Security :: Expand Role/Membeship Information?
Jan 5, 2010How can additional information such as first/last names, department, city, country, etc, be most easily incorporated into role/membership for insert, update, and delete?
View 1 RepliesHow can additional information such as first/last names, department, city, country, etc, be most easily incorporated into role/membership for insert, update, and delete?
View 1 RepliesUsually in sub-folder we will limit the access right to some roles and this feature requires pre-defined database schema. 
However, if i still want to use this role feature of asp.net, but I do not like the pre-define database schema, I want to extract role information from my own database table and bind it to the role.
Why asp.net sql role provider does not allow to update the role name , whats its reasons.
View 5 RepliesI'd like to mimic the behavior of the "profile provider" that is available in .Net. The profile provider acquires profile properties from the web.config and those properties are immediately available as an enum for use in the code behind.I'm unsure how to do this, and wondered whether someone may be able to help.Essentially I'd like to allow developers to enter Role information into the web.config, and then have this role information available for use within an enum in the codebehind.
View 1 RepliesWe use Sharepoint to control our websites. We build the sites, then load them into the sharepoint server. My question is if I use windows authentication, how can I get my role security in my web config file to coencide with the asp.net controls that use the Forms authentication. Is there a differenence? Our security uses a session variable for security but there is no where to set up their permissions except in active directory. I hope this makes sense because I would like to implement the LoginView with Role groups but how can I give them the role="administrator"? Do I have to go into active directory and give them these permissions(would take awhile due to the size of the company)? Or do I have to set up priveladges in the web.config file for each user(difficult I think)?
View 5 RepliesI have implemented role based security in my asp.net 2.0 vb.net application using windows authentication and the windowstokenroleprovider and limiting access to certain pages using the location tag to specific active directory groups.
The issue is that when a user tries to access a page they are not authorized to view it brings up a login prompt and when it does not pass it takes them to the default page that tells them they are not authorized to view the page. I am wondering if there is a way to throw up a custom page that tells them they are not athorized to view the page that I can incorporate into the site itself with the header and so forth? if this page could come up in lieu of the sign in box popping up as well.
How can i get the role id, rather than the role name?
For instance with the code below
Dim roles1 As String() = Roles.GetAllRoles()
GridView1.DataSource = roles1
GridView1.DataBind()
I can access the role name in the gridview like below, but how could I get the ID to pass in a hyperlink?
<asp:Label ID="lbl1" runat="server" Text='<%#Container.DataItem.ToString() %>' Visible="false" />
I want to implement role base access security on a script instead of database .
Using asp.net 2008
Considering various different user roles in scripting- role base access on same page. not in the database Different user should be able to see only particular information on the page, which is assign to him. This should be done on the bases of scripting not in the database.In short administrators and users contains should be on one page and they should be distinguish according to the role of administrator and user on same page.
Need to put validation and verification on the scripting page, not from the database.
My CLIENT REQUIREMENT IS :-
Defination of project 
The goal of this project is to extend role-based access from data to scripts. The users are classified into different roles. A script will display different information according to the role of the user.
The main aim behind implementing this project is, as nowadays people try to access the code and try to break into the secure codes via cookies as well as link information along with domain names. So in order to prevent this if the role base access security is kept on a script instead of database then it might be possibly less chance of breaking this kind of security.
In making this kind of functionality we need to deal security of webpage with the help of script. So the whole idea is to identify the user and separate contains which are only accessible to the specific user. In order to research and implement this project, we need to have core understanding and knowledge of the scripting fundamental and how exactly the scripting is working on webpage.
So looking towards this project we are planning to deal with somehow role base access in scripting.
Nowadays you might have seen security has become a larger issue, moreover providing security on website is one of the major concerned in today's life. As the network of wired and wireless network has extended in very large volume, you can see unsecure internet access in many place and in this unsecure there might be possibility of hacking becomes very easy.
So in order to make this security tight or in order to make website more secure we are planning to build this project.
I have an application that has a user Login Control (provided by ASP). I am just now working with the integration of a dataBase created in MS visual studio 2010, to a developed website created in MS visual web developer 2010. My main goal is to create an authentication ticket that  enables a user to be able to see a dataBase information only after that user has been successfully authenticated. 
Up to now I'm able to see the dataBase when i run the website even if I'm not log-in, how i can create a home page that tells the user to log-in and once that user has successfully log-in it redirects the user to another page where the user can see the database and how I can add information to that dataBase only to specific members
I have a couple of aspx pages in c# and want to apply security on them. The way the current security works is that each user is assigned a role to enable him to add,edit or delete . for instance I have 3 roles, Accountant, finance and clerk,
[code]...
 I have an application that uses Forms Authentication and Role Management. I have a few users with more than one role associated to the user. Based on certain roles, the navigation menu displays certain menu options.
Right now, if the user has more than one role, the menu shows the items that are in both roles instead of the items that are in the particular role that the user is logged into or currently set to.
I'm creating an Authentication Ticket to log the user in and I'm passing the active user role as follows:
authenticationTicket = New FormsAuthenticationTicket(1, UserName, DateTime.Now, DateTime.Now.AddMinutes(20), False, UserRole)
Is there anyway to set the user to one particular role and have the application see the user in this single role instead of reading all the roles that the user is in?
Is there any way that I can find the exact name of the role a User is in? There is a property for UserName ( User.Identity.Name) but what about the role?
View 1 RepliesI am adding users to roles ,, but i think the users are not really connected to the role ??
One othe thing: does this code looks ok:
[code]....
I have a page setup to manage and create users.. in order to help the process of creation, i woudl like to add the new users to our default "users" role when they click the create button. Below is what is in place for the creation page and the button event tied to the button. I used this from a tutorial i found else where, but dont have the link at the moment if anyone needed it.. but the code below works great when creating a new user
[Code]....
i am developing a website in vb.net ,as i am having 3 urser,customer,admin,and employee
i have taken the loginpage and in the codebehind i have permission  access to the customer,admin and employee,with different user names and password now my problem is how to make the page to recover the password if the user forget the username or password
The roles of users are not saved. Here is what i am doing:
[Code]....
And i added this to the create user wizard:
<asp:WizardStep ID="SpecifyRolesStep" runat="server" StepType="Step"         
Title="Specify Roles" AllowReturn="False">           
<asp:CheckBoxList ID="RoleList" runat="server">
</asp:CheckBoxList>
</asp:WizardStep>
How to implement role based security in each page.
View 2 RepliesI need to get the role of the user using memebership.
View 2 RepliesI am using a XMLSitemap to show my menu. In my menu I have a node "Log in". But I only want to show this to the visitors who are not logged in. (Not to everyone like what the "*" does). Is there a rolename for those visitors or something like that?This is my XML SiteMap
[Code]....
I would like to know if it is possible in a custom Membership to get the username of the login and to get first his role before testing his password.
The reason is just that we have to implement also another security with RSA depending on the role of the user.
im using forms authentication and created roles.
while the user enters the credentials im authenticating the user with username and password
now i also want to check the particular user whether he is that role.
eg:
if username,password are true and role is Admin i redirect him to Adminhome.aspx
else to empHome.aspx.
im able to chek username and password but im unable to detect the role.
[Code]....
I assume that any Role information is being stored in the FormsAuthenticationTicket in the UserData (delimited by some character).Second, I assume that any information in the Profile is not stored in memory / session anywhere, but when you do call the profile.VARIABLE, you are in fact doing a call to the DB (although it's simplified by the fact that it knows who you are when calling etc).Assuming the above is correct, I'm trying to complete a custom membership provider. As part of this each user will have a single role. So using a full blown role provider seems to be overkill. I assume that I can write the single role into the UserData in the FormsAuthenticationTicket myself?I would like to also store a number of other small bits of information in the ticket (such as a GroupId, VendorId which are seperate from the user / role). If I wanted to do this, and the role is held in the userdata, how would I identify what is a role and what is someother persistant data I need on the application?I could use Session items for these, but this might cause issues with the web-farm, plus the amount of data is very small (3 or 4, int32 values and maybe one string).Finally, items such as Address, PostCode, Contact Phone number all seem sensible items to place in the profile ( I'm using the table provider). Is the advantage here purely the ease of access? This isn't commonly used data, so if there is a round trip to the db thats not an issue really in this instance
View 4 RepliesIs it possible to extend role provider? like instead of IsUserInRole(username, rolename) can we have a IsUserInRoleFacility(username, rolename, facilityid)
View 2 RepliesI have a login form from the membership and I am trying to make it so that it would redirect depending on role. I have tried to put this code under login1_loggedin but it didn't seem to work. how can I do this?
View 1 Repliesi want to redirect the user after the log in based on his role. e.g. admin, userI already read the other threads.. I already used  this:  
[Code].... 
And this:
[Code]....
I also tried the above codes on the Page_Load event.