Security :: Adding Profile Information To FormsAuthenticationTicket
Jan 19, 2010
I'm authenticating my users using the following code for the login event:
[Code]....
The following code runs in global.asax at Application_AuthenticateRequest:
[Code]....
Everything works great so far. Next thing that I need to do is add additional user information to the forms authentication ticket using user profile. When I try to add it right after the login code above, I end up getting an error message about anonymous profile. On the other hand, HttpContext.Profile is read only and doesn't seem to work. Is there any workaround for this?
I assume that any Role information is being stored in the FormsAuthenticationTicket in the UserData (delimited by some character).Second, I assume that any information in the Profile is not stored in memory / session anywhere, but when you do call the profile.VARIABLE, you are in fact doing a call to the DB (although it's simplified by the fact that it knows who you are when calling etc).Assuming the above is correct, I'm trying to complete a custom membership provider. As part of this each user will have a single role. So using a full blown role provider seems to be overkill. I assume that I can write the single role into the UserData in the FormsAuthenticationTicket myself?I would like to also store a number of other small bits of information in the ticket (such as a GroupId, VendorId which are seperate from the user / role). If I wanted to do this, and the role is held in the userdata, how would I identify what is a role and what is someother persistant data I need on the application?I could use Session items for these, but this might cause issues with the web-farm, plus the amount of data is very small (3 or 4, int32 values and maybe one string).Finally, items such as Address, PostCode, Contact Phone number all seem sensible items to place in the profile ( I'm using the table provider). Is the advantage here purely the ease of access? This isn't commonly used data, so if there is a round trip to the db thats not an issue really in this instance
I am useing asp.net membership to store my users and under each users profile there is a field for their supervisor. I would like to get a list of all the users with the supervisor "Jon Doe". Is there an easy way to do this or would I just have to loop through each user and see if there supervisor = "Jon Doe" then if it is store there username in a list?
In my application I am using the aspnetdb membership for authorizing users. I created a new table UserProfiles that will hold their profile information. The UserID is linked to aspnet_users UserID with a foreign key. One of the columns in the table represent CompanyID (int). I want to be able to restrict logged in users to only see records from their company based on the CompanyID. There can be more than one user with the same CompanyID to the UserID would not work. I can restrict their access by UsedID to only see records they created by using code behind:
[Code]....
and my select statement is:
[Code]....
How would be the best way to restrict the selected data to UserProfiles.CompanyID?
I have a site I'm working on where the values being stored in user profiles can change so I need to iterate through all available profile options and display them (say in a label or gridview for instance). Here is an example of a web.config I threw together
I have created a custom user creation wizard to store custom user information, This is working fine. I am now trying to create a new page to give the newly created user to create users in there own company, so i need to retrieve the company information from the user profile created and automaticlly fill that information into the new create user wizard. ie User from A company logs in. (company_id from profile is stored in session) User A wants to make another user in company A (but cannot make a user in company B) User A fills in details for new user, Company A information is autofill into new user info. (possibly from session)
I have read alot about storing membership. info into session but i cannot find any code examples of how to do this. I need to find a way to store Company_id into session and then use that for creating a new user with the same Company_id.
I have been searching all over for this and trying many different things but so far have had no luck. I need to display the profile information for [all] users in the system within a GridView. For instance, I want to show their Username, First Name, Last Name,Email, etc.I've tried the Profilemanager.GetAllProfiles() method but t doesn't seem to have the fields in it.
I need to know how to change aspnetdb to store profile information unique to each user so that I can restrict records in an sql table to only show that user's records.
So if I make a "companyID" int, identity column where would I put it?
Also, when I write the where clause to companyID = profile (companyID) would that work?
I m trying to use the profile system to get information of the authenticated user form the data base, just like the session system : the user is authenticated then I set same variable with information of this user coming from data base !I am familiar with PHP so i m trying to do it like that !Also, i woul like to join my own data base and the asp.net membership database !
I am currently useing forms authenticantion with users set up with the Membership API and I have there other information like first name and work phone number stored useing the Profiles API. I want to create a company directory useing a grid view to display every user and there profile information. I can use Membership.GetAllUsers() or ProfileManager.GetAllProfiles() but it does not list any of the custom profile information like name and phone. What is the best way to get a grid view to show all the user information?
I would like to know simple thing, If i'm adding additional information to UserProfile such as: Country, PhoneNumber etc'.. So, I added a Table In my DB (which also Got all Membership Provider tables...)
UserProfile, and added Stored Procedures for it for Insert / Update... I would like to know, If I need to create in Business Object a Class for Profile Only? (Cause the User is managed Already by the Membership Provider) And Create for it Also in Business Logic -> ProfileManager with Methods that will use the Stored Procedures to Update and Insert Details? Do I need to do it like this? Or there is another way? What's the right way doing it?
I'm trying to dynamically create a url containing a FormsAuthenticationTicket that can then be emailed to a user who has forgotten their password. Then when the user follows the url they will be authenticated by the ticket in the url and be able to access the reset password page
I have tried creating a FormsAuthenticationTicket object and encrypting it but the string it produced seems way longer than the hash in the urls produced when using cookieless authentication.
that will be recongnised by cookieless authentication. But as I said the hash I come up with seems way to long and just not right at all.
you can see how long and different it is here by pressing the forgot password button..
[URL]
it says in the docs for FormsAuthenticationTicket that the encrypted ticket can be stored in a url. but I want to make it the same as those used by cookieless authentication so that it is recognised straight away.
I'm not using the Membership framework built into .NET but I'm using FormsAuthenticationTicket to make sure user is logged in. I have an object for my users in my application -- let's call it MyAppUser object. Can I save this in the FormsAuthenticationTicket as opposed to saving some string?
If I can't do that, I can save the object in session but I'm a little worried that session and FormsAuthenticationTicket will get out of synch.
I am logged in as user1, and while creating a user in which I have additional information which would store first and last name into the profile database. I have the following code
[Code]....
But because I just have profile like that, it is updating the profile of user1 not the new user i just created
I have a web application developed using VB .Net 2003, and is running ASP Net 1.1.
The application is running fine on all browser, except for the login/authentication control that doesn't work properly on Chrome.
We have different types of users using the website, and each user type has different menu items displayed for.
The problem is, if a user logs on with let's say Admin account, and logs off and later logs on again using student account, the user still gets the Admin menu, and of course vice versa.
I'm not sure if I'm doing something wrong, or there is something I'm missing here.
On more thing, if the timeout period reached, and the session was timed out , and the user (regardless of the type) tries to log on again, he is successful on all browser except on Chrome again!, where it keeps telling the session was timed out, and never logs on again until clearing the cookies.
I have a testproject and the forms timeout specified in web.config overrules the timeout which I set in FormsAuthenticationTicket. According the documentation, the timeout (expire date) in FormsAuthenticationTicket must override the timeout in web.config.
Documentation found on:
[URL]
[Code]....
Here is my code:
Web.config:
[Code]....
Login.aspc.cs:
[Code]....
Now, when I login, i get redirected after 1 minute of inactivity. This isn't supposed to happen, right? I have to be redirected after 2 minutes.
I am using forms authentication in asp.net application. This is working fine in internet explorer. Opening application in firefox is also fine but when i login in second instance of firefox, application in first instance logs out. Following is my code for creating ticket and cookie.
FormsAuthenticationTicket objTicket = new FormsAuthenticationTicket(1, sUserName, DateTime.Now, DateTime.Now.AddMinutes(60), false, "");
I'm currently developing a web site that will make heavy use of asp.net membership. (Using Umbraco, but that just uses the regular asp.net membership provider).I want to store some extended information about a user and I'm considering if I should store the information in the profile or in a custom table. Is there any pros / cons to any specific method? Some properties like payment details are more natural to place in the profile, on the other hand, a transaction log seems less natural residing in the user profile (IMHO). Any thoughts on this?
I'm using Forms authentication in my application but I'm not using the Membership that's built into .NET.
How do I automatically send user to login page when his/her FormsAuthenticationTicket expires? I just don't want a user log in and leave a page on their computer screen long after their session has expired. I'd like to make sure that as soon as the user's FormsAuthenticationTicket has expired, I send them to login page.
I want to pass an asp.net membership user name to a subroutine and retrieve the profile property named FullName for that user, how can i achive this in vb.net?
I want to use Profile Properties to keep some user information and move them between pages. I'm wondering if those profile properties are keeping data session based or when I assigned them is it same for all sessions/ Is this a safe method to use them:
I am using asp.net 3.5 and Oracle Providers for membership and roles. Now, using CreateUserWizard i can make user register here but for storing custom information like First name, last name, address etc. i am using couple of custom oracle tables instead of Oracle Profile Provider. In this case, i am using the USERID field which is of GUID type as primary key. Now, my problem is that i dont know how to draw information from my custom oracle tables for those users who are currently logged in. I have searched a lot in this forum and elsewhere where there are many topics relating to it but i failed to follow any of them. So, i would request you to kindly guide me to solve the issue. Oracle Membership
Table(ORA_ASPNET_USERS) USERID=xxxxxxxxxxxxxxx(some guid value) Username=abc and so on.. My Custom Table(UserProfile): USERID RAW(16), --> referenced to USERID field of ORA_ASPNET_USERS table fname varchar2(20) lname varchar2(20) I've the profiles of username "abc" having some userid stored in Userprofile table So, how can i fetch data from UserProfile table for the user "abc" when he is logged in?
