I am new to asp.net and developing an application where there will be some roles like (admin, entry user, maker, checker) one user can have all or can have partial roles based on the provided roles and the page should restrict functionality based on the user role.
What is the best way of implementing it without memberships in asp.net ..
I'm using a custom role provider (written by another developer) that uses our active directory username (obtained from HttpContext.Current.User.Identity.Name) along with a SQL table.
Anyways, when I update my SQL table to update my roles I need to close my web browser (Internet Explorer 7) in order for my new security to become effective.
I've tried using Session.Abandon() but that doesn't help.
How can I refresh my security?
Ideally I want something like: Roles.RefreshCurrent()
I am looking for an opensource .Net 4.0 user profile and role management module. I need to manage basic user profile updates and management. Does any body know if such a thing exist?
View 1 Repliesi have implemented the the openid in my page using dotnet open id when i get authenticated iam storing the details provided by openid provider in my database and creating a session of that username and redirecting the user to login protected page it is working fine but some time if i left the page idle for some time and then do any kind of postback then the session is lost and my page do not allows me to do any thing as it is login protected some time it is working fine without any problem. can you suggest me why is it so.
View 1 RepliesI have two .NET applications X and Y
a. I want to have User A as a common user for both application X and Y.
b. User A can have different roles on X and Y. Eg. Read permission on Y and Write Permission on Y.
How do i configure ASP.NET membership to achieve about functionality.
I am implementing an eCommerce application using ASP.Net. I would like to know if custom Google search is sufficient enough or if we plan to go implement our search functionality.. how do we go about doing it?
View 3 RepliesThere is Role Management feature in ASP.NET It works on local development machine. For our project we need customers admin to be able to create new users and manage their roles. So, basically same what aspnet_regsql.exe does. Question is Should we develop our own pages and forms or use some ready made tool?
View 3 RepliesI am working on an intranet website using ASP.NET and was wondering what exactly I can gain by enabling roles when Windows authentication is enabled for my website. I can check if users belong to groups with the User object so why would I need to enable roles given that windows authentication is enabled?
View 1 RepliesI'm working on a project that involves exporting HTML to PDF. I was told that this can be accomplished with a a free library called ITextSharp:http://itextsharp.sourceforge.net/This looks like it's actually a JAVA-based interface. Does anyone know how to actually inistall this and reference these dlls in your ASP.Net project? Maybe there there's a different version of ITextSharp for .Net that I missed...
View 3 RepliesI have a very basic need in regards to membership and role management. I am having success with the membership and being able to use the [Authorize] filter, but the IsInRole() and all that goes along with it is failing. I am hoping someone can point out where I am going wrong.
1) Login action is called on the controller:
[code]....
If I add a check to the site.master to show/hide a menu item based on role there are no roles listed for the user anymore. I have tried both Page.User.IsInRole("Role1") and HttpContext.Current.User.IsInRole("Role1") neither of which is true. I also receive a failure on [Authorize(Roles="Role1")] filter.
I am creating a website, where my client is planning to target 1000's or user registrations with their login area etc. Is it a good idea to use role management/aspnetdb for this purpose?
View 9 RepliesI have created data base called"AspNetServicesDB" in sql server and then created login called"AspNetServicesUser" under login section.After that I created new user called "AspNetServicesUser" under my newly created database.Then I used "aspnet_regsql.exe" command and successfully configured.Once I checked "AspNetServicesDB" data base I could see all the tables were successfully created.
Problem I always getting error "Could not establish a connection to the database. " when I try to select provider. My connection string as follows.
<connectionStrings>
<remove name="LocalSqlServer"/>
<add name="LocalSqlServer" connectionString="data source=.;DataBase=AspNetServicesDB;Uid=AspNetServicesUser; Pwd=password"/>
</connectionStrings>
I have ticketing application developed in very unprofessional coding technique.
I am doing an upgrade and i am thinking to use master pages role management. i have few questions?
1) How can i use controled view for users/administrators on the page.
2) how can i use active directory to use authintication?
3) but i want to use .net role management to control the role management?
I am about to deploy an ASP .NET application (developed with LINQ-to-SQL). I have taken following precautions: Database access via user with limited access, however, since application is to access the sensitive data, I can't deprive this limited access user from it Database server is not exposed to external network - is hiding behind DMZ and all external ports are blocked I have done thorough security testing of the web-application; SQL Injections, rights management, illegal data access (via post/get data tempering) Application is operating on SSL
1 - I am using ASP .NET authorization API; any recommendation for avoiding session hijacking (in case someone some-how gets to know the session key). Is there are way to change the authentication cookie less prone to threats? Say like, changing it after every request? (I know I am get very conscious about this particular item)
2 - Data in the database is not encrypted. To make things ultra-secure, I am thinking about implementing transparent data encryption. Can someone share his/her experience or a link about implementing data level encryption with SQL Server 2008 along with pros-and-cons?
3 - Recommendation for storing connection string in web.config. Is using integrated security better then using encrypted database connection string?
I'm using my own role management and user management in my application, i now need to use forms authentication. How can i do this?
View 3 RepliesI know it's possible to use this information in a winform, wpf or console application. But I rather to determine which user with what roles are running a sepecific method, so I could decide upon them and run different codes. In addition in a desktop app. how a user can login? Is there any special winform or wpf login control?
View 1 RepliesIn my application i have 2 types of authintication. ActiveDirectory Authintication (works) and Master Pages/Role management.Issue is:1) I want to use active directory as from initial level authintication then, role management (if user does not exist)2) AD Authintication works but it hides the menus which is using role management authintication. How can i control roles if the user is authinticated by Active Directory as a valid user?
View 1 RepliesIn my asp.net application, users are created by the administrators & those users need to log-in into the system using their own email/password or openid. So what is the best option to implement in this scenario?
I mean, as users can't register them self,do administrator required to associate each openid with the users & what kind of table structure do I need?
And do I also need the log-in interface like that of [URL] showing multiple types of authentication(default & openid from various providers)?
want to make sure I am not assuming something foolish here, when implementing the singleton pattern in an ASP .Net web application the static variable scope is only for the current user session, right? If a second user is accessing the site it is a different memory scope...?
View 4 RepliesI am developing a web application using asp.net 4.0, vb.net 4.0 and Sql-Server 2005 as backend. I want to implement read only or read/write permissions for a particular logged in user. Ex : I have a Purchase order page, now I want to assign only view permissions to a particular user and read/write permissions to another user. what would be the best way to do it ? Use authentication and authorization provided by .Net or implement custom authentication and authorization ?
View 2 RepliesI am creating a interface for User Role Management based on built in membership provider.I want to display all the roles as check boxes for a selected user. I am able to display all the roles in the database, but not able to load the specific user roles. For example, I am able to publish role 1 role 2 role3 role 4 as check boxes. But if the user is already flagged as role 1 and role 3, I am not able to show that data (role1 and 3 should be checked when form loads, but right now, they are not checked)...How do I get the roles as checked boxes display on a page.I am using a repeater control to display roles as check boxes on the page..
<asp:Repeater ID="UsersRoleList" runat="server">
<ItemTemplate>
<asp:CheckBox runat="server" ID="RoleCheckBox" AutoPostBack="true" Text='<%# Container.DataItem %>'
[code]...
As I'm learning the ins and outs of ASP.NET user management, I've learned that the default in VS is for it to use a SQL Server Express .mdf file for the data it needs to save. This won't help me for when I deploy my site, as I'm running SQL Server 2008 R2 on my IIS 7.5 server. I know that I can run a command line tool to automatically create the db tables necessary for user management, and will do that on my development machine, but how do I tell my existing, in development code in VS to ignore the existing Express .mdf file and look at the newly created db tables?
View 1 Repliesi like to design a asp.net application(app1) where we can create role and actions. here action is such as create student details and delete student details... this both actions comes underneath to a role1.. so, the application will have some roles with set of actions. This roles and action will be used later in another applications(app2 and app3).
i have designed app1 with single sign on for all the application(app2,app3). when a user enter into app2, he/she will be redirected login page which resides in app1. There user validation will take place. once validated, authentication ticket will be send back to requested application(app2).
Once app2 receive the ticket, it will make another request app1 to get the roles and action belongs to singed user. the app2 should behave based the actions belongs to role.
*A user can have more roles.
how to control the user activities based on the actions?
Is there any framework to achieve this model?
I am looking for a way to distroy the ASP.net membership session for a specific user. The reason I am doing this is as an admin I want to delete a user. This works fine, but if the user already has an active session, he is still marked as "online" until this session dies (I verify each time by using Current.User.Identity.IsAuthenticated). How do I go about killing a session based on the user it's authorized as. This way when I do Memberships.DeleteUser(username) I can also do Sessions.KillByUser(username)[URL]
View 2 RepliesI am using if (HttpContext.Current.User.Identity.IsAuthenticated){ //do sth. } in my web service to do credential. Is that good enough? or is there some best practices that I can follow?
View 2 Replies