Security :: Creating An "exclusive" Session For A Given User?
Nov 23, 2010Creating an "exclusive" session
View 3 RepliesCreating an "exclusive" session
View 3 RepliesI'm working on an application, where several products has their own website/application, while everything is stored in one SQL 2008 database.
When someone wants to buy a product (software licenses) they fill out a form and their info is transmitted to another site where all administration and payment is handled.
When the customer has payed with Paypal and is returned to the payment page, their info is saved to database, and a user account is created.
In order to create the user for the correct application, I use the following code to change the application name, create the user there, and change back.
[Code]....
This goes partly fine. The user is created in the aspnet_Users (in the wanted application) and assigned a role correctlu. When trying to approve the user, however, an error is thrown:
System.NullReferenceException: Object reference not set to an instance of an object.
The user is never created in the aspnet_Membership table.
In my application, I have users request accounts, and then an admin goes in to approve or reject the account. When the admin approves the account, the create user wizard is used. After the user is created, I set the new user's role, and update a few other items in my database for user tracking, and send out an email to notify the new user of their account status. Here's the kicker: Once this new user is created, the admin, is now logged in as the new user. How is this happening? And how do I stop it? Here is my CreatedUser code, scrubbed of non-pertinent code.
[Code]....
I am using the ASP.NET default users database (Memebership) , I need two things Limit Users , I need to make limitation of creating new user , like maximum 10 users Same user name can't be used in other computer , and will signout or give error msg that somebody using same error without allowing user to login.
View 6 RepliesI have a wizard control with 3 wizard steps. 1 contains "create new user", 2 for user management grid control and 3 for another functionalities.My problem is.. I am able to create new user successfully and after clicking on continue button in create new user, the name, email id text fields are not getting cleared.
View 7 RepliesI wanted to be able, as an administrator, to create new users using the createuser wizard. When I use the wizard to add a new user, however, I end up logged in as that user, instead of as my admin account. How do I prevent from being logged in as the user I just created?
View 2 RepliesI need to create .net membership user instance for a database living in a different server than the one I'm coding in. What is the best way to do this?Should I do it though Sql Server stored procedure? or should I use a separate provider (therefore having 2) in my web.config?
I need to create this user without using the "create user wizard".
is there a way to snag the database id of a newly created user after CreateUser has been called? I need to be able to tie that id to another database table. From what my book shows me, it looks like member info is encrypted, so merely looking at the membership database table.
View 11 RepliesI'm trying to convert existing user accounts ( MS Access and Classic ASP) to ASP.net membership user account. (I have imported to SQL server but lives in different table in the same database as aspnet membership)
--- Here is basic info of My userinfo table ---
-I have table contains user information. I would like to create .net membership user based on the data.
-Table contains about 30000 rows
-Table Name: customers
-Fields: netUserID (unique identifier generated by SQL server)- I need this to join my table with .net membership tables email_address(email address was used as userID as well as email),CreationDate password, etc
--- Here is what I would like to convert ---
-Customer.email_address = aspnet_Membership.Email
-Customer.email_address = aspnet_Users.UserName
-Customer.netUserID = aspnet_Users.UserID and aspnet_Membership.UserID
-Customer.password = ASP.net Membership.password
-Customer.creatationDate = aspnet_Membership.CreateDate
--- Here are questions ----
1. When I create a user from web site (web application), this is pretty much everything that you need to enter (email, username, password)
In order to create valid users for membership provider using SQL Server Management Studio, do I have to add more information ? or do they automatically generated by SQL server? ie. LoweredEmail, LoweredUserName etc
2. If I have to include every single fileds in Insert command, are there any SQL statement template to create valid user for membership provider?
3. I believe I will have a problem entering aspnet_Membership.UserID because it's unique identifier. Do I have to change data type temprary in order to insert UserID for aspnet_Users and aspnet_Membership?
4. What would be the best way to achive this?
I am creating a website for reset the password in one of the application from the back end.
I have created a webpage with only one button called "RESET".
If user click the button, it should check the user have already access the application from the "USER" table. If no access, the message appears "You do not have an access."
If yes, next step whether the user have authenticate. If yes update the encrypted password from new table called "UMRESET" to the application table "USER" password.
protected void CreateUserWizard1_CreatedUser(object sender, EventArgs e)
{
Roles.AddUserToRole((sender as CreateUserWizard).UserName, "Customers");
}
CreateUserWizard is creating dupicate user while assigning Role.How can we assign Role without duplicating user record? I've observed ApplicationID for assigning Role is Differenent than Creating New User, so when ever Role assigning comes in, it creates same user again with new UserID. Is it related to Web.Config in some way? As when I try to create user from "VisualStudio/Website/ASP.net Configuration"
The result is FALSE after the first step in creating a new user account:
<asp:CreateUserWizard ID="CreateUserWizard1"
<asp:CreateUserWizardStep ID="CreateUserWizardStep1"
The result is TRUE after the second step in creating a user account
i have following issue: I am creating a new user register form manually without CreateUserWizard control, and all works perfectly unitil I intentionaly (for test purposes) enter existing username (for example BLABLABLA) into username.textbox. After that i get my error message as expected that says "username BLABLABLA allready exist", now when I tray (as a future user who could be in the same situation) to correct the username and enter another one (for example TRATRATRA), it still gives me this error "username BLABLABLA allready exist!" This is the second day that I'm traying to solve this!
Here is a part of my code:
[Code]....
Im very new to ASP.net and have no experience with it at all.Im currently developing a website,and am confused about creating users.Im using the create user wizard,everything is working fine.However,I am worried about the security of user information.I believe the user information is stored in the APP_Data folder, am I right in believing that this folder is secure?
Exactly how is the user information stored when using the create a user wizard?In a database in the APP_Data folder?Is it encrypted automatically when a user signs up?
Is anyone able to tell my why i keep getting a blue line put under "UserName" (after the = sign), even though i have a textbox called "UserName" as part of the login control that comes with asp.
[Code]....
I am creating a interface for User Role Management based on built in membership provider.I want to display all the roles as check boxes for a selected user. I am able to display all the roles in the database, but not able to load the specific user roles. For example, I am able to publish role 1 role 2 role3 role 4 as check boxes. But if the user is already flagged as role 1 and role 3, I am not able to show that data (role1 and 3 should be checked when form loads, but right now, they are not checked)...How do I get the roles as checked boxes display on a page.I am using a repeater control to display roles as check boxes on the page..
<asp:Repeater ID="UsersRoleList" runat="server">
<ItemTemplate>
<asp:CheckBox runat="server" ID="RoleCheckBox" AutoPostBack="true" Text='<%# Container.DataItem %>'
[code]...
My 3.5 app uses Forms Authentication. I create an authentication cookie (ticket) with an expiration date of one day. The cookie's IsPersistent is set to True. I do not use any session variables. Session timeout is the default 20 minutes.
Here's the problem:
When the session times out in 20 minutes, the user is redirected to the logon page even though the authentication cookie has not expired.
Why does this happen? I thought the session and the cookie were independent of each other.
I am developing a web application. This application is fully customised based on the user settings. Suppose, application hosted on [URL] and user can signup on the website and it will get the domain like [URL] and for user2 will be [URL] so and so forth. so in this case how would I maintain the session for each user? each user will be representing a single website along with public interface and admin pages.
what I am thinking is to store all the setting (for each user) in the database and then when ever server received request then get the user info from the URL (first time only and after get it from the session) and get user details but I am not very much satisfied with this approach.
Once user enter credentials i want his name to be appear on top.User should be maintained through out the pages of website until he choose to sign out.And also diff users will have diff access to some parts of website, like only manager can delete the content.
View 1 RepliesMy web application uses forms authentication. One of my users who uses IE8 says that she always stays logged into the website on her computer. This is even after she closes the browser window and restarts the computer. This only happens on her computer, if she switches computers the same thing won't happen.
I'm baffled by this. Is there a setting in IE that could save her login information and automatically sign her in every time she accesses the website? Is there anything else to look into?
When I first implemented forms authentication I consulted an article that told me to store the user's custom IPrincipal object in the cache. Is this wrong? Should I have stored it in the session?
View 1 RepliesIm creating an application where the user table is stored outside the database, therefore i wont need to use the built-in asp.net user tables. However i would still like to use all the features the asp.net membership security provides i.e. restrict users from certain pages using the web.config
I would like to authenticate the user manually and set roles to that user temporarily only for that session. Is this possible?
How i redirect the page to Login page automatically if session Expires .
View 7 RepliesI have a page where, when the user has successfully logged in, I store some values in the session.
I then use these values to load an application list page. This page is automatically refreshed after 20.1 minutes, with the sessionstate timeout and forms timeout in web.config set to 20 minutes (with sliding expiration). This means, if the user does not use any page for more than 20 minutes, he is timed out.
My problem is that the User.Identity.IsAuthenticated sometimes returns true, when the session has expired.
Why is this happening, and how can I fix it?
I am logged in as user1, and while creating a user in which I have additional information which would store first and last name into the profile database. I have the following code
[Code]....
But because I just have profile like that, it is updating the profile of user1 not the new user i just created
[Code]....