I have an ASP.NET Web Form application that is using the default ASP.NET MembershipProvider.
After registration, I require the administrator to approve the registration. Until that occurs, I would like the AnonymousTemplate in the LoginView to be shown.
The site uses the default code for the Site.Master.
My question is, can I modify the default behavior of the LoginView control so that it shows the LoggedInTemplate only after a registered user is approved by an administrator?
The MembershipUser object should have flags for IsActive and IsApproved. If you set both to false during the registration process, and do not log the user in after they are registered, then the template should stay anonymous. Then your Admin UI will have to set those flags to true, then save the user through the Membership API, then send them an e-mail that they are approved and can log in.
HTH
Related
I an working on an ASP.NET MVC project and I want users to be disabled initially on registration until they confirm their email and phone number. But however (by default) disabled users cannot login to the app to do this unless by an admin. How can I temporarily disable the users and still allow them login but only with limited access until they confirm their email and phone number.
You can create Customer Action Filters which in turn check whether user has verified mobile number or email address from database.
Example of Action Filters is [Authorize] attribute on Controller.
You can then use this Customer Action Filters on Controller where you want to restrict them for doing any operation.
You can even display different view or Alert Message for telling users about it.
ASP.NET MVC 4 Custom Action Filters MSDN
I am using ASP.Net's Create User Wizard Control.
I want that once the user is created, that user should not be logged in. Users cannot register themselves, only a host user can add them.
What happens is, once the user is registered, the host account is logged out and the user whose account is created, is being logged in.
So I want the new user to not be logged in once they are created.
I tried the properties below of the Create User Wizard Control
Added DisableCreatedUser="True" Property so that the user is disabled after registration
LoginCreatedUser="False"
This works, user is not directly logged in after registration, but if page is refreshed, the user gets logged in and host is logged out.
Keep your current code and try removing this. It should stop the user from logging in when you refresh the page.
FormsAuthentication.SetAuthCookie(createUserWizard1.UserName, False);
I have a problem!
I have a database.have two field username and password.
I use Login Control in VS.
And now i want use login control connect to my database.
how i can do it!
You have to setup a custom membership provider and configure it in the web.config file. Read this: http://www.asp.net/web-forms/videos/how-do-i/how-do-i-create-a-custom-membership-provider
The login control uses the membership provider's ValidateUser method to check whether a user is valid.
OR: override LoggingIn event, override the default behavior to manually lookup the user by user ID and password. This approach does not need a membership provider.
I am learning the ASP.NET Membership and making an admin login page.
I have two types of users:
1. Normal user
2. Administrator
I want to show "This type of user does not have permission" when a normal user logins through the login page.
What should I do? I am using asp.net login control.
Add code in function Login1_LoggedIn? or Login1_Authenticate?
You'll get this event sequence:
Authenticate: that username/password matches anything in your database?
LoggedIn: fires after a successful call to Authenticate; here you have access to user profile with Roles.IsUserInRole() method
This article series can be really useful to you: Examining ASP.NET's Membership, Roles, and Profile
Finally, I check roles in the Login1_Authenticate function and it works.
I have a document approval workflow application. The workflow sends emails to appropriate users with links for Accept/Reject the document.
When the user clicks on Accept or reject link, an aspx page is shown, where he can type a comment and submit.
Now the question is I want Windows Authentication on this aspx page. If the user is authenticated I want its Userid to be checked against database if his role/profile has priveledge to view the page.
How should I achieve this?
If the whole thing is internal (within your organization) then simply use Windows Authentication on the website. Other wise you have to mix Forms and Windows Authentication on the site. Here is an MSDN article about this.
Once authentication is wired up you can access the user's identity using static
System.Security.Principal.IIdentity user = Page.User.Identity;
property. It contains IsAuthenticated and AuthenticationType properties which you can put to use.