hi i would like to know how would you lougout an user if he modifies the url or refreshes the web pages like in bank web sites
in asp .net.
Thanks for your answers
I have implemented a solution similar to Vignesh Kumar's answer by using roles and restricting access to pages based on the roles a user has. When a user logs in I check which pages they can access based on their assigned roles and build the navigation menu accordingly so that they're not able to navigate to restricted pages.
In my master page's Page_Load method I check whether a user has access to the page they're trying to access and if not I log them out and redirect them to the login screen.
Related
I have a site that I'm trying to migrate into my Sitecore instance. The Sitecore instance has multiple sites. For the one site I'm trying to migrate over, there is a login page for external users to login. I'm validating this against an external database. This all works so far. My issue is that I need to prevent the external users from accessing certain pages without logging in(they should be redirected to the login page). The way that this was working when the site was outside of Sitecore was that there was forms authentication being done and when a page was trying to be accessed without the user being logged in the ReturnURL would be used to return the user to the proper page after login.
I'm not sure how to do this now that I have multiple sites inside of my sitecore instance.
Any suggestion?
This is not very different in Sitecore to how it was done before, except now you can control the security of which pages should be accessible by logged in users with the Sitecore Security Editor. There are a few pieces which you need to hook up in order to get this work properly though.
Have a read through these articles, they should provide everything you need to get this to work:
Implementing Sitecore Extranet login on a website
Setting Up a Sitecore Extranet (site seems to be down, view cached copy)
Set the value of <setting name="NoAccessUrl" value="/sitecore/service/noaccess.aspx" /> in web.config to your Login page (this can be an item in Sitecore) using a patch config and if a user tries to access a restricted page they will be redirected to this page, which will also include the return url parameter.
If you are using an external database to authenticate users then you will also need implement your own membership provider:
Sitecore authenticate users against external membership database
Sitecore Membership Providers
Be sure to correctly set the domain attribute of your <site> definition to whatever you set in domains.config and set as the providerName of your <provider> definition.
I have a web application where there is one admin and many users. When a user logs in he is taken to a certain page from which he can perform other operations which lead him to other pages restricted to him .The same goes for the admin too. But if i change the url to the restricted page during runtime a user can access an admin's page and vice versa. I have heard about using membership access. But i dont know how its done. I am using an sql database where the login details are stored in a table.
So how do i restrict access? I have heard it has to do something with the web.config? Is it possible to achieve the same result by using just code behind?
You should use the ASP.NET Membership provider. It will give you a lot of stuff out of the box. There's a good tutorial by Scott Mitchell that will guide you through this process.
Part 1
Part 2
Part 3
Part 4
Part 5
When loading your pages, you might have to check if the user have the right permission and allow access or redirect him to another page.
If ! user can access page {
redirect
}
Your page content.
I've built a new sharepoint site page using the example I found here:
Link
The purpose of the page is to add a new user to the aspnet membership database that serves as the authentication provider for my sharepoint site, which uses forms based authentication.
I've slightly customized the asp createuser control.
The sharepoint site is forms based but the top level site is accessible anonymously, and I've created a subsite for members (hence the user registration page). The site page is in the top level site so that people can register.
If I'm already logged in and fill out the form, the user is successfully added to the membership store, however if I access the page anonymously and fill out the form, the user is successfully added to the membership database, but I can no longer navigate the website, I keep getting http 500 page cannot be displayed errors until I clear the browser cache and cookies.
I don't think it's a programming error but more likely something to do with site security and authentication
Once the user is created successfully and page is redirected to the one you provided in ContinueDestinationPageUrl property, the page is being loaded with the recently created user’s credentials. Since you haven’t added this new user to your MOSS site, you’ll get Access Denied error. So, in order to resolve this issue, you need to set LoginCreatedUser property of the control to false, so that page is loaded with the original user’s credentials, not with the one’s recently created.
Is it possible to have multiple login pages for different folders within an asp.net application? Say I have this structure:
/admin
/customer
/login-admin.aspx
/login-customer.aspx
I have 2 different login forms. One for the admin people and one for the customers (the forms are different as the customers need to provide extra information on their login page).
In the authentication section of the webconfig file (which is at the root of the web app), I can only specify one Login page. So how can I make sure that if anyone tries to access a webpage in /admin they will be redirected to /login-admin.aspx and if they try to access a webpage in /customer they will be redirected to /login-customer.aspx ?
Thanks,
Anthony
Unfortunately Forms Authentication only allows you to specify one login page.
While it's not the most elegant solution in the world, the login page could look at Request.QueryString["RedirectUrl"] and use that to determine what to show users:
if(Request.QueryString["RedirectUrl"].ToUpperInvariant().Contains("/ADMIN"))
{
// Show an admin user control or transfer to another page
}
else
{
// Do something else
}
I’ve used the asp.net login control on my sharepoint custom master page. All works well and I can login to my site without problems.
However I’d like to run some code once the user has logged, or alternatively perform a redirect based on the user’s role.
Has anyone does this type of thing before?
The Login control (System.Web.UI.WebControls.Login) has an event LoggedIn (http://msdn.microsoft.com/en-us/library/system.web.ui.webcontrols.login.loggedin.aspx). Just subscribe to it and place your code in the handler. I haven't worked with sharepoint, I'm talking from an ASP.NET viewpoint here.
You can test roles programmatically through User.IsInRole
EDIT: on redirect from the ASP.NET login control, check for the forms authenication token and run your custom code if the token is present.