Convert BlogEngine to use Asp.NET Membership Provider

BlogEngine.NET Tags

This BlogEngine instance uses the Asp.NET Membership Provider, and it was actually quite easy to convert. Big kudos to the team who has worked on this Blog software.

Comment out this code inside Web.config

  <membership defaultProvider="XmlMembershipProvider" >
    <providers>
      <clear />
      <add name="XmlMembershipProvider" type="BlogEngine.Core.Providers.XmlMembershipProvider, BlogEngine.Core" description="XML membership provider" xmlFileName="~/App_Data/users.xml"/>
    </providers>
   </membership>

   <roleManager defaultProvider="XmlRoleProvider" enabled="true" cacheRolesInCookie="true" cookieName=".BLOGENGINEROLES">
    <providers>
      <clear />
      <add name="XmlRoleProvider" type="BlogEngine.Core.Providers.XmlRoleProvider, BlogEngine.Core" description="XML role provider" xmlFileName="~/App_Data/roles.xml"/>
    </providers>
   </roleManager>

Replace it with this code

  <membership defaultProvider="SqlMembershipProvider">
    <providers>
      <add name="SqlMembershipProvider"
          type="System.Web.Security.SqlMembershipProvider"
          connectionStringName="BlogEngine"
          applicationName="JwendlBlog"
          minRequiredPasswordLength="5"
          minRequiredNonalphanumericCharacters="0" />
    </providers>
   </membership>

   <roleManager enabled="true" defaultProvider="SqlRoleProvider">
    <providers>
      <add connectionStringName="BlogEngine" name="SqlRoleProvider"
          applicationName="JwendlBlog"
          type="System.Web.Security.SqlRoleProvider" />
    </providers>
   </roleManager></pre></div>

Then you have to install the ASP.NET Membership SQL Registration program. Best described at this URL http://aspnet.4guysfromrolla.com/articles/040506-1.aspx

This was almost all you need to do to finish the conversion. The problem is that you need to now setup a default user of some sort. This can be easy, or hard depending on how the WSAT installed your instance. Please read up on ASP.NET membership before you attempt to convert over. I had to manually set the roles up on the proper application and user inside the aspnet_UsersInRoles table. After that, login with the default user and everything works just fine.

The reason why this works is because the XmlMembershipProvider class inherits the MembershipProvider class that ASP.NET provides. This means that all of the functions that BlogEngine uses for authentication are extensible to any custom membership provider that you can dream of.

d08af953-991f-419f-8d6e-b532e1fa1fbd|0|.0

Comments (10) Permalink Post Comment Feed

Integrating GalleryServerPro into BlogEngine.NETI integrated GalleryServerPro into BlogEngine.NET using the ASP.NET SQL Server Membership. Here are ...How to setup multiple extension settings in BlogEngine The latest build of BlogEngine now supports multiple scalar extension settings. This is great news...My BlogEngine Todo ListThis page is just a holder for things that I want to help out with or create for BlogEngine : Wr...

Comments

Scot

When I try what you provided above this is what I get can you help in telling me what I am doing wrong?

EXECUTE permission denied on object 'aspnet_CheckSchemaVersion', database 'blog', schema 'dbo'.
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

Exception Details: System.Data.SqlClient.SqlException: EXECUTE permission denied on object 'aspnet_CheckSchemaVersion', database 'blog', schema 'dbo'.

Source Error:

An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.

Stack Trace:

[SqlException (0x80131904): EXECUTE permission denied on object 'aspnet_CheckSchemaVersion', database 'blog', schema 'dbo'.]
   System.Data.SqlClient.SqlConnection.OnError(SqlException exception, Boolean breakConnection) +862234
   System.Data.SqlClient.SqlInternalConnection.OnError(SqlException exception, Boolean breakConnection) +739110
   System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject stateObj) +188
   System.Data.SqlClient.TdsParser.Run(RunBehavior runBehavior, SqlCommand cmdHandler, SqlDataReader dataStream, BulkCopySimpleResultSet bulkCopyHandler, TdsParserStateObject stateObj) +1956
   System.Data.SqlClient.SqlCommand.FinishExecuteReader(SqlDataReader ds, RunBehavior runBehavior, String resetOptionsString) +149
   System.Data.SqlClient.SqlCommand.RunExecuteReaderTds(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, Boolean async) +903
   System.Data.SqlClient.SqlCommand.RunExecuteReader(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, String method, DbAsyncResult result) +132
   System.Data.SqlClient.SqlCommand.InternalExecuteNonQuery(DbAsyncResult result, String methodName, Boolean sendToPipe) +415
   System.Data.SqlClient.SqlCommand.ExecuteNonQuery() +135
   System.Web.Util.SecUtility.CheckSchemaVersion(ProviderBase provider, SqlConnection connection, String[] features, String version, Int32& schemaVersionCheck) +367
   System.Web.Security.SqlMembershipProvider.CheckSchemaVersion(SqlConnection connection) +85
   System.Web.Security.SqlMembershipProvider.GetPasswordWithFormat(String username, Boolean updateLastLoginActivityDate, Int32& status, String& password, Int32& passwordFormat, String& passwordSalt, Int32& failedPasswordAttemptCount, Int32& failedPasswordAnswerAttemptCount, Boolean& isApproved, DateTime& lastLoginDate, DateTime& lastActivityDate) +1121
   System.Web.Security.SqlMembershipProvider.CheckPassword(String username, String password, Boolean updateLastLoginActivityDate, Boolean failIfNotApproved, String& salt, Int32& passwordFormat) +105
   System.Web.Security.SqlMembershipProvider.CheckPassword(String username, String password, Boolean updateLastLoginActivityDate, Boolean failIfNotApproved) +42
   System.Web.Security.SqlMembershipProvider.ValidateUser(String username, String password) +83
   System.Web.UI.WebControls.Login.OnAuthenticate(AuthenticateEventArgs e) +160
   System.Web.UI.WebControls.Login.AttemptLogin() +105
   System.Web.UI.WebControls.Login.OnBubbleEvent(Object source, EventArgs e) +99
   System.Web.UI.Control.RaiseBubbleEvent(Object source, EventArgs args) +35
   System.Web.UI.WebControls.Button.OnCommand(CommandEventArgs e) +115
   System.Web.UI.WebControls.Button.RaisePostBackEvent(String eventArgument) +163
   System.Web.UI.WebControls.Button.System.Web.UI.IPostBackEventHandler.RaisePostBackEvent(String eventArgument) +7
   System.Web.UI.Page.RaisePostBackEvent(IPostBackEventHandler sourceControl, String eventArgument) +11
   System.Web.UI.Page.RaisePostBackEvent(NameValueCollection postData) +33
   System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +5102

Version Information: Microsoft .NET Framework Version:2.0.50727.832; ASP.NET Version:2.0.50727.832

1/29/2008 11:23:20 AM #

| Reply

jwendl

Scot,

It appears that one of two things aren't working out in yours environment. Maybe you can try to re-run the aspnet_regsql.exe file again to get the permissions setup properly, but if that doesn't work it might be because of the username setup for the database tables.

What do you use for your NETWORK_SERVICE user account? If it's left at the default of NETWORK_SERVICE or IUSR_<MACHINE NAME> then you might have to give it permissions to that table.

-- Add user to database role
USE aspnetdb
GO
sp_addrolemember 'aspnet_Membership_FullAccess', '<User Name>'

Unfortunately the ASPNET Membership stuff uses EXECUTE statements when you login or create a user. So you might have to play around with permissions a little bit on the user that has access to the database.

2/3/2008 4:40:46 AM #

| Reply

Andre Tagesgeld

Ah - that´s a nice idea. Didn´t expect it to be this easy.

5/11/2008 9:17:07 PM #

| Reply

Fertiggarage

What are the benefits of using asp.net membership provider?

4/2/2009 12:11:07 PM #

| Reply

Steven W. Scott

Hrmm that was weird, my comment got eaten. Anyway I wanted to say that it's nice to know that someone else also mentioned this as I had trouble finding the same info elsewhere. This was the first place that told me the answer. Thanks.

7/16/2009 12:19:19 AM #

| Reply

Joe

Good post and nice blog design,is it a custom design?

7/16/2009 2:27:54 AM #

| Reply

Tech Blog

That was surprising easy and quick. Nice find there mate ;)

9/8/2009 2:07:51 PM #

| Reply

manunited1991

Nice......It look nice to try but is it easy to do it?Because I myself is a programmer student and to other that is not programmer,it could be hard as only one mistake you make,could bring a totally different result at the end.

10/10/2009 4:23:20 AM #

| Reply

jwendl

It is just configuration changes. They were not that tough to go through, I would imagine that anyone with experience inside the web.config can handle this. It would be more system administration work.

10/10/2009 7:15:49 PM #

| Reply

Brodhurst

Hi just stumbled your site and have been reading some of your entries and just wondering why you selected a Microsoft blog dont you find it difficult to do anything with?