Save Some Info In The Session Within A Custom MembershipProvider?
Nov 5, 2010
I want to save some info in the Session when the users successfully logins with my custom MembershipProvider, but I have no access to the Session in the provider's ValidateUser method.
public class CustomMembershipProvider : MembershipProvider
{
/* Override other methods and properties here */
public override bool ValidateUser(string username, string password)
{
/* do something to validate the username and password
* and set the validUser variable */
if (validUser)
{
/* want to store some info in the Session here, but I can't access
* it here, because this is not a Page */
}
return validUser;
}
}
View 1 Replies
Similar Messages:
Apr 21, 2010
I've recently started tinkering with ASP.NET MVC, but this question should apply to classic ASP.NET as well. For what it's worth, I don't know very much about forms authentication and membership providers either.
I'm trying to write my own MembershipProvider which will be connected to my own custom user table in my database. My user table contains all of the basic user information such as usernames, passwords, password salts, e-mail addresses and so on, but also information such as first name, last name and country of residence.
As far as I understand, the standard way of doing this in ASP.NET is to create a user table
without the extra information and then a "profile" table with the extra information. However, this doesn't sound very good to me, because whenever I need to access that extra information I would have to make one extra database query to get it.
I read in the book "Pro ASP.NET 3.5 in C# 2008" that having a separate table for the profiles is not a very good idea if you need to access the profile table a lot and have many different pages in your website.
Now for the problem at hand... As I said, I'm writing my own custom MembershipProvider subclass and it's going pretty well so far, but now I've come to realize that the CreateUser doesn't allow me to create users in the way I'd like. The method only takes a fixed number of arguments and first name, last name and country of residence are not part of them.
So how would I create an entry for the new user in my custom table without this information at hand in CreateUser of my MembershipProvider?
View 2 Replies
Jan 7, 2010
I'm working on an ASP.NET solution with 2 projects. One is the web interface and the other contains my business logic. I'm using LINQ to SQL for my data access in the second project.
Apart of my database, I have a table called Users which holds user information.
I've started to implement a MembershipProvider. I notice that MembershipUser is coupled with MembershipProvider. What is the most correct way of getting my BLL/DAL to talk about Users?
Should I minimally implement MembershipUser and whenever a user calls a method, it will call for eg. GetUserInfo() in my BLL/DAL, to get complete information about the user?
Or should I make the MembershipUser class methods call my custom "Users" class methods (like a wrapper) in the BLL/DAL (this custom users class is not related to linq)?
Or can I somehow extend the Linq to sql class "CFUsers" to extend MembershipUser.
View 1 Replies
Apr 4, 2011
I try to implement a Custom MembershipPriver with a Custom MemberShipUser in my own database (with a specifics Users Table Model) : This is ly diffent files:
iTwitterMembershipProvider.cs
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.Security;
using System.Collections.Specialized;
using iTwitter.Models;
public class iTwitterMembershipProvider : MembershipProvider
{
public override string ApplicationName
{
get { return _ApplicationName; }
set { _ApplicationName = value; }
}
public override bool ChangePassword(string username, string oldPassword, string newPassword)
{
throw new NotImplementedException();
}
public override bool ChangePasswordQuestionAndAnswer(string username, string password, string newPasswordQuestion, string newPasswordAnswer)
{
return false;
}
public override iTwitterMembershipUser CreateUser(string login,
string password,
string email,
string tokenKey,
string tokenSecret,
string twitterUserId,
object providerUserKey,
out MembershipCreateStatus status)
{
ValidatePasswordEventArgs args = new ValidatePasswordEventArgs(login,
password,
true);
[Code.....]
View 2 Replies
Sep 9, 2010
I have some problems with getting my website to log out the authenticated user automatically when the session ends (the user closes the browser).
This is what I have in my web.config:
[code]...
When I close the browser, the user is still logged in. How do I make the website forget the user through an option, so the user himself can decide if the website should remember or not?
View 1 Replies
May 18, 2010
I have created a custom MembershipProvider and RoleProvider which communications with some existing business logic. The issue I have is that the user login in my business logic requires 3 arguments (group id, user id, and password) and the MembershipProvider and RoleProvider I implemented just use 1 or 2 arguments (username, password). Right now I append my group id and user id together and pass it as the username then parse it in the implemented methods. Is there a better way to do this?
Note, I can handle the login fine because I can call my own ValidateUser method. The main issue is when the implemented methods are called from other things like the RoleProvider.GetRolesForUser(username) method when I use the AuthorizeAttribute.
[Code]....
[Code]....
View 1 Replies
Oct 28, 2010
I created a custom membership provider and am getting the following error trying to create a new "MembershipUser".
Could not load type 'MyTestApp.Membership.TestMembershipProvider' from assembly 'System.Web, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a'.
I am running this from a Unit Test project, so I'm not sure if that's causing the issue, but I did include System.Web, System.Web.ApplicationServices as well as a reference to MyApp.Membership and MyApp.DataModels (Entity objects).
The error happens inside my "GetUser" function which is below, my configuration is also below.
[code]....
View 1 Replies
Oct 15, 2010
I have written an assembly (DLL) containing two classes, MyMembershipProvider and MyRoleProvider, which are derived from MembershipProvider and RoleProvider, respectively. I have implemented most but not all of the abstract methods; the remaining ones all throw a NotImplementedException. I have signed the assembly and added a reference to it in my web-site project, where the relevant web.config sections look like this:
[Code]....
When I fire up the site, however, I get the following error:
Configuration Error
Description:
An error occurred during the processing of a configuration file required to service this request. Please review the specific error details below and modify your configuration file appropriately.
Parser Error Message:
Exception has been thrown by the target of an invocation.
The error message points to the <add /> tag in the <roleManager /> section: if I take that out, however (enabled="false"), it comes back again as soon as I try to log-in to the site (this time pointing to the membership section). I have verified that is recognising the classes by changing the name in the "type" attribute (to something that doesn't exist), at which point it throws a different error. Therefore I'm presuming there's a problem with my assembly code somewhere; but how can I find out where? I have debug=true in the web.config and also compiled the assembly with Debug options, but no clues.
View 4 Replies
Mar 12, 2010
I have a C# custom ASP.Net MembershipProvider. When the user attempts to navigate to another part of the site after IIS is restarted, it doesn't navigate to the login page to collect credentials, but instead attempts to authenticate with empty credentials.
what I have to do to identify that the new authentication needs to take place and that new creds need to be gathered?
I have a complementary custom IHttpModule implementation that allows me to intercept events like BeginRequest and AuthenticateRequest, if that helps.
View 1 Replies
Feb 15, 2011
I'm working on adding a new webapp to an existing website. I've been directed to write the webapp in ASP.NET. The existing website is written in ColdFusion. For the most part, the ASP.NET webapp is completely stand-alone, but it needs to interact with the ColdFusion code in one important way - if somebody logs in to the ColdFusion site, we don't want them to have to log in again when visiting an ASP.NET page.
When someone logs in to the ColdFusion site, their username is stored in a cookie, along with a login token that can be looked up in our database. My .NET is a little rusty, so I'm having trouble visualizing how the ASP.NET code should use this data. I've already written a simple MembershipProvider that can be used to log in/out out the ASP.NET app using the data in our existing database tables, which are shared with the ColdFusion code.
What I'd like to know is - how can I make sure the ASP.NET app detects the cookies set by the ColdFusion app (I imagine they'd be sent to the ASP.NET pages, since everything is hosted on one domain), and automatically logs the user in using the MembershipProvider and Forms Authentication, using the credentials supplied in the cookie? I'm thinking that putting some kind of cookie check and log in function in the Global.asax file, set to run every page load for every page... but that seems kind of clunky. Also, do people still use the Global.asax file anyway? I had thought there was a more modern method.... Also, how can I manually log someone in using Forms Authentication and a custom membership provider? Currently my code allows the user to log in using the provided login control, but I'm not sure how to log the user in without them having to do anything.Looking over the MembershipProvider tutorials and the MSDN documentation it seems to me like the answer should be staring me in the face, but for some reason I just can't see it. Maybe not enough coffee....
View 3 Replies
Mar 25, 2010
Are Session variables (in ASP.NET) the safest way to store data relating to whether a user is logged in or not? i.e. Session["LoggedIn"] = 'No'
I know Session variables can be spoofed so I assume there must be a safer way.
View 6 Replies
Feb 25, 2016
I have a report number that is generated from a page, and I want to display that number in a popup window upon a button click that saves the report to a database. On the original page, here's the code that I am trying to use:
Code:
Private Sub saverpt()
Dim url As String = "popup.aspx"
Dim s As String = "window.open('" & url + "', 'popup_window', 'width=300,height=100,left=100,top=100,resizable=yes');"
ClientScript.RegisterStartupScript(Me.GetType(), "script", s, True)
Session("rptnum") = rptnum.Text
On the popup.aspx page, here's what I am trying to make the rptnum field appear on:
Code:
Private Sub popup_Load(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles MyBase.Load
Dim rptnum As String = CType(Session.Item("rptnum"), String)
Label1.Text = rptnum.text
End Sub
Currently, the popup will display "rptnum" rather than the actual generated report number.
View 3 Replies
Jun 19, 2010
I'm facing very odd problem with my application. I've been developing my own custom memberhip provider (derived from MembershipProvider, of course) and everything was working smoothly, until something odd happened. In my config file, I register my provider with such code:
[Code]....
When I deploy my site, I get this error message:
Configuration Error
Description:
An error occurred during the processing of a configuration file required to service this request. review the specific error details below and modify your configuration file appropriately.
Parser Error Message: Input string was not in a correct format.
Source Error:
Line 62: <clear/>
Line 63: <add name="CustomSqlMembershipProvider"
Line 64: type="My_Membership.CustomSqlMembershipProvider"
Line 65: applicationName="My Application"
Line 66: enablePasswordRetrieval="false"
View 6 Replies
Feb 17, 2011
I have one AsyncFileUpload control ,one Attach button,one Listbox and Save button.
When Users browse the file and click the attach button, filename must be added to listbox. So in this way the user has the option to add upto multiple filenames to listbox. For this i have written the following code
[Code]....
this is source code
[Code]....
In Attach button click event i added the filename to listbox and saved the Asyncfileupload controls in different session variable.
When user clicks on save button all files has to be saved in application folder and for this i wrote the following code.
[Code]....
But iam unable to save all the files . Suppose i added two AsyncFileupload controls to session variables, only last file i,e. 2nd file can only be saved and couldn't get first file.
[Code]....
View 4 Replies
Apr 12, 2010
I made really basic facebook application, which collect permission from user to post data. Some time ago (around New year) it worked fine.I am using http://facebooktoolkit.codeplex.com, and my code looks like this:
public partial class Facebook : CanvasFBMLBasePage
{
protected void Page_Load(object sender, EventArgs e)
[code]...
View 1 Replies
Jan 31, 2011
I have a multi tenant system and I need to allow administrators to edit the information of other customers. I believe the correct way to do this is to append the customer ID to each request, and update my routes accordingly. How do I make ASP.NET accept and use something like this in the controller (order doesn't mean much to me): [URL] and how would I pass and consume that in my controller? The ASP.NET tutorials skip this... (or I don't know where to search)
View 1 Replies
Sep 7, 2010
I Have Question : Can I Edit Create User Wizard To Save Info To My Project Sql ? And Where Normal Create User Wizard Save Info Of Register?
View 5 Replies
Jul 22, 2010
I'm building an ASP.NET MVC 2 site where I'm currently implementing an OpenID sign-up form. Unfortunately, I'm foreseeing a possible security bug/vulnerability inside my architecture.
Here's how I want OpenID login to work:
User requests /Account/Login, Controller sends back OpenIDLogin View. User enters their OpenID into the View, then OpenID authorization takes place, and finally the OpenID is returned to the Controller.The Controller checks whether the OpenID is currently in use by a user in the system or not. If it is, the user is logged in to that account. If not, the registration process begins.
And now, the OpenID registration process:
The OpenID identifier, as well as any other information provided by the OpenID provider (such as email address or name), is put into my custom ViewModel and sent to my OpenIDRegistrationForm View.The RegistrationForm View stores the OpenID in a hidden field to make sure that it gets sent back to the Controller.The user fills in the RegistrationForm View and sends it back to the Controller.The Controller creates the user account and puts the OpenID into the database.
The bug that I see within my architecture is that a user could modify the hidden value in the RegistrationForm View. Thus, they could spoof their OpenID! I will make sure to add another round of checking to the final Registration Controller Action to make sure that the OpenID that is provided doesn't exist yet, but there is still a possibility for spoofing. Can my architecture be improved somehow? I don't want this to end badly...
One solution I'm considering is encrypting the OpenID before I send it to the View and then decrypting it when it reaches the Controller. Should I try this?
View 1 Replies
Jan 3, 2010
I am working on a website and this is my first web project. Scenario for Session I have created a database for my project with security level little bit high. I want to manage session for each and every user who is logging in to my website. Session state can be used using Cookie as well as URL, only one at a time. Now I went over with all four session state modes. i.e 1. InProc 2. State Server 3. Sql Server 4. Custom
Now after reviewing from all these modes I am in confusion which one should I use Sql Server or Custom. Basically i want to store session related information in my own database instead of Aspnet_db which is a default database provided by microsoft. I have created all tables related to login and registration. But I dont know how to store session into my database. What tables do I need to create so as to maintain into database. I want to create a complete log of session and login related information into my database(Persistant atleast for 1 year). I want to use machinekey as AES and SHA1.
<sessionState mode="Custom" cookieless="AutoDetect" timeout="15" regenerateExpiredSessionId="true" stateNetworkTimeout="10" >
</sessionState>
<machineKey decryption="AES"
validation="SHA1"
decryptionKey="7E047D50A7E430181CCAF7E0D1771330D15D8A58AEDB8A1158F97EEF59BEB45D"
validationKey="68B439A210151231F3DBB3F3985E220CFEFC0662196B301B84105807E3AD27B6475DFC8BB546EC69421F38C1204ACFF7914188B5003C1DCF3E903E01A03C8578"/>
<add name="conString" connectionString="Data Source=192.168.1.5; Initial Catalog=dbName; Integrated Security=True;" providerName="System.Data.SqlClient" />
What all things do i need to specify in webconfig? My Data Source= 192.168.1.5 Database name= db.mdf What I need to know about. What tables do i need to add to my database to store session related information. eg. Session id (Any other field is also stored or not), Session Time, Session Start Time, Session End Time, Session Expire Time. I dont know what all things are usually taken. Do I need to encrypt Session Id
before storing into database. If Yes Encryption will be automatic or do i need to write some code to do this other than that I wrote in web config above. How mode='custom' will be used into web config using my database. in following code
<sessionState mode="Custom" cookieless="AutoDetect" timeout="15" regenerateExpiredSessionId="true" stateNetworkTimeout="10" >
</sessionState>
View 2 Replies
Dec 1, 2010
Is it possible to perform user management (store user info, login , logout etc) without using session or cookie?
View 3 Replies
Apr 16, 2010
I try to get the user profile settings with this code. But all items in it are empty, in the database they are not empty. So there is going something wrong. First of oll how can i add a provider to the ProfileCommon ? Maybe i'm there then... the usrInfo is filled well...
MembershipUser usrInfo = Membership.Providers["MyMembershipProvider"].GetUser(UserName,false);
ProfileCommon prf = (ProfileCommon)Profile.GetProfile(UserName);
LitNaam.Text = prf.Voorletters.ToString() + " " + prf.Achternaam.ToString();
View 2 Replies
Nov 18, 2010
I read the solutioin for this error, at the following link :http://forums.asp.net/p/1046935/1576341.aspxbut I am still not clear what exactly causes the error. I have two doubts :1. Can anyone please elaborate a bit on this issue, with any example ????2. Is there any drawback of this approach ?
View 4 Replies
Feb 26, 2010
I am building a Asp.net Application. I need to save a HashTable in a session.
At page load i am writing
protected void Page_Load(object sender, EventArgs e)
{
if (!Page.IsPostBack)
{
Session["AttemptCount"]=new Hashtable(); //Because of this line.
}
}
Here problem is, when a user refresh the page, session["AttemptCount"] also get refreshed.
I want to know where should I declare
Session["AttemptCount"]=new Hashtable();
So that my seesion do not get refeshed.
EDIT In Global.asax, this session will get started, as soon as user opens the website. I want to creat this session only if user go to a particular page. i.e Login.aspx
View 4 Replies
Jun 4, 2010
Using Membership. How that when you first login Save user name?
View 5 Replies
Jun 29, 2010
I thought about saving all sessions variables to hiddens and then resaving those values back into session after I changed the web config..but there has GOT to be another way.
View 1 Replies
