Security :: Why Separate Account Data And User Info
Oct 2, 2010If I'm correct the membership functionality separates account and user (profile) data in two tables. Why not one table? What's the design priciple behind this?
View 5 RepliesIf I'm correct the membership functionality separates account and user (profile) data in two tables. Why not one table? What's the design priciple behind this?
View 5 RepliesI have the membership provider and the create user with tow steps, one of the steps contains a custom registration form, for each created user data will be in the database, and there is an account page shows the data that the new created user did insert during the registration process on the custom registration page,
the problem, when the user is created and logged into his account page, this account page shows only the information for the first created user, not the info on the logged in user , but the logged in user data still saved in database and not showing on his account page?
This is web.confg code:
<?xml version="1.0"?>
If WebApp is configured as Windows Authentication, how to get the user credential in code?How to create NetworkCredential using this exsiting user credential?
View 1 RepliesI have developed a web application in which i manage details of different companies,,,for that i as admin add companies and their details in my database...right now my role is administrator in my web application
The problem is everytime i have to update company details and other information
I want companies to update their own information...
so how i can create a role and create usernames for companies so that they can login to their individual accounts and update the company information by themselves ?
One important thing of my requirement: One company can have multiple usernames accounts..
I Have Question : Can I Edit Create User Wizard To Save Info To My Project Sql ? And Where Normal Create User Wizard Save Info Of Register?
View 5 RepliesI've been working through the ASP.NET Security Tutorial 12, seen here:
http://www.asp.net/%28S%28pdfrohu0ajmwt445fanvj2r3%29%29/learn/security/tutorial-12-cs.aspx
Part of this tutorial entails setting up a GridView which is bound to the collection of UserAccounts, and then enabling paging on the GridView. There are the usual four links for First, Prev, Next, and Last pages, which should work because I have twelve users defined, and the pagesize of my GridView set to 5. I've set up the code to enable or disable the paging links depending on what section of the entire UserGrid is currently visible.
So when I first run the website and go to the ManageUsers.aspx page, I would expect to see only the first five users in my collection. But it shows all twelve.
I must have overlooked something, but I can't find it in the text and examples.
I facing a problem here. how can I make the create user wizard category all the new user become normal user role? I have created 2 role which is Manager and Normal User. Normal User can't view the Manager page. But after i create a new user account, i can view manager and normal user page. I want to make all the new member registration will be normal user role?
View 6 RepliesIn a web page,I can use the following code:
[Code]....
But that doens't work in a web user control. Am I missing a reference, or something?
Using visual studio 2010.
Dragged and dropped a login control onto a blank content page. Set up my web.config (i'll include the code for that at the end). It seems to want to use a sql database to store the info. I just want to use the web.config since it's just a single user and a simple site. I thought I could just drag and drop the login control to a page and that would be the end of it (besides setting up the web.config).
Here's what i have in the config file
[Code]....
I am using the Login control on my login.aspx page to login to my /Members/Default.aspx page to display their current weight and their goal weight using the DetailsGrid. I have everything setup and I can log in and verify the user login name, but it only give one weight regardless of who logs in. Below is the SQL for the SQL Source on the DetailsGrid. I am new with this, Comparing the UserNames on aspnet_Users.UserName and memInfo.UserName should be able to extract that data, correct? Obviously I'm missing something. :)
SELECT memInfo.curWeight, memInfo.goalWeight FROM aspnet_Membership INNER JOIN aspnet_Users ON aspnet_Membership.UserId = aspnet_Users.UserId INNER JOIN memInfo ON aspnet_Membership.UserId = memInfo.UserId AND aspnet_Users.UserName = memInfo.UserName
Is there an easy way to select a specific user that is already logged in and bind all the users info to a detailsview for edit and saving back to the tables?The tabels were generated in AWAT of VS 2010
View 1 RepliesIs it possible to SUSPEND a user account? I want to do an application in which the admin retrieves a list of all the user accounts in the database, and select a particular one to suspend it. And, that suspended account would not be able to log in to the application?
View 4 RepliesI have used membership provider to implement my system. The system administrator can list the users. What I want to do is, administrator should be able to sign-in as the selected user. I can sign out administrator by FormsAuthentication.Signout but how can I sign in as the selected user? Passwords are hashed so I can not retrieve the passwords.
View 5 RepliesI have read the post at http://forums.asp.net/t/1403132.aspx regarding login control. Is there a place to store the User logged-in ID (info) for later checking and use? I don't need to use the session object. I don't need the page to expire. I don't need the user to use a page saved in the favoites.
View 3 RepliesI need to create individual account for a big group of people (around 200) from an Excel spreadsheet. What is the best practice? It will take too much time to create account using web form. I think there must be a way to do it. I tried to use Stored procedures created by ASP.NET.
View 2 RepliesI have a custom ASP.NET application which is hosted in the SharePoint _layouts directory. The code uses the object model to do certain actions on a SharePoint list. I'm receiving the following error when trying to perform
[code]...
When I give my user account administrator rights on the server it works fine, so it's a permission problem, but can't figure out what it is?
the only way to make themes work is to allow user "Everyone" to access the folder App_Themes. I am wondering if a more specific user instead of "Everyone" can be granted the access to allow themems work.Account "IIS_IUSRS" and "NETWORK SERVICE" have already been granted access.This is about folder access of Windows 7 running IIS7, not web page authorization configured via web.config. The web page is browsed via local host (i.e. the web page address is something like "[URL]
View 1 Repliesuser phoned me and said he received an error when attempting to login stating that his account had been locked. I had to unlock the user account today manually through the user interface. Several hours later I had to do it again. Afterwards, when I looked at the aspnet_Membership table it showed NO failed login attempts. LastLockout date for that particular user was set to min date. FailedPasswardAttemptCount was zero. FailedPasswordAttemptWindowStart was min date. I then proceeded to fail logging with the users account name.
View 3 RepliesI have an application which is installed on local pc and is using SQL db. It is a client management system where I want to add capability to register new clients and give them access to my web site which is sharing the same SQL database with local application.
At the moment clients can register on the web site and I have ASP.NET authorisation system set up with aspnetdb_user, aspnetdb_membership and etc tables. But sometimes it happens that I need to register clients on my local application on PC and ideally would like that registration to create online account for the client as well. Then I want to be able to send him user id and password by email and let him know that he has been registered in my database and online account is ready for him as well.
Basically I want to have full synchronization between asp.net membership service and local application through SQL db. As I said both online and local apps are shareing the same SQL database. what would be the best practice to implement it.
The result is FALSE after the first step in creating a new user account:
<asp:CreateUserWizard ID="CreateUserWizard1"
<asp:CreateUserWizardStep ID="CreateUserWizardStep1"
The result is TRUE after the second step in creating a user account
Could anyone provide guidance about the common technique of sending an email to the new user -> new user clicks the link in the email -> and then the account becomes activated and ready for use?
Currently using the CreateUserWizard control in .NET v4 and a Membership db in SQL Server 2008. If I need to do this via custom code and not the CreateUserWizard that's fine. Would be nice to see expert thoughts on this common, enterprise quality, new account validation technique.
The link below outlines a technique for sending a confirmation email but does not include activation:[URL]
[Code]....
I used this above sample to send Verification link but it didn't work ! it gives the error on this line;
[Code]....
Do anyone knows how to lock a account after a user enters the password too many times.
View 3 RepliesI wrote an asp.net application that I'm trying to run on a godaddy domain I bought. I need to read a file in a folder that I did not give read access to so that your average user cannot see in the informaion in that folder. I assumed that the asp.net program would have the same credentials as myself because server-side code. Turns out I am wrong. When I go to use the asp.net application it throws an access denied error saying that the ASP.NET user account has to be given permissions to access the folder.
After talking to two different tech support people at godaddy I've come to the realization that they are either dumb or lazy (or a combo of the two).I came across some code that you can put into the web.config file that would allow the asp.net application to impersonate a user, which would work great to use myself as the impersonated user. However it seems that godaddy cannot give me the name of the server that my domain is on (that's understandable) so I don't know what to put in the identity tag to get this to work.
Here is the code I found:
[Code]....
(of course I filled in the username and password with the correct info)
When I went to use it again it threw this error:
System.Web.HttpException: The current identity (PHX3username) does not have write access to 'C:WindowsMicrosoft.NETFrameworkv2.0.50727Temporary ASP.NET Files'.
Do I just need to make a field for account type in my user account table? In a technical way, if(account type = admin) then the account would log as admin; otherwise, a user with less privileges.
View 7 Replies