There should be no need for me to ask this but after 2 days of ditzing around trying to make this work I am at the end of my patience.  Linux is looking better all the time.

Ok, I created a website with security and it works great on my desktop, the performance sucks (utterly) on the test webserver, and I cannot use it at all on the production server.  That's because we must use real MSSQL in production rather than a user instance, the production environment does not support user instances.

All I need is to tell my membership, role, and security objects, "Look over here, not over there".  One would think that altering a connectionstring and replicating the membership tables would be all thats needed.

 But NO.

 Plus, I can't seem to find a comprehensive tutorial on this anywhere, so I'm mixing info from blogs and msdn and whatnot trying to make this work.  Most of the tutorials out there are for MSSQL2000 (I'm using 2005) and a mix of ASP.NET 2.0 and 3.5 (Im using 3.5 - I think)

Here is what I want.

On my workstation, I want the authentication to look in my local MSSQL Express database for ALL security info.

In Production, I want the webserver to look in the FULL MSSQL database for this info.

 I do NOT NOT NOT want to re-engineer membership and roles objects.

 Heres what I have found so far.

 http://msdn.microsoft.com/en-us/library/sx3h274z.aspx - generic - no specifics

http://msdn.microsoft.com/en-us/library/6e9y4s5t.aspx - this adds my new database to the MEMBERSHIP selection but not the Single Provider or Role Provider

http://msdn.microsoft.com/en-us/library/2fx93s7w.aspx - This helps you create the table structure in your database, but leaves out 1 critical piece of info... the fact that I had to type "/sqlexpress" after the server name or it crashes when you try to drop down the list.

http://forums.asp.net/p/980214/2369556.aspx - This is where I found out you have to type "/sqlexpress"

http://msdn.microsoft.com/en-us/library/ms998317.aspx - not sure if "Forms Authentication" is what I'm doing or not...

Are you having trouble getting the schema setup on the production db?  

Yes, you're right in that you should only have to change your connection string for each server. 

I haven't touched the production database yet, all I did - to the MSSQL EXPRESS local database - was

1. Run aspnet_regsql.exe (which does NOT exist in the 3.5 directory, it only exists in the C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727 directory).
2. Add the following to my web.config system.web section.  

   1    	<!-- MEMBERSHIP -->
   2    	<!-- gleaned from http://msdn.microsoft.com/en-us/library/6e9y4s5t.aspx -->
   3            <membership defaultProvider="ACProvider" userIsOnlineTimeWindow="30">
   4                <providers>
   5                    <clear/>
   6                    <add name="ACProvider"
   7                    type="System.Web.Security.SqlMembershipProvider"
   8                    connectionStringName="ACMain"
   9                    applicationName="APPCERT"
   10                   enablePasswordRetrieval="true"
   11                   enablePasswordReset="true"
   12                   requiresQuestionAndAnswer="true"
   13                   requiresUniqueEmail="true"
   14                   passwordFormat="hashed"
   15                   />
   16               </providers>
   17           </membership>
   18   
   

    

This has the following effect:

In the web app configuration tool, clicking Provider - Single Provider gives

 and clicking Provider - Different for each feature gives this (what I really want is to have a single provider named ACProvider):

Also, this gives some error about the hashed password when I try to authenticate.

Your web.config looks good.  If you've set that up yourself then don't worry about using the configuration tool for the providers.  Just setup users and such.

You'll probably want to setup your roleprovider as well.

As far as the password issue goes my first guess would be that it's case-sensitive so make it Hashed instead of hashed.  But that's a guess.
 

"setup your roleprovider"

1. I have found nothing on this
2. why can't I create a single provider?
3. why do all the tutorials stop at the membership provider?

some_yahoo:

I have found nothing on this

Take a look at these links:

http://msdn.microsoft.com/en-us/library/system.web.security.sqlroleprovider.aspx

http://msdn.microsoft.com/en-us/library/ms164662(VS.80).aspx 

some_yahoo:

why can't I create a single provider?

You can configure a single provider for each but the way they were designed was the membership would be maintained in one and roles in the other.

some_yahoo:

why do all the tutorials stop at the membership provider?

Not sure why but if you did a search for roleprovider or rolemanager on google I'm sure you'd find some stuff.  It's also simpler to implement a rolemanager than membership so maybe that's why. 

Thank you - I have had a hell of a time figuring this out.

The thing that baffles me is why I can't do it as a single provider (rather than two providers pointing to the same data) - you know, like it works in the default setup.  I realize that sometimes users might need to separate the functionalities, but as for me, I never will.  And I bet 90%+ of the time, roles and membership are kept in the same datastore.

I hope it's easier than this when I go to roll into production.

The reason I didnt see the role stuff was that I searched for Membership.  In my mind it's one thing.

Thanks for the answers, I'll check it out on Monday when I'm back in the office.

Well I guess they separated it into two modules so that one can manage authentication and the other authorization.  They certainly could have combined them but there can be situations where you'd use a different source for authentication and another for authorization.

Another thing - multiple membership providers can still point to the same datasource.  Sometimes you might want to create one for the public with certain settings and another for internal users with a completely different group of settings. 

Hey can you mark this answered?  I came back to it forgetting that it was.  Thanks. 

Nope it's broken better than ever now.

I can see the database in the database explorer, but when I click the "Providers" tab of the web site administration tool I get this:

An error was encountered. Please return to the previous page and try again.

The following message may help in diagnosing the problem: Object reference not set to an instance of an object. at ASP.providers_chooseprovidermanagement_aspx.Page_Load() in c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ASP.NETWebAdminFiles\Providers\chooseProviderManagement.aspx:line 15 at System.Web.Util.CalliHelper.ArglessFunctionCaller(IntPtr fp, Object o) at System.Web.Util.CalliEventHandlerDelegateProxy.Callback(Object sender, EventArgs e) at System.Web.UI.Control.OnLoad(EventArgs e) at System.Web.UI.Control.LoadRecursive() at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)

seems some setting issue in the providers section in your web.config .... i.e. it might be trying to point to some provider which not exist or something of that sort...

can you show your web.config

ok, I got it.

I cleared the machine.config providers and added my own.

The provider names in both cases was ACProvider (having the membership and roles provider name identical enabled the "single provider" option).

HOWEVER, I did not change the Roles defaultProvider (it was still ASPNETDB or whatever) - I planned to do that in the website config page. 

 Having the defaultprovider set to a "cleared" provider made it crazy.  When I manually changed the defaultProvider to ACProvider it all started working again.

I will post the complete procedure on my blog and link to this thread later today... thanks for all the help.  I still have to get the full MSSQL (not express) working, but now that I have a few tablespoons full of understanding, it should go a lot smoother.

Here is the link where I put all this info together...

http://vstudiojourney.blogspot.com/2008/06/choosing-another-database-for.html

Thanks again for your help!