3

I have setup a trivial preview website for a client that needs basic password protection. I'm using Forms Authentication with the credentials specified in web.config.

Everything works fine on my box (famous last words)

However, when I deploy to a production website running Win2008, the authentication code attempts to open a SQL Server database (I have no reference to anything SQL in web.config). How can I disable this behavior so that authentication is based on the credentials I have entered in web.config?

Exception in Event Log

Unable to connect to SQL Server database. at System.Web.Management.SqlServices.GetSqlConnection(String server, String user, String password, Boolean trusted, String connectionString) at System.Web.Management.SqlServices.SetupApplicationServices(String server, String user, String password, Boolean trusted, String connectionString, String database, String dbFileName, SqlFeatures features, Boolean install) at System.Web.DataAccess.SqlConnectionHelper.CreateMdfFile(String fullFileName, String dataDir, String connectionString) at System.Web.DataAccess.SqlConnectionHelper.EnsureSqlExpressDBFile(String connectionString) ... at System.Data.SqlClient.SqlConnection.Open() at System.Web.Management.SqlServices.GetSqlConnection(String server, String user, String password, Boolean trusted, String connectionString)
http://my.site.com/Login.aspx?ReturnUrl=/

web.config (relevant portion)

     <system.web>
        <compilation targetFramework="4.0" />
    <authentication mode="Forms">
      <forms name="appNameAuth" path="/" loginUrl="Login.aspx" protection="All" timeout="30">
        <credentials passwordFormat="SHA1">
          <user name="me" password="SHA1OfMyPassword" />
        </credentials>
      </forms>
    </authentication>
    <authorization> 
      <deny users="?"/>  
      <allow users="me" />
    </authorization>    

  </system.web>
Eric J.
  • 147,927
  • 63
  • 340
  • 553

1 Answers1

11

It turns out that, on the production machine, the SQL membership provider was defined in machine.config. I don't think the ops team changed anything from the default Windows 2008 install, so that's probably generally the case for that platform.

To remove references to any SQL providers defined at a higher level include the following in your web.config

<membership>
    <providers>
        <clear />       
    </providers>
</membership>
<roleManager enabled="false">
    <providers>
        <clear />       
    </providers>
</roleManager>
<profile>
    <providers>
        <clear />       
    </providers>
</profile>
Eric J.
  • 147,927
  • 63
  • 340
  • 553
  • Thank you. This answered my question along with the "enableSimpleMembership" entry outlined here: http://stackoverflow.com/questions/12116736/aspnet-role-provider-kicking-in-and-it-shouldnt-be – Josh Aug 12 '13 at 11:05
  • 1
    The missing part of this solution from the link above (12116736) is: in the section – Nigel Sep 02 '13 at 08:20