Creating Permanent User Accounts

Permanent user accounts are disabled by default. After a Web Forms application is successfully deployed, the IIS server administrator can use this procedure to set up permanent user accounts.

It uses the default ASP.NET membership provider and data source assignment. (A note in the procedure describes a required change to the web.config file when you use a nondefault connection string.)

  1. Start the ASP.NET SQL Server Setup wizard by entering aspnet_regsql from a DOS command prompt window.
    You can enter Aspnet_regsql /? at the command line to obtain a list of optional parameters for SQL Server or SQL Server Express that you can use to bypass the wizard. If you are using a local SQL Server database, for example, you can enter aspnet_regsql -S (local) -E -A m, where -S (local) indicates that the server is local, -E indicates that the connection uses Windows Authentication, and -A m adds the membership feature.
  2. Use the ASP.NET SQL Server Setup wizard to create the user database.
    In the wizard, you can enter .\SQLEXPRESS as the server name. This is the default name for the local server as defined in the machine.config file. The wizard should give you a success message.
  3. In a text editor, modify the web.config file in the virtual root directory for your deployed Web Forms application (typically, C:\Inetpub\wwwroot\applicationName) to remove comment tags from the following lines:
     <!-- <roleManager enabled="true" /> -->
    ...
   	<!-- <add name="AspNetSqlMembershipProvider"
    ...
    passwordStrengthRegularExpression=""/> -->
    These lines should now appear in the web.config file as:
    <roleManager enabled="true" />
     ...
   		<add name="AspNetSqlMembershipProvider"
		   ...
		   passwordStrengthRegularExpression=""/>
    Note: You can change the connectionStringName parameter assignment in the uncommented lines to a value other than LocalSqlServer if you modified the connection string in the machine.config file, or if you added a connection string in the application web.config file. For example, if you named a connection string as MySqlServer, you should change the connectionStringName parameter value to MySqlServer.
  4. Verify that the appropriate user or user group (ASPNET for IIS 5, IIS_WPG for IIS 6, or IIS_IUSRS for IIS 7 and IIS 7.5) has write authority for the virtual root directory of your deployed Web Forms application.
    The next step in this procedure creates the App_Data directory and saves database files to this directory. However, it cannot do this if the ASPNET user (Windows XP), the IIS_WPG user group, or the IIS_IUSRS user group (Windows Vista and later) does not have write authority for the Web Forms virtual root directory.

    If you proceed to the next step without modifying write permissions, you may get an error page indicating that you do not have write authority for this directory. The error page also explains how to grant write authority for the directory.

  5. Open the UsersInit.aspx file for the Web Forms application in a Web browser.
    The full URL for this file is typically http://ServerName/ApplicationName/UsersInit.aspx. When you open this file in a Web browser, the App_Data directory is created under the application virtual root directory and the permanent accounts database is created with the following entries:
    User name Password Role
    admin a123456& admin
    user a123456& user

    The UsersInit.aspx returns a success page after the above user accounts are created.

    Note: For security reasons, you should delete the UsersInit.aspx file after you go to the next step or complete this procedure.
  6. Open the Login.aspx file for the Web Forms application in a Web browser.
    The full URL for this file is typically http://ServerName/ApplicationName/Login.aspx. The Login page opens.
  7. On the Login page, enter admin for the User Name and a123456& for the Password.
    The Welcome page for an administrator role has a hyperlink labeled Users that opens a page to manage users.
  8. Click the Users hyperlink, then, in the page to manage users, click Search.
    The page for managing users displays the application users in the permanent user database.

  9. Click the Create New User hyperlink.
    The page for adding users opens.
  10. Enter a new user name, password, and e-mail. Enter the password a second time in the Confirm Password text box and click Create User.
    A new user account is added to the database for the current Web Forms application.
  11. If the new user should have administrative privileges, select the Admin Role check box and click Finish.
    When you return to the page for managing users and click Search again, you should see the user account you created in the list of user accounts.
  12. Repeat steps 10-12 to create as many user accounts as necessary, then click the Logout hyperlink to log out from the user management role.
    Note: Accounts that you create are maintained in the database after you redeploy the Web Forms application, but you must edit the web.config file as described in step 4 above after each redeployment.
Parent topic: Permanent User Accounts