asp.net authentication - use credentials from web.

2019-04-14 09:18发布

问题:

I have a simple problem which is giving me headaches for a couple of days.

I've created very simple application with login control. I keep user data in web.config file:

<authentication mode="Forms">
    <forms name=".RzeskoLoginCookie">
        <credentials passwordFormat="Clear">
             <user name="test" password="test"/>
        </credentials>
    </forms>
</authentication>

I will deploy this simple website to IIS on computer on which I do not want to use SQL Server.

My login button event looks like this:

protected void Login1_LoggingIn(object sender, LoginCancelEventArgs e)
{
    if(FormsAuthentication.Authenticate(Login1.UserName, Login1.Password))
    {
        FormsAuthentication.RedirectFromLoginPage(Login1.UserName, Login1.RememberMeSet);
    }
}

Now the problem:

When I am running a website on VS2008 built in webserver, everything works fine (I can log in). When I copy my website to IIS I am constantly getting this annoying error (after I click Login button):

Failed to generate a user instance of SQL Server due to failure in retrieving the user's local application data path. Please make sure the user has a local user profile on the computer. The connection will be closed.

I also observed that in my App_Data folder some weird files are being created.

To sum up. What I want to achieve is to use user credentials from web.config file, without using sql server.

I'd appreciate any help

Kind Regards PK

回答1:

From the MSDN page for Login control:

*

The Login control uses a membership provider to obtain user credentials. Unless you specify otherwise, the Login control uses the default membership provider defined in the Web.config file. To specify a different provider, set the MembershipProvider property to one of the membership provider names defined in your application's Web.config file. For more information, see Membership Providers.

*

The default Membership provider is the AspNetSqlProvider which uses a SQL Server database as its user store.

If you want to provide a custom authentication routine, you can either write your own custom Membership provider or handle the OnAuthenticate method of the Login control to provide your own authentication logic.



回答2:

If you notice in your code, you have the method declaration for handling the <asp:Login> control's LoggingIn event:

protected void Login1_LoggingIn(object sender, LoginCancelEventArgs e)

This control interfaces with the ASP.NET Membership provider which is probably why it is looking for a connection string.

So rather than using the <asp:Login> control, simply use a button and handle the Click event so that there is no use of Membership:

<asp:Button id="LoginButton" Text="Login" OnClick="Login_OnClick" runat="server" />

Code behind (notice the different signature of the method):

public void Login_OnClick(object sender, EventArgs args)
{
    if(FormsAuthentication.Authenticate(Login1.UserName, Login1.Password))
    {
        FormsAuthentication.RedirectFromLoginPage(Login1.UserName, Login1.RememberMeSet);
    }
}


回答3:

Ok, thanks everybody for pointing out the solution. I finally managed to avoid that error by creating my own authentication event (associated with the login control).