I am using ASP.Net's Create User Wizard Control.
I want that once the user is created, that user should not be logged in. Users cannot register themselves, only a host user can add them.
What happens is, once the user is registered, the host account is logged out and the user whose account is created, is being logged in.
So I want the new user to not be logged in once they are created.
I tried the properties below of the Create User Wizard Control
Added DisableCreatedUser="True" Property so that the user is disabled after registration
LoginCreatedUser="False"
This works, user is not directly logged in after registration, but if page is refreshed, the user gets logged in and host is logged out.
Keep your current code and try removing this. It should stop the user from logging in when you refresh the page.
FormsAuthentication.SetAuthCookie(createUserWizard1.UserName, False);
Related
my name is Prince. I'm a web developer in Asp.net(new) and I'm trying to create a function in which users can login into my site and I'll keep them logged in as long as they don't log out.
I thought of inserting their username and password into cookies, but I was informed that cookies are insecure. So I'm looking for a way to store their user Id and password. So when my page loads my code will go to where the user id and password are stored and log them in if its authenticated or exists in the database, else it'll direct them to the login page so they can log in. P.s on click of my login button it selects the values from the user id and password text boxes and inputs them the cookies or variables. Please if you need my to clarify myself or explain further I will gladly.
The summary of this is I want to create auto login and I need secure variables to store my user details e.g cookies, so the browser can access them(the cookies) the next time they(the user) come to my site and automatically log them in.
I have implemented remember me functionality in Symfony 3. Basically "Remember Me" should be enabled only for specific user roles.
Now an User with Role called "Admin" has selected "Remember Me" and logged into the application, an record is created in "rememberme_token" table. The same user has bookmarked the landing URL and closed the browser.
When the same user reloads the bookmarked URL, the application is allowing the user with "Admin" role to access the application but I want to restrict this. Users with "User" role should only be allowed to access the application when they are coming back to site using the bookmarked URL.
Basically I want to intercept the request and determine whether the user is authenticated using "Remember Me" cookie or not?
I'm setting up Forms Authentication for the first time.
I am validating the username and password(hashed) against a local SQL database.
All of this is working fine in my logon.aspx file in a ValidateUser() function.
I am also allowing the logon criteria to be persistent so the user does not have to re-enter their credentials when they return to the page.
The problem is, when the previously logged in user returns to my site and the cookie/ticket is used my ValidateUser() function is not called, SO... if I have deactivated the user or changed the user's password the user still gets logged in.
I've considered doing this in Application_AuthorizeRequest or Application_PostAuthorizeRequest in Global.asax, but I would also like to set some session variables at the time I re-verify the credentials against the database and the session is not yet created when these are called for the first time when a user logs in.
Any advise would be greatly appreciated.
For first time when user authorized at that time create session for that user e.g Session["Username"] check session whenever he enters in any page if session is not present redirect him to login page, after that when he log out abandon that session.
So whenever he want to access next time he wants to login again.
I have an ASP.NET Web Form application that is using the default ASP.NET MembershipProvider.
After registration, I require the administrator to approve the registration. Until that occurs, I would like the AnonymousTemplate in the LoginView to be shown.
The site uses the default code for the Site.Master.
My question is, can I modify the default behavior of the LoginView control so that it shows the LoggedInTemplate only after a registered user is approved by an administrator?
The MembershipUser object should have flags for IsActive and IsApproved. If you set both to false during the registration process, and do not log the user in after they are registered, then the template should stay anonymous. Then your Admin UI will have to set those flags to true, then save the user through the Membership API, then send them an e-mail that they are approved and can log in.
HTH
I have a <asp:Wizard> that is only applicable for a logged-out user. If the user is currently logged in, he/she is redirected to another page. On one of the wizard steps, as part of the wizard, I ask for credentials via the <asp:Login> control and log in the user. This presents a problem.
According to MSDN: "When a user uses the Login control to log in to a Web site, all data in the view state and all post data is lost. Do not perform actions in the LoggedIn event that rely on the view state."
Because of this, my Wizard control forgets the step it's on after the login process. MSDN recommends: "If you embed the Login control in a WizardStep object, explicitly set the ActiveStepIndex property in a Page_Load event handler if the user is authenticated. The Wizard control does not automatically advance to the next WizardStep object in this scenario."
However, because all view state is lost, the redirect for logged-in users kicks in, sending the user away from the page. What's the best way to determine, at page load, which of the states the user is in?
Already logged in some time ago; needs to be redirected.
Was just logged in from inside the wizard; needs to reach the next wizard step.
Thanks for any ideas.
You can set a Session variable when the user logs in: Session("LoggedIn") = Now
When checking to redirect the user, check if LoggedIn was at least 3 minutes ago and then redirect.
Because you set this Session variable after logging in it will be available (or maybe null if not logged in).
You might want to create a custom Login control, inheriting from Login, that sets this Session variable whenever a user logs in:
Public Class MyLogin : Inherits Login
Private Sub MyLogin_LoggedIn() Handles Me.LoggedIn
HttpContext.Current.Session("LoggedIn") = Now
End Sub
End Class
"A strange game. The only winning move is not to play." Reference to War Games
Instead of playing the redirect-preventing game, a different solution is possible. Since I control all links to the page in question, when the a user is logged in, I can change the destination (href) of those links to the post-redirect page. This bypasses the need to "play" on the page itself, and allows the page, if hit by a logged-in user, to always jump to appropriate next wizard step.