Search results matching tag 'membership'

Re: Membership Provider should allow users to login with Email Address+Password instead of Username+Password

PatrickRR — Sun, 06 Dec 2009 05:00:00 GMT

The asp.net membership provider was designed in a way that it is very easy to add existing events to the control to allow users to login with their choice of email address or user name.

1. Login Page: Add a new event handler to the login control: OnLoggingIn="Login_OnLoggingIn"

In your code behind get the UserName for the email address by calling the procedure: aspnet_Membership_GetUserByEmail

2. Code Behind: I Kept this very simple. If the user entered an @ in the user id, then I assume they entered an email address (you could use regex but why bother if you site does not allow emails for user ids).

protected void Login_OnLoggingIn(object sender, EventArgs e)
{
   if (Login1.UserName.Contains("@"))
   {
       Login1.UserName = MyDataLayer.GetUserIDFromEmail(Login1.UserName);
                                    //Calls Proc aspnet_Membership_GetUserByEmail
   }
}

That is it! Your user is logged in....

!!! Don't forget the Recover Password page to work in the same manner !!!

1. Add event handler: OnVerifyingUser="Recover_OnVerify"
2. Code Behind

protected void Recover_OnVerify(object sender, EventArgs e)
{
    if (PasswordRecovery1.UserName.Contains("@"))
    {
       PasswordRecovery1.UserName = MyDataLayer.GetUserIDFromEmail(PasswordRecovery1.UserName);
    }
}

That is it... new password sent to user.

This logic is implemented on MTR Investors Group a Stock Market Timing Model Site (mtrig.com) if you want to stop by and register (it is free).

Thanks,
Patrick

Using membership to protect non-aspx files.

Grenville — Wed, 02 Dec 2009 05:00:00 GMT

Hi!

I'm trying to find a way to protect pdf files (stored in their own directory) from being accessible to users not logged in via the .net membership method.

I ntoice that if I drop a web.config into the directory banning all users with this

</authorization>

Then the I can still access the pdf's. If I put an aspx page within it then I'm redirected to my login page. It's quite important that I protect the pdfs in this instance and I'm not sure how I can achieve that.

If anyone has any experience with that, please let me know :) Thanks

P.S. Thinking about if I was able to use membership an web.configs then how would you say ban all non-logged in users (I currently don't have roles for standard users, so I can't ban the roles)? Is it with;

Authentication and authorization

karads008 — Thu, 12 Nov 2009 05:00:00 GMT

Hi,

I have an ASP.NET web appllication(deployed in web server) which will communicate with WCF service(in appserver)

and in turn WCF service will communicate with database(database server) and give the data back to the application.Earlier i was using membership feature of asp.net for authentication and authorization in web application. To keep up with our architecture, web server can not access database directly, so i moved memberhsip feature from web application to WCF service.Now how do i need to implement authentication and authorization in web application for this scenario?

i am a beginner in asp.net..so if anyone have any idea about this pls help me..or pls direct me to a proper article.

thanks in advance!!

Extending membership model but userid return zero using LINQ

maxi_ng — Mon, 09 Nov 2009 05:00:00 GMT

I want to implement a DAL to access and extend the ability of membership model.

I currently use userid of a membership as the FK for my objects which should belongs to a user/membership.

Since the userid is the PK for the membership, that's why I use it. If membership has a membershipId, I will use that instead.

Then I come across two questions,

1. a user should have a membership in each application, how come the membership table is using userid as PK?

2. I am using LINQ instead of the membership API to get my user information, but the return aspnet_Membership object's userid is zero GUID, why is that?

How can I get a aspnet_membership object with the correct userid?

Problem in Membership provider

X-treme — Mon, 09 Nov 2009 05:00:00 GMT

Dear All,

I am facing some problem with the asp.net membership provider. I am using createuserwizard for registration. In the wizard i have bound roles. One user can be assigned to multiple roles. If i use single role it works fine but if i assign a user in multiple roles then the problem arises. In the aspnet_users table two rows are inserted and in the aspnet_usersinroles table roles are inserting but the userid is not the actual userid which is created in aspnet_membership table. It takes the second one. The userid doesn't have the reference in the aspnet_membership table I have tried with the aspnet webadmin files also. But same problem is happening there also. Please help me to solve this bug. If sample code is being posted it will help a lot.

Issues With Profiles on IE8 only

VeX_Harbinger — Thu, 05 Nov 2009 05:00:00 GMT

Howdy All,

I'm having an odd issue with Profiles on IE8 only and so far cannot find any info on the topic.

This issue is only occuring in my Live env as well and not in my dev env. You can see the issue here;

http://www.tripatourium.com/

If you click on either of the prints on the right hand side then, click on add to cart under the large picture.
You will see the cart price (on the upper right) now reflects the change.
Then if you click on the other print (not the same, I have to fix that pathing) you will see the cart value is now empty again.

This does not occur in Moz or Chrome or in IE8 when testing locally.

Any info would be great.

Thanks,

Alex

When adding a new user with Membership.CreateUser, is not recording Password nor Role

hnavarro — Tue, 27 Oct 2009 04:00:00 GMT

I got the Success status but password record is not in aspnet_Membership and Role is not in aspnet_UsersInRoles.

The user exists in aspnet_Users.

What could be happenning?

This is my code...

CurrentUser = Membership.CreateUser(txtUsuario.Text, txtPassword.Text, txtEmail.Text,

"Who created the program?", "Horacio", True, Status)

Roles.AddUserToRole(CurrentUser.UserName,

"User")

membership.getuser() retuerns null inside HttpModule

Mehrdad201 — Mon, 26 Oct 2009 04:00:00 GMT

In my c# project , I have a class that is implemented from iHttpModule

In begin_request event, I need to check user status. I mean I need to check wheather a user is logined or not.

However a user is onlined, Membership.GetUser() returns null value.

Also User.Identity.Name returns null too.

This is seriuos problem.

Anyone can help me?

I need to check is user logined or not inside httpModule

Thanks a lot for everybody's help.

ActiveDirectroyMembershipProvider w/ ASP.NET MVC: LDAP works, but login fails

twangoosen — Mon, 26 Oct 2009 04:00:00 GMT

Hello,

I am trying to get my ASP.NET MVC 1.0 application to work with the ActiveDirectoryMembershipProvider. In the application, I would like to use form authentication to check against the active directory of our domain.

I have modified my web.config according to this page: http://msdn.microsoft.com/en-us/library/ms998360.aspx . I will put the resulting web.config at the end of this post.

In my domain, the following ldap connection string applies: LDAP://goldwing.2go-mobile.lan/CN=Users,DC=2go-mobile,DC=lan

Using the LDAP test tool from http://www.infopathdev.com/files/folders/others/entry34376.aspx , I have confirmed that this string is correct; calling it for an existing user returns the available user details.

However, the membership provider fails to validate the user. It simply returns false on the ValidateUser(username,password) call; no other errors or messages are provided.

How to proceed? Are there any debugging options or things to check?

Here are the relevant parts of my web.config file:

<?xml version="1.0"?>
<configuration>
  <configSections>
  <connectionStrings>
    <add name="ApplicationServices" connectionString="data source=.\SQLEXPRESS;Integrated Security=SSPI;AttachDBFilename=|DataDirectory|aspnetdb.mdf;User Instance=true" providerName="System.Data.SqlClient"/>
    <add name="ADConnectionString" connectionString="LDAP://goldwing.2go-mobile.lan/CN=Users,DC=2go-mobile,DC=lan" />
  </connectionStrings>
  <system.web>
    <!-- 
            Set compilation debug="true" to insert debugging 
            symbols into the compiled page. Because this 
            affects performance, set this value to true only 
            during development.
    -->
     <authentication mode="Forms">
      <forms loginUrl="~/Account/LogOn" timeout="10"  name=".ADAuthCookie"
             requireSSL="false" slidingExpiration="true"
       enableCrossAppRedirects="false">
        <credentials passwordFormat="SHA1" />
      </forms>
    </authentication>
    <authorization>
      <deny users="?" />
      <allow users="*" />
    </authorization>
    <membership defaultProvider="MyADMembershipProvider">
      <providers>
        <clear/>
       <add
       name="MyADMembershipProvider"
       type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web, Version=2.0.0.0, 
             Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
       connectionStringName="ADConnectionString"
       maxInvalidPasswordAttempts="1000"
       connectionUsername="DOMAIN/Administrator"
       connectionPassword="****"/>
      </providers>
    </membership>
    <profile enabled="false">
      <providers>
        <clear/>
        <add name="AspNetSqlProfileProvider" type="System.Web.Profile.SqlProfileProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" connectionStringName="ApplicationServices" applicationName="/"/>
      </providers>
    </profile>
    <roleManager enabled="false">
      <providers>
        <clear/>
        <add connectionStringName="ApplicationServices" applicationName="/" name="AspNetSqlRoleProvider" type="System.Web.Security.SqlRoleProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"/>
        <add applicationName="/" name="AspNetWindowsTokenRoleProvider" type="System.Web.Security.WindowsTokenRoleProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"/>
      </providers>
    </roleManager>
</configuration>

Membership.DeleteUser(UserName); doesn't work

lionelthomas — Fri, 23 Oct 2009 04:00:00 GMT

Hi all,

Have been following Scott Mitchell's tutorials on Asp.net security

http://www.asp.net/learn/security/?lang=cs

Everything seems to work fine until I came to delete a user and have run into this problem.

Exception Details: System.Data.SqlClient.SqlException: The SELECT permission was denied on the object 'sysobjects', database 'mssqlsystemresource', schema 'sys'.
The SELECT permission was denied on the object 'sysobjects', database 'mssqlsystemresource', schema 'sys'.
The SELECT permission was denied on the object 'sysobjects', database 'mssqlsystemresource', schema 'sys'.
The SELECT permission was denied on the object 'sysobjects', database 'mssqlsystemresource', schema 'sys'.

Source Error:

Line 95: 
Line 96:         // Delete the user
Line 97:         Membership.DeleteUser(UserName);
Line 98: 

Checked the database and it deletes the records in the membership and user tables but hangs afterward.

I'm executing this on localhost under an administrator account with sysadm role on the SQL server.

Don't know what to try. Please help.
Regards,
Lionel Thomas

by the way how does one get rid of this yellow box I copied from my browser.