I am new in Asp.net MVC but i really like it. I always prefer flexible authentication systems, on the other hand security is very important issue too. So i looked for some sipmle way to store current loged "user id/user name" in server side. I think that "HttpRuntime.Cache" can be a answer. So i write simple test project Of course this code is is not complete.
[Code]....
We are using HttpRuntime.Cache API in an ASP.NET to cache data retrieved from a database.
For this particular application, our database queries feature a LOT of parameters, so our cache keys look something like this:
table=table1;param1=somevalue1;param2=somevalue2;param3=somevalue3;param4=somevalue4;param5=somevalue5;param6=somevalue6... etc...
we have so many parameters that the cache key is several hundred characters long. is there a limit to the length of these cache keys? Internally, it is using a dictionary, so theoretically the lookup time should be constant. However, I wonder if we have potential to run into some performance/memory problem.
I have a website setup like this:
/Web --this is the client facing site /Web/Admin --this is the backend system and is setup as a Virtual Application
I'm using HttpRuntime.Cache for caching calls to the database. What I want to be able to do is clear something that is cached on the /Web site from the /Web/Admin site. It appears though that HttpRuntime.Cache is a single instance per application.
I have a SharePoint 2010 Farm and want to use object caching for my own custom objects.
Since it's an ASP.net Application at it's core, I could use HttpRuntime.Cache. On the other hand, SharePoint 2010 offers it's own SPCache.
Why would I choose SPCache over the HttpRuntime.Cache one?
I am using ASP.NET MVC 3 and am trying to do something that should be really straight forward...
My application uses Forms authentication and that is working perfectly for controllers/actions. For example if I decorate either a controller or an action with the attribute below only members of the administrators group can view them:
[Authorize(Roles="Administrators")]
However I have a folder under the default Scripts folder called Admin. I only want members of the Administrators group to be able to access scripts within this directory so I created a new web.config in the directory with the following inside:
[code]....
However no matter whether a user is a member of the Administrators group or not they receive a 302 Found message and are then redirected to the login page.
If I change the web.config to allow user="*" then it works. It also works if I add an allow users="Username" for a specific user I am testing with.
We have a web application that is storiing all site data in HttpRuntime.Cache. We now need to deploy the application across 2 load balanced web servers. This being the case, each web server will have its own cache, which is not ideal because if a user requests data from webserver1 it will be cached, but there next request might go to webserver2, and the data that their previous request cached won't be available. Is it possible to use a shared-cache provider to share the HttpRuntime.Cache between the two web servers or to replecate the cache between them, so that the same cache will be available on both web servers?
View 4 Replieswhat the default serialization used by the ASP.net HttpRuntime.Cache is? Is it Binary, XML, something else?
I am populating a generic List with multiple objects of the same custom type. The custom type is a POCO, there is nothing special about it. All of its properties are public with { get; set; }, it is public, it has no inheritance, it has no interfaces. In fact it is much less complicated than many other objects which we are caching which work without issue. I have tried adding the [Serializable] attribute to the custom class and it has no effect.
I add the list to the cache with a unique key. The list has been verified as populated before it is inserted into the cache, the objects in the list have been verified as populated as well. But when the list is pulled back out of the cache it is an empty list (NOT NULL), it simply has no items in it. This means that the list is being added to the cache and is retrievable but for some reason the cache is having issues serializing the objects in the list.
I just find this freaky weird since I have another list of custom objects which are much more complicated (consisting of Inheritance, Interfaces, and also containing Properties which are generic lists of other complex objects) and the caching of those lists work without issue.
Both the working and non-working list are being managed in C# classes outside of the ASP.net user controls which consume the cached data. Both of these cache handling classes call the exact same Cache Manager class singleton instance which wraps the HttpRuntime.Cache to provide typed methods for pull and pushing objects into the cache.
Here is the class
[code]....
I've been experimenting with caching objects with HttpRuntime.Cache and I was generally under the impression that if I "added" something to the cache like this:
HttpRuntime.Cache.Insert("Test", "This is a test!", null,
Cache.NoAbsoluteExpiration, Cache.NoSlidingExpiration,
CacheItemPriority.NotRemovable, new CacheItemRemovedCallback(FileChanged));
that the "NotRemovable" and "NoExpiration" flags would keep the object in-memory for the duration of the application. But was finding that at the end of certain page requests, the HttpRuntime.Cache would be completely empty!
Tracing thru and setting a breakpoint inside my Callback "FileChanged" I could see that indeed something was "removing" my object (and every other object in the cache), but I couldn't figure out why. So eventually, I started disabling other things that I thought might affect this subsystem.
Eventually, I commented out the line:
WebConfigurationManager.OpenWebConfiguration("~").Save;
I had been mostly retrieving data from "web.config" in the AppSettings region, but occasionally writing back to AppSettings and saving the changes using the above command. I knew from reading that the "web.config" is cached, but saving my changes back to it shouldn't flush all of HttpRuntime.Cache, right?
EDIT:
I've made this super reproducible if wants to try this on their own machine. (I'm running VS2008 Pro w/ MVC2 targeting .NET 3.5) Just start up a new MVC2 project and paste the following into the HomeController over whatever is already there:
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.Mvc;
using System.Web.Configuration;
using System.Configuration;........
Start-up the app in debug mode. Click on the "About" link. This loads a string into the Cache. Click on the "Home" link. String is pulled from the Cache and stuck in ViewMessage dictionary. Some key/value pair is written to web.config and saved. String from cache should appear on the Home page. Click on the "Home" link again. String should be pulled from the cache, but it's not. Stop program. Comment out the 3 lines that start with "Config". Restart the program. Try steps 1 thru 4 again. Notice how the HttpRuntime.Cache has not been emptied.
My servers are behind F5 load balancer, I wanna use HttpRuntime.Cache in my web application but I didn't find out the way for to use that method for those using network load balancing server. Or can we store that HttpRuntime.Cache to sql server like the session we do in web.config file?
View 4 RepliesI am trying to remove the cache using the HttpRuntime.Cache.Remove(key) but invain. I wonder what are the best practices for using HttpRuntime.Cache.
View 2 Replieswas wondering how do I make it so when a user goes to a page its only displayed if he is logged in and secure, but if he is not logged in he is redirected to the login page?
View 4 RepliesIam using forms authentication in asp.net Application,i want to make pages accessible depending upon roles defined in database. for eg there are three rolesdefined in database salary admin, manager, Clerk. i want a page salary.aspx can be accessed only by salary admin and not any other roles.
View 1 RepliesI have the usual requirement of implementing Authentication and Authorization. I used to implement it using custom code where I have Users, Roles, Role_Pages, User_Pages, and User_Roles. So this way we can give a certain user roles (that group multiple pages) and/or directly define access to certain pages. All that with the ability to specify fine grained permissions like the ability to Add/Edit/Delete records in those pages.
My question: How easy is it to implement this using Forms Authentication and what advantage does that give over implementing a custom solution. I am also concerned with knowing if there would be any advantage when it comes to securing from session hijacking and against spoofing where an attacker could replay requests and impersonate legit users. Would Forms Authentication have any advantage there, or is it only SSL that can secure against that (which makes both approaches equal in that regard).
What is the authentication mode available in ASP.NET? How do you set authentication mode in the ASP.NET application? How do you provide secured communication in ASP.NET? List out the difference between windows authentication and form authentication. ?
View 3 Replies'm using Visual studio 2005 with C# on .NET framework 2.0.. I am implementing forms authentication in this project but the problem is when I'm on registration form ( outside login) and try to open any window on that form using java script (window. open) it redirects me to login page. How should i tackle this problem?
View 1 RepliesI'm using Forms authentication in ASP.NET MVC website and I store user account login name in AuthCookie like this: FormsAuthentication.SetAuthCookie(account.Login, false); I want to ask if there is a possibility that user on client side will somehow manage to change his login name in AuthCookie and thus he will be for example impersonated as someone with higher privileges and authorized to do more actions than he is normally supposed to have. Also is it better to save in this cookie user account login name or user account ID number?
View 3 RepliesI'm using Visual studio 2005 with C# on .NET framework 2.0.. I am implementing forms authentication in this project but the problem is when I'm on registration form ( outside login) and try to open any window on that form using java script (window. open) it redirects me to login page. How should i tackle this problem??
View 1 RepliesI am building an intranet website. And I am still unsure of how to implement the security of the website. I am using ASP.NET MVC 3.
Anyone in the company can access the website. It is a recognition system where you can nominate an employee for an award. Currently I am not using any type of authentication. I have a roles table that contains roles and an association table that specifies which user contain what roles, these roles are mainly administrator-type roles. If a user does belong in these roles then he/she can still access various parts of the website.
Would I need to use the built-in membership for this? Or would I need to create a custom membership for this? We don't use a login page. If the user does not have roles to access a view then he/she is redirected to another page.
We use IIS to do our authentication. Is this the same as Windows authentication? I have the roles table used for authorisation.
best Sample for Authentication and Authorization in Asp.Net.
View 3 RepliesWhat are different types of authentication and authorization and how to use authentication and authorization in asp.net.
View 1 Repliesi need clear expition for authentication and authorization in .net
View 3 RepliesI've just run into one of the problems of using the integrated dev server (Cassini) in VS and would like to see if there are any solutions.We're using asp.net authentication to secure the site. However, Cassini runs in integrated pipeline mode, meaning that requests for all files go through the asp.net isapi. The result of this is that it's securing files that would otherwise not be secured in a production environment (.htm .js .css etc..).
Now I understand that we can run the project on a local IIS instance, but we would like to avoid this if possible. But, because of the problem above, this is looking like the only solution.Does anybody have any ideas about how to get Cassini working with authentication that can be easily moved to a production environment when ready. (I'd also like to avoid having a different development web.config that specifically allows access to these files).
I've been through the sample application in Steven Sanderson's "Pro ASP.NET MVC2 Framework". I've learned a lot and am now trying my hand at some of the concepts.So, I'm trying to make the Forms Authentication and Authorization work using Ninject DI. I believe I have the concepts correct (maybe) however, I'm having troubles with creating the correct interface for the FormsAuthentication ASP.NET class. Since the code is in ASP.NET and not MVC I do not have access to the class in order to build the interface.I want to use the built in Forms classes to take advantage of the authorization filters, etc.So, my question is this:1. Are there any examples out there that encapsulate Forms Authentication/Authorization?2. Is this a fools errand?. Are there better solutions than the built-in Forms solutions that still offer the authorization filters, etc?
View 4 RepliesI have an old website running fine in Classic ASP with large customer base registered onto the site. The current site allows users to have their own user name(unique) registered against an ID assigned to them. They can change the User name later as well provided it is still Unique in the database(Database is SQLServer2005).
The Problem: Now i want to move the website to .NET and want to use the .NET Membership. I know how to create the database structure in SQL Server through aspnet_regsql script but my problem is how should i import the existing username and passwords as the password stored in MembershipDB is Hashed (salt). Also i might want to allow admins to impersonate as users later.
I am using asp.net authentication and authorization with form authentication for my web application.
When I create a new user using asp.net create user control,the newly create user automatically gets logged in,the already logged users looses his session.
Don't know why this is happening.Is there some setting for this?