Hi, I'm using ASP.NET and the membership provider for my site. If the user is able to easily see their GUID, would that be considered a security risk? Should I take extra steps to prevent users from easily finding their GUID such as when they confirm their verification process. Although there are ways around this, such as using a seper...
I'm trying to incorporate user statistics into a site and decided to go for this in my users table: time when the user registers time when the user verifies visit count time of last visit What other statistics am I missing? Should I track each login time in a separate table too? Is that considered good auditing or too much? There ar...
In my Web forms applications I had been wiring my Asp.net membership register controls event "OnCreatingUser" to do my checks for whether the user name or email exits or if the user name is appropriate. What is the equivalent method in Mvc and how is it used? Here is part of my method from a web forms application. public void cuwRegis...
This is the Membership API in .NET 2.0. Suddenly it stopped working on me. I've stripped it to the basics. I get no response when I try to create a user. It goes through the code with no error, but nothing happens. Here is the code in the aspx: Protected Sub Button1_Click(ByVal sender As Object, ByVal e As System.EventArgs) Handles ...
What restrictions should I impose on usernames? why? What restrictions should I not impose on usernames? why? P.S. db is via best-practice PDO so no risk of sql injection Thanks ...
Hi, I've been trying to get membership working in ASP.NET MVC. There are some pages that require authentication. Others that can have guests and authorised members. Much like StackOverflow. They can do things anonymously or as a registered user. We also have a custom database schema of handling members (not the default ASP.NET Membersh...
I've converted a web site to a web application and am now experiencing a strange behavior with the application. Essentially, there are 2 webs. One web site is the main, front-facing site written in ASP.NET 1.1 but with the Membership piece added from 2.0. The other is a former web site now grown up to a web application. It seems as tho...
Hi all, I'm using the ASP.Net SqlMembershipProvider to manage my users. Here is my config: <membership defaultProvider="SqlProvider" userIsOnlineTimeWindow="15"> <providers> <clear /> <add name="SqlProvider" type="System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral,...
After having restored a database recently that contained the ASP.NET membership provider tables, I noticed the LastLoginDate and LastPasswordChangedDate are now right around the time of the restore. It doesn't look like these fields are auto calculated, so why are they recreated during the restore? ...
Ok heres the deal I purchased a windows shared hosting account on godaddy that came with 2 MSSQL databases. I setup one to hold my site data and the other installed aspnet membership schema to store site members. The site works perfectly even displaying data from the 1st database. However when I try to login or register I get this nasty ...
I am looking for a library that will allow an arbitrary group of computers to participate in a "cluster", where I'm using that term to mean a group of systems in which: the systems are able to automatically discover each other, the systems engage in a master election process to determine the cluster master the systems will re-elect a n...
Hi, I have a silverlight control on my asp.net mvc page, need to communicate with a webservice where i need to send the current role of the user logged into the system with. But how do I access the "Roles.GetRolesForUser()" from within my silverlight application? ...
Hi, I'm trying to implement a fuzzy logic membership function in C for a hobby robotics project but I'm not quite sure how to start. I have inputs about objects near a point, such as distance or which directions are clear/obstructed, and I want to map how strongly these inputs belong to sets like very near, near, far, very far. Does ...
Hello, I have different types of Roles to take into account when authorizing a user. For example: John must have Position Manager and be part of the Office Supplies Department to order a new computer. Problem with Roles is Roles.GetRolesForUser("John") can only return a string array. Should I go with a custom roleProvider and custo...
Hi I'm using asp.net profile functionality. I need to use some profile property names like "test/appname". When I try to star the web application I get an error about invalid property name. I think the problem is the autogenerated profilecommon class. I'm accesing profile properties with getters and setters so I don't need the profile...
This question is about the tables created by aspnet_regsql for the ASP.NET 2.0 Membership database. I am incorporating these tables and procs, etc from the database into my application database for ease of manageemnt and integration with the application data. I notice that none of the tables have primary keys. This is a difficulty with...
when I build asp.net applications that require user login, I write a method in my businees class that returns a Member object instance if the user is logged in, null if not. Then I do this: Session["User"] = user; Then in every page load I have to implement this: User user = Session["User"] as User; if(null==user){ //toggle the sta...
I want to use the the AuthorizeAttribute to control which users are allowed access to my actions. I just want to clarify that my logic is in order. I create my own implementation of IPrincipal I post a user's credentials to a login action of a security controller. I validate the credentials with a UserService class and assign the IPri...
Hi. I went through a custom profile provider example a while ago and I am now revisiting it. My database has all the dbo.aspnet_* tables created when I ran the aspnet registration wizard. In these tables I have aspnet_Profile which has a FK constraint pointing to aspnet_Users. I also have two tables in MyDB: The first, dbo.ProfileD...
I am designing the database of a website and I have noticed that stackoverflow adopts openID which is very impressive. But what if some users use email address which doesn't support openID. What do you think of this issue? ...