Security :: Deleting All Users In Application?
Jul 18, 2010
Though I have not tried it but i guess asp.net allows us to delete all the users in our application. What i mean is if it allows us to delete all the users, then at 1 point my application might become defunct or I will have to go back into WAT.
In my application only users in admin role are authorised to create new user, but when all user can be deleted, what will hpapen?
And if a user is logged in and deletes himself, he still remains logged in though with restricted access untill manually logout is not pressed.
Do I have to take care of all this code manually?
View 7 Replies
Similar Messages:
Feb 11, 2010
Following one of the other tutorials I have figured out how to manage users [URL] but it does not mention how to delete them from the GridView. I have attached my Page's code plus my VB script. I have added a delete link into the GridView for preparation but all I would like is the VB script so that when the user clicks delete it deletes the user from the GridView and Databse. I hope I have made every really simple, anyway here it is:
ManageUsers.aspx
[Code]....
View 2 Replies
Feb 28, 2010
I need to retrieve the user data from the different web application. In the web.config I can specifydifferent profiles, but I cannot figure out how can I use it in the application. This is what I did:
<profile defaultProvider="i90PartnerProfileProvider">
<providers>
<clear/>
[code]...
View 3 Replies
Nov 24, 2010
I have two diffrent webforms (ASP.NET 2.0) applications that both uses the built-in membership provider of asp.net. The two application uses the same database, but is diffrentiated by ApplicationName.
One application is sort of an admintool (AdminApp) of the other application (UserApp).
I am now looking for a way to login to the UserApp from the AdminApp and sort-of impersonate a given user.
I have built an interface to automatically login a user to the UserApp (URL with querystring), but I need to be able to access the username of the refered user in the AdminApp. I was hoping for something like this would work:
Membership.GetApplication("AdminApp").GetUser();
...but I am unable to find something that works.
Is there a solution for my problem? Should I use some other approach?
/D
PS. A fallback solution wouuld ofcourse be to send a username in the auto-login-url-querystring, but that doesn't really sound solid.
View 4 Replies
May 19, 2010
I have 2 different website/applications with 2 different asp.net membership databases in the same server. Now my client wanted to create a user in one website and add that person automatically in to the other application/website/database too. Right now my applications create users using asp.net membership and added to its respective databases. Is it possible to create a user from different application using asp.net membership?
View 6 Replies
Nov 1, 2010
I have a web application with a login form. A user enters a user name and password. If they exist in the database the user is authenticated using these two lines:
[Code]....
The problem is that when a user logs in at first he is logged in as himself. When navigating on the web application for a while the user assumes the identity of another logged in user. This happens all the time. In my web.config the authentication mode looks like this:
[Code]....
The site does not use ASP.NET session variables. Instead each page initializes a Singleton class, which stores itself in a static class variable, always accessing the users data already read from the database. The Singleton implementation is:
[Code]....
Could the problem with assuming another logged in users "session" be related to static classes in my application or a Forms Authentication configuration or a configuration in IIS (e.g. is it possible for users to have their own process?).
View 12 Replies
Jun 21, 2010
I am trying to give access to a button for only authorized users. These users are all apart of the domain's administrative users. The button should only appear to these users. Other users will not be able to see or access the button. how I could make my web application query for authorized users for certain features in the web app?
View 5 Replies
Jul 13, 2010
I am creating a Web Application in asp.net 2.0 and sql server 2005.I want to use an existing database.
I have created a login and a signup page. Then i replace the new SQL database (the one that is created automaticly by the visual studio) with the exiting database I have.If I create a new user, the new user goes to the database and I can login with the new user. I cannot login with the existing users.If I go to the asp.net configuration, I only can see the new users I have created, I cannot see the users that were in the database already and I can't see the roles also.
I can I make the new application to recognize the users and roles of the existing database?
View 9 Replies
Jun 2, 2010
i would like to be able to do is to, lets say i have 10 users running a web application , how can i get the names of all these users. There names , logon times and any other info availabel.
i would like to get this data into a dataset and just bind to a gridview .
View 2 Replies
Sep 23, 2010
I am working on an application that resides on a development server on our internal network. The application was originally written to use Membership and Roles. We got busy almost a year ago before the app was finished, and now we are trying to get it ready to use internally.
The login page works just fine, but I have lost the ability to controls users and roles. I am running Visual Studio 2010 Professional now on a Windows 7 VM. I can open the application fine but there is no Web Administration Tool available for me to manage users or roles. If I go to Website -> in Visual Studio, there is no option for ASP.NET Configuration in the drop down menu. It simply isn't there.
How can I regain access to manage users and roles for this application? We are using Forms authentication and the database resides on a SQL Server 2005 instance on a separate box from the web server and my local VM.
View 1 Replies
Aug 26, 2010
Allow Admin Users to Access Basic Users Accounts?
View 4 Replies
Dec 6, 2010
[Code]....
after successful creation of 3 users on my web site now cannot create users
View 9 Replies
Jun 30, 2010
I have some code in my logout routine that deletes some temporary session files when the user logs out or when the session expires. Deleting these folders causes my web app to restart. It does not error out or throws an exception it just restarts!
View 1 Replies
Oct 12, 2010
We have implemented the ASP membership and roles..and we would like to display the users currently logged in and also display the number of users online so we can display that on the page. The list of users woudl only be available to our admins. BUt the number of users will show for everyone.
View 9 Replies
Aug 4, 2010
I just realized after i created a test account i was not in any roles. Is there a way to automically add new users into the role Users? Have i missed this some where?
View 8 Replies
Dec 9, 2010
I'm having a problem trying to delete the form authentication ticket (.ASPXAUTH) from the server side. It would be the same to delete or invalidate the ticket so the client could not reuse it.
So far, the only solution I've found is to delete the ticket from the client side (through a "Set-Cookie: .ASPXAUTH=;") but nothing seems to be implemented and/or working for doing so in the server side. The final idea is that if someone steels that ticket
In particular, I'm working in C# but as it's rellated to the Dotnet Framework any implementation of the solution would be OK; I tried all the possible things and nothing worked out, even invalidating the session but nothing.
View 3 Replies
Sep 27, 2010
I have a repeater which binds a set of data. Within this repeater is a column with various controls for updating, deleting, etc. These are image buttons which fire an onclick event such as "DeleteRecord". All this does is fire a stored procedure, passing in the ID of the record to delete from the CommandArgument of the object.
This works wonderfully... except for one rather huge problem. Once you delete a record, if you refresh the page, the record where the first deleted record used to be gets deleted. For instance... if I have 4 records
1 Record1
2 Record2
3 Record3
4 Record4
and I delete record 2... The page reloads with (which is fine):
1 Record1
3 Record3
4 Record4
...if I then hit refresh...
1 Record1
4 Record4
I assume this is because the erroneously deleted object (record3) is now in the same hierarchical place as the old object used to be and .net therefore doesn't know the difference, the page refreshes and fires the onlick event, grabbing out the command argument of the new object and deletes based on the ID as obtained from the commandargument of the new object. This is obviously a huge problem, if a client did this it would destroy data erroneously and I'm at a loss here. Is there any way to stop this from happening? I'm not sure if there is a better way to go about doing things or not. If there isn't, I need some sort of way to tell the page not to execute the event or to cross reference the ID of the object that is intended for deletion against the object itself...
Code below for convenience...
EDIT Wrapped a LinkButton around it because I have some jquery code in here as well which stops the page execution to wait for user confirmation. Pressing "ok" continues page execution.
<asp:LinkButton ID="oDeleteLink" CssClass="oDeleteIcon" CommandName="Delete" CommandArgument='<%# Eval("iAccountID") %>' runat="server">
<asp:ImageButton ImageUrl="/files/system/icons/trash-steel-16.png" ToolTip="Delete This Account" AlternateText="Delete" ID="oDeleteIcon" runat="server" />
</asp:LinkButton>
protected void oAccounts_ItemCommand(Object Sender, RepeaterCommandEventArgs e) {
if (e.CommandName == "Delete") {
int ID = e.CommandArgument.ToString().Numeric();
db.SPs.SpDeleteAccount(ID).Execute();
UI.Confirm(uiBroadcast, "Account has been deleted", "300px");
BindAccounts();
}
}
View 2 Replies
Jun 23, 2010
i used security in login page which restricts all users who have not logged in to all pages. I need to restrict specific users to specific pages. I'm not using AspSqlService provider. So i cannot create roles and restrict automatically. And the pictures i use in login page are not visible @ runtime.
View 1 Replies
Mar 22, 2011
Working on my first asp.net webpage. i have followed video tutorials and implemented asp.net membership for login/security.Using Visual Studio 2010 i can open the Asp.net configuration page for management locally.But then if I want my site admin to manage users/security online, how is this done? Like manage through a web browser. I guess this asp.net configuration GUI is not available on the internet?
View 4 Replies
Feb 9, 2011
We have asp.net configuration tool to manage user's permission and role for our offline website,
it is working very fine.
Now, I have uploaded my website and aspnetdb.mdf
now i want to manage users and it security and roles online.
How can i have asp.net Configuration tool
View 2 Replies
Jan 12, 2010
I have a web page where I am denying anonymous users from accessing. In the web site I have a folder called FileManager. In the web app the usres have the ability to uploaded files and when they do a folder gets created under the filmanger and the files are saved. I have created a web.config in this folder that denies anonymous users. The problem is if the user knows the directory structure they can type in the url of the site add /FilManager/x/x/NameOfFile, where x are the sub directories. If the file is an image it shows the image in ie, if it is a .xls or .doc or what ever they get the prompt to either download or save the file. What am I doing wrong. Will the web.config file not stop an anonymous user from access files? I put a webpage in the folder and it is blocked and the user gets sent to the login screen, but files seem to be unsecured.
How do I block anonymous users from being able to access the files in this folder?
View 4 Replies
May 5, 2010
i have a gridview that displays a number of columns, there is some rows that are to be confidential for some users "secret" records, i.e some users will see some of the rows as access denied in the cells and they won't be able to click the row to take them to detail page. other users will be able to see these rows data in the cells and able to click on the row header to take them to detail page.
how to display data/links in grid view cells selectibaly without changing the data in database?
View 4 Replies
May 30, 2010
I have installed an ASP.NET 4.0 Web forms application in IIS 7.5. If I set the application pool to DefaultAppPool (.NET Framework 2.0) I get the icons for Providers, .NET-Roles and .NET-Users displayed on the configuration page for the application in IIS Manager and I can manage users and roles within IIS. (I'm using Forms authentication.)
But if I set the application pool to ASP.NET v4.0 I get a problem: Double clicking on the icons for Users or Roles in IIS Manager throws an error telling me that I cannot use these features since the providers could not be determined as trusted. If I set in administration.config in the trustedProviders section allowUntrustedProviders="true" and double click again on one of the icons I get the error that the assembly System.Web, Version 4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a could not be found. If I restart IIS Manager the icons disappear completely.
.NET Framework 4.0 is definitely installed. So this is all quite confusing. I know that .NET 4 uses another GAC than the old one for .NET 2-3. Could it be possible that IIS Manager is not able to find the new GAC for .NET 4? Do I have to add perhaps some of the new 4.0 assemblies to administration.config? Is there another way to add users and roles instead of IIS?
View 2 Replies
Nov 25, 2010
i have users who can logon to my site. I don't use the asp.net provider (i have my own user storage) but do use forms authentication. No i want to block users from log on twice to my app. Now what is the simplest thing to accomplish this? I thought about an extra field in the database in the user record but is there something simpler? is there a sort of 'session' for the entire application where i can remember who is logged on (and which is not flushed at a random time)? maybe in the cache (but the cache is sometimes flushed) i've seen an example where a file with the username was written to disk (and removed when logged out)
EDIT:
Good question was: what do you mean with logon twice. I mean when a user logs on on another computer or when another person logs on with the same credentials
View 3 Replies
Mar 10, 2011
I have hosted an application on my local system and people on company intranet will be accessing that. I have windowxp SP3. I have heard from someone that only a limited no. of users( around 20) can access my application if I am hosting it on XP.
View 4 Replies