CreateUserWizard Passsword Strength

To configure the strength of the password used by the CreateUserWizard control it needs to be set in the membership section of your web.config


  
    
    
  

The above example sets it to 7 alphanumeric characters.

PasswordRecovery – Gotcha

Using the default style for the register and password recovery controls, the register expects a user name and email address. The passowrd recovery template asks for your email address, but what it actually looks up in the background is based on the user name and will therefore never find a match for the email address entered. A quick way round this is to change the default text to say User name instead of Email Address!

CreateUserWizard – CreatedUser Event

When the CreatedUser event is fired and the LoginCreatedUser is set to true, the new user is only logged in once the event is completed! To get the new user information use the following code…

using System.Web.Security;
...
protected void CreateUserWizard1_CreatedUser(object sender, EventArgs e)
{
    TextBox serialNumberTextBox = 
        (TextBox)CreateUserWizardStep1.ContentTemplateContainer.FindControl("SerialNumberTextBox");
    SerialNumber serial = new SerialNumber(serialNumberTextBox.Text);
    serial.UserId = Membership.GetUser(CreateUserWizard1.UserName).ProviderUserKey.ToString();
    serial.DateRegistered = DateTime.Now;
    serial.Save();
}

CreateUserWizard – ErrorMessage

I can’t find anyway of using the ErrorMessage that is part of the CreateUserWizard. I can FindControl OK and set the values, but when it is rendered to the page its blank. Had to resort to adding my own literal to the page so that I can see my errors.

ASP.Net Membership Configuration

To configure an existing site to use ASP.Net Membership, but storing the data in the site database rather than creating an MDF in the APP_Data folder.

Run the utility c:\windows\microsoft.net\framework\v2.0.50727\aspnet_regsql

Follow the wizard to connect to the relevant server/database, this will need to be repeated for both test and production.

In the <system.web> section of the web.config ensure that an entry as below is included…

<membership defaultProvider="SqlProvider" userIsOnlineTimeWindow="15">
  <providers>
    <clear />
    <add
      name="SqlProvider"
      type="System.Web.Security.SqlMembershipProvider"
      connectionStringName="SecurityConnection"
      applicationName="CHANGETHIS"
      enablePasswordRetrieval="false"
      enablePasswordReset="true"
      requiresQuestionAndAnswer="true"
      requiresUniqueEmail="true"
      passwordFormat="Hashed" />
  </providers>
</membership>

In the <connectionStrings> section add the appropriate connection string with a key of “SecurityConenction”

While editing the site within VS2005, from the WebSite menu selecti ASP.Net Configuration. This will open a web page that allows you to create users and rules for the application. Rules that are defined are stored in the Web.Config, so do this for the development site only, as you won’t have access to the live config file. Any folders with restricted access will also have a web.config file created in them, these will need to be promoted to live.

To release to production, change your security connection to point to the production database, set up the relevant users, but not the rules. Then when promoting code to production manually update the root config with the required authorisation, membership and connection strings, that can be taken from the development config file.