I have a problem!
I have a database.have two field username and password.
I use Login Control in VS.
And now i want use login control connect to my database.
how i can do it!
You have to setup a custom membership provider and configure it in the web.config file. Read this: http://www.asp.net/web-forms/videos/how-do-i/how-do-i-create-a-custom-membership-provider
The login control uses the membership provider's ValidateUser method to check whether a user is valid.
OR: override LoggingIn event, override the default behavior to manually lookup the user by user ID and password. This approach does not need a membership provider.
Related
I used membership API to create users and hashed the password in database. Because of the hashed password the Login control cannot authenticate as I'm now unable to set up the login control to convert the user password entered to "Hash" value before referencing the database.
I have tried exploring the Login control "Logging_in" event handler but I seem very confused on how to use it.
I will appreciate any help
I am working on a asp.net website and I am having trouble implementing a custom role provider using forms authentication.
I have a SQL Server database "MyBase" with a "UserRoles" table which contains UserRoleID, EmployeeID, RoleID, and UserName fields. I want to retrieve the roles for a user from this table when users log in using a custom login page (just a couple textboxes, labels, and a button).
I have searched/read several questions, scenarios, and examples but I'm still missing something somewhere so I'm reaching out for some assistance.
What I have done so far:
In web.config:
Set authentication mode to forms
Set membership provider settings
Set role provider settings
I have created the follow custom classes and listed sub/function/properties:
RoleProvider
--GetRolesForUser
--IsUserInRole
--ApplicationName
MembershipProvider
--GetUser
--UpdateUser
--ValidateUser
MembershipUser
In my login button:
I encrypt the user's password.
Call my custom MembershipProviders' ValidateUser MemProv.ValidateUser(txt_username.Text, encrypedPW)which returns true or false correctly.
Call FormsAuthentication.SetAuthCookie(txt_username.Text, False)
Call my custom RoleProvider's GetRolesForUser function: RoleProv.GetRolesForUser(txt_Username.Text) which returns a String() or roles correctly.
When I check my User.Identity, isAuthenticated = false and Name = "".
I'm pretty sure I am missing an implementation of IIdentity and/or IPrincipal, but I don't know where/how to implement them.
So my questions are:
Do I need to go through all of this just to keep my roles in a SQL Server table I created?
Do I need to incorporate IIDentity and IPrincipal? If so, how do I or where do I do that?
Re-create the MyBase database using the ASP.Net IIS Registration tool (Aspnet_regiis.exe). This will create the database necessary to store your membership information - properly.
Here's a link that gives more information: http://msdn.microsoft.com/en-US/library/k6h9cz8h(v=vs.100).ASPX
I created two classes that implement IPrincipal and IIdentity.
In the Principal's IsInRole function I make a call to my custom RoleProvider's IsUserInRole function.
I logged using my custom login page and was redirected to the correct form. The Identity and RolePrincipal both contain the correct information.
Using ASP.Net Forms and ASP.Net MVC 3 (combined - we are in process of changing Web Forms to MVC), I have a scenario where a person authenticates (user name / password) but due to a specific condition existing on their account, they are required to change their password before proceeding.
Since the user is already authenticated, is there a global location where I can prevent any access to the portions of the site that require authentication until they enter their new password? I understand that there might have to be 2 locations (one for Web Forms, the other for MVC).
In Application_AuthenticateRequest check for the specific condition. If not met (ie they must change pwd), redirect to the proper page. This should work for MVC and WebForms.
You could have a custom RoleProvider that uses a flag in the user class to determine if the password needs to be changed before validating the role for a user.
I'd put it as a property in the User model (i.e. public bool ChangedPassword {get;set;}). This will be set as False when the user is created, and set as True when the user changes the password. Before any protected action, check if ChangedPassword == True.
I have a webpage that a user logs into to. Now I want to provide the ability for a user to change their password using the ChangePasswork Control. The control does work as described here ChangePasswork Control for non-authenticated users. But I want to the behavior for authenticated users.
I'm fairly new to asp so this could be a simple question but exactly how do you "authenticate" a user?
According to the docs, the control works for both authenticated and non-authenticated users.
Changing a users password programmatically is very straight forward.
Take a look at the MembershipProvider and MembershipUser classes.
You can validate a user using: MembershipProvider.ValidateUser
To authenticate them use: FormsAuthentication.SetAuthCookie
MembershipUser has a method: ChangePassword.
If you are new to all this, read introduction to membership
I am using the asp.net CreateUserWizard and I have LoginCreatedUser=true. I also have the "OnCreatedUser" property for the CreateUserWizard control to a method and thought the auth ticket would be created at that point but it is not.
When exactly is the authentication ticket (Request.Cookies[".ASPXAUTH"]) populated?
I need to know so that during registration I can modify the UserData and add it to the auth ticket.
I've done this before doing the following:
In the CreateUserWizard_CreatedUser event you know for a fact the user is created, so save the username to HttpContext.Items array.
Check for the username in HttpContext.Items in the page's PreRender() event (it'll run after the CreatedUser() step). If it's there overwrite your authentication ticket
To test this make sure you later decrypt the authentication ticket and check the UserData. In my own projects this is how I handle having a user logged in at registration and have some of their info injected into the auth ticket's UserData.