Story Details for tools

MvcInstaller - NuGet Package for MVC 3 applications

Author:

kahanu

Version:

2.0.0.0

Views:

13911

Date Posted:

8/27/2011 5:51:02 PM

Date Updated:

8/27/2011 5:51:02 PM

Rating:

4.2/5 votes

Framework:

ASP.NET MVC

Platform:

Windows

Programming Language:

Technologies:

NuGet, MvcInstaller

Tags:

nuget, mvcinstaller, installer, asp.net mvc 3, securityguard

Demo site:

Home Page:

https://github.com/kahanu/MvcInstaller

MvcInstaller is a NuGet package that allows site administrators to easily install their database schema and/or ASP.NET Membership system for their ASP.NET MVC application on their production server through a browser.

There are a few pre-requisites to know about before deciding whether to use it.

ASP.NET MVC - MvcInstaller is built on the ASP.NET MVC framework so it can only be used to install MVC applications, not WinForms, or WebForms, etc.
SQL Server - at this moment, it only installs your database schema on the SQL Server RDBMS.
Database - you need to have the database created PRIOR to running MvcInstaller. MvcInstaller works very easily with MVC sites that are installed on shared hosting systems. Your application's database tables do NOT need to be created prior to installing or running MvcInstaller. They can be done with this process. Read on.

Procedures to use MvcInstaller

There are a few steps that are taken to use MvcInstaller. These are not rigid steps, but general guidelines.

Step 1

Create your ASP.NET MVC application. The first step is to obviously create your ASP.NET MVC application. When you have completed the application, install MvcInstaller to prepare for deployment. NOTE: MvcInstaller can be installed into your application via NuGet at any point in your development cycle. It does not have to be installed when you first start your project.

Step 2

Configure MvcInstaller. There are some minor settings to configure in the MvcInstaller installer.config file. These settings are what MvcInstaller will execute to install your database schema and the ASP.NET Membership with Roles and Users.

Step 3

Publish ASP.NET MVC application. Publish (FTP) your compiled ASP.NET MVC application to you production server.

Step 4

Install your database schema and ASP.NET Membership system using MvcInstaller via a browser.

I'll go over everything that is necessary for this in the information below.

Installation

Installation of the MvcInstaller into your MVC application couldn't be easier. You have to different methods to use:

Visual Studio Reference Dialog - you would right-click on the References folder of your application and select "Manage NuGet Packages".

Once you click this menu item you will see the dialog to choose the NuGet packages.

package manager dialog

In the Search box in the upper-right corner of the dialog, enter the name of the package you want, or something like it. In this case I've entered: "mvcinstaller" and it shows me my three NuGet packages.

NOTE: the third package "MvcInstaller", should NOT be chosen because I don't maintain it any longer. I do maintain the other two, "MvcInstaller.MVC2" and "MvcInstaller.MVC3". If you hover your mouse over a package, you'll see an "Install" button appear. Click the button to install the package.

Package Manager Console - this is the way to install and manage packages via a command-line like process. You can display the console by clicking the Tools menu and then choosing "Library Package Manager", and then "Package Manager Console". The console will appear at the bottom of the Visual Studio instance.

To install the package simply type: install-package MvcInstaller.MVC3

If you enter, install-package MvcInstaller and then click the Tab key, you'll get the Intellisense for the available versions as shown above.

Once you hit the Enter key, it will install the package.

NOTE: either one of these methods are fine for installing MvcInstaller, but some NuGet packages require that you use the console because the NuGet package needs to run PowerShell scripts, and they can't be executed via the dialog.

Configuration

After MvcInstaller has been installed you'll see a number of different files that have been included in the MVC application. First is the MvcInstaller assembly.

assembly reference

Next are some files that have been added to the project.

files added to project

In order to prepare the application to use MvcInstaller we need to configure the installer.config file. Here's a look at the installer.config file.

01.<?xml version="1.0" encoding="utf-8" ?>

02.<InstallerConfig>

03. <ApplicationName>MyCoolApplication</ApplicationName>

04. <Path>

05. <RelativeSqlPath>App_Data</RelativeSqlPath>

06. </Path>

07. <Membership Create="true" ProviderName="AspNetSqlMembershipProvider"/>

08. <Profile ProviderName="AspNetSqlProfileProvider" />

09. <RoleManager ProviderName="AspNetSqlRoleProvider">

10. <Roles>

11. <Role Name="Administrator">

12. <Users>

13. <User UserName="admin" Password="password" Email="me@info.com" SecretQuestion="Favorite Color" SecretAnswer="Mauve" />

14. <User UserName="bizuser" Password="93o404u" Email="ninjaburp@aol.com" SecretQuestion="Favorite Movie" SecretAnswer="Saturday Night Fever" />

15. </Users>

16. </Role>

17. <Role Name="Manager">

18. <Users>

19. <User UserName="joemanager" Password="mypassword" Email="jmanager@myemail.com" SecretQuestion="Dog's Name" SecretAnswer="Thor" />

20. </Users>

21. </Role>

22. </Roles>

23. </RoleManager>

24. <Database UseTrustedConnection="true" EntityFrameworkEntitiesName="MyCoolEntities">

25. <ConnectionStringName>MySampleConnection</ConnectionStringName>

26. <DataSource>localhost</DataSource>

27. <InitialCatalog>MyCoolDb</InitialCatalog>

28. <UserName>mycooldbadmin</UserName>

29. <Password>mycooldbpassword</Password>

30. </Database>

31.</InstallerConfig>

I'll go over each section here.

ApplicationName - (line 3) - this is what is used in your web.config membership sections for the ApplicationName. It will update the web.config membership sections as well as in the database.
Path - (lines 4 - 6) - the App_Data name is the folder where your SQL scripts should be placed to generate the tables for your database schema on the production database. You should be very careful and number your SQL scripts in the order that they should be executed. MvcInstaller will add them to a sorted collection and then execute them in that order, so it's up to you to make sure they are ordered correctly.
Membership - (line 7) - this line does two things, it tells MvcInstaller whether or not it's going to create the ASP.NET Membership system for you, and what the provider name is. The default ASP.NET membership provider is automatically included for you, but if you have created a custom provider, you can add it here. NOTE: very important, the Create attribute is an all-or-nothing action, meaning if this is set to True, then all three of the providers will be created, Membership, Profiles, and Roles. If it's False, then none will be created.
Profile - (line 8) - this sets the name of the Profile provider.
RoleManager - (lines 9 - 23) - this is where you will enter the names and roles of the administrators for your application and the Roles provider name. NOTE: it's important to understand that MvcInstaller is primarily built for Administrators, meaning it's supposed to be used by Administrators so they can quickly get their database schema installed with the Membership system in order to have instant access to the application. It is not necessary or advised to try and include users and roles for non-administrative access. That should be done by Administrators after the application has been installed.

You have the capability to configure MvcInstaller to install any number of roles and users-to-roles by including as many Role nodes as needed. Then you just need to include the users for those roles and you are all set.
Database - (lines 24 - 30) - these lines cover all the settings necessary to connect to your production database. The UseTrustedConnection attribute tells the application whether the connection is trusted. If it is then it will generally use Windows Authentication and a username and password are not needed, and the username and password config settings will be ignored. Otherwise, if it's set to False, then the username and password values are required.

The EntityFrameworkEntitiesName attribute tells MvcInstaller whether it will create a connection string for the Entity Framework. If it's blank, then it will not, if the value is not blank, then it should be the EntityFramework Context name.
ConnectionStringName - (line 25) - this of course is the name of the connection string as it will be created for you in the web.config.
DataSource - (line 26) - this is the name of the SQL Server instance that you will be connecting to.
InitialCatalog - (line 27) - this is the name of the database.
UserName and Password - (lines 28 and 29) - these are the credentials for the database if the UseTrustedConnection value is set to False.

Update - January 3, 2012

Version 2.0.0.0 - changed the way the EntityFramework connection string is built to be more reliable for different configurations. The proper way to make this work now is the following:

EntityFramework metadata - open the App.config for your EntityFramework context (if you've built it using the visual designer) and copy the metadata information
Installer.config - paste this into the EntityFrameworkEntitiesName value

Example

Open the App.config file for the EntityFramework and copy the metadata name:

... and paste it in the installer.config file.

MvcInstaller works on conventions, so this will name the EntityFramework connection string as this name and also build the connection string with this name, which we know works since it's in the App.config file.

In this instance, the ConnectionStringName value is irrelevant when the EntityFrameworkEntitiesName has a value. Again, when the EntityFramework is being used, another connection string will be created for the ASP.NET Membership system, and this will be called "MembershipConnection".

New as of October 28, 2011

The Membership providers, Membership, Profile and RoleManager elements, all can accept a "type" attribute so you can enter your custom provider if necessary. If you do not add a "type" attribute to any of the membership elements, then the default Microsoft providers will be used when modifying your web.config.

The install.config file will look like this with the optional "type" attribute for a custom provider.

<Membership Create="true" ProviderName="AspNetSqlMembershipProvider"/>

<Profile ProviderName="KingsCustomSqlProfileProvider" type="GB.KingsCustomSqlProfileProvider, GB" />

<RoleManager ProviderName="AspNetSqlRoleProvider">

Your Database Schema

In order to install your application's database schema, you should prepare SQL scripts for the tables, stored procedures, views and any seed data and place them into the "App_Data" folder.

Important! As I mentioned earlier, you should number these sql scripts in the order you want them to execute. Something like this...

1 - Tables.sql

2 - Data.sql

3 - StoreProcedures.sql

The installer will grab all sql scripts in the "App_Data" folder and install them in their numbered order.

Another import point for this to work properly is to include in your table schema scripts, DROP and CREATE statements.

The easiest way to create these scripts with SQL Server 2008 is:

right-click on the database name in the SQL Server Management Studio
in the flyout menu, select "Tasks" --> "Generate Scripts"
This will take you through a wizard to generate scripts for any or all objects in your database.

Here's what your schema script should look like, this is very simple:






01./****** Object:  Table [dbo].[MyBlogTable]    Script Date: 10/29/2011 13:15:22 ******/
02.IF  EXISTS (SELECT * FROM sys.objects WHERE object_id = OBJECT_ID(N'[dbo].[MyBlogTable]') AND type in (N'U'))
03.DROP TABLE [dbo].[MyBlogTable]
04.GO
05./****** Object:  Table [dbo].[MyBlogTable]    Script Date: 10/29/2011 13:15:22 ******/
06.SET ANSI_NULLS ON
07.GO
08.SET QUOTED_IDENTIFIER ON
09.GO
10.SET ANSI_PADDING ON
11.GO
12.IF NOT EXISTS (SELECT * FROM sys.objects WHERE object_id = OBJECT_ID(N'[dbo].[MyBlogTable]') AND type in (N'U'))
13.BEGIN
14.CREATE TABLE [dbo].[MyBlogTable](
15.    [Id] [int] IDENTITY(1,1) NOT NULL,
16.    [Title] [varchar](50) NOT NULL,
17.    [Body] [varchar](max) NULL,
18.    [DateCreated] [datetime] NULL,
19. CONSTRAINT [PK_MyBlogTable] PRIMARY KEY CLUSTERED 
20.(
21.    [Id] ASC
22.)WITH (PAD_INDEX  = OFF, STATISTICS_NORECOMPUTE  = OFF, IGNORE_DUP_KEY = OFF, ALLOW_ROW_LOCKS  = ON, ALLOW_PAGE_LOCKS  = ON) ON [PRIMARY]
23.) ON [PRIMARY]
24.END
25.GO
26.SET ANSI_PADDING OFF
27.GO

By adding the DROP statements, it helps MvcInstaller run properly in the case that an exception occurs before it has completed. This way it can simply re-run the sql scripts, drop the tables and re-create them without problems.

So if you experience an exception for some reason and then cannot simply click the "Install" button to re-run the process, check your sql script and make sure it contains the DROP statement with the IF (NOT) EXISTS checks.

Now you are ready to continue.

This might seem like a lot, but it's really not. Once these settings are done, then you are ready to deploy your application to your production server, and then install it via a web browser.

Run MvcInstaller

Once your MVC application is deployed to your production server, you are now ready to install the database and membership system via MvcInstaller. Simply enter "Install" in the browser after the domain name and hit Enter. The page will look like this.

install view

Before you click the "Install" button let me just go over a few things about this page.

It shows all the information as you have set in the installer.config file, but WITHOUT PASSWORDS! This is important and a very nice feature. This means that you can be safe in knowing that you can install your application in front of someone without the fear that they might see your passwords.

The other thing to note is that you'll need to ENABLE WRITE PERMISSIONS, during installation since MvcInstaller makes changes to you web.config file. After it has been successfully installed, then you can remove the write permissions if you need.

So now we're ready to click "Install" and if this is the first time clicking the button and it's a brand new application, you will see this error message.

install message - rolemanager enabled

This is just telling you that the default ASP.NET MVC web.config configuration for the roleManager section has the enabled attribute set to False. This means that you intend to create the ASP.NET Membership system, but you need to have the roleManager enabled for MvcInstaller to work properly, so MvcInstaller updates the setting for you and updates all the other provider configuration information. It also updates the connection string settings.

Now you can simply click the "Install" button again. This time as long as the installer.config settings aren't violating the web.config Membership attribute settings, you will see a Processing message.

installer processing

Then depending on whether you are also installing your database schema via SQL scripts, it could be instantaneous or a few seconds. If there aren't any errors, you will see this.

install success

Now you can successfully log onto the application.

You can see I logged on here as joemanager.

Taking a look at SQL Server we can see that there are no tables.

sql server empty

If I refresh it, it shows that all the tables for the ASP.NET Membership system have been created as well as the database schema for my application.

sql server with tables

If I look at the rows for the MyBlogTable table, I'll see all the data was inserted into the table successfully!

my database schema installed and data inserted

I can also open the Users table and see all the users.

Users table with data

That's it! My entire database schema and membership are installed with very little effort.

Conclusion

That's MvcInstaller. The quick and easy way to install your database schema and ASP.NET Membership system for your ASP.NET MVC application on any server.

I hope this NuGet package is helpful to you.

Comments

Posted By: Emilio

On: 10/12/2011 7:15:52 PM

Hi nice work but i get this error when i click install button "An error occurred executing the configuration section handler for system.web/profile." why ?
Posted By: King Wilder

On: 10/12/2011 8:46:42 PM

@Emilio - sorry about that. I don't know off hand why you are getting this error. Do you have that section in your web.config? Can you send me your web.config? info@kingwilder.com
Posted By: Bibi

On: 10/31/2011 1:29:45 PM

Hi, Very Nice job ! Exactly what I need. I've encounter a problem when App_Data contains other files (ASPNETDB.MDF in my case) .
So I'll Suggest to add searchPattern like "*.sql" when calling Directory.GetFiles() in your RunScripts Static method.
With this change, It will work like a charm for me !
Hope this help !
Thanks again.
Bibi
Posted By: King Wilder

On: 10/31/2011 1:40:08 PM

@Bibi, unless there is a reason you needed to include the ASPNETDB.MDF file to the App_Data folder, MvcInstaller will add the complete ASP.NET Membership to your database for you. You don't need to include this. Is there a reason you needed to include the ASPNETDB.MDF file here?
Thanks,
King Wilder
Posted By: bibi

On: 11/1/2011 2:33:27 AM

@King, Of course not! But it can be many other files or, if you use any other folder for your script, it may be file like readme.txt. So, known that sql script normaly end with ".sql" I think is a good idee to filter file type. But no matter, when you known this limitation.
Thanks,
Bibi
Posted By: King Wilder

On: 11/1/2011 1:12:52 PM

@Bibi, it is a good idea and I'll probably make that change in the next update. In the meantime, you can make sure that your SQL scripts don't interfere with other files in the App_Data folder by just creating a "App_Data/scripts" folder and place your sql scripts in there. Then just update the installer.config/Path/RelativeSqlPath value to be "App_Data\scripts" (yes, backslash) and it should work with out conflicts.
Thanks for the suggestion.
King Wilder
Posted By: DougR

On: 7/25/2012 10:43:33 PM

Thank you very much for a great tool. FYI, the MVC 3 version worked perfectly in MVC 4 also.
A few questions. After using this tool to create the Membership DB does it have any additional purpose? I guess the real question is can it be uninstalled safely?
I am a bit worried about the security hole it creates and want to lock it down as much as possible. What would you recomend as the next steps after creating the Membership system?
Posted By: King Wilderr

On: 7/26/2012 10:35:26 AM

@DougR, I'll try to answer your questions...
1) ... additional purpose - the purpose of MvcInstaller is to install your database schema (and optionally the ASP.NET Membership system) on your staging or development server easily through a browser.
2) ... uninstalled safely - if you are asking if MvcInstaller can be safely uninstalled from your web application, yes, just run the NuGet package command, uninstall-package MvcInstaller.Mvc3. If you are asking if it can be uninstalled after it's been installed on a server, well there's no uninstall procedure, but you can delete the assembly, and the Installer.config files.
3) ... next steps - I built this system to be used with my other NuGet package called SecurityGuard which installs a complete web-based Membership management application in an Mvc Area in your application. So MvcInstaller installs the Membership System, and SecurityGuard allows you to then manage your users and roles.
Regarding your concern about the security hole, what hole are you referring to?
I'm glad you like it.
King Wilder
Posted By: aknudsen

On: 8/5/2012 1:54:18 PM

Thanks for sharing MvcInstaller and Security Guard with us, they greatly facilitate membership management. However, do you think you could please explain what practical difference it makes to configure MvcInstaller to work with Entity Framework? In my specific project, I want to use Entity Framework to store extra data per user so I'm kind of wondering how it would relate to the ASP.NET membership system. Would you have some best practices to share in that regard, i.e. augmenting the ASP.NET membership data per user with application-defined data (via Entity Framework)? I'm pretty new to ASP.NET MVC development, so I'm looking to learn :)
Posted By: King Wilder

On: 8/5/2012 6:21:41 PM
@aknudsen - I'm glad you like MvcInstaller and SecurityGuard, they've made my life easier.
- MvcInstaller and Entity Framework - MvcInstaller has no impact on Entity Framework! All MvcInstaller does for Entity Framework is, if you enter your EF context name in the Installer.config file, is it will create the proper connection string based on your settings. That's all!. It does nothing directly to Entity Framework. It just builds the connection string.
- Entity Framework and ASP.NET Membership - MvcInstaller has nothing to do with the working relationship of either of these. It simply provides a way of you installing your database schema through SQL scripts, and the ASP.NET Membership system on your production or staging server in a very easy manner.
- Best Practices with ASP.NET Membership - I'm not clear on what you are asking, "augmenting data per user". This sounds like an ASP.NET Membership provider question and not related to MvcInstaller. But the ASP.NET Membership provider system was built in a way that allows you to extend it and write your own providers if you have certain needs. There's plenty of documentation and articles on the Net about this, if that's what you are asking.
I hope this helps.
King Wilder
Posted By: Michael

On: 8/12/2012 7:25:18 AM

Hey, great software module... :)
BUT I get an error if I press the INSTALL button.
This text is viewed:
Bezeichner (beginnend mit 'X ...........g..............��................................0....../.........~.~.�.�.�.�.�.�.�.�.�.�.�.�.�.�.�.�.�.�.') ist zu lang. Die maximal zulässige Länge beträgt 128. Falsche Syntax in der Nähe von 'ӚC'. '.........0..<' ist ein ungültiger Name, da er ein NULL-Zeichen oder ein ungültiges Unicode-Zeichen enthält. Bezeichner (beginnend mit '.........�?......�?).........�?......�?,.........�?......�?..........�?......�?1.........�?..�?..�?3.........�') ist zu lang. Die maximal zulässige Länge beträgt 128. Bezeichner (beginnend mit '5�A..�@........................................................................................................................') ist zu lang. Die maximal zulässige Länge beträgt 128. '.f.i.l.e.g.u.i.d.6............f.i.l.e.i.d.6............f.i.l.e.i.d.6...........' ist ein ungültiger Name, da er ein NULL-Zeichen oder ein
Posted By: Michael

On: 8/12/2012 11:50:24 AM

hey, I tried the whole package installation a second time and now it works... :)
Posted By: King Wilder

On: 8/12/2012 12:10:47 PM

@Michael - it's hard to tell the error message since it's in German, but it looks like an error I get every once in a while that has to do with the SQL scripts for my database schema.
If this error is what I think it is, it has to do with the format the sql script has been saved in. If you have modified the script outside the SQL Server Management Studio Query window, in something like Notepad or Textpad, you could be saving it in ANSI format. It needs to be saved in UTF-8 format.
Actually I just translated your error message and I have never seen this error before. It looks like some syntax error somewhere.
But I'm glad it worked the second time. It must have just been some anomaly.
Posted By: drobertson123

On: 10/16/2012 12:56:42 PM

Hello and thanks for MVCInstaller. A great tool I have used several times.
This time I am having some issues I can't sort out. I am doing the groundwork for migrating a site I was developeing. Part of this is setting up the security. For this I am using MvcInstaller for ASP.NET MVC 4 and Security Guard. The project is in VS 2012 with .NET 4.5, EF 5.0 and MVC 4. I keep getting a very basic "Invalid key value." error. I have pulled my hair out with this and have no idea what key value it is talking about. I don't seem to be getting any error logs for debugging the issue. Do you have any recomendation? Any idea how I get the error logging working? Here are my config files.
Thanks for any help you can give.
Web.config
<?xml version="1.0" encoding="utf-8"?>

<configuration>
<configSections>
    
    <section name="entityFramework" type="System.Data.Entity.Internal.ConfigFile.EntityFrameworkSection, EntityFramework, Version=5.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" requirePermission="false" />
    <section name="glimpse" type="Glimpse.Core.Configuration.GlimpseConfiguration" />
</configSections>
<connectionStrings>
    <add name="ProEdgeEntities_live" connectionString="Data Source=PROEDGEWEB\SQLEXPRESSPE;Initial Catalog=ProEdgeEntities_Live;Persist Security Info=True;User ID=xxxxxxxxx;Password=xxxxxxxxxx" providerName="System.Data.SqlClient" />

</connectionStrings>
<appSettings>
    <add key="webpages:Version" value="2.0.0.0" />
    <add key="webpages:Enabled" value="false" />
    <add key="PreserveLoginUrl" value="true" />
    <add key="ClientValidationEnabled" value="true" />
    <add key="UnobtrusiveJavaScriptEnabled" value="true" />
    <add key="AppInstalled" value="false" />
    <add key="SecurityGuardEmailFrom" value="security@proedgetradinggroup.com" />
    <add key="SecurityGuardEmailSubject" value="Your Password has been reset." />
    <add key="SecurityGuardEmailTemplatePath" value="~/MailerTemplates/ResetPassword.html" />
</appSettings>
<location path="Upload">
    <system.web>
      <httpRuntime maxRequestLength="1048576" />
    </system.web>
</location>
<system.web>
    <compilation debug="true" targetFramework="4.5" />
    <httpRuntime targetFramework="4.5" />
    <authentication mode="Forms">
      
      <forms loginUrl="~/SGAccount/LogOn" timeout="2880" />
    </authentication>
    <pages>
      <namespaces>
        <add namespace="System.Web.Helpers" />
        <add namespace="System.Web.Mvc" />
        <add namespace="System.Web.Mvc.Ajax" />
        <add namespace="System.Web.Mvc.Html" />
        <add namespace="System.Web.Optimization" />
        <add namespace="System.Web.Routing" />
        <add namespace="System.Web.WebPages" />
      </namespaces>
    </pages>
    <trace writeToDiagnosticsTrace="true" enabled="true" pageOutput="false" />
    <httpModules>
      <add name="Glimpse" type="Glimpse.Core.Module" />
    </httpModules>
    <httpHandlers>
      <add path="glimpse.axd" verb="GET,POST" type="Glimpse.Core.Handler" />
    </httpHandlers>
</system.web>
<system.webServer>
    <validation validateIntegratedModeConfiguration="false" />
    <handlers>
      <remove name="ExtensionlessUrlHandler-ISAPI-4.0_32bit" />
      <remove name="ExtensionlessUrlHandler-ISAPI-4.0_64bit" />
      <remove name="ExtensionlessUrlHandler-Integrated-4.0" />
      <add name="ExtensionlessUrlHandler-ISAPI-4.0_32bit" path="*." verb="GET,HEAD,POST,DEBUG,PUT,DELETE,PATCH,OPTIONS" modules="IsapiModule" scriptProcessor="%windir%\Microsoft.NET\Framework\v4.0.30319\aspnet_isapi.dll" preCondition="classicMode,runtimeVersionv4.0,bitness32" responseBufferLimit="0" />
      <add name="ExtensionlessUrlHandler-ISAPI-4.0_64bit" path="*." verb="GET,HEAD,POST,DEBUG,PUT,DELETE,PATCH,OPTIONS" modules="IsapiModule" scriptProcessor="%windir%\Microsoft.NET\Framework64\v4.0.30319\aspnet_isapi.dll" preCondition="classicMode,runtimeVersionv4.0,bitness64" responseBufferLimit="0" />
      <add name="ExtensionlessUrlHandler-Integrated-4.0" path="*." verb="GET,HEAD,POST,DEBUG,PUT,DELETE,PATCH,OPTIONS" type="System.Web.Handlers.TransferRequestHandler" preCondition="integratedMode,runtimeVersionv4.0" />
      <add name="Glimpse" path="glimpse.axd" verb="GET,POST" type="Glimpse.Core.Handler,Glimpse.Core" preCondition="integratedMode" />
    </handlers>
    <modules>
      <add name="Glimpse" type="Glimpse.Core.Module,Glimpse.Core" preCondition="integratedMode" />
    </modules>
</system.webServer>
<runtime>
    <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">
      <dependentAssembly>
        <assemblyIdentity name="System.Web.Helpers" publicKeyToken="31bf3856ad364e35" />
        <bindingRedirect oldVersion="1.0.0.0-2.0.0.0" newVersion="2.0.0.0" />
      </dependentAssembly>
      <dependentAssembly>
        <assemblyIdentity name="System.Web.Mvc" publicKeyToken="31bf3856ad364e35" />
        <bindingRedirect oldVersion="0.0.0.0-4.0.0.0" newVersion="4.0.0.0" />
      </dependentAssembly>
      <dependentAssembly>
        <assemblyIdentity name="System.Web.WebPages" publicKeyToken="31bf3856ad364e35" />
        <bindingRedirect oldVersion="0.0.0.0-2.0.0.0" newVersion="2.0.0.0" />
      </dependentAssembly>
    </assemblyBinding>
</runtime>
<entityFramework>
    MvcInstaller for ASP.NET MVC 4
    <defaultConnectionFactory type="System.Data.Entity.Infrastructure.SqlConnectionFactory, EntityFramework" />
</entityFramework>
<glimpse enabled="true" />
<system.net>
    <mailSettings>
      <smtp deliveryMethod="Network">
        <network host="smtp.XXXXXX.com" userName="xxxx@xxxxx.com" password="xxxxxx" port="25" />
      </smtp>
    </mailSettings>
</system.net>
</configuration>
install.config
<?xml version="1.0" encoding="utf-8" ?>
<InstallerConfig>
<ApplicationName>ProEdgeTradingGroup_Live</ApplicationName>
<Path>
    <RelativeSqlPath>App_Data</RelativeSqlPath>
</Path>
<Membership Create="true" ProviderName="AspNetSqlMembershipProvider"/>
<Profile ProviderName="AspNetSqlProfileProvider" />
<RoleManager ProviderName="AspNetSqlRoleProvider">
    <Roles>
      <Role Name="Administrator">
        <Users>
          <User UserName="admin" Password="xxxxxxx" Email="xxxxxxx@xxxxxxx.com" SecretQuestion="Daughter's nickname" SecretAnswer="xxxxxxxxxxxx" />
        </Users>
      </Role>
      <Role Name="Manager">
        <Users>
          <User UserName="joemanager" Password="xxxxxx" Email="xxxxxx@xxxxx.com" SecretQuestion="Dog's Name" SecretAnswer="woof" />
        </Users>
      </Role>
      <Role Name="SecurityGuard">
        <Users>
          <User UserName="drobertson123" Password="xxxxxxx" Email="xxxxxxx@xxxxxxx.com" SecretQuestion="Dog's Name" SecretAnswer="woof" />
        </Users>
      </Role>
    </Roles>
</RoleManager>
<Database UseTrustedConnection="false" EntityFrameworkEntitiesName="ProEdgeEntities_live">
    <ConnectionStringName>MembershipConnection</ConnectionStringName>
    <DataSource>PROEDGEWEB\SQLEXPRESSPE</DataSource>
    <InitialCatalog>ProEdgeSecurity_Live</InitialCatalog>
    <UserName>xxxxxx</UserName>
    <Password>xxxxxxx</Password>
</Database>
</InstallerConfig>
Posted By: King Wilder

On: 10/16/2012 2:40:04 PM

@drobertson123 - sorry about your problems. To preface this, I have not tested these NuGet packages with VS 2012 or EF 5.x, but I'm sure they should work.
I do see one curious thing in your web.config and it's in the "entityFramework" section. You have the text, "MvcInstaller for ASP.NET MVC 4" inside that element. This probably shouldn't be there. Take that out and see if that fixes it. Also in the Installer.Config file, in the DataSource element, you have the value as "PROEDGEWEB\SQLEXPRESSPE". Is the "PE" at the end of the SQLExpress correct, or a mistake?
Also, when are you getting the error message? When you are running the installation with MvcInstaller?
Let me know.
Thanks.
Posted By: King Wilder

On: 10/16/2012 2:40:04 PM

@droberrtson123 - I just noticed something else, where are your Membership sections? You need these in order to use SecurityGuard. Also, you should use SecurityGuard.Mvc4.
Posted By: drobertson123

On: 10/16/2012 3:04:10 PM

@King Wilder
The "MvcInstaller for ASP.NET MVC 4" was just a accidental ctl-v while I was creating the post, so that isn't actually in the config file. Sorry for the confusion. I didn't have the membership sections in there yet. Would that cause the "Invalid key value." error I am seeing? I am putting in the Membership settings now. Is there someplace that describes the settings I should use. Regretably I am not an expert at this, so I am fumbling my way through.
The PE at the end of the DataSource is correct. It stands for Pro Edge.
What needs to be done to get an error log from the installer? I was hoping to narrow down the issue a bit if I could.
I apreciate the fast response.
-Doug
Posted By: King Wilder

On: 10/16/2012 3:32:45 PM

@drobertson123 - I'm not sure what caused that error but it might be due to the membership sections are missing. The Membership sections are usually in the web.config when the application is created by Visual Studio. Are they not in VS 2012? You should be able to copy them from another VS project. They should have the new System.Web.Providers namespace and not the System.Web.Security namespace.
Where is it that you get this error? During MvcInstaller installation or at some other point?
Thanks.
Posted By: drobertson123

On: 10/16/2012 3:55:07 PM

The Membership settings were not in the web.config file when I created the project. I will look into that and see if I can figure out why not.
The error happens when I press the Install button on the Install web page.
-Doug
Posted By: drobertson123

On: 10/16/2012 3:55:07 PM

Here is a Raw web.config files right after a new Internet Application is created. This is an MVC 4 web Site.
I don't see any options for membership anywhere.
-Doug
<?xml version="1.0" encoding="utf-8"?>

<configuration>
<configSections>
    
    <section name="entityFramework" type="System.Data.Entity.Internal.ConfigFile.EntityFrameworkSection, EntityFramework, Version=5.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" requirePermission="false" />
</configSections>
<connectionStrings>
    <add name="DefaultConnection" connectionString="Data Source=(LocalDb)\v11.0;Initial Catalog=aspnet-TestMVC-20121016155951;Integrated Security=SSPI;AttachDBFilename=|DataDirectory|\aspnet-TestMVC-20121016155951.mdf" providerName="System.Data.SqlClient" />
</connectionStrings>
<appSettings>
    <add key="webpages:Version" value="2.0.0.0" />
    <add key="webpages:Enabled" value="false" />
    <add key="PreserveLoginUrl" value="true" />
    <add key="ClientValidationEnabled" value="true" />
    <add key="UnobtrusiveJavaScriptEnabled" value="true" />
</appSettings>
<system.web>
    <compilation debug="true" targetFramework="4.5" />
    <httpRuntime targetFramework="4.5" />
    <authentication mode="Forms">
      <forms loginUrl="~/Account/Login" timeout="2880" />
    </authentication>
    <pages>
      <namespaces>
        <add namespace="System.Web.Helpers" />
        <add namespace="System.Web.Mvc" />
        <add namespace="System.Web.Mvc.Ajax" />
        <add namespace="System.Web.Mvc.Html" />
        <add namespace="System.Web.Optimization" />
        <add namespace="System.Web.Routing" />
        <add namespace="System.Web.WebPages" />
      </namespaces>
    </pages>
</system.web>
<system.webServer>
    <validation validateIntegratedModeConfiguration="false" />
    <handlers>
      <remove name="ExtensionlessUrlHandler-ISAPI-4.0_32bit" />
      <remove name="ExtensionlessUrlHandler-ISAPI-4.0_64bit" />
      <remove name="ExtensionlessUrlHandler-Integrated-4.0" />
      <add name="ExtensionlessUrlHandler-ISAPI-4.0_32bit" path="*." verb="GET,HEAD,POST,DEBUG,PUT,DELETE,PATCH,OPTIONS" modules="IsapiModule" scriptProcessor="%windir%\Microsoft.NET\Framework\v4.0.30319\aspnet_isapi.dll" preCondition="classicMode,runtimeVersionv4.0,bitness32" responseBufferLimit="0" />
      <add name="ExtensionlessUrlHandler-ISAPI-4.0_64bit" path="*." verb="GET,HEAD,POST,DEBUG,PUT,DELETE,PATCH,OPTIONS" modules="IsapiModule" scriptProcessor="%windir%\Microsoft.NET\Framework64\v4.0.30319\aspnet_isapi.dll" preCondition="classicMode,runtimeVersionv4.0,bitness64" responseBufferLimit="0" />
      <add name="ExtensionlessUrlHandler-Integrated-4.0" path="*." verb="GET,HEAD,POST,DEBUG,PUT,DELETE,PATCH,OPTIONS" type="System.Web.Handlers.TransferRequestHandler" preCondition="integratedMode,runtimeVersionv4.0" />
    </handlers>
</system.webServer>
<runtime>
    <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">
      <dependentAssembly>
        <assemblyIdentity name="System.Web.Helpers" publicKeyToken="31bf3856ad364e35" />
        <bindingRedirect oldVersion="1.0.0.0-2.0.0.0" newVersion="2.0.0.0" />
      </dependentAssembly>
      <dependentAssembly>
        <assemblyIdentity name="System.Web.Mvc" publicKeyToken="31bf3856ad364e35" />
        <bindingRedirect oldVersion="1.0.0.0-4.0.0.0" newVersion="4.0.0.0" />
      </dependentAssembly>
      <dependentAssembly>
        <assemblyIdentity name="System.Web.WebPages" publicKeyToken="31bf3856ad364e35" />
        <bindingRedirect oldVersion="1.0.0.0-2.0.0.0" newVersion="2.0.0.0" />
      </dependentAssembly>
    </assemblyBinding>
</runtime>
<entityFramework>
    <defaultConnectionFactory type="System.Data.Entity.Infrastructure.LocalDbConnectionFactory, EntityFramework">
      <parameters>
        <parameter value="v11.0" />
      </parameters>
    </defaultConnectionFactory>
</entityFramework>
</configuration>
Posted By: drobertson123

On: 10/16/2012 3:55:07 PM

It looks like there may be some curveballs with VS 2012 RTM. Here is a few interesting articles;
http://notebookheavy.com/2012/08/22/mvc-4-authentication/
http://weblogs.asp.net/jgalloway/archive/2012/08/29/simplemembership-membership-providers-universal-providers-and-the-new-asp-net-4-5-web-forms-and-asp-net-mvc-4-templates.aspx
It looks like they changed just about everything and didn't seem to mention it to anyone. Gotta love MS.
-Doug
Posted By: King Wilder

On: 10/16/2012 4:10:14 PM

@Doug - hmmmm, it seems the new VS 2012 doesn't add the Membership sections by default. I'm not sure why. I guess I'll have to look into the VS 2012 features. I don't have a copy of it yet, but I'll see if I can find out something about this.
In the meantime, you can try copying the membership sections from an VS 2010 MVC 4 application and see if that works. I'm not sure when I'll have a stable update for VS 2012 on this.
Posted By: Jon Smith

On: 1/21/2013 11:55:47 AM
Hi King,
I found your MVCInstaller.MVC4 and SecurityGuard.MVC4 and they look really useful. I have got it going but I am a little confused on a few things and wonder if you could help. Firstly to be clear my application is MVC4 with EF5. I am using localdb on my development PC, but obviously will be using SQL Server when deployed. My installer file is:
<?xml version="1.0" encoding="utf-8" ?>
<InstallerConfig>
<ApplicationName>SpatialModeller</ApplicationName>
<Path>
    <RelativeSqlPath>App_Data</RelativeSqlPath>
</Path>
<Membership Create="true" ProviderName="DefaultMembershipProvider" type="System.Web.Providers.DefaultMembershipProvider, System.Web.Providers, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
<Profile ProviderName="DefaultProfileProvider" type="System.Web.Providers.DefaultProfileProvider, System.Web.Providers, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
<RoleManager ProviderName="DefaultRoleProvider" type="System.Web.Providers.DefaultRoleProvider, System.Web.Providers, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35">
    <Roles>
      <Role Name="SecurityGuard">
        <Users>
          <User UserName="SuperAdmin" Password="password" Email="me@info.com" SecretQuestion="Favorite Color" SecretAnswer="Mauve" />
        </Users>
      </Role>
    </Roles>
</RoleManager>
<SessionState ProviderName="DefaultSessionProvider" type="System.Web.Providers.DefaultSessionStateProvider, System.Web.Providers, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
<Database UseTrustedConnection="true" EntityFrameworkEntitiesName="AccountsContext">
    <ConnectionStringName>AccountsConnection</ConnectionStringName>
    <DataSource>(LocalDb)\v11.0</DataSource>
    <InitialCatalog>AccountsDb</InitialCatalog>
</Database>
</InstallerConfig>
I have looked at both videos and read (most of) the updates for MVC4 and managed to get it going. However I have the following questions:
1. My accounts database gets created in the localdb default location, Users/<myname>, but I would like it in App_Data. Is there a field to go in the installer file to give the AttachDBFilename string?
2. I assume I can delete the orginal AccountController, the Account Views and InitializeSimpleMembership. Correct? I like to remove anything that is possible confusing.
3. I am using Code First for my main database and Web Deploy to transfer to target host. That uses Code First migration to update the database. I assume I need to deploy the asp.net account database by hand and then run install again on the target machine. Is that correct?
4. You mention the parameter EntityFrameworkEntitiesName in your installer video but not what it does. It creates a connection string in web.config but is that all? What did you think we would use it for?
In the long run I would like to have used the MVC4 AccountModel as that is more friendly to Code First approach. Have you found out any more about SimpleMembership or thinking of swapping to it. I found this recent article useful.
Thanks again for your useful code.
Jon Smith - Selective Analytics
Posted By: King Wilder

On: 1/21/2013 12:52:06 PM
@Jon Smith - first of all, sorry if some of my documentation wasn't completely informative. I strive to make it completely useful. I'll try to clear up your concerns.
1. LocalDb - MvcInstaller isn't meant to be used with the local SqlCe databases, so there is no support for the AttachDBFilename connectionString configuration. MvcInstaller is meant to help deployment to your staging or production server. It's an alternative to the Web Deploy method of deployment.
2. Deleting Account controller - yes, if you use SecurityGuard, then you can safely delete the original AccountController.
3. Deploying Account database - you only have to move the account database by hand if you are not using either Web Deploy or MvcInstaller on the target server. That's the beauty of MvcInstaller, it will install your database schema AND the Membership database with the Users and Roles you configure in the installer.config file, on the target machine, where ever it is. It takes any manual moving of any database out of your hands, which is why I built it in the first place. :^) Watch the video again, it shows how it does this for you.
4. EF parameter - in the installer.config file, the EntityFrameworkEntitiesName is only needed if you are using EF with the designer, not code first. Example: if you have the .edmx file, you need the EntityFrameworkEntitiesName value set, otherwise, leave it blank. If you enter a value for this attribute, MvcInstaller simply creates a new connectionString, completely configured in the web.config for you! It helps because it makes two connection string elements: one for EF and one for the Membership sections. It really takes almost 100% of the manual configuration work out of your hands to get your application up and running faster.
Note: you mention that you are using MVC 4, if so, then you should be using the MvcInstaller.Mvc4 version and you should use SecurityGuard.Mvc4. I say this because you are commenting on the Mvc3 post.
I hope this answers your questions.
Posted By: King Wilder

On: 1/21/2013 12:52:06 PM

@Jon Smith - one other thing, looking at your installer.config file, I would add a general Administrators Role also, and you NEED to add Users. You should add a "admin" user that can be assigned to both the Administrators Role and the SecurityGuard Role. This way that user has permission to log in as a general administrator, plus has exclusive access to manage users in SecurityGuard. Again, look at the article and video on SecurityGuard.
And in the installer.config/Database section, you don't need to remove the username and password elements as they are simply ignored if you are using a Trusted connection.
Posted By: JonSmith

On: 1/22/2013 6:51:47 AM
@King Wilder. Thanks for your detailed reply. That is very useful and shows I didn't read all the information properly the first time and didn't put this comment on the right version of mvcinstaller.
1. LocalDb - OK, that is fine. I'm not using SqlCe, but the new localdb that VS2012 comes with. Makes for a easier install of a dev environment.
2. Deleting Account controller - I excluded from the project the the account controller, the account views and AuthConfig in the App_Start folder and all is well.
3. Deploying Account database - Yep, I get it. I tend to think of not deploying setup code to the main site, which is why I was planning to copy over the database. I see your thinking and its simple, but it does need db passwords or full trust lurking in a file on the host. I may then remove the install code later once my site is set up.
4. EF parameter - Thanks for the explanation. I will remove it.
Your last reply got me a bit confused. Your code only uses the SecurityGuard role and never uses the Administrator role. Therefore I can't see that I need that yet. I may well add an administrator later but what roles I give that administrator will depend on the application.
Thanks again for a great piece of code. I would be interested if you did an update to the new MVC4 approach uses Code First. This would be useful as I could include the various asp.net authorization tables in my main database.
Posted By: King Wilder

On: 1/22/2013 11:55:54 AM

@Jon Smith -
3. Deploying - I initially created MvcInstaller for myself because I'm constantly building applications for my clients that need to be deployed to my server and I was repeating the same time-consuming process over and over. So I built this app so I could deploy the applications to the production server in a matter of seconds. So don't think of this as setup code, but another means of deploying to any server, even the production server.
And you just add the database username and password to the installer.config file and it will create that complete connectionstring for you on the server. This is exactly what I built it for. As the Install page says, you do need to have Write permissions on the root of the website in order to allow MvcInstaller modify the web.config for you, but you can simply turn that on for installation and then turn it back off.
There is another option which one of my users employed to install his application with MvcInstaller to Azure which does not allow Write permissions on the cloud server. He simply entered all the connection information for the production server in the installer.config file, which you should do anyway, but he ran it from his local machine and did not first deploy the application to the server. This enabled MvcInstaller to connect to the server and write the configuration to the web.config as well and deploy the database to the production server. So there are work arounds if you want.
Also, there is no need to remove the Install code, you can, but you don't have to. After installation is complete, MvcInstaller doesn't allow you to return to the /Install resource, so malicious users won't be able to overwrite your database. That's built in.
Regarding Code First - I'm not sure I follow you. You are allowed to build the application any way you want. MvcInstaller simply looks at a .sql script that you create and place in the App_Data folder to create your database on the production server. It has nothing to do with your database or web application during development. It is purely a post production application.
I hope this helps.
Posted By: praveen

On: 4/11/2013 1:21:21 PM

Hi,
Its a great article, seeking some suggestions. Couple of things i am trying to get answers but i did not get. I have to build auser management systems for an MVC web app with Mongo as DB, so i have written my custom provider, and for the usermanagement on browsing i landed up into mvc central.net.
Then i saw the security gaurd and mvc installer 3. I went through the video couple of times and installed mvcv installer couple of times, but was unsuccessfull, i think becuase asp.net membership is getting configured properly and i dont have sqlserver on my machine.
So the questions i have is
When a user registers on the site by himself, what is the default role you provide, and as a best practice how should be we design this(IOW when a user registers, what should be the role attached? I have implemented the membership provider methods. In the createuser method, I dont see any where attaching user to role).
Can you please clarify on this, while creating the user should we attach a role to user, or It should be always the task of the super admin.And the very first time in the application how should we create the user assuming mvc3 installer is not an option at the corporate?
And does security gaurd allows both these features?
Posted By: King Wilder

On: 4/11/2013 6:23:45 PM

@praveen - you are asking many things, and to begin with, MvcInstaller was not built with any "no sql" data store in mind.
MvcInstaller REQUIRES SQL Server!
Regarding Roles with Users, during the installation of MvcInstaller you can create Roles and assign the Administrator to a role at that point. After that, when users are Registering, it's your responsibility to modify the code to attach whatever Role you want assigned to Users. All the source code is provided for you in SGAccount, so you can make all the modifications you need for your application.
There is no proper way to handle this, you can either do it manually where the Admin assigns roles to users after they register (not recommended), or add code to the SGAccount controller to automatically assign roles to new users. It's up to you.
I hope this answers your questions.
Posted By: allyyou

On: 4/23/2013 3:27:01 AM

when i click on install at the mvc site install, error prompt
Could not find a part of the path 'C:\Prasarana MVC\Prasarana\Prasarana\App_Data\Reset\'.
anyone can help?
Posted By: King Wilder

On: 4/24/2013 1:27:04 AM

@allyyou - sorry about the error. Just create a "Reset" folder inside the App_Data folder. This is fixed in the MVC 4 version, but I didn't think anyone was still using Mvc 3.
Posted By: King Wilder

On: 4/24/2013 1:27:04 AM

@allyyou - The Reset folder was created so you could put SQL files there to be used in the event that the first install attempt failed and you needed to rollback the database creation. You could put Drop statements in the Reset folder and that would be executed first.
But really you could have that functionality in your schema scripts.
So for the meantime, just manually create the Reset folder and it will work.
Posted By: assssssd

On: 3/8/2014 1:06:51 AM

asaaaaaaadsssssssssssssssssssss
Posted By: chinnaselvan

On: 8/16/2014 12:38:50 AM

hi sir i am chinnaselvan mvc beginners i have one doubt, this membership working fine but i want to be add new table in sql server how to insert update delete that table MVC 4 Applications .
Posted By: chinnaselvan

On: 8/16/2014 12:38:50 AM

hi sir i am chinnaselvan mvc beginners i have one doubt, this membership working fine but i want to be add new table in sql server how to insert update delete that table MVC 4 Applications .
Posted By: King Wilder

On: 8/16/2014 7:37:26 AM

@chinnaselvan - your question is not related to MvcInstaller, it's related to ASP.NET MVC itself. You should go to http://www.asp.net/mvc for information on how to work with MVC or watch other videos and read other articles here in MVC Central.