.NET Tutorials, Forums, Interview Questions And Answers
Welcome :Guest
Sign In
Win Surprise Gifts!!!

Top 5 Contributors of the Month
Gaurav Pal
Post New Web Links

redirecting different roles WITH password

Posted By:      Posted Date: October 08, 2010    Points: 0   Category :ASP.Net


Im trying to redirect different roles to different pages. Its working but the code I'm entering allows people through even with incorrect passwords. 

    protected void  Login1_Authenticate(object sender, AuthenticateEventArgs e)
                if (Roles.IsUserInRole(Login1.UserName, "Staff"))

View Complete Post

More Related Resource Links

Accessing Username, password, roles in xml file


Currently I am storing my username and password (passwordFormat="SHA1") credientails in my web.config.  I would like to figure out how to access them in an xml file that I have stored in my App_Data directory rather than the web.config file because I do not want my application restarting everytime I manually add a user (small list of 5 authorized users for the CMS section).

Here is what my web.config section looks like:


<authentication mode="Forms">
      <forms name=".Administration"

Redirecting based on roles c#


I'm trying to redirect users upon login based on their roles which were defined in the Administer website feature of asp.net.

Heres what I'm trying

    protected void Login1_LoggedIn(object sender, EventArgs e)
        // if there is no returnUrl in the query string , we redirect based on user role  
        if (string.IsNullOrEmpty(Request.QueryString["ReturnUrl"]))
            // please don't use User.IsInR

ASP.NET forms authentication with roles

.A timeout is specified in minutes. This is "time since last request" not the "time since login". If a login is indicated to be persistent (described later) this is ignored.
.A protection method is specified for the cookie.
Next I wanted to specify a folder to which access is restricted to people who have logged in. To do this I entered the following code in the web.config file (beneath

How to Encrypt and Decrypt a Password using SQLSERVER 2005?(Video)

Encypt and Decrypt a Password using SQLSERVER 2005(Video)

symmetric key protected by a password

An alternative could be using a symmetric key protected by a password, as long as your application generates the CREATE SYMMETRIC KEY and OPEN SYMMETRIC KEY statements directly instead of calling them inside a SP (otherwise the password will still be passed as a parameter, and will be in clear in the profiler).

Need help redirecting users to personalized page


 Hi, first timer here so be gentle.


I've been able to create a cool little website, it's up and running with users logging in and out, I created roles so my administrative team can see sensitive data that's not available to regular and anonymous users.

Now they would like me to create a page specific to each user.  For instance when user A logs in they are redirected to a page that has information that pertains to user A only (like a list of their benefits/ their remaining vacation time). This page needs to be accessible only to user A. 

I've watched a ton of the videos but have yet to see one that covers this topic, any help would be great!!!





Hard Code Roles on the Pages


If i hard coded role=Manager on the specific SiteMap/Folder/Page/etc. I will have problem when the manager need to remove from access a specific page. I need to change the code ont eh page/SiteMap/Folder more move the file into another folder.

What i have in mind is to change the role to taks oriented. such as role=AddStock, Edit Stock, Delete Stock, Print DO, Add Sales, Edit Sales, Deleted Sales..... (but it will be many role for 1 user compare to just 1 as Manager)

Will this cause performance issues later when each user have 60 roles and if i have 20,000 user will it affect the application performance?

Otherwise any other option? to make it flexible.

Use Membership but bypass / disable password usage for users


I have an application that does LDAP authentication. The authentication is done on the code behind page of my Login.aspx page. Once the user passes LDAP authentication, a cookie is set and I redirect:

FormsAuthentication.RedirectFromLoginPage(UserName.Text, False)

I would like to setup membership in my application and keep track of some user information. But due to company security requirements, I cannot store user passwords on my application. That must stay on the LDAP server only.

Is there a way to store users but disable password storage on the aspnet_membership table?

help needed: Ldap User authentication using userDN and password



Is it possible to authenticate a user using userDN and password? If so, then tell me the syntax.So far i have tried to authenticate using username and password from my c# code using directoryentry which takes the parameters like domainname,username and password. But i need to authenticate using Userdn and password.

Security: Safer Authentication with a One-Time Password Solution


One-time passwords offer solutions to dictionary attacks, phishing, interception, and lots of other security breaches. Here's how it all works.

Dan Griffin

MSDN Magazine May 2008

Security Briefs: Password Minder Internals


In my last column I introduced Password Minder, the tool I use to manage all of my passwords. It generates a long, random password for each site I visit, and makes it possible for me to use the most complex passwords possible, without ever having to see the actual password material or type it in manually.

Keith Brown

MSDN Magazine October 2004

How in web.config work in MVC



I would like to secure any URL below the http://MyServer/Admins and limit it to a specific role.

In webforms it was straight forward. I just put a child web.config in the /Admin/ folder and add <authorization>  <allow roles> tags to it.

How would be the equivalent technique in MVC?

Thank you,


Roles not updating


I have all my code in my other post about checkboxlist issue, but it boils down to, once i find someone doing my search, it displays their permissions as checkboxes. But if i want to remove a permission and click update, the update doesnt seem to occur, if i search on myself, it returns me with my permissions already checked. I uncheck 1 permission, click update and the checkbox is checked again as the page posts.

Original Post:

My aspx page seems pretty simple:

<asp:Content ID="Content2" ContentPlaceHolderID="MainContent" runat="server">
    <div>Enter UserName: 
        <asp:TextBox ID="TxtUserName" runat="server" /><asp:Button ID="LookupBtn" runat="server" Text="Search" onclick="LookupBtn_Click" />  
    <div class="roleList">
        <asp:CheckBoxList ID="RoleList" runat="server" /><br />
        <asp:button ID="UpdateBtn" text="Update" Visible="false" runat="server" onclick="UpdateBtn_Click" />

My update button event and update method:

Trying to get Roles to populate a checkboxlist based on tutorial and having issues.


I have been using the following tutorial and had to convert the code to C# for my project, now i cant get the code to work, im getting red line under the word "in" in the UpdateRolesFromList,
i tried to add a datasource on page load for the checkboxlist like so RoleList.DataSource = PopulateRoleList(User.Identity.Name.ToString());

and gives me error saying cannot implictly convert type 'void' to 'object'


What am i missing, that when i load the page or even do a search it never displays the checkbox list as it shows in the tutorial?

        protected void Page_Load(object sender, EventArgs e)

        public void PopulateRoleList(string userName)
            string[] roleNames = null;
            string roleName = null;
            roleNames = Roles.GetAllRoles();
            foreach (string roleName_loopVariable in roleNames)
                roleName = r

How to stop the repeated database queries for roles


Hello, friends,

We have a web application using VS 2008, c#. We try to filter siteMap nodes based on security roles. We have our customized the mether GetRolesForUser() in RoleProvider class to determine a user's role. In this method, roles will be returned by querying an SQL Server database.

However, we found that each time a page was loaded/refershed, this  GetRolesForUser() was called, and the database would be queried. This is too MUCH and expensive.

We thought the roles should be queried only once when a user logs in. After that, role info should be stored somewhere for this user, rather than query DB all the time.

Any ideas, reference paper, snipet,...,?

Thanks a lot!

Force password expiration after x days


Using C# and sqlmembershipprovider forms authentication, is there a way to force user password to expire and need to be reset after x number of days?

So if a user launches the website login.aspx page, when they type their userid, it will check if the password is expired and direct them to a Resetpassword.aspx page?

Password change control won`t accept new password


Hi guys

I am developing a shopping cart with asp.net and sqlexpress. I am using aspnet authentication components to create a backend page. I designed the site to let in only authorized users in. 

Yesterday, I forget my password to login to backend and asked system recover my password. with recover password of the asp.net I was able to receive the temp password. I took that and logged in, of course asp.net forward me to password change component which I am having problem with. 

Every time I change my password , password change shows that I was successfull but after clicking on the continiue button password change component comes back. I went to properties of password change component and entered the main default page as destination but it is not helping. 

I close the IE clear the cache , even restart the machine. When I login always taking me to the password change page.

So, I need your help with this. Please let me know your inputs.


ASP.NetWindows Application  .NET Framework  C#  VB.Net  ADO.Net  
Sql Server  SharePoint  Silverlight  Others  All   

Hall of Fame    Twitter   Terms of Service    Privacy Policy    Contact Us    Archives   Tell A Friend