i am extending the default asp.net mvc example.. i am using asp.net membership provider that comes with it . . the issue is that if i access one of my url's directly without logging on it shows the full page with "Log On" link at the top. I want it to obvious redirect to the login page, if anyone accesses any of the specific action ur...
What is the ASP.NET Membership framework's reputation as far as security goes? Are there any typical default configuration settings that are problematic? What best practices are there? Are there any built-in methods to combat things like session hijacking? ...
I'm trying to model my organization's membership products for accepting and recording membership purchases in our business database. Someday we hope the purchases will be made online and automatically put into the business database. The problem is that our membership products are all over the place. We have 4 types of organizations th...
i am using the asp.net mvc sample app and have expanded it a bit. I use the asp.net membership for login and registration for users. I now want to change it so when people register, instead of instantly being able to login, it goes to some state where an admin has to approve it. Once this approval happens, then they can log in. Is th...
i found an article that says: "To access the Web Site Administration Tool, on the Website menu, click ASP.Net Configuration." I dont see a Website menu in visual studio 2008 when i am looking at my asp.net mvc solution. Is there any other way i can setup roles with asp.net membership? ...
is there a way i can let the admin users of my site manage roles of other users. I see the asp.net membership tool but that seems to be just for developers of the site. i want a situation where i can give one user admin role and let him manage all of the other role details of the other users so they dont have to come back to me for ent...
i have this code in my membership service class (taken from the asp.net-mvc sample app) public MembershipUserCollection GetUnapprovedUsers() { MembershipUserCollection users = Membership.GetAllUsers(); MembershipUserCollection unapprovedUsers = new MembershipUserCollection(); foreach (MembershipUser u in us...
i have change the default Account Membership provider to set IsApproved to false. public MembershipCreateStatus CreateUser(string userName, string password, string email) { MembershipCreateStatus status; _provider.CreateUser(userName, password, email, null, null, false, null, out status); return status; ...
i am having a user register but IsApproved is false but when i check Request.IsAuthenticated it still returns true. Do you know how this can happen? ...
what is the code for determining if a user is in a role. I have setup all the users through the ASP.Net configuration Security tab but now want to put logic around some key areas so only people in certain roles can see and access these areas. ...
I am using asp.net mvc. I have generated a view that retrieve all unapproved users in the asp.net membership table. I have put checkboxes next to them for someone to bring up a view. The goal is that someone should be able to check certain checkboxes, hit save and that will go back to asp.net membership and change the IsApprove flag t...
I'm using ASP.NET MVC and the Membership providers. How do I get the profile of a user in a view? any particular method to get it? The template project out of the box access the username in this way: <%= Html.Encode(Page.User.Identity.Name) %> I'd like to have a similar way to access the profile data. ...
Greetings, Currently working on a corporate Intranet project using asp.net 3.5. This app can only be accessed by certain users in the office using windows authentication. I am planning to use sql server User table to give permission to this app coupling with windows authentication. Only users that reside in the SQL user table can acce...
when i run this code, i get back true bool isAdmin = Roles.IsUserInRole(item.loginName, "Administrator"); but when i bring up the Security tab in the Asp.net Website administration tool, this user doesn't exist (or atleast i dont see this user in the list) when i go to the database, i do see this users in the aspnet_Users and aspnet...
I have an ASP.NET 2.0 3-tiered app. I want ALL of the db interaction to go through the db layer. So, when I use the Login controls, instead of them calling methods that hit the db, I want them to call down the layers until I reach the db layer. At that point I would call the Membership methods to, say, login, check the username,etc. Howe...
I'm currently using a very basic custom implementation of MembershipProvider in an ASP.NET web application. As my requirements for membership increase, it seems to make a lot of sense to use an existing, full featured, and well tested implementation like SqlMembershipProvider. I've figured out how to use the aspnet_Memebership stored pro...
I'm creating a user approval interface leveraging the .Net Membership class. I have a page that does a Membership.GetAllUsers(), and I spit the results to a datagrid. I filter them by MembershipUser.IsApproved. My Issue is due to slowness I'm hitting while I GetAllUsers(). Since I don't need to pull down all of the users, but rather...
I have a site (SiteA) using ASP.NET membership. One thing that it must do is allow the end user at a separate site (SiteB) to launch a new browser window to a page at SiteA with POST data attached to prefill the page. If the user is logged into SiteA, then the launch from SiteB works and the page is prefilled. However, if the user is ...
I'm using the standard SqlMembershipProvider that comes with the ASP.NET MVC demo. I'm interested in implementing a "Forgot your password" link on my site. What is the correct way for this feature to be implemented? Should I overwrite the password with a temporary one and email it to their registered email? ...
I have an ASP.NET 3.5 Web Site using the standard SQL Membership Provider. The application has to pass the IBM Rational AppScan before we can push to production. I am getting the error: Severity: High Test Type: Application Vulnerable URL: http://mytestserver/myapp/login.aspx Remediation Tasks: Do not accept externally created session ...