Security :: Creating Another User Without Changing Login Identity?

Apr 23, 2010

I wanted to be able, as an administrator, to create new users using the createuser wizard. When I use the wizard to add a new user, however, I end up logged in as that user, instead of as my admin account. How do I prevent from being logged in as the user I just created?

View 2 Replies

Similar Messages:

Security :: Forms Authentication Cookie Not Changing Current User Identity

Jan 21, 2010

I am having a problem with security in a web application I am building using Visual Web Developer 2008. I am using Forms Authentication:

<authentication mode="Forms">
<forms name=".MYAUTH" timeout="20" enableCrossAppRedirects="true" />

And a SQL Server database with ASP.NET Membership and Roles. I am using the LoginView control with the AnonymousTemplate and LoggedInTemplate to manage the user's interaction with logging in and out. The problem I am having is that I am authenticating the user against the database:

If Membership.ValidateUser(_userName, _txtLoginPass.Text)
Then returns True and:
FormsAuthentication.SetAuthCookie(_userName, False)
sets the cookie correctly:
FormsAuthentication.Decrypt(FormsAuthentication.GetAuthCookie(_userName, False).Values(0))
{System.Web.Security.FormsAuthenticationTicket} CookiePath: "/"
Expiration: #1/21/2010 1:42:27 PM#
Expired: False
IsPersistent: False
IssueDate: #1/21/2010 1:22:27 PM#
Name: "jaymo "
UserData: ""
Version: 2
but when I check
HttpContext.Current.User.Identity.IsAuthenticated it always returns False.
If done this before and it worked fine. I cannot find any mistake I might have made or where something might have changed between ASP.NET 2.0 and 3.5.

View 2 Replies

Security :: Set When Using The Login Controls?

Jun 13, 2010

To avoid going to the Databse to get the user Id, Id like to append userId to the field. This way I can split the returned string to get the UserId without going to the database.

Where can I do this when using the login controls?

Is there some event handler where I can add:

FormsAuthentication.SetAuthCookie(NamePlusUserID, false);

View 1 Replies

Saving The Login Name As Current User Identity?

Mar 1, 2011

So I'm making a login. I want the login name that people use to match an id in my SQL database. So that I can retrieve their information. But currently when I use the code below, from which I get the name of the computer I am currently on. However I would like the user Identity to be what they write in the username textbox at the login screen.

If HttpContext.Current.User.Identity.IsAuthenticated Then
Dim userName As String = HttpContext.Current.User.Identity.Name
End If

So I looked for it on net and I think it might have something to do with my web.config file. As I'm totally new to I wouldn't know. However here's a part of my Web.config file.


View 3 Replies

Web Forms :: Get Currently Login Windows User Identity In Application

Jan 4, 2011

I have this web application where I need the currently logged in windows user Identity. I server on which I deployed this application does not support virtual directories. And I am not sure if that server is configured for "Integrated Windows Authentication."

I tried using:

All these work and retrieve the appropriate currently logged in windows username when the application isn't deployed. But when I deploy it on this particular server, these methods do not give me nothing.

View 4 Replies

Security :: Identity Impersonate + Integrated Security(DB) And Programatically Impersonating The User?

Nov 19, 2010

I have identity impersonate = true in the Web.config file. I have integrated security = true in the DB connection string in the Web.config file.Before identity impersonate was true,users were able to access the DB through the web service account (seemingly).Now I get an error which says " Login failed for ... " because I am aware there is no specific account for that user in the permissions for that DB instance.I needed to set identity impersonate = true because the web service does not have access to the Active Directory,which I need to retrieve certain user information.

My question is,does identity impersonate = true override the integrated security and attempt to user the authenticated user's account to connect to the DB? Is there a simple way to prevent this in the Web.config itself?If not,would programatically impersonating the user within the Active Directory query functions and setting identity impersonate = false do the trick here?

View 2 Replies

Security :: Using Page.User.Identity.Name To Fetch User Information From A MsSQL Database?

Dec 23, 2010

I have implemented Forms authentication in an ASP.NET MVC 2 website

By using <%: Page.User.Identity.Name %> on the Site.Master page I can display the userid of the logged in user.

I would like to use this value and display other information about the user that is stored in a User table in a MsSQL database, like:

<%: GetFirstname(Page.User.Identity.Name) %>

View 2 Replies

Security :: Isolating The User Name In Page.User.Identity.Name?

Mar 4, 2010

Is there a simple way to just retrieve the user's name, and not the Domain name, when using this function:

string quizTaker = Page.User.Identity.Name.ToString();

Right now it returns "DOMAIN_NAMEUserName"

I would like to just use isolate and use the user's name, without the Domain name.

View 2 Replies

Security :: What Is The Use FormsAuthentication.user.identity

Oct 7, 2010

what is the use formsAuthentication.user.identity

is it one of the property of page

View 1 Replies

Security :: User.Identity.Name In Global.asax

Jun 1, 2010

In the website we have several folders, some folders are accessible by anonymous users, others are accessible by members only, some by administrators or a both administrators and members can view this folder. Each folder contains some forms; these forms are based on the role as well. We'd like to add "user.identity" as to authenticate the user based on the user_id from table websit_ users.

However we are not sure , wither we need to specify each and every form, folder or this will be done automatically once authentication is applied. And where do we put the user.identity and what is the exact format of it. Do we include it in our Global.asax after the authentication part?! This is the code in global.asax:


View 1 Replies

Security :: Changing The Way This Aspx Login File Works?

Mar 16, 2010

I have a simple login screen that now has to receive its parameters from another web site. I am not sure what we have to do. The other web site, will get the user id and password. the person there is asking me, does he just redirect user to is the codes: First is Login.aspx<%@ Page Language="C#" AutoEventWireup="true" CodeBehind="Login.aspx.cs" Inherits="Reports.Login" %><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" ""> xmlns=""

<head runat="server">
<title>Untitled Page</title>


View 4 Replies

Security :: Unable To Retrieve Current.User.Identity.Name In II7

Feb 26, 2010

I'm in the middle of moving a web application from IIS6 to IIS7. I've enabled "Windows Authentication" and added <deny users="?" /> to the authorization section of my web.config file. When the app was running on IIS6 my users where able to access the web app without logging in because their windows login was automatically recognized. This does not seem to be the case in II7. I can not get a value for "Current.User.Identity.Name" in my ASP.Net code.

View 1 Replies

Security :: Get The GUID In Similar Manner To User.Identity.Name?

Mar 17, 2011

Once the client is logged in, do I have access to their GUID via something like


View 2 Replies

Security :: User Identity. Name Is Blank On Page Load?

Jul 29, 2010

I have an aspx page which displays a user's details in a Label. It takes their User.Identity.Name and queries Active Directory using the following code:


View 1 Replies

Security :: User.Identity.Name.ToString() Is This Secure And How To Store It

Feb 10, 2010

I have created an site with anonymous access turned off. Its for an internal (intranet) system which uses User.Identity.Name.ToString() to get the users login windows ID and then displays some records from a datagrid depending on their login ID. Is this secure? Also i am struggling to workout how best to store the result of User.Identity.Name.ToString() as I am not keen on storing it in a hidden text field and would rather not call it all the time unless this is the best way?

View 3 Replies

Security :: User.Identity.AuthenticationType Returns Custom Always?

Jan 18, 2010

when ever i check User.Identity.AuthenticationType the returned string is 'Custom' always, doesn't matter my authentication type is 'Windows' or '''Forms'.

I want to do some different coding in aspx.cs for windows and forms authentication, but i am unable to differentiate between them because 'User.Identity.AuthenticationType' always returns 'Custom'.

View 3 Replies

Security :: Httpcontext.current.user.identity.isauthenticated Always False?

Sep 7, 2010

I create two pages, the first one is the login page with user name and password textboxes - (not asp login control) , when clicking login button I check the login authentication, if it is true redirect to default page. in the default page if !IsCallBack then i check httpcontext.current.user.identity.isauthenticated

if it is false i redirect the user to the login page. but my problem is that the httpcontext.current.user.identity.isauthenticated is always false.

Below the section of authentication in web config


View 5 Replies

Security :: HttpContext.User.Identity.Name Not Reflecting Updated Username?

Apr 29, 2010

We have an application using Windows authentication and have <Domain>olduser account.

We renamed the account in the active directory to <Domain>olduser2

Login to a pc as <Domain>olduser2 and try to access our application.

the problem is we can't login anymore.

when i debug the application, i can see that the HttpContext.User.Identity.Name is still <Domain>olduser.. and not olduser2

View 3 Replies

Security :: Passing The User.identity Object To Shared Code?

Dec 13, 2010

I have a shared module in an web app which gets various information about a group or user. Since the Iuser account on the web does not have enough rights to query the AD, I need to supply an appropriate userid and passcode for the directoryentry in the shared code. Since my credentials so the have the appropriate rights to query the AD I like to impersonate myself(user.identity). This works fine for a webpage, but I can't pass the user.identity object to shared code. I get an error. Is there a way to pass the user.identity object to a shared function in another module?

View 1 Replies

Security :: Creating Custom Registration And Login

Oct 20, 2010

I'm working on a project that requires registration and login. I know that ASP.NET provides login controls to get that job easily done. However, I'd like to implement custom registration and login. I mean my own registration and login forms and my own database. I've researched before posting this topic, but found nothing useful teaching me how to implement those functions. Can you guys tell me the way to implement them using LINQ and VB? OR can you give me the URL of the tutorial teaches exactly what I want?

View 2 Replies

Security :: HttpContext.Current.User.Identity.IsAuthenticated / Module Isn't Working

Jan 18, 2010

We have an SharePoint site no login (anonymous) with a search module using AJAX. Now the users complains that the module isn't working. When I check the code (not developed by me), I find that the code only runs if "HttpContext.Current.User.Identity.IsAuthenticated=true". Could that ever return true on an anonymous site?

View 1 Replies

Security :: User.Identity.IsAuthenticated Returns True But Session Has Expired

May 24, 2010

I have a page where, when the user has successfully logged in, I store some values in the session.

I then use these values to load an application list page. This page is automatically refreshed after 20.1 minutes, with the sessionstate timeout and forms timeout in web.config set to 20 minutes (with sliding expiration). This means, if the user does not use any page for more than 20 minutes, he is timed out.

My problem is that the User.Identity.IsAuthenticated sometimes returns true, when the session has expired.

Why is this happening, and how can I fix it?

View 3 Replies

Security :: Create A Login Window From Where User Could Login From Their Gmail Or Others Id And Write

Aug 13, 2010

i m currently creating an article module, and i want if user wana comment on to the any particular artical, than he should login any of his mail id like gmail, yahoo hotmail etc and than post his or her comment and after than comment should go into the DB.

View 3 Replies

Security :: Using ASP Tools For Login And Create User / Login Tool Is Going To Get Userid And Password Info?

May 25, 2010

I've created a page to add users, using the CreateUserWizard, I use the Login Control to login.

I have setup the config file to use my SQL server, not express

<remove name="LocalSqlServer"/>
<add name="LocalSqlServer" connectionString="Data Source=xxxx.xxxx.xxxx.xxxx;Initial Catalog=aspnetdb;Persist Security Info=True;User ID=xxxx;Password=xxxxxx" providerName="System.Data.SqlClient" />

I go to the create user page, add a user.

I can SEE the user on the database using Server Management Studio...

I go to signon and get "Your login attempt was not successful. Please try again."

I have not customized the login control in any way. (OR the createuserwizard)

HOW can I tell where the Login tool is going to get userid and password info?

How can I tell if it is not finding the user or the password does not match?

View 2 Replies

Creating A Website With Membership And User Login?

Mar 2, 2010

Environment: W2K8R2 x64 +SPn..., Office 2007 +SPn..., Visual Studio 2008 + SP1+ SPn..., SqlExpress2005 +SPn..., SQL Std 2008 +SPn...

2 Problems...

1) No matter how I try Default.aspx never shows up as the StartPage even though I've told it to, the Login.aspx Page shows up first, so the rest of the walkthrough seems strange....

2) I'm a dummy when it comes to SMTP so I can not seem to get the SMTP to send a message to the User supplied e-mail address....

I want to use this methodology for many Web-Sites I have planned, but if it doesn't work then perhaps not....

View 1 Replies

Copyrights 2005-15, All rights reserved