I am developing an application for Online Examination. Once a user logs into the system, he is allowed to start a Test; on clicking start test button the user is redirected to the questions page. Now when the user clicks and confirms ending of the test by a button click then he is redirected to the results page.Now what I want here is that when the results page is being displayed the user should automatically be logged out of the system and should not be able to go back to the previous pages by pressing the browser's back button.
The problem which I am facing right now is that when the results page is displayed anyone can press the back button and continue the test and manipulate the result. How can I stop this.
I've never actually implemented a registration/login system before, so I'm trying my hand at making my own in C#/ASP.NET (not using ASP.NET's built-in membership provider). What I'm a little unclear on is how to utilize Session/cookies to keep a user logged in during and between sessions.
protected void Login_User(object sender, EventArgs e) { string username = usernameField.Text; string password = passwordField.Text; User user = UserRepository.FindUser(username); if (user != null) { if (user.Password.Equals(Hash(password))) { // How do I properly login the user and keep track of his session? } else Response.Write("Wrong password!"); } else Response.Write("User does not exist!"); }
I have a Asp.net web application that is running on 4.51 , When the User login Successfully i return an Object that has info for that user and store this in a Static object. Now my problem is the i
User 1 Login (Welcome James)
and
User 2 Login (WelCome Daniel)
and User 1 refreshes the Page (Welcome Daniel)
My user sessions override each other. i did mess around with the IIS Session before , i just noticed this now.
I'm trying a lot a things in these days around the Login control. What I want: to keep the user logged ind also when she close the browser. When se returnes to the page, she should be moved to the DestinationPageUrl of the login control.
My Login control:
[Code]....
My Codebehind file for the login control: [Code]....
My web.cofig settings: [Code]....
As you can se, I have learned (from google and here in forums.asp.net) that I need to do a FormsAuthentication.SetAuthCookie but I have one problem....... If I do nothing in the page_load the control doesn't keep me logged in through sessions.Is there anyone who can help me, and either explain og link me to a page, where I can see, how I can get the UserName and Password from the FormsAuthentication.SetAuthCookie I maid. I also need to know if when I get UserName and Password from cookies andthen redirect to the /Content/Default.aspx page in page_load the system knows (formsauthentication) the user is logged in?
We have take over a classic asp site. Everything works fine, but we are making improvements to some reports and adding new reports, so we are doing this in .NET, with that said, after reviewing the secuirty code, there are 2 sessions that are set and used thru-out the site as part of some of the individual page queries.
I know that the sessions are being populated, because the reports that use those values return records.. now with a new report we are working on, i need to pass those values into my query. But when i try using the session names the page is coming up saying the following:Object reference not set to an instance of an object.
Is there anyway to add something to my page code to see what sessions are actually being created and their values.. maybe im using the wrong variable names.. but the security code is pretty straight forward.. at login, if successful, 2 values are returned and stored in 2 sessions.. i need to use those with my new page.. so trying to figure out why the existing pages work fine with that and my new page does not..
Basically, i'd like to write to the screen the session variables that are being created on the login page.
My prior asp.net apps used windows authentication on an intranet. Now I'm developing an app for the internet and am stumbling over how to properly manage user sessions and state.
I first developed my web site functionality; created the SQL DB and got all of the pages to properly handle the data. Then, I installed the SQL Membership database and was able to get the CreateUser, Login, Logout pages to work. On the Verify process for the Userid, I added a step that will take the membership UserId value and create a Company record in my tables and link my CompanyId key with the UserId.
At Login time, I create a CompanyId session variable; each page uses it to retrieve records for the user. When Session Timeout occurs and the user click a link to another page, the app redirects properly to a Login page. However, if the time expires and then the user interacts on that same page, 'Object not set to an instance of the object' - the CompanyId session variable has expired.
What is the proper way to handle this? I'd like the page to automatically redirect to a TimedOut page (this would happen automatically without the user doing anything).
I considered writing a Function where I pass the Session variable I want and the Function sees if it exists; if it doesn't it would do a Response.Redirect to the TimedOut page...I can't get the Redirect to work in a Class Function ('reference to a non-shared member...').
I assumed that I should set CompanyId as a Session Variable so each page knows the user to get data for. Another approach is to use the membership User and if it is still valid, do a DB lookup to get the CompanyId. I did not choose this because I felt that it would increase DB traffic and web traffic.
Here are several relevant settings from my web.config:
What if, I'm not using the LOGIN CONTROL but rather creating a Custom Control for Login. Is it possible to have user roles and a site map that redirects to its own destination when the user login?
i am developing a site in asp.net mvc 2.0.Now i have to implement customised user registrationpage by adding extra fields.i am using following code to create the user,
i implement user login in my website itself and i dont use membership of asp.net
any user in my website have the apportunity to website for 5 times .after 5 times if still user is not logged in website ,user can after 15 minutes to be able to try again.
i would like to implement one route for my Adminitration user - roles management (http://<domain>/Administration/ManageUserRoles/<userName>/<roleName>), where Administration is the Controller and ManageUserRoles is the action and another for managing everywhere in the site where there is an id / name combination ((http://<domain>/<controller>/<Action>/<id>/<name>)).
From what i have tried so far, the Administration route catches all the routing that has the format http://<controller>/<action>/<param1>/<param2> and as a result the id / name url parameters are displayed as query url parameters.
I am not sure how the user defined class objects are garbage collected. Do I need to implement IDisposable interface on every class and call the dispose() method on it to free the memory?
I have a web user control that contains 2 text boxes. i would like to be able to have their values persisted using the personalizable attribute, but dont want to use my user control as a web part. Can i implement the personalizable attribute on a text box in a user control without using web parts?
how to implement the authentication and membership for a hobby project I'm working on. Tought I'd ask for opinions here. I started using the asp.net membership/authentication/profile providers. First off I want user's to "activate" their accounts, so upon registration I figured I'll set "IsApproved" to false, generate and email an activation code which I store in a user profile. User's won't have usernames, just log in by email address. While it's easy to pass an email address as username, I'm worried about user's having to change their email addresses (used for logging in) later.