Security :: Migrate Existing Users / Trying To Use GetPassword()?
Dec 9, 2010
I need to migrate existing users, I will be creating the users account and setting a dummy password for the first time login... My problem is that by doing this they will not have their security question and answer filled in... I am trying to create a page that will force the user to set up their question and answer at first long ... The problem that I am having is when i try to get the password i get the following error..
here is the code that I am using:
[Code]....
[Code]....
View 9 Replies
Similar Messages:
Feb 19, 2010
How do I migrate users from a existing users table to Forms Authentication?
There seems to be three options:
T-SQL - Iterate through the existing users table and insert into Forms Authentication tables using the stored procedure aspnet_Membership_CreateUser Code - create a utility that will iterate through the existing users table and insert into Forms Authentication tables using Membership.CreateUser() Code - as users login verify credentials against existing users table and insert into Forms Authentication tables using Membership.CreateUser()
Which is the most practical?
I have been currently trying option 1 but I am running into difficulties using the password salt to create the encrypted password from a plain text password
View 3 Replies
Jun 10, 2010
I am newbie to asp.net.I want to create roles for the existing users in my database. I dont want to use the membership provider database n roles provided with it.(i don't want to use aspnet.mdf at all)
I am create roles for my existing users n assign i wanted to assign the particular roles to a particular assign.
View 2 Replies
Jul 13, 2010
I am creating a Web Application in asp.net 2.0 and sql server 2005.I want to use an existing database.
I have created a login and a signup page. Then i replace the new SQL database (the one that is created automaticly by the visual studio) with the exiting database I have.If I create a new user, the new user goes to the database and I can login with the new user. I cannot login with the existing users.If I go to the asp.net configuration, I only can see the new users I have created, I cannot see the users that were in the database already and I can't see the roles also.
I can I make the new application to recognize the users and roles of the existing database?
View 9 Replies
Feb 5, 2011
we have a web site (Web Site 1) which is presently working and authenticates the users using ASP.Net login control.
We have a new site (Web Site 2) which will have a web page with user name and password fields and these values will be posted to Web Site 1. I am trying to authenticate those user credentials on Web Site1 using
Membership.ValidateUser(UserName, Password); method. but i am keep getting "User AuthenticatedObject reference not set to an instance of an object. " exception.
View 4 Replies
Apr 20, 2010
building a site and the client wants an admin page, so that he can login and change passwords, delete users or create users.I have 3 subs, one for creating, one for deleting and one for changing passwords. The create user works fine. The delete user works fine but on the changing password is where I have the trouble. Here is the code:
[Code]....
View 5 Replies
Mar 9, 2011
I'm creating a new middle tier where all of our client calls will go through a WCF service. We're using ASP.NET membership with the service in order to authenticate users. The middle tier will be hitting an existing database in which we already have an InetUsers table containing usernames and passwords.This is where it starts to get messy. This new middle tier will be used by our web application, but not by our existing desktop application, which will - until we rewrite it at some point in the future - be using the old COM+ middle tier. Administration of the users for the web application takes place in the desktop application. In other words, users will be created and passwords set and changed from within the desktop application, which in turn hits the already existing InetUsers table.Ideally, what will happen is when we deploy the new middle tier, we'll take all of the users from the InetUsers table and create records for them in aspnet_Users and aspnet_Membership. Then we'll set a trigger on the InetUsers table to keep aspnet_Users and aspnet_Membership up-to-date.There's a whole bunch of questions wrapped up in this, so I'll try and list them all out here:Is this the right approach? Obviously having this data in two places isn't ideal, but bear in mind here that I'm not the final decision maker here and we're kinda stuck with some legacy stuff here, at least for now. Still - maybe there's a better way.In the same vein - would we be better off coding our own membership provider rather than using the SqlMembershipProvider? How difficult/easy is it to do so?If we use this approach, I plan on using the aspnet_Membership_XXXX stored procedures for the initial population of the tables as well as in the triggers. Having done some research into this, it appears that if I want to call aspnet_Membership_CreateUser directly from SQL (ie in a trigger...) rather than using the API, I have to store clear text passwords since I can't get the salt and the hash right otherwise. Is this true?Does any of this even make sense or am I going about this the wrong way to begin with?
View 2 Replies
Sep 9, 2010
I had been trying to solve this but there is a hidden key i wish someone point me to.
I had a simple membership database with users in first the Membership Provider configured for clear password to retrieve the original password .
Now a new requirement say that the password must be hashed and reset .
I configure the Membership password to hash , and Implemented the Reset Password Module.
My problem is as follow.
If the user is new registered user with the new configuration the password and the security answer is hashed.
also when I go and reset the password it continue to be hashed.
Now I thought that with new configuration if any previous user with clear text configuration , If he use the password Reset module , because my configuration now is hashed , I expected that the new password and security answer will be hashed . what happen is old user continue in clear text even if the configuration is hashed. so If I had new users everything is fine.
old users Membership Provider somehow know they had been stored in clear text and it keep change password and security answer in clear text . If I delete this user and create it , Membership Provider understand that everything will be hashed. I need to know how it know this , I need to migrate users not to delete and recreate users .
Also if there are no solution for that , I wish Microsoft Consider it in future cause it is a real user scenario, that can happen imagine a business system that related to membership user Id , deleting users and recreate them is not a solution .
View 1 Replies
Aug 2, 2010
how to migrate an existing database from a specific application to a new Ms Access based application(database)?
View 4 Replies
Dec 13, 2010
What is the best way to invite users to an existing event? We'd like to do the following:
create an event, make it public while on our (external) website give the user a dialog (fb:multi-friend-selector) to select their friends to invite to the event
It's established the new Graph API can't be used (http://bugs.developers.facebook.net/show_bug.cgi?id=10070), but the documentation for the REST API (http://developers.facebook.com/docs/reference/rest/events.invite) implies that it's not possible to invite users to existing events.
provide any clarity on this I'd be grateful - reading the vague and contradictory facebook documentation is getting me nowhere.
Specifically, who/where/how should the event be created? - and how can I then invite users to that event from an external website?
View 1 Replies
Aug 26, 2010
Allow Admin Users to Access Basic Users Accounts?
View 4 Replies
Dec 6, 2010
[Code]....
after successful creation of 3 users on my web site now cannot create users
View 9 Replies
Dec 1, 2010
We are converting an ASP site (using DotNetNuke) to a new PHP site. The only thing we have right now is a full export of the existing database. One of the tables is called "aspnet_Membership" and contains the following fields:
Password (looks like base64)
PasswordFormat (always value 2)
PasswordSalt (looks like base64)
PasswordQuestion (always empty)
PasswordAnswer (always empty)
We would like to decode these passwords and hash them to fit our own framework. From what I understand from the .NET documentation these kind of passwords can be decrypted. Is there an algorithm available that can do this or is it more complicated than that? Will it be possible if we create an ASP script on the current server?
View 2 Replies
Oct 12, 2010
We have implemented the ASP membership and roles..and we would like to display the users currently logged in and also display the number of users online so we can display that on the page. The list of users woudl only be available to our admins. BUt the number of users will show for everyone.
View 9 Replies
Aug 4, 2010
I just realized after i created a test account i was not in any roles. Is there a way to automically add new users into the role Users? Have i missed this some where?
View 8 Replies
Oct 20, 2010
I find that the password can only retrieved by method GetPassword() in asp.net2.0 Membership.In fact, we can get the password when we get the user infomation from database and set it as a property of user(object of MemberhsipUser) just as user.Email, user.UserName, etc.
It's clear that adopting the second resolution(property) can reduce one trip between server and database and more convenient. But why Microsoft don't do like this? For secruity reason? Then why is it less secure to set the password as property?
View 2 Replies
Jun 23, 2010
i used security in login page which restricts all users who have not logged in to all pages. I need to restrict specific users to specific pages. I'm not using AspSqlService provider. So i cannot create roles and restrict automatically. And the pictures i use in login page are not visible @ runtime.
View 1 Replies
Mar 22, 2011
Working on my first asp.net webpage. i have followed video tutorials and implemented asp.net membership for login/security.Using Visual Studio 2010 i can open the Asp.net configuration page for management locally.But then if I want my site admin to manage users/security online, how is this done? Like manage through a web browser. I guess this asp.net configuration GUI is not available on the internet?
View 4 Replies
Feb 9, 2011
We have asp.net configuration tool to manage user's permission and role for our offline website,
it is working very fine.
Now, I have uploaded my website and aspnetdb.mdf
now i want to manage users and it security and roles online.
How can i have asp.net Configuration tool
View 2 Replies
Mar 25, 2010
I have a (internet) web site with the below web.config (everything works fine). How would I alter this to include an applicationName attribute. I wish to eventually have multiple web sites using the same ASPNETDB database.
<?xml version="1.0"?>
<configuration xmlns="http://schemas.microsoft.com/.NetConfiguration/v2.0">
<connectionStrings>
<clear/>
<add name="LocalSQLServer" connectionString="Server=myserver.com; Database=MyDB; Uid=MyUser; Pwd=MyPassword; Trusted_Connection=False;" providerName="System.Data.SqlClient"/>
</connectionStrings>
<system.web>
<customErrors mode="Off" defaultRedirect="~/Error.aspx"/>
<roleManager enabled="true"/>
<authentication mode="Forms"/>
<compilation debug="false"/>
<pages theme="Standard"/>
</system.web>
</configuration>
View 6 Replies
Jan 12, 2010
I have a web page where I am denying anonymous users from accessing. In the web site I have a folder called FileManager. In the web app the usres have the ability to uploaded files and when they do a folder gets created under the filmanger and the files are saved. I have created a web.config in this folder that denies anonymous users. The problem is if the user knows the directory structure they can type in the url of the site add /FilManager/x/x/NameOfFile, where x are the sub directories. If the file is an image it shows the image in ie, if it is a .xls or .doc or what ever they get the prompt to either download or save the file. What am I doing wrong. Will the web.config file not stop an anonymous user from access files? I put a webpage in the folder and it is blocked and the user gets sent to the login screen, but files seem to be unsecured.
How do I block anonymous users from being able to access the files in this folder?
View 4 Replies
Jul 2, 2010
I don't know if the following is possible or not but in brief, here is what I'm trying to achieve:
1. When a user requests to view a document, they click on a link (could be other) which contains an encrypted query string containing data required to retrieve the relevant document. i.e.[URL]
2. I want to ensure that if after x minutes the user goes back to their history and select the link again or re-type the same url as above that it will not request the document and redirect them to a page letting them know that the requested document "link" is no longer valid.
I don't want to rely on cookies or sessions, so thought that maybe there would be a way to add a datetime token at the end of the existing url but this needs to be done at run-time as the url is already predefined when the link is created, so I'm not sure how can I do this?
ideally, I'd like something like this [URL] where the token would contain the date & time when the link was clicked.
Once re-requested, I would decrypt the token and validate it again the server time and if it was over the x minutes defined, it would redirect me to the "link is no longer valid" page.
View 2 Replies
Mar 6, 2010
I have DB (my.mdf ) with already created membership (aspnet_db tables). There are defined roles and users.
I would like to integrate it in my project.
I dropped *.mdf into App_Data folder. When I open app.net configuration (under menu Project) I can't see neither User nor Roles.
What step am I missing?
View 2 Replies
Jun 12, 2010
Is it possible to send the existing password from a user in stead of a new password ?
For example : Membership.GetUser("USERNAME").password
View 6 Replies
Mar 6, 2010
I have an existing application that has 50+ html pages and 20+ aspx pages. The website is running smoothly.
Now the client came up with a new requirement, he says he wants a single sign on functionality(login based) in the website.
few htmls to be open for anomymus users few htmls need compulsory login few aspx open for anonymus users few aspx need compulsory login
What will be the simplest ways to do this in the above existing website.
View 3 Replies
