how to write/implement custom authorization filter , i am using my own custom Authentication module and roles and not ASP.net forms authentication and have my user and role information in my sessions...
say Session["role"] = "Admin" or Session["role"] = "User"
how can i write custom filter to prevent users to access certain functionalities i.e Controller actions.
I have used standard asp.net roles and membership provider in my asp.net mvc project. The resources like creating an employee and setting its role can only be done by administrator. Now at first delivery of software to client, there will be no user, i want to implement a functionality where if there are no users in the system user can directly create new employee and assign roles without logging in. Once the roles are assigned user will have to log in to access authorized resources. Can i implement custom action filters that will assist me in implementing this functionality? How can i impelment this functionality?
View 1 RepliesIn securing actions/controllers, do I have to create a custom filter or use MVC built-in filter?
To use the built-in attribute Authorize() on an action/controller or create a separate class that inherits the ActionFilterAttribute which has a method (OnActionExecuting) to override and do the authentication there?
best Sample for Authentication and Authorization in Asp.Net.
View 3 RepliesIs there to implement roles authorization on those ActionLinks?
View 5 RepliesI want to create a single custom authorization attribute to be added to controller actions that require authenticated users.
My first shot at this, so I may have it all wrong
Got 3 Roles which corresponds to 3 Areas in my application (Client app, so I'll just call them RoleOne, RoleTwo, RoleThree and AreaOne, AreaTwo, AreaThree).
Each area have similiar (to a point) views and actions, like Sign Up, Area specific home, etc.
In the attribute I want to determine the current area, controller and action. Then I just add code like:
If not logged in, and in AreaOne, go to AreaOne Signup (etc)If logged in as RoleOne, and AreaOne Home is requested, go there, but if AreaTwo Home is requested ,go to AreaTwo Signup So in my attribute class I need to determine the current area, controller and action, and see what kind of user we have logged in (if any)
Using ActionExecutingContext it seems I can determine the contoller and action method names, however I cannot find the Area name, and altered the attribute to be called like this:
[Code]....
why i can't write a sql filter by chinese character like the following select name from ABC where name like ' %可%'
View 1 RepliesI have built a custom control. when i add this custom control in my page twice or more then the it write only one time of its render contest data.
View 4 RepliesI would like to implement LINQ IN ASP.NET for filter required data from datatable. I have doubt that what is right place. I have following options
At presentation layer *.aspx.cs
At our Business layer.
At our Data base layer, where query for database happen which is return as a datatable to business layer. Business layer then return the result to presentation layer.right place for LINQ because now i have to further filter data from datatable as per user selecter filters.
I create custom principal for implement logic for users. In identity I store Id, Name. But it abnormally - this classes must use for authenticate and authorize.
I can implement custom MembershipUser, custom Roles and Membership provider.
How to do it? What best practices are?
I've just started a small ASP.NET web application. In this project, I need to authenticate the users with Active Directory. I managed to authenticate the users successfully with Active Directory. But with Authorization with Custom Role Provider, I'm so confused. You see, the user name and password are stored in AD. So, my approach is that after the LoggedIn event of the Login Control, I check if UserName is not yet stored in the Users table yet, then I will store the UserName there. Finally, I have all the UserName of the AD users store in the Users table so I can assign Roles to the users. see my tables diagram below:
Let's say I assign UserA to RoleOne. After he logs in successfully, I do some query to look for his Roles.
Where do I keep the Role ticket? In the Cookie or in the session? How does the authorization of ASP.NET role provider work? I want to store the authorization ticket like ASP.NET role prover does too.
I have a custom authorization attribute, that basically check if the current user's role is equals to the current area name, and if not, redirect them to the signup view in that requested area. (dummy role provider at this this stage, therefor check it against the user's name at the moment)
It runs fine (IIS) but when I debug it I can see a Security Exception are being thrown by the code
The code:
[Code]....
I have read your article from aspsnippets.com about custom paging it really work, but there are a problem that if there are more record in database (2000 to 5000) than number of page index will be goes in large number. like 1 to 200, any way which can divide it like 12345678910...2000.
View 1 RepliesI've just started a small ASP.NET web application. In this project, I need to authenticate the users with Active Driectory. I managed to authenticate the users successfully with Active Directory. But with Authorization with Custom Role Provider, I'm so confused.You see, the user name and password are stored in AD. So, my approach is that after the LoggedIn event of the Login Control, I check if UserName is not yet stored in the Users table yet, then I will store the UserName there. Eventually, I have all the UserName of the AD users store in the Users table so I can assign Roles to the users.
Let's say I assigned UserA to RoleOne. After he logs in successfully, I do some query to look for his Roles.
Where do I keep the Role ticket? In the Cookie or in the session? How does the authorization of ASP.NET role provider work? I want to store the authentication ticket like ASP.NET role prover does too.
how to implement a filter feature like this? What Ajax or JQuery controls can be used for this (if any)?
Here is an example of how the UI might look like:
See the Exchange Management Console image:
[URL]
Here is the spec:
The ASP.NET page has a "Filter" component and a "Apply Filter" button. The "Filter" component consists of 4 UI controls as below:
1. A dropdown list with prepopulated values like "Name", "Department", "Building", "Email Address".
2. A dropdown list with four operators - "Equal", "Not Equal", "Like", and "Not Like"
3. This is a dynamic control. It could be a textbox or a dropdown list. If the user chooses "Name" from the first UI control, the third UI control will become a Textbox. If the user chooses "Department" from the first UI control, the third UI control will become a dropdown list with all departments within this company pre-populated.
4. A button with AND expression. If the user clicks this button, one more Filter component will be created.
One possible user case is like this:
ASP.NET: when the page is loaded, it displays one Filter component (3 UI controls and a AND button), a "Apply Filter" button, and an empty "Filter Result" data grid.
I asked a question similarly, but the outcome was pretty messy and I was having difficulties populating so I'm trying to go at from a different angle: [URL]
I have a table which stores steps in a process. Some companies only have 6 steps while others have 15, so I created a table with 15 different slots for steps. What I would like to do is set up a control that displays each step in its own row with a label next to it saying "Step '#'", and not in an adjacent column. I'd also like for it to not display any blank rows. If they are entering the step instructions, I would want for them to have to press a button that would add a row so that they aren't just given 15 empty text boxes to fill in.
What would be the best control to do this in, and how would I get started in setting it up?
I am using ASP.NET MVC 3 and am trying to do something that should be really straight forward...
My application uses Forms authentication and that is working perfectly for controllers/actions. For example if I decorate either a controller or an action with the attribute below only members of the administrators group can view them:
[Authorize(Roles="Administrators")]
However I have a folder under the default Scripts folder called Admin. I only want members of the Administrators group to be able to access scripts within this directory so I created a new web.config in the directory with the following inside:
[code]....
However no matter whether a user is a member of the Administrators group or not they receive a 302 Found message and are then redirected to the login page.
If I change the web.config to allow user="*" then it works. It also works if I add an allow users="Username" for a specific user I am testing with.
When a user attempts to directly visit the url admin.aspx, and they are not an admin, they are redirected to the login page. However, the user then attempts to visit ViewWeek.aspx, it indicates that they are still logged in. Why does this ASP.NET authorization boot the user to the login screen, yet keep the user logged in? I'd rather it just direct the user to the default URL specified in the forms tag.
Here's my Forms Authentication:
<authentication mode="Forms">
<forms name=".ASPXFORMSAUTH" defaultUrl="ViewWeek.aspx" timeout="50000000" />
</authentication>
How to handle Application_BeginRequest using a custom filter in asp.net mvc?
I want to restore session only for one route (~/my-url).
It would be cool, if I could create a custom filter and handle that.
protected void Application_BeginRequest(object sender, EventArgs e)
{
var context = HttpContext.Current; [code]......
I have a custom actionfilter that strips out the whitespaces before the html is rendered in browser and it is working fine. However I have been unable to unit test the custom action filter. Ideally I want to do an assert on the sample html that all whitespaces have been removed. Code looks something like this.
[Code]....
I'm trying to implement a custom filter template for all text based searches and running into problems constructing the query. I've been following the instructions posted on this blog but not sure how change the GetQueryable method to perform a WHERE columnAttribute LIKE '%something%'query. In the example on the blog the expression is an equality which works if the text I enter exactly matches the text in the database column.
At the moment I'm using the new QueryExtender feature along with the SearchExpression control but this requires creating several custom pages for all the tables I need text search functionality for. I would like to DRY this up by creating the custom filter template.
I am using a GridView to display data where one of the data columns has type DateTimeOffset. In order to display dates & times in the user's timezone, I save the user's timezone preference to his or her profile (property value key "TimezoneOffset"), and need to access it when formatting dates & times.
If I were to use templatefield, then I would need to write:
[code]....
but whereas the article sets the Text property of the TableCell instance, I would like to render a partial view into the table cell. Is that possible?
I Would like to write a custom regular expression where the format is like XYZ-ABC-001 where XYZ is fixed, ABC is variable (it can be any three characters between A-Z )001 is variable (it can be any number between 0-9)
View 2 RepliesI try to implement a Custom MembershipPriver with a Custom MemberShipUser in my own database (with a specifics Users Table Model) : This is ly diffent files:
iTwitterMembershipProvider.cs
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.Security;
using System.Collections.Specialized;
using iTwitter.Models;
public class iTwitterMembershipProvider : MembershipProvider
{
public override string ApplicationName
{
get { return _ApplicationName; }
set { _ApplicationName = value; }
}
public override bool ChangePassword(string username, string oldPassword, string newPassword)
{
throw new NotImplementedException();
}
public override bool ChangePasswordQuestionAndAnswer(string username, string password, string newPasswordQuestion, string newPasswordAnswer)
{
return false;
}
public override iTwitterMembershipUser CreateUser(string login,
string password,
string email,
string tokenKey,
string tokenSecret,
string twitterUserId,
object providerUserKey,
out MembershipCreateStatus status)
{
ValidatePasswordEventArgs args = new ValidatePasswordEventArgs(login,
password,
true);
[Code.....]
How do I implement a custom 404 page on Sitefinity 3.5 using ASP.NET?
View 1 Replies
