i have users who can logon to my site. I don't use the asp.net provider (i have my own user storage) but do use forms authentication. No i want to block users from log on twice to my app. Now what is the simplest thing to accomplish this? I thought about an extra field in the database in the user record but is there something simpler? is there a sort of 'session' for the entire application where i can remember who is logged on (and which is not flushed at a random time)? maybe in the cache (but the cache is sometimes flushed) i've seen an example where a file with the username was written to disk (and removed when logged out)
EDIT:
Good question was: what do you mean with logon twice. I mean when a user logs on on another computer or when another person logs on with the same credentials
What i want to do is code in Global.asax file to check if current date is greater than EndDate(appsetting) it will block access to rest of the pages as what happens when using [Code]....
Moreover it will be a licencing system which will block the application after its EndDate that will be mentioned in web.config. [Code].... [Code]....
I have a web page where I am denying anonymous users from accessing. In the web site I have a folder called FileManager. In the web app the usres have the ability to uploaded files and when they do a folder gets created under the filmanger and the files are saved. I have created a web.config in this folder that denies anonymous users. The problem is if the user knows the directory structure they can type in the url of the site add /FilManager/x/x/NameOfFile, where x are the sub directories. If the file is an image it shows the image in ie, if it is a .xls or .doc or what ever they get the prompt to either download or save the file. What am I doing wrong. Will the web.config file not stop an anonymous user from access files? I put a webpage in the folder and it is blocked and the user gets sent to the login screen, but files seem to be unsecured.
How do I block anonymous users from being able to access the files in this folder?
I am making use of 3-Tier architecture while making my project. And in Data Access Layer I am making use of application block, but application gets a connection string from web.config; but ClassLibrary of Data Access Layer doesn't contain web config file. How can I access connection string from Data Access layer?
I'm trying to configure the logging settings to log all events in a database and event viewer but email only errors and warnings. Database and Event Viewer part works fine except that I'm not getting any email for errors.
Note: There isn't any problem with smtp settings because I get event's emails if I add the listener to "General" and "All events" in category sources.
Here is my config: (I'm using Microsoft.Practices.EnterpriseLibrary.Logging 3.1.0.0)
I have menu item on my master page that has block around the text when the page is first run. I wrote in the css on the link and visited property to change the color to match the image color that it is on. When a menu item is clicked the color changes to the right color. How do I get it to the right color on when the page first opens or is there a way to get rid of the block or make it transperant?
I have 2 separate code-block asp.Net expressions in an aspx markup, with an html content between (span element in the example below). In the first code-block, there is "i" as an increment variable for the for loop.Then the code-block is cut with an html content.And another code-block expression is opened but as I see I can reach the "i" variable which was declared in the previous code-block.
So, how asp.net handles -compiles- the pieces of code-block experrions declared in the mark up? Does it check the semi-colons and generates some anonymous methods which will end up with many calls to Response.Write in the last place? <p> <%for (int i = 0; i < 30; i++) {
I have installed an ASP.NET 4.0 Web forms application in IIS 7.5. If I set the application pool to DefaultAppPool (.NET Framework 2.0) I get the icons for Providers, .NET-Roles and .NET-Users displayed on the configuration page for the application in IIS Manager and I can manage users and roles within IIS. (I'm using Forms authentication.)
But if I set the application pool to ASP.NET v4.0 I get a problem: Double clicking on the icons for Users or Roles in IIS Manager throws an error telling me that I cannot use these features since the providers could not be determined as trusted. If I set in administration.config in the trustedProviders section allowUntrustedProviders="true" and double click again on one of the icons I get the error that the assembly System.Web, Version 4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a could not be found. If I restart IIS Manager the icons disappear completely.
.NET Framework 4.0 is definitely installed. So this is all quite confusing. I know that .NET 4 uses another GAC than the old one for .NET 2-3. Could it be possible that IIS Manager is not able to find the new GAC for .NET 4? Do I have to add perhaps some of the new 4.0 assemblies to administration.config? Is there another way to add users and roles instead of IIS?
I have hosted an application on my local system and people on company intranet will be accessing that. I have windowxp SP3. I have heard from someone that only a limited no. of users( around 20) can access my application if I am hosting it on XP.
I need to retrieve the user data from the different web application. In the web.config I can specifydifferent profiles, but I cannot figure out how can I use it in the application. This is what I did:
Though I have not tried it but i guess asp.net allows us to delete all the users in our application. What i mean is if it allows us to delete all the users, then at 1 point my application might become defunct or I will have to go back into WAT.
In my application only users in admin role are authorised to create new user, but when all user can be deleted, what will hpapen?
And if a user is logged in and deletes himself, he still remains logged in though with restricted access untill manually logout is not pressed.
I have two diffrent webforms (ASP.NET 2.0) applications that both uses the built-in membership provider of asp.net. The two application uses the same database, but is diffrentiated by ApplicationName.
One application is sort of an admintool (AdminApp) of the other application (UserApp). I am now looking for a way to login to the UserApp from the AdminApp and sort-of impersonate a given user.
I have built an interface to automatically login a user to the UserApp (URL with querystring), but I need to be able to access the username of the refered user in the AdminApp. I was hoping for something like this would work:
Membership.GetApplication("AdminApp").GetUser();
...but I am unable to find something that works.
Is there a solution for my problem? Should I use some other approach?
/D
PS. A fallback solution wouuld ofcourse be to send a username in the auto-login-url-querystring, but that doesn't really sound solid.
I am always thinking about validation in any kind on the webpage (PHP or ASP, it doesn't matter), but never find a good and accurate answer. For example, a I have some GET-Parameter, which defines a SQL query like DESC oder ASC. (SQL-Injection?) Or I have a comment-function for user, where the data is also saved in a database.
Is it enought to check for HTML-tags inside the data? Should the validation done before adding it to the database or showing it on the page? I am searching for the ToDo's which should be always performed with any data given from "outside".
I am using ASP.Net + .Net 3.5 + VSTS 2008 + IIS 7.0 + C# to develop a web application. I want to count how many users are online. This is my current implementation,when Session_Start is called, I will increase # of users online by 1;when Session_End is called, I will descrease # of users online by 1.Two quesitons,A Is that implementaiton correct?B. Another question is, I think this method can not track # of users of real time, since when user closes the browser, Session_End will not be called immediately (Session_End will be deferred to be called). Correct?
I have 2 different website/applications with 2 different asp.net membership databases in the same server. Now my client wanted to create a user in one website and add that person automatically in to the other application/website/database too. Right now my applications create users using asp.net membership and added to its respective databases. Is it possible to create a user from different application using asp.net membership?
i am building a forum application i want my application users to be able to send messages to each other and application will show some alert that they have new message. I am a beginner i have no idea how to achieve this, can anyone please guide how to get started for this.
I have a web application with a login form. A user enters a user name and password. If they exist in the database the user is authenticated using these two lines: [Code]....
The problem is that when a user logs in at first he is logged in as himself. When navigating on the web application for a while the user assumes the identity of another logged in user. This happens all the time. In my web.config the authentication mode looks like this: [Code]....
The site does not use ASP.NET session variables. Instead each page initializes a Singleton class, which stores itself in a static class variable, always accessing the users data already read from the database. The Singleton implementation is: [Code]....
Could the problem with assuming another logged in users "session" be related to static classes in my application or a Forms Authentication configuration or a configuration in IIS (e.g. is it possible for users to have their own process?).
We have created an ASP application with MS Access as back end. We have implemented this web application on our server machine and accessed the same from on my local machine.
Our application works fine when only one user accesses it (All insert, update works fine). But when multiple users connect to this application and try to update the database, then application get crashed. As per our knowledge, this is happening because of access database get locked, when one user open it in exclusive mode.