Security :: Creating Custom Registration And Login
Oct 20, 2010
I'm working on a project that requires registration and login. I know that ASP.NET provides login controls to get that job easily done. However, I'd like to implement custom registration and login. I mean my own registration and login forms and my own database. I've researched before posting this topic, but found nothing useful teaching me how to implement those functions. Can you guys tell me the way to implement them using LINQ and VB? OR can you give me the URL of the tutorial teaches exactly what I want?
I want to create a registeration page in asp.net(2.0) without login controls. How it can be done? I have another querry, regarding user details. I want where user information is stored. Can i open that table?
I try to construct a membership system using Walkthrough: Creating a Web Site with Membership and User Login. The membership system is going to be added to umbraco cms. I should admit that I am still in the learning process and need your guidance for my question.On my registration page other than standard fields which comes with CreateUserWizard, I need to add some extra fields in addition to that and those fields should be saved to database along with standard fields. Is it possible? If it is, how can I manage to do that?
i got this message when writing code-behind page: Compiler Error Message: BC30506: Handles clause requires a WithEvents variable defined in the containing type or one of its base types. Source Error:
[Code]....
Line 2: Partial Class _DefaultLine 3: Inherits System.Web.UI.PageLine 4: Protected Sub NewUserWizard_CreatedUser(ByVal sender As Object, ByVal e As System.EventArgs) Handles NewUserWizard.CreatedUserLine 5: ' Get the UserId of the just-added userLine 6: Dim newUser As MembershipUser = Membership.GetUser(NewUserWizard.UserName) also this from the error list: Error 2 'NewUserWizard' is not declared. It may be inaccessible due to its protection level. C:inetpubwwwrootWebSiteDefault.aspx.vb 6 60 [URL] the create wizard resides in the loginview
After reading a book I brought on ASP.net I fould the login controls to be very nice.I have set it up in my application so that customers can login using the standaard login controls and things were going smooth.But in my schema for my application I also have a table for customers (firstName, LastName, DOB, etc).And of course the customersID is used as a foreign key to tables such as Orders, Addresses (Home, Work, Postal).
The thing is how to i associate an asp.net login to a customer name in my table so that the CustomerID can be used through the application by knowing who is logged in.
I need to learn the following security-related questions pertaining to ASP.NET membership system (which I am currently using):
1) How to set up "secure" log-in for site members (when other sites say "secure login", what exactly is meant?) --- is that easy for a novice programmer to set up?; are there third parties?; is this done in collaboration with the site host?...Or by using the ASP.NET member system (which I have already set up), is that by default "secure" already?
2) When signing members up, what is best way to block out spammers from the registration process? Is there also third party software I can use? Perhaps someone can give quick answers to these, or point me in the right direction to read a good updated resource on this.
I wanted to be able, as an administrator, to create new users using the createuser wizard. When I use the wizard to add a new user, however, I end up logged in as that user, instead of as my admin account. How do I prevent from being logged in as the user I just created?
I really need some help here. I am brand new to using Visual Studio, but need to create a web page in which you must pay to register and view a Members Only page. I have followed a lot of instructions in these forums, but seem to have hit a wall.
First off, I am not able to use the ASP.NET Configuration under the Website tab. I have already created a New Web Site, selecting Visual C#, then the first option for ASP.NET Web Site. I chose File System for Web Location, etc. Long story short, I have made an ASP.NET Web Site with Basic User Login. The Login functionality is absolutely fine, I am able to view the site locally, register, and log in no problem. However, when I try to choose ASP.NET Configuration under the Website tab, nothing happens. From what I gather, I need to use the ASP.NET Configuration in order to configure membership permissions, and therefore need to open this part of the program. In the long run, I would like to make it so that User Logins are sent via e-mail to people who have paid me and that wish to use my site, which brings me to my foreboding second problem.
I eventually need to find a web hosting service that will allow me to do all the things I have described. I was going to go with GoDaddy.com, but after doing a bit of research I realized it may not be the best option for what I am trying to do. However, through research, I have realized that VS 2010 is the best program to use for what I'm doing, but I'm in a bind because of inexperience, thus writing this question in this forum.
Any help making this web site would be greatly appreciated, I am definitely in way over my head. I have worked with computers for the last 10 years, so my inexperience is mainly with ASP programming.
Just to let you know, I have VS 2010, Visual SourceSafe, and SQL Server Express installed on this fully capable machine. What I am really looking for is someone to guide me through the process of creating this website, either through pointing me in the right direction or explaining in detail all the next steps that I must take.
so after a short talk with some people around ASP.NET MVC forum I took a huge step and chose to create my own Custom Membership Data provider.. so I logged into sweet google and started searching , it doesnt look that hard and seems totally possible for me , that's what i thought...
So now I opened visual studio , and started to think on few things .. So before I would start typing code , I would like to ask those questionsSo i would know better
1. when I build an SQL object , or XML or w.e object, how do I know which fields I need for my table ? should i just copy them from aspnetdb or is there somewhere it is written?
2. how the heck do I copy lines from webconfig ? and should I get those lines like "reset password" from web config or not?
3. I saw some parameters in "create User" called providerKey or something like that, and also MembershipState ? what exacly are those ?
4. last question: the functions get username , and password and stuff like that , but what If i want to create my own User Entity , is there a way to change what the function gets ? or should i just make another class that get my custom UserEntity and let the first class to send her the userentity as repository ?
I have created a custom MembershipProvider and RoleProvider which communications with some existing business logic. The issue I have is that the user login in my business logic requires 3 arguments (group id, user id, and password) and the MembershipProvider and RoleProvider I implemented just use 1 or 2 arguments (username, password). Right now I append my group id and user id together and pass it as the username then parse it in the implemented methods. Is there a better way to do this?
Note, I can handle the login fine because I can call my own ValidateUser method. The main issue is when the implemented methods are called from other things like the RoleProvider.GetRolesForUser(username) method when I use the AuthorizeAttribute.
I am working on implementing a custom membership provider that works against an existing schema in my database and have a few thoughts/question.The login control will automatically call the ValidateUser method of the membership provider, so no matter how I implement the provider the only thing the login control cares about the bool value returned by this method. What I am confused about is there could be numerous reasons why a login attempt failed; user is locked out, too many tries in a period of time, etc. There is no way that I see to convey that to the control so it could display the proper message. Other properties of the membership provider such as PasswordStrengthRegularExpression have absolutely no effect on the login control as well (out of the box), I would have hoped that it would automatically somehow translate into regular expression validators, but that doesn't seem to be the case. So it seems that I need to initialize the login control properties with these settings out of the provider configuration if I want them to take on the control itself.
If the only thing that the Login control does out of the box (without manually handling events and doing the initialization as described above) is call the ValidateUser method on the membership provider, I see no way to convey back to the Login control why the validation failed or even doing things like throttling the validation requests based on a certain time window. Ultimately my question is why would I even use the membership provider then in conjunction with the login control? It seems like it was only designed for a Yes/No type response, which is very restrictive. If I want to build in logic with different messages back to the user I need to handle the login control events and call my own authentication classes that will handle all of my business requirements as well as return a custom error message back to the Login control to display to the user so they know why their attempt is invalid.
Unless I am wrong in my assumptions, it seems that the interface between the Login control as the membership API is too restrictive to be useful. Perhaps the API works better for other auth controls like ChangePassword better but for the actual Login control I don't see the point.
I have a login ascx module that needs to handle logged in users.
I am solving this by enabling Session("IdUser") to take Id_User from my database if login and password are correct.
Ok, this works rather OK, but I am using the same button for login and logout, so when I login user I need manualy to reload the page before handler me.load have new values for current session, does anybody know how I can solve this isue.
So I'm attempting to limit user's access to my database through the web. I have a registration form that asks the user for a name and password, then verifies this against a DB. In order to prevent DB overload, I will limit the user's attempts to 10 in 10 minutes. This is how I am trying to solve this, but cannot verify that i'm using the right approach.
Code: Dim timeout As Integer = ConfigurationManager.AppSettings("timeout") Dim userIPkey As String = Me.Context.Request.ServerVariables("REMOTE_ADDR") Dim i As Integer If HttpContext.Current.Cache(userIPkey) = Nothing Then i = 1
[Code] .....
For some reason I can hit the service with a for loop and get to the DB every time. If I try doing this through the browser while debugging the webpage, I get the right error message after 10 attempts, while on the server, or through a reference to localhost I will not get the error message.
I am using the SQLMembershipProvider for authenicating users for my web site. I would like to change the default message that is displayed when a user signs in but who's account is disabled. By default, it shows:
Your account has not yet been approved. You cannot login until an administrator has approved your account.
Is there a property for the Login control that allows me to change this message programmatically.
I have read many posts and have tried many solutions to this problem.
Simply enough, I can assign a role to a user programically during development, but when I publish to the 'web', the system doesn’t work. I am useing VWD 2008 in VB.Net.
I have been using permutations of : Roles.AddUserToRole("User.Name", "User").
Roles work throughout the site (per page/directory). Is there something I am missing?
I am new at ASP.NET and I am having some difficulties. What I have below is a Registration and Login, both in one page. However, when a user is logged in, I would like the registration and login form to be hided. There is a LOGOUT option when the user is logged in.
I want to support the following scenarios on my ASP.NET MVC website:First time visitor wants toregister, via facebook connect. I'dlike the user to have an entry in myuser membership table - so I havethem enter a username/password(email gets populated via facebookconnect).Registered user returns to mysite, logged into facebook already.I'd like my site to see they'relogged into facebook already and auto log them into my membershipsystem.Registered user returns to msite, but is not logged intofacebook.
Is it possible to create a login/registration system on my site without using any of the bulit-in stuff from ASP.NET - just like you can do in PHP? I've almost completely forgotten everything I learned about ASP.NET
I've set up a system with forms based authentication and using the asp:Login control. When I put in an invalid password I get the approriate invalid password message. However when I put in a valid password, it does nothing...just returns to the login page again. I'm triple checked the login info. There is no error message, and the invalid attempts counter doesn't increment. When I put a break point in the Login_LoggedIn event of the Login form, it hits it, but User.Identity.IsAuthenticated is false. I'm not 100% sure it should be true at this point, as I'm pretty new to .NET but it seems kind of odd.
My user database is stored in a sqlserver 2005 db that already existed. I've added a new connection for it.In the authorization I have
I am new in ASP.NET, Could you please help me and tell me how to (create a registration custom form and link it to sql database) so every time new register do the registration i need these data to be sent to me as well as to him as an e-mail message, where and how can i look up his data?
