Security :: How To Prevent New Users From Logging In Immediately / Account Approval
Jul 17, 2010
I am implementing strightforward membership provider. I do not want new users to be able to login without being approved.
I have tried the setting on the registration wizard called DisableCreatedUser="True" and this does not work.
I also set LoginCreatedUser to False, and the user still gets logged in.
If I look in the SQL membership table, 'IsApproved' is set to 0 for the account, but they can still login.
View 9 Replies
Similar Messages:
Dec 16, 2010
I am looking at how best to prevent a single user account logging on multiple times in a webforms application. I know that MembershipUser.IsOnline exists, but I've read a few forum and blog entries suggesting that this can be unreliable, particularly in scenarios where a user closes a browser (without logging out) and attempts to logon with a different machine or browser.I looked at implementing a last past the post type system; when a user logs on older users are simply kicked off. It seems that FormsAuthentication.Signout() only works for the current user.
View 2 Replies
Apr 9, 2010
I have a folder within my website called 'ProtectedPages' which contains pages which users can only see if they have logged in (MyAccount.aspx etc). If they bookmark that page and try to go to it without logging-in, they are immediately bounced to my login page.However, if I have text files, images etc. in there, then it seems users can get to these fine without the need to login - all they need is the URL. For example, I could send the URL http://mysite.com/ProtectedPages/MyAccount.aspx to a friend and he wouldn't be able to access it until he had logged in. However, I could send himttp://mysite.com/ProtectedPages/ATextDocument.txt and it would show it to him without any problems.How would I go about protecting ALL files within this folder? I have a web.config file within the ProtectedPages folder which just has this information in it (I don't want TrainingAdministrator's to have access to that folder at all)
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<system.web>
[code]...
View 7 Replies
Jul 28, 2014
I have a web app Which Uses Forms Authentication.
One thing that we want to be able to do on Support is login to a specific users account Via our admin account.
We are using the standard asp.net membership authentication.
The idea would be for the support technition to be able to login using credentials like admin(<Troubled User>) using the Admin Account password
We are using a a Standard ASP.Login Control
The real Issue is that the Me.Page.User.Identity.Name is set to the value on the CtlLogin.Username Property. I need it to be the the Support Login?
Login Control
Code:
<asp:Login ID="ctlLogin" runat="server" DisplayRememberMe="False" Font-Names="Arial Rounded MT Bold" Font-Size="12pt" ForeColor="Black"
MembershipProvider="MembershipProvider" Width="100%" TitleText="" UserNameLabelText="User" VisibleWhenLoggedIn="False" RememberMeSet="True"
PasswordLabelText="Password" EnableTheming="False" Height="35px" >
[Code] ....
Validate User Script
Code:
Dim objstrSupUser As String = ""
'Load the user from the membership provider
Dim strUserName As String = ctlLogin.UserName
If ctlLogin.UserName.IndexOf("(") > 0 Then
objstrSupUser = Regex.Match(strUserName, "(([^)]*))").Groups(1).Value
[Code] ....
View 5 Replies
May 3, 2010
suppose we've created a web app for our customers.
how to prevent to access web page code (aspx code or behind code) for our customers ?
how to implement security and licensing information for web apps ?
View 6 Replies
Apr 7, 2010
I have directories in my website which require authentication.
But when i type the url with the directory name it lets me see the files but doesnt allow access as users need to login.
How can i stop users viewing files if they manually type directory name in?
View 5 Replies
Feb 1, 2011
I am using standard ASP.net security and want to how I go about prventing the same user from logging in twice.
If the user is already logged in and they log in again what I want to happen is for them to cancel the previous session and log that session out.
Can this be written into the webconfig file as part of the membership profile? I have tried to find this and it does not seem to be possible.
View 6 Replies
Jan 12, 2011
I think my subject line explains my problem in a nutshell.. I have a login page, I login like I should and everything works.I logout and when I type/paste the address to the page, in the address field, I still reach it just like if I was still logged in..The page I type in the address field is in a subfolder, only suppose to be able to be reached by logged in users and in this folder,ith it's own web.config-file:
<?xml version="1.0"?>
<configuration>
<system.web>
[code]...
View 9 Replies
Jul 10, 2010
So its a ASP.NET problem where two users using the same machine, same browser:
User 1 logs in the domain.
User 1 changes some data without saving it.
User 2 logs in the domain in a separate tab.
User 1 switches back to his tab and saves the data.
User 1 actually saved the data into User 2!!
This is caused by the following mechanism:
Different tabs in the same browser seems to share the same session id.
We are storing user auth in cookie and the cookie is shared between tabs (same domain)
Therefore, when User 1 request to save, it is recognized as User 2 since the cookie has been updated to User 2.
So I'm wondering if there's any other methods to prevent this from happening, other than:
1. Use cookieless session so the session is embedded in uri.
2. Always include a hidden field in page to indicate which user owns the page.
View 3 Replies
Jul 23, 2010
I am using asp.net membership and the login control. I would like to prevent a user from logging in with the same use rname if they are already logged in. I would like to place code in the LoggingIn or Authenticate event of the login control to check whether the user is login and prevent them from logging in again. Any ideas on the best way to do this?
View 22 Replies
Jan 2, 2010
I am providing registered members of a website a weekly mailing which contains URLs to private pages on the website.
For usability purposes, I don't want the user to have to provide their credentials after they click on the URL.
I am using the ASP.NET Membership provider model.
Question
How can I implement this so that the user can be logged in by virtue of clicking a specialized URL link?
View 2 Replies
Feb 16, 2011
I have a default page which has the login control, this page is in the main directory. Then I have a bunch of pages that I only want viewable to people that have logged in a "MemberPages" directory. My problem is when I click on login button on the default page, using a username and pass that is not in the DB, it still takes me to all my member pages
I went through the asp.net config and set the "MemberPages directory to deny all not auth users. But it still has the faded one that is inherited from the main that allows all and cant be changed (maybe that is the problem? But I can't delete it) What else?
Here is my web.config from the MemberPages directory.
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<system.web>
<authorization>
<deny users="?" />
</authorization>
</system.web>
</configuration>
Here is my main web.config.
<configuration>
<connectionStrings>
<add name="LoginSQL" providerName="System.Data.SqlClient"
connectionString="Data Source=xx.xx.xx.xx;Initial Catalog=xxxx;UID=xxxxxxx ;pwd=xxxxx;"/>
</connectionStrings>
<system.web>
<compilation debug="true" targetFramework="4.0"/>
<authentication mode="Forms">
<forms name="Login" loginUrl="Default.aspx" timeout="20" />
</authentication>
<membership>
<providers>
<add connectionStringName="LoginSQL" applicationName="Login"
enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="true"
requiresUniqueEmail="true" passwordFormat="Hashed" maxInvalidPasswordAttempts="3"
passwordAttemptWindow="30" minRequiredPasswordLength="6" minRequiredNonalphanumericCharacters="0"
name="MySqlLoginProvider" type="System.Web.Security.SqlMembershipProvider" />
</providers>
</membership>
<profile>
<providers>
<clear/>
<add name="AspNetSqlProfileProvider" type="System.Web.Profile.SqlProfileProvider" connectionStringName="ApplicationServices" applicationName="/"/>
</providers>
</profile>
<roleManager cacheRolesInCookie="true" cookieName=".ASPRoles"
cookieTimeout="60">
<providers>
<add connectionStringName="LoginSQL" applicationName="Login"
name="MyRoleProvider" type="System.Web.Security.SqlRoleProvider" />
</providers>
</roleManager>
</system.web>
<system.webServer>
<modules runAllManagedModulesForAllRequests="true"/>
</system.webServer>
</configuration>
View 3 Replies
Jul 8, 2010
I see that the changes done to CAS permissions (say changing the permission set of applications running in my computer) do not work immediately. I noticed before that the changes did take effect later on. Can anyone tell me what needs to be done to see the effects of the changes immediately?
View 3 Replies
Feb 14, 2011
I have a application that connects to a remote sql server. I am able to create users and they are stored in the DB. Then I can go to the login page and login. But after a while, I am unable to log in and it just sits at the login page. The user is still in the DB
<configuration>
<connectionStrings>
<add name="LoginSQL" providerName="System.Data.SqlClient"
[code]...
View 1 Replies
Mar 18, 2011
I recently inherited an asp.net website made up of multiple .aspx and .ascx pages and being rather new to web development and especailly asp.net. I have the site create a cookie upon login to automatically log users back in if the page times out on them while they're entering information.
I need the site to automatically log users out when the site is closed. Obviously using the me.close event on each page won't work because we don't want it to log people out every time they navigate to a new page in the site.
I've tried setting the timeouts in both IIS and in the files of the website to longer but it doesn't seem to have an effect.
Is there an easy way to automatically log users out when they leave the site but not when they navigate from page to page.
View 1 Replies
Jul 6, 2010
I'm debugging some unexpected behavior and while tracing in to the .NET framework I see a bunch of stuff like this:
if (Logging.On) {
Logging.PrintInfo(Logging.Web, this, SR.GetString(SR.net_log_n_certs_after_filtering, filteredCerts.Count));
...
}
But (as expected by default) the execution steps right over these. Is there some way to turn on the logging? Or is that just something that the framework developers can do while making special builds of the framework?
View 1 Replies
Mar 17, 2011
I have just created an extra table named AccountDetails with four columns named AccNo,Balance,Transfer and UserId as foreign key to aspnet_userID primary key. I want to display users account and balance whenever the user successfully loged in.
View 4 Replies
Sep 20, 2010
We use windows authentication. User opens our website in tab1 and does some action but with out clicking on save he opens a new tab tab2 and opens the same website again. Now, if the user session in tab1 is active i need to warn users that the he is already logged on to application in some other browser and go to some log out page. But if the user session in tab1 is timed out then he must be able to continue with the website in tab2 as usual, but if he tries to do anything in tab1 he should go to session expired page.
I tried implementing it in following way.
I have a hidden field in each page which will be set to unique Id using GUID.NewID().
when user requests for a page the following code is executed.
[Code]....
View 1 Replies
Mar 25, 2011
I'm using ASP.NET MVC and I want to authenticate users with their Google or Facebook account
View 4 Replies
Feb 15, 2010
We would like to redirect a user to a different page based on his or her credentials.
In other words, if a user's credentials are authenticated, a user is presented with a dropdown list belonging to his/her group to select from.
So far, it doesn't matter what the user's credentials are, the user is not getting redirected.
[code]....
View 3 Replies
Mar 20, 2010
I have tried looking everywhere but I can't seem to work out how to do the follow:
I am trying to make a page that will display the fields that are asscoiated with the current logged in user:
User name
Secret Question and Answer fields of the authenticated user,
Last Login date of that user
Last Password changed date of that user
When the account was created of that user.
Here is my code so far (I have not attached my code behind file because it is empty)
[Code]....
Also by default it does not display anything, so after the .aspx extension I add .aspx?UserId=1 and it displays the first record on the database. But if I change it to .aspx?UserId=2 or
.aspx?UserId=3 etc, it still displays the first record on the database. Why does it not display the next user name. (I am logged in with admin and it is displaying a user that is in another role group)
View 7 Replies
Aug 15, 2012
I created a user manually using Membership.CreateUser(). User created successfully but as soon user create Logged In User's tasks display. I want to use DisableCreatedUser() some how. or is any method to disable it?
View 1 Replies
Aug 28, 2010
What whould be the best way to prevent multiple users on a page?
For example if a user is at the page "Home.aspx", no other users should be allowed to go there.
I'm using asp.net on the server and the js-frameword jQuery on the client side.
View 4 Replies
Oct 28, 2010
How to Prevent PDF Document from Being download to users PC? it can be viewed on browser but should not download the file to PC.
View 4 Replies
May 15, 2010
i have been writing a music website for my customer using ASP.NET. Everything has been cool except I don't know how to prevent the users from downloadng the song which is being played. For example, I click "Heal the world" to play and while the song is playing, I dont't want the IDM download manager or other download programs appear the download dialog
View 5 Replies
