Security :: Get The Website To Authorization Via The WCF Service And Membership - Roles And Profile
Jan 16, 2010
I have a client asp.net website that uses ASP.Net Membership, Roles and Profile providers and Login controls. I need to expand the application so was going to use WCF Workflows, the ASP.Net website will be hosted on a different server than the WCF Services so what I want to do is get the ASP.Net Website to auth via the WCF Service. So process will go:
ASP.Net Website ------------------> WCF Service ------------------> SQL Database (Membership, Roles, Profile, Workflow Persistence Data and Business Data)
I tried creating a custom Membership and Role providers but I have had problems managing the users (Membershipuser class) saying null when a vaild user has been return by the WCF Service as can access the properies but not the methods.
View 5 Replies
Similar Messages:
Jan 23, 2010
I am writing two ASP.NET apps. One is a web service that provides xml data and the other is a web client that will use the service to display and manipulate data. I would like for the web service to do the membership authentication and authorization. Is there any way to simply point the login controls in my client application to the web service instead of to a database. I assume I would have to provide the necesarry methods in my web service interface, which would then use the membership provider database I created and pass the results back through to the client.
Is this possible? I have seen many articles on security provisioin from a web service but none has really been what I am looking for. I was hoping that, since my service and my client are both written in ASP.NET, there might be some built functionality that would benefit me.
View 8 Replies
Feb 19, 2010
I want to access membership and profile objects and wants to access profile properties that I have defined in my web app web.config file, from a windows service. Anyone have any idea on how to do this?
View 3 Replies
Mar 21, 2011
I am building a subscription based web site, which currently has three subscription levels, i.e. Horses, Soccer, and Horses and Soccer. I was thinking of implementing standard role based authorization, where a Horses subscriber would get roles including those to use the Horses section, etc.
Should I use a standard role provider, and when a member subscribes to the site, assign roles for his subscription to him, or use a hierarchical role provider, that when asked for the roles for a member, only then uses the member's subscription level to 'calculate' a set of roles for the member.
View 2 Replies
Mar 23, 2011
I'm investigating creating a WCF REST service for an existing asp.net application to be consumed by various clients including Windows Phone 7, Android, iPhone apps etc.Creating a simple WCF REST service and consuming it from the above platforms is not a problem and works really well. What I am struggling to get my head around is authorization.The asp.net application uses the Membership provider to provide authentication and authorization and I'm comfortable in using that API from the REST service.
How do I secure my REST service so that the first call has to be to authenticate (passing the username and password) and following calls know who is 'logged in'. I'm guessing the authenticate method will have to pass back some sort of token to be used in subsequent calls identifying the caller. Is this secure enough as the whole site / service is over SSL?
View 2 Replies
Feb 28, 2011
We're writing an app that has a requirement for allowing/disallowing access based on user role.In a traditional .net app of course you set the security trimming attribute in the web.config and set the nodes in the web.sitemap file and you were set.
View 2 Replies
Aug 12, 2010
Where can I find a good tutorial on setting up roles and authorizing them? I'm using Windows Authentication for an intra-net based app and need to figure out how to grant the users access to the various pages.
View 5 Replies
Oct 21, 2010
I'm trying to use a custom Principal (with custom Identity) for security. This all works fine for logging in, out etc. I am now trying to limit access to unauthorised users within my code as follows:
[Code]....
Again, all is fine there. Except I need some more complicated rules, something along the lines of "Allow Admins. Allow Buyers, provided they have the correct department ID and are allowed to see this customer's credentials". All of that information exists within a database.
View 2 Replies
Mar 29, 2011
I am using ASP.NET MVC 3 and am trying to do something that should be really straight forward...
My application uses Forms authentication and that is working perfectly for controllers/actions. For example if I decorate either a controller or an action with the attribute below only members of the administrators group can view them:
[Authorize(Roles="Administrators")]
However I have a folder under the default Scripts folder called Admin. I only want members of the Administrators group to be able to access scripts within this directory so I created a new web.config in the directory with the following inside:
[code]....
However no matter whether a user is a member of the Administrators group or not they receive a 302 Found message and are then redirected to the login page.
If I change the web.config to allow user="*" then it works. It also works if I add an allow users="Username" for a specific user I am testing with.
View 1 Replies
Feb 23, 2010
I want to access membership and profile objects and wants to access profile properties that I have defined in my web app web.config file, from a windows service. I have used this code
foreach (MembershipUser user
in Membership.GetAllUsers())
{
ProfileCommon userProfile = profile.GetProfile(user.UserName);
}
But its giving the followin errors The type or namespace name "ProfileCommon" could not found (are you missing a using directive or an assembly reference?) The type or namespace name "MembershipUser" Could not found (are you missing a using directive or an assembly reference?)
View 6 Replies
Apr 28, 2010
I have an old website running fine in Classic ASP with large customer base registered onto the site. The current site allows users to have their own user name(unique) registered against an ID assigned to them. They can change the User name later as well provided it is still Unique in the database(Database is SQLServer2005).
The Problem: Now i want to move the website to .NET and want to use the .NET Membership. I know how to create the database structure in SQL Server through aspnet_regsql script but my problem is how should i import the existing username and passwords as the password stored in MembershipDB is Hashed (salt). Also i might want to allow admins to impersonate as users later.
View 5 Replies
Mar 1, 2010
Pls explain the Membership Roles in MVC ASP.NET 3.5
View 1 Replies
Jul 29, 2010
Lets say that I have a database set up with a load of info in it and I decide I want to add the membership and roles functionality to my site but my hosting provider makes me pay for each database I use. I don't want to pay for another db, so how do I set it up so that instread of creating membership and roles tables in the the aspnetdb database, it creates them in my existing database?
View 5 Replies
Jan 20, 2010
in my app i want to create two types of users. (1) 'staff' (2) 'admin'
i have a page called registration which basically creates a user. i used the asp.net configuration wizard to create roles and set access rights to certain pages and this works great.
however, if i was to deploy this app then users wouldnt have access to the asp.net wizard therefore not be able to create users with roles/access.
so how can i do this in code? can i create a drop down in the registration page with two values (staff and admin) which will represent roles and then another drop down with access rights? (allow/deny)
how can i now program these drop down and make it work like i would normally do using asp.net configuration wizard?
View 8 Replies
Feb 3, 2011
I need to enable/disable roles using membership. How is it done.
View 3 Replies
Feb 9, 2010
I am trying to load all the roles into my dropdownlist but I keep getting an error saying IDatasource is not listed, I have the following code:
Roles.datasource = Roles.GetAllRoles()
Roles.databind()
What Else do I have to do?
View 3 Replies
Aug 26, 2010
I'm trying to build a portal kind of an application in asp.net, in which one of the functionality is letting people log in and upload their documents. The upload page is only accessible to registered users of the portal.
Problem:
I would like to track the user uploaded files according to their userIds.
Is it possible to use the FileUpload Control and C# to fetch the current user id, create a directory with the same name(as that of userID) in the file system and upload the files( multiple file upload, if necessary) into it?
Also another admin page would have to be able to see the list of files uploaded by the specific user and download it if necessary.
View 9 Replies
Mar 20, 2010
have a project where there are main 3 types of users i have to block them from accessing other pages but without using roles or membership is there any other way to do the same?
View 3 Replies
May 7, 2010
Its very easy to add users to roles by using the in built controls. but how can add users through customized login controls?. i have tried using
//MembershipUser m = Membership.CreateUser(name, pass, null);
View 3 Replies
Sep 29, 2010
I am "DomainMyDomainUserName" If I do this:
[Code]....
I can access the website I've created on my local machine in debug mode; and with my domain account as a local administrator, if I do this:
[Code]....
I can still access the website; and with my domain account in a Domain Group named "DomainDomainLocalSecurityGroup", if I do this:
[Code]....
I can still access the website; HOWEVER, if I create a Local Group on my machine named "LocalMachineGroup" and I add "DomainMyDomainUserName" to this group and I do this:
[Code]....
I get an Access Denied error trying to access the website. What I want to do is, have a group on my local machine (for testing), on a test web server, and on a production web server named "MyWebsiteUserAccess" with the same Domain Group (filled with Domain Users allowed access to the site) in all of these local groups; so that when I test the web application on my local machine, on my test web server and on my production web server, I don't have to change the Web.config file to have it work on each AND if the Domain Group name ever has to change, it won't affect access to the website.
What am I overlooking or is this even possible to do this way? I understand that there is a way to do Role Management through ASP.NET but I don't understand that well enough yet to implement that (and will probably go that route once I've done the research on how to best implement it for purpose of access control of this intranet site).
View 2 Replies
Apr 18, 2010
I using control Membership and profile for change Your password. It is error when i login again.
View 2 Replies
Mar 26, 2010
I have developed an asp.net website. I Have Used Asp.Net membership provider.My Question is , I Have Three Roles , For Eg: Basic, Intermediate, Admin ...Now , i need to apply two roles for single page say basic and admin .... How can i do this ... Plz help me .... Thanx in advance ......
if (Roles.IsUserInRole("Admin") == false)
Server.Transfer("AccessDenied.aspx");
View 6 Replies
Aug 3, 2010
I have done the following: Added additional data to the profile table. However, the information is in a string. I am not sure how to extract the information using SQL so that I have the additional data separated. Additionally, I am not too sure how to call this information back into the webpage, once the customer log ins.
View 2 Replies
Mar 16, 2010
I want to create the roles,membership and user data on ISeries AS 400 rather then the one used in APP_Data.
View 4 Replies
Jun 18, 2010
Is it possible to have the same DB and web.config for both local development machine and the final production server(with forms authentication)? I'm asking this because if I change anything in the ASP.NET Configuration screen(should I use this at all?) I loose the ability to login. Don't know what to put in the <Membership><applicationName>, should it be /myapp-editor or just /, it's different since it runs on two different domains/servers(final server doesn't have an application dir, just root). How can I make sure that the user created on one server will be usable on the other machine?
View 3 Replies