.net - Use Of User.IsInRole Without Using Membership ?
Feb 17, 2010I'm using Forms authentication and I would like to make use of roles, can I somehow set the role of the user without Membership ?
View 4 RepliesI'm using Forms authentication and I would like to make use of roles, can I somehow set the role of the user without Membership ?
View 4 RepliesI'm securing an ASP.NET MVC 2 application, and I have a user who is in the role "Foo".
This is true:
User.IsInRole("Foo")
But yet, when I attempt to lock down a controller action like the following, the user is denied:
[Authorize(Roles = "Foo")]
public ActionResult PrivatePage()
{
return View();
}
If IsInRole reports true, why would the Authorize attribute not allow the user in?
My ASP.NET app is using windows authentication. If I run the following code:
WindowsIdentity wi = (WindowsIdentity)User.Identity;
foreach (IdentityReference r in wi.Groups)
{
ListBox1.Items.Add(r.Translate (typeof (NTAccount)).Value);
}
if (User.IsInRole ("Everyone"))
Label1.Text = "Is in role";
The listbox will contain the name of every group the user belongs to. If I then call User.IsInRole, and pass in the name of any of those groups, I always get a false.
how can I find out if one of the user is the member of any role? For the logged user, I use User.IsInRole("Admin"), but how to find out if the nonlogged user is in the role?
View 2 RepliesMy website has a "charts" menu item that lets you choose from about a dozen pages each with a different chart in them. Each one of these pages uses the same nested master page which has some drop-down lists and text boxes to let the visitor do some filtering of what data shows up in the charts (I do this by building SQL statement parts in the nested master page and triggering an event that the chart page reacts to).
Anyway, One of the DropDownList controls shows the names of everyone in the Company (I use MembershipProvider and RoleProvider). What I want to is have the DropDownList show a different collection depending on the role that the visitor is in; If the visitor is in the "Principal" role, I want them to see everyone. If they are not in that role, I want them to get only their own name.
I expect I'd have to do this in code-behind... But thought I'd check to see if anyone knows if it is possible to have an "IF" statement in the SQL DataSource for this control that can refer to the role that the current logged-in user belongs to
I am createing user dynamially with the below code; string MyPassword = Membership.GeneratePassword(8,0).ToString(); Membership.CreateUser(TextBox7.Text, MyPassword, TextBox8.Text); but before I start creating, I would like to check if the user name is used before or not.
View 2 RepliesI have a custom membership user class and custom MembershipProvider working against database. Due to security reasons the user passwords are stored in the database as hashed values. So my procedure
public override bool ValidateUser(string username, string password) is
{
//select hashed password from db
return (EncodePassword(password) == dbpassword)
}
[code]....
how to perform log out task in web page in different forms
View 1 Repliesi am working on membership concepts in asp.net. Now i want to reset new password and getpassword for specific user.
this is my web.config code:
[code]....
In the site I am building we have standard users and superusers. A superuser can delete another user from the system and this should result in that user being logged out (if he/she is currently logged in). We use the Membership provider. Or actually the superuser doesnīt delete the other user completely but instead sets his/her as inActive by following code:
[code]...
But, that should not matter... What I want to know is how to make the affected user being logged out. I donīt need a popup or anything to be shown to the other user that he/she is just logged out, it is enough to check if that user is logged in when he/she tries to move to another page on my site.
What are the differences between Membership.GetUser() and Context.User, and which is recommended for use in getting information about the current user?
View 2 RepliesI'm trying to get the comments section for a user, to populate a text box which can be updated. I'm getting the "Object reference not set to an instance of an object" error. Why is this occurring?
[Code]....
I have an administration website - the users of which should be able to modify users for a public site. This means the administration site has a valid membership provider, but I want to be able to access/change members in another site (and therefore ApplicationName).
First thought was to set ApplicationName on the Membership static - but that seems like a bad idea according to answers here: Changing Membership.ApplicationName in code - thread safety.
Second thought was to duplicate the MembershipProvider entry to the web.config - so now I can do WebSiteMembershipProvider = Membership.Providers("WebsiteSqlMembershipProvider") - but I can't now seem to get to a 'Membership' object which will let me (for example) call the standard 'CreateUser' method.
I tried WebSiteMembershipProvider.CreateUser - but it takes a load more parameters, and doesn't seem to do anything if I poke some values into it.
Am I nearly there? Or do I need a different approach? There's always the SqlProvider's stored procedures, I suppose...
Is there a membership function to search a username Like this: LIKE '%UserName%' ?
This is not working.
[Code]....
I am playing around with the membership database and have a question. Lets say I have a company called company ABC. There are 10 branches that belong to comapany ABC.
IS there anyway to create a relationship within the database using company ABC as the parent and having the 10 branches as childs?
How can I active a user that has been created with Membership?
View 1 RepliesI would like to create a sync process between an ADSI table and aspnet Membership using Membership.CreateUser. However, I need to see if a user exists before importing. I can import as long as a user does not exist however I am having trouble checking if users exist and only importing if they do not. Here is my code so far.
[Code]....
When creating a foreign key to the membership user table, is it better to refer to the user_id column or is it ok to use the username column? I assume that the Membership spec enforces uniqueness in the username since there is a method Membership.GetUser(username) that returns one user. Using the id is a bit awkward in code because I have to end up casting all over the place like (int)user.ProviderUserKey. The username would give more information quickly when viewing raw data as well. Just wondering if someone knows a reason why I shouldn't use it as the foreign key.
View 1 RepliesIs it possible to call a membership provider to generate a username and password automatically?
View 1 RepliesI'm using the ASP.NET SQL Membership Provider. So, there's an aspnet_Users table that has details of each of my users. (Actually, the aspnet_Membership table seems to contain most of the actual data). I now want to store some per-user information in my database, so I thought I'd just create a new table with a UserId (GUID) column and an FK relationship to aspnet_Users. However, I then discovered that I can't easily get access to the UserId since it's not exposed via the membership API. (I know I can access it via the ProviderUserKey, but it seems like the API is abstracting away the internal UserID in favor of the UserName, and I don't want to go too far against the grain).
So, I thought I should instead put a LoweredUserName column in my table, and create an FK relationship to aspnet_Users using that. Bzzzt. Wrong again, because while there is a unique index in aspnet_Users that includes the LoweredUserName, it also includes the ApplicationId - so in order to create my FK relationship, I'd need to have an ApplicationId column in my table too. At first I thought: fine, I'm only dealing with a single application, so I'll just add such a column and give it a default value. Then I realised that the ApplicationId is a GUID, so it'd be a pain to do this. Not hard exactly, but until I roll out my DB I can't predict what the GUID is going to be. I feel like I'm missing something, or going about things the wrong way. What am I supposed to do?
I want to implement membership where email is used as the user id. Is there a ready-made provider for this, or do I have to write my own one? Or should I just make do with the 'default' one?
View 1 RepliesThe error message below i get when I"m trying to create a new user in a project management system we use for a client. I type in all the corresponding information then when I click create it throws this error.
invocation. at System.RuntimeMethodHandle._InvokeMethodFast(Object target, Object[] arguments, SignatureStruct& sig, MethodAttributes methodAttributes, RuntimeTypeHandle typeOwner) at System.RuntimeMethodHandle.InvokeMethodFast(Object target, Object[] arguments, Signature sig, MethodAttributes methodAttributes, RuntimeTypeHandle typeOwner) at System.Reflection.RuntimeMethodInfo.Invoke(Object obj, BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture, Boolean skipVisibilityChecks) at System.Reflection.RuntimeMethodInfo.Invoke(Object obj, BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture) at System.Web.Administration.WebAdminMembershipProvider.CallWebAdminMembershipProviderHelperMethodOutParams(String methodName, Object[] parameters, Type[] paramTypes) at System.Web.Administration.WebAdminMembershipProvider.CreateUser(String username, String password, String email, String passwordQuestion, String passwordAnswer, Boolean isApproved, Object providerUserKey, MembershipCreateStatus& status) at System.Web.UI.WebControls.CreateUserWizard.AttemptCreateUser() at System.Web.UI.WebControls.CreateUserWizard.OnNextButtonClick(WizardNavigationEventArgs e) at System.Web.UI.WebControls.Wizard.OnBubbleEvent(Object source, EventArgs e) at System.Web.UI.WebControls.CreateUserWizard.OnBubbleEvent(Object source, EventArgs e) at System.Web.UI.WebControls.Wizard.WizardChildTable.OnBubbleEvent(Object source, EventArgs args) at System.Web.UI.Control.RaiseBubbleEvent(Object source, EventArgs args) at System.Web.UI.WebControls.Button.OnCommand(CommandEventArgs e) at System.Web.UI.WebControls.Button.RaisePostBackEvent(String eventArgument) at System.Web.UI.WebControls.Button.System.Web.UI.IPostBackEventHandler.RaisePostBackEvent(String eventArgument) at System.Web.UI.Page.RaisePostBackEvent(IPostBackEventHandler sourceControl, String eventArgument) at System.Web.UI.Page.RaisePostBackEvent(NameValueCollection postData) at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
if a user wants to clear their personal information from a page after clicking on a button that they be re-directed to the ASP Login page. This code needs to be developed using Java Script because I want the user to confirm with a confirmation box that they intended to clear their info. I have found resources on MS that pointed to referencing the "System Web Extension" within the Web Config file shown below, which enables Java Script to be able to reference the Authentication Service classes. I am also calling the function show_confirm in the button onclick event to process the message box response.
I also need to redirect a user back to the Login page within this same show_confirm() function without pointing directly to the URL, but instead to the folder where the page is locateded like in VB Server Redirect if possible.
The error message I receive when I run this code is: Microsoft JScript runtime error: 'sys' is undefined.
Shawn
[Code]....
[Code]....
i have implemented asp. net membership authentication and one of my users has forgotten his password.
The passwords are hashed and when i try retrieveing his password i get the error that password retrieval is not available for hashed passwords.
Should i reset the password?
I realize that user names are unique, but is there another identifier associated with the username? If there is, how do I find out what it is for the user who is currently logged in?
View 2 Replies