In my website i am creating a custom FormsAuthentication ticket during log in. This ticket stores the userid but i also need to specify the role of the logged in user. How do i do it?
View 2 RepliesI'm trying a lot a things in these days around the Login control. What I want: to keep the user logged ind also when she close the browser. When se returnes to the page, she should be moved to the DestinationPageUrl of the login control.
My Login control:
[Code]....
My Codebehind file for the login control:
[Code]....
My web.cofig settings:
[Code]....
As you can se, I have learned (from google and here in forums.asp.net) that I need to do a FormsAuthentication.SetAuthCookie but I have one problem....... If I do nothing in the page_load the control doesn't keep me logged in through sessions.Is there anyone who can help me, and either explain og link me to a page, where I can see, how I can get the UserName and Password from the FormsAuthentication.SetAuthCookie I maid. I also need to know if when I get UserName and Password from cookies andthen redirect to the /Content/Default.aspx page in page_load the system knows (formsauthentication) the user is logged in?
I am trying to create a web application that shows a list of events for different users. I have 2 different user 'roles': admin and member.
Is there a way of getting the current logged in users role? i have tried:
[Code]....
But it doesnt seem to be catching the certain user types, it always shows all of the events.
This is my senario. I want user to login and if "LoggedIn" User has more than one role then it displays the list of radio buttons. After selection of the role user gets further privilages according to the role that he has selected.
I've a problem setting up the role. And user can change his role when ever he wants.
For Example "john" is the user having two roles "Account Manager" and "Project Manager".
I want to know how can i redirect a user to a different page when he tries to access a page restricted to another role?
The scenario is as follows:
I have a folder "Gestao" that only allows users in role "Administrator"
[Code]....
If an anonymous user tries to access that folder he is redirected to the login page, but if a logged in user whose role is "friend" tries to access this folder he is also redirected to the login page. I want to redirect him to a page showing a message that he has no permission to access that page/area.
How can I do that? Should i have code on the Page_load event of the login page checking the user role and then redirect him to the correct page? Or is there some otherway to do this?
I am using a XMLSitemap to show my menu. In my menu I have a node "Log in". But I only want to show this to the visitors who are not logged in. (Not to everyone like what the "*" does). Is there a rolename for those visitors or something like that?This is my XML SiteMap
[Code]....
How to retrieve the currently logged in user role name in textbox using vb.net ?
iam currently using
TextBox1.Text = Roles.GetRolesForUser(User.Identity.Name)
om page load event but it is highlighted by a blue line in visual studio 2008
I am trying to get the role of the user which just logged in the website. I am doing this:
string userRole = Roles.GetRolesForUser(LoginUser.UserName).ToString();
but that returns 'System.String', not the real role :(.
What am I doing wrong?
P.S. LoginUser is the login control
I need populate an array with a list of Users that ARE NOT PRESENT in a specific Role and COUNT the result.At the moment I use this code, but I am not able to get the Users outside "CMS-ADMINISTRATOR " role.Any idea how to do it and better write the Count section?
string[] usersInRole;
usersInRole = Roles.GetUsersInRole("CMS-ADMINISTRATOR");
int c = usersInRole.Count();
I created a custom forms authentication and membership provider and it seems to work fine opening up in WAT, creating roles and adding users. Also when I in my mvc app use it to log users in, it works fine. However it seems to fail to determine a user's role (no errors, but just jump over User.IsInRole(...) lines and Roles.GetRolesForUser(); comes up empty. I got a gut feeling I did something wrong with my configuration, so for now I'll post just that:
[Code]....
what is the use formsAuthentication.user.identity
is it one of the property of page
I Need to Authenticate a User by using FormsAuthentication.SetAuthCookie and Check User is Authenticated in Another page Load How to Do this anyone?
Login Page
if (txtuname.Text == "mike")
{
FormsAuthentication.SetAuthCookie("mike", true);
Response.Redirect(FormsAuthentication.DefaultUrl);
}
Welcome Page
PageLoad()
{
}
What is the difference between:
FormsAuthentication.RedirectFromLoginPage
AND
FormsAuthentication.SetAuthCookie(Text_txtUserName.Text, true);
HttpContext.Current.Response.Redirect(RedirectFromLoginAddress);
We are using membership provider for LDAP authentication. It is working as it should.
But what all configuration settings I have to do so that
all the future requests to this application run under the security context of the Logged in user account not through the some default user set in IIS.
We need to have this working because all the permissions on the database are based on the logged in user.
We are using form authentication for LDAP authentication. And having impersonation = true in web.config.
I deployed a website where a logged user or an anonymous user can select data and download a XML file. The website generate the XML file in the server and then deliver it.
It works fine in my development environment, but after deployment, the anonymous user can download the file, but the logged user receive this error:
System.UnauthorizedAccessException: Access to the path 'd:HostsLocalUserheringerwebsiteUpload20110107094051.xml' is denied.
It is weird that as anonymous i can do it.
The website server help states this:
"Grant write, modify, delete access rights on website's folder
Your website executes under unique user account that by default has full control over the website's folder.
So your application can create, open, read, write and delete files and folders inside of your root folder.
There is no need and no way to change this permissions.
If, when running ASP.Net application, you still unable to create file or update it, you have to check your Web.Config file for "<Identity impersonate..." tag and remove it.
The only exception is when the application tries to modify a file or folder in "Application_Start" event of Global.asax file. This is by design that user authenticated only after the Application_Start even. Before the user is authenticated your website runs under an identity of Application Pool which is "Network services". That account doesn't have access to the folder of your website.
To make it work you eather have to move the code that tries to modify files or folders out of the "Application_Start" event of the Global.asax file or inside the event you'll need to impersonate your user by code."
But i am not using impersonate and the tag is not in my web.config.
I'm trying to allow logged user who are in department XYZ to perform some task for my third party App. I have two SQL tables named Users & UserList. The third party app (GoldMine) graps the USERNAME from the Users table and store it as UserID which I then referecnce SessionID. The UserList table has two columns (GM_UserName & Department) which I'm interested in. When a user login into the 3rd party app (GoldMine), i then compare the USERNAME (from Users table) to GM_UserName (from UserList table) and see whether GM_UserName is in = 'Dept XYZ'. Take a look at the SQL query below.
sqlDept = "SELECT USERNAME FROM Users LEFT JOIN UserList ON UserList.GM_UserName=Users.UserName WHERE UserList.Department ='Dept XYZ'"
I'm able to do this.
If Session("Userid") = "TestUser1" Or Session("UserID") = "TestUser2" Then Do this Else Do that End If
BUT unable to do this...
If user's Department = 'Department XYZ' Then
Do This
Else
Do that
End IF
Our users are only only allowed to log into our site from one location at a time. If they attempt to login from a second location, how do I log them out of the first location?
View 1 RepliesIs there any way that I can find the exact name of the role a User is in? There is a property for UserName ( User.Identity.Name) but what about the role?
View 1 RepliesI have been creating a website using the SQLMembershipProvider. I have been using an administration account to create the back-end system for generating the users fine for about 2 weeks. I now have more users created and I can log in fine. However, when I log in as the newly created users, they can get to the page they are after, but if they refresh the page or redirect to another page, they get redirected to the login page. I have checked permissions, iis recycler, session state and security setting in my web.config (posted below) but nothing has fixed it. It cannot be IIS because it does it on my development machine as well as on the actual webserver and it works fine for the admin user.
Ttype="System.Web.Configuration.ScriptingSectionGroup, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35">
<section name="scriptResourceHandler" type="System.Web.Configuration.ScriptingScriptResourceHandlerSection, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" requirePermission="false" allowDefinition="MachineToApplication"/>
[code]...
I have used membership provider to implement my system. The system administrator can list the users. What I want to do is, administrator should be able to sign-in as the selected user. I can sign out administrator by FormsAuthentication.Signout but how can I sign in as the selected user? Passwords are hashed so I can not retrieve the passwords.
View 3 RepliesI've successfully made a custom membership provider that connects, queries, and updates my custom Oracle database. I found a good sample on MSDN. I also found documentatio on the provider itself. However, I cannot find anywhere example calls you have to make for the different actions within the web pages themselves. Where can I find that?
For example
How do I check if a user is already logged in? What do I do when a user hits the login button? How does each page get the user that is logged in? etc.I am not using the asp login control. I have custom form, custom data, and custom graphics.
All I'm trying to do is pull the current user's login name from Active Directory. I've tried User.Identity.Name.ToString, which returned nothing at all. I tried Environment.UserName.ToString, Which returned "NETWORK SERVICE" which is not the firstname.lastname username that I was expecting.
View 3 RepliesI have one application for collection centres in the city in which ADMIN will have access to all pages in it.In which I have added functionality for admin to see Online users/offline users collection and there collection center name.How can i see the users online automatically when they will be logged in on application.Like we all see in google talk, yahoo messanger, etc like that onlyI also want to keep the option like whether to view only online user or offline users etc.I have tried the following code for getting the Ip address for the computer..But I am unable find how user should be shown as active
ip=Request.ServerVariables("HTTP_X_FORWARDED_FOR") ;
if (!string.IsNullOrEmpty(ip))
{
[code]...
If a user who is logged in wants to delete his own account, why does login status still show him loggedIn even when user has been actually deleted.What I want is when user deletes his account he should get logged out also at the same time ....How do i log him out ?
[Code]....
Line 25: Call deleteSelectedUser()Line 26: Line 27: If User.Identity.Name = LstBoxUserList.SelectedItem.Text ThenLine 28: FormsAuthentication.SignOut()Line 29: Call deleteSelectedUser()
I'm using the defualt membership provider, i created a table and used the gridview on the logged in user page to show his information such as address e-mail phone zip code etc,, how can i do this without writing a code?
View 6 Replies