Security :: Use A Different Table In Membership Login?
Apr 15, 2010
How this line if (usrInfo! = null) add another variable that will be used to login.
This line (usrInfo! = null) works, but I have a database table "confirm". If I change in the Admin to "true", the user successfully logged on. If the base table "confirm" set to "false", the user will not be logged.
The following code works if (null! = & usrInfo & usrInfo. IsApproved), but instead of ' IsApproved ', I want to use table "confirm".
I've set up a system with forms based authentication and using the asp:Login control. When I put in an invalid password I get the approriate invalid password message. However when I put in a valid password, it does nothing...just returns to the login page again. I'm triple checked the login info. There is no error message, and the invalid attempts counter doesn't increment. When I put a break point in the Login_LoggedIn event of the Login form, it hits it, but User.Identity.IsAuthenticated is false. I'm not 100% sure it should be true at this point, as I'm pretty new to .NET but it seems kind of odd.
My user database is stored in a sqlserver 2005 db that already existed. I've added a new connection for it.In the authorization I have
I am using membership api in my project.I have customized all the controls.Now i want that user can login on only one machine from same username and password at the same time.If user is trying to login on any machine at that time if he is logged in from another machine.They should get message.They should not be able to log in using same username and password on same time on different machine.
I have a site in which I'm intending to use multiple membership providers. I'm using my own custom membership provider to provide access to several data stores depending on the section in which the user's information resides.
The actual login functions correctly using the built-in ASP.NET Login component in which I've manually specified the membership provider it should validate against. When I run a trace on it's actions, I can see that it attempts the 'validateuser' against the correct data store and continues to redirect the user to their applicable section.
The problem is that once they are logged in and the site (or I) call 'GetUser' to get the users information or permissions, the membership provider reverts to the site's default provider.
In my custom membership provider I'm only overriding the methods for GetUser and Validate user which is working perfectly fine for a singular membership provider, but not when using a different provider.
How can I ensure that the correct membership provider is retained with the user's membership details? Is there a method that I need to override/append in order to achieve what I'm looking for?
I have a web app that uses the Membership Provider to authenticate users.Everything worked fine until today... when I tryed to log in it failed. I looked in the database if something went wrong there and the user is deleted but everything looks fine there.I tryed to recover the password using the user name and i got an error that the user is not recognized.I tyed to recover the password (even though I am sure what the password is) but still no luck... (I get an error that hased passwords can not be decrypted)I triyed it in local host and guess what ... still the same... this is the provider section in my web config
we use forms authentication for a community website with about 200k users with a simple login like this:
Private Sub btnLogIn_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles btnLogIn.Click If CheckPassword(txtEmail.Text, txtPassword.Text) FormsAuthentication.RedirectFromLoginPage(txtEmail.Text, chkRememberMe.Checked) End If End Sub
which checkPassword reads from a MS SQL users table. it has worked without major problems for 3 years but we need to store the login date of users in a table, both when they login explicitly and when they had selected "remember me" and come back (we store login once per session)
since we have a complicated profile system and database it will be practically impossible to switch to membership API. last time I was told we could user an auditing system to do that but I have no idea how to do that.
I am currently working in an ASP.Net application where i need to implement ASP.Net Membership and Roles. I have used Login controls in my pages. Also I am using a menu in the master page, which is getting data bindings from database. For data bindings I am using XMLDatasource and a transform file (.xslt file). I need to bind the data to the Menu based on the user roles.
My issue is that the generated Menu is not behaving consistently. Sometimes it will show the correct menu for a particular role and some times it will show previously loaded data.Providing my code here:
masterpage.master.cs private void LoadMenuItems() { System.Security.Principal.IPrincipal User; User = System.Web.HttpContext.Current.User;[code]....
I have an Employee class in my App_Code folder. On my login page I am trying to create an Employee using the asp.net username as a parameter in my Employee constructor.
I have tried creating the employee in the page load event when it is a post back. I have tried doing it in the Login1_LoggedIn event. For some reason I cannot pull the username in either one of these places, but if I redirect after logging in and do the same thing on another page, it works.
I have a business site that I want to use to show clients their projects I am working on. I don't want these projects to be visible to anyone but the clients, so I give them a user ID and password. I want to use asp.net membership to manage the login IDs and passwords, but I want to use jquery to submit the login form (it's lighter and leaner than the login control). Here is what I have: Page with an html form for login .js file with the jquery calls & code in it httpHandler to process the information from the formI have the user to entering their ID and password, I am using jquery.forms.js to process the form, which calls the httpHandler and passes the form values to the handler. I have the handler check to see if the user ID and password are correct, if not, it passes back a message to be displayed to the user. If the user is valid, then I have it passing back the role of the user, which also happens to be the name of the folder the client needs to view. I have the page redirecting via javascript to the client's folder once they are authenticated. I have the location of the client folder setup in my web.config.
The problem I'm having is the page just redirects back to the login page, with the return url included (?ReturnUrl=%2fCTS%2f2010+Design%2fLasmer%2findex.aspx). I want it to go to the client folder (Lasmer in this case) once the user has been authenticated. Shouldn't it send me to the folder's default page once it knows the user is authenticated? Do I have a problem in the way my web.config is wired up, and do I need anything in the client folder's web.config?Here is the code for the web.config:
I am working on implementing a custom membership provider that works against an existing schema in my database and have a few thoughts/question.The login control will automatically call the ValidateUser method of the membership provider, so no matter how I implement the provider the only thing the login control cares about the bool value returned by this method. What I am confused about is there could be numerous reasons why a login attempt failed; user is locked out, too many tries in a period of time, etc. There is no way that I see to convey that to the control so it could display the proper message. Other properties of the membership provider such as PasswordStrengthRegularExpression have absolutely no effect on the login control as well (out of the box), I would have hoped that it would automatically somehow translate into regular expression validators, but that doesn't seem to be the case. So it seems that I need to initialize the login control properties with these settings out of the provider configuration if I want them to take on the control itself.
If the only thing that the Login control does out of the box (without manually handling events and doing the initialization as described above) is call the ValidateUser method on the membership provider, I see no way to convey back to the Login control why the validation failed or even doing things like throttling the validation requests based on a certain time window. Ultimately my question is why would I even use the membership provider then in conjunction with the login control? It seems like it was only designed for a Yes/No type response, which is very restrictive. If I want to build in logic with different messages back to the user I need to handle the login control events and call my own authentication classes that will handle all of my business requirements as well as return a custom error message back to the Login control to display to the user so they know why their attempt is invalid.
Unless I am wrong in my assumptions, it seems that the interface between the Login control as the membership API is too restrictive to be useful. Perhaps the API works better for other auth controls like ChangePassword better but for the actual Login control I don't see the point.
How can I transfer the login session of a user into a Cookie that would expire in 12 hours? I have a problem with Internet Explorer where whenever the user closes the window it would log them out automatically (which is by default what it is supposed to do). I am using VB.NET
WARNING - Absolute beginner here with VS. I'm expecting a steep learning curve, but I'm up to it! I'm trying to create a website with membership/login. Followed the above walkthrough MANY time, and been very careful with the username and password entered, but I keep getting the message that the loging failed. The asp application name is "Membership" This is the whole thing, automatically created following the walkthrough, apart from adding 2 members - yes, did go to the memberpages folder at the set rules page.
Solution Explorer: Solution 'membership' (1 project) - //localhost/membership/ - App_Data - ASPNETDB.MDF aspnetdb_lpg.LDF - MemberPages web.config - Default.aspx Default.aspx.vb - Login.aspx Login.aspx.vb webconfig aspnet_Membership: (2 members) PasswordFormat = 1 The ApplicationId for the 2 members is different - should it be?..........
I just like to know how can i create my own authentication(calling the ASP .net membership, role) page with the same function as the LOGIN Control. Your wondering, why not use the Login control instead. I have my own design and i don't know how to pattern my design to the built in Login Control. I tried editing the login template, but it's pretty hard to pattern it to my design.
This is my design
Basically what would like to know how the Login Control calls for the authentication, and when authenticated, it will pass the user(full name) to my LoginView Control without any coding. Or is it possible that I remove default login button in the LOGIN Control then create my own button and trigger the authentication or validation? But if you have other suggestion that can follow my design and call the authentication, i would be happy to know.
What do you think about an ability of having multiple logins and login types to be attached to the same user? Let me explain this by showing how database schema can be re-factored to support this model:
Remove [Password], [PasswordSalt] columns from [Users] database tableAdd [Logins] table with one-to-many relationship between [Users] and [Logins] tables.This will allow one user to have multiple credentials attached to his or her account of different types such as Username&Password, Windows Live ID, Open ID from different providers
You will be able to restrict allowed login types and OpenID providers in web.config
So.. do you think it is a good idea to add support of this model into ASP.NET 4.5/5.0 membership service?
I need to add a column name contact id in asp.net memebership table.I get the contact id from the contacts table and i need to pass that contact id in asp.net membership table when user creation event fires.
When creating a foreign key to the membership user table, is it better to refer to the user_id column or is it ok to use the username column? I assume that the Membership spec enforces uniqueness in the username since there is a method Membership.GetUser(username) that returns one user. Using the id is a bit awkward in code because I have to end up casting all over the place like (int)user.ProviderUserKey. The username would give more information quickly when viewing raw data as well. Just wondering if someone knows a reason why I shouldn't use it as the foreign key.
the Sql scripts for ASP.NET Membership Schema's and Table, So that i can just run the SQL script it will create all ASP.NET Membership realted tables,View, Stored Procedure and schema's
I am in the process of creating my database and I have the pending question of whether I should add a UserID using INT to the membership table. I am not replacing the UserID that is a UniqueIdentifier I am just adding a UserID with INT.
The reason I want to do this is because I have about twelve other tables that uses the UserID column. It will be easy for users to insert data into the other tables and I foresee the tables getting to be millions of rows, by using an UserID INT it will avoid the mass amount of storage from the UniqueIdentifier column.
Now my question is what are my repurcussions of doing this? I've already found out one, and I believe it is my biggest question, if I were to create an insert command in .net how would I grab the UserID INT rather then the UserID UniqueIdentifier to insert it into my tables? For example, I can get the userid this way:
I have my membership provider configured and working on my web host.
IŽd like to create a table, for example, table ARTICLES, and iŽd like that the user logged in, his ID or his NAME, was inserted into my ARTICLES database.Which one is the best table i could get for doing that ?
I was checking the table aspnet_users, but its Primary Key has a uniqueidentifer type.This wonŽt be a problem in the future ?Or is there a better way to relate my table with the membership provider ? Maybe another table OR another field.
i'm using asp.net membership for logins/registeration. i have a bookings table with few fields, lets say first_name, last_name, product_name and userID.when the user submits 'buy' i want to get the userID from the membership user tablem that way i know whose made the booking. i'll have these two tables (bookings & user tables) linkedbut how do i get userID from the user table to pass to bookings table? i checked the membership class and it gives options like-Membership.GetUser(), Membership.GetUserNameByEmail(), Membership.GetAllUsers() etcothing for getting user id. user id is stored like this: c1c91682-449f-45dd-b20e-3dac5315bba4
i currently develop an asp.net mvc 2 web app using asp.net membership and role management for authenticating and authorizing my users. I get complaints though that when adding a role to some user, he is not able to see new role assigned functionality, unless he re-enters (logout and login again) the application.
I am simply create a form that accept some user details and insert some details into membership table and rest of other table.
Membership.CreateUser(username,password,email)
Roles.AddUserToRole(username,"user");
this will insert the details into the aspnet_users table and user is not assigned to any role and no membership record insert. Please give me some ideas how to do this.
I have set up Membership and Roles and can create users and login using the ASp Login control. However I need to associate users with customers (in a Customers table in the database) and display content according to the customer that the user belongs to. Is the best way of doing this to create a foreign key field in the aspnet_Users table relating back to Customers table which would have to be updated manually after creating the user or is there a better way?