Home
Get Started
Learn
Downloads
AJAX
MVC
Community
Wiki
Forums
Sign in
|
Join
Home
›
ASP.NET Forums
›
Search
Search
You searched for the word(s): userid:421999
More Search Options
RSS Available
Matching Posts
Re: How to Decode Password?
the method you mention is outside the scope of the membership provider - and you would need to write your own mechanism. If you use the membership provider, then you simply call the membershipUser.ChangePassword method
Posted to
Security
(Forum)
by
sbillingsley
on 9/11/2008
Re: Authentication Expiration Handling
you can also force the browser to redirect at a given time and "logout" the user - 20 minute example, Response.AddHeader( "Refresh" , "1200;URL=" + ResolveClientUrl( "~/Logout.aspx" )); of course, this only works if the user still has their browser open - if they close the browser, there is no request sent to your web server so you will not know when they close the browser. (you could throw an ajax timer and a sentinal post - but then you could really raise
Posted to
Security
(Forum)
by
sbillingsley
on 9/11/2008
Re: How to login a user from code behind
If you use the default membership stuff, then the redirect is used to set the user context during the Authentication Request. It is possible to do this yourself at the application level, http://weblogs.asp.net/cazzu/archive/2004/07/21/FormsAuthRoles.aspx or, of course, you can create your own custom security solution using cookies, etc.
Posted to
Security
(Forum)
by
sbillingsley
on 9/11/2008
Re: Authentication cookie not being saved
for one thing, you have the cookie expiring in 1 minute. don't forget to add the GenericPrincipal to set the current user identity as the last step in AuthenticateRequest //Create principal and attach to user Context.User = new System.Security.Principal.GenericPrincipal(ident, roles); http://weblogs.asp.net/cazzu/archive/2004/07/21/FormsAuthRoles.aspx
Posted to
Security
(Forum)
by
sbillingsley
on 9/11/2008
Re: I am having trouble with my security
lame answer - I've never been successful with a web page creating an event log - I've always written a console application that did the creation - then the web page could write to it.
Posted to
Security
(Forum)
by
sbillingsley
on 9/10/2008
Re: One WEB METHOD of WEB SERVICES Fails.
Normally, IIS does not let you read or write outside of the path that you are in - so if you move the images to c:\inetpub\wwwroot\webservice\images - then it has a better chance of working. Otherwise, change the thread pool identity that is being used for the web service to a local or domain account that has access to the folder in question - don't forget to right click on the folder and ensure that the account that is running the web page has read/write/etc access. of course, if you could just
Posted to
Security
(Forum)
by
sbillingsley
on 9/10/2008
Re: How to login a user from code behind
you have to redirect. The user is not authenticated until the code can read the authentication cookie. So, you have to set the cookie in one page and read the cookie in the next page - then the User.Identity.IsAuthenticated will be true. Authentication occurs way before your code behind code runs (so that it can set identities of processes, etc), so you can't set forms based authentication without having the page reload with the authentication cookie present.
Posted to
Security
(Forum)
by
sbillingsley
on 9/10/2008
Re: how to check server status
here's an example product (with source code) that looks at performance counters, etc - and displays it on a web page.
Posted to
Security
(Forum)
by
sbillingsley
on 9/10/2008
Re: Authentication Expiration Handling
The original authentication ticket in .net 1.0 was for 50 years - you have the ability to set how long the ticket lasts - just remember that the authentication is kept as a cookie on the client and that when it gets past 1/2 it's lifecycle, it requests a new cookie - so finding out when authentication ends is near impossible, except when the logout page is accessed. It's unlikely that you'll find a full-proof way of handling this. Your closest option would be to use session_OnEnd in the
Posted to
Security
(Forum)
by
sbillingsley
on 9/10/2008
Re: allow ErrorPage to by pass authentication
first off, I think that authorization is done in order, so if you deny all, then the Allow for the passwordrecovery.aspx will not work (as it has already been denied). Here is an example from one of our sites that puts the protected content in various directories - notice that I allow all users to the default directory - and then we limit it per directory. < configuration xmlns= "http://schemas.microsoft.com/.NetConfiguration/v2.0" > ... < system.web > ... < authentication
Posted to
Security
(Forum)
by
sbillingsley
on 9/8/2008
Page 1 of 13 (121 items) 1
2
3
4
5
Next >
...
Last »
WindowsClient:
Build WPF Data Controls for Outlook Addins Easily with VS2010
Channel 9:
Channel 9 Live at PDC09: .Net Rocks Part 2
Channel 9:
Channel 9 Live at PDC09: .Net Rocks Part 1
Channel 9:
Channel 9 Live at PDC09: Wei Zhu (Facebook)
WindowsClient:
WPF Manipulation Basics
ASP.NET:
High CPU in .NET app using a static Generic.Dictionary
TechNet Edge:
Deploying Silverlight - Why and How
WindowsClient:
Windows Client Developer Roundup for 12/21/2009
Silverlight:
4 Calendars & Plans for 2010 / 5770
ASP.NET:
ASP.NET MVC 2 and Visual Studio 2010
ASP.NET:
Moving your ASP.NET Application to Windows Azure – Part II
Silverlight:
HVP – Core Scaffolding and Updated News
Channel 9:
TWC9: 2009 - The Year in Review
ASP.NET:
Tip#100: Did you know… How to view ASP.NET trace information?
ASP.NET:
Passing anonymous objects to MVC views and accessing them using dynamic
Channel 9:
Channel 9 Live at PDC09: Coding 4 Fun
Channel 9:
Channel 9 Live at PDC09: Stephen Toub
WindowsClient:
Mouse Gestures for Internet Explorer
Channel 9:
Controlling concurrency in Rx
Channel 9:
Dev Tools Ecosystem Summit Videos Available
Microsoft Communities
ASP.NET
Channel 8
Channel 9
Channel 10
IIS.NET
Silverlight
TechNet Edge
WindowsClient
Mix Online