Security :: Custom MembershipProvider / RoleProvider With Login

May 18, 2010

I have created a custom MembershipProvider and RoleProvider which communications with some existing business logic. The issue I have is that the user login in my business logic requires 3 arguments (group id, user id, and password) and the MembershipProvider and RoleProvider I implemented just use 1 or 2 arguments (username, password). Right now I append my group id and user id together and pass it as the username then parse it in the implemented methods. Is there a better way to do this?

Note, I can handle the login fine because I can call my own ValidateUser method. The main issue is when the implemented methods are called from other things like the RoleProvider.GetRolesForUser(username) method when I use the AuthorizeAttribute.

[Code]....

[Code]....

View 1 Replies


Similar Messages:

Security :: Can't Deploy Custom MembershipProvider / RoleProvider Assembly To Website

Oct 15, 2010

I have written an assembly (DLL) containing two classes, MyMembershipProvider and MyRoleProvider, which are derived from MembershipProvider and RoleProvider, respectively. I have implemented most but not all of the abstract methods; the remaining ones all throw a NotImplementedException. I have signed the assembly and added a reference to it in my web-site project, where the relevant web.config sections look like this:

[Code]....

When I fire up the site, however, I get the following error:

Configuration Error

Description:
An error occurred during the processing of a configuration file required to service this request. Please review the specific error details below and modify your configuration file appropriately.

Parser Error Message:
Exception has been thrown by the target of an invocation.

The error message points to the <add /> tag in the <roleManager /> section: if I take that out, however (enabled="false"), it comes back again as soon as I try to log-in to the site (this time pointing to the membership section). I have verified that is recognising the classes by changing the name in the "type" attribute (to something that doesn't exist), at which point it throws a different error. Therefore I'm presuming there's a problem with my assembly code somewhere; but how can I find out where? I have debug=true in the web.config and also compiled the assembly with Debug options, but no clues.

View 4 Replies

Security :: MembershipProvider / RoleProvider With Server Farm

Nov 16, 2010

I trying to understand how a server farm would use MembershipProvider / RoleProvider. If I have a million users, I do not want to have multiple copies of the MembershipProvider / RoleProvider database. I would like to have one set of machines used for login but then redirect users to other machines in the server farm depending applications the users decide to use. However, once they are redirected to the new machine, I do not want the user to have to relogin. I want the credentials and role information to be available.

Does anyone know how MembershipProvider / RoleProvider is configured for this type architecture?

View 4 Replies

Security :: Are Cookies Required In Order To Use MembershipProvider And RoleProvider

Dec 25, 2010

Does Forms Authentication require that cookies be enabled to use MembershipProvider and RoleProvider? If so, can anyone tell me the minimum security level I need to tel clients to use.

View 2 Replies

Security :: RoleProvider And MembershipProvider Connect To Different Types Of Databases?

Aug 31, 2010

Say for my ASP.NET application, I have implemented my custom RoleProvider by using my existing Users table on my Oracle 11g database. Then, for my Membership Provider, can I still use the AspNetSqlMembershipProvider that comes with the .NET framework and uses SQL Server?

View 4 Replies

Security :: How To Extend The RoleProvider To Have Custom Code

Feb 24, 2010

I am obviously missing something here and it is driving me batty. I am trying to implement a custom role provider so that I can add some of my own custom code to it. I have created my CustomRoleProvider class, I have inherited the RoleProvider base class and implemented its members. I have made the required changes to my web.config so that my CustomRoleProvider is used. This is all working great.

All of this is wrapped up in a wrapper class as provided by the MVC Membership Starter Kit that I am using and wish to extend.

Now I want to add my own custom functionality.

When I add a function to my CustomRoleProvider I cannot see it or access it.

How do I add functionality to my CustomRoleProvider so that I can use it?

View 1 Replies

Configuration :: Put MembershipProvider, ProfileProvider And RoleProvider In One Single External Config File?

Oct 5, 2010

How can I put MembershipProvider, ProfileProvider and RoleProvider in one single external config file?

View 1 Replies

Security :: Get Custom RoleProvider To Invoke Its Methods On Every Page Load

Jun 18, 2010

I had a post here [URL] that I need to expand on now. I have a few web pages that need to check for a certain role on each page request. I have a custom Membership Provider and a custom Role Provider (called CustomRoleProvider - very original - I know) that I am using to do this. When a user logs in, the CustomRoleProvider.GetRolesForUser() method is called automatically (by the urlAuthorizationModule). When this method gets called, I am currently adding a role to the roles string array that allows/permits the user from viewing the web pages of concern based on certain qualifications that are determined elsewhere in the code (i.e. the database is queried to see if the user has rights to visit certain pages).

This approach only gets me half way because the user's roles are only checked once at login. When I wrote my previous post, I thought the CustomRoleProvider was broken because it wasn't calling the IsUserInRole() method on each page request. According to Microsoft, "The IsUserInRole method is called by the IsUserInRole method of the Roles class to determine whether the current logged-on user is associated with a role from the data source for the configured ApplicationName." (that information comes from this page:

[URL] Reading that description I thought it was being called automatically on each page request. This is not correct. What I need to know how to do is to get a method in the CustomRoleProvider that returns a boolean to be called automatically on each page request so I can update the user's roles if they change while the user is logged into the web site. For example, if the user has rights to visit page A and then five minutes later his rights are revoked, he can't visit page A again unless he contacts an admin to reset his rights.

View 1 Replies

Security :: Can't Load Custom MembershipProvider From Web.config, "Input String Was Not In A Correct Format"

Jun 19, 2010

I'm facing very odd problem with my application. I've been developing my own custom memberhip provider (derived from MembershipProvider, of course) and everything was working smoothly, until something odd happened. In my config file, I register my provider with such code:

[Code]....

When I deploy my site, I get this error message:

Configuration Error

Description:

An error occurred during the processing of a configuration file required to service this request. review the specific error details below and modify your configuration file appropriately.

Parser Error Message: Input string was not in a correct format.

Source Error:

Line 62: <clear/>
Line 63: <add name="CustomSqlMembershipProvider"
Line 64: type="My_Membership.CustomSqlMembershipProvider"
Line 65: applicationName="My Application"
Line 66: enablePasswordRetrieval="false"

View 6 Replies

Security :: Login Plus Custom Login Using The Standaard Login Controls?

Apr 12, 2010

After reading a book I brought on ASP.net I fould the login controls to be very nice.I have set it up in my application so that customers can login using the standaard login controls and things were going smooth.But in my schema for my application I also have a table for customers (firstName, LastName, DOB, etc).And of course the customersID is used as a foreign key to tables such as Orders, Addresses (Home, Work, Postal).

The thing is how to i associate an asp.net login to a customer name in my table so that the CustomerID can be used through the application by knowing who is logged in.

View 7 Replies

C# - Want To Create A Custom Roleprovider Through A WCF Service?

May 17, 2010

I have a web application that accesses a database through a wcf service. The idea is to abstract the data from the web application using the wcf service. All that works fine but I am also using the built in roleprovider using the SqlRoleManager which does access the aspnetdb database directly. I would like to abstract the roleprovider by creating a custom roleprovider in a wcf service and then accessing it through the wcf service.

I have created the custom role provider and it works fine but now I need to place it in a wcf service. So before I jump headlong into trying to get this to work through the WCF service, I created a second class in the web application that accessed the roleprovider class and changed my web config roleprovider parameters to use that class. So my roleprovider class is called, "UcfCstRoleProvider" and my web.config looks like this:

<roleManager
enabled="true"
defaultProvider="UcfCstRoleProvider">[code]....

But I get this error."Provider must implement the class 'System.Web.Security.RoleProvider'."

I hope I have explained well enough to show what I am trying to do. If I can get the roleprovider to work through another class in the same application, I am sure it will work through the WCF service but how do I get past this error?Or maybe I took a wrong turn and there is a better way to do what I want to do??

View 3 Replies

C# - Custom MembershipProvider With A Custom User Table

Apr 21, 2010

I've recently started tinkering with ASP.NET MVC, but this question should apply to classic ASP.NET as well. For what it's worth, I don't know very much about forms authentication and membership providers either.

I'm trying to write my own MembershipProvider which will be connected to my own custom user table in my database. My user table contains all of the basic user information such as usernames, passwords, password salts, e-mail addresses and so on, but also information such as first name, last name and country of residence.

As far as I understand, the standard way of doing this in ASP.NET is to create a user table
without the extra information and then a "profile" table with the extra information. However, this doesn't sound very good to me, because whenever I need to access that extra information I would have to make one extra database query to get it.

I read in the book "Pro ASP.NET 3.5 in C# 2008" that having a separate table for the profiles is not a very good idea if you need to access the profile table a lot and have many different pages in your website.

Now for the problem at hand... As I said, I'm writing my own custom MembershipProvider subclass and it's going pretty well so far, but now I've come to realize that the CreateUser doesn't allow me to create users in the way I'd like. The method only takes a fixed number of arguments and first name, last name and country of residence are not part of them.

So how would I create an entry for the new user in my custom table without this information at hand in CreateUser of my MembershipProvider?

View 2 Replies

Custom RoleProvider Error - Using Article To Learn

May 10, 2010

I'm trying to use this article to learn about custom roleproviders, but I'm getting this error:

Could not load type 'TestRoles.SimpleRoleProvider'.

The relevant section from my web.config:

<roleManager enabled="true" defaultProvider="SimpleRoleProvider">
<providers>
<add name="SimpleRoleProvider" type="TestRoles.SimpleRoleProvider"/>
</providers>
</roleManager>

The RolesProvider.cs class:

public class TestRoles{
public class SimpleRoleProvider : RoleProvider
{
public override string[] GetRolesForUser(string username)
{
List<string> roles = new List<string>();
roles.Add("Guest");
if (username.Equals("Dave"))
roles.Add("Admin");
return roles.ToArray();
}
}
}

From this error, it seems like it can't find the RoleProvider.

View 1 Replies

C# - Custom RoleProvider Not Working When Deployed To Web Apps Bin Directory?

Apr 4, 2011

I have created custom membership and role providers for a SharePoint web application.

If I deploy the DLL for these classes into the GAC, the membership/role provision works just fine. If I deploy these DLLs to the web application's bin folder in IIS, the web app bails with a server error immediately when browsing to the site.

Parser Error Message: Exception has been thrown by the target of an invocation.

If I view source on the error page I get a bit more info:

[code]....

View 1 Replies

Will A Custom RoleProvider Work With [Authorize] On Action Method In MVC

Feb 20, 2010

I'm making a custom MembershipProvider and RoleProvider.

I have database tables with Roles and UsersInRoles and I use LINQ-to-SQL to create objects of the tables.

When invoking [Authorize] on an action method, will it work with my custom RoleProvider?

How does it know if the user is authenticated and if the user is in the appropriate role?

View 1 Replies

Custom MembershipProvider With Web Interface And DAL?

Jan 7, 2010

I'm working on an ASP.NET solution with 2 projects. One is the web interface and the other contains my business logic. I'm using LINQ to SQL for my data access in the second project.

Apart of my database, I have a table called Users which holds user information.

I've started to implement a MembershipProvider. I notice that MembershipUser is coupled with MembershipProvider. What is the most correct way of getting my BLL/DAL to talk about Users?
Should I minimally implement MembershipUser and whenever a user calls a method, it will call for eg. GetUserInfo() in my BLL/DAL, to get complete information about the user?

Or should I make the MembershipUser class methods call my custom "Users" class methods (like a wrapper) in the BLL/DAL (this custom users class is not related to linq)?

Or can I somehow extend the Linq to sql class "CFUsers" to extend MembershipUser.

View 1 Replies

C# - Implement Custom MembershipUser And MembershipProvider

Apr 4, 2011

I try to implement a Custom MembershipPriver with a Custom MemberShipUser in my own database (with a specifics Users Table Model) : This is ly diffent files:

iTwitterMembershipProvider.cs
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.Security;
using System.Collections.Specialized;
using iTwitter.Models;
public class iTwitterMembershipProvider : MembershipProvider
{
public override string ApplicationName
{
get { return _ApplicationName; }
set { _ApplicationName = value; }
}
public override bool ChangePassword(string username, string oldPassword, string newPassword)
{
throw new NotImplementedException();
}
public override bool ChangePasswordQuestionAndAnswer(string username, string password, string newPasswordQuestion, string newPasswordAnswer)
{
return false;
}
public override iTwitterMembershipUser CreateUser(string login,
string password,
string email,
string tokenKey,
string tokenSecret,
string twitterUserId,
object providerUserKey,
out MembershipCreateStatus status)
{
ValidatePasswordEventArgs args = new ValidatePasswordEventArgs(login,
password,
true);

[Code.....]

View 2 Replies

Unable To Create MembershipUser For Custom MembershipProvider

Oct 28, 2010

I created a custom membership provider and am getting the following error trying to create a new "MembershipUser".

Could not load type 'MyTestApp.Membership.TestMembershipProvider' from assembly 'System.Web, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a'.

I am running this from a Unit Test project, so I'm not sure if that's causing the issue, but I did include System.Web, System.Web.ApplicationServices as well as a reference to MyApp.Membership and MyApp.DataModels (Entity objects).

The error happens inside my "GetUser" function which is below, my configuration is also below.

[code]....

View 1 Replies

Save Some Info In The Session Within A Custom MembershipProvider?

Nov 5, 2010

I want to save some info in the Session when the users successfully logins with my custom MembershipProvider, but I have no access to the Session in the provider's ValidateUser method.

public class CustomMembershipProvider : MembershipProvider
{
/* Override other methods and properties here */
public override bool ValidateUser(string username, string password)
{
/* do something to validate the username and password
* and set the validUser variable */
if (validUser)
{
/* want to store some info in the Session here, but I can't access
* it here, because this is not a Page */
}
return validUser;
}
}

View 1 Replies

Security :: Creating Custom Registration And Login

Oct 20, 2010

I'm working on a project that requires registration and login. I know that ASP.NET provides login controls to get that job easily done. However, I'd like to implement custom registration and login. I mean my own registration and login forms and my own database. I've researched before posting this topic, but found nothing useful teaching me how to implement those functions. Can you guys tell me the way to implement them using LINQ and VB? OR can you give me the URL of the tutorial teaches exactly what I want?

View 2 Replies

C# - Custom MembershipProvider Attempts To Pass Empty Creds After IIS Restart

Mar 12, 2010

I have a C# custom ASP.Net MembershipProvider. When the user attempts to navigate to another part of the site after IIS is restarted, it doesn't navigate to the login page to collect credentials, but instead attempts to authenticate with empty credentials.

what I have to do to identify that the new authentication needs to take place and that new creds need to be gathered?

I have a complementary custom IHttpModule implementation that allows me to intercept events like BeginRequest and AuthenticateRequest, if that helps.

View 1 Replies

Security :: Login Controls And Custom Membership Provider?

Oct 11, 2010

I am working on implementing a custom membership provider that works against an existing schema in my database and have a few thoughts/question.The login control will automatically call the ValidateUser method of the membership provider, so no matter how I implement the provider the only thing the login control cares about the bool value returned by this method. What I am confused about is there could be numerous reasons why a login attempt failed; user is locked out, too many tries in a period of time, etc. There is no way that I see to convey that to the control so it could display the proper message. Other properties of the membership provider such as PasswordStrengthRegularExpression have absolutely no effect on the login control as well (out of the box), I would have hoped that it would automatically somehow translate into regular expression validators, but that doesn't seem to be the case. So it seems that I need to initialize the login control properties with these settings out of the provider configuration if I want them to take on the control itself.

If the only thing that the Login control does out of the box (without manually handling events and doing the initialization as described above) is call the ValidateUser method on the membership provider, I see no way to convey back to the Login control why the validation failed or even doing things like throttling the validation requests based on a certain time window. Ultimately my question is why would I even use the membership provider then in conjunction with the login control? It seems like it was only designed for a Yes/No type response, which is very restrictive. If I want to build in logic with different messages back to the user I need to handle the login control events and call my own authentication classes that will handle all of my business requirements as well as return a custom error message back to the Login control to display to the user so they know why their attempt is invalid.

Unless I am wrong in my assumptions, it seems that the interface between the Login control as the membership API is too restrictive to be useful. Perhaps the API works better for other auth controls like ChangePassword better but for the actual Login control I don't see the point.

View 1 Replies

Security :: Custom Made Login Page With Session State?

Jan 6, 2011

I have a login ascx module that needs to handle logged in users.

I am solving this by enabling Session("IdUser") to take Id_User from my database if login and password are correct.

Ok, this works rather OK, but I am using the same button for login and logout, so when I login user I need manualy to reload the page before handler me.load have new values for current session, does anybody know how I can solve this isue.

Imports System.Data

View 3 Replies

Security :: Add Another Custom Dropdownlist In Login Control To Authenticate The User?

Aug 13, 2010

how can add another dropdown inside the login control and authenticate the user on the basis of user name,password,and location.

is there any other way?

View 5 Replies

Security :: Get The ConnectionStringName Of MembershipProvider?

Nov 12, 2010

i have a class library for membership provider and inherits from System.Web.Security.sqlMembershipProvider

i just want to change somthing in it this class library will work in difrent web form application

i need to get the connectionStringName in web.config where the membership set to work with it.

how can i get the connectionStringName?

View 3 Replies







Copyrights 2005-15 www.BigResource.com, All rights reserved