Security :: Storing User Id Beside The User Name?
Jun 13, 2010
Moderator Note:Post split from this thread[http://forums.asp.net/t/1403132.aspx]
Q: Im a novice with ASP.net. I want to append a UserID to the Context.Identity.User.Name field.
Something like:
FormsAuthentication.RedirectFromLoginPage(UserName+UserID, false);
Where can I set this code while still using asp.net membership and the login control.
Is it possible to set this in an OnLogin or OnAuthenticate event handler.
Is there someway to see the "login control" code, that way I can just copy it but append my own value when setting the name.
View 2 Replies
Similar Messages:
Nov 25, 2010
When I first implemented forms authentication I consulted an article that told me to store the user's custom IPrincipal object in the cache. Is this wrong? Should I have stored it in the session?
View 1 Replies
Aug 30, 2010
how to handle html and scriptswhat . if I build my own CMS? Isn't it inevitable that I'll want to store html code, possibly scripts, and almost certainly apostrophes and special characters, and then display them again.
What's the best way to do this, since I wont want to display the encoded html, but the html itself.
Would it be to encode everything then when I want to actually display the html, decode it, but everywhere else, keep it encoded?
I'm just trying to think of all the scenario's that I could come across when I accept user input where I don't know what they could be typing in. What if I WANT the user to be able to display html? Is it possible to decode only some tags but leave all other tags encoded?
View 10 Replies
Jun 26, 2010
i am working in asp.net and csharp, we have 10 user, but certain user only need to put dataentry. how to enable and disable based on the user to access certain form ,like add, modify view options.
View 1 Replies
Aug 30, 2010
When a use is logged in (Through open-id) we are creating a session variable named "UID" and storing the unique user-id in it. Later we are checking the session to see if the user is logged in. I think this is not the right way, but I could not force the team to change this, as I cannot show how this implementation can be cracked. why (If yes) this implementation is bad?
View 3 Replies
Feb 24, 2011
I'm trying to allow logged user who are in department XYZ to perform some task for my third party App. I have two SQL tables named Users & UserList. The third party app (GoldMine) graps the USERNAME from the Users table and store it as UserID which I then referecnce SessionID. The UserList table has two columns (GM_UserName & Department) which I'm interested in. When a user login into the 3rd party app (GoldMine), i then compare the USERNAME (from Users table) to GM_UserName (from UserList table) and see whether GM_UserName is in = 'Dept XYZ'. Take a look at the SQL query below.
sqlDept = "SELECT USERNAME FROM Users LEFT JOIN UserList ON UserList.GM_UserName=Users.UserName WHERE UserList.Department ='Dept XYZ'"
I'm able to do this.
If Session("Userid") = "TestUser1" Or Session("UserID") = "TestUser2" Then Do this Else Do that End If
BUT unable to do this...
If user's Department = 'Department XYZ' Then
Do This
Else
Do that
End IF
View 2 Replies
Dec 23, 2010
I have implemented Forms authentication in an ASP.NET MVC 2 website
By using <%: Page.User.Identity.Name %> on the Site.Master page I can display the userid of the logged in user.
I would like to use this value and display other information about the user that is stored in a User table in a MsSQL database, like:
<%: GetFirstname(Page.User.Identity.Name) %>
View 2 Replies
Sep 7, 2010
I Have Question : Can I Edit Create User Wizard To Save Info To My Project Sql ? And Where Normal Create User Wizard Save Info Of Register?
View 5 Replies
Jan 7, 2011
I deployed a website where a logged user or an anonymous user can select data and download a XML file. The website generate the XML file in the server and then deliver it.
It works fine in my development environment, but after deployment, the anonymous user can download the file, but the logged user receive this error:
System.UnauthorizedAccessException: Access to the path 'd:HostsLocalUserheringerwebsiteUpload20110107094051.xml' is denied.
It is weird that as anonymous i can do it.
The website server help states this:
"Grant write, modify, delete access rights on website's folder
Your website executes under unique user account that by default has full control over the website's folder.
So your application can create, open, read, write and delete files and folders inside of your root folder.
There is no need and no way to change this permissions.
If, when running ASP.Net application, you still unable to create file or update it, you have to check your Web.Config file for "<Identity impersonate..." tag and remove it.
The only exception is when the application tries to modify a file or folder in "Application_Start" event of Global.asax file. This is by design that user authenticated only after the Application_Start even. Before the user is authenticated your website runs under an identity of Application Pool which is "Network services". That account doesn't have access to the folder of your website.
To make it work you eather have to move the code that tries to modify files or folders out of the "Application_Start" event of the Global.asax file or inside the event you'll need to impersonate your user by code."
But i am not using impersonate and the tag is not in my web.config.
View 2 Replies
Jul 25, 2010
I am createing user dynamially with the below code; string MyPassword = Membership.GeneratePassword(8,0).ToString(); Membership.CreateUser(TextBox7.Text, MyPassword, TextBox8.Text); but before I start creating, I would like to check if the user name is used before or not.
View 2 Replies
Mar 25, 2010
I facing a problem here. how can I make the create user wizard category all the new user become normal user role? I have created 2 role which is Manager and Normal User. Normal User can't view the Manager page. But after i create a new user account, i can view manager and normal user page. I want to make all the new member registration will be normal user role?
View 6 Replies
Mar 24, 2010
I have an extranet site (asp.net), we want that if an employee click on the link, it will automatically get them in. But if an external user does it, they will be redirected to a login page.
is it possible? how to know if a request come from internal user (employee) or external user (vendor).
View 2 Replies
Nov 10, 2010
Our application lets the administrator create new users. Since the administrator is logged in, I have set Logincreateduser = false so that the administrator is not logged out even after creating the new user.
The problem is :I need the userid of the newly created user to store additional details of the user in another database table. I see that i can get the username using Createuserwizard1.username; but how do I get the userID?
View 2 Replies
Aug 12, 2010
I have a custom membership user class and custom MembershipProvider working against database. Due to security reasons the user passwords are stored in the database as hashed values. So my procedure
public override bool ValidateUser(string username, string password) is
{
//select hashed password from db
return (EncodePassword(password) == dbpassword)
}
[code]....
View 4 Replies
Jun 4, 2010
i m developing an application in .NET mvc2. i m using aspnetMembershipProvider for User registration and related activities. i need some custom information about user that i stored in a separate table (sysUser for example) and linked it to aspnetUser table through foreign key. after Login i need to fetch user's credentials from sysUser table and push it to the session. For this Account controller's Logon method seemed best to me and i pasted following code in my Logon ActionResult
[Code]....
The code is working perfectly for me and put my desired information in the session but the thing is that if a user selects Remember me and on his next visit he won't have to Log in and i would not find my desired information in the Session. where should i put my code that stores the user information in the session.
View 1 Replies
Jan 15, 2011
I am building a RESTful service using WCF. I basically want to save information about a user when they authenticate to the WCF service. For example I want to save their first name, last name, account number , and password in order to access the information in other requests in the same session. Since this information is sensitive I can not store it in a cookie.
I don't want to use asp.net session state because I plan to run this WCF as a Windows Service. Is there something (class, Assembly) I can use that can save user information and retrieve it per request or do I have to create a custom solution that will create an entry in a database every time a client authenticates to the WCF service.
View 5 Replies
Feb 14, 2011
have a web in which there are different areas i have a 1 admin which manage all things like news, Events, Notices, Logs, Forums, Publications etc.........i want assign user rights that select user view only Noticesselect user view only Logsselect user view only Newsetc....
View 7 Replies
Jan 8, 2011
On our website users can sign up. The sign up controls (converted to a template) has the usual text boxes and then the create user button. When pressing this button the account is created. After reloading the website, the user can see his credentials in his 'my account' tab. Question: How can we access the newly created user (especially his userid) right after the create user button was clicked? Right now this does not work, we can only start accessing this after the page has been reloaded. But surely the account is created the instant the button was pressed. I have tried this:
MembershipUser myObject = Membership.GetUser();
UserID = (System.Guid)(myObject.ProviderUserKey);
But it looks as if the user is not yet logged in at this stage. Can this somehow be forced so that we can access the newly created userid right after the user has clicked the create user button?
View 2 Replies
Jan 6, 2011
I am using form authentication in my website. I have a scenario wherein the user is authenticated but the session has timed out. So, i would like to initialize some session variables in Session_Start of Global.asax (First i check if Request.IsAuthenticated=True). For that i required the name of the user who authenticated. On .aspx pages we can get it using Page.User.Identity.Name but how to get it in global.asax page.
View 1 Replies
Mar 4, 2010
Is there a simple way to just retrieve the user's name, and not the Domain name, when using this function:
string quizTaker = Page.User.Identity.Name.ToString();
Right now it returns "DOMAIN_NAMEUserName"
I would like to just use isolate and use the user's name, without the Domain name.
View 2 Replies
Jun 5, 2010
I used the Create User Control to make a new user.
Is there a similar tool (I did not see one) that allows the user to edit their own profile?
If not what is the best way to do it? I have created user tables in AWAT.
View 5 Replies
Mar 16, 2010
Im storing the user details in a session variable(session["userid"]) while login.
[Code]....
Im using the session variables in other forms ,there im checking the session variable using the following code.
[Code]....
In this form im having 'export to excel ' button.When i click this button session variable becomes empty and redirected to the login page.(Im having this problem in IE only but in FF it works fine).
View 2 Replies
Jul 28, 2010
I'm working with an asp.net application that stores most data in a database and not session. I'm wondering of the pros and cons of each and which is the better way to go. For example, you have a pretty busy site and instead of storing user specific variables in session, there is a DB table called user data and it can store all user specific data that can be accessed from any page by querying the database. Which is the better way to go, session or database?
View 4 Replies
May 14, 2010
I have created an ExtendedId class which extends GenericIdentity. (This stores Id as well as name)
In a httpmodule I stored this extended id in Current.User like so:
HttpContext.Current.User = new GenericPrincipal(myExtendedId, roles);
Problem is, later, how do I get at my ExtendedId type again?
If I try this:
ExtendedId eId = (ExtendedId)HttpContext.Current.User.Identity;
View 2 Replies
Jun 1, 2010
I would like a situation where there are three textbox available and this would give the user an opportunity to input a value in the textboxes. The value in the textboxes would then be stored in a database table(the table is already created in sql). Furthermore, the value would be able to be reterieved later on when the user presses another button. A sample code will help.
View 1 Replies
