Security :: How To Configure Logging In To Membership Site
Jul 1, 2010
Im setting up a site with membership.
The db connection seems to work. I can create new users with the new user wizard control. And they show up in the databaser. But i cant log in. I use the log in control and just get "wrong password". I am sure i type the correct password as i made it very easy. here are my webconfig settings.
There is one thing i have no clue how to configure. The APPLICATION NAME. What is it? And what should i set it to?
I am developing a new website that is membership based with yearly subscriptions. Using VS2010/asp.net4/c#. I have my site up to the point where all my content is ready to go and i can add members to the database to access all the premium content.
However, I have no idea how to impliment a start date and expiration date for that membership. I have been following along with Wrox Beginning asp.net 4.0 from beginning to end and this isn't covered at all. I also have Apress Pro asp.net 4 as well and I cant find anything dealing with that in there either.
What I would love to be able to find is some book or tutorial that i can follow along with and learn from so that this doesn't happen again to me.
In short what I need to do is this.
1. Add new user to defined membership role
2. Apply start/end date to that user
3. When the end date has passed I need to reasign them to a new role and then redirect them to another page with a notification
4. I guess lastly some way to add/manage members as an admin on my deployed site. Durring development i was using the built in Web Site Admin Tool but I just found out that only works on my local machine.
I have a feeling this this will be a very simiple fix but because of my total lack of experience it has been driving me crazy for three days tyring to hunt down info.
I have the requirement to export all my users and custom profile properties to an excell spreadsheet but i can find a way to do it. I have found several exampls of how to export the Profile information eg(
I want to deploy a website in a computer where no webmatrix is installed. What are the requirement to run the website without webmatrix? And how do I configure IIS to run in startup with the site path?
I think my subject line explains my problem in a nutshell.. I have a login page, I login like I should and everything works.I logout and when I type/paste the address to the page, in the address field, I still reach it just like if I was still logged in..The page I type in the address field is in a subfolder, only suppose to be able to be reached by logged in users and in this folder,ith it's own web.config-file:
need to slightly tweak the functionality of the ASP.NET Membership provider to add custom logging functionality. Instead of creating a wrapper class around the methods I wish to modify, I was toying with the idea or creating a custom Membership Provider and override a few of the methods.All the examples I could find would show how to create it from scratch. I don't want to overwrite everything... just override a few methods. Can somebody point me in the right direction?I can simply inherit from SqlMembershipProvider and override the methods. However, how can I get at the connection string?
I have a application that connects to a remote sql server. I am able to create users and they are stored in the DB. Then I can go to the login page and login. But after a while, I am unable to log in and it just sits at the login page. The user is still in the DB
When a user logs in into my website I have a custom membership provider that overrides ValidateUser and verifies that the user has sufficient rights etc.
However, when implementing a 'remember me' function through the default forms authentication using RememberMeSet, I also want to validate a user on the first request.
Is there some hook I can attach to that triggers when a user logs in with their persistent cookie?
I'm debugging some unexpected behavior and while tracing in to the .NET framework I see a bunch of stuff like this:
if (Logging.On) { Logging.PrintInfo(Logging.Web, this, SR.GetString(SR.net_log_n_certs_after_filtering, filteredCerts.Count)); ... }
But (as expected by default) the execution steps right over these. Is there some way to turn on the logging? Or is that just something that the framework developers can do while making special builds of the framework?
Is there a way to use the ASP.NET Configuration to configure a site once it is hosted? Or can I manually enter data into the tables it creates? Anybody have any useful links on this?
I have created a login page which uses the Login control. If the user is not already registered they a redirected to another page to register. My client wants them to be logged in from when they register, and taken to the main page of the application.
How do I log a user in manually, without using the Login control? Am using forms authentication, and have the dbo.aspnet table and stored procedures already created.
Im building a web application that charges for access on a per user basis. Ive used standard roles and membership for setting up accounts and logging in. I want to ensure that a client cant use the same user details to login more than once
ie if user abc1 is already logged in, someone else cannot login again using the same credentials
FormsAuthentication.RedirectFromLoginPage(txtUser.Text, false); After doing this, the user is logged in with the txtUser.text
But the question now is, how do i retrieve that user name from Authentication or whatever on other pages? is it possible or not?
Because i know that person stays logged in untill he logs out with this code: FormsAuthentication.SignOut();
And one more question i dont know is this one good for this or not how do i better check if the person is typed in correct name and pasword or not, with executescalar or executereader?
I'm very new to asp.net and c#, I understand the basics but don't understand how to create a login system using C# to connect and login using a Microsoft Access Database.
I Am using the basic ASP.Net controls. This worked yesterday and I don't believe I changed anything but when I came back today I could not login due to an error "Invalid postback or callback argument" which really confused me because like i said, it worked yesterday. I researched and found a solution to fix that was to set
[Code]....
I did that and now can login again however can no longer logout. The controls are all on the masterpage as posted below
I have a login form from the membership and I am trying to make it so that it would redirect depending on role. I have tried to put this code under login1_loggedin but it didn't seem to work. how can I do this?
Is there something here messing up my login functionality? I can't log in. Before when I was logged in, I couldn't log out. It seems to have started when I clicked on "Remember me". Could there be something conflicting with web.config and the aspnetdb profile provider service setting that was initially set regarding profiles/roles/access?
I have a requirement to log all/most forms authentication transactions that take place within my page. For example, if someone is kicked out because of forms authentication, I'd like to get their username, time when kicked off, and where this happened. Is there a good way to do this. Better yet, has anyone done this already and is willing to share some code or post a link?
How can I prevent user to go back after logging out from any of the page of my website ? Even if the user press back button, redirected to the login.aspx page. Like we have seen in social or any other member ship sites.
I am trying to insert a string and random number into the database as hash sha1 then loggin in against it. the problem is if I use hash it wont login but if i dont use hash the login works fine... Code below.
insert hash into db Dim user As New Label user.Visible = False user.Text = (myDataReader2.Item("username")) MyConnection2.Close() Dim MyConnection3 As New Data.SqlClient.SqlConnection("Data Source=xxx") Dim mycommand3 As New Data.SqlClient.SqlCommand("Update Register SET [Password] = @password WHERE [username] = '" & user.Text & "' AND [email] = '" & email.Text & "'", MyConnection3) Dim pass As String Dim rnd As Integer, randomNum As New Random rnd = randomNum.Next(1000, 10000) pass = "Pass" & rnd mycommand3.Parameters.AddWithValue("@password", FormsAuthentication.HashPasswordForStoringInConfigFile(pass, "SHA1")) MyConnection3.Open() mycommand3.ExecuteNonQuery() login page Sub Application_AuthenticateRequest(ByVal sender As Object, ByVal e As EventArgs) ' Fires upon attempting to authenticate the use If Not (HttpContext.Current.User Is Nothing) Then If HttpContext.Current.User.Identity.IsAuthenticated Then If TypeOf HttpContext.Current.User.Identity Is FormsIdentity Then Dim fi As FormsIdentity = CType(HttpContext.Current.User.Identity, FormsIdentity) Dim fat As FormsAuthenticationTicket = fi.Ticket Dim astrRoles As String() = fat.UserData.Split("|"c) HttpContext.Current.User = New GenericPrincipal(fi, astrRoles) End If End If End If End Sub Protected Sub Button1_Click(ByVal sender As Object, ByVal e As System.EventArgs) Dim myConnection As New SqlClient.SqlConnection Dim myCommand As New SqlClient.SqlCommand Dim intUserCount As Integer Dim strSQL As String myConnection = New SqlClient.SqlConnection("Data Source=jrome2.db.4961680.hostedresource.com; Initial Catalog=jrome2; User ID=jrome2; Password=Richard050283;") strSQL = "SELECT COUNT(*) FROM Register " _ & "WHERE UserName='" & Replace(txtusername.Text, "'", "''") & "' " _ & "AND Password='" & Replace(txtpassword.Text, "'", "''") & "';" myCommand = New SqlClient.SqlCommand(strSQL, myConnection) myConnection.Open() intUserCount = myCommand.ExecuteScalar() myConnection.Close() 'Response.Write(intUserCount) If intUserCount > 0 Then FormsAuthentication.Initialize() Dim strRole As String = AssignRoles(txtusername.Text) 'The AddMinutes determines how long the user will be logged in after leaving 'the site if he doesn't log off. Dim fat As FormsAuthenticationTicket = New FormsAuthenticationTicket(1, _ txtusername.Text, DateTime.Now, _ DateTime.Now.AddMinutes(30), False, strRole, _ FormsAuthentication.FormsCookiePath) Response.Cookies.Add(New HttpCookie(FormsAuthentication.FormsCookieName, _ FormsAuthentication.Encrypt(fat))) Response.Redirect(FormsAuthentication.GetRedirectUrl(txtusername.Text, False)) Else login.Text = "Incorrect Log In Information" End If End Sub Private Function ValidateUser(ByVal strUsername As String, ByVal strPassword As String) _ As Boolean 'Return true if the username and password is valid, false if it isn't Return CBool(strUsername = " & Replace(txtusername.Text, " AndAlso strPassword = " & Replace(txtpassword.Text, ") End Function Private Function AssignRoles(ByVal strUsername As String) As String Dim myConnection As New SqlClient.SqlConnection Dim myCommand As New SqlClient.SqlCommand Dim intUserCount As Integer Dim strSQL As String myConnection = New SqlClient.SqlConnection("Data Source=jrome2.db.4961680.hostedresource.com; Initial Catalog=jrome2; User ID=jrome2; Password=Richard050283;") strSQL = "SELECT COUNT(*) FROM Register " _ & "WHERE UserName='" & Replace(txtusername.Text, "'", "''") & "' " _ & "AND Password='" & Replace(txtpassword.Text, "'", "''") & "';" myCommand = New SqlClient.SqlCommand(strSQL, myConnection) myConnection.Open() intUserCount = myCommand.ExecuteScalar() myConnection.Close() 'Response.Write(intUserCount) If intUserCount > 0 Then Return "client" Else Return String.Empty End If End Function Protected Sub LinkButton1_Click(ByVal sender As Object, ByVal e As System.EventArgs) txtusername.Text = String.Empty txtpassword.Text = String.Empty End Sub
I have a website built in ASP.net 3.5, using WinForms and AjaxToolKit. I have encountered a lost/corrupt session issue while using Internet Explorer 8.
1. Login, Redirect to Landing, Logout - WORKS AS EXPECTED 2. Login, redirect to Landing, Close Window, Open Window, Logged-in already - WORKS AS EXPECTED (remember me enabled by default in code)
1 IE8 Browser, 2 Tabs -------------------------------------- 1. Login, Redirect to Landing, Open new tab, paste Landing page URL, Landing renders. - WORKS AS EXPECTED - Logout from Tab 2, Tab 1 logs out after AJAX update. - WORKS AS EXPECTED - Login from Tab 1, Redirects to Landing, then Redirects back to Login page - ISSUE
[code]...
2. Close Window,Login,Redirect to Landing - WORKS AS EXPECTED
2 IE8 Browser, 1 Tab -------------------------------------- 1. Open 2 IE windows 2. In Window 1, Login, Redirect to Landing, then Redirects back to Login. - ISSUE - Window 2 Paste Landing page URL, Landing page renders - ISSUE, STRANGLY NOW WORKS
[code]...
This issue seems to only happen when I have multiple tabs open,or multiple rwssers open.Firefox and Chrome does not reproduce this issue and works as expected.How do I make sure the Cookie/Session is being handle correctly in IE8?
Here is my Login Auth:
[Code]...
Web.Config
[Code]...
Server 2008r2 Seesion State: Cooke Settings: Mode: Use Cookies;
