Security :: Using Membership Controls With Custom Security?
		
			Apr 14, 2010
				I am building a site and I want to use the default membership controls provided with asp.net like Login View Control etc. I don't want to use the ASP.Net Membership DB as I want to use my own Security structure and I don't want to inherit the ASP.Net membership class either. In my case how can I use these controls to aid me like how will a login view control detect if someone is authenticated or not. 
	
	View 7 Replies
  
    
	Similar Messages:
	
    	
    	
        Mar 21, 2010
        I'm new to ASP.NET and I don't exactly understand some features.
I have a custom  membership provider TestMembershipProvider which inherits from MembershipProvider. It has the following CreateUser method:
[Code]....
It's absolutely simple code.Then I have two text boxes (login, password) and the button to register a new user. I thas a following code:
[Code]....
 
[Code]....
Authentication in web.config is set like this:
[Code]....
No matter what I write into textboxes, following error is being returned:
The password retrieval question provided is invalid. 
I don't know why. Either in web.config or in get RequiresQuestionAndAnswer I have false value. When I instantiate my TestMembershipProvider and call CreateUser directly instead of using static Membership.CreateUser, it works fine. Do I have to use instance of my TestMembershipProvider or did I missed anything?
	View 1 Replies
   
  
    
	
    	
    	
        Jan 5, 2011
        This is my first membership provider; I converted the sample provider [URL] to SQL. I created a vb class provider and put it into the App_Code folder. After it was created I tried to modify my webconfig but the error pops up. I don't know what else to try, I don't know if I have missed something
webconfig:
[code]....
	View 1 Replies
   
  
    
	
    	
    	
        Oct 11, 2010
        I am working on implementing a custom membership provider that works against an existing schema in my database and have a few thoughts/question.The login control will automatically call the ValidateUser method of the membership provider, so no matter how I implement the provider the only thing the login control cares about the bool value returned by this method.  What I am confused about is there could be numerous reasons why a login attempt failed; user is locked out, too many tries in a period of time, etc.  There is no way that I see to convey that to the control so it could display the proper message.  Other properties of the membership provider such as PasswordStrengthRegularExpression have absolutely no effect on the login control as well (out of the box), I would have hoped that it would automatically somehow translate into regular expression validators, but that doesn't seem to be the case.  So it seems that I need to initialize the login control properties with these settings out of the provider configuration if I want them to take on the control itself.
If the only thing that the Login control does out of the box (without manually handling events and doing the initialization as described above) is call the ValidateUser method on the membership provider, I see no way to convey back to the Login control why the validation failed or even doing things like throttling the validation requests based on a certain time window.  Ultimately my question is why would I even use the membership provider then in conjunction with the login control?  It seems like it was only designed for a Yes/No type response, which is very restrictive.  If I want to build in logic with different messages back to the user I need to handle the login control events and call my own authentication classes that will handle all of my business requirements as well as return a custom error message back to the Login control to display to the user so they know why their attempt is invalid.
Unless I am wrong in my assumptions, it seems that the interface between the Login control as the membership API is too restrictive to be useful.  Perhaps the API works better for other auth controls like ChangePassword better but for the actual Login control I don't see the point.
	View 1 Replies
   
  
    
	
    	
    	
        Oct 13, 2010
        I create custom principal for implement logic for users. In identity I store Id, Name. But it abnormally - this classes must use for authenticate and authorize. 
I can implement custom MembershipUser, custom Roles and Membership provider. 
How to do it? What best practices are?
	View 5 Replies
   
  
    
	
    	
    	
        Mar 25, 2011
        I have a custom membership project for my asp .net website and I want to use a few custom variables for use in the ValidateUser function, can I set these somewhere like in the OnLoggingIn method of the Login Control?
	View 2 Replies
   
  
    
	
    	
    	
        Oct 27, 2010
        i'm new to the mvc framework but i used forms authentification in an asp.net webapplication. Because im forced to use Sybase SQL Anywhere server i use membership / profile / role provider from sybase.Why i can't login in the MVC Application? When i create a user via mvc web control i'm logged in. But when i logout and try to login i get a error that username or password is not correct.Maybe someone has an idea? Could it be a problem with the application name? Both have the applicationname " / " ?Both applications has these web.config entries:
[Code]....
	View 3 Replies
   
  
    
	
    	
    	
        Mar 28, 2010
        ASPNETDB Problem - Unable to connect to SQL Server database
now, after some real soul searching, i managed to get it working, however i want to do the following:
I have a table in a database I created called "Students". Now, I have a studentId and a password in that table. What I want to do is allow users to login using their accounts.
However, I am having real trouble doing this. I want to create a custom membership provider, etc.
I have been crawling through the net looking for ways to do it but some of the sites I visited had too much complicated code.
What is the best and easiest way to do this?
	View 1 Replies
   
  
    
	
    	
    	
        Mar 29, 2010
        My question relates to membership providers. I have two websites that run on two different servers. One website is a community website that uses Telligent community server 2007. The other is a website that contains information. I have a form where users can request more information. What I would like to do is when a user requests more information, automatically create a user account in my community website. I was told that I can create a custom asp.net membership provider that will create a new user account in my community website. I have read some info at msdn and asp.net websites, but I am still unclear as to how I can create a custom membership provider that will work across different websites running on different servers.
	View 1 Replies
   
  
    
	
    	
    	
        Nov 30, 2010
        I'm currently writing a website in VWD2010 Express, which requires me to write a custom membership provider.
I've followed the tutorial here [URL] , which seems relatively straight forward.
I am, however, struggling at the stage where the custom membership provider is included in a site. Now obviously the tutorial writer is using a different version of VS to me, so I've had to adapt it somewhat. Instead of building the class as a dll, and referencing that in a new site, I've started a new site from scratch and added the custom membership provider to the Add_Code file (HDIMembershipProvider.vb). It is now required that I add details of the provider to the web.config file, which seems to be where I am encountering problems.
The tutorial requires me to add:
[Code]....
within the System.Web part of the web.config file. However, upon running the site I get the error:
Could not load type 'HDI.AspNet.Membership.HDIMembershipProvider'.
I realise that how you reference the class must have changed since the tutorial was written, but I can't for the life of me find the format I should be using, and trial&error has turned up nothing so far.
	View 2 Replies
   
  
    
	
    	
    	
        Sep 9, 2010
        I've implemented my custom membership provider. I use third server for authentication (call web method that validates user/password). I need this user/password for retrieve some additional data from this server. Asp.net MVC uses FormsAuthentication and cookie for keep 'login state' by default. It works well when I login on site first time. But when I close and open site again sometime after, cookie keeps it 'login'but I don't have credential for access to server data. I can change cookieless attribute (to 'UseUri' for example) in configure file but in this case I should login again if I open second tab with this app in same browser.My questions:
Is way to call SingOut of FormsAuthentication (remove authentication ticket from browser) when user closes asp.net mvc app?Is secure way to pass user/password data through session? Because server is unstable and interrupt connection often and app should have possibility for silent reconnect.
	View 3 Replies
   
  
    
	
    	
    	
        Jul 27, 2010
        For three days now I have been going from one tutorial/video/sourcecode to the other about how to create the membership-part of my website, but I am still none the wiser :S
I have been looking through this video and these tutorials on the subject, but either they are not what I am looking for or they are too advanced, that I would just write my own user-procedures like I would in classic ASP..
The standard sql membership provider is nice and all, but I really favor using my own database-logic and not drown the website/database with tables, views, stores procedures and highly custimizable features that I'll never use.. That's why I'm trying to build my own custom membership provider
I think I'm on the right track with building a class that inherits from System.Web.Security.MembershipProvider, but when I tell VS to "Implement abstract class" I already have a problem with what I'm seeing: public override string ApplicationName
I know what the applicationname is for, but I am fairly certain that I will never be using the same database for several websites for this project, so why do I need to implement that functionality?
I guess what my problem is, is that although a method like Create-/DeleteUser is handy, I would like to determine whether or notI want to implement that.. Of course the CreateUser is of need to the CreateUserWizard control, but is the ApplicationName really neccesary?
Maybe I just need a little adwise from people that have had a need of custom database-structure - that's actually all I need, I don't think I will see a need for extra functionality codewise..
	View 5 Replies
   
  
    
	
    	
    	
        Jun 3, 2010
        I  am using the createuserwizard but have also created my own database where the data will be stored NOT using the standard aspnetdb.
But i am getting checkschemaversion errors when registering the user. The thing is that the data actually gets stored in my own db even though error occurs.
I am using Membership createuser but how can i override this to use with my own db rather the aspnetdb where it requires all standard tables and stored procedures to be created
	View 1 Replies
   
  
    
	
    	
    	
        Apr 20, 2010
        We are trying to implement Custom Role membership provider for our web app. For authorization we want to check for one more field like  Facilityid  for the logged on user along with role he has. eg. my User1 having Role1 with Facility1 can access some option  and same user role for Facility2 have different option. So is there a way we can extend the existing role/profile provider to authorize user with this additional field along with role assigned.
	View 1 Replies
   
  
    
	
    	
    	
        Jul 28, 2010
        I have a  custom SQL membership provider (NOT using aspdb files but our own 'People' table) that was working fine under development but doesn't even connect when it is deployed on web server. DB connection string has been changed to point to db server (checked against another web site & is fine there). The membership code (in VB) is in App_code directory so am I correct in thinking I don't need a separate DLL ? No error messages nothing just reports failed to login when I type some user credentials.
Web config file as follows 
[Code]....
	View 2 Replies
   
  
    
	
    	
    	
        Oct 12, 2010
        I am using a custom membership provider with a custom ValidateUser method.  The ValidateUser sends and additional parameter to authenticate my users (Username, Password, and Dealer).  I created a custom stored procedure for ValidateUser to call.  I copied over all my users from another table and encrypted all the passwords in the aspnet_membership table using the code below.  My question is, how do I take the password the user enters in the login form and validate that against what is in my aspnet_membership Here is the code I used to encrypt the passwords (not even sure this was the right way to encrypt. Please tell me if I did this wrong):
public static string EncodePasswordNow(string originalPassword)
{        
Byte[] originalBytes;
[code]...
	View 1 Replies
   
  
    
	
    	
    	
        Apr 18, 2010
        so after a short talk with some people around ASP.NET MVC forum I took a huge step and chose to create my own Custom Membership Data provider.. so I logged into sweet google and started searching , it doesnt look that hard and seems totally possible for me , that's what i thought...
So now I opened visual studio , and started to think on few things .. So before I would start typing code , I would like to ask those questionsSo i would know better
1. when I build an SQL object , or XML or w.e object, how do I know which fields I need for my table ? should i just copy them from aspnetdb or is there somewhere it is written?
2. how the heck do I copy lines from webconfig ? and should I get those lines like "reset password" from web config or not?
3. I saw some parameters in "create User" called providerKey or something like that, and also MembershipState ? what exacly are those ?
4. last question: the functions get username , and password and stuff like that , but what If i want to create my own User Entity , is there a way to change what the function gets ? or should i just make another class that get my custom UserEntity and let the first class to send her the userentity as repository ?
	View 1 Replies
   
  
    
	
    	
    	
        Jul 28, 2010
        I'm have a doubt using membershipuser to create users in the AD with Membership.CreateUser Method, does any one knows how can i send  other attibutes to the AD, such as First Name and Last Name?, besides those ones: username
As String, _
password As String, _
email As String, _
passwordQuestion As String, _
passwordAnswer As String,
	View 3 Replies
   
  
    
	
    	
    	
        Feb 2, 2010
        I just created a custom membership provider I would like to know if I can make calls to my data access layer and not put my data access code inside  the membership methods will that prevent my custom membership provider from being thread safe, for example:
public override [Code]....
CreateUser(string username,   string password, string email,   out MembershipCreateStatus status){    // DB calls to my data layer}v.s.public override [Code]....
CreateUser(string username,   string password, string email,   out MembershipCreateStatus status){    // data access }
	View 2 Replies
   
  
    
	
    	
    	
        Feb 19, 2011
        I am trying to build my own custom Membership Provider in an MVC 3 Web Application using C#.
Here is my code:
[Code]....
 
As you can see, I am just starting with it, and yet I've encountered problems.  According to
this tutorial when I right click on MembershipProvider, I should get the option to [ Implement Abstract Class ], but I don't get that ! I am using Visual Studio 2010.
	View 9 Replies
   
  
    
	
    	
    	
        Nov 18, 2010
        I've implemented a custom membership provider (as the user credentials are stored in a legacy application), however, the website is exhibiting two behaviours which it shouldn't. Firstly,  it's not tracking invalid password attempts. My website does not use questions and answers, but according to MSDN (http://msdn.microsoft.com/en-us/library/f1kyba5e(v=VS.90).aspx) the "ValidateUser" method should still track them. When I put a breakpoint on the MaxInvalidPasswordAttempts property it is never even accessed.
Secondly, when I manually lock out a user, I can still log in with those credentials (I have confirmed that the MembershipUser object returned by the GetUser method during the login has the "IsLockedOut" property set correctly).The config file lists only the provider name and type - at the moment I'm hard-coding the provider's properties. (For this reason I'm not overriding the Initialize method.)Either I'm doing something wrong, or I have to track these invalid attempts myself, and fail authentication when the user is locked out - which would seem a little silly, since itappears like the membership provider infrastructure should handle that for you...
	View 9 Replies
   
  
    
	
    	
    	
        Jul 23, 2010
        I've been able to create it. Now I'm confused where  to the type from in the video at 21.39
This is the video:http://www.asp.net/general/videos/how-do-i-create-a-custom-membership-provider
	View 4 Replies
   
  
    
	
    	
    	
        Nov 12, 2010
        i have a custom membership provider and do manual validation of the user when they log in and set a persistent cookie with this bit of code:
FormsAuthentication.RedirectFromLoginPage(this.txtEmail.Text,
this.cbRememberMe.Checked);
The cookie gets set fine. I can tell it has all the data it needs by looking at it in Fiddler once im validated.  However coming back to the site im always getting prompted to log in again.  I am starting to think the problem isn't how im saving the cookie but that maybe my custom membership isn't acutally looking for this auth cookie again.  Or im naming it wrong or something.
Two things
1) My membership provider is custom and NOT added to web.config - it's a .cs file that connects to a CMS back end for the validation and it works fine logging people in and such it just never keeps (or uses) the persistent cookie.
NOTE: the persistence doesn't work anywhere (on my local machine / staging server or live server - Application name is simply "/")
NOTE 2: as an aside we have a google search applicance. Which we baked a 10 year cookie for on this site - we opened up the cookie and used the encrypted string in the google search appliance (this is how you get it to get past logins, etc) and this thing works great-  it logs itself in no problem all the time.  SO i am a bit lost as to why a user with an almost identical cookie is not getting logged in.
	View 1 Replies
   
  
    
	
    	
    	
        Jul 20, 2010
        I want to create a custom membership provider which doesnot has Password Question and Password Answer fields. But has some other extra fields.Is it possible? I am asking this because if I inherit MembershipProvider class then I get forced to use default CreateUser Method which has password question and password answer parameters. I don't want these parameters.
	View 1 Replies
   
  
    
	
    	
    	
        Sep 19, 2010
        I created a custom membership provider in my ASP.NET 4.0 web site, stored  in App_Code, and referenced in my web.config.
However, it doesn't appear to be pulling values out of web.config during initialization.
The code was taken from [URL] , and the only modifications were changing "connectionStringName" here to the name of my connection string:
[Code]....
The connection string always comes back as nothing in this line:
[Code]....
No matter what I change the password format to in web.config, the default value here is always used:
[Code]....
So to me it's pretty clear it's not pulling out values for some reason. Here is the reference to the membership provider in web.config.
[Code]....
	View 6 Replies