Security :: FormsAuthenticationTicket, Role, Profile?

Apr 27, 2010

I assume that any Role information is being stored in the FormsAuthenticationTicket in the UserData (delimited by some character).Second, I assume that any information in the Profile is not stored in memory / session anywhere, but when you do call the profile.VARIABLE, you are in fact doing a call to the DB (although it's simplified by the fact that it knows who you are when calling etc).Assuming the above is correct, I'm trying to complete a custom membership provider. As part of this each user will have a single role. So using a full blown role provider seems to be overkill. I assume that I can write the single role into the UserData in the FormsAuthenticationTicket myself?I would like to also store a number of other small bits of information in the ticket (such as a GroupId, VendorId which are seperate from the user / role). If I wanted to do this, and the role is held in the userdata, how would I identify what is a role and what is someother persistant data I need on the application?I could use Session items for these, but this might cause issues with the web-farm, plus the amount of data is very small (3 or 4, int32 values and maybe one string).Finally, items such as Address, PostCode, Contact Phone number all seem sensible items to place in the profile ( I'm using the table provider). Is the advantage here purely the ease of access? This isn't commonly used data, so if there is a round trip to the db thats not an issue really in this instance

View 4 Replies

Similar Messages:

Security :: Adding Profile Information To FormsAuthenticationTicket

Jan 19, 2010

I'm authenticating my users using the following code for the login event:


The following code runs in global.asax at Application_AuthenticateRequest:


Everything works great so far. Next thing that I need to do is add additional user information to the forms authentication ticket using user profile. When I try to add it right after the login code above, I end up getting an error message about anonymous profile. On the other hand, HttpContext.Profile is read only and doesn't seem to work. Is there any workaround for this?

View 2 Replies

Security :: Open Source User Profile And Role Management Application?

Dec 23, 2010

I am looking for an opensource .Net 4.0 user profile and role management module. I need to manage basic user profile updates and management. Does any body know if such a thing exist?

View 1 Replies

Security :: Member / Role / Profile Database Schema Port To IBM Informix (IDS 11.x) Database?

Jun 14, 2010

I was just wondering if anyone has ever had to port the schema across? Are there any experts that could pitch their opinions on the achievability of this (mad) idea? I'm using the IBM Migration Toolkit and as expected its throwing a bunch of translation errors some of which were relatively easy to solve (vendor specific function calls for example) and some will take quite a while to pin down and work round.... however this is not my main concern.

If completed I expect I am going to have to basically rework all the System.Web.Profile/Roles/Membership namespace classes etc to work round the SQL limitations of informix (i.e. IDS11.x SQL server doesnt have a DEFAULT (newguid()) so that would have to be put into the calling method) (and any MVP comments really as I can slap my boss round with the weight after he ludicrously agreed to this project for a client without doing any research...)

View 1 Replies

Security :: Create An Url Containing A FormsAuthenticationTicket?

Mar 13, 2010

I'm trying to dynamically create a url containing a FormsAuthenticationTicket that can then be emailed to a user who has forgotten their password. Then when the user follows the url they will be authenticated by the ticket in the url and be able to access the reset password page

I have tried creating a FormsAuthenticationTicket object and encrypting it but the string it produced seems way longer than the hash in the urls produced when using cookieless authentication.

What I want to do is produce a url say


that will be recongnised by cookieless authentication. But as I said the hash I come up with seems way to long and just not right at all.

you can see how long and different it is here by pressing the forgot password button..


it says in the docs for FormsAuthenticationTicket that the encrypted ticket can be stored in a url. but I want to make it the same as those used by cookieless authentication so that it is recognised straight away.

View 3 Replies

Security :: How To Create Custom Role Information Instead Of Using Built-in Role Database

Nov 13, 2010

Usually in sub-folder we will limit the access right to some roles and this feature requires pre-defined database schema.

However, if i still want to use this role feature of, but I do not like the pre-define database schema, I want to extract role information from my own database table and bind it to the role.

View 2 Replies

Security :: Save MyAppUser In FormsAuthenticationTicket?

Feb 19, 2010

I'm not using the Membership framework built into .NET but I'm using FormsAuthenticationTicket to make sure user is logged in. I have an object for my users in my application -- let's call it MyAppUser object. Can I save this in the FormsAuthenticationTicket as opposed to saving some string?

If I can't do that, I can save the object in session but I'm a little worried that session and FormsAuthenticationTicket will get out of synch.

View 1 Replies

Security :: Creating A Profile For A New User Is Updating Other Profile

Feb 4, 2010

I am logged in as user1, and while creating a user in which I have additional information which would store first and last name into the profile database. I have the following code


But because I just have profile like that, it is updating the profile of user1 not the new user i just created


View 5 Replies

Security :: FormsAuthenticationTicket And HttpCookie Are Not Working In Chrome?

Apr 30, 2010

I have a web application developed using VB .Net 2003, and is running ASP Net 1.1.

The application is running fine on all browser, except for the login/authentication control that doesn't work properly on Chrome.

We have different types of users using the website, and each user type has different menu items displayed for.

The problem is, if a user logs on with let's say Admin account, and logs off and later logs on again using student account, the user still gets the Admin menu, and of course vice versa.

I'm not sure if I'm doing something wrong, or there is something I'm missing here.

On more thing, if the timeout period reached, and the session was timed out , and the user (regardless of the type) tries to log on again, he is successful on all browser except on Chrome again!, where it keeps telling the session was timed out, and never logs on again until clearing the cookies.

This is what i have in my application web.config

<!-- Authentications -->
authentication mode="Forms">
<forms loginUrl="index.aspx" name="authCookie" protection="All" timeout="60" path="/"></forms>


View 2 Replies

How Do People Deal With Membership/role/profile In Real Webiste

Dec 31, 2010

I don't like profile provider store all profile info in one or two row in the database, but I want to use membership/profile API for authentication purpose.Customize membership/role/profile provider requires big big upfront efforts, which may cause more mess later.So how do people deal with that normally?

View 2 Replies

Is Membership - Role Management And Profile Usable In A C# Class Library

Jun 1, 2010

I know it's possible to use this information in a winform, wpf or console application. But I rather to determine which user with what roles are running a sepecific method, so I could decide upon them and run different codes. In addition in a desktop app. how a user can login? Is there any special winform or wpf login control?

View 1 Replies

Security :: C# FormsauthenticationTicket Doesn't Override Configuration Timeout

Jan 7, 2010

I have a testproject and the forms timeout specified in web.config overrules the timeout which I set in FormsAuthenticationTicket. According the documentation, the timeout (expire date) in FormsAuthenticationTicket must override the timeout in web.config.

Documentation found on:



Here is my code:





Now, when I login, i get redirected after 1 minute of inactivity. This isn't supposed to happen, right? I have to be redirected after 2 minutes.

View 1 Replies

Security :: FormsAuthenticationTicket In Firefox(multiple Instance Of Browser)

Oct 27, 2010

I am using forms authentication in application. This is working fine in internet explorer. Opening application in firefox is also fine but when i login in second instance of firefox, application in first instance logs out. Following is my code for creating ticket and cookie.

FormsAuthenticationTicket objTicket = new
FormsAuthenticationTicket(1, sUserName,

HttpCookie objCookie = new
objCookie.Value = FormsAuthentication.Encrypt(objTicket);
objCookie.Expires = DateTime.Now.AddHours(1);

View 1 Replies

Security :: Sql Role Provider Does Not Allow To Update The Role Name?

Mar 18, 2011

Why sql role provider does not allow to update the role name , whats its reasons.

View 5 Replies

Security :: How To Automatically Send User To Login Page When FormsAuthenticationTicket Expires

Feb 13, 2010

I'm using Forms authentication in my application but I'm not using the Membership that's built into .NET.

How do I automatically send user to login page when his/her FormsAuthenticationTicket expires? I just don't want a user log in and leave a page on their computer screen long after their session has expired. I'd like to make sure that as soon as the user's
FormsAuthenticationTicket has expired, I send them to login page.

View 1 Replies

Security :: Want To Use Profile And Have A Profile Property?

Dec 5, 2010

I'm being stupid but don't know what I'm missing.I want to use profile and have a profile property.So in the webconfig for my site I've added:

<add name="Name"/>

But in the code behind a page I cannot use Profile.Visual Studio is just saying the Profile is not known in the current context.Thus I cannot do

Profile.Name = ....
x = Profile.GetPropertyValue(....)

View 13 Replies

Security :: Windows Authentication - Get Role Security In Web Config File To Coincide With Controls

Apr 6, 2010

We use Sharepoint to control our websites. We build the sites, then load them into the sharepoint server. My question is if I use windows authentication, how can I get my role security in my web config file to coencide with the controls that use the Forms authentication. Is there a differenence? Our security uses a session variable for security but there is no where to set up their permissions except in active directory. I hope this makes sense because I would like to implement the LoginView with Role groups but how can I give them the role="administrator"? Do I have to go into active directory and give them these permissions(would take awhile due to the size of the company)? Or do I have to set up priveladges in the web.config file for each user(difficult I think)?

View 5 Replies

Security :: Custom Access Denied Page For Role Based Security?

Oct 27, 2010

I have implemented role based security in my 2.0 application using windows authentication and the windowstokenroleprovider and limiting access to certain pages using the location tag to specific active directory groups.

The issue is that when a user tries to access a page they are not authorized to view it brings up a login prompt and when it does not pass it takes them to the default page that tells them they are not authorized to view the page. I am wondering if there is a way to throw up a custom page that tells them they are not athorized to view the page that I can incorporate into the site itself with the header and so forth? if this page could come up in lieu of the sign in box popping up as well.

View 2 Replies

Security :: Get The Role Id Rather Than The Role Name?

Feb 10, 2010

How can i get the role id, rather than the role name?

For instance with the code below

Dim roles1 As String() = Roles.GetAllRoles()
GridView1.DataSource = roles1

I can access the role name in the gridview like below, but how could I get the ID to pass in a hyperlink?

<asp:Label ID="lbl1" runat="server" Text='<%#Container.DataItem.ToString() %>' Visible="false" />

View 1 Replies

Security :: Role Base Security Using Scriptin Not In Database?

Mar 22, 2011

I want to implement role base access security on a script instead of database .

Using 2008

Considering various different user roles in scripting- role base access on same page. not in the database Different user should be able to see only particular information on the page, which is assign to him. This should be done on the bases of scripting not in the database.In short administrators and users contains should be on one page and they should be distinguish according to the role of administrator and user on same page.

Need to put validation and verification on the scripting page, not from the database.


Defination of project

The goal of this project is to extend role-based access from data to scripts. The users are classified into different roles. A script will display different information according to the role of the user.

The main aim behind implementing this project is, as nowadays people try to access the code and try to break into the secure codes via cookies as well as link information along with domain names. So in order to prevent this if the role base access security is kept on a script instead of database then it might be possibly less chance of breaking this kind of security.

In making this kind of functionality we need to deal security of webpage with the help of script. So the whole idea is to identify the user and separate contains which are only accessible to the specific user. In order to research and implement this project, we need to have core understanding and knowledge of the scripting fundamental and how exactly the scripting is working on webpage.

So looking towards this project we are planning to deal with somehow role base access in scripting.

Nowadays you might have seen security has become a larger issue, moreover providing security on website is one of the major concerned in today's life. As the network of wired and wireless network has extended in very large volume, you can see unsecure internet access in many place and in this unsecure there might be possibility of hacking becomes very easy.

So in order to make this security tight or in order to make website more secure we are planning to build this project.

View 2 Replies

Security :: Use The Profile Other Than Default?

Mar 3, 2010

I'm making another attempt to find out how to use a different profile in the web application. I though it would be quite simple. but couldn't find an answer anywhere.

All I need to know is how to call "i90ProfileProvider" instead of default "i90PartnerProfileProvider" in C# or VB.

<profile defaultProvider="i90PartnerProfileProvider">
<add name="i90PartnerProfileProvider" type="System.Web.Profile.SqlProfileProvider" connectionStringName="i90Partner"/>
<add name="i90ProfileProvider" type="System.Web.Profile.SqlProfileProvider" connectionStringName="i90"/>

There must be the way to do this. For user it works just fine:

MembershipUser user=


If there is a way to add a name for Profile Provider in web.config, then there must be a way to use it.

Or I should do something entirely different to retrieve the user profile form another database?

View 5 Replies

Security :: Profile And CreatUserWizard?

Mar 7, 2010

1. i use the profile feature and i noticed that the profile cant work with anonymus users . and i can understand why now it leads me to a nother problem , in the creatUserWizard i added another step wich take the personal details of the user like firstName LastName and ect... and i wanted to store the details in the profile feature...

but it wont pass me to the second step it just give me an erorr that the service can work with anonymus or something like that .

2. i stored a datetime detail in the profile and when i tried to get it it gave me the date + the hour i put the date like : 29/12/1989 18:18:00 and i want to see just the date ...

View 4 Replies

Cumulative Role In Security

Dec 30, 2010

I have a couple of aspx pages in c# and want to apply security on them. The way the current security works is that each user is assigned a role to enable him to add,edit or delete . for instance I have 3 roles, Accountant, finance and clerk,


View 2 Replies

Security :: Users With More Than One Role?

Mar 4, 2010

I have an application that uses Forms Authentication and Role Management. I have a few users with more than one role associated to the user. Based on certain roles, the navigation menu displays certain menu options.

Right now, if the user has more than one role, the menu shows the items that are in both roles instead of the items that are in the particular role that the user is logged into or currently set to.

I'm creating an Authentication Ticket to log the user in and I'm passing the active user role as follows:

authenticationTicket = New FormsAuthenticationTicket(1, UserName, DateTime.Now, DateTime.Now.AddMinutes(20), False, UserRole)

Is there anyway to set the user to one particular role and have the application see the user in this single role instead of reading all the roles that the user is in?

View 1 Replies

Security :: How To Get The User's Role

Jan 22, 2011

Is there any way that I can find the exact name of the role a User is in? There is a property for UserName ( User.Identity.Name) but what about the role?

View 1 Replies

Copyrights 2005-15, All rights reserved