Security :: Sessionid Usage For Logged In User?
Dec 29, 2010
I have a user login panel(called loginPanel1) standart from visual studio login control. 2 textbox 1 login button.
textBox1=UserName
textBox2=password
loginbutton1
I have a simple database table for user records:
Userid: int 4 key unique
username: varchar 50 not null
pass: varchar 50 not null
On user click to login button i query usertable from mssql usertable. If password is match i create a sessionid to try the user is verified temporarily for page. (my method can be wrong i dont know good the session and membership login session carry in asp.page)
When user pass is correct i open session with following code.
SqlDataAdapter adaptor1 = new SqlDataAdapter("select * from userTable where userName='" + Login1.UserName+"'", sqlconnection1);
...
(cleared long code)
filling ds with adaptor here
..
loginbutton1 click event:[code]....
There can be methodoligcal mistakes.
My question related to above is: 1. I have a sessionid (for example i set timeout 1 hour ) with above check. When user want to post a comment to a journalentry. How can i query that sessionid that earlier login page created, and how to deal with that sessionid to logically belongs to that user. I mean i have a sessionid per logged user that is obtained with checking from sql database to verify the user. But at next page (comments.aspx), when user wanted to post a comment to a journal for example. What should i do about that sessionid in comments.aspx's page "post comment" button event to check if that user is logged in. My question or my method can be wrong for user authentication about logins. I could not much find another method that easy level to log a user and carry the information about user logged in.
2. should i carry that sessionid with url (if i could manage to carry the sessionid to next comments.aspx page), how will i use it to ask like "that id is obtained by username snoopy" is username snoopy has logged in because there is a sessionid about that.I mean how to use sessionid when a user logged in with earlier page login.aspx that wanted to post a comment in comments.aspx. explain to useage of sessionid for login check i would appreciate. I checked some topics, some of them uses loginPanel of visual studio's automatically created database without any code behind. Others deal too complicated for user login info carry between pages.
View 4 Replies
Similar Messages:
Dec 26, 2010
i want to generate the new sessionid in the same httpcontext once the user is successfully authenticated.so, how can i do that ? ( please dont ask why do you want it, i got such kind of requirement).
View 3 Replies
Mar 17, 2011
We are using membership provider for LDAP authentication. It is working as it should.
But what all configuration settings I have to do so that
all the future requests to this application run under the security context of the Logged in user account not through the some default user set in IIS.
We need to have this working because all the permissions on the database are based on the logged in user.
We are using form authentication for LDAP authentication. And having impersonation = true in web.config.
View 1 Replies
Jan 7, 2011
I deployed a website where a logged user or an anonymous user can select data and download a XML file. The website generate the XML file in the server and then deliver it.
It works fine in my development environment, but after deployment, the anonymous user can download the file, but the logged user receive this error:
System.UnauthorizedAccessException: Access to the path 'd:HostsLocalUserheringerwebsiteUpload20110107094051.xml' is denied.
It is weird that as anonymous i can do it.
The website server help states this:
"Grant write, modify, delete access rights on website's folder
Your website executes under unique user account that by default has full control over the website's folder.
So your application can create, open, read, write and delete files and folders inside of your root folder.
There is no need and no way to change this permissions.
If, when running ASP.Net application, you still unable to create file or update it, you have to check your Web.Config file for "<Identity impersonate..." tag and remove it.
The only exception is when the application tries to modify a file or folder in "Application_Start" event of Global.asax file. This is by design that user authenticated only after the Application_Start even. Before the user is authenticated your website runs under an identity of Application Pool which is "Network services". That account doesn't have access to the folder of your website.
To make it work you eather have to move the code that tries to modify files or folders out of the "Application_Start" event of the Global.asax file or inside the event you'll need to impersonate your user by code."
But i am not using impersonate and the tag is not in my web.config.
View 2 Replies
Sep 1, 2010
Our users are only only allowed to log into our site from one location at a time. If they attempt to login from a second location, how do I log them out of the first location?
View 1 Replies
Jun 9, 2010
I have been creating a website using the SQLMembershipProvider. I have been using an administration account to create the back-end system for generating the users fine for about 2 weeks. I now have more users created and I can log in fine. However, when I log in as the newly created users, they can get to the page they are after, but if they refresh the page or redirect to another page, they get redirected to the login page. I have checked permissions, iis recycler, session state and security setting in my web.config (posted below) but nothing has fixed it. It cannot be IIS because it does it on my development machine as well as on the actual webserver and it works fine for the admin user.
Ttype="System.Web.Configuration.ScriptingSectionGroup, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35">
<section name="scriptResourceHandler" type="System.Web.Configuration.ScriptingScriptResourceHandlerSection, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" requirePermission="false" allowDefinition="MachineToApplication"/>
[code]...
View 4 Replies
May 30, 2010
I have used membership provider to implement my system. The system administrator can list the users. What I want to do is, administrator should be able to sign-in as the selected user. I can sign out administrator by FormsAuthentication.Signout but how can I sign in as the selected user? Passwords are hashed so I can not retrieve the passwords.
View 3 Replies
May 21, 2010
I've successfully made a custom membership provider that connects, queries, and updates my custom Oracle database. I found a good sample on MSDN. I also found documentatio on the provider itself. However, I cannot find anywhere example calls you have to make for the different actions within the web pages themselves. Where can I find that?
For example
How do I check if a user is already logged in? What do I do when a user hits the login button? How does each page get the user that is logged in? etc.I am not using the asp login control. I have custom form, custom data, and custom graphics.
View 3 Replies
Apr 5, 2010
All I'm trying to do is pull the current user's login name from Active Directory. I've tried User.Identity.Name.ToString, which returned nothing at all. I tried Environment.UserName.ToString, Which returned "NETWORK SERVICE" which is not the firstname.lastname username that I was expecting.
View 3 Replies
Apr 14, 2010
I have one application for collection centres in the city in which ADMIN will have access to all pages in it.In which I have added functionality for admin to see Online users/offline users collection and there collection center name.How can i see the users online automatically when they will be logged in on application.Like we all see in google talk, yahoo messanger, etc like that onlyI also want to keep the option like whether to view only online user or offline users etc.I have tried the following code for getting the Ip address for the computer..But I am unable find how user should be shown as active
ip=Request.ServerVariables("HTTP_X_FORWARDED_FOR") ;
if (!string.IsNullOrEmpty(ip))
{
[code]...
View 8 Replies
Jul 19, 2010
If a user who is logged in wants to delete his own account, why does login status still show him loggedIn even when user has been actually deleted.What I want is when user deletes his account he should get logged out also at the same time ....How do i log him out ?
[Code]....
Line 25: Call deleteSelectedUser()Line 26: Line 27: If User.Identity.Name = LstBoxUserList.SelectedItem.Text ThenLine 28: FormsAuthentication.SignOut()Line 29: Call deleteSelectedUser()
View 5 Replies
Aug 21, 2010
I'm using the defualt membership provider, i created a table and used the gridview on the logged in user page to show his information such as address e-mail phone zip code etc,, how can i do this without writing a code?
View 6 Replies
Jan 13, 2010
i have a login form where it validates 'username' and 'password' against a datbase table. After a user logs in, i would like to show their details such as image, name, etc in a detailsview.
View 16 Replies
Nov 23, 2010
In my application, I have users request accounts, and then an admin goes in to approve or reject the account. When the admin approves the account, the create user wizard is used. After the user is created, I set the new user's role, and update a few other items in my database for user tracking, and send out an email to notify the new user of their account status. Here's the kicker: Once this new user is created, the admin, is now logged in as the new user. How is this happening? And how do I stop it? Here is my CreatedUser code, scrubbed of non-pertinent code.
[Code]....
View 1 Replies
Jul 2, 2010
My 3.5 app uses Forms Authentication. I create an authentication cookie (ticket) with an expiration date of one day. The cookie's IsPersistent is set to True. I do not use any session variables. Session timeout is the default 20 minutes.
Here's the problem:
When the session times out in 20 minutes, the user is redirected to the logon page even though the authentication cookie has not expired.
Why does this happen? I thought the session and the cookie were independent of each other.
View 3 Replies
Jun 8, 2010
am making a MyAccount page and want to display only the details of the logged in user and the previous Orders the logged in user made.
View 8 Replies
Mar 22, 2011
I new to ASP.net and have created the registration form and login using the wizzard. This data is now stored in the relevent tables provided by asp. I also have created an extra table with profile information like address, phone number etc and a USer ID field that links with the aspnet_users table.
I am trying to display the details of the user when they log in so for example...
User logs on, clicks profile page, profile information can be added and viewed.
Now the problem is I am using a Select statement to get the data but when I do a Where statement im not sure what to put to basically say where userid = current user id logged on.
View 5 Replies
Mar 16, 2010
a user loged in and he wants to delete his user. how do i make a delete query that refers to his userID how do i get the user id of the current logedin user?
View 4 Replies
Oct 11, 2010
We are using Profile.FirstName and Profile.LastName to get current user's firstname/last name. How do we get current user's email address?
View 2 Replies
Jun 4, 2010
My Windows Server 2008 server hosts an ASP.net application that uses impersonation. The application works as long as the user being impersonated remains logged on to the server. However, when the user logs off, clients can no longer view the web pages. They get a cryptic error instead. How can I configure the server to work without the impersonated user remaining logged on?
View 5 Replies
Mar 19, 2010
I want to capture when a user logs in and his username. I am using a login control inside a anonymous temp[late of a login view control. on the logedin event of the login I have this code:
Dim log As Login = CType(sender, Login)
If Not log.UserName = "bcweed@live.ca" Then
Dim mil As MailUtility = New MailUtility
mil.ClientLogin(log.UserName)
End If
but log.username is always empty and so is the page.user.identity.name and the page.user.identity.isauthenticated always returns false this even thouhgt this is the LogedIn event of the login and also I "just loged in" I really did.. is there a way to capture this is the global.asax?
View 4 Replies
Jan 27, 2011
Im using forms authentication on a site. I have a requirement where I have to log the username of the user that is currently logged into the computer. It is not a public site. It is an intranet site at work. I have tried several different methods but they all return the username of the user that is logged into the site. The methods I have tried are below. Note: I would perfer to log the username without the domain.
[Code]....
View 4 Replies
Jan 25, 2011
I wan't to link to the current logged in user with their userid, this is for the user menu. But I don't see why my code dosen't work.Code Behind:
[Code]....
Masterpage:
<asp:LoginView
ID="LoginView1"
runat="server">
<LoggedInTemplate>
<asp:HyperLink
ID="UserProfil"
Text="Profil"
runat="server">Profil</asp:HyperLink>
</LoggedInTemplate>
</asp:LoginView>
View 3 Replies
Nov 15, 2010
I need to do the following:
[Code]....
how do i write this?
View 6 Replies
Dec 8, 2010
I am trying to create a web application that shows a list of events for different users. I have 2 different user 'roles': admin and member.
Is there a way of getting the current logged in users role? i have tried:
[Code]....
But it doesnt seem to be catching the certain user types, it always shows all of the events.
View 4 Replies