I have a question about the membership in asp.net from what I have read so far. I have created a users table in mysql and have linked the membership to it correctly. I need a mysqlrolesprovider to use roles with this, so will be looking further for it.
Yes, you need a roles provider that would work with mySql. However, I am sure there is already one out there somewhere you can grab.
schadha
From so far what I have read, I see that we have a few ways to make navigation for the site:
1- Use the sitemap. Problem with this is that if I want a seperate menu for anonymous user, and the logged in ones. I see that we can use roles to overcome this. But I am not sure if it really works correctly. Like if a user types the url of a secured page
directly, will he get access to it or will still be stopped.
2- Create the menu dynamically, based on user when the page loads.
I would go with option 1.
The roles filtering works very well with sitemaps, but you are correct in that is only hides the nodes; it does NOT actually restrict non-authorized users from accessing a page directly.
For that, you have to explicitly secure your files and/or directories in web.config using the <location> element. The <location> element lets you allow or deny access to any defined location in your file structure based on identity (userName), authorization
(role), and authentication (whether or not a user is logged in).
schadha
we have a details.aspx page this can be used to show data for both anonymous users and logged in ones, based on the parameters with it. So how does my membership help me with this, or in such cases we use the old asp approach of checking the user roles
dynamically on the page and showing the content accordingly.
How you accomplish scenarios like this depend on the granularity you need to control.
As I said, for simple allow/deny access to a whole page, you can use the <location> element.
For situations such as you've described, where actual access to the page is allowed to everyone, but some page contents may be shown or hidden based on authentication or authorization, you can look into using a LoginView. A LoginView lets you use templates
to define how a page or a section of a page will look (and of course, what data it will contain) based on authentication (whether a user is logged in) and authorization (if they are logged in, do they belong to the correct role?).
Sometimes you need an even finer level of control; for example, if you have a GridView with record editing buttons in each row. You would want the edit buttons to show to, say, Administrators, but not to normal logged in users or anonymous users. In cases
where the functionality can't be easily broken down by page section, you can use the classic ASP-like way of dynamically checking the role(s) of the currently logged in user:
MembershipUser currentUser = Membership.GetUser();
if (currentUser.IsInRole("Admin"))
{
// do or show something here
}
Questions do not sound funny in the least. I've heard way funnier. [:D]
I will play around with this much for some time, and will bug you again with something new soon. I hope you wont mind, and I am not disturbing or taking too much time of yours.
Sandy
Looking to check the time, goto http://whatisthetime.in/[xxx] replace [xxx] with your city name.
I was working with membership having found the MySQLMerbershipProvider and MySQLRoleProvider. Till yesterday, my users got created with the CreateUserControl, but today suddenly I started getting this error: "Your account was not created. Please try again.".
No user is getting added to the database, although I am still able to login using the Login control and users created yesterday. On checking further I could see that an exception was getting raised with following details.
An exception occurred communicating with the data source.
Action: CreateUser
Exception: MySql.Data.MySqlClient.MySqlException: Failed to read auto-increment value from storage engine
at MySql.Data.MySqlClient.MySqlStream.OpenPacket()
at MySql.Data.MySqlClient.NativeDriver.ReadResult(UInt64& affectedRows, Int64& lastInsertId)
at MySql.Data.MySqlClient.MySqlDataReader.GetResultSet()
at MySql.Data.MySqlClient.MySqlDataReader.NextResult()
at MySql.Data.MySqlClient.MySqlCommand.ExecuteReader(CommandBehavior behavior)
at MySql.Data.MySqlClient.MySqlCommand.ExecuteReader()
at MySql.Data.MySqlClient.MySqlCommand.ExecuteNonQuery()
at MySql.Membership.MySqlMembershipProvider.CreateUser(String username, String password, String email, String passwordQuestion, String passwordAnswer, Boolean isApproved, Object providerUserKey, MembershipCreateStatus& status) in C:\Inetpub\wwwroot\testapp\App_Code\MySqlMembershipProvider.vb:line 468
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
I have now replaced the provider with a new one with a little different struc, and it is working again. I am not sure what and where could the problem be, as yesterday the previous provider worked to add records to db.
Another issue that I am facing is, that when I run my site from VWD (express) in IE, the port in address bar is 4 less then what development server is running at. This is the same in FF, with an added www. and .com to the localhost (http://www.localhost.com:4995/testapp/)
Please suggest
Sandy
Looking to check the time, goto http://whatisthetime.in/[xxx] replace [xxx] with your city name.
May I suggest that, instead of asking a string of unrelated questions in a single thread, that you ask each new question in a new thread? That way, more people will see it, which means you have a much better chance of getting an answer. That will also help
those in the future who may be searching for the same answer.
Also, when a thread is answered, you should "mark" the relevant post as the answer.
Lee Dumond
Contributor
6404 Points
1173 Posts
Re: Help required to begin new project
Feb 06, 2009 08:58 PM|LINK
Yes, you need a roles provider that would work with mySql. However, I am sure there is already one out there somewhere you can grab.
I would go with option 1.
The roles filtering works very well with sitemaps, but you are correct in that is only hides the nodes; it does NOT actually restrict non-authorized users from accessing a page directly.
For that, you have to explicitly secure your files and/or directories in web.config using the <location> element. The <location> element lets you allow or deny access to any defined location in your file structure based on identity (userName), authorization (role), and authentication (whether or not a user is logged in).
How you accomplish scenarios like this depend on the granularity you need to control.
As I said, for simple allow/deny access to a whole page, you can use the <location> element.
For situations such as you've described, where actual access to the page is allowed to everyone, but some page contents may be shown or hidden based on authentication or authorization, you can look into using a LoginView. A LoginView lets you use templates to define how a page or a section of a page will look (and of course, what data it will contain) based on authentication (whether a user is logged in) and authorization (if they are logged in, do they belong to the correct role?).
Sometimes you need an even finer level of control; for example, if you have a GridView with record editing buttons in each row. You would want the edit buttons to show to, say, Administrators, but not to normal logged in users or anonymous users. In cases where the functionality can't be easily broken down by page section, you can use the classic ASP-like way of dynamically checking the role(s) of the currently logged in user:
MembershipUser currentUser = Membership.GetUser(); if (currentUser.IsInRole("Admin")) { // do or show something here }Questions do not sound funny in the least. I've heard way funnier. [:D]
Follow Me on Twitter
schadha
Member
184 Points
70 Posts
Re: Help required to begin new project
Feb 06, 2009 09:08 PM|LINK
Thanks Lee for a quick reply.
I will play around with this much for some time, and will bug you again with something new soon. I hope you wont mind, and I am not disturbing or taking too much time of yours.
Sandy
schadha
Member
184 Points
70 Posts
Re: Help required to begin new project
Feb 07, 2009 11:25 AM|LINK
I was working with membership having found the MySQLMerbershipProvider and MySQLRoleProvider. Till yesterday, my users got created with the CreateUserControl, but today suddenly I started getting this error: "Your account was not created. Please try again.". No user is getting added to the database, although I am still able to login using the Login control and users created yesterday. On checking further I could see that an exception was getting raised with following details.
I have now replaced the provider with a new one with a little different struc, and it is working again. I am not sure what and where could the problem be, as yesterday the previous provider worked to add records to db.
Another issue that I am facing is, that when I run my site from VWD (express) in IE, the port in address bar is 4 less then what development server is running at. This is the same in FF, with an added www. and .com to the localhost (http://www.localhost.com:4995/testapp/)
Please suggest
Sandy
Lee Dumond
Contributor
6404 Points
1173 Posts
Re: Help required to begin new project
Feb 07, 2009 02:00 PM|LINK
May I suggest that, instead of asking a string of unrelated questions in a single thread, that you ask each new question in a new thread? That way, more people will see it, which means you have a much better chance of getting an answer. That will also help those in the future who may be searching for the same answer.
Also, when a thread is answered, you should "mark" the relevant post as the answer.
Follow Me on Twitter
schadha
Member
184 Points
70 Posts
Re: Help required to begin new project
Feb 08, 2009 02:14 PM|LINK
Thanks Lee for all your help. I have marked one of the threads as answer.