Managing ASP.Net Membership Users and Roles

ASP.Net Membership was first introduced in ASP.Net 2.0 and is relatively easy to implement in your web application.  As it has evolved there have been changes that add more features and extensibility but have obscured some of the basic tools needed to easily manage it.  The ability to easily add users and roles to an initial implementation is one task I recently encountered that is difficult for those trying to implement ASP.Net membership for the first time.


Before I delve into that topic, here is a high level overview of how to do the initial setup of ASP.Net membership.  Navigate to aspnet_regsql.exe in your Microsoft.Net framework folder and execute that to install the necessary membership tables in your database.  Then change your authentication to forms and add the providers to your site’s web.config.  If you need more in depth examples of how to do that, you can turn to an Internet search and find many good articles to help you.


That is actually the easy part.  Running aspnet_regsql creates the necessary ASP.Net membership tables in your database, all prefixed with aspnet_.  The hard part comes when you want to create users and roles.  Turning to an Internet search again, you will find many outdated articles on how to do this.  The Web Site Administration Tool (WSAT) was built into earlier versions of Visual Studio through the ASP.Net Web Configuration Manager menu item but is no longer available on Visual Studio 2013 and later.

So how do you add your first users and/or roles to your membership tables?  You can still use WSAT to do it but it takes a little work on your part.  If you are in the early development stages of your application and the database is local you can follow the steps in this article to access it through IIS Express.  However, if you are like me and are adding it to an application that is already live and you are following the best practices of Internet security and your SQL server is not directly accessible from your development machine, read on.


Open up Internet Information Services (IIS) Manager on the server where your application is running.  Drill down to the Default Web Site and add an application named ASP.NETWebAdminFiles that points to C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles.  Make sure that the Default Web Site is listening to requests on localhost.


Next go to the Application Pools and identify the Identity that the Default Web Site is running under.  Hopefully it is running under a more secure user account like ApplicationPoolIdentity and not Network Service.


Then go to the root of the site you want to manage the membership users on, making sure you already have a connection to your SQL Server defined, and add the user for the Default App Pool.  Don’t forget, if you are using ApplicationPoolIdentity the user would be iis apppool\DefaultAppPool.


Lastly, open up a browser and navigate to http://localhost/asp.netwebadminfiles/default.aspx?applicationPhysicalPath=C:\MyPath\ making sure you replace C:\MyPath\ with the full path to your site.  You will be rewarded with the ASP.Net Web Site Administration Tool.

Don’t forget to remove the NTFS permissions from your site and the ASP.NETWebAdminFiles virtual directory from the Default Web Site once you have created your initial users and roles.