i have a requirement to store Security Question and Answer, Their are columns in aspnet_Membership Table passwordQuestion and PasswordAnswer.i am using the following code
UserInfo User = new UserInfo();
User.AffiliateID = Null.NullInteger;
User.DisplayName =txtDisplayName.Text;
User.FirstName = txtFirstName.Text;
User.LastName = TxtLastName.Text;
User.Membership.Username = txtUserName.Text;
User.Membership.Password = txtPassword.Text;
User.Membership.CreatedDate = DateTime.Now;
User.Membership.Email = txtEmail.Text;
User.PortalID = this.PortalId;
User.Username = txtUserName.Text;
User.Email = txtEmail.Text;
User.Membership.PasswordQuestion =TxtSecurityQuestion.Text;
User.Membership.PasswordAnswer = TxtSecurityAnswer.Text;
UserCreateStatus ucStatus = UserController.CreateUser(ref User);
I am not able to store Password Question and answer in aspnet_Membership Table
If you set the requiresQuestionAndAnswer attribute to true in the SQL membership provider, DNN will automatically provide UI for and fill in those fields.
<membership defaultProvider="AspNetSqlMembershipProvider" userIsOnlineTimeWindow="15">
<providers>
<clear />
<!-- Configuration for AspNetSqlMembershipProvider:
connectionStringName="string" Name corresponding to the entry in <connectionStrings> section where the connection string for the provider is specified
maxInvalidPasswordAttempts="int" The number of failed password attempts, or failed password answer attempts that are allowed before locking out a user?s account
passwordAttemptWindow="int" The time window, in minutes, during which failed password attempts and failed password answer attempts are tracked
enablePasswordRetrieval="[true|false]" Should the provider support password retrievals
enablePasswordReset="[true|false]" Should the provider support password resets
requiresQuestionAndAnswer="[true|false]" Should the provider require Q & A
minRequiredPasswordLength="int" The minimum password length
minRequiredNonalphanumericCharacters="int" The minimum number of non-alphanumeric characters
applicationName="string" Optional string to identity the application: defaults to Application Metabase path
requiresUniqueEmail="[true|false]" Should the provider require a unique email to be specified
passwordFormat="[Clear|Hashed|Encrypted]" Storage format for the password: Hashed (SHA1), Clear or Encrypted (Triple-DES)
description="string" Description of what the provider does
-->
<add name="AspNetSqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider" connectionStringName="SiteSqlServer" enablePasswordRetrieval="true" enablePasswordReset="true" requiresQuestionAndAnswer="true" minRequiredPasswordLength="7" minRequiredNonalphanumericCharacters="0" requiresUniqueEmail="false" passwordFormat="Encrypted" applicationName="DotNetNuke" description="Stores and retrieves membership data from the local Microsoft SQL Server database" />
</providers>
</membership>
You need to create a Membership object and attach it to your new user
Dim newMemebership As New UserMembership(User)
With newMemebership
.CreatedDate = Date.Now()
.Password = txtPassword.Text
.PasswordAnswer = Answer
.PasswordQuestion = Question
.etc....
End With
user.membership = newmembership
Sorry its VB but Im sure you can switch it over
Related
I am trying to use a windows server with IIS and SQL Server to host a website. However, with simple SQL Server ODBC-connection I unfortunately found that there is no chance to work in IIS. After looking for a solution I found that I somehow need to connect SQL Server to IIS. Everybody is taking about a connection string which should be put into "the web.config" file.
String:
<connectionStrings>
<add name="MyProjectContext" connectionString="Server=.\SQLEXPRESS;Database=MyProject;User Id=John;Password=duck;" providerName="System.Data.SqlClient" />
</connectionStrings>
But where exactly do I need to put this, where is this web.config file, how can I get there?
thanks for your help. After researching and trying a lot of things I found a great solution on how to connect my database SQL Server in IIS with PHP.
You need to create a Web.config file in your website path.
Inside this Web.config file paste the connection string e.g.
<?xml version="1.0"?>
<configuration>
<connectionStrings>
<add name="sqlDB" connectionString="Server=xxx.xxx.xxx.xxx; Database=db_name; User Id=sqlserver_user_name; password=sqlserver_password;Max Pool Size=2000;" providerName="System.Data.SqlClient" />
</connectionStrings>
</configuration>
Then create file e.g. sql.php in same path for instance (the example below doesn't need to be changed)
<?php
// start get connection string from web.config
$xml = simplexml_load_file("Web.config") or die("Error: Cannot create object");
//in my case web.config is in previous directory
$array = json_decode(json_encode((array) $xml), 1);
$server = "";
$database = "";
$user = "";
$password = "";
$fullString = ($xml->connectionStrings->add[0]["connectionString"]);
$strArr = explode(";", $fullString);
$arrCount = count($strArr);
$connArr[]="";
for($x=0;$x<$arrCount-1;$x++){
$aS = explode("=",$strArr[$x]);
$connArr+=array(strtolower(trim($aS[0])) => trim($aS[1]));
}
$server = $connArr["server"];
$database = $connArr["database"];
$user = $connArr["user id"];
$password = $connArr["password"];
// end get connection string from web.config
$connectionInfo = array( "UID"=>$user,
"PWD"=>$password,
"Database"=>$database,
"CharacterSet" => "UTF-8");
/* Connect using SQL Server Authentication. */
$conn = sqlsrv_connect( $server, $connectionInfo);
?>
$conn to perform sql_query()
I was following an online Tutorial and i am very new to programming.
Additional information: Keyword not supported: 'server: xxxxx;database
Here's my Code:
Dim sqlCon As New SqlConnection With {
.ConnectionString = " Server= xxxx;Database = ist2gx;User= Ist2gx;Password=hnu91p;Trusted_Connection= True;ProviderName=SqlClient"
}
Please can someone help me out.
ConnectionString does not have a property named ProviderName in it. ProviderName is different from provider property in ConnectionStrings string.
You should change ProviderName=SqlClient with Provider=sqloledb for OLEDB connection strings.
Sql ConnectionString for a standard connection with username and password:
`"Data Source=ServerName; Initial Catalog=DataBaseName; User id=UserName; Password=Secret;Provider=sqloledb"`
Sql ConnectionString for a trusted connection:
`"Data Source=ServerName; Initial Catalog=DataBaseName; Integrated Security=SSPI;Provider=sqloledb"`
For more info take a look at Connection Strings for different providers and SQL Server connection strings.
I successfully setup IdentityServer4 with ASP.NET Core.
As a default config I had this:
IdentityServerAuthenticationOptions options = new IdentityServerAuthenticationOptions()
{
Authority = "http://localhost:5000",
ScopeName = "scope",
ScopeSecret = "ScopeSecret",
AutomaticAuthenticate = true,
AutomaticChallenge = true,
RequireHttpsMetadata = false,
};
Now, using this guide I configured to be read from configuration files and so they can be any numbers in production.
For example if I setup API to be running at http://*:5000 then the client can connect to it via the service IP address like http://192.168.1.100:5000.
Once the client obtains the Bearer token and tries to use it, an Internal Server Error occures with this exception:
Unable to obtain configuration from:
'http://*:5000/.well-known/openid-configuration'.
---> System.IO.IOException: IDX10804: Unable to retrieve document from: 'http://*:5000/.well-known/openid-configuration'.
---> System.UriFormatException: Invalid URI: The hostname could not be parsed.
What is the correct way to configure IdS4 to have dynamic authority?
Update
It seems the problem is with Issuer, any idea on this?
Microsoft.IdentityModel.Tokens.SecurityTokenInvalidIssuerException:
IDX10205: Issuer validation failed. Issuer: 'http://192.168.1.100:5000'. Did not match: validationParameters.ValidIssuer: 'http://localhost:5000' or validationParameters.ValidIssuers: 'null'.
at Microsoft.IdentityModel.Tokens.Validators.ValidateIssuer(String issuer, SecurityToken securityToken, TokenValidationParameters validationParameters)
By a big surprise, all I needed, was to set a value (almost any value) for IssuerUri:
public IServiceProvider ConfigureServices(IServiceCollection services)
{
////...
var identiyBuilder = services.AddIdentityServer(options =>
{
options.RequireSsl = false;
options.IssuerUri = "MyCompany";
});
////...
}
Now, by the above config, I can use the service by any IP address.
I didn't find I could just put in MyCompany
But in my log files I had the following:
Bearer was not authenticated. Failure message: IDX10205: Issuer validation failed. Issuer: 'https://crm.example.com'. Did not match: validationParameters.ValidIssuer: 'MyCompany' or validationParameters.ValidIssuers: 'null'.
I don't quite know what 'issuer' means but I was able to just take 'https://crm.example.com' and get things working with this :
options.IssuerUri = "https://crm.example.com";
I realize this is what would be considered a duplicate topic, but I have followed the recommended steps in the other topics of this same nature with no success.
I am using GGTS 3.6.4 with
Grails 2.3.0
jdk1.7.0_80
Groovy compiler level 2.3
Microsoft SQL Server 2012
I have a grails-app which authenticates users logging in against an LDAP server with Apache Shiro and I have the following code (in the Shiro generated AuthController.groovy) to try and store some information from an external database in the session. (Note: With regards to usernames, passwords, and database names, I've changed all of them here for privacy reasons)
def signIn = {
Subject subject = SecurityUtils.getSubject();
String lowerCaseUserName=params.username.toLowerCase();
def authToken = new UsernamePasswordToken(lowerCaseUserName, params.password)
// Support for "remember me"
if (params.rememberMe) {
authToken.rememberMe = true
}
try{
subject.login(authToken)
if (subject.isAuthenticated())
{
session.username = lowerCaseUserName
// Attempting to get employee id from MS SQL
Sql Database = Sql.newInstance(
'jdbc:sqlserver://myserver;DatabaseName=mydatabase',
'user',
'password',
'com.microsoft.sqlserver.jdbc.SQLServerDriver'
);
Database.eachRow('select empid from table_name where username=${session.username}') { row ->
session.empid = row.empid
}
Database.close();
def targetUri = params.targetUri ?: "/home"
log.info "Redirecting to '${targetUri}'."
redirect(uri: targetUri)
}
}
...
}
However, I get the following error
SQLException occurred when processing request: [POST] /app/auth/signIn - parameters:
username: user
_rememberMe:
targetUri:
password: ***
No suitable driver found for jdbc:sqlserver://myserver;DatabaseName=mydatabase. Stacktrace follows:
java.sql.SQLException: No suitable driver found for jdbc:sqlserver://myserver;DatabaseName=mydatabase
at java.sql.DriverManager.getConnection(DriverManager.java:596)
at java.sql.DriverManager.getConnection(DriverManager.java:215)
at app.AuthController$_closure3.doCall(AuthController.groovy:45)
at grails.plugin.cache.web.filter.PageFragmentCachingFilter.doFilter(PageFragmentCachingFilter.java:200)
at grails.plugin.cache.web.filter.AbstractFilter.doFilter(AbstractFilter.java:63)
at org.apache.shiro.web.servlet.AbstractShiroFilter.executeChain(AbstractShiroFilter.java:449)
at org.apache.shiro.web.servlet.AbstractShiroFilter$1.call(AbstractShiroFilter.java:365)
at org.apache.shiro.subject.support.SubjectCallable.doCall(SubjectCallable.java:90)
at org.apache.shiro.subject.support.SubjectCallable.call(SubjectCallable.java:83)
at org.apache.shiro.subject.support.DelegatingSubject.execute(DelegatingSubject.java:383)
at org.apache.shiro.web.servlet.AbstractShiroFilter.doFilterInternal(AbstractShiroFilter.java:362)
at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
at java.lang.Thread.run(Thread.java:745)
I have tried the following with no success:
Added sqljdbc4.jar to /app/lib/
Manually added /app/lib/ to classpath (via .classpath)
Added sqljdbc4.jar to the classpath via the Properties > Java Build Path > Add JARs
I've tried these variations with sqljdbc4.jar, sqljdbc.jar, and sqlserverjdbc.jar and every combo thereof.
I'm basically stuck. None of the fixes I've read on here, or elsewhere, solve my error. Any help would be greatly appreciated!
Edit 1: Adding Class.forName("com.microsoft.sqlserver.jdbc.SQLServerDriver") above the newInstance call produces the following errors:
ClassNotFoundException occurred when processing request: [POST] /app/auth/signIn - parameters:
username: user
_rememberMe:
targetUri:
password: ***
com.microsoft.sqlserver.jdbc.SQLServerDriver. Stacktrace follows:
java.lang.ClassNotFoundException: com.microsoft.sqlserver.jdbc.SQLServerDriver
at java.net.URLClassLoader$1.run(URLClassLoader.java:366)
at java.net.URLClassLoader$1.run(URLClassLoader.java:355)
at java.net.URLClassLoader.findClass(URLClassLoader.java:354)
at java.lang.ClassLoader.loadClass(ClassLoader.java:425)
at java.lang.ClassLoader.loadClass(ClassLoader.java:358)
at java.lang.Class.forName(Class.java:195)
at isec.AuthController$_closure3.doCall(AuthController.groovy:45)
at grails.plugin.cache.web.filter.PageFragmentCachingFilter.doFilter(PageFragmentCachingFilter.java:200)
at grails.plugin.cache.web.filter.AbstractFilter.doFilter(AbstractFilter.java:63)
at org.apache.shiro.web.servlet.AbstractShiroFilter.executeChain(AbstractShiroFilter.java:449)
at org.apache.shiro.web.servlet.AbstractShiroFilter$1.call(AbstractShiroFilter.java:365)
at org.apache.shiro.subject.support.SubjectCallable.doCall(SubjectCallable.java:90)
at org.apache.shiro.subject.support.SubjectCallable.call(SubjectCallable.java:83)
at org.apache.shiro.subject.support.DelegatingSubject.execute(DelegatingSubject.java:383)
at org.apache.shiro.web.servlet.AbstractShiroFilter.doFilterInternal(AbstractShiroFilter.java:362)
at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
at java.lang.Thread.run(Thread.java:745)
Is this a step forward, backward, or are we running in place?
Edit 2: What I ended up having to do was change my DataSource.groovy to this
dataSource {
pooled = true
}
hibernate {
cache.use_second_level_cache = true
cache.use_query_cache = false
cache.region.factory_class = 'net.sf.ehcache.hibernate.EhCacheRegionFactory' // Hibernate 3
//cache.region.factory_class = 'org.hibernate.cache.ehcache.EhCacheRegionFactory' // Hibernate 4
}
// environment specific settings
environments {
development {
dataSource {
dbCreate = "validate"
url = "jdbc:sqlserver://myserver:1433;databaseName=mydatabase;"
driverClassName = "com.microsoft.sqlserver.jdbc.SQLServerDriver"
username = "myusername"
password = "mypassword"
}
}
....
}
and changed my AuthController.groovy data access to
try{
subject.login(authToken)
if (subject.isAuthenticated())
{
ShiroUser currentUser = new ShiroUser()
def targetUri = params.targetUri ?: "/home"
log.info "Redirecting to '${targetUri}'."
redirect(uri: targetUri)
}
}
and I have successfully accessed my DB with a modified ShiroUser.groovy file
class ShiroUser {
static hasMany = [ roles: ShiroRole, permissions: String ]
User_Data userData;
static constraints = {
}
def getUsername() {
return userData.username
}
}
where User_Data.groovy is a new domain class containing
class User_Data {
static mapping = {
table "mytablename"
}
...
}
So now I'm onto messing with methods! Not sure why JDBC stuff didn't work out, but GORM is the path I'm taking now.
you definitely need to add sqljdbc4.jar to /app/lib/ which you have already done.
have you tried adding database connection to the BuildConfig.groovy
dataSource {
dbCreate = "update" // one of 'create', 'create-drop', 'update', 'validate', ''
driverClassName = "com.microsoft.sqlserver.jdbc.SQLServerDriver"
dialect = "org.hibernate.dialect.SQLServerDialect"
url = "jdbc:sqlserver://localhost:1433;databaseName=dbName"
username = "sa"
password = ""
}
Also make sure the SQL server is configured to accept connection on port 1433. It is disabled by default.
I'm trying to setup an ActiveDirectoryMembershipProvider to go against a Forest and I can't seem to get it working. One of our AD Admins suggested I refer to the global catalog but it seems that is not supported. Anyone know if you can and if so how do you configure the AD Membership Provider to go against a Forest?
Here are some of the permutations I've tried and the resultant errors.
<add name="ADConnectionString1"
connectionString="LDAP://domain.org/DC=domain,DC=org:3268" />
"A referral was returned from the
server"
<add name="ADConnectionString2"
connectionString="LDAP://domain.org/DC=domain,DC=org:" />
A null reference exception.
<add name="ADConnectionString3"
connectionString="LDAP://domain.org" />
A null reference exception
<add name="ADConnectionString4"
connectionString="LDAP://domain.org:3268" />
"LDAP connections on the GC port are
not supported against Active
Directory."
<add name="ADConnectionString5"
connectionString="LDAP://domain.org:3268/DC=domain,DC=org:3268" />
"LDAP connections on the GC port are
not supported against Active
Directory."
<add name="ADConnectionString6"
connectionString="LDAP://domain.org:3268/DC=domain,DC=org" />
"LDAP connections on the GC port are
not supported against Active
Directory."
I don't have access to test an ActiveDirectoryMembershipProvider at the moment but global catalog searches are usually performed using the GC:// moniker. E.g.
using (DirectoryEntry searchRoot = new DirectoryEntry("GC://DC=yourdomain,DC=com"))
using (DirectorySearcher ds = new DirectorySearcher(searchRoot))
{
ds.Filter = "(sAMAccountName=userID1)";
ds.SearchScope = SearchScope.Subtree;
using (SearchResultCollection src = ds.FindAll())
{
foreach (SearchResult sr in src)
{
uxFred.Content = sr.Path;
}
}
}
My suggestion when working in ASP.NET is always to get your search filters, etc. working using LDP or just a plain console/winform/wpf app.