Security :: Use Membership Roles And Access In Code?
Jan 20, 2010
in my app i want to create two types of users. (1) 'staff' (2) 'admin'
i have a page called registration which basically creates a user. i used the asp.net configuration wizard to create roles and set access rights to certain pages and this works great.
however, if i was to deploy this app then users wouldnt have access to the asp.net wizard therefore not be able to create users with roles/access.
so how can i do this in code? can i create a drop down in the registration page with two values (staff and admin) which will represent roles and then another drop down with access rights? (allow/deny)
how can i now program these drop down and make it work like i would normally do using asp.net configuration wizard?
I'm using vs 2005 and asp.net 2.0 to create my website. Recently, I thought about applying membership instead of my customized security system in order to achieve higher security level and performance. At first thing went well, since it was easy to create/manage users and Role names from behind code, but when I came upon the "Access Rules" I faced what you can call it an 'obstacle' at least from my opinion.
The thing is, I don't want to use Asp.net Web Site Administration Tool to create and manage my access rules which I'm going to assign to each of my dynamically created Roles. What I want to be able to do is make a page where the Admin can create/manage his desired Role(s) and also, create/manage the Access Rules, then add such Access Rules to the previously created Role(s).
Now, what I need to know first is... is it even possible to do such thing in the first place? Because the way i understand it is, since the access rules are stored in the web.config of each folder/directory that you apply them on then it shouldn't be allowed to modify it from the running/published website.
I need to implement Code Access Security, and URL based security using the roles & types...
For instance, the (Subscriber/Basic) would need to view a different set of pages, and have different access to things then a (Subscriber/Business).
I think I can handle the Code Access security with a custom attribute, but I am unsure to how enforce a User be apart of 2 roles in the URL Authorization.
I am currently using the web.config to deny/allow access to the directories/pages.
e.g.
/Areas/Admin/web.config
[Code]....
Is it possible to force the user to be apart of 2 roles with this technique?
Other than WSAT as I don't want to have to use the CMD bypass to access it using VS 2013, how can I administrate users/roles on my web forms web site and be able to administer them via the website from a different location.
Lets say that I have a database set up with a load of info in it and I decide I want to add the membership and roles functionality to my site but my hosting provider makes me pay for each database I use. I don't want to pay for another db, so how do I set it up so that instread of creating membership and roles tables in the the aspnetdb database, it creates them in my existing database?
I'm trying to build a portal kind of an application in asp.net, in which one of the functionality is letting people log in and upload their documents. The upload page is only accessible to registered users of the portal.
Problem:
I would like to track the user uploaded files according to their userIds.
Is it possible to use the FileUpload Control and C# to fetch the current user id, create a directory with the same name(as that of userID) in the file system and upload the files( multiple file upload, if necessary) into it?
Also another admin page would have to be able to see the list of files uploaded by the specific user and download it if necessary.
have a project where there are main 3 types of users i have to block them from accessing other pages but without using roles or membership is there any other way to do the same?
I have developed an asp.net website. I Have Used Asp.Net membership provider.My Question is , I Have Three Roles , For Eg: Basic, Intermediate, Admin ...Now , i need to apply two roles for single page say basic and admin .... How can i do this ... Plz help me .... Thanx in advance ......
if (Roles.IsUserInRole("Admin") == false) Server.Transfer("AccessDenied.aspx");
I have a client asp.net website that uses ASP.Net Membership, Roles and Profile providers and Login controls. I need to expand the application so was going to use WCF Workflows, the ASP.Net website will be hosted on a different server than the WCF Services so what I want to do is get the ASP.Net Website to auth via the WCF Service. So process will go:
ASP.Net Website ------------------> WCF Service ------------------> SQL Database (Membership, Roles, Profile, Workflow Persistence Data and Business Data)
I tried creating a custom Membership and Role providers but I have had problems managing the users (Membershipuser class) saying null when a vaild user has been return by the WCF Service as can access the properies but not the methods.
Is it possible to have the same DB and web.config for both local development machine and the final production server(with forms authentication)? I'm asking this because if I change anything in the ASP.NET Configuration screen(should I use this at all?) I loose the ability to login. Don't know what to put in the <Membership><applicationName>, should it be /myapp-editor or just /, it's different since it runs on two different domains/servers(final server doesn't have an application dir, just root). How can I make sure that the user created on one server will be usable on the other machine?
i have been creating a website on my computer which has VWD 2008 and SQL Server 2008, i have membership and role system set up, (using the aspnet_regsql) and that worked perfectly fine on my compuetr.
Now when i was ready to deploy it on my web server, i simply copied the whole database, and added it onto the SQL Server on my server, so it has exactly the same rows, tables, data, etc etc.
Now, when i run the website via the domain, users are able to login etc, and my authentication code that redirects users if they are not logged in also works, so im sure it cant be a problem with the membership provider, as it all seems to work.
But all the users that were already in the set roles, it still shows them in the role in aspnet_roles table, but its not working, the thing i have in the roles loginview does not display, and even after running the web administrator tool, it shows that the user is in that role, but does not work (even while viewing on the local machine)
So i added code in a page_load event that would auto add that user to the role
I am using asp.net membership for all the users and roles, right now i have a website on which i have created 2 roles "admin" and "member" in this website i create accounts, so all the accounts are separated/distinguished by account name now i was to add one more role "accountholders" and i want to add this role in such a way that an account holder will be able to see his / her account's stuff ...
i as admin will be creating username and password for accountholders and i will provide them their login credentials so that they can login and see what's in their account. My idea of creating account is that, the accounts that i have in my database will be the key, so when i will create username for particular account , in the create user wizard i should have a drop downmenu will all the accounts name. so the user that i am creating will be linked on that account only ..
I tried googling this and have had no luck. I would like to implement membership roles without any reference to email accounts or smtp. Does anyone have information on this topic?
I have incorporated the asp.net membership and roles feature in my web app on my local dev setup that uses SQL 2008 Developer edition, all works as it should.
My remote system uses SQL 2005 express and I went through the process of creating the ASPNET membership tables via the "aspnet_regsql" command to my remote target database. I then created a few users, adjusted my app connection strings accordingly and uploaded.
My login page uses the "login" server control and when I try and login using credentials from one of the previously created users I get a "Your login attempt was not successful. try again." error. I know the users are in the DB as I can see then via the SQL Management studio on the remote DB. I have triple checked the username/passwords and I am definately entering the correct info. The connection strings are correct as the initial page renders content from another table in the DB. I am getting no errors.
My best guess at the moment is that SQL Express handles Membership/Roles connections differently to the full versions of SQL?
I've created a membership system based on asp.net 2. There are other tables that store user information, such as emails sent etc. I've created a users table based on the TableProfileProvider. My question is concerning deleting the member
Is it OK to delete the member from the aspnet_membership table and roles related tables using Membership.DeleteUser, though keep all the custom tables and the information including the information in the Users table created by the TableProfileProvider? or can you foresee problems?
As mentioned in subject line I'm not able to configure role based website in IIS7. Please find details below.
Environment Details:-
.Net Framework: 3.5
Server: Windows 2008
Webserver: IIS7
Database: SQL Server 2008
Authentication Type: Form Based
Roles/Membership Provider: User defnied.
Problem:-
After setuped my website in iis7 while trying to Login in web page even I entered correct password it says Incorrect password in Login control.After long googling I suspecty that we need to add "Provider to trusted provider" to Authorized provider. I have gone http://www.iis.net/ConfigReference/system.webServer/management/trustedProviders/add but didn't works for me. Can you anyone please help me in this.
well i have a simple application using an authentication (user and password) before accessing and there are several roles bound to each user.
in my web.config i have configured the acces for each page according to each role, this is an example below:
[Code]....
and i have 2 users:
1: admin (default role: administrator)
2: guest (default role: role1)
my problem is as follows:
if i give acces to the user "guest" to open the "admin.aspx" page with changin him his role from "role1" to "administrator", this one do not function except if i recharge the web.config file to the server it's just after this manipulation that this user "guest" arrives to open the page "admin.aspx".
i don't know why this problem occurs, normally changing the user role will applies instantaneously.
I need to design a system that will control access to certain information. The requirement from the user is to use access levels e.g.
Level 1 - Support Level 2 - Manager Level 3 - Senior Manager Level 4 - Department Head etc.
If a certain piece of information is marked as Level 1, then all roles should be able to view that piece of information. If it is marked as level 3, then only the Senior Manager and Department Head can view it, but the Manager and Support roles can't view it.
Questions
When I assign the access level to a piece of information, will I have to assign multiple roles to it in order for me to achieve this functionality? Is there a better way of doing this?