I'm creating a web application to manage text books. There is only 1 person who can add, remove, or edit the existing items in the database. this is my first ever asp.net web app and I've researched where to edit privileges and cant seem to find it anywhere. I am using the built in register/login feature of asp.net. I need to have 1 admin account and the rest be basic users with only read access. Could anyone lead me in the right direction?
If you are referring to asp.net Identity, here is a "getting started" article:
https://www.asp.net/identity/overview/getting-started/adding-aspnet-identity-to-an-empty-or-existing-web-forms-project
Related
I'm preparing my next week homework about asp.net IDENTITY. I managed to create an asp.net identity with Visual Studio 2013 on a website and make it up and running (using vb.net). I have all the tables created for the users, roles etc (connected to an SQL server), and authenticated parts on aspx pages. Everything works perfectly well. So far all the users have one role only.
The next step is to create different roles for diferent users (Editors and Commentators). The EDITORS will have the possibility to write articles, edit them and comment. The EDITORS will be added locally by the website administrator. They can't register on-line. On the other hand, the COMMENTATORS will only have the possibility to discuss and comment (they can't write articles). Anyone can be registered as a commentator on-line.
How do I accomplish these roles and authenticate them? I've searched for documentation but no luck so far. Since asp.net Identity is a new framework I only found information here and there but nothing clear on how to implement website roles with the new Identity system. Or maybe I'm searching in the wrong place!!!
With this homework I am supposed to:
1. assign the different roles (Editors and Commentators) in the database.
2. to be able to athenticate the different roles in the Log In.
3. to display contents on pages according to the user role.
Any documentation (step by step) about this would be highly appreciated. It's my first year of programming so please be patient with me LOL!!! Thanks in advance!!!
Everything you need to know about AspNet.Identity is here:
http://www.asp.net/identity
The samples are excellent and are here: http://www.asp.net/aspnet/samples/aspnet-identity
I am a total newbie.
I create a website with 2 pages
Update data (update.aspx)
Add data to database (add.aspx)
I want to create login page before they can access this pages.
Even if they tried accessing by typing direct url like : www.example.com/add.aspx
they should not be allowed
And secondly,
I want to generate txt log files when they click update or add button
example
User: abc updated current field in databse on (time and date)
I hope you guys help me out. :)
am using visual studio 2012 and SQL Server
As I understand of your question, you want to activate authentication in your project. In this way there is a great article about Authentication in ASP.NET that is suitable for newbies.
ASP.NET authentication and authorization
The "Forms Authentication" section in the article can fulfill you expectation.
Also, there are some logging libraries like NLog, Log4Net, Logging Application Block that are advanced and have lots of facilities, but for starting I recommend you reading Create Simple Error Log Files using ASP.NET and C#. With a bit change in the code you can log the text that you've mentioned.
I think the question says it all,
Visual studio under ASP.net locally Development server gives the ability to access asp.net web application administration . but, if i want to access it on the web after publishing, is there any way to achieve that?
I am asking because I hope not to reinvent the wheel again!. I want to use the administration features, managing roles, users security for folders..etc.
You can do this by creating an administration panel by yourself.
Means
1. You have to create pages where you can have functionality which you want to give an administrator.
2. You have to create an administrator user and password.
3. And have to check on the administration pages that only an administrator can login to an administrative page.
If I am getting your question right.This may help you.
And If this helps you plz let me know i have another more tricks to restrict the other and secure the administration page.
That would be the biggest backdoor ever created...
the answer is NO!, we must reinvent the wheel and develop the Administration panel again, i believe that Microsoft -in the feature- will Include that in a templates just like Register and login forms.
Hey I just got a question, I haven't used asp.net before but am using c#/managed c++ but I was wondering how hard would it be to do the following.
1) Make a login system where users can register.
2) each user can upload 1 file each to a server.
And those files can only be accessed by that specific user by longing in.
I think its pretty basic so it shouldn't be to hard. Im guessing im going to need a database as well where both the username/passwords/files will be stored?
If anyone has any tutorials on this I would really appreciate it.
That's quite a broad question and there are plenty of resources are out there on the web to help get started.
It's easy to set up a forms authentication system in ASP.Net 4 by just creating a new website as it automatically creates the login and registration pages for the website in a database using a "Membership Provider":
Website User Authentication
You could create an "UploadFile" table in the database that has a reference to the file path and userName. When a user is authenticated you can get their User name from User.Identity.Name property and then check if they can upload a file. You can use an ORM for easier database access and there are plenty to choose from such as Linq To SQL, Entity Framework, or NHibernate.
There are several tutorial videos on file uploads:
Simple File Upload
Of course there is much more to this but hopefully will give you some ideas on where to start learning.
I have been Googling a problem that I have with trying to integrate the web application that I am working on with SharePoint 2010.
The web application is a wiki style tool that allows users to log in via forms authentication or WIA against Active Directory and create content for themselves and others.
What we would like to do is to allow a user have a page with the content they have created in our web application mixed in with content that they have living on the SharePoint server. For example, they may want to see a list of documents that they have on the SharePoint server mixed in with some of their content.
To accomplish this, we would like to take the credentials the user has logged into our web application with (for example MYDOMAIN\jsmith) and be able to query SharePoint for the documents of that same user (MYDOMAIN\jsmith) WITHOUT the user being prompted to re-enter their credentials to access the SharePoint server (we are trying to avoid the double-hop problem)
We have come up with some options for how we want to do this, but we are unsure of what the best approach is.
For example, we could
- Have a global user, shared by all users to get information we need from SharePoint. The downside is that we cannot filter SharePoint content to a particular user
- We could store the users credentials when they log in, but that would only work for users authenticating via forms auth and would be a security issue that some users/clients would not like
- Writing a SharePoint extension using WCF to allow us to access the information we need, however we'd still have the issue of figuring out how to impersonate the user we want.
Neither of these options are ideal and in our investigation we came across the Claims Authentication/STS option which seems like it is trying to solve the problem we are having.
So my question is, based on what I have written, is Claims/STS the best approach for us? We have not been able to find much direction on how to use this method to call into SharePoint from a Web Application and pass along the existing credentials.
Does anyone have any experience with any of these issues?
It sounds like you may be overcomplicating the problem. The reason that the user gets asked for credentials twice is that the two parts of the system are on different servers. The easiest solution is probably to implement your custom web app as custom pages/web parts within SharePoint.
If that isn't an option, a smaller amount of code on the SharePoint server (maybe a custom web service) should give you a few more options for impersonating a particular user.