I was adding login and logout functionality to my ASP.NET website. While I am able to make the user log in by checking the username and password but on some pages should be available only if he is logged in. I am doing this by storing the user's value in a session
Secondly, I am using a Link button which changes to Logged in as example. So, how does the user log out?
We use windows authentication. User opens our website in tab1 and does some action but with out clicking on save he opens a new tab tab2 and opens the same website again. Now, if the user session in tab1 is active i need to warn users that the he is already logged on to application in some other browser and go to some log out page. But if the user session in tab1 is timed out then he must be able to continue with the website in tab2 as usual, but if he tries to do anything in tab1 he should go to session expired page.
I tried implementing it in following way.
I have a hidden field in each page which will be set to unique Id using GUID.NewID().
when user requests for a page the following code is executed.
[Code]....
I'm debugging some unexpected behavior and while tracing in to the .NET framework I see a bunch of stuff like this:
if (Logging.On) {
Logging.PrintInfo(Logging.Web, this, SR.GetString(SR.net_log_n_certs_after_filtering, filteredCerts.Count));
...
}
But (as expected by default) the execution steps right over these. Is there some way to turn on the logging? Or is that just something that the framework developers can do while making special builds of the framework?
I've been working on my personal website as of late, and even thought it's not a big problem because I'm the only one that sees it, it's annoying nonetheless.
Whenever I go to my login page, it all works fine. If I enter a bad username/password, it will just print a simple text message error(intended). But, if I login correctly, then instead of redirecting to the root of my website as I intend, it will instead create a new tab in firefox and from there it will be in / (which is correct). The problem is why does it create a new tab? I didn't even think forms were capable of such a thing:
My full login page is at [URL] The gist of it is:
<form method="post" target="/login">
Username: <input type="text" name="username" /> <br />
Password: <input type="password" name="password" /> <br />
<input type="submit" name="Submit" />
</form>
And my server side code is also very simple:
if(RouteID=="login"){
if(AuthenticationModule.Login(Form["username"],Form["password"],false)){
//logged in correctly
Response.Redirect("/"); //just go to the root of my site
}else{
Write("You fail at life");
}
}
How does one log in to a website programmatically?I just want to check that the provided username and password of a website is correct or not.
View 1 RepliesWe are bulding an intranet for our company. Just to do things like log support calls, keep details of customers servers, computers etc.
What i want to do is have a table that will record changes for each page. If we have the servers table, if somebody updates the ipaddress i would like it to log the previous value, the date and time, the user that did it, the new value and what table and field they changed. Is this kind of thing possible? i would imagine i would need some code that would execute on the insert command that would programatically insert the details into the changes table.
I recently inherited an asp.net website made up of multiple .aspx and .ascx pages and being rather new to web development and especailly asp.net. I have the site create a cookie upon login to automatically log users back in if the page times out on them while they're entering information.
I need the site to automatically log users out when the site is closed. Obviously using the me.close event on each page won't work because we don't want it to log people out every time they navigate to a new page in the site.
I've tried setting the timeouts in both IIS and in the files of the website to longer but it doesn't seem to have an effect.
Is there an easy way to automatically log users out when they leave the site but not when they navigate from page to page.
I have enabled Logging in my Default website properties. There are around 10 virtual directories (websites) under my default website. For a particular website I need to enable "URI Query" option in Extended Logging Options. I want IIS to log this only for one particular virtual dir and not for the others.
Is there a way that I can exclusively decide logging options for one virtual dir ?
on my website i am running it locally.
When sometimes i try to login or add items to my cart it says connection interrupted but other times its quick.
I am using IIS 7
e.g. i click add cart and it just keeps loading and states
Connection Interrupted
The document contains no data. The network link was interrupted while negotiating a connection.
Shopping cart... why most of the online shopping website can add item to cart even without logging in? how did they do that in asp.net?
View 5 RepliesI'm using MS Enterprise Logging Application Block in an ASP.NET website.
For production launch, I will set up a log listener in one of these locations:
Sql Server database
Windows event log
Text files
Which has the least impact on performance?
NB - I can't switch to Log4Net or ELMAH at this point, so don't suggest that in your response.
I am using standard ASP.net security and want to how I go about prventing the same user from logging in twice.
If the user is already logged in and they log in again what I want to happen is for them to cancel the previous session and log that session out.
Can this be written into the webconfig file as part of the membership profile? I have tried to find this and it does not seem to be possible.
Im building a web application that charges for access on a per user basis. Ive used standard roles and membership for setting up accounts and logging in. I want to ensure that a client cant use the same user details to login more than once
ie if user abc1 is already logged in, someone else cannot login again using the same credentials
FormsAuthentication.RedirectFromLoginPage(txtUser.Text, false); After doing this, the user is logged in with the txtUser.text
But the question now is, how do i retrieve that user name from Authentication or whatever on other pages? is it possible or not?
Because i know that person stays logged in untill he logs out with this code: FormsAuthentication.SignOut();
And one more question i dont know is this one good for this or not how do i better check if the person is typed in correct name and pasword or not, with executescalar or executereader?
I am involved in designing a asp.net webforms application using .NET 3.5. I have a requirement where we need to log exceptions.
What is the best approach for exception handling, given that there would be concurrent users for this application?
Is there a need or possibility to log in exceptions at a user level? My support team in-charge wants to have a feature where the support team can get user specific log files.
To give you a background, this application is currently on VB 6.0 and we are migrating it along with some enhancements. So, today the support personnel have a provision to get user specific log files.
I have a login form from the membership and I am trying to make it so that it would redirect depending on role. I have tried to put this code under login1_loggedin but it didn't seem to work. how can I do this?
View 1 RepliesSo its a ASP.NET problem where two users using the same machine, same browser:
User 1 logs in the domain.
User 1 changes some data without saving it.
User 2 logs in the domain in a separate tab.
User 1 switches back to his tab and saves the data.
User 1 actually saved the data into User 2!!
This is caused by the following mechanism:
Different tabs in the same browser seems to share the same session id.
We are storing user auth in cookie and the cookie is shared between tabs (same domain)
Therefore, when User 1 request to save, it is recognized as User 2 since the cookie has been updated to User 2.
So I'm wondering if there's any other methods to prevent this from happening, other than:
1. Use cookieless session so the session is embedded in uri.
2. Always include a hidden field in page to indicate which user owns the page.
What is the best way to restrict the user from going to the previous page after logging out?
View 2 RepliesI spent a day trying to make Ent Lib Logging work and log anything into database or event log. I have a web application and console application with the same Ent Lib config but only the console application is capable to log into the Event Log. I tried everything with permissions but I don't know what exactly I am doing — which services should have what. It does not work!
I read articles like this[URL] and I want to try to give the ASPNET account those permissions. I am using Windows 7 and I cannot find ASPNET user account. So where is it?
This is the config file which is automatically generated from Ent Lib utility and it works only on App.config, not on web.config:
[code]....
When a user logs in into my website I have a custom membership provider that overrides ValidateUser and verifies that the user has sufficient rights etc.
However, when implementing a 'remember me' function through the default forms authentication using RememberMeSet, I also want to validate a user on the first request.
Is there some hook I can attach to that triggers when a user logs in with their persistent cookie?
I am using asp.net membership and the login control. I would like to prevent a user from logging in with the same use rname if they are already logged in. I would like to place code in the LoggingIn or Authenticate event of the login control to check whether the user is login and prevent them from logging in again. Any ideas on the best way to do this?
View 22 RepliesI am currently using the built in ASP login function... the destinationpageurl of that login function locates to "loginhome.aspx" for all users... but for one specific user ("Admin") it needs to link to "adminhome.aspx"... just wondering whats the best way to do this? Can I change the destinationpageurl of the login function depending on the user or creating an admin role so "If membershiprole = 'Admin' redirect to 'adminhome.aspx' End If" or can I just add some code behind the login function so "If User.login.Name = 'Admin' Then destinationpageurl = 'adminhome.aspx' End If" think I have already tried this on the login1_authenticate event but it didn't work
View 3 RepliesTwo users using the same machine, same browser.
User 1 logs in the domain.
User 1 changes some data without saving it.
User 2 logs in the domain in a separate tab.
User 1 switches back to his tab and saves the data.
User 1 actually saved the data into User 2!!
This is caused by the following mechanism:
Different tabs in the same browser seems to share the same session id. We are storing user auth in cookie and the cookie is shared between tabs (same domain)
Therefore, when User 1 request to save, it is recognized as User 2 since the cookie has been updated to User 2.
So I'm wondering if there's any other methods to prevent this from happening, other than:
1. Use cookieless session so the session is embedded in uri.
2. Always include a hidden field in page to indicate which user owns the page.
I have this web application built. I am using windows authentication for this application. I have to log all the user activity as wells as site activity in this application. I have the below mentioned class established to log some activity regarding the user to an SQL server database table..
[code]....
I would still need to log many other items regarding the user and also the site, like the time spent by the user on the site, no: of currently logged in users on the site. Can anyone here suggest me as to how do I capture those items?? let me know if I am going in the right direction too.....?? If you can provide me with some links on this "user activity logging for windows authenticated applications".
I am looking at how best to prevent a single user account logging on multiple times in a webforms application. I know that MembershipUser.IsOnline exists, but I've read a few forum and blog entries suggesting that this can be unreliable, particularly in scenarios where a user closes a browser (without logging out) and attempts to logon with a different machine or browser.I looked at implementing a last past the post type system; when a user logs on older users are simply kicked off. It seems that FormsAuthentication.Signout() only works for the current user.
View 2 Replies
