Security :: MembershipUser.IsOnline Always Return True?
Sep 21, 2010I have a page in my MVC application that shows all the users registered on the site. I retrieve informations about an User with this call:
[Code]....
I have a page in my MVC application that shows all the users registered on the site. I retrieve informations about an User with this call:
[Code]....
it relates with isOnline. I have searched every post in this forum to know how to deal with isOnline but I still stuck. Let's go to the main problem. I log in into the account, so the isOnline will be true. That's perfect. Set the userIsOnlineTimeWindow by default (15 mins). Then I log out. Base on MSDN, the isOnline is calculated by current time - userIsOnlineTimeWindow which is earlier LastActivityDate. Let say I log in at 2:30:00, wait until 2:35:00 to log out, so current time is 2:35:00, and then subtract 15, we get 2:20:00. The result is earlier than LastActivityDate which is 2:35:00, but why the isOnline still true?
View 4 RepliesI have an approve button.on clicking on this button it should show that an inactive value is present .Onclicking yes conformation it should save the data or else clicking on no conformation should return false; how i will do that?After alert it always submit the data.
protected void ibtApprove_Click(object sender, ImageClickEventArgs e)
{
string otherAffiliateName = txtRequestedAffiliate.Text;
int inActiveAffiliates = new BLRating().InActiveAAffiliateChecking(otherAffiliateName);
if (inActiveAffiliates > 0)
[code]...
This is the code i used.how i wiil stay back on Confirm 'no' click?
What is the use of the MemberShipUser Class and can we use our own database with MemberShip User Class? Please provide me the some example.
View 1 RepliesWhen I run the following debugging code it writes out credits:0
Dim MembershipUser As MembershipUser = Membership.GetUser()
Dim UID As String = MembershipUser.ProviderUserKey.ToString
SQL = "SELECT SUM(Credits) As Credits FROM Credits WHERE " & _
"DateDiff(m, [DateTime], GETDATE()) < 6 AND [UserID]=@UserID;"
cmd = New SqlCommand(SQL, Conn)
cmd.Parameters.Add(New SqlParameter("@UserID", UID))
DataReader = cmd.ExecuteReader()
If DataReader.HasRows Then
Do While DataReader.Read
[Code]....
MembershipUser newUser = Membership.CreateUser(UsernameTextbox.Text, PasswordTextbox.Text);In web.config i have connection string but i would like to use MemBershipUser on different connection string.
View 1 RepliesBefore spening anymore time researching this, I'd like some opinions.I inherited a .Net application - and I won't even mention that the previous owner built it using inline code and removed the code behind pages - so I have a LOT of fixing to do, including adding a data access layer.But, there is a login control and this sets the MembershipUser.There is a second app, written in ColdFusion, that I am passing one variable to the .Net app.We need one login for both apps. So, the CF is logged in and goes to the .Net app.I can check this var and see if the user exists but need to log the user in and set roles and Membership but bypass the login of the login control.
View 2 RepliesI'm have a doubt using membershipuser to create users in the AD with Membership.CreateUser Method, does any one knows how can i send other attibutes to the AD, such as First Name and Last Name?, besides those ones: username
As String, _
password As String, _
email As String, _
passwordQuestion As String, _
passwordAnswer As String,
Writing a custom membership / role provider and have to validate user with extra parameter to Membership.Validate. So, instead of Membership.Validate(username, password) I need Membership.Validate(username, password, client).
Is this possible with the existing MembershipProvider? I would have liked to pass a new MembershipUser to the Validate method but didn't see anything that would work for that.
I'm securing an ASP.NET MVC 2 application, and I have a user who is in the role "Foo".
This is true:
User.IsInRole("Foo")
But yet, when I attempt to lock down a controller action like the following, the user is denied:
[Authorize(Roles = "Foo")]
public ActionResult PrivatePage()
{
return View();
}
If IsInRole reports true, why would the Authorize attribute not allow the user in?
How to return count of true/ false in a column of a table. I have a table in sql containing 5 columns with bollean type. Now I have to return the number of trues and falses in each column and display on my frontend.
View 1 RepliesSuppose a CheckBox has name "cbFoo". When it is checked, ViewData["cbFoo"] returns "true,false" instead of just "true".
View 11 RepliesAm stuck with this sql stored procedure/asp.net vb.
I want to call the stored procedure and for it to return a true or false if successful ie username and password match.
My stored procedure works fine, and I can call it from my vb, however I stuck as to how I get it to return a result of true or false, 1 , 0. I just get a blank page.
My Codebehind (asp.net vb):
[Code]....
I create custom principal for implement logic for users. In identity I store Id, Name. But it abnormally - this classes must use for authenticate and authorize.
I can implement custom MembershipUser, custom Roles and Membership provider.
How to do it? What best practices are?
I am trying to return true or false from popup window to the parent window. Actually the parent window has a button control, which on click popup another window. The popup window holds some emailing data and a button "send". This "send" button onclick send email. Now I want to return true if the email is successfully sent otherwise false, to the parent window. Depending on returning value a label present on parent window displays a text message. But I am not able to implement it. Because it might happen that the popup window is blocked by web-browsers popup blocker or popup window is accidentally closed by user. So how can I confirm to parent window whether or not the email is successfully sent?
View 5 RepliesI am really new to webservices and ASP, so excuse my noobiness in advance ;I am making a webservice which displays stock availability from a table in a db when given the ProductID number.The problem is that I am required to do a SOAP authentication as well.
[Code]....
From the above, you can see that I am using Auth.username and Auth.password which is a authentication class I created with two string arrays that contain login details. If one username matches it's correponding password then logon is allowed else declined.Now that I reached here, I need the web service to validate if logon details are correct through a table called tblStaff which contain attributes "username" and "password". Doing it with an array containing predefined details through code is easy, however by checking each "username" and "password" from tblStaff... /confused
How to set Request.IsAuthenticated to true when not using FormsAuthentication.RedirectFromLoginPage?
View 3 Repliesauthentication cookie persistance to true on a aspx website,this works great.now I have made an affiliate website (HTML + iframe (same aspx)) and it does not keep my user logged in after closing browser.
View 1 RepliesIt took me a little while to figure this out, but the AllowPaging="true" on the FormView seems to be the culprit. I don't have much experience paging from a FormView, but for this requirement the customers wants this kind of UI.I have a FormView with DefaultMode="Edit", which is bound to an EntityDataSource. One of the entity's properties, "ExternalID", determines whether some of the other properties in the entity are read-only. For example, if IsExternal==null, the FirstName, LastName, and Email fields should be rendered as TextBoxes. If IsExternal!=null, the 3 properties should be rendered in Label controls.
View 2 Repliesi am using password recovery control. but i have one difficulty that when user click on the "Forgot Password" link he will redirect to enter "UserName" view of password recovery template. and when user enter "User Name" and click submit button he will redirect to the "Question" view of the Password recovery control and then user click on the "Cancel" button. but when user again click on the "Forgot Password" link the "Question" view is displayed instead of the "UserName" view. i m not able to reset Password control to "UserName" view.
View 4 RepliesI have a page where, when the user has successfully logged in, I store some values in the session.
I then use these values to load an application list page. This page is automatically refreshed after 20.1 minutes, with the sessionstate timeout and forms timeout in web.config set to 20 minutes (with sliding expiration). This means, if the user does not use any page for more than 20 minutes, he is timed out.
My problem is that the User.Identity.IsAuthenticated sometimes returns true, when the session has expired.
Why is this happening, and how can I fix it?
I have a "UserDetail" table in my "JobPost.mdf". When I click the "delete" linkbutton, it can delete the all User info from my "UserDetail" table, it also delete the corresponding "aspnet_Users" & "aspnet_Membership",but the "UserInRole" still contain that UserName. Even though I specified the Code:Membership.DeleteUser(UserName, true);
I thought true is for bool deleteallrelated data, but it doesn't really delete the userInRole. So next time the user registers with the same name, it automatically get the "admin" role right. This "deleteUser" page I keep it inside a protected "admin"folder. How to solve it? Why Membership.DeleteUser(UserName, true) doesn't delete UserInRole?
protected void GridView2_RowCommand(object sender, GridViewCommandEventArgs e)
{
if (e.CommandName == "Delete")
{
string UserName = e.CommandArgument.ToString();
Membership.DeleteUser(UserName, true);
JobPostDataContext db = new JobPostDataContext();
var query = from u in db.UserDetails
where u.UserName == UserName
select u;
foreach (var item in query)
{
db.UserDetails.DeleteOnSubmit(item);
}
db.SubmitChanges();
FormsAuthentication.SignOut();
}
}
My web.config inside the protected Admin folder:
<configuration xmlns="http://schemas.microsoft.com/.NetConfiguration/v2.0">
<system.web>
<authorization>
<allow roles="Administrators" />
<deny users="*" />
</authorization>
</system.web>
</configuration>
I try to implement a Custom MembershipPriver with a Custom MemberShipUser in my own database (with a specifics Users Table Model) : This is ly diffent files:
iTwitterMembershipProvider.cs
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.Security;
using System.Collections.Specialized;
using iTwitter.Models;
public class iTwitterMembershipProvider : MembershipProvider
{
public override string ApplicationName
{
get { return _ApplicationName; }
set { _ApplicationName = value; }
}
public override bool ChangePassword(string username, string oldPassword, string newPassword)
{
throw new NotImplementedException();
}
public override bool ChangePasswordQuestionAndAnswer(string username, string password, string newPasswordQuestion, string newPasswordAnswer)
{
return false;
}
public override iTwitterMembershipUser CreateUser(string login,
string password,
string email,
string tokenKey,
string tokenSecret,
string twitterUserId,
object providerUserKey,
out MembershipCreateStatus status)
{
ValidatePasswordEventArgs args = new ValidatePasswordEventArgs(login,
password,
true);
[Code.....]
I need to set IsApproved = true; for a User (using MembershipUser) when I select a CheckBox in a GridView.
The event handler uxRoleCheckBoxSelector_CheckChanged it is setted on the actual CheckBox.
Could you tell me guys what I am doing wrong?
Script does not generate any Exception but does not work.
[Code]....
I've added a class library project to my application.
In one of my classes, I need to use the MembershipUser class, but the project can't find it. I've added references to System.Web, System.Web.Security, and System.Security.Principal.