Security :: Redirecting Different Roles WITH Password?
Oct 7, 2010
Im trying to redirect different roles to different pages. Its working but the code I'm entering allows people through even with incorrect passwords. protected void Login1_Authenticate(object sender, AuthenticateEventArgs e)
I'm trying to redirect users upon login based on their roles which were defined in the Administer website feature of asp.net.Heres what I'm trying protected void Login1_LoggedIn(object sender, EventArgs e)
Currently I am storing my username and password (passwordFormat="SHA1") credientails in my web.config. I would like to figure out how to access them in an xml file that I have stored in my App_Data directory rather than the web.config file because I do not want my application restarting everytime I manually add a user (small list of 5 authorized users for the CMS section).
Newb question: what is the standard practice for assigning roles to newly signed-on members. Is it usually manual or is there a way of automatically assigning roles. Being completely new to this, I am confronted by the issue of my site having three different roles that new members could fall into, but am unsure about how to assign each a role. I can't imagine having to go through the process manually if I have thousands of members.
I am using Forms Authentication in a new ASP.NET 3.5 Application.I have created the Tables in my database and run the Web Site Administration Too.When I try to create a user I get a password error no matter what I throw at it and I am becoming sure of that this is a symptom of an a setup error and not a password problem.One of the things that I notice is that my aspnet_Applications is empty and I am not sure what is supposed to fill it.I have tried to delete all the aspnet tables and done the procedure again but with the same result.
I had been trying to solve this but there is a hidden key i wish someone point me to.
I had a simple membership database with users in first the Membership Provider configured for clear password to retrieve the original password .
Now a new requirement say that the password must be hashed and reset .
I configure the Membership password to hash , and Implemented the Reset Password Module.
My problem is as follow.
If the user is new registered user with the new configuration the password and the security answer is hashed.
also when I go and reset the password it continue to be hashed.
Now I thought that with new configuration if any previous user with clear text configuration , If he use the password Reset module , because my configuration now is hashed , I expected that the new password and security answer will be hashed . what happen is old user continue in clear text even if the configuration is hashed. so If I had new users everything is fine.
old users Membership Provider somehow know they had been stored in clear text and it keep change password and security answer in clear text . If I delete this user and create it , Membership Provider understand that everything will be hashed. I need to know how it know this , I need to migrate users not to delete and recreate users .
Also if there are no solution for that , I wish Microsoft Consider it in future cause it is a real user scenario, that can happen imagine a business system that related to membership user Id , deleting users and recreate them is not a solution .
I just begin creating a website for an organization. First page to be displayed in the login page. I dont have any knowledge in ASP.NET Security. On Login page, i want to display UserName field as disabled with the useralias of the user who currently logged into Windows. Password user has to provide and it should be that user's windows password.
How do i validate that password that user has entered is his windows password?
I am developing a shopping cart with asp.net and sqlexpress. I am using aspnet authentication components to create a backend page. I designed the site to let in only authorized users in.
Yesterday, I forget my password to login to backend and asked system recover my password. with recover password of the asp.net I was able to receive the temp password. I took that and logged in, of course asp.net forward me to password change component which I am having problem with.
Every time I change my password , password change shows that I was successfull but after clicking on the continiue button password change component comes back. I went to properties of password change component and entered the main default page as destination but it is not helping.
I close the IE clear the cache , even restart the machine. When I login always taking me to the password change page.
I would like to encrypt the password and store it in DB. And if user forgots the password and request for password i have to send him a dummy password to his mail id how can i implement this if any code available At the time of registration i have to encrypt or salt the password and save it to DB..
Am trying to open a .pps/.ppt file through my vb.net code.....due to secure reasons this file is password protected,
However i will not like the end user to put a password when accessing through my application.
Hence i want to pass a password as a parameter while open such a password protected file.
Here is my code.
Reference URL: http://support.microsoft.com/kb/303717/EN-US/ Dim oApp As Microsoft.Office.Interop.PowerPoint.Application Dim oPres As Microsoft.Office.Interop.PowerPoint.Presentation Dim objpresset As Microsoft.Office.Interop.PowerPoint.Presentations oPres = objpresset.Open(filename, Microsoft.Office.Core.MsoTriState.msoCTrue, Microsoft.Office.Core.MsoTriState.msoCTrue, Microsoft.Office.Core.MsoTriState.msoCTrue)
Where can i provide password while opening a ppt file...
I have a registration page I enter the details of the customers and redirect to another page for capturing photo and I come back to the registration page. ¬†I want to retain all the values i entered when i land on the registration page. ¬†
I'm using Form Authentication in my web application.In my application I have a lot of pop up windows that include form inside.when the form ticket expires the user is redireced to Login page.Also it happens inside a popup window. If user leaves the pop up open and come back after the ticket is expired, it redirects him to the Login inside that pop up.
I am trying to implement login functionality in asp.net 3.5 application. When i try to login as UserA in my application and it gives me an error
The resource cannot be found. Description: HTTP 404. The resource you are looking for (or one of its dependencies) could have been removed, had its name changed, or is temporarily unavailable. review the following URL and make sure that it is spelled correctly.
Requested URL: /default.aspx
I do not have any page in my application that is named default.aspx.
If i do not log out and just close the internet explorer with the top right close button and then run the application again then it shows UserA to be logged in and show the startup page of the application.
I have a directory structure root->admin-> admin operations admin page inherited from a ase page with principla security.demand role = "Admins" i am usinf forms authantication mode. i have also put a web.config file in admin folder, restricting other users. it is working normaly with siteroot/admin. I want to setup a mechanism to admin like siteroot/username/admin I can redirect to page admin but it gives security error, it should redirect to login page instead of if user did not sign in.
I created asp.net application on alumni information database.After logged in it redirects to page i wish but the problem is the page i am redirected is not holding the user logged information. it just simply showing as annonymus user.
Recently I start having customers that are not able to login into my site. I have used the same code for months and I can login and authenticate fine it is happening on some customers not all. That is why is so hard to recreate the problem.
What is happening the customer tries to login and get redirected back to loging page. In config file I have this
I can not think of some else, maybe cookies not able on client, or any other security issue, IE version.
I am using VWD 2010 on a windows 7 64 bit install. Using forms authentication I am not being redirected to the login page when not authenticated yet. Even if I start a new web site from template, clear out all cookies, I still go directly to default.aspx. The LoginView control displays the anonymous template verifing I am not authenticated.
configuration why redirection doesn't occur? Remember I am trying this with New Web site template with no mods so I don't think config issue is within application code.