Security :: Form Aunthetication / Show Admin Pages Only After Logging In A Form With Username And Password?
Jan 27, 2010
Me with C# asp.net
I want to show the admin pages only after logging in a form with username and password and also want to logout from the admin pages, if in the browser history select a admin page after logout it should not be shown
how can I do it.
View 1 Replies
Similar Messages:
Jan 24, 2011
One our customer complaint about HYH virus storing form authentication user credentials in clear text in his local system. Customer is accessing website through internet explorer. Is any preventing measure we can take in website or Code level?More details on Website1) Hosted in IIS 6.02) Windows Server 2003 Operating System ) Written in ASP & ASP.net combination
View 1 Replies
Oct 16, 2014
My Login.aspx form in Visual Studio 2013 just seems to be 'static' after I enter the correct username and password. I don't get any errors. My Login.aspx.vb code looks like this:
Code:
Imports Microsoft.AspNet.Identity
Imports Microsoft.AspNet.Identity.EntityFramework
Imports Microsoft.AspNet.Identity.Owin
Imports System.Linq
Imports System.Web
[Code] ....
Don't I need a file name/URL to direct the user to after he has successfully logged-on? How would I script that? Finally, I only have one Web.config file (associated with Register.aspx) and that looks like this:
Code:
<?xml version="1.0"?>
<configuration>
<system.web>
<customErrors mode="Off"/>
[Code] ....
I don't need another Web.config file for Login.aspx, do I?
View 1 Replies
Feb 19, 2011
I've done a registration form with username availability check.. (refer screenshot attached)..
the problem is when i click register it validates all d fields and doesn't check the username whether its available or not..
it simply inserts the value..
how can i make the username availability check a mandatory?
View 7 Replies
Feb 13, 2011
My employer would like me to create a login page with our logo that:
1.User enter their login and password on our page
2.posts the login/password to the form on one of our client's login pages
3. Takes them user to the client's site, logged in.
I tried searching but most examples don't show how I can then bring the user to the client url, logged in. Any suggestions? Thanks.
View 3 Replies
Mar 10, 2011
I have read the many posts of people trying to use two different login pages: one for users and one for admins. My question is very different. I have a Site.master page with a LoginView and LoginControl. I then have three root level pages Default.aspx, About.aspx, and Contact.aspx that derive from the Site.master. All three pages are set in the web.config to be allowed to all users. I then have a MemberPage in a Member folder which is only accessible to authenticated users. What I want to have happen is to be able to login from either the Default, About, or Contact pages and then be directed to the MemberPage.
View 2 Replies
Mar 7, 2011
how to add pages in the Form Authentication Sample Code. I am required to add a registration form in this Custom Security Solution. It lets me add the .cs files but when I add .aspx file, it gives errors in building. let me know what architecture have they followed? Why they have .resx files?
View 2 Replies
Mar 4, 2010
I have a directory structure root->admin-> admin operations admin page inherited from a ase page with principla security.demand role = "Admins" i am usinf forms authantication mode. i have also put a web.config file in admin folder, restricting other users. it is working normaly with siteroot/admin. I want to setup a mechanism to admin like siteroot/username/admin I can redirect to page admin but it gives security error, it should redirect to login page instead of if user did not sign in.
View 5 Replies
Oct 19, 2010
I am having an issue, with the membership and form authentication. I am having a problem where when an logged in user types a url they can see the content of pages they're not suppose to. When the user tries to click on the screen or any ajax fires they are redirected to the main page. What is going on? I have all the items setup in the webconfig properly just wondering what is happening. Also I don't want to use a redirect solution for each page since that is what I thought webconfig was setup for.
View 1 Replies
Dec 9, 2010
i have created loing form and create user form. then how to apply login rights..? i have 2 types of user. admin and normal user admin can move and use all pages while normal user can acces limited pages.
View 4 Replies
Jul 31, 2010
I have a small requirement i.e if any user forgot the passwordhe would like to reset the password by contacting an admin or mailing. Now if the admin logged in he will check for the user name if the user name matches i would like to send a mail to that user by resetting the password
View 2 Replies
Nov 15, 2010
I am trying to insert a string and random number into the database as hash sha1 then loggin in against it. the problem is if I use hash it wont login but if i dont use hash the login works fine... Code below.
insert hash into db
Dim user As New Label
user.Visible = False
user.Text = (myDataReader2.Item("username"))
MyConnection2.Close()
Dim MyConnection3 As New Data.SqlClient.SqlConnection("Data Source=xxx")
Dim mycommand3 As New Data.SqlClient.SqlCommand("Update Register SET [Password] = @password WHERE [username] = '" & user.Text & "' AND [email] = '" & email.Text & "'", MyConnection3)
Dim pass As String
Dim rnd As Integer, randomNum As New Random
rnd = randomNum.Next(1000, 10000)
pass = "Pass" & rnd
mycommand3.Parameters.AddWithValue("@password", FormsAuthentication.HashPasswordForStoringInConfigFile(pass, "SHA1"))
MyConnection3.Open()
mycommand3.ExecuteNonQuery()
login page
Sub Application_AuthenticateRequest(ByVal sender As Object, ByVal e As EventArgs)
' Fires upon attempting to authenticate the use
If Not (HttpContext.Current.User Is Nothing) Then
If HttpContext.Current.User.Identity.IsAuthenticated Then
If TypeOf HttpContext.Current.User.Identity Is FormsIdentity Then
Dim fi As FormsIdentity = CType(HttpContext.Current.User.Identity, FormsIdentity)
Dim fat As FormsAuthenticationTicket = fi.Ticket
Dim astrRoles As String() = fat.UserData.Split("|"c)
HttpContext.Current.User = New GenericPrincipal(fi, astrRoles)
End If
End If
End If
End Sub
Protected Sub Button1_Click(ByVal sender As Object, ByVal e As System.EventArgs)
Dim myConnection As New SqlClient.SqlConnection
Dim myCommand As New SqlClient.SqlCommand
Dim intUserCount As Integer
Dim strSQL As String
myConnection = New SqlClient.SqlConnection("Data Source=jrome2.db.4961680.hostedresource.com; Initial Catalog=jrome2; User ID=jrome2; Password=Richard050283;")
strSQL = "SELECT COUNT(*) FROM Register " _
& "WHERE UserName='" & Replace(txtusername.Text, "'", "''") & "' " _
& "AND Password='" & Replace(txtpassword.Text, "'", "''") & "';"
myCommand = New SqlClient.SqlCommand(strSQL, myConnection)
myConnection.Open()
intUserCount = myCommand.ExecuteScalar()
myConnection.Close()
'Response.Write(intUserCount)
If intUserCount > 0 Then
FormsAuthentication.Initialize()
Dim strRole As String = AssignRoles(txtusername.Text)
'The AddMinutes determines how long the user will be logged in after leaving
'the site if he doesn't log off.
Dim fat As FormsAuthenticationTicket = New FormsAuthenticationTicket(1, _
txtusername.Text, DateTime.Now, _
DateTime.Now.AddMinutes(30), False, strRole, _
FormsAuthentication.FormsCookiePath)
Response.Cookies.Add(New HttpCookie(FormsAuthentication.FormsCookieName, _
FormsAuthentication.Encrypt(fat)))
Response.Redirect(FormsAuthentication.GetRedirectUrl(txtusername.Text, False))
Else
login.Text = "Incorrect Log In Information"
End If
End Sub
Private Function ValidateUser(ByVal strUsername As String, ByVal strPassword As String) _
As Boolean
'Return true if the username and password is valid, false if it isn't
Return CBool(strUsername = " & Replace(txtusername.Text, " AndAlso strPassword = " & Replace(txtpassword.Text, ")
End Function
Private Function AssignRoles(ByVal strUsername As String) As String
Dim myConnection As New SqlClient.SqlConnection
Dim myCommand As New SqlClient.SqlCommand
Dim intUserCount As Integer
Dim strSQL As String
myConnection = New SqlClient.SqlConnection("Data Source=jrome2.db.4961680.hostedresource.com; Initial Catalog=jrome2; User ID=jrome2; Password=Richard050283;")
strSQL = "SELECT COUNT(*) FROM Register " _
& "WHERE UserName='" & Replace(txtusername.Text, "'", "''") & "' " _
& "AND Password='" & Replace(txtpassword.Text, "'", "''") & "';"
myCommand = New SqlClient.SqlCommand(strSQL, myConnection)
myConnection.Open()
intUserCount = myCommand.ExecuteScalar()
myConnection.Close()
'Response.Write(intUserCount)
If intUserCount > 0 Then
Return "client"
Else
Return String.Empty
End If
End Function
Protected Sub LinkButton1_Click(ByVal sender As Object, ByVal e As System.EventArgs)
txtusername.Text = String.Empty
txtpassword.Text = String.Empty
End Sub
View 1 Replies
Mar 11, 2011
When a user that has their IE set to save passwords hits my "Reset Password" form, the first text box set with TextMode set to "Password" is populated with the users saved password. Understandable, this is not the affect I would like as this is their "old" password. I cannot set the text of a text box with mode set to "Password" (naturally). Does someone know how to suppress or clear this value when IE is saving passwords?
View 4 Replies
Oct 29, 2010
I'm dealing with a scenario where a legitimate user doesn't have a clue about his password, secret question or the answer. So, I was trying to create an admin tool that would help me in situations like these where the admin should be able to type in username and reset the password without having to know/enter answer to secret question. I understand that I need to make some changes to the web.config for this to work. I thought I made all the changes but my ResetPassword() requests are still not working.
Here's my web.config settings for the provider.
[Code]....
View 4 Replies
Aug 19, 2010
I have a form that's used to submit emails for a project. This uses the SMTP Client class and is currently delivering the emails to a local directory , for now.
There is some logic that checks to see if a mailbox is busy or unavailable. A message is displayed for the appropriate situation. There is also some logging and exception handling.
I want to know if there is a way to test this logic, logging and exception handling while this app is local. I don't know if there is a SMTP Status Code that's returned since this is being done locally and not with a real smtp server.
Is there a way to test this locally? Can these values be set manually in the code as a test?
View 2 Replies
Jul 29, 2010
I have a form for getting user information (say a contact us form). once the data is entered and the user clicks submit, the data provided by the user should be created as a csv format file and should be mailed as an attachment to the website administrator.
View 3 Replies
May 20, 2010
I have created a test user/password on my web site. The intent is to have prospective clients login and try out the tool. Instead of telling them the userid/password of the test user, I'd like to tweak the Login wizard.
In the Load event, I was able to specify login1.UserName = "test user"
But when I try to specify the password, I'm told it is a readonly field. How can I 'force' a specific password? Or, how can I call the login event directly and pass the needed values?
View 2 Replies
Jan 21, 2011
I designed a website, in login page username and password should be encrypted and sent to server for validation. How to do this.
View 5 Replies
Jan 13, 2011
i need some lessons in how to create admin folder and pages to add user ,content ,authentication, etc
View 2 Replies
Jul 7, 2010
For testing I used this:[URL]Encrypts only the password is not encrypted and username.Why not?For security reasons, I would like also to encrypts username.
View 10 Replies
Jul 5, 2010
I have an intranet run with IIS, with basic authentication config. See more in this screenshot:
[URL]
Of course, then, when user login, this screen will appear:
[URL]
After successfully login, is there any method to get UserName (very easy to get) and also Password (don't know yet) from asp.net coding (run at server)
View 5 Replies
Jan 29, 2011
I am trying to implement a small site which requires users to login using Forms based authentication. I have followed the tutorials found on various sites on the net and in particular the one at [URL]
This enabled me to get a sample environment in place but it seems as though I am having a problem authenticating a user for which I know the username and password are correct.
I have a ASP.Net 3.5 site with my login.aspx form in a folder named login, my default.aspx in the root of the site and my protected content in a folder called main.
I am authenticating against a SQL Server Express database, so I have ran the aspnet_regsql.exe command to populate my database.
I have added the following authentication/authorization lines to my web.config
<authentication mode="Forms">
<forms loginUrl="~/login/Default.aspx"
protection="All"
timeout="30"
name="AppNameCookie"
path="/FormsAuth"
[code]...
I believe that my connection string and my database are ok because if i use the ASP.NET Configuration from within Visual Studio I can create and manage my users and I can also see them in the tables in the SQL Server. Also if I do enter any incorect credentials in my login page the page tells me that the password is incorrect.
View 6 Replies
Mar 10, 2010
I got a username and password field which made by myself and a User database which is all manually made
So now I wish to know how to authenticate user using the username and password data enter by the user and match with the database data to verify user is a member and login?
For what i know, the code should be something like this
SELECT UserName, Password FROM dbo.User WHERE UserName - @UserName
@UserName = ?
How do i assign the value from my username text field to @UserName?
View 3 Replies
Jan 17, 2010
I am trying to login usng form authentication from my web.config but it does not work. In the web.config i have the following: (i am going to make the password secure but just need to work with the basics
<location path="~/Admin">
<system.web>
<authentication mode="Forms">
<forms name="authCK" loginUrl="~/admin/adminlogin.aspx" protection="All" timeout="30">
<credentials passwordFormat="Clear">
<user name="admin" password="1" />
</credentials>
</forms>
</authentication>
<authorization>
<deny users="?" />
</authorization>
</system.web>
</location>
my asp code is
[Code]....
what it could be ive tried all sorts but it keeps saying incorrect username or password which is the failuretext above.
View 9 Replies
Feb 16, 2010
so I will admit this is a pretty stupid question. To my defense, I have never done it before. So take pity. I followed Joe Stagner's video on using the built-in authentication. Now, I would like to query a database using VB.net codebehind to verify if the user exists. I am clueless. Yes, I have a connection string already.
[Code]....
View 15 Replies