Security :: Detecting Users Don't Log Out Correctly
Sep 4, 2010
I have a web site which uses forms authentication and we have a log out page which will sign out the user and set that they are signed out in the database. This needs to be done as they use concurrent licences. The problem is that users are closing down the browers without logging out, meaning that the database shows them as logged in. I would use javascript onbeforeunload/unload functions to call a webservice, but this is unreliable to actually know if they have closed down the browser. or just hit refresh. An idea i had was to have a web service fired every 20 mins to detect if a user has loaded any pages within 20 mins, if they have not then to set them as logged out.
We have implemented the ASP membership and roles..and we would like to display the users currently logged in and also display the number of users online so we can display that on the page. The list of users woudl only be available to our admins. BUt the number of users will show for everyone.
I just realized after i created a test account i was not in any roles. Is there a way to automically add new users into the role Users? Have i missed this some where?
Basically no unauthorized users should be able to use the system, so they get properly redirected to Home.aspx which has the login controls.
The Administration folder contains a page that should be only accessible to authorized users, but also only to users that belong to specific roles. So I have a web.config inside the Administration folder as this:
[Code]....
At first sight I'd say that this configuration would check that only SystemAdministrators and AccountManagers can access the SecuredPage.aspx. But it doesn't. If I log into the system as a regular user (not part of the roles) and then go to http://mysite/Administration/SecuredPage.aspx, it allows me in, instead of showing a "your not authorized" message.
I've also tried with location=Administration so to secure the entire folder, but same results.
There seems to be something wrong with the create user wizard?I am using hashed password storage. When I change it to clear storage I see the user's password is being stored as something completly different than what they typed in.Example: changeme1 now equates to something like: 4W*KQQ4%=SIf I use 4W*KQQ4%=S as the password to login with it works but changeme1 does not.When I use the reset password wizard it updates the password just fine and it works when I login next.Any clues what could be causing this?
i used security in login page which restricts all users who have not logged in to all pages. I need to restrict specific users to specific pages. I'm not using AspSqlService provider. So i cannot create roles and restrict automatically. And the pictures i use in login page are not visible @ runtime.
Working on my first asp.net webpage. i have followed video tutorials and implemented asp.net membership for login/security.Using Visual Studio 2010 i can open the Asp.net configuration page for management locally.But then if I want my site admin to manage users/security online, how is this done? Like manage through a web browser. I guess this asp.net configuration GUI is not available on the internet?
I have a web page where I am denying anonymous users from accessing. In the web site I have a folder called FileManager. In the web app the usres have the ability to uploaded files and when they do a folder gets created under the filmanger and the files are saved. I have created a web.config in this folder that denies anonymous users. The problem is if the user knows the directory structure they can type in the url of the site add /FilManager/x/x/NameOfFile, where x are the sub directories. If the file is an image it shows the image in ie, if it is a .xls or .doc or what ever they get the prompt to either download or save the file. What am I doing wrong. Will the web.config file not stop an anonymous user from access files? I put a webpage in the folder and it is blocked and the user gets sent to the login screen, but files seem to be unsecured.
How do I block anonymous users from being able to access the files in this folder?
i have a gridview that displays a number of columns, there is some rows that are to be confidential for some users "secret" records, i.e some users will see some of the rows as access denied in the cells and they won't be able to click the row to take them to detail page. other users will be able to see these rows data in the cells and able to click on the row header to take them to detail page.
how to display data/links in grid view cells selectibaly without changing the data in database?
I have an application that uses Forms Authentication and Role Management. I have a few users with more than one role associated to the user. Based on certain roles, the navigation menu displays certain menu options.
Right now, if the user has more than one role, the menu shows the items that are in both roles instead of the items that are in the particular role that the user is logged into or currently set to.
I'm creating an Authentication Ticket to log the user in and I'm passing the active user role as follows:
authenticationTicket = New FormsAuthenticationTicket(1, UserName, DateTime.Now, DateTime.Now.AddMinutes(20), False, UserRole)
Is there anyway to set the user to one particular role and have the application see the user in this single role instead of reading all the roles that the user is in?
I got this login system where I need to set a session for when a user log's on, eacth user have 2 id's, and I need to get one of them to get the right content from my DB... So how do I get my users id's from my session's?
I have been trying to change a users password, I have been using this code
[Code]....
I do not get an error during the try routine, but my problem comes that when the user goes it insert their new password (using login Control) it says that the password is wrong.. and they then can't login using either their new or old password.
All Password critria is met, web.config if set so passswordQuestion = false
is there a way i could find out how to get all the users in a group on my domain, i have a domain called "cot", within that domain we have multiple groups like "RO,Admin,PM,SPM and 2 or 3 more", i need to get all the users in a particular group, i am using vs2008 and coding on webforms with c#, i have tried various example i could find online but none have worked for me so far.
I know how to identify the current user during a specific browsing session and can thus control the data, etc, made visible to that individual user. I also know how to find out how many users logged in within the recent past, using:
Membership.GetNumberOfUsersOnline() .... which I believe calculates the number of users who have logged in within the past 15 minutes. However, I would like to know if there is any way to identify all the users who are logged in at a point in time. Is this possible?
I am using ASP.Net Forms based security with the login control. On my site a user will make a number of selections that will be written to a database. Is their a unique user id that I can get from the AspNetSqlProvider that I can use to id users in my database? When a user logs back in after being away I want to be able to retireve the users information using this id.
how to write/use/implement a script that will allow users to enter a web application by clicking a button rather than entering their ID/PW? Seems like a lot of terminology around, SSO, Blind logon, yet all seem to be doable with an ASP script -
Web App contains detailed security for users, not all users are on Win AD, so that is not an option., I'm told (?) Do I need to use a spreadsheet to validate users access to the application, ?
Script that would pass "cookie" info and allow users to enter app without ID/PW. We have a custom logon.asp page the is using forms.
I'm workin with Visual studio 2010 and I'm trying to create an ASP.net Web Site, language used - C#
I have 2 different pages, for 2 different users with 2 different roles.Each page has a textbox.I have already created them.What I want to do, is to make a bind between this 2 textboxes, so that the second to get the first boxes' text.I managed to do it, but only if the textboxes are on the same page, very easy (Textbox2.Text=TextBox1.Text) . But how to do it for 2 different pages, for 2 different users with 2 different roles?
Another trouble would be....How can I connect the both users same time....after i start debugging the project, I do a sign in but when I sign in with the second user,the first is automaticly siggned out and the text it's lost.Then, how can they synchronize and the second user see what the first one wrote,using that 2 textboxes? Wich is the solution?
am developing website in that website no.of users are there every user contain related data, the data should be in xml files ,how to provide authentication every user by using xml files .how to write xml file names in web.config in sql we can use connectionstring ,in xml how we can write them give examples.
I am useing asp.net membership to store my users and under each users profile there is a field for their supervisor. I would like to get a list of all the users with the supervisor "Jon Doe". Is there an easy way to do this or would I just have to loop through each user and see if there supervisor = "Jon Doe" then if it is store there username in a list?
