I need to know is there's any way to check wither a specific user is currently logged in like in an admin control panel or something
I know there's
HttpContext.Current.User.Identity.IsAuthenticated
but that doesn't cover what I need it just checks wither the current user is not anonymous
I actually I found a solution for it using
MembershipUser user = Membership.GetUser("username");
bool isLogged = user.IsOnline
Related
In my database table i have a field with usernames.
I want the users that are NOT in that field to be redirected to my default websites.
I dont want the users to be able to copy past the URL for another of my aspx sites only if they are users from my field then its ok
Im looking into User.Identity.IsAuthenticated but how would i combine that with my database field?
If User.Identity.IsAuthenticated = "fieldvalue" then
site1.aspx
Else
Server.transfer("default.aspx)
End If
Should i mabye say something like.
If sqlexecute.hasrows then
Site1.aspx
Else
server.transfere("default.aspx")
End IF
User.Identity.IsAuthenticated is a boolean property and can contain only true/false value. You can just check for truthfulness of IsAuthenticated property and then do the redirection like
if(User.Identity.IsAuthenticated)
{
//redirect to site1.aspx
}
else
{
Server.transfer("default.aspx");
}
EDIT:
You are trying to reinvent the wheel. What you are trying is already built into ASP.NET and known as Forms Authentication
It's very well explained in MSDN. See below MSDN links
Explained: Forms Authentication in ASP.NET 2.0
How to: Implement Simple Forms Authentication
For a Drupal 7 site, I need to create a secured page with a list (view) of documents(.pdf's). There will be one page with a list of documents (a view of pdf's). To get to that page and be able to download any of the .pdf's, the user must be logged in with their own unique username/password. So what I believe needs to be done is the following.
Set up a page with a view of the documents (can do).
Make sure the docs (pdf's) can't be viewed with a direct URL (I think private file)
Prevent access to the page by non-logged in users. (no idea. help!)
Create a menu item for the page that only displays when the user is logged in. (no idea. help!)
Define permissions for accessing the page and add the permissions to specific roles. (I think I can do)
Can anyone provide info on how to do this? Is there a module for this functionality?
thank you,
You can use content_access module to do this. You will be able to restrict access to any content (you list page) by role.
If you create a link to this page in the main/secondary nav (for example) then this link should only appear to a user that has the appropriate permissions (as defined in the role).
LF
create some permissions and assign that to particular user then in your hook_meny you can use user_acccess function to check that whether the logged in user has that permisiion or not and according to that return true or false.
if(user_access(YOUR_PERMISSION_HERE)) {
return TRUE;
}
else {
return FALSE
}
You can also write your sql query inside that. You can put this code in your function and call that function in your access callback for that particular form menu definition
I want to force anonymous to register an account before submitting the form.
So I have to allow permission for anonymous to access the form,
Then I use hook_form_FORM_ID_alter to edit form. Then I wanted to redirect submit button to another link if it is clicked by anonymous.(I still have no idea how to do it. It would be nice if anyone can tell me)
Is this the right solution?
For now,
I have a pop-up a login form (Modal forms and Facebook OAuth). In the form there is a register button. Then If user choose to register I want to keep the form that he have already input and show it after he confirm his email.
Thank you.
Off the top of my head, I would allow the form to be submitted either by an anonymous user or a registered one.
in my function MYMODULE_MYFORM_submit() I would check to see if the user is logged in.
If yes proceed as normal, if no, store the form, either in a temp SESSION variable or into a custom MySQL table and forward the user to login/register page (mysite.com/user) using drupal_goto('user')
once the user was registered you could then check for the existence of the form in the SESSION array or your MySQL table, and then carry on with the process as you would if the user had been logged in in the first place
Hope this makes sense or is of help
i have u question about security ins aps.net
i have a page http://localhost:1522/Public/ViewPost.aspx?PostID=40
i want to disable function when user in addresbar deletes id 40 like this
http://localhost:1522/Public/ViewPost.aspx?PostID=
it redirects to page viewpost and it is a problem i want to disabel this or redirect
if(Request.QueryString["PostID"]==null)
{
// your logic here
}
in the page load, you can check for the PostID value and if it is empty you can redirect the page.
There's more to what you need to know here than just checking if it's blank ( which the others have already posted simply a check if your item == null)
What if a user enters in an Id they don't have access to? postId=120 for example belongs to another user. You need to check if the current user also has access to the specified record.
Since we don't know your app or schema we can't give specifics but keep in mind how you need to validate that PostId actually is valid for the current user
I am using the asp.net mvc sample app and have expanded it a bit. I use the asp.net membership for login and registration for users.
I now want to change it so when people register, instead of instantly being able to login, it goes to some state where an administrator has to approve it. Once this approval happens, then they can log in.
Is there anything built into asp.net membership stuff that will help me to do this or do I have to code it up from scratch using my own implementation?
I have a few ideas and I don't think this is rocket science but I don't want to reinvent the wheel as I want to ship this as soon as possible.
The MembershipUser class has an IsApproved property. You may set it to false when creating a new user and then set it to true when the admin approves the user.
You have to call Membershi.UpdateUser(user) method after setting the property.
Here's some code to build a collection of un-approved users that can be used as the datasource of a data control like a GridView, DataList, or Repeater:
MembershipUserCollection users = Membership.GetAllUsers();
MembershipUserCollection unapprovedUsers = new MembershipUserCollection();
foreach (MembershipUser u in users)
{
if (!u.IsApproved)
unapprovedUsers.Add(u);
}
The MembershipUser class has an IsApproved property, and during user creation you can use one of the overloads on the Membership.CreateUser function which allows that flag to be set. Unfortunately there's no easy way to say "Show me all users who are not yet validated".