I have a website created in ASP.Net 3.5(C#) and I have configued asp.net defalut membership provider for it.There are 5 different type of roles in this site. Now I want to display a small role based (i.e. depending upon the logged in user's role) menu whenever a user log-in to the site.For this I have added the code in the OnPageLoad() event of the master page, here is the code -
[Code]....
Now I wanted to know Is this code is logcally correct? And what is the security level of this code?
My web app has 3roles, I need to lock down certain sitemap menu items based on the users role and what I'm using isn't working.
my roles are Supervisor, manager, and User.
[Code]....
I only want those roles to see those menu options, I do not want someone with a user role to see those options at all. Currently if I log into my site with a user role, I'm seeing everything on the menu (via the sitemap).
I am creating a interface for User Role Management based on built in membership provider.I want to display all the roles as check boxes for a selected user. I am able to display all the roles in the database, but not able to load the specific user roles. For example, I am able to publish role 1 role 2 role3 role 4 as check boxes. But if the user is already flagged as role 1 and role 3, I am not able to show that data (role1 and 3 should be checked when form loads, but right now, they are not checked)...How do I get the roles as checked boxes display on a page.I am using a repeater control to display roles as check boxes on the page..
I hv created menu using sitemap xmldatasource now i want to display that based on Category or Roles. I have Created 4 Category in my sql Server 2005. when particular user logged in based on his Category menu nodes should display.
i am developing a website in vb.net ,as i am having 3 urser,customer,admin,and employee
i have taken the loginpage and in the codebehind i have permission access to the customer,admin and employee,with different user names and password now my problem is how to make the page to recover the password if the user forget the username or password
I have implemented role based security in my asp.net 2.0 vb.net application using windows authentication and the windowstokenroleprovider and limiting access to certain pages using the location tag to specific active directory groups.
The issue is that when a user tries to access a page they are not authorized to view it brings up a login prompt and when it does not pass it takes them to the default page that tells them they are not authorized to view the page. I am wondering if there is a way to throw up a custom page that tells them they are not athorized to view the page that I can incorporate into the site itself with the header and so forth? if this page could come up in lieu of the sign in box popping up as well.
I am currently working in an ASP.Net application where i need to implement ASP.Net Membership and Roles. I have used Login controls in my pages. Also I am using a menu in the master page, which is getting data bindings from database. For data bindings I am using XMLDatasource and a transform file (.xslt file). I need to bind the data to the Menu based on the user roles.
My issue is that the generated Menu is not behaving consistently. Sometimes it will show the correct menu for a particular role and some times it will show previously loaded data.Providing my code here:
masterpage.master.cs private void LoadMenuItems() { System.Security.Principal.IPrincipal User; User = System.Web.HttpContext.Current.User;[code]....
I started out with the following code which worked fine, no problems:
[Code]....
I've since expanded the above so that it uses different providers according to the current logged in user. Here's the code since my changes:
[Code]....
I'm not getting any error messages but when I view the web page in the browser, it is stuck in a continuous loop where the page displays (correctly), then posts back to the server and displays again.
We are trying to implement Custom Role membership provider for our web app. For authorization we want to check for one more field like Facilityid for the logged on user along with role he has. eg. my User1 having Role1 with Facility1 can access some option and same user role for Facility2 have different option. So is there a way we can extend the existing role/profile provider to authorize user with this additional field along with role assigned.
I have an existing ASPNET role/membership database created on SQLExpress 2005 (WIndows 2003 Server). I created it under the .NET 3 framework many years ago using the aspnet_regsql.exe application in full GUI mode.
I am setting up a new Windows 2008R2 server with .Net Framework 4 and SQL Server 2008R2. I don't want users to have to recreate accounts or create roles, etc.
So...
1. Should I backup the current database and import it into the new system, and if so do I even need to use the aspnet_regsql.exe application. (If so which version do I use, different aspnet_regsql.exe files exist in different directories (i.e., FrameWork, FrameWork64)
2. Should I just run aspnet_regsql.exe on its own and then somehow try to import the current data into those tables.
I am concerned that if I just import somehow the roles within SQL server will not be created properly.
This is probably a lame question, but I know little of web development. I inherited a web project that I'm trying to get running locally. I get the mentioned error on line 46.
Line 44: </authentication> Line 45: <membership defaultProvider="AD_MyCompanyName" /> Line 46: <roleManager enabled="true" defaultProvider="ADRP_MyCompanyName_Readonly" cacheRolesInCookie="true" cookieName="MyCompanyName.ROLES" createPersistentCookie="true" cookieSlidingExpiration="true" cookieTimeout="240" /> Line 47: <profile enabled="false"/> Line 48: <customErrors mode="Off"/>
This code works on the old developer's box, but not on mine. I've been working through some TFS checkout issues on his box, assuming it was simply files left checked out. I can't figure out where the providers are added. I don't see them being added in the config file above. In fact, if I search for "AD_MyCompanyName" and "ADRP_MyCompanyName_Readonly", I get no hits in the entire solution. I can't figure out what they are. Not sure why it works on that box if I can't even find the providers being added.
I'm building an application that will be used by a number of different schools who want completely separate databases so I've decided to have multiple connection strings and membership/role providers in my web.config file. In my code, I'm trying to set which connection string and provider to use at runtime for the correct database according to the logged in user.
I'm coming into a lot of bits in my code that previously worked fine, that now don't. For example, I used to use:
[Code]....
But now that I've changed it to this, it doesn't work anymore:
[Code]....
The compiler tells me that AddUserToRole is not a member of 'r'. I've had similar problems not just with Roles but Membership too, like with calling CreateUser.
I'd still like to be able to use all these methods that I was using before which are extremely handy. I just want to be able to set the membership/role provider at runtime rather than use the default one. Am I doing something wrong? Is there a simpler way to go about this?
So i would like that the page "pag1.aspx" is reached bypassing the "main.aspx" so If I try to digit directly on the server http://localhost/forms/pag1.aspx?C=159 ......correctly appears the login page....and the URL became..
http://localhost/Forms/LogIn.aspx?ReturnUrl=%2fForms%2fpag1.aspx%3fC%3d151&C=159 and after login I can see correctly the page1.aspx . when I try to reach the page from my browser..I digit
http://myserver/forms/pag1.aspx?C=159 .... the login page appears...but the url became..
http://myserver/Forms/main.aspx
and after login I cannot see the page1.aspx....but main.aspx
I have a "UserDetail" table in my "JobPost.mdf". When I click the "delete" linkbutton, it can delete the all User info from my "UserDetail" table, it also delete the corresponding "aspnet_Users" & "aspnet_Membership",but the "UserInRole" still contain that UserName. Even though I specified the Code:Membership.DeleteUser(UserName, true);
I thought true is for bool deleteallrelated data, but it doesn't really delete the userInRole. So next time the user registers with the same name, it automatically get the "admin" role right. This "deleteUser" page I keep it inside a protected "admin"folder. How to solve it? Why Membership.DeleteUser(UserName, true) doesn't delete UserInRole?
protected void GridView2_RowCommand(object sender, GridViewCommandEventArgs e) { if (e.CommandName == "Delete") { string UserName = e.CommandArgument.ToString(); Membership.DeleteUser(UserName, true); JobPostDataContext db = new JobPostDataContext(); var query = from u in db.UserDetails where u.UserName == UserName select u; foreach (var item in query) { db.UserDetails.DeleteOnSubmit(item); } db.SubmitChanges(); FormsAuthentication.SignOut(); } } My web.config inside the protected Admin folder: <configuration xmlns="http://schemas.microsoft.com/.NetConfiguration/v2.0"> <system.web> <authorization> <allow roles="Administrators" /> <deny users="*" /> </authorization> </system.web> </configuration>
I need to populate a dropdown list with users who match certain role criteria. For example, if I have the following roles: Manager, Employee, Supervisor I would like to populate the list with only the Manager and Employee roles. Some individuals have multiple roles and they should be excluded if they also have the Supervisor role as illustrated below:
Name: A , Role(s): Manager, Employee, Supervisor
Name: B, Role(s): Employee
Name: C, Role(s): Manager, Employee
The final list should only contain names B & C.
I can use Roles.GetUsersInRole("Employee") but I am not sure if this is efficient or not.
returns the error: The parameter 'username' must not be empty.Parameter name: usernameI want to check if a user is logged. If not logged in redirect to loginerror.aspx.
I have master page, menu on master page, i use asp roles and trim menu item based on user roles and rights this process is working fine.
Now i have to create some reports based on user roles, and responsibility in a company like country head will view country wide reports, manager region will only view regional report and rest will view reports related to them.
How can i achieve this efficiently using asp roles.
How can I implement role based security that would show the admin tab if the user was logged in as a admin by using (ul-li) like the below code as a simple example. I do not want to use the menu control is this possible ?
I am building an ASP.NET 3.5 Web Application and I am NOT using the membership provider for security. In the application I have a role named Admin and all the files for this role are inside the Security folder in the project. Currently for all the pages inside the security folder I am checking to see if the logged in user's role is an Admin or not. This to me seems very redundant, can do something like "If the user is requesting a page inside the security folder then check his role".