After deploying our web application, one of the user was not able to login to the application. After checking, we could realize that his system date was worng, It was a greater than current date. If the system data was less than the current date we can still login. We are using asp.net membership
View 2 RepliesWe have created a windows application which is distributed amongst our clients. The application uses SQL Server 2008 as the back end and each client uses their own database on their own server. The databases are all exactly the same but each clients data is specific only to them.
We would like to offer our clients the ability to log-in to our website which would then login to their own database so that when they are out in the field they can perform similar tasks to what they can do with the windows app.Each of the clients databases has a user table containing their login details, permissions etc.
Our server is running on IIS and has SQL Server 2008 installed but it only contains our data and nothing of the clients.How should we go about this?
What I mean is do we need to make each client have an additional login to our main server which would then hold each clients individual connection strings etc which would then be used to connect to there specific database and then they would need to login again?? Seems like a nightmare for the user.
I wanted to know how to add the feature- that user should be redirected to an error page where the error will be display, upon entery wrong username/password when trying to login through an asp.net login control?
1. how to redirect the user to an error page upon entering wrong username/password (from a login control which is placed on master page)?
2. how to pass the error to the error page so it can be displayed there?
i want to design a authentication system for a service oriented application.i have a wcf service based asp.net application.
View 1 Repliesi was just wondering how much secure is the Login System integrated within ASP.NET ? This is rather vague but i just wanted to know if a website using the system is rather protected to attacks.
View 3 RepliesI am the web developer at a medical clinic. I have 2 scenarios going on:
First, I have a physicians only component of our employee portal to allow access to only physician shareholders or physician non-shareholders. My structure is built like:
Physicians Only
Administration
Affiliations
Calendars
Compensation
Minutes
The Affiliations folder is only going to be accessible by the physician shareholders. Therefore, I have security roles set for Physicians Only and Affiliations. When I test, the security is set correctly on the folders. However, when I try to login as different people, all with different roles, I have to login with user name and password, twice, before the system allows me in.
Secondly, I have secured areas within the employee portal also. However, when I navigate to them, the system doens't usually prompts me to login. If it does prompt me to login, it too, is on the second try. So how does it know who I am? And more importantly, how do I get the system to actually prompt the user to login with their credentials?
In my website, if one user registered from a computer, we have to allow that user to be able to access the site from that computer only. If he try to login from another system even in LAN, we have to deny the access.
View 5 RepliesI have a sitemap of 5 items. 2 items i only want the admin to see. I want the user to be able to login and the system recognise who it is and if an admin, bring up the 2 items in the sitemap. If not an admin, hide the items.
View 3 Repliesprovide me the source code for a login system where administrator can be directed to a different menu than the members.
View 2 RepliesI have a weird thing happening. I have two identical databases installed on one virtual machine but under two different instances of SQLServer. For some reason, periodically when saving from one it will save to the other instead. Using debug, I have verified that the connection string is correct and when the item saves, it still saves to the wrong database.I use session variable, and am of the belief that it might have something to do with it...and t hat when I go from one to the other it is still getting the connection string form the other for some reason.To make sure that it isn't a problem, I make sure that I completely close out one database before opening the other in a new IE window.I assume that when I completely close out an internet explorer window that it abandons all session states. Is that true?
View 7 RepliesWhat i want to do is code in Global.asax file to check if current date is greater than EndDate(appsetting) it will block access to rest of the pages as what happens when using [Code]....
Moreover it will be a licencing system which will block the application after its EndDate that will be mentioned in web.config.
[Code]....
[Code]....
i have an Asp.net application 3.5. I want to be able to allow multiple/ different clients to access the same application but using different url's. I have already managed to configure the database to allow this. So hia's the main part i want to host my application in a domain say... wwww.myapplication.com
then allow different client to access the same application using
1.www.clientOne.myapplication.com
2.www.clientTwo.myapplication.com
also the client subdomains i.e(clientone.myapplication.com and clienttwo.myapplication.com)should be autocreated by the client upon registration
I have a scenario with three applications:
1) Portal: where user executes login
2) Site1: after login at "Portal" user is able to use Site1
3) Site2: after login at "Portal" user is able to use Site2
I just need to execute a validation in Site1 and Site2, to validate if they (users) did login at Portal1.
Something like (in site1 main page page_load).
{
if (notFromPortal)
{
//redirect to Denied.apx
}
}
How can I do this in a simple way? With cookies? Does somebody have a url with sample?
My security requirements are almost zero. I just wanna prevent that user put a url from Site2 in browser and see a Site2 page.
I have to use windows login (name,password) for my application.(Intranet)
string strHostName = System.Net.Dns.GetHostName();
It works fine on my system but use the ulr on any other system, it returns the same result(i.e., MY System's name).
We are developing for a customer a series of .NET intranet applications currentlydeveloped in ASP. However we would like to avoid the users the annoyance of having of login twice when they pass from one .NET application to an ASP one, Is there any way to export the session data from one application to the other?
View 1 Replieswe developped an ASP.NET application that runs fine on our development server and in our network computers. But in production, the application works when accessing it directly from the web server but not on the clients (code behind is not executing).
View 5 RepliesFirst of all, I am creating a something like a client/server solution using a standard ASP.NET website - I do know this method is not adviced, and most people would love to scream "COMET!" or "HTML5 Sockets!" - but please don't ;-) !
What I am doing...
I am creating an MMORPG on a website.
I have several clients whom need to be in contact at the same time. This is done by a global object in the Application scope.
My problem
I need to invoke an event to several clients. For instance, when an attack has been performed, I need to update some graphics. The attack logic is resolved in the global object, but each of the clients has to respond to this.
Right now I do the following:
fightTrace.Reciever.InvokeMoveEnded(this);
fightTrace.FiredBy.InvokeMoveEnded(this);
(This is a kind of observer pattern)
What now happends is a race condition. The one who loads the page_load event will get both of these events, and the one who is not running them, will experience no changes in the UI.
So what is it I really want?
What I really need is some genuine and nice way to create an observer pattern through the application state. I need to send an event out to every "listener" which is in this case is a client, and then do some update.
I'm not 100% sure that this is the right forum, but here goes.Is it possible with ASP.Net to reliably determine if the client (i.e., the browser) is using a proxy server? I'd like to prevent proxy users to a particular site.
View 3 RepliesI have an ASP.NET v2 website which uses NHibernate for ORM. My current architecture is not that great and I will be changing it after reading some best practices but I wish to still try and figure out my current problem. I have a login screen which creates a ISessionFactory with the connection string set appropriately to the user name and password entered. The SessionFactory is then stored in HttpRuntime.Cache (all objects stored in the HttpRuntime.Cache have an expiration of 30 minutes which is not ideal and may cause issues but hopefully is not relevant to this particular case).
Whenever a data query is made the application tries to retrieve a Session from HttpContext.Current. The first time this occurs no Session is present so one is created from the SessionFactory and stored for future reference. The same Session is therefore is used throughtout the application which is not ideal I believe and it is not explicity closed after each operation. There have been various issues with the application including timeouts which may be associated with not closing connections after each operation. An error that has recently appeared is:
Message: Login failed for user 'myusername'.
Type: System.Data.SqlClient.SqlException
Source: .Net SqlClient Data Provider
Stack Trace: at
System.Data.ProviderBase.DbConnectionPool.GetConnection(DbConnection owningObject)
at System.Data.ProviderBase.DbConnectionFactory.GetConnection(DbConnection
owningConnection)
at System.Data.ProviderBase.DbConnectionClosed.OpenConnection(DbConnection
outerConnection, DbConnectionFactory connectionFactory)
This is only after a few minutes of using the application so should not be related to the use of HttpRuntime.Cache. The username in the exception (myusername) does not match the user specified in the connection string! Does anyone have any idea of what could cause this. I was thinking of ConnectionPooling but understand that the connection is made from a pool keyed on user name and password so it shouldn't confuse users. I am changing the application to use an IHttpModule to create a session per request which will be explicity closed after each operation but I would still like to know what causes the current problem.
I'm having some trouble using EWS with tasks and reminders, specifically, the due date.
When I run my code, shown below, the task is added to my exchange account and I can see it fine in outlook. All the data in it looks fine too. However, if I specify to have a reminder for the task, the due date it shows is very wrong.
It's usually 17 hours in the future, but the screenshot I've provided shows it being 19 hours in the future. I'm finding it very strange that if I open the task, the due date looks fine, but the reminder is saying it is due well into the future.
Screenshot: http://s970.photobucket.com/albums/ae187/paulehn/?action=view¤t=ewstask.jpg
ExchangeVersion exchVersion = new ExchangeVersion();
exchVersion = ExchangeVersion.Exchange2007_SP1;
ExchangeService service = new ExchangeService(exchVersion);
service.UseDefaultCredentials = true;
service.Url = new Uri("https://mail.domain.com.au/ews/exchange.asmx");
Task task = new Task(service);
task.Subject = "Subject";
task.Body = new MessageBody(BodyType.HTML, "Body");
task.StartDate = DateTime.Today;
task.DueDate = DateTime.Now.AddHours(2);
task.ReminderDueBy = DateTime.Now;
task.ReminderMinutesBeforeStart = 15;
task.IsReminderSet = true;
task.Save();
I've encountered a problem with intranet ASP.NET Application using AD Form Authentcation. The login and authorization is built using this KB http://support.microsoft.com/kb/316748. It works fine on DEV but not in UAT and PROD.
Basically, the problem is:1. In DEV, users see login page and they enter domain user name and password and login process happens with no issue.
2. But in PROD and UAT, the same application when the users see the login page (first time) and they submit the login form no response. The login button does nothing. The user closes the browser and come back to login page and it works second time. Strange, this doesn't happen in DEV.
3. Further, on DEV by changing the LDAP path to PROD or UAT, the users can still login the first time. It's only the PROd and UAT that seems to be a problem. Not sure whether it's IIS setting or domain policy or something else.....
Not sure what's causing this issue. The only difference that I can see between DEV and UAT/PROD is:
1. DEV has no load balance but UAT and PROD has.
2. In DEV application is installed under Default Website and on PROD/UAT it's under new website.
The IIS settings has been setup as per given KB. I
I have a site I am working on, that will have a home page with a login control. I would expect that after logging in, access is permitted to only certain areas of the website. I would imagine that the properties set by the login control will determine which pages can be viewed. Does this make sense? I know that many other websites have this type of structure, just not sure how it is organized.
View 3 Replies how to integrate a asp.net application in windows user Login screen?
I have a asp.net 2.0 application. Users can able to run this application from windows login screen before they login.
i have a secure ASP.net application ,login page and all these stuffs, i want to create a windows desktop application for some resones but i want to use the same security of the asp.net , is there anyway to get the login information of the asp.net to login to my windows desktop application?
View 1 Repliesi am working in the vb.net and inserting the date into DATETIME field sql db. During duging am checking it shows correct date but when insert into db it show "1/1/1900 00:00:00" . I dont know whats the problem. Code:
Dim ObjDob As DateTime = CDate(Me.ddlDates.SelectedValue & "/" & Me.ddlMonths.SelectedValue & "/" & Me.ddlYears.SelectedValue).ToString("dd/MM/yyyy")