We are using membership and roles.. is there anyway to setup a user that cannot be deleted? We need to setup a default admin account and dont want it displayed in list of user to modify, or if it has to be displayed, it cant be deleted or edited thru the pages that is, if they need to, they can do it thru the website admin section to manage it.
View 4 RepliesI'm having trouble setting up a custom NEW User Screen. Here is my situation, I have a Request for Access Screen that uses the CreateNewUser Wizard Control. I want to leave the Question and Answer for this, however I also want a custom NEW User Setup which I build myself to allow the system administrators to setup users, but for this setup I don't want the administrators to have to pick the question and answer for the NEW user, so I would like to bypass this for this setup. However, my Membership.CreateUser keeps asking for it. How can I accomplish this? I've included a copy of my current web.config file. You will notice a AspNetAdminMemberhip which I use to allow the System Administrators to reset passwords.
<?
<
<
<
<
<
<
<
<
</
</
</
</
<
<
<
<
</
<
<
<
<
xml
version="1.0"?><configuration>configSections>sectionGroup
name="system.web.extensions"
type="System.Web.Configuration.SystemWebExtensionsSectionGroup,
System.Web.Extensions, Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35">sectionGroup
name="scripting"
type="System.Web.Configuration.ScriptingSectionGroup,
System.Web.Extensions, Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35">section
name="scriptResourceHandler"
type="System.Web.Configuration.ScriptingScriptResourceHandlerSection,
System.Web.Extensions, Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"
requirePermission="false"
allowDefinition="MachineToApplication"/>sectionGroup
name="webServices"
type="System.Web.Configuration.ScriptingWebServicesSectionGroup,
System.Web.Extensions, Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35">section
name="jsonSerialization"
type="System.Web.Configuration.ScriptingJsonSerializationSection,
System.Web.Extensions, Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"
requirePermission="false"
allowDefinition="Everywhere"/>section
name="profileService"
type="System.Web.Configuration.ScriptingProfileServiceSection,
System.Web.Extensions, Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"
requirePermission="false"
allowDefinition="MachineToApplication"/>section
name="authenticationService"
type="System.Web.Configuration.ScriptingAuthenticationServiceSection,
System.Web.Extensions, Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"
requirePermission="false"
allowDefinition="MachineToApplication"/>sectionGroup>sectionGroup>sectionGroup>configSections>connectionStrings>add
name="LBX_ChangeControlConnectionString"
connectionString="Data
Source=10.31.30.26;Initial Catalog=LBX_ChangeControl;Persist Security Info=True;User ID=sa;Password=wstinol"
providerName="System.Data.SqlClient"/>remove
name="LocalSqlServer"/>add
name="LocalSqlServer"
connectionString="Data
Source=10.31.30.26;Initial Catalog=LBX_ChangeControl;Persist Security Info=True;User ID=sa;Password=wstinol"
providerName="System.Data.SqlClient"/>connectionStrings>system.web>membership>providers>add
name="AspNetAdminMembership"
type="System.Web.Security.SqlMembershipProvider"
connectionStringName="LocalSqlServer"
applicationName="/"
enablePasswordReset="true"
requiresQuestionAndAnswer="false"
enablePasswordRetrieval="false"
maxInvalidPasswordAttempts="5"
minRequiredPasswordLength="8"
minRequiredNonalphanumericCharacters="1"
/>
</
</
<
<
<
<
<
<
<
<
providers>membership>roleManager
enabled="true"/>authentication
mode="Forms"/>profile
enabled="true">properties>add
name="FirstName"
type="string"/>add
name="LastName"
type="string"/>add
name="Gender"
type="string"/>add
name="ProfileImageID"
type="string"/>add
name="Department"
type="string"/>add
name="PhoneNumber"
type="string"/>properties>profile>pages>controls>add
tagPrefix="asp"
namespace="System.Web.UI"
assembly="System.Web.Extensions,
Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"/>controls>pages>
Set compilation debug="true" to insert debugging
symbols into the compiled page. Because this affects performance, set this value to true only during development.
<
<
<
<
<
<
</
<
<
-->compilation
debug="true">assemblies>add
assembly="System.Web.Extensions,
Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"/>add
assembly="System.Design,
Version=2.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"/>add
assembly="System.Web.Extensions.Design,
Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>add
assembly="System.Windows.Forms,
Version=2.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/><add
assembly="CrystalDecisions.CrystalReports.Engine,
Version=10.2.3600.0, Culture=neutral, PublicKeyToken=692fbea5521e1304"/><add
assembly="CrystalDecisions.ReportSource,
Version=10.2.3600.0, Culture=neutral, PublicKeyToken=692fbea5521e1304"/><add
assembly="CrystalDecisions.Shared,
Version=10.2.3600.0, Culture=neutral, PublicKeyToken=692fbea5521e1304"/><add
assembly="CrystalDecisions.Web,
Version=10.2.3600.0, Culture=neutral, PublicKeyToken=692fbea5521e1304"/><add
assembly="CrystalDecisions.ReportAppServer.ClientDoc,
Version=10.2.3600.0, Culture=neutral, PublicKeyToken=692fbea5521e1304"/><add
assembly="CrystalDecisions.Enterprise.Framework,
Version=10.2.3600.0, Culture=neutral, PublicKeyToken=692fbea5521e1304"/><add
assembly="CrystalDecisions.Enterprise.InfoStore,
Version=10.2.3600.0, Culture=neutral, PublicKeyToken=692fbea5521e1304"/></assemblies>compilation>httpHandlers>remove
verb="*"
path="*.asmx"/>add
verb="*"
path="*.asmx"
validate="false"
type="System.Web.Script.Services.ScriptHandlerFactory,
System.Web.Extensions, Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"/>add
verb="*"
path="*_AppService.axd"
validate="false"
type="System.Web.Script.Services.ScriptHandlerFactory,
System.Web.Extensions, Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"/>add
verb="GET,HEAD"
path="ScriptResource.axd"
type="System.Web.Handlers.ScriptResourceHandler,
System.Web.Extensions, Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"
validate="false"/>add
verb="GET"
path="CrystalImageHandler.aspx"
type="CrystalDecisions.Web.CrystalImageHandler,
CrystalDecisions.Web, Version=10.2.3600.0, Culture=neutral, PublicKeyToken=692fbea5521e1304"/></httpHandlers>httpModules>add
name="ScriptModule"
type="System.Web.Handlers.ScriptModule,
System.Web.Extensions, Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"/>httpModules>system.web>system.webServer>validation
validateIntegratedModeConfiguration="false"/>modules>add
name="ScriptModule"
preCondition="integratedMode"
type="System.Web.Handlers.ScriptModule,
System.Web.Extensions, Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"/>modules>handlers>remove
name="WebServiceHandlerFactory-Integrated"/>add
name="ScriptHandlerFactory"
verb="*"
path="*.asmx"
preCondition="integratedMode"
type="System.Web.Script.Services.ScriptHandlerFactory,
System.Web.Extensions, Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"/>add
name="ScriptHandlerFactoryAppServices"
verb="*"
path="*_AppService.axd"
preCondition="integratedMode"
type="System.Web.Script.Services.ScriptHandlerFactory,
System.Web.Extensions, Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"/>add
name="ScriptResource"
preCondition="integratedMode"
verb="GET,HEAD"
path="ScriptResource.axd"
type="System.Web.Handlers.ScriptResourceHandler,
System.Web.Extensions, Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"/>handlers>system.webServer>location
allowOverride="true"
inheritInChildApplications="true">appSettings>add
key="CrystalImageCleaner-AutoStart"
value="true"
/>add
key="CrystalImageCleaner-Sleep"
value="60000"
/>add
key="CrystalImageCleaner-Age"
value="120000"
/>appSettings>location>system.net>mailSettings>smtp
from="Lockbox@tdbanknorth.com">network
host="ME6AWMAIL01.bkng.net"
password=""
userName=""
/>smtp>mailSettings>system.net>configuration>
I am creating an application hosted on GoDaddy.com. The base files are kept in a folder called /sky while the Admin files and User files are kept in /sky/Admin and /sky/User respectively. I'm having difficulty configuring the security so that when a user tries to access Admin or User files they should be redirected to the login.aspx file in the /sky folder. I keep getting an error that its trying to access sky/sky/login.aspx instead of just sky/login.aspx.
Here are the relevant sections of my web.config file.
<?xml version="1.0"?>
<configuration>
...
<location path="sky/admin">
<system.web>
<authorization>
<allow roles="Admin" />
<deny users="*"/>
</authorization>
</system.web>
</location>
<location path="user">
<system.web>
<authorization>
<allow roles="Admin,User" />
<deny users="*"/>
</authorization>
</system.web>
</location>
<system.web>
<customErrors mode="Off" />
<authentication mode="Forms">
<forms name="login" loginUrl="login.aspx" />
</authentication>
...
</system.web>
...
</configuration>
Can someone point me to articles or provide assistance with the proper configuration?
After a new user first registers at the website, I want to force them to first be approved by an admin before allowing them access to the full site. I created different roles in the ASP.net configuration tool that denies them access but the default setting allows them in. How do I go about this?
View 1 RepliesI would like to redirect the user to default page if he tries to copy paste an URL to browser. Like if i copy the url [URL] and paste it in the browser it should refirect me to default page.
View 3 RepliesHow do i set the default profile when a user logs in. I have an application where the users (once they are authenticated) are in either the logged in, premium, or promotion profile. right now it assigns none. How do i make every user automatically be part of the promotion profile.
View 2 RepliesI want to know if there is a way to set up the default document or default web page from the setup project of a web page.What I mean is that I would like my web app installer to set the default page (i.e: DefaultPage.aspx) when installing the web application. I remember I could do this in previous versions of the asp.net platform, currently I am working in ASP.NET 3.5 (Visual Studio 2008).
View 2 RepliesI have an ASP.Net ListBox that I'm trying to populate via jQuery, using the following snippet:
$("#MyList_btnAddAll").click(function(e) {
e.preventDefault();
$('#MyList_lstAll option').appendTo('#MyList_lstSelected');
});
The code has two ListBoxes in fact, one a "source" and the other a "destination". As you can tell above the ListBoxes are MyList_lstAll and MyList_lstSelected. These are rendered in the browser as <select> elements, as you'd expect.
The jQuery is working great, the items are moving from one ListBox to the other, the DOM is updated but when I submit this form (not using jQuery), the ListBoxes don't reflect this change on postback.
I realize my modifications via jQuery aren't available in ViewState but I thought since the DOM was updated these changes would be part of the postback data? But in the codebehind after postback the ListBox contents haven't changed. Does anyone know what might be going on and what I can do about it?
I am using an instance of DirectoryInfo to browse and retrive the files and some file attributes on a physical directory. This is displayed in a html table. But if you have for example text files (.txt) or word dokuments (.docx) How can I display the correct icon that is associated with the file in my html table? And further on how can I reach the user who modified the file the last time? Where is that info saved?
Is the DirectoryInfo the object I should use for this purpose? or are there other objects or functions that I should looking at?
I have a site where I am using asp.net membership login. I have multiple companies creating login accounts, to minimize name collision I would like to append the company name on the end of the username during the login process. I can determine the company based on the url. I am able to authenticate the user in onauthenticate, but I am not sure how to actually login the account with the modified username properly.
Example: I use login JohnSmith
I append JohnSmith@company1 behind the scenes. And I authenticate the user in the onauthenticate event using validate user with this modified name.However, I really haven't stopped the JohnSmith account from being used so none of the Profile stuff works. this ability located in on loggingin or onlogged in events?
I want to do the effect like MS Word, if the user modified something, then click close button, will prompt a msg to remind the user to save changed.
my page has the web controls textbox,dropdownlist, and repeater, how to check these data??
I am trying to secure very mixed content that is located in an ASP.NET directory. For purposes of this question, it can be ~/MyApp/.
I want all of the content in the directory and its subdirectories restricted to authenticated users. The default.aspx page, though, should be accessible to everyone. This is the web.config in that directory:
[Code]....
Now if you are an unauthenticated user, everything works fine if you request [code]....
The problem occurs in that visitors do not always request "Default.aspx". We have a default document configured so that they get Default.aspx even if they just request "/MyApp". An authenticated user works fine, but an unauthenticated user is directed to the login page.
Now I know that essentially this happens because even though the request for "/MyApp/" will actually end up serving up "/MyApp/Default.aspx", the security system is only checking for "/MyApp/" since that is what I requested. That is then getting the default security for the directory.
How can you configure an exception to allow access when no particular file is requested in the directory??
Is there some dependency between DefaultDocumentModule and UrlAuthorizationModule? In this environment, the UrlAuthorizationModule has been removed and re-added in order to make sure it fires for non-managed requests. I would not expect that to change the order of execution, though, since UrlAuthorizationModule usually goes after DefaultDocument.
A workaround could be to set up the opposite security with the directory being open, and then trying to secure individual files. Because of the (changing) number of files, and extensions, etc, and the fact that you cannot use wildcards in a <location>, this is not really a workable solution for me.
I've got a user modification page, that displays a list of reports a user has access to using a GridView object.
What I want to do is, if someone makes a bunch of changes to a users page, but then clicks cancel, all changes that are made will be undone. My main issue here is the GridView, which has add/delete/modify buttons, tied to a separate table.
So if I open my own page, add a new report to the gridview, then hit cancel, I don't want that report to be saved to my account.. Likewise, if I delete a record, and then hit cancel, the record is not deleted.
Because my new provider doesn't have SQL server, I have to connect to a MySql database.
My connectiostring in the web.config =
[Code]....
When I go to ASP.net webconfigurationpage and go to security I get the following message: An exception occurred.
I have really no idea what I'm doing wrong. Where do I have to search for?
I have an MVC web app and want to setup the security in a fashion that is NOT persisted. The problem is that if a user logs in and closes the browser (all instances) and open a new browser, goes to the site heshe is logged in automatically. I want the "session" to expire if you close the browser but I cannot seem to get the answer.
I have authentication mode="Forms" in the web.config and all my usernamepasswords are kept in a custom SQL DB. I can see that on login, Asp.net drop a cookie called ".ASPXAUTH" that expires in 30 minutes. I changed it to expire "At end of session" but if I close the tab I can see that that cookie is still active.
What do I need to do to get the browser to force a login if the user closes the tab or browser?
I have the following connectionStrings in my web.config file:
...
<add name="myApp1_dev" connectionString="Server=localhost;user id=root;password=;persist security info=True;Database=dbOne" providerName="MySql.Data.MySqlClient" />
<add name="myApp2_dev" connectionString="Server=localhost;user id=root;password=;persist security info=True;Database=dbTwo" providerName="MySql.Data.MySqlClient" />
...
I also have the following roleManager defined:
...
<roleManager enabled="true" defaultProvider="MySQLRoleProvider" cacheRolesInCookie="true" createPersistentCookie="false" cookieProtection="All">
<providers>
<clear/>
<add name="MySQLRoleProvider" type="MySql.Web.Security.MySQLRoleProvider, MySql.Web, Version=6.1.3.0, Culture=neutral, PublicKeyToken=c5687fc88969c44d" connectionStringName="myApp1_dev" applicationName="/"/>
</providers>
</roleManager>
...
I dont know if this was the best way (somewhat new to vb.net), but in my Login.aspx page, I set global session variable to one of the two connection strings. If the user logs into App1, it uses connectionString myApp1_dev; if user selects App2, it uses myApp2_dev. My question / problem is: Each of the two databases have their own MySQL membership and role tables. If the user logs into App1, I would like to the dbOne database tables. If user selects App2, select dbTwo tables. Can I support Roles from multiple databases?
Where can I find a good tutorial on setting up roles and authorizing them? I'm using Windows Authentication for an intra-net based app and need to figure out how to grant the users access to the various pages.
View 5 RepliesHow do I set up an automatic password recovery feature? (This is an internet application using forms authentication.)
I am trying to set up the common senario where when a user who has forgotten his password, clicks a button to request I send him a new password. I then open his browser's default email client (that is no problem, that part I already have coded and it is working fine.) The user then clicks a button to send me his email. Now comes the problem. How do I detect that he has done that?
Am I approaching this problem correctly? Should I be requiring the user to send me an email in order to have his password reset? Or should I just have him fill in textboxes giving me his username & password? Wouldn't this allow a malicious user to abuse the system?
I am trying to setup a notification bar that shows errors when trying to login. I am using MySql as a backend.
Here is the aspx:
[Code]....
Here is the code behind:
[Code]....
I am not sure if I am over thinking what I am trying to do or what. I was able to get it to show the notification bar but it wouldn't show correctly and then somehow it wouldn't let me login.
The above code is what I came up with after reading some articles, which doesn't work. When stepping through the code, I get an "Input string was not in the correct format" error. I think the reason I get that error is because the password format is "Encrypted".
Either way I try it I can't get the bar to show up with the error, or actually login (I am sure I can remove everything that I 'tried' and it would work.
I am creating a new setup page where I am trying to have a user add new setup values. These values have a unique identifier id (like HEAD01, HEAD02 and so forth - which happens to be the primary key in that record) which I have to generate using code.
Here I am trying to use a detailsview object with the New/Update/Delete option.
Here if the user Chooses to Add a new value, I need to determine the next unique identifier for this new value to be added (say HEAD16) by looking at the last generated number in that table and have this new value added in the database. The user should not be able to give this primary key value manually it should be autogenerated by code.
I am using SQLDataSource with Detailsview to add update values.
Requirements call for the ability to save search values so that they can select them at later times to return the results without having to re-enter the values. They have the ability to search on 4 different types of data (Date, Time and Lat/Long), so they would like to capture what was entered and ONLY if they chose to save those values, it will be saved and next time they login, if they are searching, they can pick an old search and submit it again.
Im thinking that i add a checkbox next to each button, if they check it, it saves the data into a table with there values and username. Next time they login and go tothe search page, if there are any records for them in the table, i present them with a link that displays all the values stored and if they select one, it will run the search again and present them with the results. does that sound like the right way to handle this request?
i am working in asp.net and csharp, we have 10 user, but certain user only need to put dataentry. how to enable and disable based on the user to access certain form ,like add, modify view options.
View 1 RepliesI have 5 user controls in a web form. Data is being loaded into the user controls at the user control page load event. I have a single save button for the entire web form(the the top of the page). Each user control has update panel and consists of many web controls like textbox, dropdown,gridview and many other.
after the page has been rendered successfully to the user.
Considered that he has changed text in one user control ( in few textboxes,dropdowns , grid) and clicked on save button.
Now I should save only the changes user has made ( in 1 user control) instead of saving all the 5 user controls.
how can i achieve this?
Newer to ASP (not VB). Running VS 2010 Ult. Basically I just need pointed in the right direction for what I am trying to accomplish. I am trying to setup a site where a user can create an account, log in and have access to only their "home page". On that home page I want them to be able to have access to their data and their data only. I have created the web site and the login, create user, change password, ect. pages using the built in controls, problem is that about the extent of my ASP'ing.
I would just like pointed in the right direction to be able to code this. Not asking for someone else to do it for me, I want to learn this on my own. I just need pointed somewhere to get me started with member pages and what not.PS - This is what I am looking to doCreate account -> Automatically create user folder and home page within -> Restrict access to only the new user and the admin
I'm making another attempt to find out how to use a different profile in the web application. I though it would be quite simple. but couldn't find an answer anywhere.
All I need to know is how to call "i90ProfileProvider" instead of default "i90PartnerProfileProvider" in C# or VB.
<profile defaultProvider="i90PartnerProfileProvider">
<providers>
<clear/>
<add name="i90PartnerProfileProvider" type="System.Web.Profile.SqlProfileProvider" connectionStringName="i90Partner"/>
<add name="i90ProfileProvider" type="System.Web.Profile.SqlProfileProvider" connectionStringName="i90"/>
</providers>
There must be the way to do this. For user it works just fine:
MembershipUser user=
Membership.Providers["providername"].GetUser("username",false);
If there is a way to add a name for Profile Provider in web.config, then there must be a way to use it.
Or I should do something entirely different to retrieve the user profile form another database?