VS 2008 - Can Login For Membership Be Used By More Than One Person?
Sep 1, 2011
I am using the asp.net membership on my website and I have a user called DemoUser for someone who has not joined and wants to try out the site. All they can do is look around and search records. Nothing more. If more than one person logs in with this username, will all of these people be counted in how many are online? Or will that username only be counted once even though 20 people might be using it?
I am wondering how I can implement so that later login session logout former login session to avoid concurrent login. I know how to check whether the user is online (by Membership.IsOnline()) and logout the current user (by FormsAuthentication.SignOut()). But I don't know how to logout the previous login session.
I've set up a system with forms based authentication and using the asp:Login control. When I put in an invalid password I get the approriate invalid password message. However when I put in a valid password, it does nothing...just returns to the login page again. I'm triple checked the login info. There is no error message, and the invalid attempts counter doesn't increment. When I put a break point in the Login_LoggedIn event of the Login form, it hits it, but User.Identity.IsAuthenticated is false. I'm not 100% sure it should be true at this point, as I'm pretty new to .NET but it seems kind of odd.
My user database is stored in a sqlserver 2005 db that already existed. I've added a new connection for it.In the authorization I have
I would like to implement my login page as a pop up, creating the control as a partialview and placing it in my masterpage using the membership service provided by asp.net.
Normally in the webconfig, the authentication link is specified as follows:
I am not used to work with SQL Server(usually I just use express). I run it on windows server 2008, iis7.
I have attached the database to my sql server. I made a web site in iis7 but I get this error message.
Cannot open database "Phaeton.mdf" requested by the login. The login failed. Login failed for user 'NT AUTHORITYNETWORK SERVICE'. Connectionstring I use <add key="PhaetonConnectionString" value="Data Source=.;Initial Catalog=Phaeton.mdf;Integrated Security=True"/>
By default, Membership API uses a separate username field to login users. I would like to use the email address for users to login. Is this a good idea?
How would I modify the Login, Register a user, Forgot password control to support this?
I am using membership api in my project.I have customized all the controls.Now i want that user can login on only one machine from same username and password at the same time.If user is trying to login on any machine at that time if he is logged in from another machine.They should get message.They should not be able to log in using same username and password on same time on different machine.
I'm trying to create two ASP.NET Membership login pages for an ASP.NET website I'm creating.
Here is structure:
/ - Anonymous Access for page off root /registeredUser - Must be part of RegisteredUser Role /registeredUser/login.aspx - Login page Registered Users /admin - Must be part of AdminUser Role /admin/login.aspx - Login page Admin Users
Another person asked the question and it was suggested to use the location tag in the web.confg: http://stackoverflow.com/questions/525988/redirect-user-to-mulitple-login-pages-using-asp-net-membership
But I receive errors related to the using the forward slash / in the location path. I removed the forward slashes and the security rules are ignored.
So my question is, can I have more than one logon page using ASP.NET Membership without creating separate applications in IIS?
How this line if (usrInfo! = null) add another variable that will be used to login.
This line (usrInfo! = null) works, but I have a database table "confirm". If I change in the Admin to "true", the user successfully logged on. If the base table "confirm" set to "false", the user will not be logged.
The following code works if (null! = & usrInfo & usrInfo. IsApproved), but instead of ' IsApproved ', I want to use table "confirm".
I am creating a custom membership provider for a web app that already has it's users stored in an existing database table. I used some code from a tutorial to help jump start my provider but I am a bit lost on how i can interact with the actual log in process.My custom provider has an override method for ValidateUser() and at the moment I am just returning true there. But I want to create a current user object to store in session scope. This object will just store some specifics about the user.
I guess another option would be to use the ASP.Net profile provider but again I am not clear on where to hook into log in process to run some code that would either create this user object or populate the profile information for the current user.
I'm using asp.net's built-in membership provider with security question-and-answer enabled for password recovery against a SQL Server 2005 db. For some users, this works fine and they're able to receive their passwords. For others, and it's not clear what separates the two groups, the security answer is never properly processed. It doesn't matter if the answer is correct or incorrect, the page merely reloads without confirming or denying the request.
As for events, VerifyingAnswer is being triggered, but not AnswerLookupError (if answer is incorrect) or SendingMail (if answer is correct). I ran a SQL trace during one instance, and the aspnet_Membership_GetUserByName stored procedure is being called, but nothing else gets called after. I would expect that aspnet_Membership_GetPassword would be called, which passes the security answer as a parameter, but it isn't.
I have a site in which I'm intending to use multiple membership providers. I'm using my own custom membership provider to provide access to several data stores depending on the section in which the user's information resides.
The actual login functions correctly using the built-in ASP.NET Login component in which I've manually specified the membership provider it should validate against. When I run a trace on it's actions, I can see that it attempts the 'validateuser' against the correct data store and continues to redirect the user to their applicable section.
The problem is that once they are logged in and the site (or I) call 'GetUser' to get the users information or permissions, the membership provider reverts to the site's default provider.
In my custom membership provider I'm only overriding the methods for GetUser and Validate user which is working perfectly fine for a singular membership provider, but not when using a different provider.
How can I ensure that the correct membership provider is retained with the user's membership details? Is there a method that I need to override/append in order to achieve what I'm looking for?
I have a web app that uses the Membership Provider to authenticate users.Everything worked fine until today... when I tryed to log in it failed. I looked in the database if something went wrong there and the user is deleted but everything looks fine there.I tryed to recover the password using the user name and i got an error that the user is not recognized.I tyed to recover the password (even though I am sure what the password is) but still no luck... (I get an error that hased passwords can not be decrypted)I triyed it in local host and guess what ... still the same... this is the provider section in my web config
And there seems to be a lot of information missing. It doesn't tell me how to upload the database to my server etc. I remember following this tutorial last year, and ran into numerous propblems, and a google search revealed THOUSANDS of people who've experienced the same problems.
I'm just so confused right now I don't even know what the hell to ask anymore. recommend a website other than MSDN (or possibly a different section on MSDN) where I can learn how to do this properly without a trillion roadblocks along the way?
we use forms authentication for a community website with about 200k users with a simple login like this:
Private Sub btnLogIn_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles btnLogIn.Click If CheckPassword(txtEmail.Text, txtPassword.Text) FormsAuthentication.RedirectFromLoginPage(txtEmail.Text, chkRememberMe.Checked) End If End Sub
which checkPassword reads from a MS SQL users table. it has worked without major problems for 3 years but we need to store the login date of users in a table, both when they login explicitly and when they had selected "remember me" and come back (we store login once per session)
since we have a complicated profile system and database it will be practically impossible to switch to membership API. last time I was told we could user an auditing system to do that but I have no idea how to do that.
I have a web aaplication which currently has a bunch of users and use Asp.net Membership to create and manage users.
I want to add OAuth functionality to my application and want to still using Asp.net Membership (login , etc ). ( and I also want my user login to application with any public social network ID , if that network use a OAuth membership.
How can I use Asp.net and OAuth (open ID) beside each other ?
I also want to add a new page for users to create a profile for themeselve.
how do i create the login? I don't want to use the membership provider, I need some logic to login in the user? I can of course make all the validation of the user, the problem is to create the cookie or session
public ActionResult LogOn(string email, string password, bool? rememberMe) { //Create som cookie or session I can use for user login? return null; }
1) No matter how I try Default.aspx never shows up as the StartPage even though I've told it to, the Login.aspx Page shows up first, so the rest of the walkthrough seems strange....
2) I'm a dummy when it comes to SMTP so I can not seem to get the SMTP to send a message to the User supplied e-mail address....
I want to use this methodology for many Web-Sites I have planned, but if it doesn't work then perhaps not....
I am working on implementing a custom membership provider that works against an existing schema in my database and have a few thoughts/questions.The login control will automatically call the ValidateUser method of the membership provider, so no matter how I implement the provider the only thing the login control cares about is the bool value returned by this method. What I am confused about is there could be numerous reasons why a login attempt failed; user is locked out, too many tries in a period of time, etc. There is no way that I see to convey that to the control so it could display the proper message. Other properties of the membership provider such as PasswordStrengthRegularExpression have absolutely no effect on the login control as well (out of the box), I would have hoped that it would automatically somehow translate into regular expression validators, but that doesn't seem to be the case. So it seems that I need to initialize the login control properties with these settings out of the provider configuration if I want them to take on the control itself.
If the only thing that the Login control does out of the box (without manually handling events and doing the initialization as described above) is call the ValidateUser method on the membership provider, I see no way to convey back to the Login control why the validation failed or even doing things like throttling the validation requests based on a certain time window. Ultimately my question is why would I even use the membership provider then in conjunction with the login control? It seems like it was only designed for a Yes/No type response, which is very restrictive. If I want to build in logic with different messages back to the user I need to handle the login control events and call my own authentication classes that will handle all of my business requirements as well as return a custom error message back to the Login control to display to the user so they know why their attempt is invalid.Unless I am wrong in my assumptions, it seems that the interface between the Login control as the membership API is too restrictive to be useful. Perhaps the API works better for other auth controls like ChangePassword better but for the actual Login control I don't see the point.
I am currently working in an ASP.Net application where i need to implement ASP.Net Membership and Roles. I have used Login controls in my pages. Also I am using a menu in the master page, which is getting data bindings from database. For data bindings I am using XMLDatasource and a transform file (.xslt file). I need to bind the data to the Menu based on the user roles.
My issue is that the generated Menu is not behaving consistently. Sometimes it will show the correct menu for a particular role and some times it will show previously loaded data.Providing my code here:
masterpage.master.cs private void LoadMenuItems() { System.Security.Principal.IPrincipal User; User = System.Web.HttpContext.Current.User;[code]....
I have an Employee class in my App_Code folder. On my login page I am trying to create an Employee using the asp.net username as a parameter in my Employee constructor.
I have tried creating the employee in the page load event when it is a post back. I have tried doing it in the Login1_LoggedIn event. For some reason I cannot pull the username in either one of these places, but if I redirect after logging in and do the same thing on another page, it works.
I have a business site that I want to use to show clients their projects I am working on. I don't want these projects to be visible to anyone but the clients, so I give them a user ID and password. I want to use asp.net membership to manage the login IDs and passwords, but I want to use jquery to submit the login form (it's lighter and leaner than the login control). Here is what I have: Page with an html form for login .js file with the jquery calls & code in it httpHandler to process the information from the formI have the user to entering their ID and password, I am using jquery.forms.js to process the form, which calls the httpHandler and passes the form values to the handler. I have the handler check to see if the user ID and password are correct, if not, it passes back a message to be displayed to the user. If the user is valid, then I have it passing back the role of the user, which also happens to be the name of the folder the client needs to view. I have the page redirecting via javascript to the client's folder once they are authenticated. I have the location of the client folder setup in my web.config.
The problem I'm having is the page just redirects back to the login page, with the return url included (?ReturnUrl=%2fCTS%2f2010+Design%2fLasmer%2findex.aspx). I want it to go to the client folder (Lasmer in this case) once the user has been authenticated. Shouldn't it send me to the folder's default page once it knows the user is authenticated? Do I have a problem in the way my web.config is wired up, and do I need anything in the client folder's web.config?Here is the code for the web.config:
I am working on implementing a custom membership provider that works against an existing schema in my database and have a few thoughts/question.The login control will automatically call the ValidateUser method of the membership provider, so no matter how I implement the provider the only thing the login control cares about the bool value returned by this method. What I am confused about is there could be numerous reasons why a login attempt failed; user is locked out, too many tries in a period of time, etc. There is no way that I see to convey that to the control so it could display the proper message. Other properties of the membership provider such as PasswordStrengthRegularExpression have absolutely no effect on the login control as well (out of the box), I would have hoped that it would automatically somehow translate into regular expression validators, but that doesn't seem to be the case. So it seems that I need to initialize the login control properties with these settings out of the provider configuration if I want them to take on the control itself.
If the only thing that the Login control does out of the box (without manually handling events and doing the initialization as described above) is call the ValidateUser method on the membership provider, I see no way to convey back to the Login control why the validation failed or even doing things like throttling the validation requests based on a certain time window. Ultimately my question is why would I even use the membership provider then in conjunction with the login control? It seems like it was only designed for a Yes/No type response, which is very restrictive. If I want to build in logic with different messages back to the user I need to handle the login control events and call my own authentication classes that will handle all of my business requirements as well as return a custom error message back to the Login control to display to the user so they know why their attempt is invalid.
Unless I am wrong in my assumptions, it seems that the interface between the Login control as the membership API is too restrictive to be useful. Perhaps the API works better for other auth controls like ChangePassword better but for the actual Login control I don't see the point.
How can I transfer the login session of a user into a Cookie that would expire in 12 hours? I have a problem with Internet Explorer where whenever the user closes the window it would log them out automatically (which is by default what it is supposed to do). I am using VB.NET