I am using loginview control for displaying logedIn user in asp.net ,in this control i have used loginname and loginstatus control.the problem is that,when i press f5 it directely displayes system loged username ie. my default system account username.i am getting confused what to do ! Is anyone having solution please share.
I am not sure if I understand you correct... you get display "yourdomain/youraccount" ?
If so ... and you do not want to use windows authentication you should switch to forms authentication otherwise it uses the windows credentials...
one point to start looking is the webconfig...
<configuration>
<system.web>
<authentication mode= "[Windows/Forms/Passport/None]">
</authentication>
</system.web>
EDIT:
LoginName Control to Display Full Name instead of username
http://weblogs.asp.net/gurusarkar/archive/2009/06/16/loginname-control-to-display-full-name-instead-of-username.aspx
you should also make sure that you hooked up membership database...
HTH
Related
I'm using VSEW 2013 and running windows 10.
I created a login page (Login.aspx) and a signup page (SignUp.aspx). I used the standard controls and did not add any code behind to them. They are out of the box controls.
What works:
Creating an account on signup.aspx page
Validating user login on Login.aspx page
On my computer, after login, it shows that I didn't log in yet. But when my friends test it, they don't have any problems with it.
Here is a drop box link to all of the files and you can test it yourself and see that it works.
https://www.dropbox.com/sh/do3f533s0hacy4x/AADuWBbIBpaxDy7SIPG9_7s6a?dl=0
Username: kyle
password 123456
However, signup.aspx works (well it won't send you an email because I didn't do that yet) so you can create your own account.
I've tried:
Verified that cookies are enables
Disabled Antivirus
Disabled Firewall
Checked Windows Defender (it's off)
Tested in Chrome, Edge, and Firefox.
Deleted all localhost cookies.
I cannot figure out why my computer won't let me log in successfully but everyone else can.
Please help me solve this problem.
Looking at your web.config, for some odd reason this section is there:
<system.webServer>
<modules>
<remove name="FormsAuthentication" />
</modules>
</system.webServer>
This section coupled with the fact that your authentication mode is set to forms:
<system.web>
<authentication mode="Forms" />
...
</system.web>
Would make it so that authentication wouldn't work at all, which is like what your describing. Try removing that first section, if you want to keep using Forms Authentication.
It's odd that this configuration would work on other computers, I can't explain that, but I would try removing that section of code where FormsAuthentication is being turned off and see if that helps.
I've been getting an empty string whenever I try to retrieve the logged in username in my controller. When I first created the app, I selected 'Internet application' template. I also deleted the default account controller, account models and _logon views as I didn't need them. I'm using my own styling, so I removed site.css from the project as well.
After playing around with the web.config for a while, I figured out that "User.Identity.Name" actually works if I change the authentication mode in web.config to windows. If I leave it on 'forms' authentication mode, I only get an empty string whenever I try to get the username.
Recently, I changed the authentication mode to Windows and used User.Identity.Name in one of my controllers to get the user name, but whenever I run the app, I get an error on the browser, stating "localhost/Account/LogOn/..." is not found. (not directing to my usual view) ( I didn't make any changes in Global.asax either.)
If I change the authentication mode back to forms, my view works fine, but I don't get to see the user name (just an empty string). Is there anyway I can find a way around this problem. Is there anything wrong with routing or something ? I can't afford to start over again using "intranet Application" template.
I'm a beginner in MVC, so any help would be greatly appreciated.
Thanks
If you are using asp.net mvc, try System.Environment.UserName
inside your web.config, use
<authentication mode="Windows" />
<identity impersonate="true" />
The error you are getting is because you removed a logon view it still must be refered to somewhere within your application, so if you don't need the logon view, make sure you remove all refences to it from you code.
Internet applications works per default with forms authentication. The purpose of Windows authentication is for intranets, where the web application runs under a windows user. Then the authentication works "automatically".
If you want to have an internet application with registered users, you should put the following configuration in web.config:
<authentication mode="Forms">
<forms loginUrl="~/Account/LogOn" timeout="2880" />
</authentication>
Then you need an AccountController (was there in the default template and you have probably deleted) and a Logon action within the controller. You also need all the views of the account controller (logon, register, change password etc.). The best would be you create a new internet application and check everything that's there. Just copy the stuff you need into your application.
You also need a user database. The default uses an express database with standard tables and stored procedures. If needed, you can use your own tables, then you have to rewrite the methods in the account controller or write your own membership provider.
The reason why you don't see a user name is because you have no login.
EDIT: If you want to display the Windows user name, you should set the authentication mode to windows (or just delete the authentication section, as it is the default). Then you can access the user name. But you will have to delete the tag.
<authentication mode="Windows" />
Sounds like you aren't even authenticating first, so there is no username:
#if (Request.IsAuthenticated) {
<span>#User.Identity.Name</span>
}
else {
<span>You aren't authenticated</span>
}
Im new to .NET and have been searching on this issue but no luck. I have created a login page, with a user Id and password. In my webconfig, I put the following code in to deny users who are not authenicated.
<authentication mode="Forms">
<forms loginUrl="Login.aspx" timeout="10" protection="All" />
</authentication>
<authorization>
<deny users="?"></deny>
</authorization>
What im trying to accomplish is that when a user enters the correct information, I would like to store information small information about the user in a cookie, say for example if there an admin, manager, user, etc...Here is the code that occurs when the user click the submit button. The problem is that the page doesnt redirect to the page after user enter correct information. Any help would be very much appreciated.
If txtPassword.Text.ToLower = "test" Then
'Create a cookie
Dim cookie As New HttpCookie("UserInfo")
'Cookie variables
cookie("User") = txtUser.Text
cookie("UserGroup") = "Admin"
'Add Cookies to current web responses
Response.Cookies.Add(cookie)
Response.Redirect("login_successful.aspx")
'FormsAuthentication.RedirectToLoginPage("login_successful.aspx")
Else
lblResult.Text = "Incorrect Password"
End If
I wouldn't recommend using cookies to store role information. Use one of the built in providers to accomplish this task. For example, try this.
Open Visual Studio or Visual Studio Express and create a new "ASP.NET Web Application." You will notice that it includes an "Account" directory with examples of how to use the built in providers. You have to set up the database with the correct tables, roles, sprocs, etc to use the built in providers but it's easy. If you have .NET 4.0 installed the program that sets up the database to use the built in providers it called aspnet_regsql.exe and it's typically located here:
C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_regsql.exe
Then to solve your login problem you can use the Login control and use the Login.DestinationPageUrl attribute to redirect the user to which ever page you desire after it logs in.
Even if you don't use the built in providers this will give you a much better idea of how to go about implementing roles into your webpage.
I guess before redirecting you have to set authentication cookie first by calling FormsAuthentication.SetAuthCookie method.
And yes do consider the comment regarding cookies of joel coehoorn about saving information.
Rather than using a cookie to store that information (which can be hacked), you should store Roles in the ASPNetRoles table and associate roles to users when they are created. You can check a role with the following code:
If (Roles.IsUserInRole("rolename")) Then
'Do something useful
End If
As for the redirect, in what event handler is it included?
Can you try these two?
1) The webconfig may need refrence to the cookie name
<forms name="UserInfo" ...
2) Webconfig could also require being told who to allow
<authorzation>
<allow user="Admin" />
<deny...
So here is what i am trying to achieve
When a user logs in and his password has expired, i redirect him a change password screen.
I would like the user to change his password prior to going to other links in a menu
I want to redirect back to this changepassword.aspx when ever he attempts to leave, unless he changes his password
So how do I do this? and more importantly where?
Thanks for the help!
EDIT: I know we can use response.redirect, but it cant be used in the Unload operation
EDIT: ok i am not asking this right, i need help in keeping the user on the page - how do i do that and which part of the page [load, unload, etc]
Please don't do that. That kind of PITA UI is very irritating. Just expire their password and then fail their access if they don't change it.
Don't treat your users like children (unless they really are children and maybe not even then)
Edit: Made this a Community answer, as I'm just preaching not answering ;-)
Explained: Forms Authentication in ASP.NET 2.0
"This module explains how forms authentication works in ASP.NET version 2.0. It explains how IIS and ASP.NET authentication work together, and it explains the role and operation of the FormsAuthenticationModule class."
In the web.config, I have the authorization section saying
<authorization>
<deny users="?"/>
<allow users="*"/>
</authorization>
<location path="ChangePassword.aspx">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>
Set a session var if they need to change their password
On every pageload check for that session and if it exists (and they're not on the password change screen), redirect.
We used to use a masterpage on our site and in the Page_Load event of that, we redirect the user to our changepassword.aspx page.
We also used (or abused, depending on your viewpoint) the Profile element of asp.net membership and simply set a MustChangePassword entry to true in it. It means that when they log-in, you can see if the MustChangePassword entry is set in their profile and redirect to the change password page. It certainly keeps them on the page.
People are right to suggest that sticking it in every page load is silly but the overhead is tiny to check one element in the users profile and you at least can force currently logged in users to change their password.
Set a flag in the user's session indicating that they need to change their password, then check that flag from all your other pages and redirect them to the change-password page if necessary.
I'd set a variable in his session, then in your Global.asax Application_BeginRequest event check for the Session variable and redirect if needed.
I'm working on a website built with pure HTML and CSS, and I need a way to restrict access to pages located within particular directories within the site. The solution I came up with was, of course, ASP.NET Forms Authorization. I created the default Visual Studio log in form and set up the users, roles, and access restrictions with Visual Studio's wizard. The problem is, I can't log in to the website with the credentials that I have set.
I'm using IIS 7.
I'd guess (since I don't have IIS7 handy ATM) that you'd need to turn off Anonomyous Auth, and enable Forms Auth in the IIS7 sections.
At what point did you insert your login/password? Did you have a look at the tables that where created? Althought your password must be encrypted, maybe it's worth just checking if your user was actually created.
At what point did you insert your login/password? Did you have a look at the tables that where created? Althought your password must be encrypted, maybe it's worth just checking if your user was actually created.
Forms Authentication does not require any form of user database.
Steve, can you please paste in your forms authentication web.config section, also any relevant code to the ASP.NET Login control you were using.
There is not enough information to troubleshoot here yet :)
The web.config section is pretty useless as far as I can tell:
<authentication mode="Forms" />
I looked in IIS 7, and in the Authentication section it says: Anonymous Authentication = Enabled, ASP.NET Impersonation = Disabled, Basic Authentication = Disabled, Forms Authentication = Disabled.
Also, I have made no changes to the code other than dragging a Login object onto the designer and changing the page it points at to index.html.
Currently, the log in fails by displaying the log in failed text.
EDIT: Earlier when I would try to navigate directly to a page that is restricted, I would receive a blue page saying that I had insufficient permissions. Now I can see the pages that are restricted without logging in even though I have anon access denied.
Steve,
I don't think the issue is with your IIS settings. Because forms authentication does not rely on IIS authentication, you should configure anonymous access for your application in IIS if you intend to use forms authentication in your ASP.NET application.
Try this in your web.config:
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<system.web>
<authentication mode="Forms" >
<forms loginUrl="~/login.aspx" defaultUrl="~/">
<credentials passwordFormat="Clear">
<user name="YourUsername" password="superSecret" />
</credentials>
</forms>
</authentication>
<authorization>
<deny users="?"/>
</authorization>
<system.web>
</configuration>
There are better ways to implement forms authentication than hardcoding a username and password into your web.config, but this should work for getting you started.