How to restrict a user in asp.net? - asp.net

I create a signup page, after sign up, user go to a page that is "Complete your profile".
When user complete the profile data will be stored in data base.
I want that if user completed the profile, than they cannot again entered data into a page.
If user again try to enter the data, page will not allowed to that user to again enter data,
and show message to user "You have already completed your profile".
How can I restrict the user?
Anyone tell me how?

You can check what you want to decide that a profile is complete or none in a method.(e.g IsProfileCompleted(string userId);) and call this method inside your profile entry action.
ProfileEntryAction()
{
if(IsProfileCompleted(string userId))
return View("ProfileCompleted");
return View();
}

When the user navigates to the Profile page, before actually showing the Profile page, check (server side) whether there already is a profile. If there is (according to your specs), redirect the user to an "already completed" message. If there is no profile, continue and show the profile page.
Check whether a profile exists by testing for example:
does the profile record exist?
does the profile contain enough data (required fields have been filled in)?
or some other test that is specific to your system

Related

Separate Users and Sellers in the same app with same Firebase in Flutter

hope you are well
I am trying to make an app where from the same app, you can either be a user or you can be a seller. In our case, the seller will be a restaurant and the User will be a restaurant-goer. My problem is that if I log in the "I am a restaurant login"-not a user login. On restart the app auto logs in and takes the user to the User homepage, not Seller homepage, as I am using the
auth.currentUser != null ?
Then add the home screen or login screen depending on auth state, but it is a general auth state. How would I make it show a different home screen based on the type of Logged in user. So I know why it takes me to the User homepage-I set it to do that, how would I make it takes me to one or the other
thank you
Firebase Authentication has no built-on concept of a type of user, so you will have to build that on top yourself.
You can store the user-type in the user's profile as a custom claim, or in a cloud-hosted database. In either case, you should do this from a secure environment so that user's can't change their type (unless your use-case specifically wants them to be able to).
So with that out of the way your app then takes these steps when started:
signs in the user, or restores their auth state.
determines their type.
redirects them to the correct screen.
Also see:
the links for How to create two types of users(Client , Freelancer. for example) while Auth using firebase in a flutter app?
How to create 2 different User group in Firebase AUTH with Flutter
many more results from searching for [firebase-authentication] two types of users
Please post the code you are using for this pathway.
I would advise you to create a property called userRole, and store this when the user is created.
When you send their name and image and email to Firebase after successful auth, store with that info their userRole.
In your widget tree, I'm assuming you have two widgets, CustomerHome() and RestarauntHome(). Now, after successful login, pass the user info to this widget, and check:
user.userRole == 'restaraunt' ? RestarauntHome() : CustomerHome();
This way, when they come back to the app, the page they are not allowed to see, will not be displayed.
Assuming you are using firestore database to manage your users' data, in the document of the users collection you can add a field of role whose value could be user or seller. Write to this field when a new user user/seller signs up. Then in the home page, return seller homepage when the value is seller otherwise return the user homepage. While the document is being fetched you can return the loading screen.

CQ5.6 Geometrix view and edit profile URL lets view another user's details

We are using the view and edit profile functionality from Geometrix on our site.
One user who is logged in can click on "my profile" link which generates following URL:
http:///home/users/a/user1/profile.form.html/content/en-US/account/viewprofile
User gets to view his profile
now if in the same user login session user edits the URL in the browser to
http:///home/users/a/user2/profile.form.html/content/en-US/account/viewprofile
He can still view another users profile information.
Which should not be the case, How do we prevent this.
Also in the first place the URL with user node should not be visisble to end user, can we do any mapping to hide this(may be on webserver level). any help on is greatly welcome.
Thanks in advance.
Regards,

How to restrict user to login on multiple browser and tab

I have online quiz site in which i need to restrict user once he log in and if he trying
to login on other browser or other tab with same browser.
I want to give you a hint
Restrict in another browser
"Separate browser has different session id" so in your case when you logged in store session id and if user try to logged in with another browser then you need to check for session id.
Restrict in same browser
if (!Session.IsNewSession && Request.UrlReferrer == null)
{
// new tab opened
}
go through following link it may help you
Check it out
What if you just mark the user as logged in the db when they log in? When they try to login again just check if they are currently marked as logged in, if so do not let them in. reset that flag when they log out or after a period of time, as the might not necessarily log out, they could login do the quiz and just close the browser.

Password recovery

My client requirement for the password recovery is,
when user enters his email/username, system will email him a unique link. In users email, when the user will click the link,
system will take the user to the change password page. User will type a new password and his password will be changed.
Any idea how to do this??
Right now the change password page is only accessable for the logged in users. How do I let a user in to the page by a external link click?
This is a kind of a "Password change process":
Create a database table with the userId, createDate, closeDate, and a UUID
send the mail with a link to your page that has the uuid from the prcoess database table
if the user enters the page you check if the process is still open (closeDate is null)
user can change password
you set the closeDate
First check the user Email IF it exists then send him/her a unique email of the link
Example:
link : http:\\www.abc.com\passwordrecovery.aspx?ID="+Guid.NewID()
In this way you will send a unique email to every user also store this ID in the user table so when the user click the link you will be able to verify sender.
On your Password Recovery Page Check the value of Query String variable ID
and matched the ID of the user in the database if they are equal then show the password page of the required user.
Hope you understand it.
In your link use a unique indentifier as the query string. Intercept the params on your page load event and look in the database if there is a match.

drupal registration redirect and user details

After registration the user is redirected to a welcome page . How to get display the respective user details in redirected(welcome) page?.
for ex: welcome username . how to get user name in redirected page
When a user is logged in, you always have the global $user object available. So all you really need to do, is to access it and insert the name.
I'm not sure what page your users are redirected to, you can change that, but to alter the output you only need the normal theme/template overwrites that you can do with Drupal.
We do this using the Profile, Blocks, and Views modules. A view could include only the logged in username as you require, but ours also includes several profile fields that logged in users may choose to complete. The view has a block display - we configure that block to display only on certain page paths through the block administration screens.
You can use actions, and triggers.
Using them, you can define an action (show message to the user) that is triggered when a user logs in. The action to show a message to the user allows you to use tokens; one of them is for the username.

Resources