When a user creates an account can not sign until his account is manually approved.I use the Membership. The table column IsApproved.When I create account must be IsApproved = False
View 3 RepliesWe have just migrated our application from VS 2008 to VS 2010 and our database from Sql server 2005 to 2008. Everything was working great until i tried to login to the site.
As when i try to log into the site, i am surprisingly always getting "FALSE" from Membership.Validateuser (). I goggled it and now i know i am not the alone victim of this irritating bug. Our live site is going to be down...
I am trying to delete an asp.net user from all tables. When I call: bool isDeleted = Membership.DeleteUser(username, true); isDeleted is being set to false; Is there a way to tell why it is not deleting the user?
View 4 RepliesI know this looks similar to other questions here but I don't think my case is the same as theirs.
I have a website that uses the AspNetSqlMembershipProvider to validate users. I would like to use the same database from a console application. According to several articles on the web I can use the System.Web.Security.Membership class from outside ASP.NET by copying the appropriate sections from web.config to app.config. That is what I did.
My console appliction can get the user with the requested name and I can confirm that the user is approved and is not locked out but ValidateUser returns false for a correct username and password pair.
I have found articles where people have had trouble with migrating code which may be due to a machine key mismatch but have also found a reference saying that machine key is only used if the passwordFormat property equals encrypted whereas I am using hashed.
Is the issue that the two pieces of code - the website and the console app - are in different assemblies and the assembly name or other property is being used during password hashing? In both cases the application name property is set to /.
Should I continue with this approach or just access the database directly and hash the password myself?
I'm working on a website where it should be possible for registered users to upload word documents. The administration of users is done through Membership and Profiles. When the documents have been uploaded, the following needs to be achieved:Non-registered users should not be allowed to download documents I should be able to control which users that has access to which documents I should be able to register which user downloads which documents I should be able to track how many times a document has been downloaded
Can this be achieved be using Membership and Profiles?
I'm trying to use the Membership.CreateUser method without passing a security question and answer. I set them to string.empty, but no go. I have my provider set to not require a question in my web.config. What am I doing wrong?
[Code]....
I'm working with the default asp.net membershipprovider. Now, by default, that requires that all members registere have all unique email-addresses.However, I'd like to override that because, in a code behind of a certain webpage, I do not need emails to be unique.
View 4 RepliesThis is my first membership provider; I converted the sample provider [URL] to SQL. I created a vb class provider and put it into the App_Code folder. After it was created I tried to modify my webconfig but the error pops up. I don't know what else to try, I don't know if I have missed something
webconfig:
[code]....
I have configured Forms Authentication in my web config file as below.
Following is my code
[Code]....
The issue is that FormsAuthentication.Authenticate never returns true. This is a very simple website with only two pages and no other code(The code too was copied from MSDN).
[Code]....
i trying to include a name property which is save in aspnet_Profile when registering user with aspnet_Membership
I try to assign a name to the newly registered user but at first it pop outa ProviderException saying "This property cannot be set for anonymous users."
Then i try to set the IsAnonymous to False in the code, but it say the property is ReadOnly
How do i fix this problem? Or is there any better way to do this?
Below is my code.
[Code]....
I have started to implement asp membership. I go the administration page and click provider. I have a database on a server on the local network that i want to install my members tables in. When i run the
aspnet_regsq.exe it doesn't ask me what SQL database i want to use and seems to default to my local SQL Server 2005 installation. How I change this to use my SQL Express database on a local server?
I have to implement a small webshop. Basically it's just a website with a huge backend ERP System and with the possibility to sell one (yap, really only one!) product on the website. The only requirement is a MySQL Server. The backend is almost finished (about 95%) and is secured with the .net MemberShip Provider for MySQL (the one in MySql.Web from the MySql Connector .NET).
Now to my question: I can set up the membership system easily but I do not need such things like username or password-question but I would need a reference to an address table to store the users home address. So, it is possible to change or customize the membership system to for eg. a unique customer id instead of the username column and set this in codebehind when the user is creating a new account? And is it possible to insert new users/customers from codebehind in an easy way? (I mean without checking each foreign key and inserting the customer reference to the userinrole table and so on...)
I am building a site and I want to use the default membership controls provided with asp.net like Login View Control etc. I don't want to use the ASP.Net Membership DB as I want to use my own Security structure and I don't want to inherit the ASP.Net membership class either. In my case how can I use these controls to aid me like how will a login view control detect if someone is authenticated or not.
View 7 RepliesOur web application hosted from windows 2003 server, is trying to access a file present in a shared folder of another windows 2003 server. The path for the shared folder is configured in the webconfig file in the below format.
<add key="ReportPath" value="\<Server_Name>Reports"/>
if (!File.Exists(ReportPath))
/ Show the report in a link
This function File.Exists() always returns false and when I try to remove the check, it returned the exception, "Logon failure: unknown username or bad password."
I have a webpage stored on a local server (Site A) which when I browse to it is given my windows account details, this site then checks within AD to get my email address. My email address is then passed to another website (Site B) and consumed. The Website A is set in IIS to Integrated Windows Auth Only, WebSite A has
<identity impersonate="false"/>
set in the web.config What I dont understand is what user is accessing AD from site A - with impersonate = false that is telling the site not impersonate the windows user, but this seems at odds with the setting in IIS.
I have a situation...i need to change requiresQuestionAndAnswer and requiresUniqueEmail values to false at runtime(for membership providers)
View 4 RepliesI create two pages, the first one is the login page with user name and password textboxes - (not asp login control) , when clicking login button I check the login authentication, if it is true redirect to default page. in the default page if !IsCallBack then i check httpcontext.current.user.identity.isauthenticated
if it is false i redirect the user to the login page. but my problem is that the httpcontext.current.user.identity.isauthenticated is always false.
Below the section of authentication in web config
[code]....
The result is FALSE after the first step in creating a new user account:
<asp:CreateUserWizard ID="CreateUserWizard1"
<asp:CreateUserWizardStep ID="CreateUserWizardStep1"
The result is TRUE after the second step in creating a user account
i am using password recovery control. but i have one difficulty that when user click on the "Forgot Password" link he will redirect to enter "UserName" view of password recovery template. and when user enter "User Name" and click submit button he will redirect to the "Question" view of the Password recovery control and then user click on the "Cancel" button. but when user again click on the "Forgot Password" link the "Question" view is displayed instead of the "UserName" view. i m not able to reset Password control to "UserName" view.
View 4 RepliesI've set up a system with forms based authentication and using the asp:Login control. When I put in an invalid password I get the approriate invalid password message. However when I put in a valid password, it does nothing...just returns to the login page again. I'm triple checked the login info. There is no error message, and the invalid attempts counter doesn't increment. When I put a break point in the Login_LoggedIn event of the Login form, it hits it, but User.Identity.IsAuthenticated is false. I'm not 100% sure it should be true at this point, as I'm pretty new to .NET but it seems kind of odd.
My user database is stored in a sqlserver 2005 db that already existed. I've added a new connection for it.In the authorization I have
<authorization>deny
users="?"/><authorization>
I created a soultion and used membership for login and I have the site working fine you can log in and out and I can see that my roles are working. I created a folder called Admin and I created a webpage in there that I can edit my data table that I wanted to be able to edit when I am logged in as a user with Admin role thats working... well it works...
anyone can get to this webpage and edit my data. I have it set in the membership using the role managment to deny users * and allow users with Admin role however I can open up a new browser with out login into my site and type in the web information and it pops right up says Welcome:Guest [LOGIN] theres my data and I can edit it see do whatever and this page shouldn't be able to be seen.
What did I do wrong?
example www.domainname.com/admin/editmydata.aspx
am working on an asp.net application with membership controls and the SQL Server database. I have this put together, however it appears that adjustments need to be made to enhance security. Many websites have membership features, so I was wondering if there are some blog posts that describe the steps that need to be made to enhance security.
View 3 RepliesI need an app pool recycle to be completely transparent to the users of my web app. I use ASP.NET 3.5 MVC 1.
Currently, upon an IIS 7 App Pool recycle all users logged into my web app are kicked out and are required to log back in (Context.User.Identity.IsAuthenticated is set to false). I employ SQL State Server, I use forms authentication and both are configured to use cookies. I was under the impression that .NET and/or IIS handles authentication of cookies.
However, every time the app pool is recycled Context.User.Identity.IsAuthenticated is set to false my users are kicked out and are required to log back in. I can see that the session id remains the same throughout logins, I can also view this session information in the database/state server.
Logon method:
[Code]....
Custom Controller Attribute:
[Code]....
WebConfig:
[Code]....
why cant i type the following code on the masterpage's vb code behind?I am abel to do it on a normal aspx's code behing, why not on the masterpage'si am trying to use the following code in the page_load event
[Code]....
i use membership provider in my website
i use membership methods like getUser() and so one
i need to add some other methods like getAllApprovedUsers()
where and how can i add this method to membership but i want to use standard membership methods