How To Use A MembershipProvider To Carry Over Users' Session Data Stored In Cookies Set By ColdFusion
Feb 15, 2011
I'm working on adding a new webapp to an existing website. I've been directed to write the webapp in ASP.NET. The existing website is written in ColdFusion. For the most part, the ASP.NET webapp is completely stand-alone, but it needs to interact with the ColdFusion code in one important way - if somebody logs in to the ColdFusion site, we don't want them to have to log in again when visiting an ASP.NET page.
When someone logs in to the ColdFusion site, their username is stored in a cookie, along with a login token that can be looked up in our database. My .NET is a little rusty, so I'm having trouble visualizing how the ASP.NET code should use this data. I've already written a simple MembershipProvider that can be used to log in/out out the ASP.NET app using the data in our existing database tables, which are shared with the ColdFusion code.
What I'd like to know is - how can I make sure the ASP.NET app detects the cookies set by the ColdFusion app (I imagine they'd be sent to the ASP.NET pages, since everything is hosted on one domain), and automatically logs the user in using the MembershipProvider and Forms Authentication, using the credentials supplied in the cookie? I'm thinking that putting some kind of cookie check and log in function in the Global.asax file, set to run every page load for every page... but that seems kind of clunky. Also, do people still use the Global.asax file anyway? I had thought there was a more modern method.... Also, how can I manually log someone in using Forms Authentication and a custom membership provider? Currently my code allows the user to log in using the provided login control, but I'm not sure how to log the user in without them having to do anything.Looking over the MembershipProvider tutorials and the MSDN documentation it seems to me like the answer should be staring me in the face, but for some reason I just can't see it. Maybe not enough coffee....
I have two application (one of this is mojo portal): [URL] for some users when they login into "app" then the login in "mojo" doesn't work and viceversa. I've set the machinekey into web.config file. When the users remove all cookies and session data the login works again. The two application are into a Web Farm. Should be ARR the problem?
Does Forms Authentication require that cookies be enabled to use MembershipProvider and RoleProvider? If so, can anyone tell me the minimum security level I need to tel clients to use.
I am using Microsoft's MVC design pattern and I have a method in my controller, which sets the data source of a gridview. Whilst I can bind all the other values in the gridview, I am stuck setting 4 hyperlinks. The hyperlinks need to work in the explanation given in the link below: [URL]for forcing downloads to keep the location of where files are saved to private, which I want set in the controller.
To fully explain what I am doing, in my controller for the gridview, I am setting the gridview's data source using ICollection, which is an object containing results from a query. From this collection, I extract a value which has the name of a folder which contains a number files. So, what I have done is to cast my collection to a object, to get folder name and then use a foreach loop to get each folder name. Then to get the files inside each folder, I use Directory.GetFiles, which returns a string array - I wrote string[] files = Directory.GetFiles(ConfigurationManager.appsettings["filepath"]+folderName); . I have set 4 properties for each Hyperlink I want to set.
It is at this point where I am stuck, because even though I can get to the files, I am unable to set the Hyperlinks to these files. Each time I try an set the NavigateUrl property, I get the error message Object not set to an instance of an object. Plus, I have two other issues to resolve:1) Even though there are 4 hyperlinks, not every hyperlink will be set. In other words, if there are only two files in the folder, I only want to set the appropriate hyperlinks. So, how can I iterate through the string array, and get each value inside the array to do a check?2) When I set my Hyperlinks in my controller, how do I simply pass the file and keep the file's actual storage location hidden as given in the link [URL]
We are in the process of refactoring from cf to .net, so, I am working on the Login page and converting it from cf to .net. So, when I am autheticated and enter into our website, I need to redirect it to a cfm page (just temporary, since we will be refactoring that also eventually).
So, I am autheticated (using CustomMembership Provider model for sql server) and then when I redirect to the cfm, the app.cfm should validate the .net session variables. Here is where i am stuck:
I have the .net session variables in the aspx side:something like Session["UserId"].ToString() = Value from a login txt box (also authenticated against data in the database)
Session["UserName"].ToString() = Value from the db corresponding to the User Name entered in the text box.
So, now I have all the session variables in the .net side. Now, how do I retreive these .net session in the cf side? Any small peice of code to retrive the asp.net session variable in the application.cfm side would be great.
I have some problems with getting my website to log out the authenticated user automatically when the session ends (the user closes the browser).
This is what I have in my web.config:
[code]...
When I close the browser, the user is still logged in. How do I make the website forget the user through an option, so the user himself can decide if the website should remember or not?
I want to save some info in the Session when the users successfully logins with my custom MembershipProvider, but I have no access to the Session in the provider's ValidateUser method.
public class CustomMembershipProvider : MembershipProvider { /* Override other methods and properties here */ public override bool ValidateUser(string username, string password) { /* do something to validate the username and password * and set the validUser variable */ if (validUser) { /* want to store some info in the Session here, but I can't access * it here, because this is not a Page */ } return validUser; } }
Is it possible to use mixed cookieless sessions with cookie sessions? I've an application that captured user details and then redirect for payment to an ssl page. I was wondering if this is possible? [URL] redirects to [URL] Note: the session Id in the latter url. So in essence, we use the standard cookie session for the majority of the application but when we transfer to an ssl page we pass the SessionId to the https url to pick up the session. I've tried this locally but it starts a new session.
I've a code to persist information in cookies about users like UserName and password.
Question is:
Its not secure to store information like that plain text in cookies.My DB store hashed passwords,so i could save those hashs in cookies and retrieve them later,but if i do that i wouldnt be able to fill password's textbox cause the hash string would be too long for it.
I am using ASP.NET profiles with allowAnonymous="true". I am NOT using ASP.NET membership. I recently took a hard look at the aspnetdb database and noticed that although my site gets 600-800 unique visitors daily, there are 4000-5000 "users" being created in the database.
Clearly what is happening here is the users with cookies disabled end up creating a record for every request.
My question: How do I prevent user and profile database records from being created if the client doesn't support cookies or has them disabled?
We're converting from ColdFusion to ASP.NET 4.0 and we just don't know which route to take with setting up our classes.
In college I was taught to break everything up into separate Data Access Classes and Entity Classes that speak to the DAC. To me, that's the best option for a team that needs a lot of control over their classes and needs to reuse multiple items.
Then there is LINQ... Sure.. It's great and fast! I have no problems writing my own queries though. To me, it's not something I really need.
I would think we should be using folders that contain our DAClasses and folders that contain our Entity Classes. Then we would have our actual .aspx presentation pages.
i add selected product in shoppingbasket. i add name,price, count etc. i also want to add product's image in shoppingbasket. i show products on datalist. and i show name,price etc in labels. and i show product image in a image object. how can i add a product image in my shoppingbasket class.
I have a FormView in InsertItem that contains one DropDownList linked to a Table Datasource to display ItemCodes. In that "lookup" table I also have a Retail and Cost field.When the user selects the item from the drop down, how can I have these to field carry over into my new record that is being inserted. The new record also has a Retail and Cost field that are TextBoxes.Basically I am populating the new fields with the default values from the DropDownList.
I want to use session object in my web app.I want to store some cookies too(Some custom informations) .How can i use both without the URL not being modified like [URL]
In my ASP.NET page,I am setting some session variable
Session["customerId"]="Some name";
Then i am trying to set some value in cookie
[code]....
In this page now i can access the sesion variable values,But when i m being Redirected to another asp.net page, I am not getting my session values there.Its seems like Its being lossed.
I am trying to make ActionFilter which redirects banned users to /Error/NoAccess site, so I have ActionFilter:
[Code]....
Before each public class xxxxxxController : Controller I use [NoBannedUsersActionFilter]. But for example on website /Account/LogOff I have error: 'Server cannot modify cookies after HTTP headers have been sent.' and VisualStudio shows me AccountModel.css file and this method:
Am trying to design login page for my website and I am looking for methods other than forms authentication. The way in which I am trying is to have a table in the database that stores user information and check for the user validity.
The point where I get struck is how do i set cookies and session variables and how will I carry it through out the system. Can anyone tell/suggest me where I can relevant material so as to move forward. And also is my idea of negating traditional forms authentication and going for a model I described, is it good also does any other better method exist?
my main concern is using Session. I've always been under the impression that if you use the following statements (not that I would):
Session["newVar1"] = "a new session variable"; Session["newVar2"] = "a new session variable"; Session["newVar3"] = aLargeVariableThatHoldsLotsOfData;
You would be creating 3 new session cookies that hold the particular value. But I think my asp book is indicating that you would actually create 3 new variables in your session state object and ASP would only pass a unique Session ID (as a cookie?) in the response, and would get this ID upon the next request and associate that ID with your Session State Object (that IIS has stored in memory..?):
[code]....
That doesn't seem ideal for a website with lots of traffic. A server that is storing and maintaining thousands and thousands of instances of session state per website seems like way too much overload. I'm trying to see what's going on on my own, but I'm having trouble.. I can't find my site's cookies anywhere on my machine (IE/windows xp). I've checked C:Documents and Settings icholasrCookies and C:Documents and Settings icholasrLocal SettingsTemporary Internet Files which, according to this yahoo answer, IE cookies are stored as well. I'm using ticket authentication in my app which stores a auth cookie on the client, so a cookie from my site has to be somewhere..
