I have read the post at http://forums.asp.net/t/1403132.aspx regarding login control. Is there a place to store the User logged-in ID (info) for later checking and use? I don't need to use the session object. I don't need the page to expire. I don't need the user to use a page saved in the favoites.
View 3 RepliesUsing visual studio 2010.
Dragged and dropped a login control onto a blank content page. Set up my web.config (i'll include the code for that at the end). It seems to want to use a sql database to store the info. I just want to use the web.config since it's just a single user and a simple site. I thought I could just drag and drop the login control to a page and that would be the end of it (besides setting up the web.config).
Here's what i have in the config file
[Code]....
I have the membership provider and the create user with tow steps, one of the steps contains a custom registration form, for each created user data will be in the database, and there is an account page shows the data that the new created user did insert during the registration process on the custom registration page,
the problem, when the user is created and logged into his account page, this account page shows only the information for the first created user, not the info on the logged in user , but the logged in user data still saved in database and not showing on his account page?
This is web.confg code:
<?xml version="1.0"?>
Is it possible to perform user management (store user info, login , logout etc) without using session or cookie?
View 3 RepliesI created a table(UserProfile) to store additional user info and create foreign key relationship btw UserId of UserProfile table & asp.net_Users table.
When i run the createuser page i have this error:
The INSERT statement conflicted with the FOREIGN KEY constraint "FK_User_Profile_aspnet_Users1".
"dbo.aspnet_Users", column 'UserId'.
The statement has been terminated.
When a user log into my asp.net site I use the following code:
FormsAuthentication.RedirectFromLoginPage(userid, false);
As I often need to use the userid I can then later get the userid by:
string userid = System.Web.HttpContext.Current.User.Identity.Name;
Now I also want to show the logged in username on each page and my questions is therefore where do I place the username best if I need to use it on every page. User.Identity.Name is already taken by the userid so I can't use that one. Another solution would be to get the username from the database on each page, but that seems like a bad solution.
I Have Question : Can I Edit Create User Wizard To Save Info To My Project Sql ? And Where Normal Create User Wizard Save Info Of Register?
View 5 RepliesWe are using membership provider for LDAP authentication. It is working as it should.
But what all configuration settings I have to do so that
all the future requests to this application run under the security context of the Logged in user account not through the some default user set in IIS.
We need to have this working because all the permissions on the database are based on the logged in user.
We are using form authentication for LDAP authentication. And having impersonation = true in web.config.
I deployed a website where a logged user or an anonymous user can select data and download a XML file. The website generate the XML file in the server and then deliver it.
It works fine in my development environment, but after deployment, the anonymous user can download the file, but the logged user receive this error:
System.UnauthorizedAccessException: Access to the path 'd:HostsLocalUserheringerwebsiteUpload20110107094051.xml' is denied.
It is weird that as anonymous i can do it.
The website server help states this:
"Grant write, modify, delete access rights on website's folder
Your website executes under unique user account that by default has full control over the website's folder.
So your application can create, open, read, write and delete files and folders inside of your root folder.
There is no need and no way to change this permissions.
If, when running ASP.Net application, you still unable to create file or update it, you have to check your Web.Config file for "<Identity impersonate..." tag and remove it.
The only exception is when the application tries to modify a file or folder in "Application_Start" event of Global.asax file. This is by design that user authenticated only after the Application_Start even. Before the user is authenticated your website runs under an identity of Application Pool which is "Network services". That account doesn't have access to the folder of your website.
To make it work you eather have to move the code that tries to modify files or folders out of the "Application_Start" event of the Global.asax file or inside the event you'll need to impersonate your user by code."
But i am not using impersonate and the tag is not in my web.config.
i want to create a arraylist which will able to store user info like (username,machineIP,port ) for each user in the list & retrive this data when needed . any one tell me how i can do it or any alternative way without database or xml file.
View 6 Repliesi am currently checking to see if the logged in person is an admin, by putting a check in the page_load function. (same thing to see if the person is logged in at all)
is there a better way to do this? or should i just go ahead and put my check on every single page?
im using forms authentication and created roles.
while the user enters the credentials im authenticating the user with username and password
now i also want to check the particular user whether he is that role.
eg:
if username,password are true and role is Admin i redirect him to Adminhome.aspx
else to empHome.aspx.
im able to chek username and password but im unable to detect the role.
[Code]....
In a web page,I can use the following code:
[Code]....
But that doens't work in a web user control. Am I missing a reference, or something?
Our users are only only allowed to log into our site from one location at a time. If they attempt to login from a second location, how do I log them out of the first location?
View 1 RepliesI have an ASP.NET application that needs to remember some info about a user (and what company they are from) across pages, within a session. I imagine this is a requirement of just about any ASP.NET application of a certain size. I've used a few different approaches over the years. In the past, I've passed around an id in querystring parameters like so: [URL] and then instantiated the object on each page (from the database). Another common way of doing it is storing my objects in session variables:
Session["User"] = currentUser; // store at login
User currentUser = (User)Session["User"]; // retrieve on some other page
which saves a trip to the DB, but I worry about memory used if the User object is complex and the site has many concurrent users. I have recently inherited an application that uses public properties on the master page, like this:
Master.theUser = currentUser; // store at login
User currentUser = Master.theUser; // retrieve on some other page
This saves the cast, and looks more readable to me I think, but I don't know if it's better or worse performance-wise. It also has some logic in the getter where if the private value is null, it tries to get it from the Session variable, though I'm not sure if that's never used (or used every get!?) or what. My latest idea is to use my page class. I have a custom page class derived from the standard System.Web.UI.Page base class. It includes objects like CurrentUser as public properties. This seems to work OK. I like it even better. But I really don't know what's going on under the covers. Can anyone give an opinion on which approach is better and why?
Update: I've done some checking use trace.axd and Trace.Write and it looks like neither the masterpage version nor the custom page class version "remember" the values between pages. The "get" methods have a line of code that checks if the User property is null, and if so, reads it from the session variable. This happens when a page accesses the property (Master.User or the derived class's this.User) for the first time on a given page, then subsequent requests can get the value (without going to the session variable). So thus far the best solution looks something like this:
public class MyPage : System.Web.UI.Page
{
private User user;
public User User
{
get
{
if (user == null)
{
user = (User)HttpContext.Current.Session["CurrentUser"]; //check if session[CurrentUser] is null here and log them out if so?
}
return user;
}
set
{
user = value;
HttpContext.Current.Session["CurrentUser"] = value;
}
}
}
Then on any webpage.aspx.cs, you can do something like this: UsernameTextBox.Text = User.FullName;
I am using the Login control on my login.aspx page to login to my /Members/Default.aspx page to display their current weight and their goal weight using the DetailsGrid. I have everything setup and I can log in and verify the user login name, but it only give one weight regardless of who logs in. Below is the SQL for the SQL Source on the DetailsGrid. I am new with this, Comparing the UserNames on aspnet_Users.UserName and memInfo.UserName should be able to extract that data, correct? Obviously I'm missing something. :)
SELECT memInfo.curWeight, memInfo.goalWeight FROM aspnet_Membership INNER JOIN aspnet_Users ON aspnet_Membership.UserId = aspnet_Users.UserId INNER JOIN memInfo ON aspnet_Membership.UserId = memInfo.UserId AND aspnet_Users.UserName = memInfo.UserName
Is there an easy way to select a specific user that is already logged in and bind all the users info to a detailsview for edit and saving back to the tables?The tabels were generated in AWAT of VS 2010
View 1 RepliesIf I'm correct the membership functionality separates account and user (profile) data in two tables. Why not one table? What's the design priciple behind this?
View 5 RepliesI have been creating a website using the SQLMembershipProvider. I have been using an administration account to create the back-end system for generating the users fine for about 2 weeks. I now have more users created and I can log in fine. However, when I log in as the newly created users, they can get to the page they are after, but if they refresh the page or redirect to another page, they get redirected to the login page. I have checked permissions, iis recycler, session state and security setting in my web.config (posted below) but nothing has fixed it. It cannot be IIS because it does it on my development machine as well as on the actual webserver and it works fine for the admin user.
Ttype="System.Web.Configuration.ScriptingSectionGroup, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35">
<section name="scriptResourceHandler" type="System.Web.Configuration.ScriptingScriptResourceHandlerSection, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" requirePermission="false" allowDefinition="MachineToApplication"/>
[code]...
I have used membership provider to implement my system. The system administrator can list the users. What I want to do is, administrator should be able to sign-in as the selected user. I can sign out administrator by FormsAuthentication.Signout but how can I sign in as the selected user? Passwords are hashed so I can not retrieve the passwords.
View 3 RepliesI've successfully made a custom membership provider that connects, queries, and updates my custom Oracle database. I found a good sample on MSDN. I also found documentatio on the provider itself. However, I cannot find anywhere example calls you have to make for the different actions within the web pages themselves. Where can I find that?
For example
How do I check if a user is already logged in? What do I do when a user hits the login button? How does each page get the user that is logged in? etc.I am not using the asp login control. I have custom form, custom data, and custom graphics.
All I'm trying to do is pull the current user's login name from Active Directory. I've tried User.Identity.Name.ToString, which returned nothing at all. I tried Environment.UserName.ToString, Which returned "NETWORK SERVICE" which is not the firstname.lastname username that I was expecting.
View 3 RepliesI have one application for collection centres in the city in which ADMIN will have access to all pages in it.In which I have added functionality for admin to see Online users/offline users collection and there collection center name.How can i see the users online automatically when they will be logged in on application.Like we all see in google talk, yahoo messanger, etc like that onlyI also want to keep the option like whether to view only online user or offline users etc.I have tried the following code for getting the Ip address for the computer..But I am unable find how user should be shown as active
ip=Request.ServerVariables("HTTP_X_FORWARDED_FOR") ;
if (!string.IsNullOrEmpty(ip))
{
[code]...
If a user who is logged in wants to delete his own account, why does login status still show him loggedIn even when user has been actually deleted.What I want is when user deletes his account he should get logged out also at the same time ....How do i log him out ?
[Code]....
Line 25: Call deleteSelectedUser()Line 26: Line 27: If User.Identity.Name = LstBoxUserList.SelectedItem.Text ThenLine 28: FormsAuthentication.SignOut()Line 29: Call deleteSelectedUser()
I'm using the defualt membership provider, i created a table and used the gridview on the logged in user page to show his information such as address e-mail phone zip code etc,, how can i do this without writing a code?
View 6 Replies