Security :: Create Own Authorization Login Page?
May 26, 2010which is the best method to create own customized login page?
i m not interested to use inbuilt controls, thts why m want to make own sign up pages and login page
which is the best method to create own customized login page?
i m not interested to use inbuilt controls, thts why m want to make own sign up pages and login page
Trivial question:
Noticed the following error whilst trawling the logs:
Authorization rule names cannot contain the '*' character
I have the code:
[Code]....
Does that mean I don't need to make and authorisation rules - I had used:
[Code]....
Now - is that completely redundant? Also, is * wrong syntactically?
As the title says, if I'm using SQL parameters, ie
SQLCommand cmd = new SQLCommand("select * from users where username = @user and password = @pass limit 1", Cxn);
cmd.Parameters.Add("@user", SqlDbType.VarChar):
cmd.Parameters.Add("@pass", SqlDbType.VarChar):
Can I just enter the parameters value as the direct entry from the input?
cmd.Parameters["@user"].value = txtBxUserName.text;
cmd.Parameters["@pass"].value = txtBxPassword.text;
I would like to create a login page using ASP.NET. I don't want to use the ASP.NET login control.
How do I do this?
I m trying to create a login page. I also show the login status and login name. When I run the page, it shows my username that I login to the windows and give me the logout option. Wheather I have created a new user within the asp.net create user wizard.
View 2 RepliesWhen a user attempts to directly visit the url admin.aspx, and they are not an admin, they are redirected to the login page. However, the user then attempts to visit ViewWeek.aspx, it indicates that they are still logged in. Why does this ASP.NET authorization boot the user to the login screen, yet keep the user logged in? I'd rather it just direct the user to the default URL specified in the forms tag.
Here's my Forms Authentication:
<authentication mode="Forms">
<forms name=".ASPXFORMSAUTH" defaultUrl="ViewWeek.aspx" timeout="50000000" />
</authentication>
I am trying to create a login page on my website. When I view the page in a browser and enter the login name and password, I receive the following error message:
Server Error in '/membership' Application.
Cannot open database "aspnetdb" requested by the login. The login failed.
Login failed for user 'NT AUTHORITYNETWORK SERVICE'.
Description:
An unhandled exception occurred during the execution of the current web request. review the stack trace for more information about the error and where it originated in the code.
Exception Details: System.Data.SqlClient.SqlException: Cannot open database "aspnetdb" requested by the login. The login failed.
Login failed for user 'NT AUTHORITYNETWORK SERVICE'.
Source Error:
[Code]....
Stack Trace:
[Code]....
I was able to connect to the aspnetdb database using the Web Site Administration Tool. The aspnetdb database is not in the App_Data directory.
I have the following lines in my web.config file:
<connectionStrings>
I have many problems. I see the start Login page in Visual Studio 2010 Express. Now, how can create a user? I don't know how can use the db!: My db is Mysql
View 3 Replieshow to create a login page and authenticate it by using sql..?
View 4 Replieshow to create login page using session
View 6 RepliesI want to create a registeration page in asp.net(2.0) without login controls. How it can be done? I have another querry, regarding user details. I want where user information is stored. Can i open that table?
View 2 RepliesI have design form layouts for signup and login pages
provide me the step by step code for sign up and login pages using c# with validation.
I am using asp.net authentication and authorization with form authentication for my web application.
When I create a new user using asp.net create user control,the newly create user automatically gets logged in,the already logged users looses his session.
Don't know why this is happening.Is there some setting for this?
I am writing two ASP.NET apps. One is a web service that provides xml data and the other is a web client that will use the service to display and manipulate data. I would like for the web service to do the membership authentication and authorization. Is there any way to simply point the login controls in my client application to the web service instead of to a database. I assume I would have to provide the necesarry methods in my web service interface, which would then use the membership provider database I created and pass the results back through to the client.
Is this possible? I have seen many articles on security provisioin from a web service but none has really been what I am looking for. I was hoping that, since my service and my client are both written in ASP.NET, there might be some built functionality that would benefit me.
i m currently creating an article module, and i want if user wana comment on to the any particular artical, than he should login any of his mail id like gmail, yahoo hotmail etc and than post his or her comment and after than comment should go into the DB.
View 3 RepliesI've created a page to add users, using the CreateUserWizard, I use the Login Control to login.
I have setup the config file to use my SQL server, not express
<remove name="LocalSqlServer"/>
<add name="LocalSqlServer" connectionString="Data Source=xxxx.xxxx.xxxx.xxxx;Initial Catalog=aspnetdb;Persist Security Info=True;User ID=xxxx;Password=xxxxxx" providerName="System.Data.SqlClient" />
I go to the create user page, add a user.
I can SEE the user on the database using Server Management Studio...
I go to signon and get "Your login attempt was not successful. Please try again."
I have not customized the login control in any way. (OR the createuserwizard)
HOW can I tell where the Login tool is going to get userid and password info?
How can I tell if it is not finding the user or the password does not match?
A few years ago I worked with a team that developed what we thought, at the time, was a unique security model for a company ecommerce site. We wrapped every object (that we cared about) with a authorization / role check. So internal and external would use the same site but what fields, buttons, links etc. that they saw varied with their authorization / role assignments. I know .NET now has some RAD (Rapid App Dev) tools for security / authentication / authorization. Everything I have been reading is based upon securing pages / folders / areas of a site but nothing about the level of granularity we took it to so:
1. Was this not such as good way to go back when we did it?
2. I thought Microsoft had an entire security "plug-in" (Not Windows Authentication). Database, roles, etc.
(Don't get me wrong they have made life a ton easier with what they have given us)
3. What is the current method / practice in use for reasonably high security ecommerce environments. Cookieless Forms Auth? Something new altogether?
I don't have any sub catalogs for the .aspx files and this is my web.config file:
[Code]....
It's as if the Login.aspx won't grab the Site.Master if I add this authorization.
I get directed to the Login.aspx if I try to enter any other page, but without seeing the master page.
Is this enough info to solve this or do you need to know how the other pages looks like?
Currently, when the authorization fails, it redirects to the login page by default. However if the user is logged in, it makes no sense to be redirected to the login page. I would like it to be redirected to an eror page instead.
View 5 RepliesI want to put a Login Control and a Create User Control on the same page.. just wondering, before I start am I going to run into any problems by doing this?
View 2 RepliesI am using Visual Studio 2008 Express and created a login page using the ASP.net web site Adminstration tool security to generate users and passwords.
After login, a new page appears. I have a button to go back to the login page to allow a user to relogin. When I try loging in again as a different user or the same, I get an error saying the resource that I am looing for was not available.
I have a button on the page after login (one this one page will occur) and I am using on on click event to do the following:
FormsAuthentication.Initialize()
FormsAuthentication.SignOut()
Response.Redirect("~/Login.Aspx")
After clicking on this button, the Login page appears again. How can I release everyting to allow it to work like when I first open the application.
This is the error message I get:
Description:
HTTP 404. The resource you are looking for (or one of its dependencies) could have been removed, had its name changed, or is temporarily unavailable. Please review the following URL and make sure that it is spelled correctly.
Requested URL: /MyFirstSite/default.aspx
Version Information: Microsoft .NET Framework Version:2.0.50727.3615; ASP.NET Version:2.0.50727.3618
Server Error in '/MyFirstSite' Application.
The resource cannot be found.
I dont know where to start, but I have a simple issue that you may be able to resolve.
I have a SQL database that contains a table with user name / password / Account level in it.
What I am trying to do is to create a Login page that will use this database and table to authenticate the login.
I have spent some time looking about for an example, and the nearest that I have found is for an access Database, but I really need this to work with SQL.
Our team has recently implemented a role permission based authorization so that we can have granular control. This is similar to what Rockford Lhotka suggests herehttp://www.lhotka.net/weblog/PermissionbasedAuthorizationVsRolebasedAuthorization.aspx I have also read about the Claims based authorization which to me looks very similar to what we have. Can some one put in simple terms what the advantages of claims based authorization are.
View 1 Repliesi doing on a 3 tier project a that required a login page, Im not sure how the flow go for the 3 tier...This is my BLL
[Code]....
This is my DAL
[Code]....
And lastly here is the aspx page
[Code]....
When i try to insert my NRIC and password, it's like not passing through the statement, it just say login sucessfully eventhough i put the wrong NRIC/Password/Not valid..
I need to create an application with Forms Authentication and/or Windows Authentication. If the application is set to use mixed authentication (Forms + Windows Auth) and the user don't have a Windows user account, the login will fail and he must be redirected to a forms login page. How can I do this?
Are there any different way to provide mixed authentication?