Security :: Allow Users To Register At Site And Login?
Feb 25, 2010
I'm at the point where I want to allow users to register at my site and then allow users to login, so I am trying to get a feel for how everyone is handling this use case.
am working on a new site and i want to do tothings for security1. I want to encrypt the password of the user who register on my site and also decrypt it to enable him in login again.2. I will make an online exams so I want to disable the user functions to hack the exams materials such as (print page, print screen , or even selecting data manual by mouse )I googled a lot about this matter I found java scripts to make this but what about the users who will disable scripts on their browsers. So I want to do this with C# Code.
I have an application that uses the ASPNET role provider.My SQL Server crashed so I took a backup of the database and restored it to a new SQL Server and changed the db connection string to that server.The web site runs but no users can login to the site.Is there something that I should have done when the db was on the other server?
I have a website that has a secure admin section with its own login page and a public area with another section that allows people to register and login (using a different login / register page). In my web.config file I have this entry <location path="MemberDetails.aspx">
I downloaded the complete web dev 2010, asp.net and sql from your site, installed everything went ok, created site, published again everything ok. Asked in forum about images got answer and everything workedok.When I first set the site up, I could login and register new users, great I thought, however I then tried to create a page with a data set on it to view those users, I created a connection string with the wizard, tested connection which worked.When I published the page it came up with a ton of errors and after that I couldn't login or register any users, anyone got any ideas.
I have two application (one of this is mojo portal): [URL] for some users when they login into "app" then the login in "mojo" doesn't work and viceversa. I've set the machinekey into web.config file. When the users remove all cookies and session data the login works again. The two application are into a Web Farm. Should be ARR the problem?
I am doing a simple secured site using the login control. I would like users to be redirected to their dashboard page once they log in, but after that if they choose to browse I do NOT want them redirected based on their login status. I am using the generic template provided in VWD with the basic login setup in the template including the tabbed ASP menu control - nothing fancy, nothing custom. This is intended to be something very simple and quick. Here is the code I am using for the page load...
[Code]....
So if I do this code WITHOUT the "IsPostBack", logged in users are always redirected to their dashboard and cannot see the hompage. However with that IsPostBack test, the redirect after initial login doesn't work.
I know this is extremely basic and simple, but I am restarting with this stuff after a year away, and I need a nudge.
Working on my first asp.net webpage. i have followed video tutorials and implemented asp.net membership for login/security.Using Visual Studio 2010 i can open the Asp.net configuration page for management locally.But then if I want my site admin to manage users/security online, how is this done? Like manage through a web browser. I guess this asp.net configuration GUI is not available on the internet?
i used security in login page which restricts all users who have not logged in to all pages. I need to restrict specific users to specific pages. I'm not using AspSqlService provider. So i cannot create roles and restrict automatically. And the pictures i use in login page are not visible @ runtime.
I created online store following MvcMusicStore tutorial in MVC 2. Used standard login view as shown in tutorial. I created database on new server and it's working well - I can search for albums etc. The problem is when I am trying to register new user - I am getting error listed below (can't log in too). I created new database using aspnet_regsql.exe. Server authentication is set to SQL Server and Windows authentication mode. Server Error in '/' Application. Login failed. The login is from an untrusted domain and cannot be used with Windows authentication. Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.
Exception Details: System.Data.SqlClient.SqlException: Login failed. The login is from an untrusted domain and cannot be used with Windows authentication. Source Error:
[Code]....
Line 125:Line 126: MembershipCreateStatus status;Line 127: _provider.CreateUser(userName, password, email, null, null, true, null, out status);Line 128: return status;Line 129: }
Currently in my application using LDAP to authenticate user to a specific domain & then i check if the user exist in my site database.
Now i need to also allow users who do not belong to this specific LDAP domain to access my site ..How can i make it possible withoput affecting the exisiting users?
how to write/use/implement a script that will allow users to enter a web application by clicking a button rather than entering their ID/PW? Seems like a lot of terminology around, SSO, Blind logon, yet all seem to be doable with an ASP script -
Web App contains detailed security for users, not all users are on Win AD, so that is not an option., I'm told (?) Do I need to use a spreadsheet to validate users access to the application, ?
Script that would pass "cookie" info and allow users to enter app without ID/PW. We have a custom logon.asp page the is using forms.
I have an asp login control that uses the standard aspnet database structure.I am using my own user identification system to identify a user based on login values that are not in the aspnet database and setting the user's aspnet database login to a universal login user and password.this works fine and I am able to test this by having one machine log in as "User 1" and another login as "User 2" but I am wondering if there is a limit to the number of user's that can be assigned to one username and password in the aspnet database for website access?Will the system reach the max number of user's in the aspnet database?
I have a folder within my website called 'ProtectedPages' which contains pages which users can only see if they have logged in (MyAccount.aspx etc). If they bookmark that page and try to go to it without logging-in, they are immediately bounced to my login page.However, if I have text files, images etc. in there, then it seems users can get to these fine without the need to login - all they need is the URL. For example, I could send the URL http://mysite.com/ProtectedPages/MyAccount.aspx to a friend and he wouldn't be able to access it until he had logged in. However, I could send himttp://mysite.com/ProtectedPages/ATextDocument.txt and it would show it to him without any problems.How would I go about protecting ALL files within this folder? I have a web.config file within the ProtectedPages folder which just has this information in it (I don't want TrainingAdministrator's to have access to that folder at all)
asp.net 3.5 IIS7 Hosted on Windows Server 2008 (virtual machine)
I have a website which have been running for about a year without any problems. Users have been able to login etc, but now I get reports about users not able to login while using Internet Explorer. Users using other internet browsers like FireFox, Chrome etc have no trouble logging in.
The website are using the standard Forms authentication.
Also lately another website has been setup in IIS7, but these sites are using application pool. I've stopped this webapplication in IIS, but that doesn't have any effect on my problem
I see that Windows Update have failed to install a lot of patches lately, not sure if that is related to this problem. But some of the windows patches are security patches.
I've got a website project and I use my own login security and save the user and other info in session variables. Is there any way to know when they are online and offline by their user name I have in a session variable? Or do I need to use another method such as the asp.net user security?
I do know with the asp.net security I can check if a user is authenticated.
I have the requirement to export all my users and custom profile properties to an excell spreadsheet but i can find a way to do it. I have found several exampls of how to export the Profile information eg(
I have a login form and users have to enter their username and password for entering the sites ..
Also now its possible for users to enter the sites without login .. they can select the options in the menu and access them ... But i want to restrict the users ..only allow them to access the menu componets after login ... If they tries to access the contents a text have to display ask them to login
how can i do that... i am using vb.net as my language in the page
I have a site witl forms authentication using te login control. I altered my sql server, I added a connectionstring and used the connectionstring in both, <rolemanager> and <Membership>. That part of the web.config is listed below.
The problem is that the login control goed to SQLserver to check the users and their passwords, but it goed to the SQLExpress database for the roles.....