Security :: Make Action Before LastActivityDate Changes?
Jun 1, 2010I need to make an action and verificetion before the LastActivityDate is changing.
What is the event that is fired before this value is changes?
I need to make an action and verificetion before the LastActivityDate is changing.
What is the event that is fired before this value is changes?
When a user logs in checking the Remember Me box, the LastActivityDate gets updates and Membership.GetNumberOfUsersOnline() includes them. If they return before the cookie expires, their LastActivityDAte is not updated. Then Membership.GetNumberOfUsersOnline() does include them.
View 1 RepliesWill MVC3 make possible to use IOC with Action Filters? Is this on the roadmap?
View 1 RepliesI am currently trying to make an html submit occur, but using the MVC helper method ActionLink as I do not want it to be a button, I want it to be an underlined link like the rest on my page. This is what I have currently
[Code]....
This jumps back to my action fine, but all the domains that are checked off to be deleted are not sent back. (if I use this,
[Code]....
it works fine so I know it's not something wrong with submitting or retrieving the check boxes)
When is the LastActivityDate supposed to be updated? When I click on any other pages in my web application as an authenticated user, the LastActivityDate does not get updated.
I would imagine it should be updated when a user clicks on any page, whether it be to do with membership (change password, GetUser(), etc) or not. But the examples that I have seen, seem only to update it on ValidateUser().
http://msdn.microsoft.com/en-us/library/system.web.security.membershipuser.lastactivitydate.aspx
Under Remarks, it says to do it under ValidateUser method.
When do you update the LastActivityDate? Just inside ValidateUser()?
Update: Clarified question.
In asp.net (using MVC, but this happens in regular too)
Profile.GetProfile(username);
will update the LastActivityDate for that user. This is not intended when someone else is viewing that user's profile.
In the membership class you can specify whether to update this date with a second param, like so:
Membership.GetUser(username, false); // doesn't update LastActivityDate
Membership.GetUser(username, true); // updates LastActivityDate
Is there anyway to do something similar in the Profile provider without writing my own provider?
I have a requirement to show a list of all users along with the Last Activity Date. The application is .Net based.
I found the MemberShip class provides the Last Activity date. However, this does not work when the MemberShip provider is ActiveDirectory Link to MSDN page because the ActiveDirectoryMemberShipUser does not implement the LastActivityDate property.
Is there any workaround or other way, I can get the LastActivityDate of the user in the application.
My requirement is that only the login page and the Register page should be accessible from anonymous users. I have created a new ASP.NET MVC project using the default template in VS2008. After that I have enabled security adding this section to the web config:
<authorization>
<deny users="?" />
</authorization>
Now the Register Action is not accessible anymore because of the security enabled. How I can do to disable security only for that Action?
I have a login page and a default page to be redirected to after login. when I clicked on thew logout button in the default page it correctly redirects to login page. But when I click the back button in the IE I can again see the protected default page( in mozilla everythng is OK, no problem but in IE this problem occurs).
Have I done something wrong. My code r below:
login page===========
protected void Login1_LoggedIn(object sender, EventArgs e)
{
if (Roles.IsUserInRole(Login1.UserName, "Members")) {
Response.Redirect("users/Member/default.aspx");
//Server.Transfer("users/Member/default.aspx",true);
}
}
===========
default page has a LoginStatus button( logout action: RedirectToLoginPage)
I'm implement Comet in Asp.net MVC, I used timer to keep Async request in server, Async request will complete when timer elapsed 1 minute and response to client (to avoid 404 error) and then reconnect to Async Controller. I also wanna execute some Synchronous action during Async request was holding, but the problem is: When an Async action was executed and hold by using timer, the Sync Action wasn't called until Async action (comet long-live request) completed. I did test with firefox 3.6 many times, but the result is the same, so strange, Do you know why ? I have a sub some questions : To implement comet, using timer (response after some minutes elapsed) or thread (response after several time sleeping thread) to hold async request, which is better?
View 1 RepliesI am desiging a master and details page from a search page..user can search for something and I need to display the result in jqgrid if the result has more than 1 row or record.. if the result is just one record then i have to directly send then to details page by skiping grid page... I do have an action method for results page and one more action method for Jqgrid data..i am trying to check the row count for the database result and trying to redirect to details action results..but its not working at all..and showing an empty jqgrid..
[Code]....
Lets say I have a simple controller for ASP.NET MVC I want to test. I want to test that a controller action (Foo, in this case) simply returns a link to another action (Bar, in this case).How would you test TestController.Foo? (either the first or second link)
My implementation has the same link twice. One passes the url throw ViewData[]. This seems more testable to me, as I can check the ViewData collection returned from Foo(). Even this way though, I don't know how to validate the url itself without making dependencies on routing.The controller:
public class TestController : Controller
{
public ActionResult Foo()[code].....
My httppost action doesnt seem to have received my model. The code is below;
[Code]....
i put a breakpoint on the line; return RedirectToAction("Error", "Dashboard"); and i found that appQualif carried no values whatsoever from the form i submitted..
I've been using Html.Action("ActionName", "ControllerName") to invoke child actions across controllers without needing to have the view in ViewsShared. This has been working great for displaying things like session or cookie information.
Instead of just accessing cookies, I would like to pass additional parameters to Html.Action("ActionName", "ControllerName") so the action can execute different code based on the the data passed to the original view.
Should I be using a different method to pass parameters to a child action in a different controller?
I'm trying to add file upload functionality to a page. I've got a form that posts the selected file to a controller with a 'savefile' method. But if I don't add a get version of 'savefile' I'll get a 404 error. Here is the form code which is presented on the Index page:
[Code]....
And here is the controller code:
[Code]....
Intuitively I don't think I should need a GET version of SaveFile but if omit it I get a 404 error when the form posts. Why should I need a GET version of SaveFile when all I want is to post a form and save the file?
Does any one know how to dynamically add ActionFilter to an Action?
View 3 Repliescan we make our own SSL or SSL macanism in SSL? Or please advice if there is any way that we can provide such security to web applicaiton without getting services from other companies ?
View 1 RepliesI have a controller with a bunch of actions as such:
[Code]....
I'm looking for a way to find out which action invoked the other: for instance, when redirecting to Action1, I need to know whether it is coming from clicking "next" button at Action0 or clicking "back" button at Action2. This is is to avoid performing Action1 twice (My app is like a wizard, if I click back button at Action2, I don't want to execute Action1 again).
I want to make my application XSS proof. It should able to resist all types of cross site scripting attack, javascript injection attack, attribute attack etc.
We are looking for very sound solution, not just Server.HTMlEncode(...).
Points:
1. All client side call should be enclosed in double quotes.We are really looking for strong remedation.
i am using membership to create users of all my apps. and in aspnet it is works fine. But i have an application in php but it must to use the same users of the other applications. I use Encryption AES to save the password on the DB (AspnetDB). ok, then the problem is, how can a i do to make that the PHP login read the pwd, the salt and make the password validation??? how alg i must to use? what kind of enconding i must to use?
View 1 Replies1-How to make Remeber me CheckBox or Save My Password Checkbox to save my login informationin the login page??2-How to Display The last Row I inserted in the DataBase?
View 8 RepliesI need to realize for administrator ability to block/unblock user. I do it by following way:
[Code]....
but if this user is already logged that these changes will be only during next login. I need to throw this user to login page in next his request. I have 2 way:
1. Add to verification to each request
2. remove his session
How can I realize second way? I try to do it:
[Code]....
We have an IIS/ASP web page from a vendor that we have just dropped onto a webserver within our company. The ASP pages do not come with any sort of authentication built in, so I am trying to configure the site to prompt for credentials before being accessible. I would like the site to prompt for the credentials in all cases (ie. I don't want Internet Explorer to pass through the credentials of the logged in user). I want authorization to this site to be allowed only to members of a certain security group with Active Directory.
Is there a way to do this? I'm not really an IIS guy, nor an ASP developer, so I'm kind of feeling my way through the dark here.
Based on some searching, I have tried adding the following to the web.config file:
[Code]....
I have also installed the IIS URL authorization role service, and have tried playing around with the authentication settings within IIS, to no avail.
I am using IIS7 on Server 2008.
Why does Application_AuthenticateRequest make so many round trips before actually loading a page. I've noticed that at times it will process the same logic 10 or more times before actually loading a single page?
I don't understand why this is happening, and it makes me worry about excessive & unnecessary performance loads.
I am using the ASP.NET default users database (Memebership) , I need two things Limit Users , I need to make limitation of creating new user , like maximum 10 users Same user name can't be used in other computer , and will signout or give error msg that somebody using same error without allowing user to login.
View 6 Replies