Search results matching tag 'Roles'

Loginview with Roles in Masterpage

aspcheetah — Wed, 02 Dec 2009 05:00:00 GMT

Hi,

I have two questions. I will ask the long one first.

I have a master page with Loginview control that shows content based on roles. In the roles template of loginview I have defined a template for admin and another for a role called user. The difference between the two is that the admin sees the menu controls (whereas the user does not see the menu controls). Everything else remains the same. In admin I have content placeholder to show content from a specific page. But, in the user template I do not have the same contentplaceholder (id is different).

Now, since the id of contentplaceholder in user role template is different, I have to give two SAME CONTENT controls in each page that i want to show to both admin and user. I also have to duplicate code behind to deal with this.

Iam sure there must be a more elegant way to accomplish this. Please help. Thanks

2) My second question is: when the user logs out, master page (which has css) no longer gets applied and the page becomes unformatted. Why does this happen? ANOTHER POINT TO NOTE HERE: this does not happen when I upload to my remote hosting provider. It only happens when I debug locally.Why????

Thanks in advance for your help folks.

Dave

Re: Loginview with Roles in Masterpage

mehryad — Wed, 02 Dec 2009 05:00:00 GMT

If they're exactly the same templates and the only difference is the menu (which only the admin can see) do the following:

<asp:LoginView ID="LoginView1" runat="server">

Place what both roles have access to here!

</LoggedInTemplate>

<asp:RoleGroup Roles="admin">

<asp:RoleGroup Roles="admin">

Place what only the "admin" can access here

</ContentTemplate>

</asp:RoleGroup>

</RoleGroups>

</asp:LoginView>

In regards to your second question; not being able to have a look at your code my best guess is that the page that the user is re-directed to when they log out contains the wrong href to the style sheet! check to make sure it's right!

Hope this helped you! (P.S. don't forget to mark as answer if it did)

Display User and associated roles in gridview

nosigninname99 — Mon, 09 Nov 2009 05:00:00 GMT

Hi all,

I have a system with 3 roles to which a user can be assigned to. What I want to display in the gridview is on one line to have user name and then 3 checkboxes for each role. Ticked if a member of that role. Any ideas?

Problem in Membership provider

X-treme — Mon, 09 Nov 2009 05:00:00 GMT

Dear All,

I am facing some problem with the asp.net membership provider. I am using createuserwizard for registration. In the wizard i have bound roles. One user can be assigned to multiple roles. If i use single role it works fine but if i assign a user in multiple roles then the problem arises. In the aspnet_users table two rows are inserted and in the aspnet_usersinroles table roles are inserting but the userid is not the actual userid which is created in aspnet_membership table. It takes the second one. The userid doesn't have the reference in the aspnet_membership table I have tried with the aspnet webadmin files also. But same problem is happening there also. Please help me to solve this bug. If sample code is being posted it will help a lot.

how to add roles?

jeremyzb — Tue, 27 Oct 2009 04:00:00 GMT

Hi all,

how can I add roles in web.config or in database, then the following codes works.

[Authorize(Users="aa")]

[Authorize(Roles="admin")]

thanks

MySQL Asp.net Membership Issues

Nai — Fri, 23 Oct 2009 04:00:00 GMT

Hi, I'm using MySQL connector 6.1.2 with my asp.net page for the past couple days trying to get it posted on GoDaddy.com to use membership for my site. I've encountered a series of problems in terms of loading the mysql.data.dll and mysql.web.dll and finally I think I finally made a breakthrough today only to be presented with a new error. Can someone help me please? The Exception being issued is:


[SecurityException: Request for the permission of type 'System.Diagnostics.EventLogPermission, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=*********' failed.]
   System.Security.CodeAccessSecurityEngine.Check(Object demand, StackCrawlMark& stackMark, Boolean isPermSet) +0
   System.Security.CodeAccessPermission.Demand() +58
   System.Diagnostics.EventLog..ctor(String logName, String machineName, String source) +125
   System.Diagnostics.EventLog..ctor() +24
   MySql.Web.Security.MySQLMembershipProvider.WriteToEventLog(Exception e, String action) +30
   MySql.Web.Security.MySQLMembershipProvider.ValidateUser(String username, String password) +864
   System.Web.UI.WebControls.Login.AuthenticateUsingMembershipProvider(AuthenticateEventArgs e) +60
   System.Web.UI.WebControls.Login.OnAuthenticate(AuthenticateEventArgs e) +119
   System.Web.UI.WebControls.Login.AttemptLogin() +115
   System.Web.UI.WebControls.Login.OnBubbleEvent(Object source, EventArgs e) +101
   System.Web.UI.Control.RaiseBubbleEvent(Object source, EventArgs args) +37
   System.Web.UI.WebControls.Button.OnCommand(CommandEventArgs e) +118
   System.Web.UI.WebControls.Button.RaisePostBackEvent(String eventArgument) +166
   System.Web.UI.WebControls.Button.System.Web.UI.IPostBackEventHandler.RaisePostBackEvent(String eventArgument) +10
   System.Web.UI.Page.RaisePostBackEvent(IPostBackEventHandler sourceControl, String eventArgument) +13
   System.Web.UI.Page.RaisePostBackEvent(NameValueCollection postData) +36
   System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +6785
   System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +242
   System.Web.UI.Page.ProcessRequest() +80
   System.Web.UI.Page.ProcessRequestWithNoAssert(HttpContext context) +21
   System.Web.UI.Page.ProcessRequest(HttpContext context) +49

Thanks in advance.

Re: SQL Server Not Found or Not Accesible

G0ggy — Thu, 15 Oct 2009 04:00:00 GMT

The majority of suggestions I have already tried.

The only difference between this website, and the one that works, is that this website implements roles and membership.

Here is the settings for those items to see if you guys can spot any errors in them:

<authentication mode="Forms">
          <forms name="MCERTSSampleData"
             defaultUrl="~/Default.aspx"
             loginUrl="~/Insecure/Users/Login.aspx" ></forms>
      </authentication>

      <membership defaultProvider="AspNetMembershipProvider">
          <providers>
              <add connectionStringName="ASPMembershipConnString"
                enablePasswordRetrieval="false" 
                enablePasswordReset="true"
                requiresQuestionAndAnswer="false"
                applicationName="MCERTSSampleData"
                requiresUniqueEmail="false"
                passwordFormat="Hashed"
                maxInvalidPasswordAttempts="5"
                minRequiredPasswordLength="5"
                minRequiredNonalphanumericCharacters="0"
                passwordAttemptWindow="10"
                passwordStrengthRegularExpression="" 
                name="AspNetMembershipProvider"
                type="System.Web.Security.SqlMembershipProvider" />
          </providers>
      </membership>

      <roleManager defaultProvider="AspNetSqlRoleProvider"
          enabled="true"
          cacheRolesInCookie="false"
          cookieName=".ASPROLES"
          cookieTimeout="30"
          cookiePath="/"
          cookieRequireSSL="false"
          cookieSlidingExpiration="true"
          cookieProtection="All" >
              <providers>
                  <add
                    name="SqlProvider"
                    type="System.Web.Security.SqlRoleProvider"
                    connectionStringName="ASPMembershipConnString"
                    applicationName="MCERTSSampleData" />
              </providers>
      </roleManager>

LoginView and Gridviews (User Control based on role)

Yanayaya — Wed, 16 Sep 2009 04:00:00 GMT

I am making an intranet page and I have been working with 2 ideas and I cannot decide on which would be best and / or standard practice.

On one hand I can protect my pages with roles and users. Simple enough. But would it be common place to use a loginview to control weather a user can edit user data? Or would it be more practical to use the roles to define what the user can and cannot not.

I have data being displayed in a detail view, and want an anon user to simply be able to view the data and a logged in user to be able to edit it. So I used the login view, with the anon templaye showing the data one way and the logged in template showing it with edit and delete controls. However this means that a user who simply logs in can use thos controls and there is no delegation of rights.

So it doesnt feel like I am using it the way I should or is it ok to use the loginview in this fashion?

If I want to allow certain users the ability to edit database infromation from these gridviews and details views using roles. What is the best way to accomplish this?

Thanks in advance

yan

Re: Authentication in MVC

sjnaughton — Fri, 04 Sep 2009 04:00:00 GMT

[quote user="joaoluizbt"][AcceptVerbs(HttpVerbs.Post), Authorize][/quote]

see How to secure applications using authentication and authorization from the NerdDinner tutorial.

Your above code only says that users MUST be authenticated to access this controller, if you wanted only certan users to have access then you could use Roles like this:

[AcceptVerbs(HttpVerbs.Post), Authorize(Roles="Admin,Accounts")]

This would then only allow members of the "Admin" and "Accouns" roles to access the controller.

users, roles linking to specific table

tnichols333 — Thu, 16 Jul 2009 04:00:00 GMT

Basically - I am new to security and need a little help. This is probably simple and there may be examples out there - but I can't find anything (probably don't know the right thing to look for).

I am writing a asp.net web application in vb.net (CRM) where sales people log in and should only be able to see their accounts, even on reports or anything else... I will probably just use the built in membership and roles of 3.5 if possible, but not opposed to doing something custom if needed.

any example or help would be much appreciated!!!