.ASPXROLES Membership Roles Cookie Expiry?
Nov 15, 2010
Using ASP.NET 2.0, with forms authentication.
Just for a test, I configured the roles cookie in web.config like this :
<roleManager enabled="true" cacheRolesInCookie="true" cookieName=".ASPXROLES" cookieTimeout="2"></roleManager>
I wanted to see what would happen when the cached role cookie expired. Using Fiddler, after 2 minutes had elapsed, I could see that the raw value of the role cookie had changed.
I was expecting that on expiry, that ASP.NET would simply re-read the roles information from the database, and repopulate the cookie with the same value. So my question is, why would the raw value of the cookie change after expiry ? The cookie value is not human-readable (base 64 encoded and/or encrypted ?), so I can't tell if the information in it is the same, although the application still seems to work fine.
EDIT :
It looks like each time the roles are encrypted and cached in the cookie, it gets a different raw value.
e.g. if you run the following code :
RolePrincipal rp = (RolePrincipal) User;
string str = rp.ToEncryptedTicket();
Label1.Text = str;
View 1 Replies
Similar Messages:
Jun 9, 2010
I'm using ASP.NET Session State to keep track of logged in users on my site. However, one problem I'm running into is that by default ASP.NET session cookies are set to expire when the browser closes. I've tried setting my own ASP.NET_SessionId cookie and modifying the cookie's expiry using something similar to the following code:
Response.Cookies["ASP.NET_SessionId"].Expires = DateTime.Now.AddMonths(1);
None of these approaches work, they all set a second cookie with the same name. Is there a way of changing the session cookie's expiry?
View 3 Replies
Dec 25, 2010
how to set the cookie expiry time towards 20mins from the last request.
View 2 Replies
Mar 1, 2010
Pls explain the Membership Roles in MVC ASP.NET 3.5
View 1 Replies
Nov 25, 2010
I can't seem to find this answer anywhere on google or stackoverflow, even though I'd thought it would've been an easy thing to do.
I want to understand how the system.web authorization tag on the web.config works, and what exactly each attribute and property does.
For instance, what does
<system.web>
<authorization>
<deny users="?"/>
<allow users="*"/>
</authorization>
</system.web>
Specifically what I want to do is to disallow access to most of the site for unauthenticated users, allow access to some of the site for authenticated users who belong to a certain role, and allow full access to users from a second role.
View 2 Replies
Jun 9, 2010
I have an ASP.NET project where I want to keep the membership (SQL Provider) in a separate database and the Roles/Profiles will be per application.QuestionWhat is the KEY that relates between the Membership database and the Roles/Profile database? Is it the UserID or UserName?I opened up the tables in separate expolrer and notice the UserID is different in the Membership database from that in the application Roles database.
View 2 Replies
Jul 14, 2010
give me an example (or point me in the right direction) on how to store custom data in an ASP.NET Membership cookie? I need to add some custom properties like UserID and URLSlug to the cookie and be able to retrieve the information in the same way one would retrieve the Username.
Edit:
I used Code Poet's example and came up with the following.
When I set a breakpoint at Dim SerializedUser As String = SerializeUser(userData) the value of userData is right. It has all the properties I expect it to have.
The problem I'm now running into is that when I get to Dim userdata As String = authTicket.UserData (breakpoint), the value is "". I'd love to figure out what I'm doing wrong.
Here's the code.
Imports System
Imports System.Web
Imports System.Web.Security
Namespace Utilities.Authentication
Public NotInheritable Class CustomAuthentication
Private Sub New()
End Sub
Public Shared Function CreateAuthCookie(ByVal userName As String, ByVal userData As Domain.Models.UserSessionModel, ByVal persistent As Boolean) As HttpCookie
Dim issued As DateTime = DateTime.Now
''# formsAuth does not expose timeout!? have to hack around the
''# spoiled parts and keep moving..
Dim fooCookie As HttpCookie = FormsAuthentication.GetAuthCookie("foo", True)
Dim formsTimeout As Integer = Convert.ToInt32((fooCookie.Expires - DateTime.Now).TotalMinutes)
Dim expiration As DateTime = DateTime.Now.AddMinutes(formsTimeout)
Dim cookiePath As String = FormsAuthentication.FormsCookiePath
Dim SerializedUser As String = SerializeUser(userData)
Dim ticket = New FormsAuthenticationTicket(0, userName, issued, expiration, True, SerializedUser, cookiePath)
Return CreateAuthCookie(ticket, expiration, persistent)
End Function
Public Shared Function CreateAuthCookie(ByVal ticket As FormsAuthenticationTicket, ByVal expiration As DateTime, ByVal persistent As Boolean) As HttpCookie
Dim creamyFilling As String = FormsAuthentication.Encrypt(ticket)
Dim cookie = New HttpCookie(FormsAuthentication.FormsCookieName, creamyFilling) With { _
.Domain = FormsAuthentication.CookieDomain, _
.Path = FormsAuthentication.FormsCookiePath _
}
If persistent Then
cookie.Expires = expiration
End If
Return cookie
End Function
Public Shared Function RetrieveAuthUser() As Domain.Models.UserSessionModel
Dim cookieName As String = FormsAuthentication.FormsCookieName
Dim authCookie As HttpCookie = HttpContext.Current.Request.Cookies(cookieName)
Dim authTicket As FormsAuthenticationTicket = FormsAuthentication.Decrypt(authCookie.Value)
Dim userdata As String = authTicket.UserData
Dim usersessionmodel As New Domain.Models.UserSessionModel
usersessionmodel = DeserializeUser(userdata)
Return usersessionmodel
End Function
Private Shared Function SerializeUser(ByVal usersessionmodel As Domain.Models.UserSessionModel) As String
Dim bf As New Runtime.Serialization.Formatters.Binary.BinaryFormatter()
Dim mem As New IO.MemoryStream
bf.Serialize(mem, usersessionmodel)
Return Convert.ToBase64String(mem.ToArray())
End Function
Private Shared Function DeserializeUser(ByVal serializedusersessionmodel As String) As Domain.Models.UserSessionModel
Dim bf As New Runtime.Serialization.Formatters.Binary.BinaryFormatter()
Dim mem As New IO.MemoryStream(Convert.FromBase64String(serializedusersessionmodel))
Return DirectCast(bf.Deserialize(mem), Domain.Models.UserSessionModel)
End Function
End Class
End Namespace
Here's where I create all the magic. This method is in a "BaseController" class that inherits System.Web.Mvc.Controller
Protected Overrides Function CreateActionInvoker() As System.Web.Mvc.IActionInvoker
If User.Identity.IsAuthenticated Then ''# this if statement will eventually also check to make sure that the cookie actually exists.
Dim sessionuser As Domain.Models.UserSessionModel = New Domain.Models.UserSessionModel(OpenIdService.GetOpenId(HttpContext.User.Identity.Name).User)
HttpContext.Response.Cookies.Add(UrbanNow.Core.Utilities.Authentication.CustomAuthentication.CreateAuthCookie(HttpContext.User.Identity.Name, sessionuser, True))
End If
End Function
And here's how I try and retrieve the info.
Dim user As Domain.Models.UserSessionModel = CustomAuthentication.RetrieveAuthUser
View 2 Replies
May 25, 2010
I have a navigation menu I would like to display based upon user roles (using.net membership) After several hours and headaches (from banging my head against the desk) I was wondering if someone can point me in the error of my ways.
[Code]....
[Code]....
How can I ensure that when the user is logged in, the appropriate menu items are displayed on the Landing page? Still new to all of this and my current method of 'trial and error' has seen me reach suicide levels this morning!
View 5 Replies
Jul 29, 2010
Lets say that I have a database set up with a load of info in it and I decide I want to add the membership and roles functionality to my site but my hosting provider makes me pay for each database I use. I don't want to pay for another db, so how do I set it up so that instread of creating membership and roles tables in the the aspnetdb database, it creates them in my existing database?
View 5 Replies
Mar 21, 2011
I am building a subscription based web site, which currently has three subscription levels, i.e. Horses, Soccer, and Horses and Soccer. I was thinking of implementing standard role based authorization, where a Horses subscriber would get roles including those to use the Horses section, etc.
Should I use a standard role provider, and when a member subscribes to the site, assign roles for his subscription to him, or use a hierarchical role provider, that when asked for the roles for a member, only then uses the member's subscription level to 'calculate' a set of roles for the member.
View 2 Replies
Apr 9, 2010
I have followed scott's gu tutorial here I uploaded the whole database to my site. Before doing what Scott's says I had one username stored in the membership. How can I create an additional user now that the table is in the web host? I can see that there's aspnet_Membership, aspnet_Applications, etc..etc
View 2 Replies
Mar 10, 2010
how do i do that through config file?
View 11 Replies
Jan 20, 2010
in my app i want to create two types of users. (1) 'staff' (2) 'admin'
i have a page called registration which basically creates a user. i used the asp.net configuration wizard to create roles and set access rights to certain pages and this works great.
however, if i was to deploy this app then users wouldnt have access to the asp.net wizard therefore not be able to create users with roles/access.
so how can i do this in code? can i create a drop down in the registration page with two values (staff and admin) which will represent roles and then another drop down with access rights? (allow/deny)
how can i now program these drop down and make it work like i would normally do using asp.net configuration wizard?
View 8 Replies
Feb 3, 2011
I need to enable/disable roles using membership. How is it done.
View 3 Replies
Feb 9, 2010
I am trying to load all the roles into my dropdownlist but I keep getting an error saying IDatasource is not listed, I have the following code:
Roles.datasource = Roles.GetAllRoles()
Roles.databind()
What Else do I have to do?
View 3 Replies
Aug 26, 2010
I'm trying to build a portal kind of an application in asp.net, in which one of the functionality is letting people log in and upload their documents. The upload page is only accessible to registered users of the portal.
Problem:
I would like to track the user uploaded files according to their userIds.
Is it possible to use the FileUpload Control and C# to fetch the current user id, create a directory with the same name(as that of userID) in the file system and upload the files( multiple file upload, if necessary) into it?
Also another admin page would have to be able to see the list of files uploaded by the specific user and download it if necessary.
View 9 Replies
Mar 20, 2010
have a project where there are main 3 types of users i have to block them from accessing other pages but without using roles or membership is there any other way to do the same?
View 3 Replies
Sep 7, 2010
I have used asp.net membership and roles in my application. Its working fine.
I have an (.aspx page) where i have placed create user wizard, to create new user dynamically.
The same way i have created roles in my application.
What my requirement is, how to set roles dynamically to a particular user from my (aspx page).
View 2 Replies
May 7, 2010
Its very easy to add users to roles by using the in built controls. but how can add users through customized login controls?. i have tried using
//MembershipUser m = Membership.CreateUser(name, pass, null);
View 3 Replies
Mar 22, 2010
How can I transfer the login session of a user into a Cookie that would expire in 12 hours? I have a problem with Internet Explorer where whenever the user closes the window it would log them out automatically (which is by default what it is supposed to do). I am using VB.NET
View 4 Replies
Feb 8, 2010
I've got an MVC 1.0 View that is more-or-less an attempt at reproducing WSAT.
On the Security->Manage Users page there's a column of checkboxes for "Active" for each user. Also when clicking the 'Edit roles' link a set of roles shows up in the Roles column of the table.
I'm using the standard SQL based Membership and Role providers that come out of the ASP.NET box.
For some reason, when I run the app from VS2008 all is well and I can update the Active and Roles values. However, when I deploy to a remote server, either my test server or in production, the checkboxes don't update the databse. Note that the links for 'Edit user', 'Delete user' work fine. I can create a new user or delete a user with no problems in any of the deployed locations. Also the 'Edit roles' link also works fine in that it brings up the list of all possible roles and shows which roles the user is in. The problem is specifically with the Checkboxes.
Interesting to note is that the JavaScript alert() (see below) does fire when clicking on any of the Role checkboxes. However, although the box is checked, the database is not updated on the any but VS2008 Casini. The database connection string is not changed on any of the execution sites which are running SQL 2008. IIS 7 on one deployed server (an ISP) and 7.5 on the other my in-house test server.
Here's the code I'm using to create the Roles portion of the page:
[Code]....
View 3 Replies
Jan 24, 2011
I am getting user list using Membership.GetAllUsers() function. And I bind this data in a grid view.
But I cannot find the roles information here. I need to show the roles in that grid view.
View 2 Replies
Mar 26, 2010
I have developed an asp.net website. I Have Used Asp.Net membership provider.My Question is , I Have Three Roles , For Eg: Basic, Intermediate, Admin ...Now , i need to apply two roles for single page say basic and admin .... How can i do this ... Plz help me .... Thanx in advance ......
if (Roles.IsUserInRole("Admin") == false)
Server.Transfer("AccessDenied.aspx");
View 6 Replies
Mar 26, 2010
I'm developing a system where we want to restrict the availability of information displayed to users based on their roles.
e.g. I have a tabled called EventType (ID, EventTypeDescription) which contains the following records:
1, 'Basic Event'
2, 'Intermediate Event'
3, 'Admin Event'
What I need to achieve is to filter the records returned based on the username (and hence role) of the logged-in user. e.g if an advanced user is logged in they will see all the event types, if the standard user is logged in they will only see the basic event type etc.
Ideally id like to do this in a way which can be easily extended to other tables as necessary. So I'd like to avoid simply adding a 'Roles' field to each table where the data is user context sensitive.
One idea I'm thinking of is to create some kind of permissions table like:
PermissionsTable
(
ID,
Aspnet_RoleId,
TableName,
PrimaryKeyValue
)
this has the drawback of using this is obviously having to use the table name to switch which table to join onto.
Edit: In the absence of any better suggestions, I'm going to go with the last idea I mentioned, but instead of having a TableName field, I'm going to normalise the TableName out to it's own table as follows:
TableNames
(
ID,
TableName
)
[Code]....
View 4 Replies
May 7, 2015
Other than WSAT as I don't want to have to use the CMD bypass to access it using VS 2013, how can I administrate users/roles on my web forms web site and be able to administer them via the website from a different location.
View 1 Replies
