Security :: Protecting A Folder Using Membership But No Login Control?

Jun 23, 2010

I have a business site that I want to use to show clients their projects I am working on. I don't want these projects to be visible to anyone but the clients, so I give them a user ID and password. I want to use asp.net membership to manage the login IDs and passwords, but I want to use jquery to submit the login form (it's lighter and leaner than the login control). Here is what I have: Page with an html form for login .js file with the jquery calls & code in it httpHandler to process the information from the formI have the user to entering their ID and password, I am using jquery.forms.js to process the form, which calls the httpHandler and passes the form values to the handler. I have the handler check to see if the user ID and password are correct, if not, it passes back a message to be displayed to the user. If the user is valid, then I have it passing back the role of the user, which also happens to be the name of the folder the client needs to view. I have the page redirecting via javascript to the client's folder once they are authenticated. I have the location of the client folder setup in my web.config.

The problem I'm having is the page just redirects back to the login page, with the return url included (?ReturnUrl=%2fCTS%2f2010+Design%2fLasmer%2findex.aspx). I want it to go to the client folder (Lasmer in this case) once the user has been authenticated. Shouldn't it send me to the folder's default page once it knows the user is authenticated? Do I have a problem in the way my web.config is wired up, and do I need anything in the client folder's web.config?Here is the code for the web.config:

[Code]....

Here is the code for the handler:

[Code]....

Here is the code for the .js file:

[Code]....

Here is the code for the page:

[Code]....

View 8 Replies


Similar Messages:

Security :: Login Not Protecting Pages?

Nov 11, 2010

I'm using the following code which autheticates a user and redirect him to a members webpage. This works however if I access the protected page directly I bypass the security. Do I need a check in the OnLOAD for each page? My second question is how to say hello username on the members page. What variable can I reference to display the username?

[Code]....

View 5 Replies

Security :: Login Control And .Net Membership & Role?

Oct 28, 2010

I am currently working in an ASP.Net application where i need to implement ASP.Net Membership and Roles. I have used Login controls in my pages. Also I am using a menu in the master page, which is getting data bindings from database. For data bindings I am using XMLDatasource and a transform file (.xslt file). I need to bind the data to the Menu based on the user roles.

My issue is that the generated Menu is not behaving consistently. Sometimes it will show the correct menu for a particular role and some times it will show previously loaded data.Providing my code here:

masterpage.master.cs
private void LoadMenuItems() {
System.Security.Principal.IPrincipal User;
User = System.Web.HttpContext.Current.User;[code]....

View 7 Replies

Security :: Manual Login Control Using Membership Provider Script

Feb 1, 2010

I am using manual Login using asp membership provider. which is working fine

Here is the code

[Code]....

1. Remember me check box

2. Exception handling incase account is locked or was the id and passwod incorrect how do i find that out.

View 4 Replies

Security :: Login Form Rejecting Valid Login With Forms Based Security And Membership Service

Jan 21, 2010

I've set up a system with forms based authentication and using the asp:Login control. When I put in an invalid password I get the approriate invalid password message. However when I put in a valid password, it does nothing...just returns to the login page again. I'm triple checked the login info. There is no error message, and the invalid attempts counter doesn't increment. When I put a break point in the Login_LoggedIn event of the Login form, it hits it, but User.Identity.IsAuthenticated is false. I'm not 100% sure it should be true at this point, as I'm pretty new to .NET but it seems kind of odd.

My user database is stored in a sqlserver 2005 db that already existed. I've added a new connection for it.In the authorization I have

<authorization>deny
users="?"/><authorization>

View 2 Replies

Security :: How To Create A Customized Login Control And Calls For Membership Authentication

Mar 18, 2010

I just like to know how can i create my own authentication(calling the ASP .net membership, role) page with the same function as the LOGIN Control. Your wondering, why not use the Login control instead. I have my own design and i don't know how to pattern my design to the built in Login Control. I tried editing the login template, but it's pretty hard to pattern it to my design.

This is my design

Basically what would like to know how the Login Control calls for the authentication, and when authenticated, it will pass the user(full name) to my LoginView Control without any coding. Or is it possible that I remove default login button in the LOGIN Control then create my own button and trigger the authentication or validation? But if you have other suggestion that can follow my design and call the authentication, i would be happy to know.

View 3 Replies

Security :: Adding Membership Tables To App_data Folder Database?

Oct 30, 2010

The following code is used to add the asp membership tables to an already existing database instead of creating a seperate database for membership and having two databases in the application.

aspnet_regsql.exe -S .SQLEXPRESS -U username -P password -d databsename -A all

It works fine by adding the membership tables to the existing database that is located in the c drive, program files sqlserver folder.

But my database however is not in the c drive but located in my asp website app_data folder, so the above code does not give any error and the tables are not added after I run it. how can I now add the membership tables using the above code when my database is located in the website app_data folder,

View 1 Replies

Security :: Membership And Folder Security?

Jul 22, 2010

I created a soultion and used membership for login and I have the site working fine you can log in and out and I can see that my roles are working. I created a folder called Admin and I created a webpage in there that I can edit my data table that I wanted to be able to edit when I am logged in as a user with Admin role thats working... well it works...

anyone can get to this webpage and edit my data. I have it set in the membership using the role managment to deny users * and allow users with Admin role however I can open up a new browser with out login into my site and type in the web information and it pops right up says Welcome:Guest [LOGIN] theres my data and I can edit it see do whatever and this page shouldn't be able to be seen.

What did I do wrong?

example www.domainname.com/admin/editmydata.aspx

View 3 Replies

Security :: Login Functionality Using Membership Api?

Jun 7, 2010

I am using membership api in my project.I have customized all the controls.Now i want that user can login on only one machine from same username and password at the same time.If user is trying to login on any machine at that time if he is logged in from another machine.They should get message.They should not be able to log in using same username and password on same time on different machine.

View 2 Replies

Security :: Use A Different Table In Membership Login?

Apr 15, 2010


How this line if (usrInfo! = null) add another variable that will be used to login.

This line (usrInfo! = null) works, but I have a database table "confirm". If I change in the Admin to "true", the user successfully logged on. If the base table "confirm" set to "false", the user will not be logged.

The following code works if (null! = & usrInfo & usrInfo. IsApproved), but instead of ' IsApproved ', I want to use table "confirm".

View 9 Replies

Security :: Membership Provider Changes After Successful Login?

Nov 8, 2010

I have a site in which I'm intending to use multiple membership providers. I'm using my own custom membership provider to provide access to several data stores depending on the section in which the user's information resides.

The actual login functions correctly using the built-in ASP.NET Login component in which I've manually specified the membership provider it should validate against. When I run a trace on it's actions, I can see that it attempts the 'validateuser' against the correct data store and continues to redirect the user to their applicable section.

The problem is that once they are logged in and the site (or I) call 'GetUser' to get the users information or permissions, the membership provider reverts to the site's default provider.

In my custom membership provider I'm only overriding the methods for GetUser and Validate user which is working perfectly fine for a singular membership provider, but not when using a different provider.

How can I ensure that the correct membership provider is retained with the user's membership details? Is there a method that I need to override/append in order to achieve what I'm looking for?

View 1 Replies

Security :: Membership Login Stoped Working?

Sep 30, 2010

I have a web app that uses the Membership Provider to authenticate users.Everything worked fine until today... when I tryed to log in it failed. I looked in the database if something went wrong there and the user is deleted but everything looks fine there.I tryed to recover the password using the user name and i got an error that the user is not recognized.I tyed to recover the password (even though I am sure what the password is) but still no luck... (I get an error that hased passwords can not be decrypted)I triyed it in local host and guess what ... still the same... this is the provider section in my web config

[Code]....

View 6 Replies

Security :: Store Last Implicit Login Without Membership Api?

Jul 25, 2010

we use forms authentication for a community website with about 200k users with a simple login like this:

Private Sub btnLogIn_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles btnLogIn.Click
If CheckPassword(txtEmail.Text, txtPassword.Text)
FormsAuthentication.RedirectFromLoginPage(txtEmail.Text, chkRememberMe.Checked)
End If
End Sub

which checkPassword reads from a MS SQL users table. it has worked without major problems for 3 years but we need to store the login date of users in a table, both when they login explicitly and when they had selected "remember me" and come back (we store login once per session)

since we have a complicated profile system and database it will be practically impossible to switch to membership API. last time I was told we could user an auditing system to do that but I have no idea how to do that.

View 2 Replies

Security :: MemberShip Provider - Lock On The Page Login?

Jan 6, 2011

I have a problem with a login module in my website.

I use a membership provider custom on my website.

My login page is the default page. When I go in [URL](the root) I see my login page.

When I try to connect with my user and password, I'm not redirect to my url destination and reload the login page.

BUT if I go in the url : [URL] (my login page), I'm correctly redirect to my secure page.

Are you a idea of my problem ?

I use Visual Studio 2010 with framework 4.0, and IIS 7.5

my web.config :

[Code]....

View 5 Replies

Security :: Membership.GetUser().UserName On Login Page?

Oct 16, 2010

I have an Employee class in my App_Code folder. On my login page I am trying to create an Employee using the asp.net username as a parameter in my Employee constructor.

I have tried creating the employee in the page load event when it is a post back. I have tried doing it in the Login1_LoggedIn event. For some reason I cannot pull the username in either one of these places, but if I redirect after logging in and do the same thing on another page, it works.

How can I get it done on the login page?

[Code]....

View 3 Replies

Security :: Login Controls And Custom Membership Provider?

Oct 11, 2010

I am working on implementing a custom membership provider that works against an existing schema in my database and have a few thoughts/question.The login control will automatically call the ValidateUser method of the membership provider, so no matter how I implement the provider the only thing the login control cares about the bool value returned by this method. What I am confused about is there could be numerous reasons why a login attempt failed; user is locked out, too many tries in a period of time, etc. There is no way that I see to convey that to the control so it could display the proper message. Other properties of the membership provider such as PasswordStrengthRegularExpression have absolutely no effect on the login control as well (out of the box), I would have hoped that it would automatically somehow translate into regular expression validators, but that doesn't seem to be the case. So it seems that I need to initialize the login control properties with these settings out of the provider configuration if I want them to take on the control itself.

If the only thing that the Login control does out of the box (without manually handling events and doing the initialization as described above) is call the ValidateUser method on the membership provider, I see no way to convey back to the Login control why the validation failed or even doing things like throttling the validation requests based on a certain time window. Ultimately my question is why would I even use the membership provider then in conjunction with the login control? It seems like it was only designed for a Yes/No type response, which is very restrictive. If I want to build in logic with different messages back to the user I need to handle the login control events and call my own authentication classes that will handle all of my business requirements as well as return a custom error message back to the Login control to display to the user so they know why their attempt is invalid.

Unless I am wrong in my assumptions, it seems that the interface between the Login control as the membership API is too restrictive to be useful. Perhaps the API works better for other auth controls like ChangePassword better but for the actual Login control I don't see the point.

View 1 Replies

Security :: Membership, Transfer Login Session Into A Cookie?

Mar 22, 2010

How can I transfer the login session of a user into a Cookie that would expire in 12 hours? I have a problem with Internet Explorer where whenever the user closes the window it would log them out automatically (which is by default what it is supposed to do). I am using VB.NET

View 4 Replies

Security :: VS2008 Walkthrough - Create Website With Membership And Login

Apr 26, 2010

WARNING - Absolute beginner here with VS. I'm expecting a steep learning curve, but I'm up to it! I'm trying to create a website with membership/login. Followed the above walkthrough MANY time, and been very careful with the username and password entered, but I keep getting the message that the loging failed. The asp application name is "Membership" This is the whole thing, automatically created following the walkthrough, apart from adding 2 members - yes, did go to the memberpages folder at the set rules page.

Solution Explorer:
Solution 'membership' (1 project)
- //localhost/membership/
- App_Data
- ASPNETDB.MDF
aspnetdb_lpg.LDF
- MemberPages
web.config
- Default.aspx
Default.aspx.vb
- Login.aspx
Login.aspx.vb
webconfig
aspnet_Membership: (2 members)
PasswordFormat = 1
The ApplicationId for the 2 members is different - should it be?..........

View 2 Replies

Security :: Protecting Page In Vb.net?

Jan 22, 2010

i am using asp.net with vb

i have one page with registration.aspx.

i want that if any one wants to access that registration page he have to go through login.aspx page .

may be he write the page name (registration.aspx) in url, automatically it get redirect on login.aspx.

View 19 Replies

Security :: Multiple Logins And Login Types In Default .NET Membership Provider?

Sep 8, 2010

What do you think about an ability of having multiple logins and login types to be attached to the same user? Let me explain this by showing how database schema can be re-factored to support this model:


Remove [Password], [PasswordSalt] columns from [Users] database tableAdd [Logins] table with one-to-many relationship between [Users] and [Logins] tables.This will allow one user to have multiple credentials attached to his or her account of different types such as Username&Password, Windows Live ID, Open ID from different providers

You will be able to restrict allowed login types and OpenID providers in web.config

So.. do you think it is a good idea to add support of this model into ASP.NET 4.5/5.0 membership service?

http://aspnet.codeplex.com/workitem/7149

View 1 Replies

Security :: Protecting Documents In Application?

Aug 28, 2010

There is an ASP.NET application www.example.com/APP. From within the application several documents - for example office documents DOCX, PDF, etc. - can be opend. They are accessed via some virtual directory as in
www.example.com/APP/VIRTUAL/letter.pdf.

Of course, the documents may only be accessed from within the application, after the user has been identified succssfully. Some documents may only be opened by some privileged users. It should be impossible to open letter.pdf by simply entering the above url into a browser

I am thinking about the following...

The name of the virtual directory is kept secret. After the user has successfully logged into the application, some secret is created. The secret contains the user's ID and some time information (valid from / until). Then, if a document is to be referenced from within the application, the url www.example.com/APP/<secret>/letter.pdf is referenced. In IIS the secret is checked. For this, some of my code is called, when serving a request. If successfull, the url is rewritten as www.example.com/APP/VIRTUAL/letter.pdf. I tried several components, such as the IIS URL Rewrite, IHttpModule, IHttpHandler. Unfortunately, I did not yet succeed.

View 2 Replies

Custom .Net Membership And The Login Control?

Mar 16, 2010

I am creating a custom membership provider for a web app that already has it's users stored in an existing database table. I used some code from a tutorial to help jump start my provider but I am a bit lost on how i can interact with the actual log in process.My custom provider has an override method for ValidateUser() and at the moment I am just returning true there. But I want to create a current user object to store in session scope. This object will just store some specifics about the user.

I guess another option would be to use the ASP.Net profile provider but again I am not clear on where to hook into log in process to run some code that would either create this user object or populate the profile information for the current user.

View 2 Replies

Security :: How To Coding Webpage To Access Secured Folder Without Pop Up The Windows Login

Jun 11, 2010

I set up a secured folder in my website. When I access this folder via web page, it pop up a windows login form to ask for user name and password. I would like to code the asp.net page or java script to access this secured folder with username and password without pop up the login form. find the method for asp.net page accessing the secured folder automatically.

View 2 Replies

Security :: Membership User Has To Logout - Login Again In Order To View New Role Assigned Functionality

Jul 15, 2010

i currently develop an asp.net mvc 2 web app using asp.net membership and role management for authenticating and authorizing my users. I get complaints though that when adding a role to some user, he is not able to see new role assigned functionality, unless he re-enters (logout and login again) the application.

View 2 Replies

C# - Login Control And Custom Membership Provider?

Oct 11, 2010

I am working on implementing a custom membership provider that works against an existing schema in my database and have a few thoughts/questions.The login control will automatically call the ValidateUser method of the membership provider, so no matter how I implement the provider the only thing the login control cares about is the bool value returned by this method. What I am confused about is there could be numerous reasons why a login attempt failed; user is locked out, too many tries in a period of time, etc. There is no way that I see to convey that to the control so it could display the proper message. Other properties of the membership provider such as PasswordStrengthRegularExpression have absolutely no effect on the login control as well (out of the box), I would have hoped that it would automatically somehow translate into regular expression validators, but that doesn't seem to be the case. So it seems that I need to initialize the login control properties with these settings out of the provider configuration if I want them to take on the control itself.

If the only thing that the Login control does out of the box (without manually handling events and doing the initialization as described above) is call the ValidateUser method on the membership provider, I see no way to convey back to the Login control why the validation failed or even doing things like throttling the validation requests based on a certain time window. Ultimately my question is why would I even use the membership provider then in conjunction with the login control? It seems like it was only designed for a Yes/No type response, which is very restrictive. If I want to build in logic with different messages back to the user I need to handle the login control events and call my own authentication classes that will handle all of my business requirements as well as return a custom error message back to the Login control to display to the user so they know why their attempt is invalid.Unless I am wrong in my assumptions, it seems that the interface between the Login control as the membership API is too restrictive to be useful. Perhaps the API works better for other auth controls like ChangePassword better but for the actual Login control I don't see the point.

View 3 Replies







Copyrights 2005-15 www.BigResource.com, All rights reserved