Usually in sub-folder we will limit the access right to some roles and this feature requires pre-defined database schema.
However, if i still want to use this role feature of asp.net, but I do not like the pre-define database schema, I want to extract role information from my own database table and bind it to the role.
I'm using my own role management and user management in my application, i now need to use forms authentication. How can i do this?
View 3 RepliesI am creating a interface for User Role Management based on built in membership provider.I want to display all the roles as check boxes for a selected user. I am able to display all the roles in the database, but not able to load the specific user roles. For example, I am able to publish role 1 role 2 role3 role 4 as check boxes. But if the user is already flagged as role 1 and role 3, I am not able to show that data (role1 and 3 should be checked when form loads, but right now, they are not checked)...How do I get the roles as checked boxes display on a page.I am using a repeater control to display roles as check boxes on the page..
<asp:Repeater ID="UsersRoleList" runat="server">
<ItemTemplate>
<asp:CheckBox runat="server" ID="RoleCheckBox" AutoPostBack="true" Text='<%# Container.DataItem %>'
[code]...
How can additional information such as first/last names, department, city, country, etc, be most easily incorporated into role/membership for insert, update, and delete?
View 1 RepliesWhy asp.net sql role provider does not allow to update the role name , whats its reasons.
View 5 RepliesI'm workng on a new, green-field ASP.Net application. We're implementing a base page which all pages will be, er, based on. The application will be running under Integrate Windows Auth, so I'll have the user's account details. With these, I'll be going to several databases (in which the user will exist) to find out what roles they are assigned to in each db. I'll be holding the role yay/nay in a bool array, and key into it via an enum.
There will be a session object that will hold a few things, and the roles assigned for that user. I'm thinking of making the session object available as a property of the base page, as the code would be something like this:
public SessionObject MasterSessionObject
{
get
{[CODE]....
But, I'm sure you'll agree, it looks sucky...If there was a CheckSecurity method on the base page, it would have to take a concrete DatabaseRoles object, but also an enum of which role to check, which would also look sucky. And finally, there would be a requirement at a later date to add more databases and their security settings...
I'll add code tomorrow if required... :-s
I dunno, I'm not that thick, but I do have a hard time sometimes binding all this together...
I think I'm missing something simple...I have a customRole Provider set up and it seems to be working fine - I can add/change/delete info using the WAT.For my Authorization I do a custom routine that is separate from the .net provider that basically says the users is or is not authenticated (true/false).If the user IS authorized how do I set the cookie (or whatever) letting .NET know who they are so I can use the roles on a directory level?I know I can use Roles.IsUserInRole on individual pages but I'd like to be able to use directory based authorization too (from the web.config).
View 3 RepliesI have implemented role based security in my asp.net 2.0 vb.net application using windows authentication and the windowstokenroleprovider and limiting access to certain pages using the location tag to specific active directory groups.
The issue is that when a user tries to access a page they are not authorized to view it brings up a login prompt and when it does not pass it takes them to the default page that tells them they are not authorized to view the page. I am wondering if there is a way to throw up a custom page that tells them they are not athorized to view the page that I can incorporate into the site itself with the header and so forth? if this page could come up in lieu of the sign in box popping up as well.
We are trying to implement Custom Role membership provider for our web app. For authorization we want to check for one more field like Facilityid for the logged on user along with role he has. eg. my User1 having Role1 with Facility1 can access some option and same user role for Facility2 have different option. So is there a way we can extend the existing role/profile provider to authorize user with this additional field along with role assigned.
View 1 RepliesI have a custom role provider and I'm trying to get the IsUserInRole() method to get called when a user of a certain role tries to access a restricted page. However, the method is never called.
[code]...
When the user goes to a restricted page, I'd like the custom role provider to check the user's role and deny/grant access.
I have created custome Membership Role and Profile provider using INGRES db. Now I can see my IngresMembership and IngresRole provider in the Provider tab(Select a different provider for each feature (advanced) ) of WSAT but when I clik on security tab I get this error:
"There is a problem with your selected data store. This can be caused by an invalid server name or credentials, or by insufficient permission. It can also be caused by the role manager feature not being enabled. Click the button below to be redirected to a page where you can choose a new data store.
The following message may help in diagnosing the problem: Object reference not set to an instance of an object."
What am I missing? Do I need to add code for all override methods for Role provider? I have just written code for the Initialize and GetRolesForUser functions.
I have a custom role provider class that is currently being used by a web application. We are now in the process of migrating several windows applications from VB6 to VB.Net. From preliminary research, I understand that I can use the custom role provider in win forms as well and came across Client Application Services. I understand how the Client Application Services is setup, but can't seem to find how the custom role provider code will be shared between the web apps and the windows apps.
View 3 Repliesi am developing a website in vb.net ,as i am having 3 urser,customer,admin,and employee
i have taken the loginpage and in the codebehind i have permission access to the customer,admin and employee,with different user names and password now my problem is how to make the page to recover the password if the user forget the username or password
I've just started a small ASP.NET web application. In this project, I need to authenticate the users with Active Driectory. I managed to authenticate the users successfully with Active Directory. But with Authorization with Custom Role Provider, I'm so confused.You see, the user name and password are stored in AD. So, my approach is that after the LoggedIn event of the Login Control, I check if UserName is not yet stored in the Users table yet, then I will store the UserName there. Eventually, I have all the UserName of the AD users store in the Users table so I can assign Roles to the users.
Let's say I assigned UserA to RoleOne. After he logs in successfully, I do some query to look for his Roles.
Where do I keep the Role ticket? In the Cookie or in the session? How does the authorization of ASP.NET role provider work? I want to store the authentication ticket like ASP.NET role prover does too.
I have a custom oledb role provider that pretty much a cust and past of:
[URL]
except I've used oledb instead of odbc. I'm connecting to an oracle database and the tables have been created with out any issues. now if I go into the Website Administration Tool and try to create a new role I get the error
"Specified cast is not valid."
I can create a role directly in the database (through TOAD) and the role will show up in the .NET WAT, so I know it can make the connection and read the info just fine. I just can't create or delete or modify a role without the above error.
I'm using C# in VS 2008 Pro.
My provider code is as follows:
[Code]....
i have a "CreateUserWizard" in my page, the problem is i cant give a roll to that user, only a default role.
I tryed to it with a dropdown with roles and doing if's in the code behind but doesnt work, someone know how to do it?
ASPX:
[Code]....
C#:
[Code]....
I would like to collect all the emails from all users in a certain role. How would I do this ?
View 1 RepliesI was just wondering if anyone has ever had to port the schema across? Are there any experts that could pitch their opinions on the achievability of this (mad) idea? I'm using the IBM Migration Toolkit and as expected its throwing a bunch of translation errors some of which were relatively easy to solve (vendor specific function calls for example) and some will take quite a while to pin down and work round.... however this is not my main concern.
If completed I expect I am going to have to basically rework all the System.Web.Profile/Roles/Membership namespace classes etc to work round the SQL limitations of informix (i.e. IDS11.x SQL server doesnt have a DEFAULT (newguid()) so that would have to be put into the calling method) (and any MVP comments really as I can slap my boss round with the weight after he ludicrously agreed to this project for a client without doing any research...)
There are multiple roles. (Role A, Role B etc) There are multiple input/output fields. (Field A, Field B etc) There are multiple permission levels controlling access to each field. (Read, Direct Edit, Edit With Approval, None) Each role has its own permissions to fields. (Role A has Read Permission to Field A; Role B has Direct Edit permission to Field A etc) Every role can be assigned to users and they are assigned by Geographic information. (User A is assigned to Role A for Continent: Europe - Country: Germany; User B is assigned to Role A for Continent: Europe - Country: France; User A is assigned to Role B for Continent: Europe - Country: France etc) Users can have multiple roles User identity is coming from Windows Authentication.
is it possible to represent this type of kind of multi-layered security model using ASP.NET internal membership/role providers? If so, what should my starting point be? Creating only custom role provider with custom methods and fields be enough?
I am trying to create a Forms Authenticated site and have already used the aspnet_regsql tool to create the necessary logic in my SQL Server DB to hold my data. Now, I am looking to create a custom Membership, User and Role provider for my DB model. I was looking at the following video: [URL]
Now, I get the concept on how to go about it but I notice that this guy uses custom DB Procedures as to the ones that are generated by the aspnet_regsql tool. Can anyone direct me on where I can find info on how to go about building the Membership, User and Role provider class using the DB structure that aspnet_regsql generates? So much junk on google that I am having a hard time finding good guidance.
I have an existing ASPNET role/membership database created on SQLExpress 2005 (WIndows 2003 Server). I created it under the .NET 3 framework many years ago using the aspnet_regsql.exe application in full GUI mode.
I am setting up a new Windows 2008R2 server with .Net Framework 4 and SQL Server 2008R2. I don't want users to have to recreate accounts or create roles, etc.
So...
1. Should I backup the current database and import it into the new system, and if so do I even need to use the aspnet_regsql.exe application. (If so which version do I use, different aspnet_regsql.exe files exist in different directories (i.e., FrameWork, FrameWork64)
2. Should I just run aspnet_regsql.exe on its own and then somehow try to import the current data into those tables.
I am concerned that if I just import somehow the roles within SQL server will not be created properly.
I want to implement role base access security on a script instead of database .
Using asp.net 2008
Considering various different user roles in scripting- role base access on same page. not in the database Different user should be able to see only particular information on the page, which is assign to him. This should be done on the bases of scripting not in the database.In short administrators and users contains should be on one page and they should be distinguish according to the role of administrator and user on same page.
Need to put validation and verification on the scripting page, not from the database.
My CLIENT REQUIREMENT IS :-
Defination of project
The goal of this project is to extend role-based access from data to scripts. The users are classified into different roles. A script will display different information according to the role of the user.
The main aim behind implementing this project is, as nowadays people try to access the code and try to break into the secure codes via cookies as well as link information along with domain names. So in order to prevent this if the role base access security is kept on a script instead of database then it might be possibly less chance of breaking this kind of security.
In making this kind of functionality we need to deal security of webpage with the help of script. So the whole idea is to identify the user and separate contains which are only accessible to the specific user. In order to research and implement this project, we need to have core understanding and knowledge of the scripting fundamental and how exactly the scripting is working on webpage.
So looking towards this project we are planning to deal with somehow role base access in scripting.
Nowadays you might have seen security has become a larger issue, moreover providing security on website is one of the major concerned in today's life. As the network of wired and wireless network has extended in very large volume, you can see unsecure internet access in many place and in this unsecure there might be possibility of hacking becomes very easy.
So in order to make this security tight or in order to make website more secure we are planning to build this project.
How can i get the role id, rather than the role name?
For instance with the code below
Dim roles1 As String() = Roles.GetAllRoles()
GridView1.DataSource = roles1
GridView1.DataBind()
I can access the role name in the gridview like below, but how could I get the ID to pass in a hyperlink?
<asp:Label ID="lbl1" runat="server" Text='<%#Container.DataItem.ToString() %>' Visible="false" />
I am using ASP.NET Forms Authentication for my application. I have made my Password Format "Clear", so no problems with the password encryption. I need to create a view(in SQL server) to display all Administrators in my System. ie aspnet_Roles.LoweredRoleName='administrator' The fields needed are UserName and Password
View 1 RepliesI'd like to mimic the behavior of the "profile provider" that is available in .Net. The profile provider acquires profile properties from the web.config and those properties are immediately available as an enum for use in the code behind.I'm unsure how to do this, and wondered whether someone may be able to help.Essentially I'd like to allow developers to enter Role information into the web.config, and then have this role information available for use within an enum in the codebehind.
View 1 Replies