C# - Allow Multiple Authentication Methods?
Jan 14, 2010
I'm building a new ASP.NET MVC application (in C#) and one of the requirements is to create a new database of members. For this, we'd need roles to manage the different types of members and profiles to manage the additional metadata attached to each member. So far so good, just use the standard MembershipProvider, RoleProvider and ProfileProvider provided as part of the .NET Framework.
However, the catch is that I'd like to allow different authentication methods. I'd like Accounts and Login Credentials to have a one-to-many relationship (one account can have a number of login credentials attached). A user for example, might have both an OpenID and ActiveDirectory account attached to their account.
However, after experimenting with a few ways we opted for the MembershipProvider route (explained how it was achieved as an answer below).
It appears to be something that is achieved on quite a number of sites, yet a search on here doesn't return anything solid to play around with.
EDIT: After looking around for a good period of hours overnight and this morning - I'm still not convincinced that butchering a single MembershipProvider would have been the easiest option. Does having multiple MembershipProviders give the same effect?
BOUNTY EDIT: With no responses, I am assuming that there is no more optimal solution that the one I posted as an answer. Is this really the case? I'm offering a bounty to try and see if anyone has any further thoughts on this and whether there are better alternatives.
BOUNTY ACCEPT EDIT: I think that WIF is the answer as accepted below, for a .NET 4 release and maybe other versions as it probably works with 3.5. Other than that, maybe a butchered MembershipProvider or adapted one may still be relevant.
View 4 Replies
Similar Messages:
Jun 7, 2010
We are developing a web app that will have a pretty complex user and permission system. The general idea is that we have 3 levels of security:
a simple user - that can only access basic data that is in a data repository
a manager - that can open up data repositories
a superuser - that can open up repository factories.
Each repository contains various data types(text, images, etc etc). We are looking for authentication methods that will allow us:
1. Scalability.
2. Customization.
3. To create permissions that will effect the GUI + deny access to certain pages.
4. To create predefined roles - that will allow for easy setup of new users.
5. To create custom roles for specific users - allowing them permission sets that are different from the predefined roles.
View 4 Replies
Dec 20, 2010
I am new to ASP.NET development and moreover I am only extending an existing application which i did not create.
I have a working ASP.NET application which uses "Forms authentication" throughout all its pages. I have added a new webservice in a subfolder "webservicesDummy.asmx". This webservice works fine but because it should be called by an external application which can't authenticate through a form, i need to enable "Integrated Windows Authentication (Basic Authentication or Digest Authentication)" ONLY for the subfolder "webservices".
I tried to configure it in IIS but it did not work. So that i can set a different authentication method i have to create the folder "webservices" as an "Application". But if i do so then my function stops working with the error "Could not create type 'Dummy'."
Is it possible to have one web application and to authentication methods ? If yes how is it configured in IIS ?
Or what would be the better way if i need ONLY one page (webservice) to use a different authentication then the rest of my application.
PS: I use Windows 2008 Server and the app runs on .NET Framwork 2.0
View 1 Replies
Nov 24, 2010
I am building a sort of administration control panel which is basically just giving the end user the ability to manage the database through my app rather than knowing Management Studio. Creating lists of users, creating events that the users can attend etc, nothing too complex. So I am basically building the whole thing using JQuery AJAX with ASP.Net to make the DB connection and what not. My Jquery code just calls a different static method in my pages code behind for each different task, passing JSON back and forth.
From what I've seen results-wise so far, my interfaces are much quicker (almost instant) and even tasks on the server take less time to return through JQuery. But if you looked at my javascript code, you can see the "Page.aspxMyMethod". That means that people can access my methods just by sending a request from anywhere? Will forms authentication prevent this because it goes through an aspx page or what?
View 2 Replies
Jan 26, 2010
First off I'm a week into asp so apologies in advance for silly questions! I am looking to connect to a SQL database table and allow the user to filter the table based on a search box on the asp page. I have written a sql query with a parameter in the where clause, a bit like this:
select col1, col2
from table
where col1 like @my_parameter
Then I pointed the parameter to a textbox on my asp page, and this seems to work quite well. However, I would now like to add an additional search facility which would be a dropdown list. This would be sourcing all the unique values from the col2 in my table abve (there are only about 10 possible values here). But I don't want users to be able to use both of these searches at the same time.
So the bottom line is I would like to offer two methods of filtering the same data table, which search on different columns of the data table. Then the results should populate the same results table, but the user must only be able to use one search method or the other.
I have done a bit of research but couldn't find anything along these lines (I think it is becuase I don't know the words of the things I should be searching for!). I did find information on a standard postback event or cross page posting - not sure which of these (if any) is the best to use for a beginner?
View 2 Replies
Sep 24, 2010
I need to run 5 different WCF methods but within a transaction. Is this possible in WCF? How can I do this in WCf, if it's possible?
The WCF methods will be called from the web service client, which could be an ASP.Net app or Winfoms app.
View 1 Replies
Aug 20, 2010
it may sound a bit newbish question.We have a web service that comunicates with the database and exposes web methods that enables the application to access the database. Each method does only one operation (Insert, Update or Delete). What I need to do is create a transaction that will be consisted of multiple calls to the database, meaning multiple calls of more then one web methods. Can I do that? (I read that if the web method does not throw exception - or ContextUtil.SetAbort() is not called - the transaction will be commited automatically when the web method finishes executing, which I don't want to happen because I want to call another web method in the same transaction, and then manually commit the transaction)
View 2 Replies
Jan 24, 2011
In one of the applications I am working on, there are two basic functionalities included: Create and Update. However, there is a need sometimes to add custom code, so I thought of extending the code by allowing 3rd parties to write and embed their own code:
OnCreating
OnCreated
OnUpdating
OnUpdated
Is there a way to enable the above across multiple assemblies? MEF might help here?
View 5 Replies
Oct 20, 2010
My requirement is to show a page with multiple filters to apply to grid data.
Suppose we are talking about Orders and an order has the following attributes
public class Order {
public int OrderID
public DateTime OrderDate
public DateTime ShipmentDate
public int OrderTotal
public int OrderStatus
}
Inside the jqgrid object I am showing all the attributes except the OrderStatus
The requirement is to create a view that has the jqGrid on the left part a panel on the right
Inside the right panel the user will see a list of checkboxes that represents every possible OrderStatus value and he want to search using both methods (for example selecting the checkbox "Shipped Orders" and then filtering the grid with Amount greater than a value)
I have already configured the advanced filtering (multiplesearch:true) inside the jqGrid object and I am able to create complex filters combining fields and logical operators.
how I can submit even the data from the right panel when the user press the search button?
Update 1:
Preamble: Oleg sample is fantastic but unfortunately does not fits requirements of my customer :(
@Oleg: I do not understand why you think that:
If the data are outside of the grid you will be show the order details on the right pane only for selected row. So the user will have not so good overview of the data.
maybe my description was not so clear but I am not going to show any order detail. To better clarify my requirement I have modified your sample to show you the desired final UI which is as in the following image:
The customer want to filter the data in the grid using two methods or both together:
Using the multiplesearch facilities provided by the grid itself (thanks for the workaround mention) Using the custom Search Panel (the one with the checkboxes on the right) provided
From a functional point of view the requirement is very easy to express: When the user click on a checkbox or make a search using the native multiplesearch I should post values to the server including also the checkboxes state.
To summarize I should:
Add the checkboxes state when a post is made through the native multiplesearch
Add the current multiplesearch state (if any) when the user click on a checkbox
View 2 Replies
Jan 12, 2011
I've created a Gridview in my aspx page, which is referenced in two separate methods in the code-behind file. When I try to run the page, I'm getting a 'does not exist in the current context' error.After a bit of poking on the internet, it seems that I might need to declare the gridview at the class level if it's going to exist in more than one method... problem is, I do that and it disappears from the page altogether.I'm obviously not doing this right - I'm declaring it like this (abridged version):
[Code]....
View 6 Replies
May 7, 2015
$.ajax({
type: "POST",
url: "./InActiveMerchantList.aspx/LoadStakchart",
[Code]....
View 1 Replies
Aug 16, 2010
I have an extension method as follows:
public static class PageExtensions
{
public static int GetUserId(this Page targetPage)
{
var user = Membership.GetUser(targetPage.User.Identity.Name);
return (int)user.ProviderUserKey;
}
}
Now in a page I need to use this method in a static WebMethod, so I have added another 'extension method' to PageExtensions:
public static int GetUserId()
{
return (int)Membership.GetUser(HttpContext.Current.User.Identity.Name).ProviderUserKey;
}
and I call it as follows in my WebMethod: PageExtensions.GetUserId()
View 1 Replies
Jul 23, 2010
public class CacheHelper { /// <summary> /// Removes object with the specified key. /// </summary> /// <param name="key">The key.</param> [code]....
I have this methods for caching..I need to change this methods to use in aDictionary<string,object>
How do I need to change this code Because I am new to asp.net I am still learning..
View 12 Replies
Mar 17, 2014
I have one controller with 4 to 5 action method. In all action method i have to check some feilds from database. So to reduce the database query i want to save this data one time and then want to use that in all action method. I know about tempdata and view bag but none of this can use in different action method, so how to achive this.
View 1 Replies
Oct 15, 2010
There is the following design: the back-end implemented as WCF, the public front site and two intranet sites (all three talking to the back-end). I believe that authentication on the sites is not enough (i.e. passing ClientID to WCF in each request as a parameter) and i want to protect my back-end (WCF) with authentication to perform double-check and have PrincipalPermission on the methods with roles specified.
I'm sure that identity names from both providers do not cross (public logins are digits only and the intranet will be something like 'DOMAINLogin'). The front site uses forms auth and its provider returns GenericPrincipal. The intranet sites use Windows auth and i have WindowsPrincipal attached to Page.User.
Is it possible to configure WCF to use two membership providers (custom one that the front site uses and Windows) out of the box, without writing another custom code? Is it important how my WCF is hosted? Currently it's windows service. Do i need to switch to IIS 7?
View 1 Replies
Feb 16, 2010
I have a problem with membership authentication. I have two websites, website1 and website2, and both of them uses forms authentication with SQL membership provider (SQLEXPRESS). I have two scenarios:
Case 1:don't publish the website1 and try to login website1 with user1 -->Works ok
don't publish the website2 and try to login --> it displays the previously logged in user (Website1 user)-->Perfect
Case 2:publish the website1 and login-->works ok
publish the website2 and try to login--> it does not show up the site1's logged in user (No idea why)
then login into website2 and open website1-->it does not show up the website2 logged in user or any user...It looks like something wrong with cookies....
my web.config looks like this:<authentication mode="Forms">
<forms loginUrl="~/LogOn/LogOn" timeout="2880" protection="All"/>
</authentication> [code]....
View 2 Replies
Mar 7, 2011
I have two applications with a single domain name ([URL] and [URL]). First one has been developed in .NET 2 and the other one with .NET 4. I have configured web.config as these steps:
1- I've set the same machine key for both of them.
2- I've set the coockie name.
3- I've set the domain name to "domain.com".
4- Also, I've set hardcoded coockie domain name to "domain.com" .
Everything was working fine when both of them were running on a single web server. Recently, I've been asked to move test.domain.com to another server. After moving, authentication ticket is not valid on the second server. I tested both of them on a single server again and everything was workinh fine, but in two servers users can't acces to test.domain.com. (Authentication Ticket is invalid)
Edited: The second server is a virtual (VMWare) server. I don't have any problem in physical servers. I checked the server's time to be synchronized. I also used fiddler to see if the server does not get the auth ticket and ther ticket is sent to the 2nd server. Note: Servers are located in different networks and maybe proxy or firewall causes this (I've no idea)
View 3 Replies
Nov 10, 2010
I have three asp.net web applications
,Second and Third applications are accessed throught the first,So Authentication (form authentication) is happening from the first application only , all are deployed on same IIS with seperate virtual directory
Like
1.Localhost/EmpMananger
1. Localhost/Hr
2.Localhost/Payroll
, I used the same Entires in both <machineKey> and
<forms> Elements in webconfig file of all applications,
Applications are working fine and Page.User.Identity are available in all applications but once loginUrl and defaultUrl entry is changed to actual name other than localhost
Eg: localhost/EmpManager/default.aspx To myserver/EmpManger/default.aspx
the authentication ticket is not available in second and third applicaiton
View 4 Replies
Mar 4, 2011
We have a server with lets say 5-10 internal ASP.NET (MVC) applications running in separate application pools as separate websites (on different ports and/or subdomains). I know nothing about the built-in ASP.NET authentication framework, so I was wondering if anyone could drop me a quick pointer in the right direction...
I want to secure all of the internal apps via one login mechanism (supporting 3-5 different roles; nothing complex). This login system would be another app/website running on the server, and to gain access to any other app, one must have authenticated via the one login system and the target app must be able to see the user's role. The internal apps will be modified at the code level to plug into this new login system (in other words, we'll modify the current apps to support the authentication).
The whole point of this is that I don't want each app to have its own login/authentication mechanism, but rather use a more "global" authentication system (everything on the same server). I am not looking for anything complex (just a company of 15-25 employees, 3-5 departments - each user must be associated with a department (role) based on their login - and each app will be tuned to show the user the appropriate data based on his role).
The question is - how do I make it so that a user's authentication status is visible across all of the different apps (in different assemblies and running separately)?
View 2 Replies
Mar 23, 2011
Until now, I've always used straightforward Forms Authentication on my community websites, and that one method of authentication, with that one cookie/ticket has been used throughout the website (with varying roles per user also stored in the ticket). I haven't used the built in LogIn controls and instead have always just created my own login/registration form, and written the code to insert into (and authenticate against in the log-in scenario) my bespoke 'Users' table. So I've essentially just been utilizing the .IsAuthenticated() method (to determine if a user is logged in), referenced the UserData property in the ticket (to determine which roles the user belongs to), and set up the 'location' restrictions in the Web.config, so the log-in page is automatically shown for pages that require 'member access' etc.
With my new project, I will need user registration/login for the Forums/Community part of the website only. I then need an additional user registration/login for the Recruitment part of the website (not related in any way to the users that sign up/log in to the Forums/Community part of the site).I was wondering if this possible, and if so, how to go about it?e user registration/sign-in pages might look the same, but my underlying code would would create accounts/authenticate against different DB tables.
View 1 Replies
Mar 16, 2010
I have a small project I am working on using web developer express, and I am trying to get windows authentication to work with my intranet website project. This website is only to be accessed inside my LAN and not from the internet at all, so I figured windows authentication would be best.What happens when I turn it on (and I've tested this from multiple browsers: IE8, Firefox, Chrome, Safari) is that the website asks the user to log in (via pop up textbox). Not only does it request the user to log in (which I don't think it should, since the login is based on windows authentication and I am on a windows machine already logged into the internal domain) but it requests the user to login multiple times, sometimes I get asked to log in and type in the same username/password combination 12 different times. It seems to me that the asp page is requesting permission to view each individual element and requires authentication to load one object (like an image or text box).
I am severely annoyed. :( I just wanted authentication to work smoothly without any login requests, or at the mostone request.
View 1 Replies
Mar 10, 2011
I have read the many posts of people trying to use two different login pages: one for users and one for admins. My question is very different. I have a Site.master page with a LoginView and LoginControl. I then have three root level pages Default.aspx, About.aspx, and Contact.aspx that derive from the Site.master. All three pages are set in the web.config to be allowed to all users. I then have a MemberPage in a Member folder which is only accessible to authenticated users. What I want to have happen is to be able to login from either the Default, About, or Contact pages and then be directed to the MemberPage.
View 2 Replies
Jul 9, 2010
Currently my ASP.Net MVC website uses forms authentication is set up like this my web.config:
<authentication mode="Forms">
<forms loginUrl="en/User/Signin" timeout="2880" />
</authentication>
We have some routing rules that use the prefix /en/ in the url as a identifier for the language, but the problem is that if someone is visiting our french site [URL], they are redirect to [URL], which in turn sets the culture to english. So after logging in, users may need to change there language back to french.
So if the website need to suppurt more languages, so I need to do something like this in the web config:
[code]....
I know you can not have code in the web.config, but this is just to illustrate what I am trying to achieve. Could anyone provide a simple solution, or links to solutions they may already use?
View 2 Replies
Mar 18, 2010
Is it possible to have multiple login pages for different folders within an asp.net application? Say I have this structure:
/admin
/customer
/login-admin.aspx
/login-customer.aspx
I have 2 different login forms. One for the admin people and one for the customers (the forms are different as the customers need to provide extra information on their login page).
In the authentication section of the webconfig file (which is at the root of the web app), I can only specify one Login page. So how can I make sure thaf if anyone tries to access a webpage in /admin they will be redirected to /login-admin.aspx and if they try to access a webpage in /customer they will be redirected to /login-customer.aspx ?
View 1 Replies
May 1, 2010
I'm working on a new project and I would like to use forms authentication to protect the necessary pages. The project is going to be focused on companies where a company would create an account and have multiple users. Each company should have its own data and should not be able to see other companies' data. What would be the best way to go about this? I've considered using a subdomain for each company which would tell the application which membership provider to use. I've also considered using an additional credential such as company ID to specify which company the user is logging into.
View 7 Replies
