Security :: Membership Users Different Page Direction?
Feb 25, 2010
i have some link buttons that On click direct to some page iwant to add some if statement that if the user is online direct to same page and if not direct to other page?
I have a database of users that we used to have on a different system. The users already have their username and passwords associated with.
Now we are switching the entire system to .Net , and we will be using the membership to authenticate the users and start creating the new users with the wizard.
My question is : how could we import the users from a different database (mysql) , to the membership database on MS SQL ?
And also the passwords on the mysql database are in clear text , when we import them to the membership database on ms sql , is it going to apply the hash on them ?
I have been diligently learning all about the asp.net membership framework and have a test site running it all. However, during my testing, it became apparent that deleting users would be useful. I can delete users from the "aspnet_users" & "aspnet_Membership" tables simply by right-clicking on the table in server explorer, selecting "show table data", highlight the rows and press delete!!
However, this is a pain and I would much rather do this properly from code behind.
I have found out that the membership schema supplies a large number of "stored procedures" including "Delete_Users" however, when I execute this one manually, I have no idea what the last two parameters are (number of tables and something else from memory - the first two "application name" and "username" are easy to copy in to the dialog.
show me a sample set of VB code that I can use behind a "Delete User" button on my webform including how I supply the parameters. I have set up a drop down list box from teh "aspnet_users" table which displays the "UserName" and has as the SelectedValue "UserId".
I used [URL] as a guide and have something configured to show me the users which are logged into the system. This uses the aspnet_Users.LastActivityDate column to see when someone last did something on the system. It also uses the userIsOnlineTimeWindow within the web.config to determine whether a user is online or not.
But because of this userIsOnlineTimeWindow limitation of .NET, even when someone logs out of the system or closes their browser window, the system still sees them as being online. Also, if they are on a page and don't do anything for 10 minutes, the system will show them offline until they refresh their page or go to another page. know of a better, more real-time way to tracking users which are logged in, logged out, etc?
I don't want to wait 10 minutes for the system to show that a user is offline and also if there's 10 minutes of inactivity, it shows them being offline.
I'm trying to do a bulk insert of data into the aspnet_Membership table. I have existing records from a previous version of the system I am re-building in asp.net. I've been researching and asking questions, but I am still missing something. What is the best way to do this? I believe I need to grab my previous table and iterate over each record and insert into the new membership table via the Membership.CreateUser method. So far I have been unable to make it work. My code so far in the on click event of a button is below.
using System.Web.Security; using System.Data; using System.Data.SqlClient; [code]....
I have set up Membership and Roles and can create users and login using the ASp Login control. However I need to associate users with customers (in a Customers table in the database) and display content according to the customer that the user belongs to. Is the best way of doing this to create a foreign key field in the aspnet_Users table relating back to Customers table which would have to be updated manually after creating the user or is there a better way?
I'm have a doubt using membershipuser to create users in the AD with Membership.CreateUser Method, does any one knows how can i send other attibutes to the AD, such as First Name and Last Name?, besides those ones: username
I need to authenticate users based on three parameters such as username, password and officename instead of just username and password. User name is unique only across the single office and not across the application.
Can I achieve this using Membership class and if yes do I need to write any custom code for that?
I had created a Membership ASP.NET 3.5 website and selected the Forms authentication. Therefore, I created several users with related information into the ASPNETDB database. Yesterday, I changed the website security to Windows authentication.
This morning, when reviewing the ASPNETDB data for another website, I still can see those Membership Forms users and their ApplicationIDs in the aspnet_Users and aspnet_membership tables. How can I delete those Forms users?
Another question: In aspnet_Applications table, I can see the ApplicationName (e.g. /WebPartsDemo) for the Web Parts websites. I have 2 ApplicationIDs in the aspnet_Membership table. I can not see only one ApplicationID in the aspnet_Applications table, but with an empty ApplicationName, i.e. / only.
Do I miss something when creating the Membership website? What is the ApplicationName for the Membership website?
I have the requirement to export all my users and custom profile properties to an excell spreadsheet but i can find a way to do it. I have found several exampls of how to export the Profile information eg(
I need to populate a dropdown list with users who match certain role criteria. For example, if I have the following roles: Manager, Employee, Supervisor I would like to populate the list with only the Manager and Employee roles. Some individuals have multiple roles and they should be excluded if they also have the Supervisor role as illustrated below:
Name: A , Role(s): Manager, Employee, Supervisor
Name: B, Role(s): Employee
Name: C, Role(s): Manager, Employee
The final list should only contain names B & C.
I can use Roles.GetUsersInRole("Employee") but I am not sure if this is efficient or not.
I'd like to use the ASP.NET membership provider in the following (low-security) scenario...
My company will create and administer user accounts on behalf of our clients. These accounts will likely be shared amongst several people in the client company (is that a problem?).
There will be 2 types of users (2 roles): client and administrator. Administrators are the people within my company that will have special privileges to create client user accounts, etc.
Clients will not be able to self-register. They also won't get to choose their own password, and they should not be able to change their password either, since that will just create confusion where several people are sharing the same account.
My internal users (admins) will set the password for each client. Here's the bit I'm struggling with: if a client phones up and asks to be reminded of their password, how can my admin users find out what the password is? Can I configure the provider to store the password in clear text (or other recoverable form), and if so can I get at the password through the .NET API?
As I said at the outset, this is a low-security application, and so I plan simply to show the password in the (internal) web page where I have a list of all users.
I had been trying to solve this but there is a hidden key i wish someone point me to.
I had a simple membership database with users in first the Membership Provider configured for clear password to retrieve the original password .
Now a new requirement say that the password must be hashed and reset .
I configure the Membership password to hash , and Implemented the Reset Password Module.
My problem is as follow.
If the user is new registered user with the new configuration the password and the security answer is hashed.
also when I go and reset the password it continue to be hashed.
Now I thought that with new configuration if any previous user with clear text configuration , If he use the password Reset module , because my configuration now is hashed , I expected that the new password and security answer will be hashed . what happen is old user continue in clear text even if the configuration is hashed. so If I had new users everything is fine.
old users Membership Provider somehow know they had been stored in clear text and it keep change password and security answer in clear text . If I delete this user and create it , Membership Provider understand that everything will be hashed. I need to know how it know this , I need to migrate users not to delete and recreate users .
Also if there are no solution for that , I wish Microsoft Consider it in future cause it is a real user scenario, that can happen imagine a business system that related to membership user Id , deleting users and recreate them is not a solution .
i used security in login page which restricts all users who have not logged in to all pages. I need to restrict specific users to specific pages. I'm not using AspSqlService provider. So i cannot create roles and restrict automatically. And the pictures i use in login page are not visible @ runtime.
I have an Employee class in my App_Code folder. On my login page I am trying to create an Employee using the asp.net username as a parameter in my Employee constructor.
I have tried creating the employee in the page load event when it is a post back. I have tried doing it in the Login1_LoggedIn event. For some reason I cannot pull the username in either one of these places, but if I redirect after logging in and do the same thing on another page, it works.
I have developed an asp.net website. I Have Used Asp.Net membership provider.My Question is , I Have Three Roles , For Eg: Basic, Intermediate, Admin ...Now , i need to apply two roles for single page say basic and admin .... How can i do this ... Plz help me .... Thanx in advance ......
if (Roles.IsUserInRole("Admin") == false) Server.Transfer("AccessDenied.aspx");
So i would like that the page "pag1.aspx" is reached bypassing the "main.aspx" so If I try to digit directly on the server http://localhost/forms/pag1.aspx?C=159 ......correctly appears the login page....and the URL became..
http://localhost/Forms/LogIn.aspx?ReturnUrl=%2fForms%2fpag1.aspx%3fC%3d151&C=159 and after login I can see correctly the page1.aspx . when I try to reach the page from my browser..I digit
http://myserver/forms/pag1.aspx?C=159 .... the login page appears...but the url became..
http://myserver/Forms/main.aspx
and after login I cannot see the page1.aspx....but main.aspx
I have created a new asp.net website ( 3 pages of c# ) I need now to apply security on those pages. each page has a couple of buttons to run specific process . How would I apply security in the following senarios
I have 3 people who have access to all three pages, however, each person has the right to click specific buttons on the pages. What is the best way to apply security.
This is what I thought and need someone to confirm it. I have created a table like this