MVC :: Using DataAnnotations To Validate Creation Of A New Admin User?
Aug 10, 2010
I'm using DataAnnotations to validate creation of a new Admin user. However on EDIT page I want to have password and confirm password fields blank. This way i know that password has not changed. However whenever I EDIT a user I get ModelState.IsValid = false because password and confirm password are blank even though I set these in my controller. how would i fix this so that on EDIT screen I can omit "Required" validation?
My problem is that when i do a tryupdatemodel it validate the ParentCategory aswell, is it really suppose to do that? How could i avoid this, I tried [Bind(Excluede = "ParentCategory)] in the ActionResult but with no luck. I have looked all over the place with no luck everybody just got the Id problem.
I found a great answer on SO describing how to set up custom user roles, and I've done the same in my project. So in my Login service I have:
public ActionResult Login() { // password authentication stuff omitted here var roles = GetRoles(user.Type); // returns a string e.g. "admin,user" var authTicket = new FormsAuthenticationTicket( 1, userName, DateTime.Now, DateTime.Now.AddMinutes(20), // expiry false, roles, "/"); var cookie = new HttpCookie(FormsAuthentication.FormsCookieName, FormsAuthentication.Encrypt(authTicket)); Response.Cookies.Add(cookie); return new XmlResult(xmlDoc); // don't worry so much about this - returns XML as ActionResult } And in Global.asax.cs, I have (copied verbatim from the other answer): protected void Application_AuthenticateRequest(Object sender, EventArgs e) { var authCookie = Context.Request.Cookies[FormsAuthentication.FormsCookieName]; if (authCookie != null) { var authTicket = FormsAuthentication.Decrypt(authCookie.Value); var roles = authTicket.UserData.Split(new Char[] { ',' }); var userPrincipal = new GenericPrincipal(new GenericIdentity(authTicket.Name), roles); Context.User = userPrincipal; } } Then, in my ServicesController class, I have: [Authorize(Roles = "admin")] //[Authorize] public ActionResult DoAdminStuff() { ... }
I login as a user with the "admin" role, and that works. Then I call /services/doadminstuff - and I get access denied, even though when I put a breakpoint in Global.asax.cs, I can see that my roles do include "admin". If I comment out the first Authorize attribute (with roles) and just use a plain vanilla Authorize, then I can access the service.
This is what I have in the RegisterUser.aspx and yet when the admin registers a new user, then on clickiing the register button, the site logs in as the user who was just created.
My understanding of Factory Method Pattern is (Correct me if i am wrong) Factory Method Pattern "Factory Method allow the client to delegates the product creation (Instance Creation) to the subclass". There are two situation in which we can go for creating Factory Method pattern.
(i) When the client is restricted to the product (Instance) creation.
(ii) There are multiple products available.But a decision to be made which product instance need to be returned. If you want to create Abstract Method pattern
You need to have abstract product Concrete Product Factory Method to return the appropriate product.
public enum ORMChoice { L2SQL, EFM, LS, Sonic } //Abstract Product public interface IProduct { void ProductTaken(); } //Concrete Product public class LinqtoSql : IProduct { public void ProductTaken() { Console.WriteLine("OR Mapping Taken:LinqtoSql"); } } //concrete product public class Subsonic : IProduct { public void ProductTaken() { Console.WriteLine("OR Mapping Taken:Subsonic"); } } //concrete product public class EntityFramework : IProduct { public void ProductTaken() { Console.WriteLine("OR Mapping Taken:EntityFramework"); } } //concrete product public class LightSpeed : IProduct { public void ProductTaken() { Console.WriteLine("OR Mapping Taken :LightSpeed"); } } public class Creator { //Factory Method public IProduct ReturnORTool(ORMChoice choice) { switch (choice) { case ORMChoice.EFM:return new EntityFramework(); break; case ORMChoice.L2SQL:return new LinqtoSql(); break; case ORMChoice.LS:return new LightSpeed(); break; case ORMChoice.Sonic:return new Subsonic(); break; default: return null; } } } **Client** Button_Click() { Creator c = new Creator(); IProduct p = c.ReturnORTool(ORMChoice.L2SQL); p.ProductTaken(); }
I have made an asp.net 3.5 website where I am using the membership in order to generate users. I have used the CreateUser Wizard that is available with the ToolBox . The problem which I am facing is that as a Person Completes his registration and redirected to the Default Page, He is automatically Logged Into the website. I dont know how is it possible to skip this step. Pls suggest so that after the registration the user need to go to the login page and use the Login Control in order to Log into the site.
I have a page setup to manage and create users.. in order to help the process of creation, i woudl like to add the new users to our default "users" role when they click the create button. Below is what is in place for the creation page and the button event tied to the button. I used this from a tutorial i found else where, but dont have the link at the moment if anyone needed it.. but the code below works great when creating a new user
I have a user creation form. and want so they automatically receive a username and password when I have approved their profile. right now I only have user creation. How can I do this?
sing a SqlMembershipProviderI like to manualy register new users and to save mutch more data from them in a separate table.since these tables are liked with the UserID generated by the SQL MembershipProvider I want to login the new user after he is added to the membership system.
I am wanting to use the User Creation Wizard and also be able to select the Role of that user. In this applicaiton. I will be creating or my backup person will be creating our users. We will only have a few users and I want to make it so I can create the user and select there role thru the application.Can I use the User Creation Wizard and add to it the ablity to select the roles perhaps show all my rolles as check boxes and just check the ones I need. Currently I only have 3 my CoOp, MACED, Admin most of these are going to be either CoOp or Maced there will be a couple that have both Admin and Maced roles.
i use the CreateUserWizard in order to create users. Asp.net generates automatically a password which is sent to the user by email.
The emailaddress must be like this: firstname.name@ourdomain.be . If 'firstname.name' doesn't exist in our Exchange server ('ourdomain.be'), then:
1) the user is still created 2) the message page with: 'Mailbox unavailable. The server response was: 5.1.1 User unknown' appears
E.g: if user John Wayne introduces by error Jhn.Wayne@ourdomain.be , then this user must not be created, and only a simple Alert-message must appear.
I tried a lot of Try / Catch / Endtry but all my attempts fail: the user is always created and the whole message page appears. I also tried with CreateUserWizard1_SendMailError sub.1
Is there a way to run an SQL statement (or stored procedure) at the successful completion of a Create User process?I'd like a user to be able to create their login profile and upon completion automatically run a SQL statement to pre-populate some other tables.I'm using 3.5 and the have a create user wizard control on my page. I'm working in VB, and am a bit of a n00b with it.I'm thinking I need an onClick somewhere, but frankly I'm not sure how to go about writing it.
In our project, we have a situation where the administrator needs to 'force log off' a particular user under certain conditions. In other words, the admin user needs to have the ability to kill any other user's session.Is this possible? By using the session properties, we can kill the current session (the current user's session) but is it possible (for the admin user) to kill some other user's session?
I am currently trying to figure out how to best go about implementing an administration side for my application.I have a user site, where users can log in, customize their profile, submit information etc.I would like administration users to be able to log in and be able to choose from a list of users. From there, the administrator can submit information for the user just like the user can.
How should my pages be laid out?How should the Web.sitemap file look? Is there a nice way of creating a sitemap (maybe in memory?)Would this method have to use session variables?
have table for users have a some attribute one of them admin attribute have a bit data type when the user is admin it is true and i have ligin page and control panal page i want throw login page check for the user to redirect him to control panal if the user is admin the control panal will be displayed with moreoptions any one how can i doing this with select statement
i am currently checking to see if the logged in person is an admin, by putting a check in the page_load function. (same thing to see if the person is logged in at all)
is there a better way to do this? or should i just go ahead and put my check on every single page?
I am creating a web application using Form Authentication of Asp.Net with C# and back end Sql Server. Here in my application administrator login and creates new users. I am using the create user wizard under login controls. My problem is when the new user is created by Admin he is automatically logged out and logged in with new user credentials which he has just created.
I am using SQL membership authentication and SQL Database for my ASP.NET Website and its using for my Organization (has multiple Branches in different cities).How I can get all user list which are recently online/Login in my system (WebSite) in my Admin Panel?
In my project I have one folder called Administration (contains pages created for administrating the public part of the page) and in root I have public pages. What I want to do is to prevent anyone beside administrator to enter the Administration part and to make the Administration/Login.aspx default page for entering Administration part. This part makes me confused. I tried to create the access rules, but that wasn't the option because I upload the images to the Administration/Upload folder so if I deny the users the images on the public part can't be accessed.
The second problem I don't know how to solve is public part of the page where I want to allow commenting only to logged in users (users only, not the admin). How to check if user is logged in and authetificated and how to enable the commenting part of the form to him (textbox and submit button).
I'm trying to create a database within the app_data folder of an asp.net mvc project using the IDE, but i am getting a "Required Components Missing" message indicating "Connections to SQL Server files (*.mdf) requireSQL Express 2005 ....."
I am using - Windows 7 Enterprise - VS2008 Team System SP1 - SQL Server 2008 Developer Edition SP1
I have altered the database connection to use the default instance by setting to blank using
Tools -> Options -> Database Tools -> Data Connection : SQL Server Instance Name
I also note from the SQL Server Books Online that the user instance feature will be removed in the future, but for now it suits my effort in developing an application where a number of people are working on the project.
Has anyone managed to create a database in the same manner?
I have a directory structure root->admin-> admin operations admin page inherited from a ase page with principla security.demand role = "Admins" i am usinf forms authantication mode. i have also put a web.config file in admin folder, restricting other users. it is working normaly with siteroot/admin. I want to setup a mechanism to admin like siteroot/username/admin I can redirect to page admin but it gives security error, it should redirect to login page instead of if user did not sign in.
I am looking for a way to distroy the ASP.net membership session for a specific user. The reason I am doing this is as an admin I want to delete a user. This works fine, but if the user already has an active session, he is still marked as "online" until this session dies (I verify each time by using Current.User.Identity.IsAuthenticated). How do I go about killing a session based on the user it's authorized as. This way when I do Memberships.DeleteUser(username) I can also do Sessions.KillByUser(username)[URL]