Alternatives For Forms Authentication Methods?
Jun 7, 2010
We are developing a web app that will have a pretty complex user and permission system. The general idea is that we have 3 levels of security:
a simple user - that can only access basic data that is in a data repository
a manager - that can open up data repositories
a superuser - that can open up repository factories.
Each repository contains various data types(text, images, etc etc). We are looking for authentication methods that will allow us:
1. Scalability.
2. Customization.
3. To create permissions that will effect the GUI + deny access to certain pages.
4. To create predefined roles - that will allow for easy setup of new users.
5. To create custom roles for specific users - allowing them permission sets that are different from the predefined roles.
View 4 Replies
Similar Messages:
Nov 24, 2010
I am building a sort of administration control panel which is basically just giving the end user the ability to manage the database through my app rather than knowing Management Studio. Creating lists of users, creating events that the users can attend etc, nothing too complex. So I am basically building the whole thing using JQuery AJAX with ASP.Net to make the DB connection and what not. My Jquery code just calls a different static method in my pages code behind for each different task, passing JSON back and forth.
From what I've seen results-wise so far, my interfaces are much quicker (almost instant) and even tasks on the server take less time to return through JQuery. But if you looked at my javascript code, you can see the "Page.aspxMyMethod". That means that people can access my methods just by sending a request from anywhere? Will forms authentication prevent this because it goes through an aspx page or what?
View 2 Replies
Jan 14, 2010
I'm building a new ASP.NET MVC application (in C#) and one of the requirements is to create a new database of members. For this, we'd need roles to manage the different types of members and profiles to manage the additional metadata attached to each member. So far so good, just use the standard MembershipProvider, RoleProvider and ProfileProvider provided as part of the .NET Framework.
However, the catch is that I'd like to allow different authentication methods. I'd like Accounts and Login Credentials to have a one-to-many relationship (one account can have a number of login credentials attached). A user for example, might have both an OpenID and ActiveDirectory account attached to their account.
However, after experimenting with a few ways we opted for the MembershipProvider route (explained how it was achieved as an answer below).
It appears to be something that is achieved on quite a number of sites, yet a search on here doesn't return anything solid to play around with.
EDIT: After looking around for a good period of hours overnight and this morning - I'm still not convincinced that butchering a single MembershipProvider would have been the easiest option. Does having multiple MembershipProviders give the same effect?
BOUNTY EDIT: With no responses, I am assuming that there is no more optimal solution that the one I posted as an answer. Is this really the case? I'm offering a bounty to try and see if anyone has any further thoughts on this and whether there are better alternatives.
BOUNTY ACCEPT EDIT: I think that WIF is the answer as accepted below, for a .NET 4 release and maybe other versions as it probably works with 3.5. Other than that, maybe a butchered MembershipProvider or adapted one may still be relevant.
View 4 Replies
Dec 20, 2010
I am new to ASP.NET development and moreover I am only extending an existing application which i did not create.
I have a working ASP.NET application which uses "Forms authentication" throughout all its pages. I have added a new webservice in a subfolder "webservicesDummy.asmx". This webservice works fine but because it should be called by an external application which can't authenticate through a form, i need to enable "Integrated Windows Authentication (Basic Authentication or Digest Authentication)" ONLY for the subfolder "webservices".
I tried to configure it in IIS but it did not work. So that i can set a different authentication method i have to create the folder "webservices" as an "Application". But if i do so then my function stops working with the error "Could not create type 'Dummy'."
Is it possible to have one web application and to authentication methods ? If yes how is it configured in IIS ?
Or what would be the better way if i need ONLY one page (webservice) to use a different authentication then the rest of my application.
PS: I use Windows 2008 Server and the app runs on .NET Framwork 2.0
View 1 Replies
Jul 23, 2010
public class CacheHelper { /// <summary> /// Removes object with the specified key. /// </summary> /// <param name="key">The key.</param> [code]....
I have this methods for caching..I need to change this methods to use in aDictionary<string,object>
How do I need to change this code Because I am new to asp.net I am still learning..
View 12 Replies
Sep 17, 2010
Are there any other ViewState alternatives? I've heard a lot Like Session, holding the state of some of the page's controls' state and getting destroyed the moment the user leaves the page. I know I'm describing ViewState itself, but I'm looking for a pattern of sorts or suggestions so I can avoid ViewState altogether. An example of how I'm using it is where I'm storing the contents of my grid (A list of ViewModels) to ViewState. This helps to know which entries are dirty, which ones have been modified, their indexes, the currently selected objects, etc.
View 4 Replies
Mar 17, 2010
Currently, I'm using a Table control and manually retrieve data from the database and then dynamically create the Table to display the data. However, I find Table control hard to format/style. GridView looks easier because we have a skin created for gridview which will give a uniform look. But the problem is GridView is designed to work with Data components instead of manually data retrieval.
View 1 Replies
Aug 16, 2010
I have an extension method as follows:
public static class PageExtensions
{
public static int GetUserId(this Page targetPage)
{
var user = Membership.GetUser(targetPage.User.Identity.Name);
return (int)user.ProviderUserKey;
}
}
Now in a page I need to use this method in a static WebMethod, so I have added another 'extension method' to PageExtensions:
public static int GetUserId()
{
return (int)Membership.GetUser(HttpContext.Current.User.Identity.Name).ProviderUserKey;
}
and I call it as follows in my WebMethod: PageExtensions.GetUserId()
View 1 Replies
Sep 16, 2010
I am beginner in web applications development. I started one little project and host it on source forge "https://homoco.svn.sourceforge.net/svnroot/homoco". And I started implementing authentication in this application to learn how it works. From my experience people never use out of the box things so I want to implement this stuff alone (like in real world projects). So some questions:
1) Is there any reason to use membership out of the box? To use database table schema, stored procedures etc. that tool generate for developer. I think that this lower control over code and I decided to implement it my self. I don't know if I am right.
2) Is my approach in this demo project good or bad (if someone have time I like to do just a little code review)? I created database based on business rules. Not using database schema that membership provider require. Extend "MembershipProvider" class to satisfy my needs. Implement queries to database myself.
3) Now, this question is a little wired but I have to ask it. If we make custom Membership Provider and do sql queries alone, implement all MembershipProvider class methods ourselves, and in application use Membership.blabla() why is this approach different from not extending MembershipProvider class and putting all this methods in some unique class and call its methods then? I hope that someone understand what I ask here.
I am sorry for three questions, but I really trying to find the best way to implement this feature in my demo project like it is a real world application.
View 3 Replies
Aug 4, 2010
Im looking for some input on a validation problem i have. My demands for validation are:
1. Able to do database checks
2. Error messages are custom and imported from other localized source as stringvariables(NOT resource files).
3. DRY serverside and clientside validation.
As far as ive seen data annotations dont work well under these cirumstances, custom attributes are needed just to be able to output the strings(wonder why this wasnt thought of). This isnt a dealbreaker but as ive tested sofar custom attributes must be added in the global.asax wich i 1. cannot get to work in the CMS im building this on and 2. i dont want to have to edit the global.asax everytime the scripts are implemented. Serverside this solution works fine though. From what ive read IDataErrorInfo should not be used? So havent really checked how to get this rolling with client-side either.
My thought was using custom service layer validation with xval but documentation is very poor to the extent i could find any(couldnt find any real nfo on how to implement xval with your own code, ie not using the autgened client-side metadata wich leads to the annotation problem described above). So i have a hard time finding any working solution other than to build something 100% custom.
Do anyone have a solution or perhaps some information or can steer me in any direction on the best way to getting this done in a good fashion other than building custom?
View 4 Replies
May 14, 2010
I'm considering purchasing a resharper license but would like to know if there are any possible alternatives to resharper and how would you rate these compared to reharper? It doesn't necessarily have to be a free alternative but I would just like to know how good equivalent products are.
View 8 Replies
Jan 8, 2010
I am looking for an alternative to using UDP multicast on the .NET Framework and am looking for suggestions.I need to send messages to several web servers running quite a few ASP.NET applications. These messages would be one-way only, coming from several different machines. UDP multicast would be perfect except that I can't use it due to it requiring administrative rights. Seehttp://stackoverflow.com/questions/1941463/asp-net-multicast-udpclient-problems for details as to why.Is there something else that would work in a similar manner, allowing multiple applications to receive broadcast-type messages?
View 4 Replies
Jan 25, 2010
I found an interesting discussion here:
[URL]
Quote:
DataSets are sub-par amateur solutions to code your Data layer...Stop Using Them and learn to CODE! :)
What is your opinion of DataSets vs. just stubbing out custom classes and working with those? What are other alternatives?
View 3 Replies
Sep 23, 2010
I'm developing an ASP.NET website that will allow users to view and print Microsoft PowerPoint slides. Right away, I knew that Aspose had a product that would likely allow me to do this. What I'd like to do is look at alternatives just to say to management, "Yes, I've looked at the alternatives and they are". I can't seem to find any other than the open source project on Source Forge which seems to be mostly dead and I'm not even sure if it's something that would meet my needs anyway: [URL]. Is anyone aware of any alternatives to Aspose Slides .NET? Please list them if so. If you are aware there are no decent alternatives, I would find that information useful as well.
View 2 Replies
Apr 5, 2010
In my web application, I have a dynamic query that returns huge data to datatable and this query is often recalled with different parameters. So database is exhausted. I want to get all record with no parameters to an object, and perform queries (may be with linq) on this object. So database will not be exhausted. Which objects can be used instead of datatable?
View 1 Replies
Jun 16, 2010
We're using the MS Chart for .net, but encountering the "image not found" problem for which there doesn't seem to be a solution. Are there any alternatives for generating simple charts?
View 4 Replies
Dec 10, 2010
title isn't as detailed as I hoped but I have a few questions. Traditionally I've always been a mixed mode person, storing PDFs and other things into the file system with pointers from my SQL DB to them.
Recently I've heard more people storing files into the DB directly and wonder if I'm storing files around 100-200MB in size, will I run into a lot of issues? Are there ways to compress the files other than perhaps zipping them up and storing the zip?
Finally, something I've always wondered about but never really found a good work around for... if I decided to continue with the mixed-mode storage solution, and these I need to retrieve these files for use on a website, how do I secure these files so that someone can't just randomly come and retrieve these files off the server by guessing files names, etc?
I did one work around once where I stored a set of PDFs to a non-web directory like c:pdf and setting permissions for the web account to access them. This allowed me to retrieve them using the references in the DB and provide some garbled filename so people couldn't retrieve it themselves but this all seems rather complicated.
View 1 Replies
Jan 11, 2010
recommend any alternatives to the error provider? What are their advantages?
View 1 Replies
Jun 6, 2010
In my experience, web.config files are widely reviled. In particular, I have found them difficult to manage when you have multiple environments to support, and fiddly to update due to the lack of validation at update-time and the verbosity of XML.
View 2 Replies
Nov 1, 2010
BlockUI is throwing some exception when using its demos on IE9 beta.Meanwhile, does anyone know a similar feature in jQuery for showing a "Please wait" message when ASP.NET AJAX is processing?
View 1 Replies
Dec 7, 2010
I have read a lot of posts describing why it isn't good practice to return heavy objects like DataTable/DataSet to the client from WCF. However, there doesn't seem to be much discussion about the alternatives (or maybe I'm not looking in the right forums).
My problem is this: I've tried to convert my DataReader/DataTable into a List<List<string>>, where List<string> represents the data in each row, but get an error at the point when the data is being sent to the client. A simple List<T> or a one-dimensional array gets returned without any problems. But whenever I try to return a collection of collections, there seems to be an issue. I don't know until runtime what my DataReader would look like as different stored procs are called based on user selection from a web form.
What am I missing here. Is WCF not able to handle collection of collections (I know that multi-dimensional arrays are not supported)?
View 1 Replies
Jan 24, 2011
I have a multiple database operation, Have three tables (MSsql) and need to delete one row in each table in one operation, one after another. (Three functions, three rows of code). Everything is working as it should be, recently I was advised to use a transaction scope, which should guarantee the safety of deletion from all 3 tables together.
Here is my new code:
[Code]....
Locally all worked just fine, the transaction scope worked well, but when I have uploaded my application to my hosting server, I got an error of: The partner transaction manager has disabled its support for remote/network transactions. (Exception from HRESULT: 0x8004D025).I talked with the host support, they tried to do something, then I got this error: Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED)).
After a 2 days, They have contacted me, they said it is not possible to disable some restriction, that will allow an access to this operation, because I'm using shared hosting, and I need to upgrade my plan to VPS. VPS is a very expensive for me, and I can't afford it, What I'm looking is a some similar way of doing the same operation as transaction scope do, that may work at my hosting, At least I would like to try something else. Is there any additional way for the transaction scope?
View 1 Replies
Jun 22, 2010
I'm looking at options for rendering PDFs on the server to avoid the user having to download them (they're big docs) and/or have a PDF reader installed and configured (audience is not tech savvy). The Google Viewer and Scribd are nice examples, but I'm not interested in making the PDFs available on the web (for Google) or storing them on another party's servers (Scribd).
My favorites right now are FlexPaper and PDFWebViewer.NET but I wanted to see if I'm missing any other options. Most of the related SO questions on this topic are somewhat dated, so maybe there's something new?
Any other options to check out?
View 7 Replies
Mar 10, 2010
Can you use FluentHTML or other alternatives in an web application user control?
Can you put a markup file in a System.Web.UI.Control like the System.Web.UI.UserControl but without the burden of the Page object?
I would like to reduce the number of lines of the following code:
[code]....
View 2 Replies
Nov 2, 2010
i have a situation where worker process recycling is causing session to expire and loose all the session data. Change to State Server and SQL server seems to be very complicated and impossible beacuse we use third party objects which are non-serializable. We need to let users keep running our ship tracking website for weeks or months beacuse they use it in their lobby and they do not want to touch it again. What alternatives i have if worker process recycles which causes to loose session data. I will need to atleast retain their user id and password to autologin them incase session expires.
View 5 Replies
