brant interactive

Most know by now there are all kinds of great new features included in ASP.NET 2.0. Some of my favorites are: Intellisense everywhere, Master Pages, html code preservation, IIS-less development. Another one is this new security model. There’s a built in admin feature that lets you manage a lot of the stuff stored in web.config, such as general application setting and the aforementioned securtiy settings. You can add roles, permissions and the like to control access to an application. You can also manage the provider - the set of classes that interacts with the storage mechanism of your choice (active directory, sql server, etc). So when you choose the AspNetSqlProvider, just where exactly is the data stored? Maybe the better question is where is this configured and how can I change it? I can see there is an ASPNET.MDF file in the new app_data folder, but one would think that connection string would be specified somewhere in web.config. Well, it’s not. And it’s certainly not clear from the new little built-in admin site.

Here’s where it gets it’s info from - ahhh, the good ol’ the machine.config file:

  <connectionstrings>
    <add name="LocalSqlServer" connectionString="data source=.\SQLEXPRESS;Integrated Security=SSPI;AttachDBFilename=|DataDirectory|aspnetdb.mdf;User Instance=true" providerName="System.Data.SqlClient" />
  </connectionstrings>
 
  <system .web>
    <processmodel autoConfig="true" />
    <httphandlers />
    <membership>
      <providers>
        <add name="AspNetSqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" connectionStringName="LocalSqlServer" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="true" applicationName="/" requiresUniqueEmail="false" passwordFormat="Hashed" maxInvalidPasswordAttempts="5" minRequiredPasswordLength="7" minRequiredNonalphanumericCharacters="1" passwordAttemptWindow="10" passwordStrengthRegularExpression="" />
      </providers>
    </membership>
    <profile>
      <providers>
        <add name="AspNetSqlProfileProvider" connectionStringName="LocalSqlServer" applicationName="/" type="System.Web.Profile.SqlProfileProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
      </providers>
    </profile>
    <rolemanager>
      <providers>
        <add name="AspNetSqlRoleProvider" connectionStringName="LocalSqlServer" applicationName="/" type="System.Web.Security.SqlRoleProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
        <add name="AspNetWindowsTokenRoleProvider" applicationName="/" type="System.Web.Security.WindowsTokenRoleProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
      </providers>
    </rolemanager>
  </system>

Line 2 is where the connection string for the default sql express file is and then in lines 15 & 21 you can see where the connection string is referred to. Now if you want the data stored in your database, you’ll need the tables involved. There’s a script here: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50215\aspnet_regsql.exe (might be in a diff location on your machine) that will create the table for you. What’s strange is, I’ve read quite a few articles on this new security model, but none of them point this out. Maybe it’s obvious. Not to me at least. I’m sure it’s pointed out somewhere in the mountains of documentation on MSDN, hopefully you’ll stumble across this entry first with any luck if you (were!) are in the same boat!