I have an ASP.NET project where I want to keep the membership (SQL Provider) in a separate database and the Roles/Profiles will be per application.QuestionWhat is the KEY that relates between the Membership database and the Roles/Profile database? Is it the UserID or UserName?I opened up the tables in separate expolrer and notice the UserID is different in the Membership database from that in the application Roles database.
We have an ASP.NET web application that has been around for over 4 years now. The web app uses ASP.NET role management with a custom role provider. The custom role provider connects to a database which includes tables for Users, User Groups, and Roles, with a table linking roles to user groups.
Over the years the application has grown in functionality and roles have been added. We now have around 30 roles and there is a complaint that it's not clear (due to lack of documentation, bad naming or whatever) what functionality a particular role gives a user.
Is there guidance on how to make the relationship between roles and functionality more transparent? list out the application functionality in another table and create a relationship between Role and Functionality. The application security would then be programmed against the items in the Functionality table, and the relationships between role and functionality could be maintained through a UI.
To me this approach doesn't quite fit with the concepts behind ASP.NET role based security. All the framework code methods refer to roles, e.g. "RoleProvider.IsUserInRole(string username, string roleName)" and:
I have my membership provider configured and working on my web host.
I´d like to create a table, for example, table ARTICLES, and i´d like that the user logged in, his ID or his NAME, was inserted into my ARTICLES database.Which one is the best table i could get for doing that ?
I was checking the table aspnet_users, but its Primary Key has a uniqueidentifer type.This won´t be a problem in the future ?Or is there a better way to relate my table with the membership provider ? Maybe another table OR another field.
Specifically what I want to do is to disallow access to most of the site for unauthenticated users, allow access to some of the site for authenticated users who belong to a certain role, and allow full access to users from a second role.
I have a navigation menu I would like to display based upon user roles (using.net membership) After several hours and headaches (from banging my head against the desk) I was wondering if someone can point me in the error of my ways.
[Code]....
[Code]....
How can I ensure that when the user is logged in, the appropriate menu items are displayed on the Landing page? Still new to all of this and my current method of 'trial and error' has seen me reach suicide levels this morning!
Lets say that I have a database set up with a load of info in it and I decide I want to add the membership and roles functionality to my site but my hosting provider makes me pay for each database I use. I don't want to pay for another db, so how do I set it up so that instread of creating membership and roles tables in the the aspnetdb database, it creates them in my existing database?
I wanted to see what would happen when the cached role cookie expired. Using Fiddler, after 2 minutes had elapsed, I could see that the raw value of the role cookie had changed.
I was expecting that on expiry, that ASP.NET would simply re-read the roles information from the database, and repopulate the cookie with the same value. So my question is, why would the raw value of the cookie change after expiry ? The cookie value is not human-readable (base 64 encoded and/or encrypted ?), so I can't tell if the information in it is the same, although the application still seems to work fine.
EDIT :
It looks like each time the roles are encrypted and cached in the cookie, it gets a different raw value.
I am building a subscription based web site, which currently has three subscription levels, i.e. Horses, Soccer, and Horses and Soccer. I was thinking of implementing standard role based authorization, where a Horses subscriber would get roles including those to use the Horses section, etc.
Should I use a standard role provider, and when a member subscribes to the site, assign roles for his subscription to him, or use a hierarchical role provider, that when asked for the roles for a member, only then uses the member's subscription level to 'calculate' a set of roles for the member.
I have followed scott's gu tutorial here I uploaded the whole database to my site. Before doing what Scott's says I had one username stored in the membership. How can I create an additional user now that the table is in the web host? I can see that there's aspnet_Membership, aspnet_Applications, etc..etc
in my app i want to create two types of users. (1) 'staff' (2) 'admin'
i have a page called registration which basically creates a user. i used the asp.net configuration wizard to create roles and set access rights to certain pages and this works great.
however, if i was to deploy this app then users wouldnt have access to the asp.net wizard therefore not be able to create users with roles/access.
so how can i do this in code? can i create a drop down in the registration page with two values (staff and admin) which will represent roles and then another drop down with access rights? (allow/deny)
how can i now program these drop down and make it work like i would normally do using asp.net configuration wizard?
I'm trying to build a portal kind of an application in asp.net, in which one of the functionality is letting people log in and upload their documents. The upload page is only accessible to registered users of the portal.
Problem:
I would like to track the user uploaded files according to their userIds.
Is it possible to use the FileUpload Control and C# to fetch the current user id, create a directory with the same name(as that of userID) in the file system and upload the files( multiple file upload, if necessary) into it?
Also another admin page would have to be able to see the list of files uploaded by the specific user and download it if necessary.
have a project where there are main 3 types of users i have to block them from accessing other pages but without using roles or membership is there any other way to do the same?
I've got an MVC 1.0 View that is more-or-less an attempt at reproducing WSAT.
On the Security->Manage Users page there's a column of checkboxes for "Active" for each user. Also when clicking the 'Edit roles' link a set of roles shows up in the Roles column of the table.
I'm using the standard SQL based Membership and Role providers that come out of the ASP.NET box.
For some reason, when I run the app from VS2008 all is well and I can update the Active and Roles values. However, when I deploy to a remote server, either my test server or in production, the checkboxes don't update the databse. Note that the links for 'Edit user', 'Delete user' work fine. I can create a new user or delete a user with no problems in any of the deployed locations. Also the 'Edit roles' link also works fine in that it brings up the list of all possible roles and shows which roles the user is in. The problem is specifically with the Checkboxes.
Interesting to note is that the JavaScript alert() (see below) does fire when clicking on any of the Role checkboxes. However, although the box is checked, the database is not updated on the any but VS2008 Casini. The database connection string is not changed on any of the execution sites which are running SQL 2008. IIS 7 on one deployed server (an ISP) and 7.5 on the other my in-house test server.
Here's the code I'm using to create the Roles portion of the page:
I have developed an asp.net website. I Have Used Asp.Net membership provider.My Question is , I Have Three Roles , For Eg: Basic, Intermediate, Admin ...Now , i need to apply two roles for single page say basic and admin .... How can i do this ... Plz help me .... Thanx in advance ......
if (Roles.IsUserInRole("Admin") == false) Server.Transfer("AccessDenied.aspx");
What I need to achieve is to filter the records returned based on the username (and hence role) of the logged-in user. e.g if an advanced user is logged in they will see all the event types, if the standard user is logged in they will only see the basic event type etc.
Ideally id like to do this in a way which can be easily extended to other tables as necessary. So I'd like to avoid simply adding a 'Roles' field to each table where the data is user context sensitive.
One idea I'm thinking of is to create some kind of permissions table like:
this has the drawback of using this is obviously having to use the table name to switch which table to join onto.
Edit: In the absence of any better suggestions, I'm going to go with the last idea I mentioned, but instead of having a TableName field, I'm going to normalise the TableName out to it's own table as follows:
Other than WSAT as I don't want to have to use the CMD bypass to access it using VS 2013, how can I administrate users/roles on my web forms web site and be able to administer them via the website from a different location.
My application have 2 Roles. Admin and Student. I created some tasks for these 2 roles by using LoginView ( Edit RoleGroup). As user login both can see there allocated tasks.Â
But I want to allocate some admin tasks to some student(s) not for all. How can I do it?
