I need regarding best practice for asp.net session management without using membership. I have design a login page which has two Text boxes and a Login Button. I need a again best practice which authenticate user and save user information in session. So in main page after login I want to check either session is expire or not. I need an complete example. Further more I am using ASP.NET 3.5.
View 5 Repliesi have deployed my website on a particular server. i have some limitations in using viewstate and session variables.
those pages in which i have used ViewState variables (for storing some information), i user accesses that page and does not do any activity for 5 minutes and if after 5 minutes he does any kind of activity (click on Link or button etc) then he receives following error:
"Validation of viewstate MAC failed. If this application is hosted by a Web Farm or cluster, ensure that configuration specifies the same validationKey and validation algorithm. AutoGenerate cannot be used in a cluster."
another problem is with session. My session expires just after 2-3 minutes. What should i do for maintaining session for long time? i can not use cookies, as if user has disabled the cookies then my website will not work...
I have been investigating the best way that I can secure my MVC application and restrict specific functionality from users. My first approach was using role management. I thought of expanding the membership database by writing an interface that would allow me to create groups of functionality i.e. 'manage customer' and then another table would hold 'activity' information for that group i.e. 'create', 'edit', 'transfer', etc. I would then create another table to link groups of functionality to specific roles and then assign my users to the roles. At first this seemed ok but I soon realised that I was a level of granularity missing. Not every user who is assigned to a specific role should have access to all of the functionality for a given group attached to a role, damn! I then thought that I could create another linking table that would hold 'access exceptions' i.e. this table would contain entries of a userid and activity id that a specific user was excluded from.
Does this approach make any sense? Is the creation of databases tables and an interface the best approach to this?
I want to deisgn a user memebership management interface which allows the Site Admin to:
View all the users and the role the are assigned. Also I want to have a Manage/Edit linkbutton which shows a Popup Modal, allowing the Admin to update the users details.
I come across [URL]. Are there any similar Open Source free components? Or tutorials which i can follow to achieve this?
I'm trying to convert existing user accounts ( MS Access and Classic ASP) to ASP.net membership user account. (I have imported to SQL server but lives in different table in the same database as aspnet membership)
--- Here is basic info of My userinfo table ---
-I have table contains user information. I would like to create .net membership user based on the data.
-Table contains about 30000 rows
-Table Name: customers
-Fields: netUserID (unique identifier generated by SQL server)- I need this to join my table with .net membership tables email_address(email address was used as userID as well as email),CreationDate password, etc
--- Here is what I would like to convert ---
-Customer.email_address = aspnet_Membership.Email
-Customer.email_address = aspnet_Users.UserName
-Customer.netUserID = aspnet_Users.UserID and aspnet_Membership.UserID
-Customer.password = ASP.net Membership.password
-Customer.creatationDate = aspnet_Membership.CreateDate
--- Here are questions ----
1. When I create a user from web site (web application), this is pretty much everything that you need to enter (email, username, password)
In order to create valid users for membership provider using SQL Server Management Studio, do I have to add more information ? or do they automatically generated by SQL server? ie. LoweredEmail, LoweredUserName etc
2. If I have to include every single fileds in Insert command, are there any SQL statement template to create valid user for membership provider?
3. I believe I will have a problem entering aspnet_Membership.UserID because it's unique identifier. Do I have to change data type temprary in order to insert UserID for aspnet_Users and aspnet_Membership?
4. What would be the best way to achive this?
How can I transfer the login session of a user into a Cookie that would expire in 12 hours? I have a problem with Internet Explorer where whenever the user closes the window it would log them out automatically (which is by default what it is supposed to do). I am using VB.NET
View 4 RepliesI am creating a interface for User Role Management based on built in membership provider.I want to display all the roles as check boxes for a selected user. I am able to display all the roles in the database, but not able to load the specific user roles. For example, I am able to publish role 1 role 2 role3 role 4 as check boxes. But if the user is already flagged as role 1 and role 3, I am not able to show that data (role1 and 3 should be checked when form loads, but right now, they are not checked)...How do I get the roles as checked boxes display on a page.I am using a repeater control to display roles as check boxes on the page..
<asp:Repeater ID="UsersRoleList" runat="server">
<ItemTemplate>
<asp:CheckBox runat="server" ID="RoleCheckBox" AutoPostBack="true" Text='<%# Container.DataItem %>'
[code]...
We currently have a public-facing .Net 4 application running with the default session timeout value of 20 mins. Are there any significant security risks with lengthening that to 60 mins or longer?
View 1 Repliesi want to upload picture throw FileUpload control and then store it in session, after store in session i want to read it out to image control and insert to database.
View 3 RepliesI want to reduce postback in one of my application page and use ajax instead. I used the WebMethod to do so.. I have a static WebMethod that needs to access the session variables and modify. and on the client side, i am calling this method using jQuery. I tried accessing the session as follows:
[WebMethod]
public static void TestWebMethod()
{
[code]...
The values are displayed correctly and seems to work.. but i would like to know if this practice is allowed as the method is a static methods and would like to know how it will behave if multiple people access the application.I would also like to know how developers do these kind of tasks in ASP if this is not the right method.
I wanna write a method to get or set session timeout at run time.
View 1 RepliesI have a DataTable which holds information on truck routes. When the user click on a route it display another table with details about the stop along that route. When they click a stop it shows what items were picked up at that stop. Three separate pages with 3 distinct DataTables. Currently I am storing them in the session. Normally, I would use the view state since the data only needs to live on that page. The reason I use the session is because each page is part of a Master pagelayout. There is an export button in the master page which gets the data in the session and exports it to an excel file. The issue is that when the user goes to the item level detail and uses a quick navigation link back to the route information the data for route is not reloaded into the session, just the page. If the user clicks export it will export the data set from the item level detail even though it is not displayed on the page
View 4 RepliesI'm trying to build a portal kind of an application in asp.net, in which one of the functionality is letting people log in and upload their documents. The upload page is only accessible to registered users of the portal.
Problem:
I would like to track the user uploaded files according to their userIds.
Is it possible to use the FileUpload Control and C# to fetch the current user id, create a directory with the same name(as that of userID) in the file system and upload the files( multiple file upload, if necessary) into it?
Also another admin page would have to be able to see the list of files uploaded by the specific user and download it if necessary.
I am using loginview control to manage membership loggled in data and anonymous data. But since I have to copy entire data to login view template. I think it is not perfect solution in case i just have few differences in all type of templates. I tried to use loginview whenever I actually need it. But it supports just after form declaration.
Also what if I need to have multiple loginviews. Is there any way to do this manually. I just dont like to copy entire design for each template and just like to manage identical changes.
I am currently working in an ASP.Net application where i need to implement ASP.Net Membership and Roles. I have used Login controls in my pages. Also I am using a menu in the master page, which is getting data bindings from database. For data bindings I am using XMLDatasource and a transform file (.xslt file). I need to bind the data to the Menu based on the user roles.
My issue is that the generated Menu is not behaving consistently. Sometimes it will show the correct menu for a particular role and some times it will show previously loaded data.Providing my code here:
masterpage.master.cs
private void LoadMenuItems() {
System.Security.Principal.IPrincipal User;
User = System.Web.HttpContext.Current.User;[code]....
We're creating a new consumer/public-facing ASP.Net web app. There are two concerns:
--Use cookie or cookieless forms authentication?
--If we decide not to use cookies at all, how would you store the data that would otherwise be stored in the cookie (Customer ID, AffiliateID, etc.). Does the ASP.Net authentication framework track something like CustomerID?
It's not explicitly written somewhere but I felt so after reading few blogs on ASP.NET MVC. Just got curious and thought of asking it here.
UPDATE: I'm not asking about memory/storage/RAM concerns on server. For them, there is a solution to store session out of process. I know that. I'm curious that, are there any scenarios where we had to use Session in WebForms but we can avoid it now in MVC taking benefit of the nice structured way offered by MVC?
in my application the default time out period for a session is 20 minutes. but i want to increase the sessiion time out period for a textbox.
View 4 RepliesI want to control the login user to access our system. I authenticated all of users by using my own way in project. and I want to limit the number of user to access the system cncurrently. It means , We sell our project to customer as Licence software. If user buy it for three users, we will allow three conurrent login user to access the system. Our system allow our customer to create their own users as they wish. We don't want to control the user creation to use the system. but But we want to control the total no of current login user at the server as per our licence agreement . After reading some article, I see there are two main ways to control the no of users.
One way is to use the membership property in my project and then can count the number of online users by executing Membership.GetNumberOfUsersOnline Method.
If I use membership property, I think it is not ok at my project. As my understanding, the system will control the user creation if we use the memebership provider. I am not really sure whether I can use membership provider property to get my system requirement or not.
[code]....
I using control Membership and profile for change Your password. It is error when i login again.
View 2 RepliesI have a business site that I want to use to show clients their projects I am working on. I don't want these projects to be visible to anyone but the clients, so I give them a user ID and password. I want to use asp.net membership to manage the login IDs and passwords, but I want to use jquery to submit the login form (it's lighter and leaner than the login control). Here is what I have: Page with an html form for login .js file with the jquery calls & code in it httpHandler to process the information from the formI have the user to entering their ID and password, I am using jquery.forms.js to process the form, which calls the httpHandler and passes the form values to the handler. I have the handler check to see if the user ID and password are correct, if not, it passes back a message to be displayed to the user. If the user is valid, then I have it passing back the role of the user, which also happens to be the name of the folder the client needs to view. I have the page redirecting via javascript to the client's folder once they are authenticated. I have the location of the client folder setup in my web.config.
The problem I'm having is the page just redirects back to the login page, with the return url included (?ReturnUrl=%2fCTS%2f2010+Design%2fLasmer%2findex.aspx). I want it to go to the client folder (Lasmer in this case) once the user has been authenticated. Shouldn't it send me to the folder's default page once it knows the user is authenticated? Do I have a problem in the way my web.config is wired up, and do I need anything in the client folder's web.config?Here is the code for the web.config:
[Code]....
Here is the code for the handler:
[Code]....
Here is the code for the .js file:
[Code]....
Here is the code for the page:
[Code]....
I am using manual Login using asp membership provider. which is working fine
Here is the code
[Code]....
1. Remember me check box
2. Exception handling incase account is locked or was the id and passwod incorrect how do i find that out.
I just like to know how can i create my own authentication(calling the ASP .net membership, role) page with the same function as the LOGIN Control. Your wondering, why not use the Login control instead. I have my own design and i don't know how to pattern my design to the built in Login Control. I tried editing the login template, but it's pretty hard to pattern it to my design.
This is my design
Basically what would like to know how the Login Control calls for the authentication, and when authenticated, it will pass the user(full name) to my LoginView Control without any coding. Or is it possible that I remove default login button in the LOGIN Control then create my own button and trigger the authentication or validation? But if you have other suggestion that can follow my design and call the authentication, i would be happy to know.
I'm curently developing web application which uses standard form authorization and, of course, server session objects (quite classic app). Now I'm developing client side component, which base functionality is to allow users to acquire tiif/jpg/pdf document from scanner (client side) and send it to server. Because of scan complexity and need for very user friendly interface i decided to implement Activex object (object written in .net 2.0). Until now all was ok, so I have got activex which succesfully registers and scan documents on client - but i cannot manage with sending files to server.
My concept of sending files was like that:
- preparing Upload.aspx web page wich is used for reciving files sended by POST method and saving files in database (of course to proper save in database i need some current user context information) - in ActiveX i decided to use System.Net.HttpWebRequest object to prepare and send data the problem was third point:
- i thought that in-proc activex object would "derive" web session form web page activex is placed on - but i was wrong (or i made it wrong). Whenever i send request form Activex, in response i got login.aspx page - so it looks that new session is created and new authorization is needed.
I was trying to pass to my Activex values stored in "ASP.Net_SessionId" and ".ASPXAUTH" cookies, as i found that these are the values identifying session and athorized user - but with no luck.
I think, that becaause HTTP is stateless protocol all information needed to "connect to/share" existing session on IIS server need to be included in request data, so there must be way to add these information to request sended from my activex.
I would be very grateful, if someone could provide me information what should i add (headres/cookies/etc... ?) to my request data so it could share session from "parent" web page.
Which is best option to store confidential information in a page?Control,Session,QueryString etc ... ?And also the performance also should be good ... ?
View 11 Replies