Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

ASP.Net Membership.DeleteUser

Tags:

asp.net

database-permissions

asp.net-membership

In testing, the user on a db i've used was a big jefe. In production, he only has Execute.

When I called,

Membership.DeleteUser(user)

In testing, it worked. I try the same in production, and I get this:

The DELETE statement conflicted with the REFERENCE constraint "FK__aspnet_Us__UserI__37703C52". The conflict occurred in database "Testing", table "dbo.aspnet_UsersInRoles", column 'UserId'.

In my seargles (searches on Google), I came across this link where the dude was saying,

Error: The DELETE statement conflicted with the REFERENCE constraint "FK__aspnet_Me__UserI__15502E78". The conflict occurred in database "YourDBName", table "dbo.aspnet_Membership", column 'UserId'.

Took me a while to find a solution to this across multiple sites and options as the error and possible solutions were rather misleading. Turns out, at least in my case, it was a problem with permissions on the membership database. The user I'm using to connect had access to view the membership details within the database itself, but as part of the aspnet_Users_DeleteUser stored procedure it selects from the sysobjects table. The membership connection user apparently did not have sufficient rights to do that select so the overall delete failed.

The fix for me was to add the user to the aspnet_Membership_FullAccess role for the membership database.

But when I did that it didn't work. Anyone have any ideas on how to deal with this?

like image 577
Irwin Avatar asked Jan 23 '09 14:01

Irwin

1 Answers

After a little inspection I found the issue is this line in the aspnet_Users_DeleteUser stored procedure:

IF ((@TablesToDeleteFrom & 1) <> 0 AND
    (EXISTS (SELECT name FROM sysobjects WHERE (name = N'vw_aspnet_MembershipUsers') AND (type = 'V'))))

There are 3 other similar lines for 3 other tables. The issue is that if the user executing the stored proc doesn't have access to vw_aspnet_MembershipUsers it won't turn up when selecting from sysobjects. I'm curious to know why that whole EXISTS statement is necessary.

Regardless, the following discussion, "Access to sysobjects to view user tables without having access to the user tables directly in SQL Server Security", has the answer. By granting "VIEW DEFINITION" on the views in question, the EXISTS statements will now succeed and you don't have to grant unneeded, unwanted, or excessive permissions to the user in your application's connection string.

like image 129
Matt Avatar answered Nov 15 '22 21:11

Matt
Sign in to Comment

Related questions

Multiple tables left join using Linq
Send data with jquery to an MVC controller
Best practices for inline SQL queries
Removing CSS class from <li> tag in ASP.net from code behind
how does the __doPostBack method get called? Where is the calling method?
How a can make foreach with GridView
include file in project from command line
@model for _layout.cshtml on MVC4?
Loading this assembly would produce a different grant set from other instances
Properties.Settings has no setter
DropDownList has a SelectedValue which is invalid because it does not exist in the list of items. Parameter name: value
Azure 400 Bad Request on every request
Keep getting "Login failed for user IIS APPPOOL\DefaultAppPool" no matter what I do
EntityDataSource and Entity Framework 6
Kestrel on https with asp.net core 1.0
EntityFramework Include (Eager Load) virtual Property of virtual property [duplicate]
Angular CLI in ASP.NET Core 2 Angular template?
SelectedIndexChanged event handler getting old index
Event handler not fired for dynamically created controls
ASP.NET solution with class library project

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!