I have a Asp.net web application that is running on 4.51 , When the User login Successfully i return an Object that has info for that user and store this in a Static object. Now my problem is the i
User 1 Login (Welcome James)
and
User 2 Login (WelCome Daniel)
and User 1 refreshes the Page (Welcome Daniel)
My user sessions override each other. i did mess around with the IIS Session before , i just noticed this now.
I need to do something when the user logs out. I have used ASP.NET Forms Authentication.
What should I override or implement?
I have an ASP.NET login control and I want to empty the basket-viewer when the customer logs out of the system.
I am developing an application for Online Examination. Once a user logs into the system, he is allowed to start a Test; on clicking start test button the user is redirected to the questions page. Now when the user clicks and confirms ending of the test by a button click then he is redirected to the results page.Now what I want here is that when the results page is being displayed the user should automatically be logged out of the system and should not be able to go back to the previous pages by pressing the browser's back button.
The problem which I am facing right now is that when the results page is displayed anyone can press the back button and continue the test and manipulate the result. How can I stop this.
I've never actually implemented a registration/login system before, so I'm trying my hand at making my own in C#/ASP.NET (not using ASP.NET's built-in membership provider). What I'm a little unclear on is how to utilize Session/cookies to keep a user logged in during and between sessions.
protected void Login_User(object sender, EventArgs e)
{
string username = usernameField.Text;
string password = passwordField.Text;
User user = UserRepository.FindUser(username);
if (user != null)
{
if (user.Password.Equals(Hash(password)))
{
// How do I properly login the user and keep track of his session?
}
else
Response.Write("Wrong password!");
}
else
Response.Write("User does not exist!");
}
I'm trying a lot a things in these days around the Login control. What I want: to keep the user logged ind also when she close the browser. When se returnes to the page, she should be moved to the DestinationPageUrl of the login control.
My Login control:
[Code]....
My Codebehind file for the login control:
[Code]....
My web.cofig settings:
[Code]....
As you can se, I have learned (from google and here in forums.asp.net) that I need to do a FormsAuthentication.SetAuthCookie but I have one problem....... If I do nothing in the page_load the control doesn't keep me logged in through sessions.Is there anyone who can help me, and either explain og link me to a page, where I can see, how I can get the UserName and Password from the FormsAuthentication.SetAuthCookie I maid. I also need to know if when I get UserName and Password from cookies andthen redirect to the /Content/Default.aspx page in page_load the system knows (formsauthentication) the user is logged in?
We're currently deploying code to live pretty reguarly at the moment, but the down side is destroying user session data.
Is there a way of being able to recycle IIS without loosing session data, or is persisiting session state in SQL server or alike the only way?
I am trying to create a system in which there will be a single user accessing his acount from two endpoints simultanously.
I think this is possible.
1) How to restrict the user to have only one session at a time?
2) How to change it to have limited number of sessions per user at a time?
We have take over a classic asp site. Everything works fine, but we are making improvements to some reports and adding new reports, so we are doing this in .NET, with that said, after reviewing the secuirty code, there are 2 sessions that are set and used thru-out the site as part of some of the individual page queries.
I know that the sessions are being populated, because the reports that use those values return records.. now with a new report we are working on, i need to pass those values into my query. But when i try using the session names the page is coming up saying the following:Object reference not set to an instance of an object.
Is there anyway to add something to my page code to see what sessions are actually being created and their values.. maybe im using the wrong variable names.. but the security code is pretty straight forward.. at login, if successful, 2 values are returned and stored in 2 sessions.. i need to use those with my new page.. so trying to figure out why the existing pages work fine with that and my new page does not..
Basically, i'd like to write to the screen the session variables that are being created on the login page.
I am wondering if it is possible to clear a session variable if the user navigates away from my site.
My example is I have a session storing the logged in user. This is checked for user access to each page.
If the user goes to another site (e.g. google) I want them to relog into the site.
This is to prevent others getting access to a users account if they use the same pc minutes.
I do have a logout that performs this and I know that it is impossible to make users use it! :)
Is there anyway to actually remove all the sessions once the user leaves the site/application or when he/she closes the browser?
View 11 RepliesMy prior asp.net apps used windows authentication on an intranet. Now I'm developing an app for the internet and am stumbling over how to properly manage user sessions and state.
I first developed my web site functionality; created the SQL DB and got all of the pages to properly handle the data. Then, I installed the SQL Membership database and was able to get the CreateUser, Login, Logout pages to work. On the Verify process for the Userid, I added a step that will take the membership UserId value and create a Company record in my tables and link my CompanyId key with the UserId.
At Login time, I create a CompanyId session variable; each page uses it to retrieve records for the user. When Session Timeout occurs and the user click a link to another page, the app redirects properly to a Login page. However, if the time expires and then the user interacts on that same page, 'Object not set to an instance of the object' - the CompanyId session variable has expired.
What is the proper way to handle this? I'd like the page to automatically redirect to a TimedOut page (this would happen automatically without the user doing anything).
I considered writing a Function where I pass the Session variable I want and the Function sees if it exists; if it doesn't it would do a Response.Redirect to the TimedOut page...I can't get the Redirect to work in a Class Function ('reference to a non-shared member...').
I assumed that I should set CompanyId as a Session Variable so each page knows the user to get data for. Another approach is to use the membership User and if it is still valid, do a DB lookup to get the CompanyId. I did not choose this because I felt that it would increase DB traffic and web traffic.
Here are several relevant settings from my web.config:
<sessionState cookieless="UseDeviceProfile" />
<authentication mode="Forms">
<forms loginUrl="~/UserTasks/Login.aspx" />
It feels like there should be a straightforward answer to this but I am missing it.
I use the following my .net applications to resolve the path to an image or css file or javascript file.
<%=ResolveUrl("~/Scripts/myscript.js")%>
<%=ResolveUrl("~/images/myimage.jpg")%>
All my pages and controls inherit from a base page or base user control.
I have tried but didnt succeed in overriding the ResolveUrl method so that I could include some custom logic in the files path.
how I might override the ResolveUrl method? Alternative is to create my own custom method that does similar but would prefer to work with ResolveUrl.
I am using VS2010 & MVC2 to develop a web app. I noticed that HtmlHelper.LabelFor doesnt contain an override that accepts either a css class or html attributes. I was thinking about writing my own override for this, but am struggling with it.
The current LabelFor method accepts a lambda expression and automatically extrapolates the property name, display name (if specified via [DisplayName] attribute and value and generates the label. How do I write my overridden to do the same, but also insert any htmlAttributes specified such as class, style etc.
i cant seem to selectively disable serverside validation using annotations. Data annotations and unobtrusive validation is an awesome feature and has worked out great for us thus far but trying to localize it has been fruitless.
Basicly i have a property in a model object like this (it wraps a DTO)
[Code...]
i can change the output text for things like data range, required, string length etc. but simple stuff like "this field has to be a number" seems hidden away.
I'm trying to override the UniqueID attribute of an HtmlInputRadioButton. I'm extending the HtmlInputRadioButton class and using the code below:
[Code]....
But the rendered radio button tag looks like this:
[code]....
I would like to create a WebService in .Net who expose multiple WebMethods
I need a WebService version per new implementation (WebMethod or New Property in Business Object), like this :
[WebService(Namespace = "http://tempuri.org/")]
[WebServiceBinding(ConformsTo = WsiProfiles.BasicProfile1_1)]
public class Service : System.Web.Services.WebService
{
[WebMethod]
[WebServiceVersion("1.0")]
public string HelloWorld()
{
return "Hello World";
}
[WebMethod]
[WebServiceVersion("1.1")]
public string NewMethodInVersion1_1()
{
return "Hello World";
}
}
With UrlRewriting or HttpHandler :
HelloWorld WebMethod only : http://localhost/Service/1.0/Service.asmx
HelloWorld WebMethod and NewMethodInVersion1_1 : http://localhost/Service/1.1/Service.asmx
How can i generate a wsdl dynamically for the specific version used by the customer ?
i have add a new column (CustomeAuth) to aspnet_Users but i need to get the value of this column just like:
Membership.GetUser().UserName
so i can use :
Membership.GetUser().CustomeAuth
I have a ProductService class that defines the following methods. It doesn't work, as I will explain further below, but it gives the compile error CS1061: 'ProductService' does not contain a definition for 'GetByid'. Unless I've dropped the ball on method overloading, why is the public overload of GetById not seen by other code?
public IEnumerable<Product> ListActiveByCatId(Guid catId) {
return _entityContext.Products
.Include("Category")
.Where(p => p.Category.id == catId);
}
[code]....
I'm going through this tutorial [URL]
[Code]....
When I compile, this error message comes up: 'Framework.ImportControllerFactory.CreateController(System.Web.Routing.RequestContext, string)': no suitable method found to override I have navigated to the definition in the DefaultControllerFactory, and it's (snipping the comments):
[Code]....
I'm creating a multi-tenant Asp.Net MVC 3 Web app, and using EF4.1 code first for the db model.For development I'm happy to use SqlServerCE in App_Data, and for production this will move to Sql Server 2008.
Say my context is called "MyModels", by default code-first looks for a connection string called "MyModels" in Web.config. This can be told to use a file in App_Data or changed to access a database in SQL2008. All fine so far.
But because of multi-tenancy, I'd like the SqlServerCE filename to match the unique id of the tenant (so App_Data would have "client_x.sdf", "client_y.sdf"; Sql Server 2008 would have separate databases). I can't work out how to direct to these different databases.
I've tried MyModels inheriting from DbContext and supplying a connection string (using a 'placeholder' conn string in Web.config and replacing "{clientId}" with the unique id), and I've also tried setting the connection string in the MyModels constructor:
base.Database.Connection.ConnectionString = xxx;
but this never seems to work. I always get the following error:
A network-related or instance-specific error occurred while establishing a connection to SQL Server. The server was not found or was not accessible. Verify that the instance name is correct and that SQL Server is configured to allow remote connections. (provider: Named Pipes Provider, error: 40 - Could not open a connection to SQL Server)
( it's not yet 'configured' to use SqlServerCE, and so is trying to connect to Sql Server)
Tracing the code, Database.Connection.ConnectionString hasn't been read from Web.config at this point, so I can't search and replace that, and, possibly, it's getting overwritten by the 'placeholder' conn string later in the pipeline.I reckon this must be quite straightforward and I just can't find the 'hook'.
I have been trying to implement ValidatorCalloutExtender but for some reason I can't assign different icons for "WarningIconImageUrl" or "CloseImageUrl". When I leave them blank then I get the default icons but when I try a different icon set then I keep getting "no image display or "X" for the icons.
I was wondering if anyone else had the same problem or am I doing something wrong since this should be pretty straightforward. The link below is the link I followed, everything works except the icons.
http://www.imaginativeuniversal.com/blog/post/2008/09/04/Styling-the-Validator-Callout-Extender.aspx
If I have a Filter applied to a controller with a property defined as true.
Can I apply the same filter to one of its actions with value false to override the value for that specific action?
How can i make my own delete method to prevent that the data really gets deleted? i want to set a datetime field when it gets deleted insted of a normal delete. i read about overriding the submitchanges function, but i don't get it to work
View 3 RepliesI am having an issue when attempting to override the DisplayNameAttribute in ASP.NET MVC to provide a localized string. The code itself is straightforward and similar to that in another Stackoverflow post link text
The code works for global resources but not so well for local resources. I have a registration screen and used the Visual Studio "Generate Local Resource" command to create my local resource file. The generated file is named Registration.aspx.resx and the App_LocalResources folder is created relative to the actual Registration.aspx page - as one would expect.
However, when I attempt to get the localized string using:
ResourceManager.GetString(resourceKey)
I receive the following error message.
Could not find any resources
appropriate for the specified culture
or the neutral culture. Make sure
"FullAssemblyName.Views.Account.App_LocalResources.Registration_aspx.resources"
was correctly embedded or linked into
assembly "FullAssemblyName" at compile
time, or that all the satellite
assemblies required are loadable and
fully signed.
Using reflector, I can see that the file is actually Registration.aspx.resources and not Registration_aspx.resources - the underscore/period being the subtle difference
FullAssemblyName.Views.Account.App_LocalResources.Registration.aspx.resources
I have toyed with the code quite a bit but no matter what I do, the file being requested is always different than that copiled in the assembly. For instance, if i rename Registration_aspx (in the generated Registration.aspx.designer.cs class i get the same error but this time the path is "...App_LocalResources.Registrationaspx.resources"
Has anyone run into this? Is there any way I can ensure that the resource found in my assembly has this underscore?
emp database(connection string vsspl-005sqlexpress)employee database(connection string vsspl-002sqlexpress)
runtime employee database when i give print button emp database
the above 4 fig display the problem.. since i'm trying from last 4 days
i've one crystal report which is connected to the database using database expert and connection string is
vsspl-005sqlexpress and i want to override the connection string to vsspl-002sqlexpress..
i've writen the connection string in webconfig file it is working well..
for example. the report is connected to the emp database using database experts..
and the overriding string is connected to the employee database in webconfig file..
when i run it is displaying correct employee database..
but when i give print it is diaplaying the logon prompt with server name same vsspl-005 emp database.
and in the pdf it is printing the eml database. i want the employee database in the pdf and print..
i want to override the connection string both the time while its running and when i give print command in pdf also..