When I first implemented forms authentication I consulted an article that told me to store the user's custom IPrincipal object in the cache. Is this wrong? Should I have stored it in the session?
View 1 RepliesWhat are the "optimal" parameters for creating an AppFabric cache when you will be storing session state in the cache? MSDN Cache-Related Commands
Powershell command line:
New-Cache [-CacheName] <String> [-Eviction <String>] [-Expirable <String>] [-Force [<SwitchParameter>]] [-NotificationsEnabled <String>] [-Secondaries <Int32>] [-TimeToLive <Int64>]
[code]...
Since I don't want my sessions to be removed unless the session has been abandoned either via code or Session Timeout...For eviction, I would think "None" and for expireable, I would think False.I have tested and calling Session.Abandon does remove the object from the cache. I have also tested to see if by extending my session, the session object in cache is also extended. This does seem to work the "correct" way.
When a use is logged in (Through open-id) we are creating a session variable named "UID" and storing the unique user-id in it. Later we are checking the session to see if the user is logged in. I think this is not the right way, but I could not force the team to change this, as I cannot show how this implementation can be cracked. why (If yes) this implementation is bad?
View 3 RepliesI have created a custom user creation wizard to store custom user information, This is working fine. I am now trying to create a new page to give the newly created user to create users in there own company, so i need to retrieve the company information from the user profile created and automaticlly fill that information into the new create user wizard. ie User from A company logs in. (company_id from profile is stored in session)
User A wants to make another user in company A (but cannot make a user in company B) User A fills in details for new user, Company A information is autofill into new user info. (possibly from session)
I have read alot about storing membership. info into session but i cannot find any code examples of how to do this. I need to find a way to store Company_id into session and then use that for creating a new user with the same Company_id.
i m developing an application in .NET mvc2. i m using aspnetMembershipProvider for User registration and related activities. i need some custom information about user that i stored in a separate table (sysUser for example) and linked it to aspnetUser table through foreign key. after Login i need to fetch user's credentials from sysUser table and push it to the session. For this Account controller's Logon method seemed best to me and i pasted following code in my Logon ActionResult
[Code]....
The code is working perfectly for me and put my desired information in the session but the thing is that if a user selects Remember me and on his next visit he won't have to Log in and i would not find my desired information in the Session. where should i put my code that stores the user information in the session.
If I store all my user info, upon login, in cache and just have a "my account" page that displays the user info from cache, is that a good practice? I'm wondering if a person changes his email or does any type of database modification then the cached variables will be the wrong ones. If I have to update the cache variables every time something happens to the database, is this even a good practice compared to just querying the data whenever needed?
View 3 RepliesIm storing the user details in a session variable(session["userid"]) while login.
[Code]....
Im using the session variables in other forms ,there im checking the session variable using the following code.
[Code]....
In this form im having 'export to excel ' button.When i click this button session variable becomes empty and redirected to the login page.(Im having this problem in IE only but in FF it works fine).
I'm working with an asp.net application that stores most data in a database and not session. I'm wondering of the pros and cons of each and which is the better way to go. For example, you have a pretty busy site and instead of storing user specific variables in session, there is a DB table called user data and it can store all user specific data that can be accessed from any page by querying the database. Which is the better way to go, session or database?
View 4 Replieshow to handle html and scriptswhat . if I build my own CMS? Isn't it inevitable that I'll want to store html code, possibly scripts, and almost certainly apostrophes and special characters, and then display them again.
What's the best way to do this, since I wont want to display the encoded html, but the html itself.
Would it be to encode everything then when I want to actually display the html, decode it, but everywhere else, keep it encoded?
I'm just trying to think of all the scenario's that I could come across when I accept user input where I don't know what they could be typing in. What if I WANT the user to be able to display html? Is it possible to decode only some tags but leave all other tags encoded?
Moderator Note:Post split from this thread[http://forums.asp.net/t/1403132.aspx]
Q: Im a novice with ASP.net. I want to append a UserID to the Context.Identity.User.Name field.
Something like:
FormsAuthentication.RedirectFromLoginPage(UserName+UserID, false);
Where can I set this code while still using asp.net membership and the login control.
Is it possible to set this in an OnLogin or OnAuthenticate event handler.
Is there someway to see the "login control" code, that way I can just copy it but append my own value when setting the name.
I have an ASP.NET website in which the user has the Login/Logout functionality. There are some pages which are viewable only if the user is logged in. Now, after the user signs out, I noticed that the user is still able to see this restricted page on pressing the back button. I want to create the functionality such that once the user signs out, the page should not be viewable. How can that be done?
P.S I am not using built in Login controls in ASP.NET
I know i can store a string in the cache, but can I save a date in cache and retreive it back into a data variable without having to convert.todatetime.
View 2 RepliesI've been tasked with porting/refactoring a Web Application Platform that we have from ASP.NET to MVC.NET. Ideally I could use all the existing platform's configurations to determine the properties of the site that is presented.Is it RESTful to keep a SiteConfiguration object which contains all of our various page configuration data in the System.Web.Caching.Cache? There are a lot of settings that need to be loaded when the user acceses our site so it's inefficient for each user to have to load the same settings every time they access.
View 1 RepliesI am writing a web page that returns a small volume of data from a database table. The database is polled every 1 second and the data will be the same for every user. As every user is accessing the same data, there is no need for each user to poll the database and use up db resource.
Therefore, I think I should be using application caching to store the data in a dataset. However, I am slightly stumped as to how to do this.... because how can i ensure that the dataset is kept up to date.
The only way I can think to do this is to have a master user/session (i.e. the first session in the application) that keeps the cache object updated every second, then other users can use that cache object. If the first session ends, then the next requestor of the cache will pick up responsibility for keeping the dataset up to date.
I have a custom membership user class and custom MembershipProvider working against database. Due to security reasons the user passwords are stored in the database as hashed values. So my procedure
public override bool ValidateUser(string username, string password) is
{
//select hashed password from db
return (EncodePassword(password) == dbpassword)
}
[code]....
I have a login ascx module that needs to handle logged in users.
I am solving this by enabling Session("IdUser") to take Id_User from my database if login and password are correct.
Ok, this works rather OK, but I am using the same button for login and logout, so when I login user I need manualy to reload the page before handler me.load have new values for current session, does anybody know how I can solve this isue.
Imports System.Data
I have a server control that I developed which generates navigation based on a third party CMS API. Currently I am caching this control using the PartialCaching attribute. The CMS uses cache key dependencies to invalidate the cache when a user makes an edit, however in the case of my server control it does not get invalidated and the updated navigation will not show up until the cache expiration set by the PartialCaching attribute.Here is my two part question:
What is the proper way to programmatically cache a server control, without using the PartialCaching attribute, and adding a cache key dependency?
Is it possible to continue to use the PartialCaching attribute and add a cache key dependency?
I am trying to build an ASP.NET site that allows each user to set their own session timeout value. Basically from the user's perspective if they set their timeout value to 30 then that means that after 30 minutes of inactivity they are required to re-authenticate. If they set their timeout value to 0 then that means that they can leave the browser open as long as they want and their session never expires - they never have to re-authenticate. This is different than "remember me" functionality. If they close their browser they will have to re-authenticate.
Currently I am using Forms Authentication in my application and I have one object that I am storing in ASP.NET session. This object is a custom User object that has a number of different pieces of information about the current user.
What code would I need to write so that after successful login, the system has the proper authentication ticket and the proper session expiration value? I keep thinking I have this working and then I notice weird time outs where the system seems to think I am authenticated but my session has expired.
Currently on my login page I am using an ASP.NET login control. i have custom code in the Login_Authenticate event to authorize the user. Then I have the following code in the Login_LoggedIn event to set the auth ticket.
[code]....
My 3.5 app uses Forms Authentication. I create an authentication cookie (ticket) with an expiration date of one day. The cookie's IsPersistent is set to True. I do not use any session variables. Session timeout is the default 20 minutes.
Here's the problem:
When the session times out in 20 minutes, the user is redirected to the logon page even though the authentication cookie has not expired.
Why does this happen? I thought the session and the cookie were independent of each other.
I need to get know how SiteMapProvider.IsAccessibleToUser() works. Built-in XmlSiteMapProvider calls HttpContext.User.IsInRole() which uses System.Security.Principal.GenericPrincipal in case of forms authentication.
Where does the current user gets its roles? Which provider loads this kind of information? I want to overload it and use custom logic.
I am developing a web application. This application is fully customised based on the user settings. Suppose, application hosted on [URL] and user can signup on the website and it will get the domain like [URL] and for user2 will be [URL] so and so forth. so in this case how would I maintain the session for each user? each user will be representing a single website along with public interface and admin pages.
what I am thinking is to store all the setting (for each user) in the database and then when ever server received request then get the user info from the URL (first time only and after get it from the session) and get user details but I am not very much satisfied with this approach.
Once user enter credentials i want his name to be appear on top.User should be maintained through out the pages of website until he choose to sign out.And also diff users will have diff access to some parts of website, like only manager can delete the content.
View 1 RepliesMy web application uses forms authentication. One of my users who uses IE8 says that she always stays logged into the website on her computer. This is even after she closes the browser window and restarts the computer. This only happens on her computer, if she switches computers the same thing won't happen.
I'm baffled by this. Is there a setting in IE that could save her login information and automatically sign her in every time she accesses the website? Is there anything else to look into?
when ever i check User.Identity.AuthenticationType the returned string is 'Custom' always, doesn't matter my authentication type is 'Windows' or '''Forms'.
I want to do some different coding in aspx.cs for windows and forms authentication, but i am unable to differentiate between them because 'User.Identity.AuthenticationType' always returns 'Custom'.
I have searched everywhere and can't find a great solution. All I want to do is have about 40 extra fields that save to a SQL database when creating a new user. Will also need to keep the functionality of roles so I don't want to completely override the built in functions.
I have seen the ability to put the data into a profile, but as I understand that will not save to the database in a form that I could join/select against.
There's the ability to tie onto the end of the CreateUserWizard1_CreatedUser, but then it's an extra select/insert into a separate table. Would be nice if I could keep everything in 1 function and in 1 table.
So what is the best way to add a bunch of extra fields into the database when creating a new user?