Search Results

Search found 4919 results on 197 pages for 'membership provider'.

Page 24/197 | < Previous Page | 20 21 22 23 24 25 26 27 28 29 30 31  | Next Page >

  • ASP.net roles and Projects

    - by Zyphrax
    EDIT - Rewrote my original question to give a bit more information Background info At my work I'm working on a ASP.Net web application for our customers. In our implementation we use technologies like Forms authentication with MembershipProviders and RoleProviders. All went well until I ran into some difficulties with configuring the roles, because the roles aren't system-wide, but related to the customer accounts and projects. I can't name our exact setup/formula, because I think our company wouldn't approve that... What's a customer / project? Our company provides management information for our customers on a yearly (or other interval) basis. In our systems a customer/contract consists of: one Account: information about the Company per Account, one or more Products: the bundle of management information we'll provide per Product, one or more Measurements: a period of time, in which we gather and report the data Extranet site setup Eventually we want all customers to be able to access their management information with our online system. The extranet consists of two sites: Company site: provides an overview of Account information and the Products Measurement site: after selecting a Measurement, detailed information on that period of time The measurement site is the most interesting part of the extranet. We will create submodules for new overviews, reports, managing and maintaining resources that are important for the research. Our Visual Studio solution consists of a number of projects. One web application named Portal for the basis. The sites and modules are virtual directories within that application (makes it easier to share MasterPages among things). What kind of roles? The following users (read: roles) will be using the system: Admins: development users :) (not customer related, full access) Employees: employees of our company (not customer related, full access) Customer SuperUser: top level managers (full access to their account/measurement) Customer ContactPerson: primary contact (full access to their measurement(s)) Customer Manager: a department manager (limited access, specific data of a measurement) What about ASP.Net users? The system will have many ASP.Net users, let's focus on the customer users: Users are not shared between Accounts SuperUser X automatically has access to all (and new) measurements User Y could be Primary contact for Measurement 1, but have no role for Measurement 2 User Y could be Primary contact for Measurement 1, but have a Manager role for Measurement 2 The department managers are many individual users (per Measurement), if Manager Z had a login for Measurement 1, we would like to use that login again if he participates in Measurement 2. URL structure These are typical urls in our application: http://host/login - the login screen http://host/project - the account/product overview screen (measurement selection) http://host/project/1000 - measurement (id:1000) details http://host/project/1000/planning - planning overview (for primary contact/superuser) http://host/project/1000/reports - report downloads (manager department X can only access report X) We will also create a document url, where you can request a specific document by it's GUID. The system will have to check if the user has rights to the document. The document is related to a Measurement, the User or specific roles have specific rights to the document. What's the problem? (finally ;)) Roles aren't enough to determine what a user is allowed to see/access/download a specific item. It's not enough to say that a certain navigation item is accessible to Managers. When the user requests Measurement 1000, we have to check that the user not only has a Manager role, but a Manager role for Measurement 1000. Summarized: How can we limit users to their accounts/measurements? (remember superusers see all measurements, some managers only specific measurements) How can we apply roles at a product/measurement level? (user X could be primarycontact for measurement 1, but just a manager for measurement 2) How can we limit manager access to the reports screen and only to their department's reports? All with the magic of asp.net classes, perhaps with a custom roleprovider implementation. Similar Stackoverflow question/problem http://stackoverflow.com/questions/1367483/asp-net-how-to-manage-users-with-different-types-of-roles

    Read the article

  • ASP.NET MVC Users unable to login after password change, and being locked out.

    - by Russell Kay
    All, I have a website that is in use and has several users, using the MySqlMembershipProvider. We have had a few users that have been locked out (for some reason) and recently I unlocked them and reset the passwords, using the MembershipUser.UnlockUser and MembershipUser.ResetPassword methods. Now they are definitely marked in the database as Unlocked and the password has been reset, but they still cannot log in. Does anyone have any ideas why this might happen?

    Read the article

  • How to log off multiple MembershipUsers that are not the current user?

    - by Sgraffite
    I'm using the MembershipProvider that is part of the MVC2 default project. I'd like to be able to take a list of user names, and log the users off, and destroy their session if needed. The closest I can seem to come is this: foreach(string userName in UserNames) { MembershipProvider MembershipProvider = new MembershipProvider(); MembershipUser membershipUser = MembershipProvider.GetUser(userName, true); Session.Abandon(); FormsAuthentication.SignOut(); } I think I need to use a session and/or signout method related the user I want to log out, but I am unsure where those would be. What is the proper way to do this?

    Read the article

  • multiple applications using same login database logging each other out

    - by Axarydax
    Hello, I've set up two asp.net applications on a machine, their web.config files contain the same applicationName value in AspNetSqlMembershipProvider item so they share users and roles. The problem sequence is: user logs into application A, opens new tab in a browser logs into application B, his login in application A is signed out and vice versa. Should I use different approach to sharing login information between two applications? Thanks.

    Read the article

  • Asp.net Login Status Question: It Aint Working

    - by contactmatt
    I'm starting to use Role Management in my website, and I'm current following along on the tutorial from http://www.asp.net/Learn/Security/tutorial-02-vb.aspx . I'm having a problem with the asp:LoginStatus control. It is not telling me that I am currently logged in after a successful login. This can't be true because after successfully logging in, my LoggedInTemplate is shown. The username and passwords are simply stored in a array. Heres the Login.aspx page code. Protected Sub btnLogin_Click(ByVal sender As Object, ByVal e As System.EventArgs) _ Handles btnLogin.Click ' Three valid username/password pairs: Scott/password, Jisun/password, and Sam/password. Dim users() As String = {"Scott", "Jisun", "Sam"} Dim passwords() As String = {"password", "password", "password"} For i As Integer = 0 To users.Length - 1 Dim validUsername As Boolean = (String.Compare(txtUserName.Text, users(i), True) = 0) Dim validPassword As Boolean = (String.Compare(txtPassword.Text, passwords(i), False) = 0) If validUsername AndAlso validPassword Then FormsAuthentication.RedirectFromLoginPage(txtUserName.Text, chkRemember.Checked) End If Next ' If we reach here, the user's credentials were invalid lblInvalid.Visible = True End Sub Here is the content place holder on the master page specifically designed to hold Login Information. On successfull login, the page is redirected to '/Default.aspx', and the LoggedIn Template below is shown...but the status says Log In. <asp:ContentPlaceHolder Id="LoginContent" runat="server"> <asp:LoginView ID="LoginView1" runat="server"> <LoggedInTemplate> Welcome back, <asp:LoginName ID="LoginName1" runat="server" />. </LoggedInTemplate> <AnonymousTemplate> Hello, stranger. </AnonymousTemplate> </asp:LoginView> <br /> <asp:LoginStatus ID="LoginStatus1" runat="server" LogoutAction="Redirect" LogoutPageUrl="~/Logout.aspx" /> </asp:ContentPlaceHolder> Forms authentication is enabled. I'm not sure what to do about this :o.

    Read the article

  • Why am I getting a TypeLoadException when defining a custom profile?

    - by Jedidja
    I'm writing a .NET command-line application that will migrate users from an existing database into aspnetdb. To simplify the user-specific settings, I'm using the profile class that Joel Spolsky wrote about here. It works great in the ASP.NET MVC website, but for some reason it's throwing a TypeLoadException when being used from this new application. I'm not sure why the framework is trying to load the new class from System.Web.

    Read the article

  • Non RBAC User Roles and Permissions System: checking the user's City

    - by micha12
    We are currently designing a User Roles and Permissions System in our web application (ASP.NET), and it seems that we have several cases that do no fit within the classical Role-Based Access Control (RBAC). I will post several questions, each devoted to a particular case, this being the first post. We have the following case: not to allow a user view a certain page if the user lives in a particular city. This is a simple case that is coded in the following way: if (User.City == “Moscow”) // Allow the user to view the page. else // Do not allow the user to view this page. Though this case is very simple and straightforward, it has nothing to do with the RBAC. On StackOverflow, someone called this an Attribute-based Access Control. Under the classical RBAC, it seems that this case should be designed like this: introduce a permission “City where the person lives”, this permission will have a property City. Then create a role, add a permission of type “City = Moscow” to it and the assign the role to the user. Looks extremely cumbersome. The question is whether it is acceptable to introduce such non-RBAC approaches to our permissions system – does that break the design or not? This might seem a primitive question, but we found that most applications use pure RBAC, and we started to think that we might be doing something wrong. Thank you.

    Read the article

  • Asp.net Security: IIdentity.IsAuthenticated default implementation.

    - by Pickels
    Hello Stackoverflowers, I am writing my own custom Identity class which implements IIdentity. I don't need to change the default method IsAuthenticated but so now I was wondering how does the default IIdentity determines if it should return true or false? I thought to find the answer in the FormsAuthenticationTicket I am using but not sure if that is correct. Thanks in advance, Pickels

    Read the article

  • Non RBAC User Roles and Permissions System: a role with properties

    - by micha12
    We are currently designing a User Roles and Permissions System in our web application (ASP.NET), and it seems that we have several cases that do no fit within the classical Role-Based Access Control (RBAC). I will post several questions, each devoted to a particular case. This is my second question (the first question is here: http://stackoverflow.com/questions/2839797/non-rbac-user-roles-and-permissions-system-checking-the-users-city). We have the following case: we need to implement a Manager role in our web application. However, a Manager can belong to one or several companies (within a big group of companies for which we are creating this web app). Say, there can be “Manager of companies A and B”, “Manager of company C”, etc. Depending on the companies that the Manager belongs, he has access to certain operations: for example, he can communicate with clients only of those companies that he belongs to. That is, “Manager of companies A and B” can only have contacts with clients of companies A and B, and not with those of company C. He can also view clients’ details pages of companies A and B and not of C, etc. It seems that this case falls within the RBAC. However, this is not really the case. We will need to create a ManagerRole class that will have a Companies property – that is, this will not be just a role as a collection of permissions (like in the classical RBAC), but a role with properties! This was just one example of a role having properties. There will be others: for example, an Administrator role that will also belong to a number of companies and will also have other custom properties. This means that we will a hierarchy or roles classes: class Role – base class class ManagerRole : Role List Companies class AdministratorRole : Role List Companies Other properties We investigated pure RBAC and its implementation in several systems, and found no systems featuring a hierarchy or roles, each having custom properties. In RBAC, roles are just collections of permissions. We could model our cases using permission with properties, like ManagerPermission, AdministratorPermission, but this has a lot of drawbacks, the main being that we will not be able to assign a role like “Manager of Companies A and B” to a user directly, but will have to create a role containing a ManagerPermission for companies A and B… Moreover, a "Manager" seems to be rather a "role" (position in the company) rather than a "permission" from the linguistic point of view. Would be grateful for any ideas on this subject, as well as any experience in this field! Thank you.

    Read the article

  • why can't asp.net find my textbox?

    - by phunehehe
    Hello, I'm trying to add more fields to the CreateUserWizardStep, here is what I added: <asp:CreateUserWizardStep ID="CreateUserWizardStep1" runat="server"> <ContentTemplate> <table border="0"> <tr> <td align="right"> <asp:Label ID="NickNameLabel" runat="server" AssociatedControlID="NickName">Nick Name:</asp:Label> </td> <td> <asp:TextBox ID="NickName" runat="server"></asp:TextBox> <asp:RequiredFieldValidator ID="RequiredFieldValidator1" runat="server" ControlToValidate="NickName" ErrorMessage="Nick Name is required." ToolTip="Nick Name is required." ValidationGroup="CreateUserWizard1">*</asp:RequiredFieldValidator> </td> </tr> <%-- The default code is left unchanged, but not shown here --%> </table> </ContentTemplate> </asp:CreateUserWizardStep> Then I tried to reference the objects like this protected void NewUserWizard_CreatedUser(object sender, EventArgs e) { CreateUserWizardStep step = NewUserWizard.FindControl("CreateUserWizardStep1") as CreateUserWizardStep; TextBox nickName= step.FindControl("NickName") as TextBox; // insert additional information to the database } The problem is, I'm getting nulls for nickName. Am I using FindControl("") incorrectly?

    Read the article

  • asp:Login control, remember me is not remembering me

    - by Gogster
    Hi all, I have an ASP.NET login control on a page, with the "Remember Me" checkbox displayed. I have checked in trace and the authentication cookie is being created, I have sliding expiration set and a timeout of 60000, yet when I return to the website the login is not being remembered. Any ideas where else I can check? Thanks, Darryl

    Read the article

  • Custom MembershipProvider attempts to pass empty creds after IIS restart

    - by Joseph DeCarlo
    I have a C# custom ASP.Net MembershipProvider. When the user attempts to navigate to another part of the site after IIS is restarted, it doesn't navigate to the login page to collect credentials, but instead attempts to authenticate with empty credentials. Can anyone tell me what I have to do to identify that the new authentication needs to take place and that new creds need to be gathered? I have a complementary custom IHttpModule implementation that allows me to intercept events like BeginRequest and AuthenticateRequest, if that helps.

    Read the article

  • Authentication using exchange.

    - by user300435
    Hello, my client has an exchange server and offers free email accounts to his clients and partners. His clients need access to some web applications through login and password and need to be authenticated . i thought about creating a custom asp.net membership provider that hits exchange instead of the regular aspnetdb store. Is there a way to authenticate these users against exhange with their exchange provided email/username and password ? thank you.

    Read the article

  • How do I change the logged in user to another?

    - by TruMan1
    I would like to change the logged in user to another user temporarily to do some process. For example, say I am logged in as "Joe". In my method, I want to make the logged in user from "Joe" to "SuperUser", do some process, then change the logged in user back to "Joe". Can someone help with this?

    Read the article

  • deny custom role

    - by kusanagi
    how can i deny access to call method. something like this [HandleError] [Authorize(Roles = "role1, role2")] public class AdminController : Controller { [Deny(Roles = "role2")] public ActionResult ResultPage(string message) { ViewData["message"] = message; return View(); } }

    Read the article

  • using eval in server side code on asp.net page

    - by Sumit Sharma
    <asp:Repeater ID="rptrParent" runat="server"> <ItemTemplate> <li> <a href="<% =ResolveUrl("~/cPanel/UserView.aspx?User=")%><%# Eval("StudentUserName") %>"> <span> <% ProfileCommon pc = new ProfileCommon(); pc.GetProfile(Eval("StudentUserName").ToString()); Response.Write(pc.FirstName + "" + pc.LastName); %> <%# Eval("StudentUserName") %> </span> </a> </li> </ItemTemplate> The following error Databinding methods such as Eval(), XPath(), and Bind() can only be used in the context of a databound control. is coming in this part <% ProfileCommon pc = new ProfileCommon(); pc.GetProfile(Eval("StudentUserName").ToString()); Response.Write(pc.FirstName + "" + pc.LastName); %>

    Read the article

  • UrlHelper and ViewContext inside an Authorization Attribute

    - by DM
    I have a scenario that I haven't been able to solve: I'm toying around with creating my own custom authorization attribute for mvc. The main bit of functionality I would like to add is to have the ability to change where the user gets redirected if they are not in a certain role. I don't mind that the system sends them back to the login page if they're not authenticated, but I would like to choose where to send them if they are authenticated but not allowed to access that action method. Here's is what I would like to do: public class CustomAuthorizeAttribute : AuthorizeAttribute { public string Action; public string Controller; protected override bool AuthorizeCore(System.Web.HttpContextBase httpContext) { // if User is authenticated but not in the correct role string url = Url.Action(this.Action, this.Controller); httpContext.Response.Redirect(url); } } And as an added bonus I would like to have access to ViewContext and TempData before I do the redirect. Any thoughts on how I could get instantiate a UrlHelper and ViewContext in the attribute?

    Read the article

  • ClientRoleProvider and role caching...

    - by Kieron
    Hi, Is it possible to disable to the role caching when using the ClientRoleProvider? The application in question is a console application... I've tried setting 'cacheRolesInCookie' to false (I know it's a console app, but I was running low on ideas!) - but it had no affect.

    Read the article

  • Enable cross app redirects

    - by Gogster
    Hi all, We have load balancing set up on out two web server, however, a few users are being asked to login when they are being re-directed to a particular server to upload a document (we are trying to keep all uploaded documents on one server only), here is the code from web.config: <authentication mode="Forms"> <forms name="EAAAuthCookie" loginUrl="/login" defaultUrl="/members/home" protection="All" path="/" timeout="60000" slidingExpiration="true" enableCrossAppRedirects="true" /> </authentication> <machineKey decryption="AES" validation="SHA1" decryptionKey="7B4EC5B0C83631DF25D5B179EDDBF91B1C175B81C6F52102267D3D097FBF272A" validationKey="7D1F50788629CC342EE4985D85DE3D14F10654695912C0FFD439F54BED64F76A57A2D5E8180BC6FF052E0385C30558F5527D6C197C577A7F32DD8FF1CAC9F794" /> Here is the transfer code to the upload form: $('#addReport').click(function() { if ($.cookie('TransferURL') != '') { $("#iframeUploadReport").attr('src', $.cookie('TransferURL')); }; $('#overlay').fadeIn('slow'); }); <script type="text/C#" runat="server"> void Page_Load() { string cookieName = FormsAuthentication.FormsCookieName; string userName = Request.Cookies["HiddenUsername"].ToString(); string cookieValue = FormsAuthentication.GetAuthCookie(userName, false).Value; Response.Cookies["TransferURL"].Value = "http://eaa.cms.necinteractive.net/members/media-upload" + String.Format("?{0}={1}", cookieName, cookieValue); } </script> <iframe id="iframeUploadReport" src="http://eaa.cms.necinteractive.net/members/media-upload" width="500px" height="336px" frameborder="0" scrolling="no"></iframe> Can you see any obvious step we are missing? Thanks

    Read the article

  • Implementing a Suspension or Penalty System for Users in ASP.NET MVC

    - by Maxim Z.
    I'm writing a site in ASP.NET MVC that will have user accounts. As the site will be oriented towards discussion, I think I need a system for admins to be able to moderate users, just like we have here, on Stack Overflow. I'd like to be able to put a user into a "suspension", so that they are able to log in to the site (at which point they are greeted with a message, such as, "Your account has been suspended until [DATE]"), but are unable to do the functions that users they would normally be able to do. What's the best way of implementing this? I was thinking of creating a "Suspended" role, but the thing is, I have a few different roles for normal users themselves, with different privileges. Have you ever designed a feature like this before? How should I do it? Thanks in advance.

    Read the article

  • aspnet_reqsql not working at all

    - by user252160
    I would like to create the ASP.NET User database template on a database of my own, because I'd like to fully untegrate the user system with the rest of my DB. As I've read, i needed to use the aspnet_regsql tool. I put all the options (because my database is running on SQLEXPRESS and is in an mdf file in my project's folder). the program starts and seemingly runs without any errors, however, when I open the database after that, not tables or stored procedures have been added. One more thing: I did one more test. I intentionally gave the -d option a wrong mdf file address, and surprisingly, the program "finished" correctly, yet no file was crated or modified whatsoever.

    Read the article

  • IsAuthenticated is false! weird behaviour + review question

    - by Naor
    This is the login function (after I validate user name and password, I load user data into "user" variable and call Login function: public static void Login(IUser user) { HttpResponse Response = HttpContext.Current.Response; HttpRequest Request = HttpContext.Current.Request; FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(1, user.UserId.ToString(), DateTime.Now, DateTime.Now.AddHours(12), false, UserResolver.Serialize(user)); HttpCookie cookie = new HttpCookie(FormsAuthentication.FormsCookieName, FormsAuthentication.Encrypt(ticket)); cookie.Path = FormsAuthentication.FormsCookiePath; Response.Cookies.Add(cookie); string redirectUrl = user.HomePage; Response.Redirect(redirectUrl, true); } UserResolver is the following class: public class UserResolver { public static IUser Current { get { IUser user = null; if (HttpContext.Current.User.Identity.IsAuthenticated) { FormsIdentity id = (FormsIdentity)HttpContext.Current.User.Identity; FormsAuthenticationTicket ticket = id.Ticket; user = Desrialize(ticket.UserData); } return user; } } public static string Serialize(IUser user) { StringBuilder data = new StringBuilder(); StringWriter w = new StringWriter(data); string type = user.GetType().ToString(); //w.Write(type.Length); w.WriteLine(user.GetType().ToString()); StringBuilder userData = new StringBuilder(); XmlSerializer serializer = new XmlSerializer(user.GetType()); serializer.Serialize(new StringWriter(userData), user); w.Write(userData.ToString()); w.Close(); return data.ToString(); } public static IUser Desrialize(string data) { StringReader r = new StringReader(data); string typeStr = r.ReadLine(); Type type=Type.GetType(typeStr); string userData = r.ReadToEnd(); XmlSerializer serializer = new XmlSerializer(type); return (IUser)serializer.Deserialize(new StringReader(userData)); } } And the global.asax implements the following: void Application_PostAuthenticateRequest(Object sender, EventArgs e) { IPrincipal p = HttpContext.Current.User; if (p.Identity.IsAuthenticated) { IUser user = UserResolver.Current; Role[] roles = user.GetUserRoles(); HttpContext.Current.User = Thread.CurrentPrincipal = new GenericPrincipal(p.Identity, Role.ToString(roles)); } } First question: Am I do it right? Second question - weird thing! The user variable I pass to Login has 4 members: UserName, Password, Name, Id. When UserResolver.Current executed, I got the user instance. I descided to change the user structure - I add an array of Warehouse object. Since that time, when UserResolver.Current executed (after Login), HttpContext.Current.User.Identity.IsAuthenticated was false and I couldn't get the user data. When I removed the Warehouse[] from user structure, it starts to be ok again and HttpContext.Current.User.Identity.IsAuthenticated become true after I Login. What is the reason to this weird behaviour?

    Read the article

  • An unhandled exception of type 'System.StackOverflowException' occurred in mscorlib.dll

    - by Sahar
    Hello everybody i wrote a code in asp.net that read data from files and draw a graph. It worked but after awhile when i run the program, this exception arise "An unhandled exception of type 'System.StackOverflowException' occurred in mscorlib.dll" in this statement in the code: if (File.Exists(fName)) <----(here is the exception) { stream = File.Open(fName, FileMode.Open); g_day = Deserialize(stream); stream.Close(); int cn = 0; if (g_day.Values.Count != 0) cn = g_day.Values[g_day.Values.Count - 1].Value; Label1.Text = cn.ToString(); } can u help me

    Read the article

< Previous Page | 20 21 22 23 24 25 26 27 28 29 30 31  | Next Page >