I am making a project. In that project first page is Login page.
In Login page, user'll enter user Id and Password, if match, page will redirect to second page.
In second page there is a hyperlink to go to third page.
In third page I want to show user's all the details like- firstName, lastName, emailId, mobileNumber, password etc.
My doubt is how to carry userId and Password from first page to third Page.
Please Help me.
Thanks in advance.
Save the user name and ID not the password, you don't need to save the password because it's not a good for security.
Go through this, it'll help you.
http://msdn.microsoft.com/en-us/library/system.security.principal.windowsprincipal(v=vs.110).aspx
You can use the WindowsPrincipal class to save the user credential it's save the user name and ID not the password, you don't need to save the password because it's not a good for security.
http://msdn.microsoft.com/en-us/library/system.security.principal.windowsprincipal(v=vs.110).aspx
Use cookies or session , will help you for both authentication and for what u mentioned here
http://www.w3schools.com/ASp/asp_cookies.asp
http://www.codeproject.com/Articles/32545/Exploring-Session-in-ASP-Net
You can store userId in Session or cookie on login success and get it on required page.
Do not store password in session or cookie as it may harmful from security point of view.
I suggest you to refer asp.net state management.
http://www.codeproject.com/Articles/492397/State-Management-in-ASP-NET-Introduction
http://www.codeproject.com/Articles/331962/A-Beginner-s-Tutorial-on-ASP-NET-State-Management
The way you are redirecting to Second Page from Login Page, just redirect directly from Login to Third Page.
Also, while checking login details, if user is an authenticated one, keep User ID in Session, so that you can easily retrieve logged in user's all details using that User ID.
In your login page check username and password is valid or not
if valid then create a session of userid for e.g Session["userid"]=userid
now in your third page you can get users firstname,lastname etc from userid
E.g:
int userid =Convert.ToInt(Session["userid"]);
var userDetails = GetUserInfomationfromid (userid) // here you can get user infomation from userid
if you want to read more about StateManagement in ASP.net
http://www.codeproject.com/Articles/492397/State-Management-in-ASP-NET-Introduction
Related
my name is Prince. I'm a web developer in Asp.net(new) and I'm trying to create a function in which users can login into my site and I'll keep them logged in as long as they don't log out.
I thought of inserting their username and password into cookies, but I was informed that cookies are insecure. So I'm looking for a way to store their user Id and password. So when my page loads my code will go to where the user id and password are stored and log them in if its authenticated or exists in the database, else it'll direct them to the login page so they can log in. P.s on click of my login button it selects the values from the user id and password text boxes and inputs them the cookies or variables. Please if you need my to clarify myself or explain further I will gladly.
The summary of this is I want to create auto login and I need secure variables to store my user details e.g cookies, so the browser can access them(the cookies) the next time they(the user) come to my site and automatically log them in.
How can I display username after user login, I use temp date, but username did not show, this is my code.
If the login is successful, you can set a cookie (if not exists of course). Checkout here
I am using asp.net mvc 5 with owin security, and I have to create a link which will be sent to users email. And when user clicks on the link, they will be login to the system directly.
I still couldn't figure out how to generate that link with username and password..etc.
Can anyone show some light please.
You don't have to generate a link with the username and the password - definitely you shouldn't (+1 for #mason).
If you need to login users from the link you can generate and store a hash/guid/etc in the db for the user and send a link with the userId and the hash via email. -> sth like: mysite.org/login?userid=123&hash=b89eaac7e61417341b710b727768294d0e6a277b
You can create an action to check if the userId and the hash match the data in the db and login the user.
sth like
var user = HttpContext.GetOwinContext().GetUserManager<ApplicationUserManager>()).FindByIdAsync(userId)
if(user.Hash == hashFromTheLink)
HttpContext.GetOwinContext().Authentication.SignIn(...)
My client requirement for the password recovery is,
when user enters his email/username, system will email him a unique link. In users email, when the user will click the link,
system will take the user to the change password page. User will type a new password and his password will be changed.
Any idea how to do this??
Right now the change password page is only accessable for the logged in users. How do I let a user in to the page by a external link click?
This is a kind of a "Password change process":
Create a database table with the userId, createDate, closeDate, and a UUID
send the mail with a link to your page that has the uuid from the prcoess database table
if the user enters the page you check if the process is still open (closeDate is null)
user can change password
you set the closeDate
First check the user Email IF it exists then send him/her a unique email of the link
Example:
link : http:\\www.abc.com\passwordrecovery.aspx?ID="+Guid.NewID()
In this way you will send a unique email to every user also store this ID in the user table so when the user click the link you will be able to verify sender.
On your Password Recovery Page Check the value of Query String variable ID
and matched the ID of the user in the database if they are equal then show the password page of the required user.
Hope you understand it.
In your link use a unique indentifier as the query string. Intercept the params on your page load event and look in the database if there is a match.
Is this a security issue or by design?
string UID = "randomusername" // does not exists in aspnet_Users table
FormsAuthentication.RedirectFromLoginPage(UID, false);
Authenticates users, redirects to login page.
Profile Page is set to chech User.Identity.IsAuthenticated etc...
when they update the profile, it ads the user to the aspnet_users table automatically, which is not what I want.
FormsAuthentication.RedirectFromLoginPage doesn't perform any valid user check; it just redirects the user as they are a valid user. It assumes that you have done the validation check first before you called this.
HTH.