C# - Session Management And Linking User Accounts With OpenID
Mar 8, 2010
I am currently playing with DotNetOpenAuth to make an ASP.NET (C#) website use OpenID instead of the normal login-password routine for user and session handling. Up till now, I have added the DotNetOpenAuth.dll into my project and tried a test login page with the following: <rp:OpenIdLogin ID="OpenIdLogin1" runat="server" />
When I run the page, I enter a valid myopenid url and the website redirects to the myopenid page, where I enter my password, and upon success, it returns back to my default.aspx, due to the following in my web.config:
<authentication mode="Forms">
<forms defaultUrl="/Default.aspx" loginUrl="~/Login.aspx"/>
</authentication>
Now that the user is "logged in", how can handle my session? At the moment, I don't know how I can, for example, check if the session is still alive or how to terminate the session. My basic question is, how can I manage the session once the user is authenticated with OpenID ?
[Update]
I am now using the following to check for authentication: HttpContext.Current.User, and with that I can now check if a user is authenticated with a session. Now is there a possible way on how I can "link" user details that are stored in my database with an openid account?
View 1 Replies
Similar Messages:
Aug 16, 2010
i have implemented the the openid in my page using dotnet open id when i get authenticated iam storing the details provided by openid provider in my database and creating a session of that username and redirecting the user to login protected page it is working fine but some time if i left the page idle for some time and then do any kind of postback then the session is lost and my page do not allows me to do any thing as it is login protected some time it is working fine without any problem. can you suggest me why is it so.
View 1 Replies
Sep 17, 2010
Firstly, This question may be asked. But I could not get the information i am looking for.
I am creating a website which should take to [URL] where the user enters his account information and it redirect back to my website similar to how stack over flow is doing when we click on gmail image.
I am trying to implement a website in .net.
list a step by step procedure to implement it or suggest some documentation to follow.
I clearly dont want other types of openID implemention where u enter the open id and pick ur open id provider.
View 2 Replies
Jul 15, 2010
I have a website live in asp.net
now if user closes browser. the session does not get killed.
I spoke with friend and he said that cannot be done as sessions are on server.
but i see banking website who kills session when browser is closed.
View 10 Replies
Dec 1, 2010
Is it possible to perform user management (store user info, login , logout etc) without using session or cookie?
View 3 Replies
Apr 23, 2010
I am a little bit new at handling multiple sessions congruently.
Basically i have created a chat application. In which i have a moderator page.
Now the moderator has the privilege to block particular users from the chat. Every user including the moderator has a session variable defined as Session["UserID"].
e.g for the username "moderator" the Session["UserID"]=moderator.
Now as i am logged in as the moderator how do i delete the session of a particular user whom i want to block the chat from commencing.
View 3 Replies
Mar 15, 2011
I have a very basic application with user authentication. I also have a grid in my masterpage that shows all the users logged on. However, after a user logs out, it still shows them to be logged on in the users grid for the duration of the session, which is 20 mins. How do I get the grid to exclude users who've logged out? Here's the code behind for the grid:
[Code]....
View 6 Replies
May 31, 2010
I'm wanting to save some OpenId fields to a localdatabase table, such as
-Full Name
-openid url
-passworg
how to get those attributes from openid server? send me some example code in asp.net, c#...
View 1 Replies
Jun 11, 2010
In my ASP.NET application I need to allow only one session for a user ? When a user does login more than once, I want to get to user's previous session and abandon it. I'm keeping track of all user sessions by means of session id. But Session.Abandon is available only for the current session associated with a request and not previous sessions. I have the session id of the user's previous session but how can I end it ?
View 3 Replies
Jul 28, 2010
when we accept user details in a login page and i want to use login details throughout the website.....can we do like this
session["uname"]=username;
string s=session["uname"].tostring(); this is in first page
string str=session["uname"].tostring(); this is my second web page
it is giving error
we can't access in other pages
View 5 Replies
Jul 12, 2010
I'm using DotNetOpenAuth as my membership system, and the way I have it working now seems to be working quite well. What I'd like to do however is build into my website the ability to check user credentials against the AuthCookie rather than a session. In the membership provider, I can check for the username like this
string UserName = System.Web.HttpContext.Current.User.Identity.Name;
''# which returns the OpenId ClaimedIdentifier
What I'm wondering is if there is a way to extend this so that I can retrieve custom properties from the AuthCookie rather than having to create my own session object. Currently I have this setup.
UserSessionModal
Namespace Domain
Public Class UserSessionModel
Public Property ID As Integer
Public Property RegionID As Integer
Public Property Username As String
Public Property Slug As String
Public Sub New(ByVal user As User)
_ID = user.ID
_RegionID = user.RegionID
_Username = user.UserName
_Slug = Replace(user.UserName, " ", "-")
End Sub
End Class
End Namespace
BaseController (inherited by all controllers)
Protected Overrides Function CreateActionInvoker() As System.Web.Mvc.IActionInvoker
''# Create a UserInfo object for the logged in user
''# and store it in a session state.
If Session("UserInfo") Is Nothing AndAlso User.Identity.IsAuthenticated Then
Dim user As Domain.UserSessionModel = New Domain.UserSessionModel(OpenIdService.GetOpenId(HttpContext.User.Identity.Name).User)
Session("UserInfo") = user
End If
Return MyBase.CreateActionInvoker()
End Function
Then in my views I do something like this
<%
Dim user As MyApp.Core.Domain.UserSessionModel = DirectCast(Session("UserInfo"), MyApp.Core.Domain.UserSessionModel)
%>
<%: Html.ActionLink(user.UserName, "Details", "Users", New With {.id = user.ID, .slug = user.Slug}, Nothing)%>
What I really need to be able to do is remove the Session stuff all together and just simply check the AuthCookie for my custom properties ID, RegionID, Username, and Slug. I can already get the "ClaimedIdentifier" out of the AuthCookie using HttpContext.User.Identity.Name... I just need to be able to extend it.
View 1 Replies
Jan 7, 2011
How do I abandon the session when the user closes the browser window instead of pressing the logout button in ASP.Net 3.5 application.
View 5 Replies
Sep 29, 2010
I need to store a large amount of data in user's session but I guess using Session Object is not the best way of doing that. Is there any other way around??? Remember I don't have small variables to store, I have large collections.
View 5 Replies
Jan 1, 2011
Parser Error
Description: An error occurred during the parsing of a resource required to service this request. review the following specific parse error details and modify your source file appropriately.
Parser Error Message: Server tags cannot contain <% ... %> constructs.
Source Error:
[Code]....
Source File: /Dec-12/myprofile.aspx Line: 101
View 3 Replies
Sep 7, 2010
i have 2 page,
1.login.aspx --- 2.welcome.aspx
in my login.aspx im storing username into sesssion as below:
Session["usernm"] = txtUsername.Text;
in my welcome.aspx page
in page_load event
if (Session["usernm"]==null)
{
Response.Redirect("Login.aspx");
}
here if i manulally paste the url ( http://localhost:4125/Loginado/welcome.aspx) it should go to login.aspx for user credentials
but its going directly to welcome.aspx page.
View 5 Replies
Jul 23, 2012
I want to maintain user session in my project...the problem i am facing is when any user login is nt maintained.
View 1 Replies
Sep 27, 2010
actullay my requirement is i need send messages to facebook user accounts using my web application(Asp.net,C#.Net).i have Users's facebook id and there there facebook Keys.
View 2 Replies
Jul 7, 2010
I am using the create user wizard to create users that are then placed in the ASPNETDB database. Is there a way to delete users in the same fashion? I am using Visual Studio 2008 VB.NET.
View 1 Replies
Feb 10, 2011
I am trying to remove a user account (I am using the default authentication system), but I can't find a class/method which does this. Is there a way to do this?
View 3 Replies
Oct 20, 2010
I need to handle "session end" event for my web application when user closes his browser. Session is stored in Sql.
View 6 Replies
Feb 23, 2011
i have Using aspnetmembership
i want to know how i can ReNew The Life Time Of Page.User.Identity.UserId Session, , how i can increase the Time Of this session ??
i want this scenario in case when the user LogOn for 15 minutes , then the page refreshed ,then renew the TimeOut Of Session by adding addtional 15 minutes and so on
note that im using Page.User.Identity.UserId Session
View 2 Replies
Feb 11, 2010
I am using ASP.NET 3.5 and SQL SERVER 2008. And I have a very simple code within my ASP.NET page :
Quote:
[code]....
The connection string specifies a local Sql Server Express instance using a database location within the applications App_Data directory. The provider attempted to automatically create the application services database because the provider determined that the database does not exist. The following configuration requirements are necessary to successfully check for existence of the application services database and automatically create the application services database:
If the applications App_Data directory does not already exist, the web server account must have read and write access to the applications directory. This is necessary because the web server account will automatically create the App_Data directory if it does not already exist.
If the applications App_Data directory already exists, the web server account only requires read and write access to the applications App_Data directory. This is necessary because the web server account will attempt to verify that the Sql Server Express database already exists within the applications App_Data directory. Revoking read access on the App_Data directory from the web server account will prevent the provider from correctly determining if the Sql Server Express database already exists. This will cause an error when the provider attempts to create a duplicate of an already existing database. Write access is required because the web server accounts credentials are used when creating the new database. Sql Server Express must be installed on the machine.
The process identity for the web server account must have a local user profile. See the readme document for details on how to create a local user profile for both machine and domain accounts.
View 4 Replies
May 27, 2010
I am working on a site in which some pages are to be run on secured server(ie https) & some on non-secured(ie http) eg Login, User Information, etc. will be run under https & View cart, etc. are to be run on http. Now, when user chooses some products in his cart, he is prompted to enter login details. After he fills in his login detail(ie in https), he is redirected to Checkout. But here the Session doesn't picks the value and it shows Session[UserID] value null. So, rather then redirecting to Checkout it shows MyAccount page. Does anyone know how to pass Session Value from https to http.
View 3 Replies
Feb 17, 2011
I have also installed SSL on a subdomain. I have put payment page under this sub domain.
View 4 Replies
Sep 1, 2010
We have a web site that implements a custom SiteMapProvider using a User Control added in the master page. I need to be able to limit the sitemap nodes added depending on the logged in user, that is, certain users should not see certain sitemap nodes. Currently, the login processing code determines if users are in the certain category or role and then sets a value in session state, for example, Session["UserInRoleXXX"] = "Yes"; I tried changing the code in the user control to check the session state, but I got the following error: NullReferenceException ... Object reference not set to an instance of an object." Can session state be accessed in a user control?
View 6 Replies
