So its a ASP.NET problem where two users using the same machine, same browser:
User 1 logs in the domain. User 1 changes some data without saving it. User 2 logs in the domain in a separate tab. User 1 switches back to his tab and saves the data. User 1 actually saved the data into User 2!!
This is caused by the following mechanism:
Different tabs in the same browser seems to share the same session id.
We are storing user auth in cookie and the cookie is shared between tabs (same domain)
Therefore, when User 1 request to save, it is recognized as User 2 since the cookie has been updated to User 2.
So I'm wondering if there's any other methods to prevent this from happening, other than:
1. Use cookieless session so the session is embedded in uri. 2. Always include a hidden field in page to indicate which user owns the page.
I am using asp.net membership and the login control. I would like to prevent a user from logging in with the same use rname if they are already logged in. I would like to place code in the LoggingIn or Authenticate event of the login control to check whether the user is login and prevent them from logging in again. Any ideas on the best way to do this?
I am looking at how best to prevent a single user account logging on multiple times in a webforms application. I know that MembershipUser.IsOnline exists, but I've read a few forum and blog entries suggesting that this can be unreliable, particularly in scenarios where a user closes a browser (without logging out) and attempts to logon with a different machine or browser.I looked at implementing a last past the post type system; when a user logs on older users are simply kicked off. It seems that FormsAuthentication.Signout() only works for the current user.
I'm debugging some unexpected behavior and while tracing in to the .NET framework I see a bunch of stuff like this:
if (Logging.On) { Logging.PrintInfo(Logging.Web, this, SR.GetString(SR.net_log_n_certs_after_filtering, filteredCerts.Count)); ... }
But (as expected by default) the execution steps right over these. Is there some way to turn on the logging? Or is that just something that the framework developers can do while making special builds of the framework?
I was adding login and logout functionality to my ASP.NET website. While I am able to make the user log in by checking the username and password but on some pages should be available only if he is logged in. I am doing this by storing the user's value in a session
Secondly, I am using a Link button which changes to Logged in as example. So, how does the user log out?
Im building a web application that charges for access on a per user basis. Ive used standard roles and membership for setting up accounts and logging in. I want to ensure that a client cant use the same user details to login more than once
ie if user abc1 is already logged in, someone else cannot login again using the same credentials
FormsAuthentication.RedirectFromLoginPage(txtUser.Text, false); After doing this, the user is logged in with the txtUser.text
But the question now is, how do i retrieve that user name from Authentication or whatever on other pages? is it possible or not?
Because i know that person stays logged in untill he logs out with this code: FormsAuthentication.SignOut();
And one more question i dont know is this one good for this or not how do i better check if the person is typed in correct name and pasword or not, with executescalar or executereader?
I am involved in designing a asp.net webforms application using .NET 3.5. I have a requirement where we need to log exceptions.
What is the best approach for exception handling, given that there would be concurrent users for this application?
Is there a need or possibility to log in exceptions at a user level? My support team in-charge wants to have a feature where the support team can get user specific log files.
To give you a background, this application is currently on VB 6.0 and we are migrating it along with some enhancements. So, today the support personnel have a provision to get user specific log files.
I have a login form from the membership and I am trying to make it so that it would redirect depending on role. I have tried to put this code under login1_loggedin but it didn't seem to work. how can I do this?
I spent a day trying to make Ent Lib Logging work and log anything into database or event log. I have a web application and console application with the same Ent Lib config but only the console application is capable to log into the Event Log. I tried everything with permissions but I don't know what exactly I am doing — which services should have what. It does not work!
I read articles like this[URL] and I want to try to give the ASPNET account those permissions. I am using Windows 7 and I cannot find ASPNET user account. So where is it?
This is the config file which is automatically generated from Ent Lib utility and it works only on App.config, not on web.config:
I have 2 master pages Default.aspx is from Site.Master and some more pages that are from Admin.Master, I have used the code that to prevent the user from going back to previous pages after logout.
 Here is my code
function preventBack() { window.history.forward(); } setTimeout("preventBack()", 0); window.onunload = function () { null };
The problem I am facing Admin.
Master page i.e I have Home.aspx, AboutUs.aspx,Admin.aspx,AddItem.aspx I was unable to navigate between those pages also. how to solve this. I have tried other methods also, but still facing same problem.Â
I have a login page and a dashboard page. Now user first login and then redirect to dashboard page. User press browser Back navigate button and now it's again on login page.
I've seen on some sites where one is unable to save the images from that site. Is there a property or something that I would use where I can prevent users from saving images from my site?
When a user logs in into my website I have a custom membership provider that overrides ValidateUser and verifies that the user has sufficient rights etc.
However, when implementing a 'remember me' function through the default forms authentication using RememberMeSet, I also want to validate a user on the first request.
Is there some hook I can attach to that triggers when a user logs in with their persistent cookie?
I am currently using the built in ASP login function... the destinationpageurl of that login function locates to "loginhome.aspx" for all users... but for one specific user ("Admin") it needs to link to "adminhome.aspx"... just wondering whats the best way to do this? Can I change the destinationpageurl of the login function depending on the user or creating an admin role so "If membershiprole = 'Admin' redirect to 'adminhome.aspx' End If" or can I just add some code behind the login function so "If User.login.Name = 'Admin' Then destinationpageurl = 'adminhome.aspx' End If" think I have already tried this on the login1_authenticate event but it didn't work
User 1 logs in the domain. User 1 changes some data without saving it. User 2 logs in the domain in a separate tab. User 1 switches back to his tab and saves the data. User 1 actually saved the data into User 2!!
This is caused by the following mechanism:
Different tabs in the same browser seems to share the same session id. We are storing user auth in cookie and the cookie is shared between tabs (same domain)
Therefore, when User 1 request to save, it is recognized as User 2 since the cookie has been updated to User 2.
So I'm wondering if there's any other methods to prevent this from happening, other than:
1. Use cookieless session so the session is embedded in uri.
2. Always include a hidden field in page to indicate which user owns the page.
I have a signup page and Main page in my web site. i want to prevent an user to type directly the Main page URL, user should have access after signup/login.
i just like to ask if you have any idea of preventing the Back button of the browser to navigate back to the previous page after a user log in.Ex:After a user successfully logged in to my website and he/she hit the Back button of the browser.I want this to not redirected to the previous page instead redirected to the same page which is my Main page.Also after a user logged out to my website and again he/she hit the Back button of the browser.I also want this to not redirected to the previous page instead redirected to my login page.
How to prevent multiple user to be logged in at a time using a user id ?
After login in to website, the same user id not login in any other system it gives alert msg User Alrdy Login.. and also i have another query If user do not click logout and directly close browser..
I have this web application built. I am using windows authentication for this application. I have to log all the user activity as wells as site activity in this application. I have the below mentioned class established to log some activity regarding the user to an SQL server database table..
[code]....
I would still need to log many other items regarding the user and also the site, like the time spent by the user on the site, no: of currently logged in users on the site. Can anyone here suggest me as to how do I capture those items?? let me know if I am going in the right direction too.....?? If you can provide me with some links on this "user activity logging for windows authenticated applications".