Security :: Storing Profile Information Into Session
Feb 10, 2010
I have created a custom user creation wizard to store custom user information, This is working fine. I am now trying to create a new page to give the newly created user to create users in there own company, so i need to retrieve the company information from the user profile created and automaticlly fill that information into the new create user wizard. ie User from A company logs in. (company_id from profile is stored in session)
User A wants to make another user in company A (but cannot make a user in company B) User A fills in details for new user, Company A information is autofill into new user info. (possibly from session)
I have read alot about storing membership. info into session but i cannot find any code examples of how to do this. I need to find a way to store Company_id into session and then use that for creating a new user with the same Company_id.
View 7 Replies
Similar Messages:
Jun 4, 2010
i m developing an application in .NET mvc2. i m using aspnetMembershipProvider for User registration and related activities. i need some custom information about user that i stored in a separate table (sysUser for example) and linked it to aspnetUser table through foreign key. after Login i need to fetch user's credentials from sysUser table and push it to the session. For this Account controller's Logon method seemed best to me and i pasted following code in my Logon ActionResult
[Code]....
The code is working perfectly for me and put my desired information in the session but the thing is that if a user selects Remember me and on his next visit he won't have to Log in and i would not find my desired information in the Session. where should i put my code that stores the user information in the session.
View 1 Replies
Dec 17, 2010
I am creating a website that allows users to login to their gameserver remotely and send / receive commands. The connection happens via an UDP socket and requires simply the IP of the gameserver, and a password.
On my website, users can add servers to their accounts, where the server IP and password are stored in a database. Then they can connect to any of their servers, which creates a new Socket object and connects to it using the IP and password of that server.
This Socket object, embedded in an object that also stores the server IP and password, is stored in a Session variable when the user connects, and is retrieved on every page. For example, there's a page where the user can view a list of the players on the server (and kick/ban them), a page with server settings, a page with messages, etc. All these pages require the Socket connection to get their information (they send a certain command and parse the response). When I need to send a command via the socket, I need to send the password of the server each time (otherwise it does not work). My question now is: how secure is this? The password of a server is sensitive information*, but I am storing it in a session variable and sending it (using the Send command of the Socket object) to the server.
i think the Session variable is stored on memory on the server, so I don't think so, but I'm really unsure about these kind of things and I'd like to be certain that my website is secure. Well, I think it will never be 100% secure but I want it to be at least not worth the effort for someone to hack the password. If it takes a lot of trouble then people wouldn't bother, but I don't want to find out that people's passwords are being thrown out on the street (so to speak) and that my website is completely insecure...
View 6 Replies
Oct 19, 2010
I am useing asp.net membership to store my users and under each users profile there is a field for their supervisor. I would like to get a list of all the users with the supervisor "Jon Doe". Is there an easy way to do this or would I just have to loop through each user and see if there supervisor = "Jon Doe" then if it is store there username in a list?
View 1 Replies
Feb 25, 2010
In my application I am using the aspnetdb membership for authorizing users. I created a new table UserProfiles that will hold their profile information. The UserID is linked to aspnet_users UserID with a foreign key. One of the columns in the table represent CompanyID (int). I want to be able to restrict logged in users to only see records from their company based on the CompanyID. There can be more than one user with the same CompanyID to the UserID would not work. I can restrict their access by UsedID to only see records they created by using code behind:
[Code]....
and my select statement is:
[Code]....
How would be the best way to restrict the selected data to UserProfiles.CompanyID?
View 5 Replies
Aug 27, 2010
I have a site I'm working on where the values being stored in user profiles can change so I need to iterate through all available profile options and display them (say in a label or gridview for instance). Here is an example of a web.config I threw together
<profile enabled="true">
View 6 Replies
Jan 19, 2010
I'm authenticating my users using the following code for the login event:
[Code]....
The following code runs in global.asax at Application_AuthenticateRequest:
[Code]....
Everything works great so far. Next thing that I need to do is add additional user information to the forms authentication ticket using user profile. When I try to add it right after the login code above, I end up getting an error message about anonymous profile. On the other hand, HttpContext.Profile is read only and doesn't seem to work. Is there any workaround for this?
View 2 Replies
Feb 4, 2011
I have not been able to save any profile information? All the tutorials seem straightforward but nothing works.
[Code]....
[Code]....
If I am using the default profile provider, why won't this work?
View 4 Replies
Feb 10, 2010
I have been searching all over for this and trying many different things but so far have had no luck. I need to display the profile information for [all] users in the system within a GridView. For instance, I want to show their Username, First Name, Last Name,Email, etc.I've tried the Profilemanager.GetAllProfiles() method but t doesn't seem to have the fields in it.
View 2 Replies
Feb 19, 2010
I need to know how to change aspnetdb to store profile information unique to each user so that I can restrict records in an sql table to only show that user's records.
So if I make a "companyID" int, identity column where would I put it?
Also, when I write the where clause to companyID = profile (companyID) would that work?
View 1 Replies
Aug 18, 2010
I m trying to use the profile system to get information of the authenticated user form the data base, just like the session system : the user is authenticated then I set same variable with information of this user coming from data base !I am familiar with PHP so i m trying to do it like that !Also, i woul like to join my own data base and the asp.net membership database !
View 1 Replies
Jul 22, 2010
I have a profile page where a user can edit their name, city, image, etc.
How can I display the profile database as a list of users, their information, and their image?
As you know, the profile database is not the same as a custom database. The strings are bunched together.
View 7 Replies
Aug 10, 2010
I am currently useing forms authenticantion with users set up with the Membership API and I have there other information like first name and work phone number stored useing the Profiles API. I want to create a company directory useing a grid view to display every user and there profile information. I can use Membership.GetAllUsers() or ProfileManager.GetAllProfiles() but it does not list any of the custom profile information like name and phone. What is the best way to get a grid view to show all the user information?
View 7 Replies
Nov 25, 2010
When I first implemented forms authentication I consulted an article that told me to store the user's custom IPrincipal object in the cache. Is this wrong? Should I have stored it in the session?
View 1 Replies
Feb 11, 2010
It has been a while since I've built an entire ASP.NET web application from the ground up but I'm about to jump in again. I've built many individual pages, controls, web parts, etc. recently, but nothting 'soup to nuts' for a couple of years. My question is in regards to login security control. I do not want to use the built in ASP.NET Memberhip functionality for various reasons and already have custom code that authenticates the user, controls passwords, login attempts, etc. I am really concerned though about how to validate that the user is logged in (and the best way to do it). For instance, right now I use a Base page that all of my .aspx pages inherit from. In the OnInit() method, it executes code which includes:
[Code]....
I set the Session["LoggedIn"] object to "true" after the user has successfully been authenticated at the Login.aspx page. So, when a user attempts to access any page in the application, if that Session object isn't true, they will be redirected (you can't visit any page without being logged in). This all works great, but I'm thinking I need something more and that brings me here. First, do I need more? Is this enough? I was thinking about creating a cookie with a GUID value and the SessionID (both encrypted perhaps?) and adding that to my Base page so it checks both the current Session["LoggedIn"] value
and the values in the cookie.
View 1 Replies
Feb 4, 2010
I am logged in as user1, and while creating a user in which I have additional information which would store first and last name into the profile database. I have the following code
[Code]....
But because I just have profile like that, it is updating the profile of user1 not the new user i just created
[Code]....
View 5 Replies
Nov 12, 2010
I have created a simply website in which users can log on and complete forms. I wish for this data to be saved for when the user next logs on, but havent got a clue how to approach this.
I'g guessing that the data somehow needs to be saved onto a database that can be accessed by all users when they log in?
View 5 Replies
Apr 4, 2011
I'm currently developing a web site that will make heavy use of asp.net membership. (Using Umbraco, but that just uses the regular asp.net membership provider).I want to store some extended information about a user and I'm considering if I should store the information in the profile or in a custom table. Is there any pros / cons to any specific method? Some properties like payment details are more natural to place in the profile, on the other hand, a transaction log seems less natural residing in the user profile (IMHO). Any thoughts on this?
View 2 Replies
Jan 15, 2011
I am building a RESTful service using WCF. I basically want to save information about a user when they authenticate to the WCF service. For example I want to save their first name, last name, account number , and password in order to access the information in other requests in the same session. Since this information is sensitive I can not store it in a cookie.
I don't want to use asp.net session state because I plan to run this WCF as a Windows Service. Is there something (class, Assembly) I can use that can save user information and retrieve it per request or do I have to create a custom solution that will create an entry in a database every time a client authenticates to the WCF service.
View 5 Replies
Feb 2, 2011
I have a stored procedure which is working fine and also code in my vb class, which when I click on save, looks as though it has executed but no information is saved into the database....
My code used to save the data into the database is below.
[Code]....
View 3 Replies
Oct 26, 2010
I want to pass an asp.net membership user name to a subroutine and retrieve the profile property named FullName for that user, how can i achive this in vb.net?
View 2 Replies
Mar 19, 2010
I want to use Profile Properties to keep some user information and move them between pages. I'm wondering if those profile properties are keeping data session based or when I assigned them is it same for all sessions/ Is this a safe method to use them:
<anonymousIdentification enabled="true"/>
<profile enabled="true">
<properties>
<add name="userid" defaultValue="" />
<add name="password" defaultValue="" />
<add name="username" defaultValue="" />
</properties>
</profile>
View 1 Replies
Sep 12, 2010
in sql i am storing picture information in an image field.
in vs2005crystal report i added this image field.but image is not showing.
View 1 Replies
Dec 5, 2010
I'm being stupid but don't know what I'm missing.I want to use asp.net profile and have a profile property.So in the webconfig for my site I've added:
<profile>
<properties>
<add name="Name"/>
</properties>
</profile>
But in the code behind a page I cannot use Profile.Visual Studio is just saying the Profile is not known in the current context.Thus I cannot do
Profile.Name = ....
or
x = Profile.GetPropertyValue(....)
View 13 Replies
Jun 4, 2010
I am using asp.net 3.5 and Oracle Providers for membership and roles. Now, using CreateUserWizard i can make user register here but for storing custom information like First name, last name, address etc. i am using couple of custom oracle tables instead of Oracle Profile Provider. In this case, i am using the USERID field which is of GUID type as primary key. Now, my problem is that i dont know how to draw information from my custom oracle tables for those users who are currently logged in. I have searched a lot in this forum and elsewhere where there are many topics relating to it but i failed to follow any of them. So, i would request you to kindly guide me to solve the issue. Oracle Membership
Table(ORA_ASPNET_USERS) USERID=xxxxxxxxxxxxxxx(some guid value) Username=abc and so on.. My Custom Table(UserProfile): USERID RAW(16), --> referenced to USERID field of ORA_ASPNET_USERS table fname varchar2(20) lname varchar2(20) I've the profiles of username "abc" having some userid stored in Userprofile table So, how can i fetch data from UserProfile table for the user "abc" when he is logged in?
View 3 Replies
