Himu\’s Attempt at Blogging

Tidbits from my thoughts

Storing Membership Data in ASP.NET 2.0 Web Application’s SQL Server Database

with one comment

This is a summary of the MSDN article How To: Use Forms Authentication with SQL Server in ASP.NET 2.0.

ASP.NET 2.0 allows storing web-site users and profiles in a database and maintain access control based on that information. The concept is referred to as ‘Forms Authentication’. The database can be SQL Server or Active Directory. Here, you will see how to store them in SQL Server.


  1. Configure the web application to use Forms Authentication
  2. Create the membership database
  3. Configure the web application’s membership settings
  4. Create a logon page for the application

Step 1: Configure Forms Authentication

Open up web.config
Add the following inside <system.web>

<authentication mode="Forms">
···<forms name="SqlAuthCookie" timeout="10" />
···<deny users="?" />
···<allow users="*" />

Step 2: Create the membership database

Its almost always the case that a web application will have a database. And since we’re using ASP.NET and SQL Server for our membership info, it is almost always the case that our application database is also SQL Server.
Assuming the above, we are going to create the membership database inside the application database:

Open a ‘Visual Studio 2005 Command Prompt’
Issue the following command

···aspnet_regsql -S _servername_ -d _dbname_ -E -A [all|m|r|p|c|w]

For setting up only the login/membership info, only the m option of -A is required (-A m) is required. Roles, profiles, etc. can be setup in a similar fashion.
This will add the following tables to the application database:

  • aspnet_Applications
  • aspnet_Membership
  • aspnet_SchemaVersions
  • aspnet_Users

Step 3: Configure the Web Application to Use the Membership

Add the following under <configuration> in web.config:

······connectionString="Data Source=server;Initial Catalog=appdb;Persist Security Info=True;User ID=appuser;Password=secret"

Of course, this shouldn’t be requried as the connection string must already be setup for the web application database.
Next, add the following after the <authorization> element:

<membership defaultProvider="MySqlMembershipProvider" >
         type="System.Web.Security.SqlMembershipProvider, System.Web, Version=, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"

Step 4: Create the Logon Page

Without much attention to details, create a page named login.aspx and place 1) a Login control, and 2) a CreateUserWizard control. Test your page. That should be it!


Written by mhimu

July 17, 2008 at 3:03 pm

Posted in dotNet

One Response

Subscribe to comments with RSS.

  1. Nice article with example code. thanks


    November 28, 2009 at 10:54 pm

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: