SQL Server Express permissions

Fix for exceptions like these:
"CREATE DATABASE permission denied in database 'master'",
"EXECUTE permission denied on object "
"SELECT permission denied on object"

Asp.NET uses the NETWORK SERVICE account (for Windows Server 2003) and ASPNET user for Windows XP. If we use windows authetincation for using sql express we need to add these users as sql server logins:
SQL Server manager -> Security -> Logins -> add "NT AUTHORITY\NETWORK SERVICE" or ASPNET
Then click on the properties menu of the login and make the login dbcreator. This will fix the first of the exceptions above. Then with User Mapping setting we can add permissions explicitly to the desired database -> dbowner gives all needed permission.

How to get Profile instance out of asp.net page,

The way of getting Profile instance from a page context is Profile.GetProfile(). But how to do this when you need to get it from App_Code for instance. Here is the way:

MembershipUser mUser = Membership.GetUser(UserId);
ProfileCommon prof = (ProfileCommon)System.Web.Profile.ProfileBase.Create(mUser.UserName);

the object "prof" has all profile fields as in a page.

How to set page/script timeout on an asp.net page

The solution is pretty simple. Use Server.ScriptTimeout to set the timeout for the script in a page. The value is measured in seconds.

Server.ScriptTimeout = 3600

Use this in Page_Load event. The example makes the timeout to be an hour.

NOTE: using compilation debug="true" will ignore script timeout and it won't work. Make sure the debug value is false on the release version of web.config

FormsAuthentication.Authenticate vs Membership.ValidateUser

FormsAuthentication.Authenticate can be used with clear passwods to check user authentication:
if(FormsAuthentication.Authenticate(Username.Text, Password.Text))
{
FormsAuthentication.RedirectFromLoginPage(Username.Text, false);
}

This doesn't work if the password format is not clear. Asp.NET membership provider offers you Clear, MD5 or SHA1 represented passwords.
In case of using MD5 or SHA1 (specified in web.config, SHA1 is default for hashed passwords) the checking for user credentials should be done by Membership.ValidateUser which delivers the provider model for user authentication.

if( Membership.ValidateUser(curentUserName, pwd)){
FormsAuthentication.RedirectFromLoginPage(Username.Text, chkPersistent.Cheked);
}

The other things of authentication process can be left to the Asp.Net provider.

See also for web.config: authentication and authorization, machine key generation, password format, password salt ...

How to use SQL Express database for more than one application

Somethimes we need to use one database for more than one application, web, desktop or service.
The only thing to do is to get rid of the generation of a new user instance by the connection string in web.config. Assure that User Instance=False in the connection string and try again.