How to Authenticate Users against the SQL Membership Provider

- J.D. Meier, Carlos Farre, Jason Taylor, Prashant Bansode, Steve Gregersen, Madhu Sundararajan, Rob Boucher

If your user information is already stored in the SQL membership** database, or if you are building an Internet facing WCF application from scratch, you can use the SQL Membership provider to authenticate your WCF service clients. The Membership Provider authenticates all incoming client credentials against the credentials stored in the SQL Membership database. The membership feature is a good choice as it allows you to enable user name authentication without writing and maintaining custom code.

Use the following steps to configure the SQL membership provider to work with UserName authentication in your WCF application:
  1. Configure your SQL server database for membership from a VS 2008 command prompt, run the following command
aspnet_regsql -S .\SQLExpress -E -A m -d <<YourDatabaseName>>

In this command:
  • -S specifies the server, which is (.\SQLExpress) in this example.
  • -E specifies to use Windows Authentication to connect to SQL Server.
  • -A m specifies to add only the membership feature. For simple authentication against a SQL Server user store, only the membership feature is required.
  • -d specifies the SQL server database name. If this option is not used then a default database aspnetdb will be created.
  • For a complete list of the commands, run Aspnet_regsql /?
  1. Modify your Web.config file in your WCF service application by adding the following sections
<connectionStrings>
  <add name="MyLocalSQLServer"
       connectionString="Initial Catalog=<<YourDatabaseName>>;
      data source=.\sqlexpress;Integrated Security=SSPI;" />
</connectionStrings>

…
<system.web>
  ...
  <membership defaultProvider="MySqlMembershipProvider" >
    <providers>
      <clear/>
      <add name="MySqlMembershipProvider"
           connectionStringName="MyLocalSQLServer"
           applicationName="MyAppName"
           type="System.Web.Security.SqlMembershipProvider" />
    </providers>
  </membership>
</system.web>
…
  1. Configure the service to use the Username Authentication
…
<bindings>
  <wsHttpBinding>
    <binding name="wsHttpEndpointBinding">
      <security>
        <message clientCredentialType="UserName" />
      </security>
    </binding>
  </wsHttpBinding>
</bindings>
  1. Configure the service to use Membership Provider
<behaviors>
  <serviceBehaviors>
    <behavior name="ServiceBehavior">

      <serviceCredentials>
        <userNameAuthentication userNamePasswordValidationMode="MembershipProvider"
          membershipProviderName="MySqlMembershipProvider" />
      </serviceCredentials>

    </behavior>
  </serviceBehaviors>
</behaviors>
…

Additional Resources

Last edited Jun 13, 2008 at 5:47 PM by prashantbansode, version 1

Comments

No comments yet.