I have created 3 different folders (admin, user, viewer) in my site and each has a different template (masterPage). I created user and roles which are admins, users, and viewers. I assigned each role to a user in .Net administration Tool.
What I need to do is to allow each user to access his page only and deny access to others , except for the admin who can access all pages.
My project has a Guest folder and an admin folder.
Guest has a guest1.aspx page and admin has admin1.aspx page.
Now I am trying to figure out a login control which will check the role of the user and send them to the respective pages accordingly.
The names are not in the database or the active directory...
These names are on the windows 2003 server...
So I need to check from the server if the user exists and what is its role in it.. Suppose there is company which has 10 employees and one administrator.. the company has a server and these employees are on the same domain. So the admin can add that machine to the server or delete it.. now every machine has its username password and domain.. i want my gui to use the same credentials to log into the gui and send them to the respective pages according to the role..
I have used .net login control to authenticate user,i have three types of role ,role1,role2 and role3 and i have users and user have different roles.
now my requirement is like as per loggedin user i want to redirect user on particular page as per role.
for example if loggedin user role is role1 than he will redirect default1.aspx
for example if loggedin user role is role2 than he will redirect default2.aspx
for example if loggedin user role is role3 than he will redirect default3.aspx
and one question if same user may be have more than one role than what should happen???
I got a solution for same than if we are used "loggingin" event than it would be possible but i had placed login control in login view anonymous template because as per my requirement i want that after successfull login user can't see login control on page.thats why i didn't get the login control event on code.
I'm using the built-in membership controls and classes to manage authorization and authentication in my app. Here's what I want to do: If the user is in "Manager" role, I want to send him/her to the manager page no matter where he/she came from. If the user is in "Supervisor" role, I want to send him/her to supervisor page no matter where he/she came from. However, if the user is not in any role, just a registered member, I want to send him/her back to where he/she came from as stated in ReturnUrl. If no, ReturnUrl is specified, I will send him/her to the home page.
On my login page, I'm using the Login server control but in my code behind, there's no method wired to the control because the control takes care of everything. I assume I need to add a method and wire it to the submit button, is that right? If so, I'll have to really handle the login event which means I'll need more info about how to do that.
I have following situation: A web with a defaults.aspx & login.aspx 2 folders ADMIN & MASTER, in the ADMIN folder is a content page admin.aspx who's master is in the master folder.when I place, following web.config in the ADMIN folder he still is showing the admin.aspx for all users, when I place a new standalone aspx file in that directory the access is denied.Why is de content file not secured ? Must I secure the master file so do i need a new masterfile for each rol, user then...
in that directory<system.web>
<authorization>
<allow
[code]....
I've built a windows 2003 server at work with SQL server 2008, we normally login to a domain of which I don't have administrator access. Is there a way I can build and use a database of Roles to work with logged in users?
View 3 RepliesHow to Direct Users to specific Page By roles?
View 10 RepliesI have a site witl forms authentication using te login control. I altered my sql server, I added a connectionstring and used the connectionstring in both, <rolemanager> and <Membership>. That part of the web.config is listed below.
The problem is that the login control goed to SQLserver to check the users and their passwords, but it goed to the SQLExpress database for the roles.....
[code]...
I have users that belong to more than one role and I have a login view for those roles but I only see the first role's content.
How should I be going about getting to see all content for the roles that user is in? My user logs in and is a member of MACED and ADMIN but only sees the links for MACED
[Code]....
I have a sitemap of 5 items. 2 items i only want the admin to see. I want the user to be able to login and the system recognise who it is and if an admin, bring up the 2 items in the sitemap. If not an admin, hide the items.
View 3 Repliesi used security in login page which restricts all users who have not logged in to all pages. I need to restrict specific users to specific pages. I'm not using AspSqlService provider. So i cannot create roles and restrict automatically. And the pictures i use in login page are not visible @ runtime.
View 1 RepliesI'm using the following code which autheticates a user and redirect him to a members webpage. This works however if I access the protected page directly I bypass the security. Do I need a check in the OnLOAD for each page? My second question is how to say hello username on the members page. What variable can I reference to display the username?
[Code]....
I didn't really know where to post this so thought i'd postit where hopefully people understood the page cycle and what's going on when people perform logins.So I don't know if people have noticed before but Facebook uses an unencrypted page for login, albeit the page redirects to an encrypted page but that very first POST is clearly visible to everyone- I've looked using Tamper Data in Firefox.How is it they can get away with this, or am I missing something here? Have they decided that if people don't look after their own security then it's not their fault? I do't understand as eBay, Amazon etc all make you go to an SSL page to login, obviously because all request and post data is encrypted... Why can Facebook do away with this security measure? I don't understand.Just looking for some insight in being able to have login controls placed on unencrypted pages and then redirecting people to secure pages.. it still doesn't work out in my head though?
View 2 RepliesI want to create a website that a user can logon and view their data. They should also be able to logout. I'm wondering how to achieve this WITHOUT using the Membership provider api provided by Microsoft. This is what I think should happen.
1. user enters name and password and clicks button.
2.If username and password are correct the user is redirected to a webpage with their details.
3.A session is created.
4.The user logouts and the session is deleted.
I developed our feature rich web page which is constantly changing. I'm not much of a programmer but I know HTML and CSS pretty well. I have a need to create a couple of login page for prospects and end users to get to secured content. I put together a page that works perfectly in Microsoft Visual Web developer Express 2010. This includes a login page. Ironically, after learning how to do all this from a book, there is a web page that perfectly chronicles what I am trying to accomplish and the steps to do it. It's here: [URL]
I don't expect you to watch it, but there is a simple aspx page created for login and then users are created and the content is displayed after successful login. It works fine in m development environment, but when I post, nothing. Furthermore, twice in the last two days, after downloading my current site to my hard drive, and then posting back after adding this functionality, my FrontPage forms stopped working. I had to have my website restored from backup. The whole thing makes no sense and I can't find any precedence posted on any user forums. So any testing I do seems to wipe out my navigation structure.
I'm going to establish the site on a different server tonight and see if its configuration. If that works, I'm not sure where to g next. I'd appreciate any thoughts. The worst part is I can't post a test page or my Fropage contact forms stop working.
My client wants 2 separate login pages for an ASP.Net app, one for regular users, one for support staff. I am using the standard FormAuthentication component for authentication. Is it possible to redirect a regular user to one login page after a timeout, and also to redirect an admin user to a different page after a timeout? The loginUrl attribute of <forms> in web.config is read-only, and cannot be edited at runtime.
Regular User -> Timeout -> Login.aspx
Support User ->Timeout -> SupportLogin.aspx
I have a website statistics program that creates .htm pages for viewing. Im trying to keep them in their own folder on the root - "Statistics"After reading many posts I have tried many iterations of:
[code]...
Problem is, an .aspx pages in there won't get served with login, but all the .htm pages will.
I have read the many posts of people trying to use two different login pages: one for users and one for admins. My question is very different. I have a Site.master page with a LoginView and LoginControl. I then have three root level pages Default.aspx, About.aspx, and Contact.aspx that derive from the Site.master. All three pages are set in the web.config to be allowed to all users. I then have a MemberPage in a Member folder which is only accessible to authenticated users. What I want to have happen is to be able to login from either the Default, About, or Contact pages and then be directed to the MemberPage.
View 2 RepliesI am using visual stuido 2010 and vb. I am trying to direct users to one of three different pages upon sign in, depending on their role. Basically I have three roles: administrators, dealers, and customers And three respective destination page urls: admin/default.aspx, dealer/default.aspx, and customers/default.aspx. Everything I can find in the forums is in C. So far I have nothing, so I guess I'm asking someone to write the whole sub for me. I wish I was more proficient, but I'm working on it.
View 4 RepliesI have a multi level application that I am developing and need to block multiple rows from being joined. I know how to hide one role but I cannot figure out how to hide multiple.
Here is my current code
[Code]....
Newb question: what is the standard practice for assigning roles to newly signed-on members. Is it usually manual or is there a way of automatically assigning roles. Being completely new to this, I am confronted by the issue of my site having three different roles that new members could fall into, but am unsure about how to assign each a role. I can't imagine having to go through the process manually if I have thousands of members.
View 6 RepliesWhat if, I'm not using the LOGIN CONTROL but rather creating a Custom Control for Login. Is it possible to have user roles and a site map that redirects to its own destination when the user login?
View 1 RepliesNeed the code for the login /logout in my sample project and how to attin logout in the all pages. dont mistake me as i am learning (fresher) the asp.net 2005
View 2 RepliesI've set up a system with forms based authentication and using the asp:Login control. When I put in an invalid password I get the approriate invalid password message. However when I put in a valid password, it does nothing...just returns to the login page again. I'm triple checked the login info. There is no error message, and the invalid attempts counter doesn't increment. When I put a break point in the Login_LoggedIn event of the Login form, it hits it, but User.Identity.IsAuthenticated is false. I'm not 100% sure it should be true at this point, as I'm pretty new to .NET but it seems kind of odd.
My user database is stored in a sqlserver 2005 db that already existed. I've added a new connection for it.In the authorization I have
<authorization>deny
users="?"/><authorization>
I want to build web pages using ASP.NET 4.0 (C#), and I want some controls to be appear for the admin role for example. And disappear for the normal user.
The question is: Is this method PERFECT? or there are many better methods to apply?