Just a short, simple blog for Bob to share his thoughts.
23 November 2004 • by Bob • FrontPage
When you create a database editor using the FrontPage 2003 ASP.NET Database Interface Wizard (DIW), you are prompted to create a user account for editing the database. After running the wizard, there is no interface for changing the user or password, and there is no provision for adding more than one user account as an editor.
This behavior is by design. The user account specified when created the DIW pages is hard-coded into the "web.config" files used by the database editor.
To resolve this issue, you can modify the necessary "web.config" files to modify or add users.
When creating the database editor, FrontPage 2003 creates two "web.config" files, one will be in the root of the site, and the other will be in the folder containing the database editor. Currently, ASP.NET Security supports the MD5 and SHA-1 hash algorithms when configuring any user accounts in your "web.config" files for use with forms-based authentication. FrontPage 2003 creates user account information using the SHA-1 hash algorithm, but this article will explain how to customize that.
To modify or add users, use the following steps:
<authentication mode="Forms"> <forms loginUrl="login.aspx"> <credentials passwordFormat="SHA1"> <user name="msbob" password="21BD12DC183F740EE76F27B78EB39C8AD972A757"/> </credentials> </forms> </authentication>
<credentials passwordFormat="Clear">NOTE - You could just as easily configure "MD5" for the passwordFormat.
<html> <head> <title>MD5/SHA-1 Hash Generator</title> </head> <body> <h2>MD5/SHA-1 Hash Generator</h2> <% Dim strPassword As String = Request.Form("txtPassword") If Len(strPassword)>0 Then Dim objFormAuth As New System.Web.Security.FormsAuthentication() Dim strHashSHA1 As String = objFormAuth.HashPasswordForStoringInConfigFile(strPassword, "SHA1") Dim strHashMD5 As String = objFormAuth.HashPasswordForStoringInConfigFile(strPassword, "MD5") Response.Write("<p>Clear: " & strPassword & "</p>") Response.Write("<p>SHA-1: " & strHashSHA1 & "</p>") Response.Write("<p>MD5: " & strHashMD5 & "</p>") End If %> <form method="post"> <input type="text" name="txtPassword"> <input type="submit" value="Create Hashes"> </form> </body> </html>
<user name="msbob" password="21BD12DC183F740EE76F27B78EB39C8AD972A757"/>
<credentials passwordFormat="Clear"> <user name="user1" password="Password1"/> <user name="user2" password="Password2"/> <user name="user3" password="Password3"/> </credentials>
<authorization> <allow users="msbob"/> <deny users="*"/> </authorization>
<authorization> <allow users="user1,user2,user3"/> <deny users="*"/> </authorization>
When you browse your database editor, you should now be able to enter the credentials for any user accounts that you created.
For additional information on ASP.NET Security and forms-based authentication, please see the following Microsoft Knowledge Base articles: