Use WAST to remotely manage ASP. NET users and role

I believe you have used the ASP. NET Configuration menu when developing ASP. NET programs. When you click this menu, Visual Studio starts a WebServer, and a page called ASP. NET Web Admin Tool will help you manage the user and role of the entire ASP. NET program. Such as creating a user, deleting a user, creating a role, and assigning a role. With this Tool, we can easily manage membership and role during development. However, when ASP. NET Program Publish is added to IIS, what are you using for management? Many people will use their own modules for management, and some will also use some open-source modules for management. However, both functionality and stability may be worse than the built-in. NET management tool (WAST. We know how to use WAST Through Visual Studio during development, but we don't know how to use this module directly. This article will discuss with you how to take this powerful function as your own

First, we will introduce some basic things. If you are familiar with them, skip them.

When you install. in the "C: \ Windows \ Microsoft. NET \ Framework \ v2.0.50727 "directory will automatically create a file named ASP. the NETWebAdminFiles folder contains a Website for managing membership and role. When you use VS, VS starts a new WebServer and starts this Website in WebServer. Note that two query string-applicationPhysicalPath (physical path of application) and applicationUrl (directory of application in IIS) must be appended to access this Website, for example:

Http: // localhost/ASP. NETWebAdminFiles/default. aspx? ApplicationPhysicalPath = C: \ inetpub \ wwwroot \ Job \ & applicationUrl =/Job

By default, WAST does not allow remote access. For example, http: // serverIP/blabla

 

Well, after introducing some precautions about WAST, we can use it in our own ASP. NET program. The following describes two scenarios:

1) manage membership and role on the IIS server.

2) access in the outer network.

 

In the first case, it is not difficult, but only two simple steps are required:

1) In order to use WAST, we can direct its publish to the original directory of WAST or the directory after copy in an application of the default site. Then we set it to windows integrated authentication (requires disable Anonymous Authentication) to allow local access only ). Note that the identity of the application pool specified for WAST requires the permission to read and write application database files, such as the database file in the App_Data directory. Otherwise, an access denied error occurs.

2) convert our ASP. NET Program also publish in another application of the default site, and add a link to access WAST in a page. The link URL is the example we just provided. Or you can use the link in IE to access the link directly.

Now we can use WAST on local IIS. However, you still cannot perform remote access through http: // serverIP/blabla. The above is just to maintain your site on the IIS server from the admin perspective. If you need to access WAST from the outside, you need to modify its source code so that we can access it through http: // serverIP/blabla (back up before modification :)).

 

Case 2:

1) Open the WAST web. config file, delete the definitions of impersonate and authorization, and modify Windows authentication to Forms authentication, because we need to access it from outside.

2) Open the WebAdminPage. cs file in the App_Code folder of WAST, and press Ctrl + F to search for if (! Application. Context. Request. IsLocal) and change it to if (false ).

3) Deploy WAST in an application in IIS and set it to form authentication. At the same time, you still need to note that the identity of the application pool specified by WAST requires the permission to read and write application database files, such as the database file under the App_Data directory. Otherwise, an access denied error occurs.

4) Deploy the ASP. NET Program in another application of IIS.

5) now the main problem is that WAST has no authentication, and any anonymous users can access it through http: // serverIP/blabla. In Forms verification programs, it is not difficult to solve this problem. You can try it on your own.

6) Now you can test whether it is OK.

 

Have a nice day!