Use this guide along with the Data Tab Configuration guide to configure an ASPNETDB-integrated SecureAuth IdP realm.
1. Have an on-premises ASPNETDB data store (see ASP.NET Configuration Steps below to create an ASP.NET database)
2. Designate a service account with read access (and optional write access) for SecureAuth IdP
1. Have an asp.net framework
2. Ensure that Microsoft SQL Server is installed on the server
3. Authenticate with a user that has Create Database permissions
1. Navigate to the following directory on the server: C:\Windows\Microsoft.NET\Framework\4.0.30319
2. Locate aspnet_regsql.exe, right-click, and select Run as administrator
3. On the first prompt (not shown), click Next
4. Select Configure SQL Server for application services and click Next
5. Set the Server to the server address
6. Select the database name or <default> (aspnetdb) from the Database dropdown
7. Click Next
8. Confirm the information (not shown) and click Next
9. A success message will appear, and click Finish to close the Wizard
(OPTIONAL) With the new database created, verify that the database, tables, stored procedures, and roles have been created
10. Download and run the UpdateSchema.sql script to update the ASPNETDB schema
This adds support for Fingerprinting and Push Notifications
11. In the aspnetdb, expand Stored Procedures under Programmability, and right-click dbo.aspnet_Applications_CreateApplication
12. Click Execute Procedure, which opens a new window
13. Provide the application name in the Value field, e.g. /SecureAuth
14. Click OK
1. In the Membership Connection Settings, select ASPNETDB from the Data Store dropdown
2. Provide the Fully Qualified Domain Name (FQDN) or the IP Address in the Data Source field
3. Provide the Database Name in the Initial Catalog field
4. Select True from the Integrated Security dropdown if the IIS app pool's service account is to be used in the connection (see Integrated Auth Requirements below)
Select False to specify an ASPNETDB service account instead
5. Select True from the Persist Security Info dropdown if access to the username and password information is allowed
6. Provide the User ID of the SecureAuth IdP Service Account (if False is selected in step 4)
7. Provide the Password associated to the User ID (if False is selected in step 4)
8. Click Generate Connection String, and the Connection String will auto-populate
9. Provide the Application Name set in step 13 of the ASP.NET Configuration Steps, e.g. /SecureAuth
10. Click Test Connection to ensure that the connection is successful
If using a Custom Connection String and experience an error when testing the connection, then refer to the Custom Connection String Error section below for a workaround
Refer to Data Tab Configuration to complete the configuration steps in the Data tab of the Web Admin
If manually entering a custom connection string, an error may occur when testing the connection, which hinders the ASP.NET Database to successfully integrate with SecureAuth IdP
This error may occur only if Custom Connection String is checked, the Connection String is manually entered into the field rather than generated by the Web Admin, and the fields that comprise the generated Connection String are left empty / default
1. In the Links section, select Click to edit Web Config File
2. Search for ASPNETDB and manually enter the connection string into the web.config file
3. Click Save
This enables a successful connection; however, clicking Test Connection in the Data tab may still yield an error
If an XML error occurs while attempting to call setpropertyvalues, then the clientmembership table and stored procedure may need to be created; and the aspnet_Profile_FullAccess role may need to be assigned to the stored procedure
ClientMembership Table and Stored Procedure
CREATE TABLE [dbo].[ClientMembership](
[UserId] [uniqueidentifier] NULL,
[ClientGuid] [uniqueidentifier] NULL,
[CreatedOn] [datetime] NOT NULL,
[CreatedBy] [varchar](50) NULL,
[UpdatedOn] [datetime] NULL,
[UpdatedBy] [varchar](50) NULL
) ON [PRIMARY]
GO
SET ANSI_PADDING OFF
GO
ALTER TABLE [dbo].[ClientMembership] ADD CONSTRAINT [DF_ClientMembership_CreatedOn] DEFAULT (getdate()) FOR [CreatedOn]
GO
CREATE PROCEDURE [dbo].[getClientMembership]
@ApplicationName nvarchar(256),
@UserName nvarchar(256)
AS
BEGIN
DECLARE @ApplicationId uniqueidentifier
SELECT @ApplicationId = NULL
SELECT @ApplicationId = ApplicationId FROM dbo.aspnet_Applications WHERE LOWER(@ApplicationName) = LoweredApplicationName
IF (@ApplicationId IS NULL)
RETURN
DECLARE @UserId uniqueidentifier
SELECT @UserId = NULL
SELECT @UserId = UserId
FROM dbo.aspnet_Users
WHERE ApplicationId = @ApplicationId AND LoweredUserName = LOWER(@UserName)
IF (@UserId IS NULL)
RETURN
SELECT Top 1 ClientGuid FROM ClientMembership WHERE @UserID = UserId
END
GO
After adding the table and stored procedure (above), update the profile section in the SecureAuth IdP web.config file to include a ClientGUID property value
<properties>
<add name="FirstName" />
<add name="LastName" />
<add name="AuxID1" />
<add name="AuxID2" />
<add name="AuxID3" />
<add name="AuxID4" />
<add name="AuxID5" />
<add name="AuxID6" />
<add name="AuxID7" />
<add name="AuxID8" />
<add name="AuxID9" />
<add name="AuxID10" />
<add name="Email1" />
<add name="Email2" />
<add name="Phone1" />
<add name="Phone2" />
<add name="Phone3" />
<add name="Phone4" />
<add name="kbq1" />
<add name="kbq2" />
<add name="kbq3" />
<add name="kba1" />
<add name="kba2" />
<add name="kba3" />
<add name="CertCount" />
<add name="CertResetDate" />
<add name="GroupList" />
<add name="pinHash" />
<add name="MobileResetDate" />
<add name="MobileCount" />
<add name="CertSerialNumber" />
<add name="ExtSyncPwdDate" />
<add name="HardwareToken" />
<add name="iOSDevices" />
<add name="Email3" />
<add name="Email4" />
<add name="OATHSeed" />
<add name="DigitalFP" type="object" />
<add name="ClientGUID" />
</properties>