Jul 17, 2008

How to provide ASP.NetWebadminfiles (WSAT) like user management for your hosted or online site

How to provide ASP.NetWebadminfiles (WSAT) like user management for your hosted or online site:
Bulk User ModificationActive Directory Display Name, Logon Name Modification, AD Reports
I recently was working on a 2.0 website. I used the ActiveDirectoryMembershipProvider and used the membership API along with Login controls to provide a nice experience to the user with features like Sign up as new user, change password, password reset, login and all related functionality which any website offers you.When my code was in development, I had the built in WSAT (ASP.Net website administration tool), which I could launch from Visual Studio.Net and I could easily administer my website.
You can launch this tool using the Website–>ASP.Net configuration menu. This tool is really cool and without writing a single line of code you can easily manage all the security and settings for your website.But the problem arises when you move your code to production. The WSAT tool only works locally (i.e via localhost). By default, it prohibits remote access.In this post, I will explore two ways of managing your website security remotely.

Option 1 :Make changes to the WSAT tool to make it work remotelyThe WSAT tool with source code is located in your C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ASP.NETWebAdminFiles folder. To make it accessible on the network, all you have to do is go to IIS–>Create new virtual directory–>Point to the above folder and remove anonymous access from directory settings page.

Then you need to access it the same way your local ASP.Net configuration tool is accessed i.e via a URL which resembles something like :
But you will notice, as soon as you try to access it, it will spit out an ugly error “This tool cannot be remotely accessed.“. This is because by default the tool is locked down for local access only. To fix this, all you need to do is open
C:\WINDOWS\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\App_Code\WebAdminPage.cs file
in a text editor and change line#488 FROM >>
if (!application.Context.Request.IsLocal)
{ <<>
Once you save your file, the tool will allow remote access.

Option 2:

Some people may not allow you to mess with the production webserver like above, becasue it involves changing a .net framework file and it can be a security risk. has done a nice thing, they have written a generic user management piece which works just like WSAT and you can easily include it as part of your website. Just package it with your website, since it comes with source code (although the source code is in C#). You just have to follow a few steps to make it work for you. You can find the article which talks about the custom tool here :
and download the source code here

Here are few things I had to do to make it work for my website:
Copy the source code to a subfolder in my site Delete the web.config from the root level which comes with the source code Move the 4guys.master file to the root of my website (this is mentioned in the article) Move images from the i folder to the images folder of my website and change links which point to these images (this is mentioned in the article) Change the stylesheet link in 4guys.master file to point to the correct location. Move _controls folder to the root of my website Delete all subfolders except admin from the source code. We dont need these. Changed the 4guys.master to remove menu links to pages which are irrelevant for the security piece.

NOTE: If you are using ActiveDirectoryMembershipProvider, you will get bunch of errors like The property 'LastLoginDate' is not supported by the Active Directory membership provider.]
System.Web.Security.ActiveDirectoryMembershipUser.get_LastLoginDate()To solve this all you have to do is remove following lines in all the .aspx pages.
(asp:BoundField DataField=”lastlogindate” HeaderText=”Last Login Date” /)
(asp:BoundField DataField=”lastactivitydate” HeaderText=”Last Activity Date” /)(asp:BoundField DataField=”isonline” HeaderText=”Is Online” /)

1 comment:

James Duncan said...

Dude, this rocks. I have been looking for this for several months.

Thanks for the post.

James Duncan