Security :: Remove User From Role That Is No Longer Available?
Oct 14, 2010
Using tutorials and some examples of handling membership permission on our site, i have a page that was built using examples found in those pages.. Anyway, now that it is all setup and working ran into first issue.. If a role is setup with a space in the name like this ("Read Only") then you get an error when you try to add someone to that role. But if i change it to be ("ReadOnly") it works fine and no issues..
I'm trying to allow logged user who are in department XYZ to perform some task for my third party App. I have two SQL tables named Users & UserList. The third party app (GoldMine) graps the USERNAME from the Users table and store it as UserID which I then referecnce SessionID. The UserList table has two columns (GM_UserName & Department) which I'm interested in. When a user login into the 3rd party app (GoldMine), i then compare the USERNAME (from Users table) to GM_UserName (from UserList table) and see whether GM_UserName is in = 'Dept XYZ'. Take a look at the SQL query below.
sqlDept = "SELECT USERNAME FROM Users LEFT JOIN UserList ON UserList.GM_UserName=Users.UserName WHERE UserList.Department ='Dept XYZ'"
I'm able to do this.
If Session("Userid") = "TestUser1" Or Session("UserID") = "TestUser2" Then Do this Else Do that End If BUT unable to do this... If user's Department = 'Department XYZ' Then Do This Else Do that End IF
Is there any way that I can find the exact name of the role a User is in? There is a property for UserName ( User.Identity.Name) but what about the role?
I have a page setup to manage and create users.. in order to help the process of creation, i woudl like to add the new users to our default "users" role when they click the create button. Below is what is in place for the creation page and the button event tied to the button. I used this from a tutorial i found else where, but dont have the link at the moment if anyone needed it.. but the code below works great when creating a new user
I have a login form from the membership and I am trying to make it so that it would redirect depending on role. I have tried to put this code under login1_loggedin but it didn't seem to work. how can I do this?
This is my senario. I want user to login and if "LoggedIn" User has more than one role then it displays the list of radio buttons. After selection of the role user gets further privilages according to the role that he has selected.
I've a problem setting up the role. And user can change his role when ever he wants.
For Example "john" is the user having two roles "Account Manager" and "Project Manager".
i wanted to know how i could add a user to a role when they enter a page, i would like to create a page that when anyone goes onto that page, the code will add them to a role, lets say for example role "SpecialMember"
So when anyone enters that page, they will be added to the "SpecialMember" role, Does anyone know how to do this?
how i would go about loading a page if a user is a memeber of the site, but if they are not redirect to the login page.I have created a site with multiple pages, but only a select few of these pages need to be viewed by memebers only. Could someone help or guide me in the right direction to read up on how to do it
I am newbie, help. Please. I created a web app with two roles; one is for the regular members and one for the administrator. Now i need to know, please, how I can set up my web app to assign automatically the "members" role to regular users. I am open to suggestion; maybe this is can be done in other way.
I am using the ASP.NET membership system and I have found the ability to 'add user to role' programtically, but I am wondering if there is a way of changing a user role?
I don't simply want to add a user to another role and I can't seem to find the 'remove user from role' command.
I want to know how can i redirect a user to a different page when he tries to access a page restricted to another role?
The scenario is as follows:
I have a folder "Gestao" that only allows users in role "Administrator"
[Code]....
If an anonymous user tries to access that folder he is redirected to the login page, but if a logged in user whose role is "friend" tries to access this folder he is also redirected to the login page. I want to redirect him to a page showing a message that he has no permission to access that page/area.
How can I do that? Should i have code on the Page_load event of the login page checking the user role and then redirect him to the correct page? Or is there some otherway to do this?
In my website i am creating a custom FormsAuthentication ticket during log in. This ticket stores the userid but i also need to specify the role of the logged in user. How do i do it?
I'm not sure if this is possible or not, I'm using Roles to limit what pages a user can access based on there assigned Role. My question, is there anyway to redirect the user to a specific web page based on thier role after they login.
For example:
If Bob logs in with Role="Automotive", I want him to be redirected to Auto.aspx.If sue logs in with Role="Clothing", i want her to be redirected to cloths.aspx.
CreateUserWizard is creating dupicate user while assigning Role.How can we assign Role without duplicating user record? I've observed ApplicationID for assigning Role is Differenent than Creating New User, so when ever Role assigning comes in, it creates same user again with new UserID. Is it related to Web.Config in some way? As when I try to create user from "VisualStudio/Website/ASP.net Configuration"
i was hoping to build the user/role configuration utility into my website. I have posted before, and from what i have read, you need to create your own user/role membership utility in your website.but, i noticed in the
Microsoft.net directory C:WINDOWSMicrosoft.NETFrameworkv2.0.50727ASP.NETWebAdminFiles, that this is the entire interface for managing roles and users for a web site as long as you use standard asp.net security.is it possible to copy this site into my site to have a ready-to-go interface for user management without a user needing to have visual studio? It seems like it should be possible with minimal code changes, but I might be wrong. Im just looking for a shortcut.
I have a "UserDetail" table in my "JobPost.mdf". When I click the "delete" linkbutton, it can delete the all User info from my "UserDetail" table, it also delete the corresponding "aspnet_Users" & "aspnet_Membership",but the "UserInRole" still contain that UserName. Even though I specified the Code:Membership.DeleteUser(UserName, true);
I thought true is for bool deleteallrelated data, but it doesn't really delete the userInRole. So next time the user registers with the same name, it automatically get the "admin" role right. This "deleteUser" page I keep it inside a protected "admin"folder. How to solve it? Why Membership.DeleteUser(UserName, true) doesn't delete UserInRole?
protected void GridView2_RowCommand(object sender, GridViewCommandEventArgs e) { if (e.CommandName == "Delete") { string UserName = e.CommandArgument.ToString(); Membership.DeleteUser(UserName, true); JobPostDataContext db = new JobPostDataContext(); var query = from u in db.UserDetails where u.UserName == UserName select u; foreach (var item in query) { db.UserDetails.DeleteOnSubmit(item); } db.SubmitChanges(); FormsAuthentication.SignOut(); } } My web.config inside the protected Admin folder: <configuration xmlns="http://schemas.microsoft.com/.NetConfiguration/v2.0"> <system.web> <authorization> <allow roles="Administrators" /> <deny users="*" /> </authorization> </system.web> </configuration>
