB disabled""" pass def get_group_permissions(self): """If you don't make your own permissions module, the default also will use the DB. Throw it away""" return [] # likewise with the other permission defs def get_and_delete_messages(self): """Messages are stored in the DB. Darn!""" return []

    Read the article

  • Controlling rsync with Python?

    - by Cheesemold
    I've been wanting to write a python script that would run several instances of rsync in sequence for backing up data to a different computer. At the moment I just have this text file with the commands I use and I've just been copy-pasting them into the terminal, and it seems kinda silly. I want to be able to use python to do this for me. I know very vaguely how to use subprocess.popen, but I have no clue how to get python to interact with rsync directly, like for entering my password for me. Can python do that? Something like: if theProccess.proccessResponse == "Password:" : theProccess.respond(string) Or is the best that I can do is just have it, or even a bash script, just run the rsyncs in sequence and have to type my password in over and over again? Thanks in advance.

    Read the article

  • How to access website CMS with only access to database

    - by user1741615
    I have a website that uses an "in-house" cms and I don't know the login details. The platform itself doesn't have the "reset your password" functionality. I do have access to ftp and phmyadmin and I found the SQL table containing the user details, but of course the password is MD5 encryption. I tried manually creating a user in php my admin and filling in a password encrypted in MD5 (used a md service online for that), but it still doesn't work. Does anybody know other tricks I can use? Thanks.

    Read the article

  • Error in header function

    - by user1178695
    I'm using the php header function for the redirection but it is not working.I'm using the following code. $sql=mysql_query("select * from password where username='$email' and password1 = '$pwd'"); //echo "selct * from password where username='$email' and password = '$pwd'"; $row=mysql_fetch_row($sql); $fieldset=mysql_num_rows($sql); $host=$_SERVER['HTTP_HOST']."/beta/"; if($fieldset>0 && $conEmail !="") { $_SESSION['email']=$email; $_SESSION['Email']=$email; $_SESSION['memberID']=$id; $_SESSION['status']='Admin'; header("location:http://".$host."member.php"); }

    Read the article

  • delete row from mysql through generated table with records

    - by HennySmafter
    I am using 2 pages. On one page it generates a table with the records and a delete button. After pressing delete it goes to the second page which should delete the record. But it doesn't. Below is the code that I am using. PS: The code is adapted from a tutorial I found through Google a while ago. delete_overzicht.php <?php // Load Joomla! configuration file require_once('../../../configuration.php'); // Create a JConfig object $config = new JConfig(); // Get the required codes from the configuration file $server = $config->host; $username = $config->user; $password = $config->password; $database = $config->db; // Connect to db $con = mysqli_connect($server,$username,$password,$database); if (!$con){ die('Could not connect: ' . mysqli_error($con)); } mysqli_select_db($con,$database); // Get results $result = mysqli_query($con,"SELECT * FROM cypg8_overzicht"); echo "<table border='1' id='example' class='tablesorter'><thead><tr><th>Formulier Id</th><th>Domeinnaam</th><th>Bedrijfsnaam</th><th>Datum</th><th>Periode</th><th>Subtotaal</th><th>Dealernaam</th><th>Verwijderen</th></tr></thead><tbody>"; while($row = mysqli_fetch_array($result)) { echo "<tr>"; echo "<td>" . $row['formuliernummer'] . "</td>"; echo "<td>" . $row['domeinnaam'] . "</td>"; echo "<td>" . $row['bedrijfsnaam'] . "</td>"; echo "<td>" . $row['datum'] . "</td>"; echo "<td>" . $row['periode'] . "</td>"; echo "<td> &euro; " . $row['subtotaal'] . "</td>"; echo "<td>" . $row['dealercontactpersoon'] . "</td>"; echo "<td><a href='delete.php?id=" . $row['id'] . "'>Verwijderen </a></td>"; echo "</tr>"; } echo "</tbody></table>"; mysqli_close($con); ?> delete.php <?php // Load Joomla! configuration file require_once('../../../configuration.php'); // Create a JConfig object $config = new JConfig(); // Get the required codes from the configuration file $server = $config->host; $username = $config->user; $password = $config->password; $database = $config->db; // Connect to db $con = mysqli_connect($server,$username,$password,$database); if (!$con){ die('Could not connect: ' . mysqli_error($con)); } mysqli_select_db($con,$database); // Check whether the value for id is transmitted if (isset($_GET['id'])) { // Put the value in a separate variable $id = $_GET['id']; // Query the database for the details of the chosen id $result = mysqli_query($con,"DELETE * FROM cypg8_overzicht WHERE id = $id"); } else { die("No valid id specified!"); } ?> Thanks to everyone who is willing to help!

    Read the article

  • Can't figure out what's wrong with my php/sql statement

    - by Olegious
    So this is probably a dumb beginner question, but I've been looking at it and can't figure it out. A bit of background: just practicing making a web app, a form on page 1 takes in some values from the user, posts them to the next page which contains the code to connect to the DB and populate the relevant tables. I establish the DB connection successfully, here's the code that contains the query: $conn->query("SET NAMES 'utf9'"); $query_str = "INSERT INTO 'qa'.'users' ('id', 'user_name','password' ,'email' ,'dob' ,'sx') VALUES (NULL, $username, $password, $email, $dob, $sx);"; $result = @$conn->query($query_str); Here's the error that is returned:Insert query failed: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''qa'.'users' ('id', 'user_name' ,'password' ,'email' ,'dob' ,'s' at line 1 Thanks in advance!

    Read the article

  • Grails searchable plugin with hasMany

    - by user2624442
    I am using grails searchable plugin to search my domain classes. However, I cannot yet search by my hasMany (skills and interests) fields even though they are of the simple type String. This is my domain class: class EmpactUser { static searchable = [except: ['dateCreated','password','enabled','accountExpired','accountLocked','passwordExpired']] String username String password boolean enabled = true boolean accountExpired boolean accountLocked boolean passwordExpired String email String firstName String lastName String address String phoneNumber String description byte[] avatar byte[] resume Date dateCreated static hasMany = [ skills : String, interests : String, // each user has the ability to list many skills and interests so that they can be matched with a project. ] static constraints = { username blank: false, unique: true password blank: false email email: true, blank: false firstName blank: false lastName blank: false description nullable: true address nullable: true avatar nullable: true, maxSize: 1024 * 1024 * 10 resume nullable: true, maxSize: 1024 * 1024 * 10 phoneNumber nullable: true, matches: "/[(][+]d{3}[)]d+/", maxSize: 30 } } This is the code I am using to search: def empactUserList = EmpactUser.search( searchQuery, [reload: false, result: "every", defaultOperator: "or"]) Am I missing something? Thanks, Alan.

    Read the article

  • Cannot insert into SQLite database through php PDO

    - by user323941
    Pls help see what is wrong.... (I test the db connection is fine) <?php $user_name=$_POST['user_name']; $password=$_POST['password']; $dbh=new PDO('sqlite:./db/user.db') or die("fail to connect db"); try{ $stmt = $dbh->prepare("INSERT INTO user_info VALUES (?, ?)"); $stmt->bindParam(1, $a); $stmt->bindParam(2, $b); $a=$user_name; $b=$password; $stmt->execute(); } catch(PDOException $e) {echo $e->getMessage();} ?>

    Read the article

  • Guaranteed way to force application running continuously (overriding taskkill, task manager etc.)

    - by Alex
    I have a C# security/monitoring application that I need to have running no matter what. However, I can not remove privileges or restrict access to parts of the OS (Windows). I thought of having a protection service running which monitors continuously if an application is running, and starts it back up when the application is killed somehow, while the application monitors the protection service and starts the service if the service is killed. To my knowledge you can't simultaneously kill multiple processes at the same time. Any better idea to guarantee that an application is always running?

    Read the article

  • Cannot find the certificate

    - by user409756
    We get a T-SQL (SQL Server 2008 R2) error on BACKUP CERTIFICATE: ERROR_NUMBER 15151, SEVERITY 16, STATE 1, PROCEDURE -, LINE 8, MESSAGE: Cannot find the certificate 'certificate1', because it does not exist or you do not have permission. We can see the certificate in master.sys.certificates. Our pseudo-code: copy an unattached template_db to db1 attach db1 create certificate1 (in stored procedure in master db) generate @password CREATE DATABASE ENCRYPTION KEY … ENCRYPTION BY SERVER CERTIFICATE '+@certificate_name +… (in stored procedure in db1) turn on Transparent Database Encryption for db1 using certificate1. (N'ALTER DATABASE '+@db_name+N' SET ENCRYPTION ON') N’BACKUP CERTIFICATE '+@certificate_name+N' TO FILE = '''+@certificate_file_path+N''' WITH PRIVATE KEY ( FILE = '''+@private_key_file_path+N''', ENCRYPTION BY PASSWORD = '''+@password+N'''' To try to work-around the error, we tested three ways with the BACKUP CERTIFICATE code in a different databases each time, including db1 and master. All get the same error. Any ideas? Thanks.

    Read the article

  • RSpec leaves record in test database

    - by DMiller
    Whenever I run a user test, RSpec leaves the Fabricated user in the test database after the test has completed, which is messing up my other tests. I will do a rake db:test:prepare, but when I run my tests again, the record is recreated in my database. I have no idea why this is happening. It only happens with user objects. In my spec_helper file I even have: config.use_transactional_fixtures = true Here is an example test that creates a record: it "creates a password reset token for the user" do alice = Fabricate(:user) post :create, email: alice.email expect(assigns(alice.password_reset_token)).to_not eq(nil) end Fabricator: Fabricator(:user) do email { Faker::Internet.email } password 'password' name { Faker::Name.name } end Could this have anything to do with my users model?

    Read the article

  • Creating folders and uploading a file without using a web browser

    - by Ashpak
    I am using the Java Api We have a web application wherein we want our file to be uploaded on an on_click even on some submit button. We don't want the browser to prompt us to enter the username and password to get the access token. Instead, we can provide the username and the password through the code so that we get the access token and the file will be uploaded directly. Right now, OAuth 2 requires that we enter the username and password to be entered through the browser. Reading through the post, I see that we can authenticate for the first time, obtain a refresh token and then keep on refreshing that token periodically. But our application requirements does not allow for this work-flow. Is there any way to automate the process of entering the user credentials using Java code. or Is there any library that will keep the browser away from the process.

    Read the article

  • Won't connect to the database

    - by user1657958
    I'm confused...I'm using the same code in a different document and in there it's not a problem to get a connection to the database. But in the new document it's just not working...(password, username, database name...all is checked and correct) :-/ <?php define ("DB_HOST", "db1234567.db.hello.com"); // set database host define ("DB_USER", "db1234567"); // set database user define ("DB_PASS","password123"); // set database password define ("DB_NAME","db1234567"); // set database name $link = mysql_connect(DB_HOST, DB_USER, DB_PASS) or die("Couldn't make connection."); $db = mysql_select_db(DB_NAME, $link) or die("Couldn't select database"); ?> In the browser I get this: "Warning: mysql_connect() [function.mysql-connect]: Access denied for user 'db1234567'@'123.123.12.12 (using password: YES) in /homepages/12/1234567/test/test.php on line 8 Couldn't make connection." Would be cool if someone could help me :) I'm not seeing any error... Thx!

    Read the article

  • Yii CGridView: how to add a static WHERE condtion?

    - by realtebo
    I've a standard Gii created admin view, which use a CGridView, and it's showing my user table data. the problem is that user with name 'root' must NOT BE VISIBLE. Is there a way to add a static where condition " ... and username !='root' " ? admin.php [view] 'columns'=>array( 'id', 'username', 'password', 'realname', 'email', ..... user.php [model] public function search() { // Warning: Please modify the following code to remove attributes that // should not be searched. $criteria=new CDbCriteria; $criteria->compare('id',$this->id); $criteria->compare('username',$this->username,true); $criteria->compare('password',$this->password,true); $criteria->compare('realname',$this->realname,true); $criteria->compare('email',$this->email,true); ...... return new CActiveDataProvider($this, array( 'criteria'=>$criteria, )); }

    Read the article

  • Solr authentication possible? (or apache port authentication would also work)

    - by Camran
    Currently anybody can access the solr admin page by going to my_ip:8983/solr I can't have it like that, so how can I make it prompt for password or something? I have setup my servers apache2.conf file to prompt for password whenever my site is accessed by www.mydomain.com. But when using another port, the "require password" wont show up. Any ideas how to secure this? Don't point me to the SolrSecurity wiki because it's simply too outdated. I have tried it without luck. Thanks

    Read the article

  • Issue in setting up VPN connection (IKEv1) using android (ICS vpn client) with Strongswan 4.5.0 server

    - by Kushagra Bhatnagar
    I am facing issues in setting up VPN connection(IKEv1) using android (ICS vpn client) and Strongswan 4.5.0 server. Below is the set up: Strongswan server is running on ubuntu linux machine which is connected to some wifi hotspot. Using the steps in this guide link, I generated CA, server and client certificate. Once certificates are generated, following (clientCert.p12 and caCert.pem) are sent to mobile via mail and installed on android device. Below are the ip addresses assigned to various interfaces Linux server wlan0 interface ip where server is running: 192.168.43.212, android device eth0 interface ip address: 192.168.43.62; Android device is also attached with the same wifi hotspot. On the Android device, I uses IPsec Xauth RSA option for setting up VPN authentication configuration. I am using the following ipsec.conf configuration: # basic configuration config setup plutodebug=all # crlcheckinterval=600 # strictcrlpolicy=yes # cachecrls=yes nat_traversal=yes # charonstart=yes plutostart=yes # Add connections here. # Sample VPN connections conn ios1 keyexchange=ikev1 authby=xauthrsasig xauth=server left=%defaultroute leftsubnet=0.0.0.0/0 leftfirewall=yes leftcert=serverCert.pem right=192.168.43.62 rightsubnet=10.0.0.0/24 rightsourceip=10.0.0.2 rightcert=clientCert.pem pfs=no auto=add      With the above configurations when I enable VPN on android device, VPN connection is not successful and it gets timed out in Authentication phase. I ran wireshark on both the android device and strongswan server, from the tcpdump below are the observations. Initially Identity Protection (Main mode) exchanges happens between device and server and all are successful. After all successful Identity Protection (Main mode) exchanges server is sending Transaction (Config mode) to device. In reply android device is sending Informational message instead of Transaction (Config mode) message. Further server is keep on sending Transaction (Config mode) message and device is again sending Identity Protection (Main mode) messages. Finally timeout happens and connection fails. I also capture Strongswan server logs and below are the snippets from the server logs which also verifies the same(described above). Apr 27 21:09:40 Linux pluto[12105]: | **parse ISAKMP Message: Apr 27 21:09:40 Linux pluto[12105]: | initiator cookie: Apr 27 21:09:40 Linux pluto[12105]: | 06 fd 61 b8 86 82 df ed Apr 27 21:09:40 Linux pluto[12105]: | responder cookie: Apr 27 21:09:40 Linux pluto[12105]: | 73 7a af 76 74 f0 39 8b Apr 27 21:09:40 Linux pluto[12105]: | next payload type: ISAKMP_NEXT_HASH Apr 27 21:09:40 Linux pluto[12105]: | ISAKMP version: ISAKMP Version 1.0 Apr 27 21:09:40 Linux pluto[12105]: | exchange type: ISAKMP_XCHG_INFO Apr 27 21:09:40 Linux pluto[12105]: | flags: ISAKMP_FLAG_ENCRYPTION Apr 27 21:09:40 Linux pluto[12105]: | message ID: a2 80 ad 82 Apr 27 21:09:40 Linux pluto[12105]: | length: 92 Apr 27 21:09:40 Linux pluto[12105]: | ICOOKIE: 06 fd 61 b8 86 82 df ed Apr 27 21:09:40 Linux pluto[12105]: | RCOOKIE: 73 7a af 76 74 f0 39 8b Apr 27 21:09:40 Linux pluto[12105]: | peer: c0 a8 2b 3e Apr 27 21:09:40 Linux pluto[12105]: | state hash entry 25 Apr 27 21:09:40 Linux pluto[12105]: | state object not found Apr 27 21:09:40 Linux pluto[12105]: packet from 192.168.43.62:500: Informational Exchange is for an unknown (expired?) SA Apr 27 21:09:40 Linux pluto[12105]: | next event EVENT_RETRANSMIT in 10 seconds for #9 Can anyone please provide update on this issue. Why the VPN connection gets timed out and why the ISAKMP exchanges are not proper between Android and strongswan server.

    Read the article

  • SimpleMembership, Membership Providers, Universal Providers and the new ASP.NET 4.5 Web Forms and ASP.NET MVC 4 templates

    - by Jon Galloway
    The ASP.NET MVC 4 Internet template adds some new, very useful features which are built on top of SimpleMembership. These changes add some great features, like a much simpler and extensible membership API and support for OAuth. However, the new account management features require SimpleMembership and won't work against existing ASP.NET Membership Providers. I'll start with a summary of top things you need to know, then dig into a lot more detail. Summary: SimpleMembership has been designed as a replacement for traditional the previous ASP.NET Role and Membership provider system SimpleMembership solves common problems people ran into with the Membership provider system and was designed for modern user / membership / storage needs SimpleMembership integrates with the previous membership system, but you can't use a MembershipProvider with SimpleMembership The new ASP.NET MVC 4 Internet application template AccountController requires SimpleMembership and is not compatible with previous MembershipProviders You can continue to use existing ASP.NET Role and Membership providers in ASP.NET 4.5 and ASP.NET MVC 4 - just not with the ASP.NET MVC 4 AccountController The existing ASP.NET Role and Membership provider system remains supported as is part of the ASP.NET core ASP.NET 4.5 Web Forms does not use SimpleMembership; it implements OAuth on top of ASP.NET Membership The ASP.NET Web Site Administration Tool (WSAT) is not compatible with SimpleMembership The following is the result of a few conversations with Erik Porter (PM for ASP.NET MVC) to make sure I had some the overall details straight, combined with a lot of time digging around in ILSpy and Visual Studio's assembly browsing tools. SimpleMembership: The future of membership for ASP.NET The ASP.NET Membership system was introduces with ASP.NET 2.0 back in 2005. It was designed to solve common site membership requirements at the time, which generally involved username / password based registration and profile storage in SQL Server. It was designed with a few extensibility mechanisms - notably a provider system (which allowed you override some specifics like backing storage) and the ability to store additional profile information (although the additional  profile information was packed into a single column which usually required access through the API). While it's sometimes frustrating to work with, it's held up for seven years - probably since it handles the main use case (username / password based membership in a SQL Server database) smoothly and can be adapted to most other needs (again, often frustrating, but it can work). The ASP.NET Web Pages and WebMatrix efforts allowed the team an opportunity to take a new look at a lot of things - e.g. the Razor syntax started with ASP.NET Web Pages, not ASP.NET MVC. The ASP.NET Web Pages team designed SimpleMembership to (wait for it) simplify the task of dealing with membership. As Matthew Osborn said in his post Using SimpleMembership With ASP.NET WebPages: With the introduction of ASP.NET WebPages and the WebMatrix stack our team has really be focusing on making things simpler for the developer. Based on a lot of customer feedback one of the areas that we wanted to improve was the built in security in ASP.NET. So with this release we took that time to create a new built in (and default for ASP.NET WebPages) security provider. I say provider because the new stuff is still built on the existing ASP.NET framework. So what do we call this new hotness that we have created? Well, none other than SimpleMembership. SimpleMembership is an umbrella term for both SimpleMembership and SimpleRoles. Part of simplifying membership involved fixing some common problems with ASP.NET Membership. Problems with ASP.NET Membership ASP.NET Membership was very obviously designed around a set of assumptions: Users and user information would most likely be stored in a full SQL Server database or in Active Directory User and profile information would be optimized around a set of common attributes (UserName, Password, IsApproved, CreationDate, Comment, Role membership...) and other user profile information would be accessed through a profile provider Some problems fall out of these assumptions. Requires Full SQL Server for default cases The default, and most fully featured providers ASP.NET Membership providers (SQL Membership Provider, SQL Role Provider, SQL Profile Provider) require full SQL Server. They depend on stored procedure support, and they rely on SQL Server cache dependencies, they depend on agents for clean up and maintenance. So the main SQL Server based providers don't work well on SQL Server CE, won't work out of the box on SQL Azure, etc. Note: Cory Fowler recently let me know about these Updated ASP.net scripts for use with Microsoft SQL Azure which do support membership, personalization, profile, and roles. But the fact that we need a support page with a set of separate SQL scripts underscores the underlying problem. Aha, you say! Jon's forgetting the Universal Providers, a.k.a. System.Web.Providers! Hold on a bit, we'll get to those... Custom Membership Providers have to work with a SQL-Server-centric API If you want to work with another database or other membership storage system, you need to to inherit from the provider base classes and override a bunch of methods which are tightly focused on storing a MembershipUser in a relational database. It can be done (and you can often find pretty good ones that have already been written), but it's a good amount of work and often leaves you with ugly code that has a bunch of System.NotImplementedException fun since there are a lot of methods that just don't apply. Designed around a specific view of users, roles and profiles The existing providers are focused on traditional membership - a user has a username and a password, some specific roles on the site (e.g. administrator, premium user), and may have some additional "nice to have" optional information that can be accessed via an API in your application. This doesn't fit well with some modern usage patterns: In OAuth and OpenID, the user doesn't have a password Often these kinds of scenarios map better to user claims or rights instead of monolithic user roles For many sites, profile or other non-traditional information is very important and needs to come from somewhere other than an API call that maps to a database blob What would work a lot better here is a system in which you were able to define your users, rights, and other attributes however you wanted and the membership system worked with your model - not the other way around. Requires specific schema, overflow in blob columns I've already mentioned this a few times, but it bears calling out separately - ASP.NET Membership focuses on SQL Server storage, and that storage is based on a very specific database schema. SimpleMembership as a better membership system As you might have guessed, SimpleMembership was designed to address the above problems. Works with your Schema As Matthew Osborn explains in his Using SimpleMembership With ASP.NET WebPages post, SimpleMembership is designed to integrate with your database schema: All SimpleMembership requires is that there are two columns on your users table so that we can hook up to it – an “ID” column and a “username” column. The important part here is that they can be named whatever you want. For instance username doesn't have to be an alias it could be an email column you just have to tell SimpleMembership to treat that as the “username” used to log in. Matthew's example shows using a very simple user table named Users (it could be named anything) with a UserID and Username column, then a bunch of other columns he wanted in his app. Then we point SimpleMemberhip at that table with a one-liner: WebSecurity.InitializeDatabaseFile("SecurityDemo.sdf", "Users", "UserID", "Username", true); No other tables are needed, the table can be named anything we want, and can have pretty much any schema we want as long as we've got an ID and something that we can map to a username. Broaden database support to the whole SQL Server family While SimpleMembership is not database agnostic, it works across the SQL Server family. It continues to support full SQL Server, but it also works with SQL Azure, SQL Server CE, SQL Server Express, and LocalDB. Everything's implemented as SQL calls rather than requiring stored procedures, views, agents, and change notifications. Note that SimpleMembership still requires some flavor of SQL Server - it won't work with MySQL, NoSQL databases, etc. You can take a look at the code in WebMatrix.WebData.dll using a tool like ILSpy if you'd like to see why - there places where SQL Server specific SQL statements are being executed, especially when creating and initializing tables. It seems like you might be able to work with another database if you created the tables separately, but I haven't tried it and it's not supported at this point. Note: I'm thinking it would be possible for SimpleMembership (or something compatible) to run Entity Framework so it would work with any database EF supports. That seems useful to me - thoughts? Note: SimpleMembership has the same database support - anything in the SQL Server family - that Universal Providers brings to the ASP.NET Membership system. Easy to with Entity Framework Code First The problem with with ASP.NET Membership's system for storing additional account information is that it's the gate keeper. That means you're stuck with its schema and accessing profile information through its API. SimpleMembership flips that around by allowing you to use any table as a user store. That means you're in control of the user profile information, and you can access it however you'd like - it's just data. Let's look at a practical based on the AccountModel.cs class in an ASP.NET MVC 4 Internet project. Here I'm adding a Birthday property to the UserProfile class. [Table("UserProfile")] public class UserProfile { [Key] [DatabaseGeneratedAttribute(DatabaseGeneratedOption.Identity)] public int UserId { get; set; } public string UserName { get; set; } public DateTime Birthday { get; set; } } Now if I want to access that information, I can just grab the account by username and read the value. var context = new UsersContext(); var username = User.Identity.Name; var user = context.UserProfiles.SingleOrDefault(u => u.UserName == username); var birthday = user.Birthday; So instead of thinking of SimpleMembership as a big membership API, think of it as something that handles membership based on your user database. In SimpleMembership, everything's keyed off a user row in a table you define rather than a bunch of entries in membership tables that were out of your control. How SimpleMembership integrates with ASP.NET Membership Okay, enough sales pitch (and hopefully background) on why things have changed. How does this affect you? Let's start with a diagram to show the relationship (note: I've simplified by removing a few classes to show the important relationships): So SimpleMembershipProvider is an implementaiton of an ExtendedMembershipProvider, which inherits from MembershipProvider and adds some other account / OAuth related things. Here's what ExtendedMembershipProvider adds to MembershipProvider: The important thing to take away here is that a SimpleMembershipProvider is a MembershipProvider, but a MembershipProvider is not a SimpleMembershipProvider. This distinction is important in practice: you cannot use an existing MembershipProvider (including the Universal Providers found in System.Web.Providers) with an API that requires a SimpleMembershipProvider, including any of the calls in WebMatrix.WebData.WebSecurity or Microsoft.Web.WebPages.OAuth.OAuthWebSecurity. However, that's as far as it goes. Membership Providers still work if you're accessing them through the standard Membership API, and all of the core stuff  - including the AuthorizeAttribute, role enforcement, etc. - will work just fine and without any change. Let's look at how that affects you in terms of the new templates. Membership in the ASP.NET MVC 4 project templates ASP.NET MVC 4 offers six Project Templates: Empty - Really empty, just the assemblies, folder structure and a tiny bit of basic configuration. Basic - Like Empty, but with a bit of UI preconfigured (css / images / bundling). Internet - This has both a Home and Account controller and associated views. The Account Controller supports registration and login via either local accounts and via OAuth / OpenID providers. Intranet - Like the Internet template, but it's preconfigured for Windows Authentication. Mobile - This is preconfigured using jQuery Mobile and is intended for mobile-only sites. Web API - This is preconfigured for a service backend built on ASP.NET Web API. Out of these templates, only one (the Internet template) uses SimpleMembership. ASP.NET MVC 4 Basic template The Basic template has configuration in place to use ASP.NET Membership with the Universal Providers. You can see that configuration in the ASP.NET MVC 4 Basic template's web.config: <profile defaultProvider="DefaultProfileProvider"> <providers> <add name="DefaultProfileProvider" type="System.Web.Providers.DefaultProfileProvider, System.Web.Providers, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" connectionStringName="DefaultConnection" applicationName="/" /> </providers> </profile> <membership defaultProvider="DefaultMembershipProvider"> <providers> <add name="DefaultMembershipProvider" type="System.Web.Providers.DefaultMembershipProvider, System.Web.Providers, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" connectionStringName="DefaultConnection" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" requiresUniqueEmail="false" maxInvalidPasswordAttempts="5" minRequiredPasswordLength="6" minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10" applicationName="/" /> </providers> </membership> <roleManager defaultProvider="DefaultRoleProvider"> <providers> <add name="DefaultRoleProvider" type="System.Web.Providers.DefaultRoleProvider, System.Web.Providers, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" connectionStringName="DefaultConnection" applicationName="/" /> </providers> </roleManager> <sessionState mode="InProc" customProvider="DefaultSessionProvider"> <providers> <add name="DefaultSessionProvider" type="System.Web.Providers.DefaultSessionStateProvider, System.Web.Providers, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" connectionStringName="DefaultConnection" /> </providers> </sessionState> This means that it's business as usual for the Basic template as far as ASP.NET Membership works. ASP.NET MVC 4 Internet template The Internet template has a few things set up to bootstrap SimpleMembership: \Models\AccountModels.cs defines a basic user account and includes data annotations to define keys and such \Filters\InitializeSimpleMembershipAttribute.cs creates the membership database using the above model, then calls WebSecurity.InitializeDatabaseConnection which verifies that the underlying tables are in place and marks initialization as complete (for the application's lifetime) \Controllers\AccountController.cs makes heavy use of OAuthWebSecurity (for OAuth account registration / login / management) and WebSecurity. WebSecurity provides account management services for ASP.NET MVC (and Web Pages) WebSecurity can work with any ExtendedMembershipProvider. There's one in the box (SimpleMembershipProvider) but you can write your own. Since a standard MembershipProvider is not an ExtendedMembershipProvider, WebSecurity will throw exceptions if the default membership provider is a MembershipProvider rather than an ExtendedMembershipProvider. Practical example: Create a new ASP.NET MVC 4 application using the Internet application template Install the Microsoft ASP.NET Universal Providers for LocalDB NuGet package Run the application, click on Register, add a username and password, and click submit You'll get the following execption in AccountController.cs::Register: To call this method, the "Membership.Provider" property must be an instance of "ExtendedMembershipProvider". This occurs because the ASP.NET Universal Providers packages include a web.config transform that will update your web.config to add the Universal Provider configuration I showed in the Basic template example above. When WebSecurity tries to use the configured ASP.NET Membership Provider, it checks if it can be cast to an ExtendedMembershipProvider before doing anything else. So, what do you do? Options: If you want to use the new AccountController, you'll either need to use the SimpleMembershipProvider or another valid ExtendedMembershipProvider. This is pretty straightforward. If you want to use an existing ASP.NET Membership Provider in ASP.NET MVC 4, you can't use the new AccountController. You can do a few things: Replace  the AccountController.cs and AccountModels.cs in an ASP.NET MVC 4 Internet project with one from an ASP.NET MVC 3 application (you of course won't have OAuth support). Then, if you want, you can go through and remove other things that were built around SimpleMembership - the OAuth partial view, the NuGet packages (e.g. the DotNetOpenAuthAuth package, etc.) Use an ASP.NET MVC 4 Internet application template and add in a Universal Providers NuGet package. Then copy in the AccountController and AccountModel classes. Create an ASP.NET MVC 3 project and upgrade it to ASP.NET MVC 4 using the steps shown in the ASP.NET MVC 4 release notes. None of these are particularly elegant or simple. Maybe we (or just me?) can do something to make this simpler - perhaps a NuGet package. However, this should be an edge case - hopefully the cases where you'd need to create a new ASP.NET but use legacy ASP.NET Membership Providers should be pretty rare. Please let me (or, preferably the team) know if that's an incorrect assumption. Membership in the ASP.NET 4.5 project template ASP.NET 4.5 Web Forms took a different approach which builds off ASP.NET Membership. Instead of using the WebMatrix security assemblies, Web Forms uses Microsoft.AspNet.Membership.OpenAuth assembly. I'm no expert on this, but from a bit of time in ILSpy and Visual Studio's (very pretty) dependency graphs, this uses a Membership Adapter to save OAuth data into an EF managed database while still running on top of ASP.NET Membership. Note: There may be a way to use this in ASP.NET MVC 4, although it would probably take some plumbing work to hook it up. How does this fit in with Universal Providers (System.Web.Providers)? Just to summarize: Universal Providers are intended for cases where you have an existing ASP.NET Membership Provider and you want to use it with another SQL Server database backend (other than SQL Server). It doesn't require agents to handle expired session cleanup and other background tasks, it piggybacks these tasks on other calls. Universal Providers are not really, strictly speaking, universal - at least to my way of thinking. They only work with databases in the SQL Server family. Universal Providers do not work with Simple Membership. The Universal Providers packages include some web config transforms which you would normally want when you're using them. What about the Web Site Administration Tool? Visual Studio includes tooling to launch the Web Site Administration Tool (WSAT) to configure users and roles in your application. WSAT is built to work with ASP.NET Membership, and is not compatible with Simple Membership. There are two main options there: Use the WebSecurity and OAuthWebSecurity API to manage the users and roles Create a web admin using the above APIs Since SimpleMembership runs on top of your database, you can update your users as you would any other data - via EF or even in direct database edits (in development, of course)

    Read the article

< Previous Page | 134 135 136 137 138 139 140 141 142 143 144 145  | Next Page >