I'm trying to build the chat (it is already built here - [URL] The only thing I want to change is: remove login control. Instead of login I want to assign random usernames to people who open my webpage. Also, when somebody closes page and reopens it again in, say 10 minutes, I want this user to have the same username and data.
View 3 RepliesI've created a page to add users, using the CreateUserWizard, I use the Login Control to login.
I have setup the config file to use my SQL server, not express
<remove name="LocalSqlServer"/>
<add name="LocalSqlServer" connectionString="Data Source=xxxx.xxxx.xxxx.xxxx;Initial Catalog=aspnetdb;Persist Security Info=True;User ID=xxxx;Password=xxxxxx" providerName="System.Data.SqlClient" />
I go to the create user page, add a user.
I can SEE the user on the database using Server Management Studio...
I go to signon and get "Your login attempt was not successful. Please try again."
I have not customized the login control in any way. (OR the createuserwizard)
HOW can I tell where the Login tool is going to get userid and password info?
How can I tell if it is not finding the user or the password does not match?
I'm creating a ASP MVC application. And because of the complex authorization i'm trying to build my own login system. (So i'm not using asp membership providers, and related classes).Now i'm able to create new accounts in the database with hashed passwords.But how do i keep track that a user is logged in.Is generating a long random number and putting this with the userID in the database and cookie enough?
View 1 RepliesI have a test form that I've placed the login and loginname tools on. The login portion appears to work correctly in that if the user puts in the wrong info it alerts, if the info is correct all is well and the correct URL is accessed. The problem is that the username control that I placed on the page does not in fact show the username.
View 3 RepliesTrack and identify users with Memcached
View 3 RepliesI am a senior developer in an ISP company.
We developed a software which we want to require it for all ours users to have installed on there PCs before getting internet from us.
We built our own proxy server, and we are forcing all our users to view a aspx webpage before surfing the internet.
Now, we want this aspx webpage to check the PC if it have our software installed or not, and the mechanism will deny them to surf internet before install the software on there PCs.
How can we get special info from there regystry or something like that to know this?
Example: like flash player or silverlight player, where the requested page check if the PC have the right plugin installed or not. if not, it redirect to the installation page, if yes, the flash or silverlight movie run.
I have a login control in my login page. The user can attempt to login unsuccessfully for 5 times after that the user account will get locked and the administrator can unlock the locked user.
Here, i need to display the login attempt count along with the error message "your login attempt failed". I have tried with the viewstate but it is not working fine.
i'm back again,i need some info about the login page. hope some 1 provide some useful link .i want to let the user login first before redirect to the my main page. I don know how to restrict the user access to my main page without login.
View 3 RepliesI have one website running on one server and another web application running on another server. My web application asks for username/password to login into the system. I need to put a username/password field on my website so that user can directly login from website. how to transfer these username/password values to the web application running on another server?
View 3 RepliesAre Session variables (in ASP.NET) the safest way to store data relating to whether a user is logged in or not? i.e. Session["LoggedIn"] = 'No'
I know Session variables can be spoofed so I assume there must be a safer way.
how to make login control allow users to login by either username or email address
View 1 RepliesI have two application (one of this is mojo portal): [URL] for some users when they login into "app" then the login in "mojo" doesn't work and viceversa. I've set the machinekey into web.config file. When the users remove all cookies and session data the login works again. The two application are into a Web Farm. Should be ARR the problem?
View 2 RepliesI am developing a website in asp.net that user asp.net membership, users and profile tables.I am trying to display all the users that are registered in a grid along with their first name, last name, email and other profile information . unfortunately all this information is scattered in various tables in the database ( aspnet_users, profiles, membershipsetc)... Can you please tell me how to configfure the datasource & columns of my datagrid (control) to achieve what I am trying to do .. ?????
View 3 RepliesI am using the Login control on my login.aspx page to login to my /Members/Default.aspx page to display their current weight and their goal weight using the DetailsGrid. I have everything setup and I can log in and verify the user login name, but it only give one weight regardless of who logs in. Below is the SQL for the SQL Source on the DetailsGrid. I am new with this, Comparing the UserNames on aspnet_Users.UserName and memInfo.UserName should be able to extract that data, correct? Obviously I'm missing something. :)
SELECT memInfo.curWeight, memInfo.goalWeight FROM aspnet_Membership INNER JOIN aspnet_Users ON aspnet_Membership.UserId = aspnet_Users.UserId INNER JOIN memInfo ON aspnet_Membership.UserId = memInfo.UserId AND aspnet_Users.UserName = memInfo.UserName
i had done the register page, now want to create the login page, but how to link these 2 things to make it able login from the customer database ? I m newbie of asp.net web application developer, i am using the visual studio 2008, C# to create the web site
View 6 RepliesI have social network website that contains thousands of users. Until now I used the classic way of storing user's details in the session object. Now, I want to upgrade it, so it will work against Memcached, and the key value is the "userId". My question is: What is or where is the best place to keep the "userId" so I can use it constantly for querying the user's details from Memcached?
View 1 RepliesI'm building an ASP.NET MVC 2 site where I'm currently implementing an OpenID sign-up form. Unfortunately, I'm foreseeing a possible security bug/vulnerability inside my architecture.
Here's how I want OpenID login to work:
User requests /Account/Login, Controller sends back OpenIDLogin View. User enters their OpenID into the View, then OpenID authorization takes place, and finally the OpenID is returned to the Controller.The Controller checks whether the OpenID is currently in use by a user in the system or not. If it is, the user is logged in to that account. If not, the registration process begins.
And now, the OpenID registration process:
The OpenID identifier, as well as any other information provided by the OpenID provider (such as email address or name), is put into my custom ViewModel and sent to my OpenIDRegistrationForm View.The RegistrationForm View stores the OpenID in a hidden field to make sure that it gets sent back to the Controller.The user fills in the RegistrationForm View and sends it back to the Controller.The Controller creates the user account and puts the OpenID into the database.
The bug that I see within my architecture is that a user could modify the hidden value in the RegistrationForm View. Thus, they could spoof their OpenID! I will make sure to add another round of checking to the final Registration Controller Action to make sure that the OpenID that is provided doesn't exist yet, but there is still a possibility for spoofing. Can my architecture be improved somehow? I don't want this to end badly...
One solution I'm considering is encrypting the OpenID before I send it to the View and then decrypting it when it reaches the Controller. Should I try this?
I need to learn the following security-related questions pertaining to ASP.NET membership system (which I am currently using):
1) How to set up "secure" log-in for site members (when other sites say "secure login", what exactly is meant?) --- is that easy for a novice programmer to set up?; are there third parties?; is this done in collaboration with the site host?...Or by using the ASP.NET member system (which I have already set up), is that by default "secure" already?
2) When signing members up, what is best way to block out spammers from the registration process? Is there also third party software I can use? Perhaps someone can give quick answers to these, or point me in the right direction to read a good updated resource on this.
Is it possible to perform user management (store user info, login , logout etc) without using session or cookie?
View 3 RepliesI have an application wich uses AD for authenticate users, the web.config goes like this:
[Code]....
It's works fine in development environment, the problem is when I've published this app into IIS, I can't get the users to login. I've configured the directory security to Anonimous Access since the user will enter the credentials using forms auth.
how to write/use/implement a script that will allow users to enter a web application by clicking a button rather than entering their ID/PW? Seems like a lot of terminology around, SSO, Blind logon, yet all seem to be doable with an ASP script -
Web App contains detailed security for users, not all users are on Win AD, so that is not an option., I'm told (?) Do I need to use a spreadsheet to validate users access to the application, ?
Script that would pass "cookie" info and allow users to enter app without ID/PW. We have a custom logon.asp page the is using forms.
VWD 2008 Express. Visual Basic. SQL Server 2005. IIS 6.0.
I have created a page called Login.aspx on my web site. It contains the login control and authenticates logins with SQL tables. The page works. However, I want to configure my site so that no matter what page a user tries to access, they are taken to Login.aspx if they have not been authenticated. How can I configure my site so that users cannot access anything until they have been successfully authenticated through a login on Login.aspx?
I have an asp login control that uses the standard aspnet database structure.I am using my own user identification system to identify a user based on login values that are not in the aspnet database and setting the user's aspnet database login to a universal login user and password.this works fine and I am able to test this by having one machine log in as "User 1" and another login as "User 2" but I am wondering if there is a limit to the number of user's that can be assigned to one username and password in the aspnet database for website access?Will the system reach the max number of user's in the aspnet database?
View 2 RepliesVWD 2010 Express. Windows 2003 Server. I decided to move my web site from the Inetpub folder on my C: drive to an Inetpub folder on my D: drive to free up space on C:. I moved three web sites. Two of the sites worked fine after the move (I went into IIS 6.0 and changed the home directory of all the sites). One site, which requires authentication using the Windows Active Directory (AD), did not work properly. I could access the site and login with any administrator login. But all other users, although they enter the correct credential, continue to be reprompted for their username and password. The site uses "basic authetication" to check users credentials against the AD. Can anyone think of a reason I would have this peculiar behaviour just because I move a web site's files from C:inetpub to D:Inetpub?
View 6 Repliesasp.net 3.5 IIS7 Hosted on Windows Server 2008 (virtual machine)
I have a website which have been running for about a year without any problems. Users have been able to login etc, but now I get reports about users not able to login while using Internet Explorer. Users using other internet browsers like FireFox, Chrome etc have no trouble logging in.
The website are using the standard Forms authentication.
Also lately another website has been setup in IIS7, but these sites are using application pool. I've stopped this webapplication in IIS, but that doesn't have any effect on my problem
I see that Windows Update have failed to install a lot of patches lately, not sure if that is related to this problem. But some of the windows patches are security patches.