I'm creating an ASP.NET MVC site and I need to implement login and membership functionality. Is this something where I roll my own? I already have a members table in my database, should I create a username and password hash field and just check against it? What about keeping the user logged in with a cookie that expires? Is this a...
I'm about to kick off a new project using NHibernate and ASP.Net MVC and have come upon the question of membership. I'm wondering if I should use a 3rd party NHibernate Membership/Role provider, create my own, or just skip the providers all together. So far I've looked at: Manuel Abadia's NHCustomProviders - It seems like a lot of conf...
WHen submitting data to Data Layer when userID is not a field in the object being passed, but will still need to cross reference tables with userID when submitting data, should I call the the membership class to get the UserID at the datalayer, or should I pass UserID from level to level as a parameter? (ie from the business layer to th...
Redirect user to Login Page dependent on the Folder they are in. I have a web application with the root directory which is used by all users and the admin site. For people that would require the authenticated functionality of the site, they would require to login and be redirected to root/login.aspx. However, when an Admin needs to logi...
Is there any other reasoning other than the timeout setting in the web.config not being used? It might be the default timeout of 30 minutes but it is definitely less than 30 minutes. <authentication mode="Forms"> <forms timeout="50000000" loginUrl="content/login.aspx"/> </authentication> And for the code behind on my Login.asp...
I've got an ASP.NET application that uses the CreateUserWizard to register new users. Part of my registration process is creating a "home directory" for the user where they'll be able to upload files. I'd like to use the ASP.NET authorization features to restrict access to the "home directory". Only the registered user assigned to the...
I'm using the standard .NET membership provider, and thought I'd see if someone could shine a light on it. Calling ValidateUser return either true or false. Now since the method accepts a username and password, one would reason that the return result would reflect an invalid username or password. Yet if we delve into it further, we find...
I have create a Membership provider and changed my web.config to <membership defaultProvider="MyMembershipProvider"> <providers> <clear/> <add name="MyMembershipProvider" type="Khafan.Providers.SqlMembershipProvider" connectionStringName="KhafanConnectionString" maxInvalidPasswordAttempts="5...
Is it better to extend my business database with the tables of the ASP.NET Membership Security model. Or should I have a different datastore where I only manage Identities and Roles... Basically 1 or 2 databases? ...
I know the security risk associated and have brought it up with the business, but they want to have their 5 domains to share the login cookie. We are using and have no plan to stop using ASP.Net Membership and Profiles. Is this possible? A hack would even be greatly appreciated. ...
I was wondering if anyone could point me to some resources concerning customization of the user management system that is built in .NET. What I am talking about is: http://msdn.microsoft.com/en-us/library/ms998347.aspx I would like to know, how can I extend the user fields to store more than just common password, username? I want to s...
I've have an asp.net web app, forms authentication, that's uses Hashed password type. Will I run across any problems if I change the password type to Encrypted? I see that, if I change to Encrypted, attempted password recovery for old hashed passwords fails gracefully, which is good. Are there any not so good things that might show up ...
How can I implement single sign on across domains? I have two or more domains and I want all of them to authenticate through one server using SqlMembershipProvider (ASP.NET 2.0 membership database) I have domain foo.com which hosts the asp.net membership database and another domain bar.com which wants to authenticate through foo.com. I f...
I'm working on a web application that uses the ASP.NET 2.0 Membership and Roles providers with Forms Authentication. There are various roles in the system. I need to have a user role that is essentially a super-user that can "login" as any user account (in effect impersonating the user). Does anyone know if this is possible using the pr...
I am very new to the whole unit testing concept so I'm sorry if "unit test" is the wrong word for this. I think it might actually be a "integration test"? At any rate, I am using asp.net's membership framework for login, logout, change password, etc. But I do a few extra things like updating the authentication ticket, adding an entry to...
I'm about to start building a new asp.net project, and I'm just starting out with the whole thing of SQLMembershipProvider. What I really want to do is to remove the need for a username and just have the key to the user as the email address. It seems to me that the easiest thing might be to change the stored procedures to just remove th...
I'm building an asp.net 2.0 website using Microsoft's membership and role provider. I need a good control to manage my users. I don't want to build the control myself if there is something good available. I did some research last evening and came across a Membership Manager Control from Quality Data. I tried it in my project and it w...
When a user registers, I set the IsApproved value to false until later. After "approval" I set the users .IsApproved=true. However, the change does not get committed to db. It does show change in debugging. Any ideas? ...
I have really silly problem but it's been a week and I can't move forward. I have small app that is protected by authentication. Everything works locally, you can log-in etc. On remote machine, you can't log-in, it tells you your login is not recognized. Now, I thought it might be db connection etc, so i made small test page that list as...
I'm creating (really, re-creating) an app that has existing user and other data in MS-Access databases. The data will be moved to SQL Server, and part of that involves migrating users. I want to use EF to do ORM, and I am pretty sure I know what the data model will be in SQL Server. I am new to EF but not to ASP.NET, and I'd like to t...