ASP.Net调用Membership.CreateUser（）时设置正确的连接字符串

Question

这是我最后一个问题的继续：“内部数据库 - 用户创建时ASP.NET自动网站注册”。我正在运行下面的代码。这只是一个测试代码块。它的工作原理，但我的问题是它创建App_Data目录中的默认SQLEXPRESS ASPNETDB.MDF。这不是我想要的。

// Create a MembershipCreateStatus Status for Reporting... 
MembershipCreateStatus status = new MembershipCreateStatus(); 
// Setup SqlMembershipProvider for Initialization... 
SqlMembershipProvider sqlProvider = new SqlMembershipProvider(); 
// Setup a NameValueCollection... 
NameValueCollection config = new NameValueCollection(); 
// Set the Connection Name of the SQL Connection String... 
string SQLDBNameString = "My Company Database.Properties.Settings.ConnectionString"; 
// Update the private connection string field in the base class. 
string connectionString = "Data Source=Server;Initial Catalog=’My Company Database';User ID=USERNAME;Password=PASSWORD"; 
// Username of the account to add... 
string username = "User121"; 
// Generate a dynamic Password.... 
string password = Membership.GeneratePassword(8, 1); 
// Email Address of the User... 
string email = "email@email.com"; 

try 
{ 
    string Name = "My Company Database"; 

    config.Add("applicationName", "My Company Database"); 
    config.Add("maxInvalidPasswordAttempts", "5"); 
    config.Add("passwordAttemptWindow", "10"); 
    config.Add("minRequiredPasswordLength", "8"); 
    config.Add("passwordStrengthRegularExpression", ""); 
    config.Add("enablePasswordReset", "True"); 
    config.Add("enablePasswordRetrieval", "False"); 
    config.Add("requiresQuestionAndAnswer", "False"); 
    config.Add("requiresUniqueEmail", "True"); 
    config.Add("passwordFormat", "Hashed"); 
    config.Add("connectionStringName", SQLDBNameString); 

    sqlProvider.Initialize(Name, config); 

    ConnectionStringSettings ConnectionStringSettings = ConfigurationManager.ConnectionStrings[SQLDBNameString]; 
    if ((ConnectionStringSettings == null) || (ConnectionStringSettings.ConnectionString.Trim() == String.Empty)) 
    { 
     throw new Exception("Connection string cannot be blank."); 
    } 

    // connectionString = ConnectionStringSettings.ConnectionString; 

    MembershipUser newUser = Membership.CreateUser(username, password, email, "Whats My Password", password, true, out status); 
} 
catch (Exception ex) 
{ 
    String message = "Error...\r\n\r\n" + ex.ToString(); 
    String caption = "Error"; 
    MessageBoxButtons button = MessageBoxButtons.OK; 
    MessageBoxIcon icon = MessageBoxIcon.Asterisk; 
    MessageBox.Show(message, caption, button, icon); 
} 

MessageBox.Show("Account Creation : " + status.ToString() + "\r\n" 
       + "Username is  : " + username + "\r\n" 
       + "Password is  : " + password + "\r\n" 
       + "Email    : " + email); 

此代码是在C＃应用程序，SQL前端数据库运行，它应该自动创建一个用户，这样一旦我将它们添加到我的数据库，他们可以登录到网页。此代码未在ASP网站应用程序中运行。我的“配置”并没有从我所能看到的那个时候开始。任何帮助非常appreaciated！

Answer 1

最后一个解决方案，贯穿我的网站和C＃内部数据库。

我的一部分陡峭的学习曲线。它实际上比我想象的要简单得多。下面是需要进入，需要在你的C＃项目app.config文件的代码：

<configuration> 
<configSections> 
</configSections> 
<connectionStrings> 
<add name="My Company Database.Properties.Settings.ConnectionString" 
    connectionString="Data Source=Server;Initial Catalog='My Company Database';Persist Security Info=True;User ID=MyUserName;Password=MyPassword" 
    providerName="System.Data.SqlClient" /> 
</connectionStrings> 

<system.web> 
<compilation debug="true" targetFramework="4.0" /> 

<authentication mode="Forms"> 
<forms loginUrl="~/Account/Login.aspx" timeout="2880" /> 
</authentication> 

<membership> 
<providers> 
<clear/> 
<add name="AspNetSqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider" connectionStringName="My Company Database.Properties.Settings.ConnectionString" 
     enablePasswordRetrieval="False" enablePasswordReset="true" requiresQuestionAndAnswer="false" requiresUniqueEmail="false" 
     maxInvalidPasswordAttempts="5" minRequiredPasswordLength="6" minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10" 
     applicationName="/" /> 
</providers> 
</membership> 

</system.web> 

</configuration> 

下面是使用默认的MembershipProvider（）的代码：

// Create a MembershipCreateStatus Status for Reporting... 
MembershipCreateStatus status = new MembershipCreateStatus(); 

// Username of the account to add... 
string username = "User121"; 
// Generate a dynamic Password.... 
string password = "P@55W0Rd"; 
// Email Address of the User... 
string email = "email@email.com"; 
// Password Question of the User... 
string passwordQuestion = "My Password Question?"; 
// Password Answer of the User... 
string passwordAnswer = "My Password Answer!"; 

try 
{ 
Membership.CreateUser(username, password, email, passwordQuestion, passwordAnswer, true, out status); 
} 
catch (Exception ex) 
{ 
    this.richTextBox1.Text = "Error...\r\n\r\n" + ex.ToString(); 
} 

this.richTextBox1.Text = ("Account Creation : " + status.ToString() + "\r\n" 
           + "Username is  : " + username + "\r\n" 
           + "Password is  : " + password + "\r\n" 
           + "Email    : " + email); 

我尝试添加一个web.config，就像ASP.NET Web应用程序一样，但是失败了。我甚至没有想到把配置放到app.config中直到今天。有趣的是，当试图解决问题时大脑是如何工作的。

密码哈希和盐分都是由.NET内置的默认MembershipProvider类处理的。不需要做任何疯狂的编码哈希和腌制。

Answer 2

我有这样的代码工作：

// Create MembershipUser... 
MembershipUser membershipUser = null; 

// Create a MembershipCreateStatus Status for Reporting... 
MembershipCreateStatus status = new MembershipCreateStatus(); 

// Update the private connection string field in the base class. 
string connectionString = "Data Source=SERVER;Initial Catalog='My Company Database';User ID=USERNAME;Password=PASSWORD"; 

// Application Name... 
string applicationName = "My Company Database"; 
// Username of the account to add... 
string username = "NewUser"; 
// Generate a dynamic Password.... 
string password = Membership.GeneratePassword(12, 3); 
// Email Address of the User... 
string email = "email@email.com"; 
// The Password Question... 
string passwordQuestion = "What is my Password?"; 
// The Password Answer... 
string passwordAnswer = "My Password is: ....."; 
// Is Approved... 
bool isApproved = true; 
// Current Time Utc... 
DateTime dateTimeUtc = DateTime.UtcNow; 
// Create Date... 
DateTime createDateTime = DateTime.Now; 
// uniqueEmail = 
int uniqueEmail = 1; 
// Password Format... 
int passwordFormat = 1; 
// Set the GUID... 
Guid guid= Guid.NewGuid(); 

if (membershipUser == null) 
{ 
    SqlConnection sqlConnection = new SqlConnection(connectionString); 
    SqlCommand sqlCommand = new SqlCommand("aspnet_Membership_CreateUser", sqlConnection); 

    sqlCommand.CommandType = CommandType.StoredProcedure; 

    sqlCommand.Parameters.Add("@ApplicationName", SqlDbType.NVarChar, 255).Value = applicationName; // Input Parameter... 
    sqlCommand.Parameters.Add("@UserName", SqlDbType.NVarChar, 255).Value = username;     // Input Parameter... 
    sqlCommand.Parameters.Add("@Password", SqlDbType.NVarChar, 127).Value = password;     // Input Parameter... 
    sqlCommand.Parameters.Add("@PasswordSalt", SqlDbType.NVarChar, 127).Value = password;    // Input Parameter... 
    sqlCommand.Parameters.Add("@Email", SqlDbType.NVarChar, 255).Value = email;      // Input Parameter... 
    sqlCommand.Parameters.Add("@PasswordQuestion", SqlDbType.NVarChar, 255).Value = passwordQuestion; // Input Parameter... 
    sqlCommand.Parameters.Add("@PasswordAnswer", SqlDbType.NVarChar, 127).Value = passwordAnswer;  // Input Parameter... 
    sqlCommand.Parameters.Add("@IsApproved", SqlDbType.Bit).Value = isApproved;      // Input Parameter... 
    sqlCommand.Parameters.Add("@CurrentTimeUtc", SqlDbType.DateTime, 7).Value = dateTimeUtc;   // Input Parameter... 
    sqlCommand.Parameters.Add("@CreateDate", SqlDbType.DateTime, 7).Value = createDateTime;   // Input Parameter... 
    sqlCommand.Parameters.Add("@UniqueEmail", SqlDbType.Int, 3).Value = uniqueEmail;     // Input Parameter... 
    sqlCommand.Parameters.Add("@PasswordFormat", SqlDbType.Int, 3).Value = passwordFormat;    // Input Parameter... 
    sqlCommand.Parameters.Add("@UserId", SqlDbType.UniqueIdentifier, 15).Value = guid;     // Output Parameter... 

    try 
    { 
    sqlConnection.Open(); 
    sqlCommand.ExecuteNonQuery(); 
    status = MembershipCreateStatus.Success; 
    } 
    catch (SqlException ex) 
    { 
     richTextBox1.Text = ex.ToString(); 
     status = MembershipCreateStatus.ProviderError; 
    } 
    finally 
    { 
     sqlConnection.Close(); 
    } 
     this.textBox1.Text = status.ToString(); 

的明显的一点就是目前我没有现有用户，Email等的检查。我还需要散列密码答案并修复SaltPassword设置。

这里是默认ASP提供商SQL存储过程CREATEUSER：

ALTER PROCEDURE [dbo].[aspnet_Membership_CreateUser] 
@ApplicationName      nvarchar(256), 
@UserName        nvarchar(256), 
@Password        nvarchar(128), 
@PasswordSalt       nvarchar(128), 
@Email         nvarchar(256), 
@PasswordQuestion      nvarchar(256), 
@PasswordAnswer       nvarchar(128), 
@IsApproved        bit, 
@CurrentTimeUtc       datetime, 
@CreateDate        datetime = NULL, 
@UniqueEmail       int  = 0, 
@PasswordFormat       int  = 0, 
@UserId         uniqueidentifier OUTPUT 
AS 
BEGIN 
DECLARE @ApplicationId uniqueidentifier 
SELECT @ApplicationId = NULL 

DECLARE @NewUserId uniqueidentifier 
SELECT @NewUserId = NULL 

DECLARE @IsLockedOut bit 
SET @IsLockedOut = 0 

DECLARE @LastLockoutDate datetime 
SET @LastLockoutDate = CONVERT(datetime, '17540101', 112) 

DECLARE @FailedPasswordAttemptCount int 
SET @FailedPasswordAttemptCount = 0 

DECLARE @FailedPasswordAttemptWindowStart datetime 
SET @FailedPasswordAttemptWindowStart = CONVERT(datetime, '17540101', 112) 

DECLARE @FailedPasswordAnswerAttemptCount int 
SET @FailedPasswordAnswerAttemptCount = 0 

DECLARE @FailedPasswordAnswerAttemptWindowStart datetime 
SET @FailedPasswordAnswerAttemptWindowStart = CONVERT(datetime, '17540101', 112) 

DECLARE @NewUserCreated bit 
DECLARE @ReturnValue int 
SET @ReturnValue = 0 

DECLARE @ErrorCode  int 
SET @ErrorCode = 0 

DECLARE @TranStarted bit 
SET @TranStarted = 0 

IF(@@TRANCOUNT = 0) 
BEGIN 
    BEGIN TRANSACTION 
    SET @TranStarted = 1 
END 
ELSE 
    SET @TranStarted = 0 

EXEC dbo.aspnet_Applications_CreateApplication @ApplicationName, @ApplicationId OUTPUT 

IF(@@ERROR <> 0) 
BEGIN 
    SET @ErrorCode = -1 
    GOTO Cleanup 
END 

SET @CreateDate = @CurrentTimeUtc 

SELECT @NewUserId = UserId FROM dbo.aspnet_Users WHERE LOWER(@UserName) = LoweredUserName AND @ApplicationId = ApplicationId 
IF (@NewUserId IS NULL) 
BEGIN 
    SET @NewUserId = @UserId 
    EXEC @ReturnValue = dbo.aspnet_Users_CreateUser @ApplicationId, @UserName, 0, @CreateDate, @NewUserId OUTPUT 
    SET @NewUserCreated = 1 
END 
ELSE 
BEGIN 
    SET @NewUserCreated = 0 
    IF(@NewUserId <> @UserId AND @UserId IS NOT NULL) 
    BEGIN 
     SET @ErrorCode = 6 
     GOTO Cleanup 
    END 
END 

IF(@@ERROR <> 0) 
BEGIN 
    SET @ErrorCode = -1 
    GOTO Cleanup 
END 

IF(@ReturnValue = -1) 
BEGIN 
    SET @ErrorCode = 10 
    GOTO Cleanup 
END 

IF (EXISTS (SELECT UserId 
       FROM dbo.aspnet_Membership 
       WHERE @NewUserId = UserId)) 
BEGIN 
    SET @ErrorCode = 6 
    GOTO Cleanup 
END 

SET @UserId = @NewUserId 

IF (@UniqueEmail = 1) 
BEGIN 
    IF (EXISTS (SELECT * 
       FROM dbo.aspnet_Membership m WITH (UPDLOCK, HOLDLOCK) 
       WHERE ApplicationId = @ApplicationId AND LoweredEmail = LOWER(@Email))) 
    BEGIN 
     SET @ErrorCode = 7 
     GOTO Cleanup 
    END 
END 

IF (@NewUserCreated = 0) 
BEGIN 
    UPDATE dbo.aspnet_Users 
    SET LastActivityDate = @CreateDate 
    WHERE @UserId = UserId 
    IF(@@ERROR <> 0) 
    BEGIN 
     SET @ErrorCode = -1 
     GOTO Cleanup 
    END 
END 

INSERT INTO dbo.aspnet_Membership 
      (ApplicationId, 
       UserId, 
       Password, 
       PasswordSalt, 
       Email, 
       LoweredEmail, 
       PasswordQuestion, 
       PasswordAnswer, 
       PasswordFormat, 
       IsApproved, 
       IsLockedOut, 
       CreateDate, 
       LastLoginDate, 
       LastPasswordChangedDate, 
       LastLockoutDate, 
       FailedPasswordAttemptCount, 
       FailedPasswordAttemptWindowStart, 
       FailedPasswordAnswerAttemptCount, 
       FailedPasswordAnswerAttemptWindowStart) 
    VALUES (@ApplicationId, 
       @UserId, 
       @Password, 
       @PasswordSalt, 
       @Email, 
       LOWER(@Email), 
       @PasswordQuestion, 
       @PasswordAnswer, 
       @PasswordFormat, 
       @IsApproved, 
       @IsLockedOut, 
       @CreateDate, 
       @CreateDate, 
       @CreateDate, 
       @LastLockoutDate, 
       @FailedPasswordAttemptCount, 
       @FailedPasswordAttemptWindowStart, 
       @FailedPasswordAnswerAttemptCount, 
       @FailedPasswordAnswerAttemptWindowStart) 

IF(@@ERROR <> 0) 
BEGIN 
    SET @ErrorCode = -1 
    GOTO Cleanup 
END 

IF(@TranStarted = 1) 
BEGIN 
    SET @TranStarted = 0 
    COMMIT TRANSACTION 
END 

RETURN 0 
    Cleanup: 

IF(@TranStarted = 1) 
BEGIN 
    SET @TranStarted = 0 
    ROLLBACK TRANSACTION 
END 

RETURN @ErrorCode 
    END 

在我看来，有默认的MembershipProvider大的限制，如果你想在我的情况做简单的东西，比如在哪里想在ASP Web应用程序之外创建一个新用户。也许有另一种方法可以做到这一点更简单？

如果有人有更好的答案，那么我真的appreaciate输入？

谢谢。