Im trying to redirect different roles to different pages. Its working but the code I'm entering allows people through even with incorrect passwords.
View Complete Post
Currently I am storing my username and password (passwordFormat="SHA1") credientails in my web.config. I would like to figure out how to access them in an xml file that I have stored in my App_Data directory rather than the web.config file because I do not want my application restarting everytime I manually add a user (small list of 5 authorized users for the CMS section).
Here is what my web.config section looks like:
<authentication mode="Forms"> <forms name=".Administration" loginUrl="~/SiteAdmin/Default.aspx" defaultUrl="~/SiteAdmin/Administration/Default.aspx" protection="All" timeout="30" path="/" requireSSL="false" slidingExpiration="true" &n
I'm trying to redirect users upon login based on their roles which were defined in the Administer website feature of asp.net.
Heres what I'm trying
Hi, first timer here so be gentle.
I've been able to create a cool little website, it's up and running with users logging in and out, I created roles so my administrative team can see sensitive data that's not available to regular and anonymous users.
Now they would like me to create a page specific to each user. For instance when user A logs in they are redirected to a page that has information that pertains to user A only (like a list of their benefits/ their remaining vacation time). This page needs to be accessible only to user A.
I've watched a ton of the videos but have yet to see one that covers this topic, any help would be great!!!
If i hard coded role=Manager on the specific SiteMap/Folder/Page/etc. I will have problem when the manager need to remove from access a specific page. I need to change the code ont eh page/SiteMap/Folder more move the file into another folder.
What i have in mind is to change the role to taks oriented. such as role=AddStock, Edit Stock, Delete Stock, Print DO, Add Sales, Edit Sales, Deleted Sales..... (but it will be many role for 1 user compare to just 1 as Manager)
Will this cause performance issues later when each user have 60 roles and if i have 20,000 user will it affect the application performance?
Otherwise any other option? to make it flexible.
I have an application that does LDAP authentication. The authentication is done on the code behind page of my Login.aspx page. Once the user passes LDAP authentication, a cookie is set and I redirect:
I would like to setup membership in my application and keep track of some user information. But due to company security requirements, I cannot store user passwords on my application. That must stay on the LDAP server only.
Is there a way to store users but disable password storage on the aspnet_membership table?
Is it possible to authenticate a user using userDN and password? If so, then tell me the syntax.So far i have tried to authenticate using username and password from my c# code using directoryentry which takes the parameters like domainname,username and password. But i need to authenticate using Userdn and password.
One-time passwords offer solutions to dictionary attacks, phishing, interception, and lots of other security breaches. Here's how it all works.
MSDN Magazine May 2008
In my last column I introduced Password Minder, the tool I use to manage all of my passwords. It generates a long, random password for each site I visit, and makes it possible for me to use the most complex passwords possible, without ever having to see the actual password material or type it in manually.
MSDN Magazine October 2004
I would like to secure any URL below the http://MyServer/Admins and limit it to a specific role.
In webforms it was straight forward. I just put a child web.config in the /Admin/ folder and add <authorization> <allow roles> tags to it.
How would be the equivalent technique in MVC?
I have all my code in my other post about checkboxlist issue, but it boils down to, once i find someone doing my search, it displays their permissions as checkboxes. But if i want to remove a permission and click update, the update doesnt seem to occur, if i search on myself, it returns me with my permissions already checked. I uncheck 1 permission, click update and the checkbox is checked again as the page posts. Original Post:http://forums.asp.net/t/1591337.aspx
My aspx page seems pretty simple:
<asp:Content ID="Content2" ContentPlaceHolderID="MainContent" runat="server">
<asp:TextBox ID="TxtUserName" runat="server" /><asp:Button ID="LookupBtn" runat="server" Text="Search" onclick="LookupBtn_Click" />
<asp:CheckBoxList ID="RoleList" runat="server" /><br />
<asp:button ID="UpdateBtn" text="Update" Visible="false" runat="server" onclick="UpdateBtn_Click" />
My update button event and update method:
I have been using the following tutorial and had to convert the code to C# for my project, now i cant get the code to work, im getting red line under the word "in" in the UpdateRolesFromList, i tried to add a datasource on page load for the checkboxlist like so RoleList.DataSource = PopulateRoleList(User.Identity.Name.ToString());
and gives me error saying cannot implictly convert type 'void' to 'object'
What am i missing, that when i load the page or even do a search it never displays the checkbox list as it shows in the tutorial?
protected void Page_Load(object sender, EventArgs e)
public void PopulateRoleList(string userName)
string roleNames = null;
string roleName = null;
roleNames = Roles.GetAllRoles();
foreach (string roleName_loopVariable in roleNames)
roleName = r
We have a web application using VS 2008, c#. We try to filter siteMap nodes based on security roles. We have our customized the mether GetRolesForUser() in RoleProvider class to determine a user's role. In this method, roles will be returned by querying an SQL Server database.
However, we found that each time a page was loaded/refershed, this GetRolesForUser() was called, and the database would be queried. This is too MUCH and expensive.
We thought the roles should be queried only once when a user logs in. After that, role info should be stored somewhere for this user, rather than query DB all the time.
Any ideas, reference paper, snipet,...,?
Thanks a lot!
Using C# and sqlmembershipprovider forms authentication, is there a way to force user password to expire and need to be reset after x number of days?
So if a user launches the website login.aspx page, when they type their userid, it will check if the password is expired and direct them to a Resetpassword.aspx page?
I am developing a shopping cart with asp.net and sqlexpress. I am using aspnet authentication components to create a backend page. I designed the site to let in only authorized users in.
Yesterday, I forget my password to login to backend and asked system recover my password. with recover password of the asp.net I was able to receive the temp password. I took that and logged in, of course asp.net forward me to password change component which I am having problem with.
Every time I change my password , password change shows that I was successfull but after clicking on the continiue button password change component comes back. I went to properties of password change component and entered the main default page as destination but it is not helping.
I close the IE clear the cache , even restart the machine. When I login always taking me to the password change page.
So, I need your help with this. Please let me know your inputs.