i want to use user authentication using ajax controls where there are 2 textboxes 1 is for username and 2nd for passworod ,i want to authenticatate user using ajax controls against database !
View 3 Replies'm using the AutoCompleteExtender from the AJAX control toolkit on my aspx page - I have it wired up to a WCF service that is returning a string array and everything works happily.
If I change my service definition to include a demand for the caller to be authenticated, like so:
<OperationContract(), PrincipalPermission(SecurityAction.Demand, Authenticated:=True)> _Public Function GetLookupValues(ByVal prefixText As String, ByVal count As Integer, ByVal contextKey As String) As String()
Then the autocomplete extender stops working, and I get an authentication error in the service. The service is set up to use ASPNetCompatibility mode, and I was hoping that the extender would pass the authentication credentials for my logged in user - does anyone know how to make this work?
i develope asp.net web site based on users authentication.
How can i promiss that user who logins to the site and closes and explorer, could reopen it and be connected without insert his user & password again.
Article : Encrypt and Decrypt Username or Password stored in database
The whole thing works very well but my issue is, after entering and encrypted password how does the user then log into the database?
When a user types in his password, the typed in password will not match the ecnrypted value in the database.
So how do I decrypt what is in the database and compare with what the user typed in and then validate the user.
I want to use forms authentication on my ASP.NET MVC site. All I need is a place for users to login, a page to add a user, and a page to edit a user. I'm using all the default ASP.NET forms authentication tables for SQL Server (aspnet_Profile, aspnet_Roles, aspnet_Users, etc.). The only difference is that I've added an Employees table to my database, which contains a FK to aspnet_Users to create a one-to-one relationship. The Employees table contains columns for FirstName, LastName, StartDate, etc. It's a way for me to keep additional information for the users.
I'm having trouble finding any sort of tutorial that would help me build a basic page in MVC, everything I find is for WebForms. For my page to add a user, I'd like there to be fields for the Employees table. I don't know if I can modify the CreateUserWizard to add those fields, or if I'd be better off just creating my own custom page.
We have a user that has been logging on to a site for several months. Suddenly on Monday the user was forced off and since then they have not been able to log back in from the machine where the problem occured. They can log in to site using other PCs in the business using the same creduentials as we can from the support desk.
We have performed a completed cleardown the IE8 history and cookies etc, check that is can see the internet, working online and recycled the application pools but still the uses account is unavailable from that machine.
Just going to start making a web application and was wondering which was better, or at least what are the main differences between them (as it probably matters what I am using them for)?
View 3 RepliesI have 3 pages which they use Master page. I want to check if user is authenicated in page load event of master page.
1-Is it correct method to check authenication is page load of master page?
2- I want to know which of the following lines should I user and is there any difference between them?
Request .IsAuthenticated
Page.User.Identity .IsAuthenticated
HttpContext .Current .User .Identity .IsAuthenticated
I want to check if user is autheneicated in control (ascx). I use HttpContext.Current.User.Identity.IsAuthenticated; for this purpose.
When I browse pages using ASP.Net Developement server -VS 2008- it works fine, But when I use IIS 7 then it always return false , even if user is authenicated.
Note that it's even work fine with IIS 6 but With IIS no hope (Classic/Integrated mode). does it related to IIS 7 or what the method that I use?
If a user has signed into their computer and are connected to an intranet, is there a way to grab the users crendtials and authentication them in asp.net? What specific code would do this?
View 2 RepliesIf I am using forms authentication, how can I get the value of the user.identity for the currently logged in Windows user? Not the forms user.
View 2 RepliesI am working on a web application project with a layered architectural style having DAL, BLL, Service Layer and Presentation Layer. It's going to be a Web forms application.
My intent is to try using some of the new features of .Net 3.5 or 4.0.
Currently, I am thinking through different approaches for implementing Authentication in this project.
I have a query regarding the design of the application, particularly Authentication.
In which layer should I have Authentication class? BLL? If I implement the Authentication class in BLL, should I be having an app.config in the same class library project to contain the Database connection string and all.
I am using windows Authentication and accessing user name as. IIdentity winId = HttpContext.Current.User.Identity; string name = winId.Name; but i want to get other details like User full name and EmailID.
View 4 RepliesWe want to use a "proxy user" to connect to an LDAP server (Active Directory, Novell, or otherwise) and then make sure that the user trying to log into the application has typed in an acceptable user name and password. I have got the code for connecting to LDAP just fine, but I'm at a loss as to how to check the user name and password. Can you do this through an LDAP query?
Here's the guts of my code so far:
Public Function Authenticate(ByVal UserName As String, ByVal Password As String)
Dim LDAPServer As String = ConfigurationManager.AppSettings("LDAPServer")
Dim proxyUsername As String = ConfigurationManager.AppSettings("LDAPProxyUser")
Dim proxyPassword As String = ConfigurationManager.AppSettings("LDAPProxyPassword")
Dim entry As DirectoryEntry
entry = New DirectoryEntry(LDAPServer, proxyUsername, proxyPassword)
'This performs the LDAP authentication'
Dim obj As Object = entry.NativeObject
Dim search As New DirectorySearcher(entry)
search.Filter = String.Format("(SAMAccountName={0})", UserName)
'How do I check the password now?'
Dim result As SearchResult = search.FindOne()
If result Is Nothing Then Throw New Exception("Unable to find SAMAccountName")
Coding Platform: ASP.NET 4.0 Webforms with C#
I have two roles admin and member. In my application, admin can manipulate most of the member data. I know that in forms authentication a user can be unlocked like,
MembershipUser user = Membership.GetUser(clickeduserName);
user.UnlockUser();
Membership.UpdateUser(user);
My questions are,
How to lock a user in forms authentication? Why is MembershipUser.IsLockedOut Property set as ReadOnly? Is it not the right way to LockOut people as an administrator?
How to check if user is authenticated while using Forms Authentication ..?
View 2 Repliesi install sql sever 2008 and i want use as a serve side authentication. How to cerate server side loging["userid" , "Password"] it directly apply on sqlserve 2008 not any sqlquery
View 2 RepliesWhen a user log into my asp.net site I use the following code:
FormsAuthentication.RedirectFromLoginPage(userid, false);
As I often need to use the userid I can then later get the userid by:
string userid = System.Web.HttpContext.Current.User.Identity.Name;
Now I also want to show the logged in username on each page and my questions is therefore where do I place the username best if I need to use it on every page. User.Identity.Name is already taken by the userid so I can't use that one. Another solution would be to get the username from the database on each page, but that seems like a bad solution.
i have an application and a user must log-in before he/she can access pages. now once the user logs in i keep the user details in a session variable (say Session["CurrentUser"]).now if a user tries to jump to a page directly i will check if the Session["CurrentUser"] has a value or not...if not then the user will be directed to the login page...my problem is that i have done this or rather say written this "Checking Code" on almost all the pages.
View 3 RepliesI am facing one problem while putting below code on master page load event.
if (!User.Identity.IsAuthenticated)
{
FormsAuthentication.SignOut();
FormsAuthentication.RedirectToLoginPage();
}
I have an ASP.NET application where users login using forms authentication. I have 3 roles and some users. My App is not some thing like anyone can Register and access pages. Only Admin can create users & then send them their username and temp password through email. Then User can change his security question, Password and access pages. I'm trying to build this architecture. I'm using SqlServerMembershipProvider I have created Roles and some test users using ASP.NET Configuration tool. How can I implement the same thing programatically? Like Admin can create user and set his Role. User should be able to Change his Security question & change his password after Admin sets his account with some password likeP@ssw0rd. Is there any article where I can read and learn. I'm dealing with Security for the first time
View 3 RepliesI'm writting a software in C# and .NET to manage my store, which has a site where you can go and opt in to receive a sellers person visit. This site has an behind the scenes manager, but I want the software to do this instead, effectively removing the browser manager and the first step towards this goal is to allow the software access to a PHP script that generates tha XML file required.
The problem is, the login mechanics, written in C# and using web.config, doesn't allow the software to access the said script, which is inside a protected folder for the browser manager. I already tried using HttpWebRequest object, WebClient object with lots os combinations of post, credentials, streams and even a special user-agent to try and login, without success, I can only download the login page.
Here's the code I'm using to download data at the moment (That's my latest try, using the special header):
string agent = "AGENT"; //Not real name, it's just confidential
WebClient client = new WebClient();
client.Headers["HTTP_USER_AGENT"] = agent;
client.DownloadFileCompleted += new AsyncCompletedEventHandler(DownloadFileCompletedEvtHdl);
client.DownloadProgressChanged += new DownloadProgressChangedEventHandler(DownloadProgressChangedEvtHdl);
if (!Directory.Exists(toSavePath))
{
Directory.CreateDirectory(toSavePath);
}
if (File.Exists(toSavePath + filename))
{
File.Delete(toSavePath + filename);
}
client.DownloadFileAsync(new Uri(url), toSavePath + filename);
The login page is pretty simple, it only assings a click event to the login button to check if the user and password are the same in web.config. If true, got to redirect page, else, error.
So, what's the best method for this? Is there any way to configure IIS7 to skip the authentication on that special user agent or some other custom header? Or I'm going the wrong way?
In rails I could do something like this to make sure a user is authenticated before accessing an action in the controller:
before_filter :checked_logged_in, :only => [:edit, :update]
I was wondering if ASP.NET MVC had something similar or if there was a framework out there that could essentially do something like the following:For certain methods with actions that take a certain parameter, I want to point the action to a method, check to see if the user owns that object, and if so, proceed to the controller action. If not, I want to redirect him to another action where I can show him he has invalid credentials. So basically I am looking for a sort of "before_filter."
In IIS 7.5 server I have a website apps.mydomain.com. Site binding for this website is:
IP: All Unassigned
Port: 80
Host name: apps.mydomain.com
In DNS there is an ip address pointing to apps.mydomain.com. Site comes up fine when browsing to this hostname.
I want to get current windows logged in username from asp.net web apps. I enabled windows authentication and disabled anonymous. Using this ASP.Net code to test:
Response.Write(Page.User.Identity.Name);
However, browsing to http://apps.mydomain.com/site/ the application pool identity shows as the Page.User.Identity.Name value and not the current windows logged in username.
If I browse to http://servername/site/ then Page.User.Identity.Name will return current windows logged in username.
Is there something else I need to configure to get the current windows logged in username when using host header?
web.config:
<?xml version="1.0"?>
<configuration>
<system.web>
<authentication mode="Windows"/>
</system.web>
</configuration>
App pool config (left out "handlers" for brevity, there's a 30000 char limit):
[Code]....
We have an ASP.NET Web App, where we want to provide a link 'Sign in as a different user' on a page. Authentication mode is Windows. Went through a couple of articles (like setting the statuscode =401). We want to authenticate the user, and then redirect him to a specific page (say 'ReviewTask.aspx');
View 2 Replies