Configuring

Prerequisites
Configuration
Advanced Configurations

Prerequisites

  1. This software requires license file. The license to run the software in a localhost mode is provided free of charge. The software will be fully functional when accessed as http://localhost when used with the license file localhost.lic
  2. If you need to use the product on a website, you need to get a license file for the domain on which the website is hosted.
  3. The database and license files are located on the /database folder by default. This directory and all files in it must have read, write and update permission for user ASPNET.
  4. The connection string for the configuration database must be encrypted using DPAPI. The DPAPI tool in the sys directory (/sys/dpapiencr.aspx) may be used to generate the encrypted connection string from the regular connection string. For each machine, a new encrypted string must be created.
  5. All database connection strings require absolute paths, whereever applicable. The system will use the string as is after decrypting.
  6. Unless specifically mentioned, all directory configurations are in relative path, relative with respect to the root of the website.
  7. The table names and field names are fixed and must not be changed by the application developer

Configuration

In order to configure the system easily, it is important to first get the product running as is, on the server with minimum configuration changes. Later, further configuration changes may be made according to the specific needs. The following steps assume that http://localhost is used and the root of the website is located at c:\LoginControl

  1. Unzip the content to a temporary directory
  2. Copy the content to root of the website preserving the directory structure
  3. Change the permission of the \database directory so that ASPNET user has read/write/modify privileges
  4. Make sure that the files http://localhost/index.htm, http://localhost/sys/dpapiencr.aspx, http://localhost/sys/encr.aspx are accessible
  5. Make sure that the web.config file at the root directory of the web application has the following line:

    <appSettings file="app.config"></appSettings>

    A sample web.config file is as follows:

    <?xml version="1.0" encoding="utf-8" ?>
    <configuration>
    <appSettings file="app.config"></appSettings>
    <system.web>
    <compilation debug="false"/>
    <pages validateRequest="false" />
    <customErrors mode="Off"/>
    </system.web>
    </configuration>

  6. Open app.config file in the root directory and change the following lines:

    <add key="CfgDbType" value="OLEDB"/>
    Make sure the value is OLEDB for Microsoft Access and SQLDB for SQL Server.

  7. Add the connection string for the configuration database

    <add key="CfgDb" value="DPAPI Connection String"/> where "DPAPI Connection String" is the connection string to access the configuration database encrypted use DPAPI.

    To create the DPAPI encryption from a connection string, use the DPAPI tool by running the http://WEBSITE/sys/dpapiencr.aspx page. Enter the connection string in the input column click encrypt button. Copy the encrypted string and paste into the value field of the above configuration entry.

    Example:

    <add key="CfgDb" value="
    AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAAssEKrhy7jkSguDh8ZIHyDgAAAAA
    CAAAAAAADZgAAqAAAABAAAACgNduHpha0yVepR3rTF7nLAAAAAASAAA
    CgAAAAEAAAAO3O CmmGDd8BcBdf6b8j4Lp4AAAAyAztRBtopZezuH+YqHuHh
    zpT8TjU5DFEenB2kLFho07uhTXIkzsfJRDxPGK4MVXiOKTrOB3VvZqz0BRx0TpQ
    PzmBtlPtra7ZnOYT/YRGmh1ldbUEpiOrEmAWDWD4UoYOezkUKWx7z7UYmx0fK
    F0rHR7vc2C+aBooFAAAAPPOGYg+7M vC4Dfe71vz+VRzdHEh"/>

    This corresponds to:

    Provider=Microsoft.Jet.OLEDB.4.0;Jet OLEDB:Database Password="";Data Source="C:\LoginControl\database\memberdb.mdb"; in specific server computer. However, DPAPI encryption for the same string would yield a totally different string on a different computer.

  8. Open the login table in the configuration database and modify the following fields

    EncryptDb=yes or no . If the database connection string for the userid-password database would DPAPI encrypted, enter yes.

    If EncryptDb=yes, then set the value of MemberDb to the DPAI connection string for the database where member tables are kept. If it is no, enter the unencrypted connection string. By default, the values are set as follows:

    EncryptDb=no
    MemberDb=Provider=Microsoft.Jet.OLEDB.4.0;Jet OLEDB:Database Password="";Data Source="C:\LoginControl\database\memberdb.mdb";

  9. In the Login Table of the configuration database, enter value for key LogDb, which is the Database Connection string for Log Database. If EncryptDb=yes, this also must be encrypted.
    The default value is :
    MemberDb=Provider=Microsoft.Jet.OLEDB.4.0;Jet OLEDB:Database Password="";Data Source="C:\LoginControl\database\ sessionlog.mdb";
  10. Once the above configuration changes are made, run the configuration helper: http://localhost/sys/config.aspx

    Correct the configuration, if any errors are found.

  11. Restart IIS, to reset application variables

  12. Run http://localhost/sys/logintest.aspx You should see the following screen with out any errors.



    At this point, if the member database configurations point to the default database, you must be able to login with the following

  13. You must be able to login with the following user names and passwords

    User name: admin@priusant.com
    Password: admin

    User name: user@ priusant.com
    Password: user


Advanced Configurations

Application ID

Though it requires precise configurations, it is possible to have more than one website to run under the same application context. The login control has a concept called Application ID, which will be appended to each configuration entry key in the App.Config file.

An APPID is used in the following ways:

When the control is used, specify the APPID as an attribute
Ex:

<%@ Register
TagPrefix="login"
Namespace="eCart.CoreControls"
Assembly="CoreControls, Version=2.1.1.1, Culture=neutral, PublicKeyToken=c19615e04a86079f"
%>

<Login:Login id="Login1" APPID=”TestApp” runat="server"></Login:Login>

In this case, APPID will be TestApp

In such a case, all the configuration parameters keys in the App.Config file should be appended with “TestApp”

For example:

<add key="TestAppLicFile
<add key="TestAppCfgDbType"
<add key="TestAppCfgDb"

Password Encryption

if the password that is stored in the member database is encrypted, then the Encryption Key is stored as a DPAPI encrypted string in the configuration file.

Configuration Database Connection String and Member Password encryption key are always encrypted using DPAPI encryption.

The web developer may use the Rijdael encryption function from the security component provided with this package to encrypt and decrypt a string. DPAPI encryption should not be used for this purpose, since there is no way to decrypt the encrypted string on a different machine.

Application and Session Variables

The following critical configuration items are stored as application variables to improve system performance and resource management, so that configuration files are not referenced each time a component requires them.

AppId + "CFGDBTYPE"
AppId + "CFGDB"
AppId + "LICFILE"

For example, if no application id was specified, application variable LICFILE will return the license file path that has been configured.

Since the system first checks the application variable before it reads a configuration file, any change in the configuration file requires an application reset. However, developer may use the /sys/resetconfig.aspx utility to reset the application variable during development.

APPID is stored in a session variable and not an application variable. This enables multiple applications co-exists on the same application contexts at the same time. If the APPID session variable is reset programatically, the following takes precedense.

 

If the web developer requires that the same web page is access through multiple domains, multiple logical application contexts may be created by conditionally setting the APPID session key in the global.asa file. For example, the following code in global.asa will create mutually exclusive logical contexts in the same web application, when accessed through different domain names.

 


public void Session_Start(object sender, EventArgs e)
{

HttpContext Ctx = HttpContext.Current;

Uri uri = Ctx.Request.Url;
String url = uri.Authority;
switch (url.Trim()) {

case "localhost":
if ( true)
{
Session ["APPID"] = "LOCAL";
}
break;

case "priusant.com":
case "www.priusant.com":
if ( true)
{
Session ["APPID"] = "REMOTE";
}
break;
default:
break;
}

}

 
     

If APPID is defined by setting the property of the LoginControl, that values is used. However, it does not reset the session variable APPID. By this feature, it is possible to switch logical contexts for a page without affecting the rest of the pages.