I have implemented a Custom Membership provider for my existing database schema with the help of the following link
I have overridden the following methods CreateUSer, ValidateUser, GetUser, ChangePassword and ResetPassword.
For the ChangePassword method , it validates the new password for the Minimum length and also for the Number of Alphanumeric characters. If the validation fails the method throws an Argument Exception with the exact error.
The problem what I face is, I am using the built in Change password control, I get the following error, "Argumnet exception was unhandled in user code" .
Also it displays a generic error
"Password incorrect or New Password invalid."
I would rather want to display the exact reason of the error why the password validation failed.
How do i go abou implementhing this. I would appreciate any help or guidance.
Thanks
The problem is likley in your implementation the virtual function MembershipUser.ChangePassword From the MSDN article, it needs to take 2 parameters:
oldPassword
Type:System.String
The current password for the membership user.
newPassword
Type:System.String
The new password for the membership user.
Without seeing you ChangePassword function, I would guess that you are
Not passing the "oldPassword" argument, or
Passing a value that's not a string as one of those 2 arguments.
Edit: Based on your comment, what you really want to do is handle the ChangePasswordError event of the ChangePassword control. This will let you provide custom feedback when an error is raised.
I'm having the same issue. It appears you'll have to use a regular form and create error handling to display the message you would like instead of the built in message that appears.
Related
I'm using .Net 4.5, running ASP.net Service configured with an Identity provider. I would like to alter the AudienceUri validation algorithm to allow wildcards or configure it to ignore subdomains.
In this page:
http://msdn.microsoft.com/en-us/library/system.identitymodel.selectors.samlsecuritytokenauthenticator.allowedaudienceuris(v=vs.100).Aspx
it says in the remarks:
Optionally, override the ValidateAudienceRestriction method to specify
the validation algorithm to use for the allowed URI.
I understand that I need to create a new class, inherit from SamlSecurityTokenAuthenticator and override the method.
But I'm not sure how do I apply this override, I believe that I should instantiate the new class and assign it to a static member of some class, such as FederationAuthentication, but I couldn't find the appropriate class.
Can anybody please clarify how to approach this?
There is a workaround for this.
If the RP validation of the received security token fails due to audience:
[System.InvalidOperationException]: {"ID1032: At least one 'audienceUri' must be specified in the SamlSecurityTokenRequirement when the AudienceUriMode is set to 'Always' or 'BearerKeyOnly'. Either add the valid URI values to the AudienceUris property of SamlSecurityTokenRequirement, or turn off checking by specifying an AudienceUriMode of 'Never' on the SamlSecurityTokenRequirement."}
Data: {System.Collections.ListDictionaryInternal}
HelpLink: null
HResult: -2146233079
InnerException: null
Message: "..."
StackTrace: ..
TargetSite: ..
}
This exception (and many others) can be handled in Application_Error, determine the exception using Server.GetLastError().
I noticed that:
FederatedAuthentication.WSFederationAuthenticationModule.SecurityTokenReceived
Fired right before this exception is thrown. This callback has SecurityTokenReceivedEventArgs, which has the SessionToken, where you can find all the audienceUri(s).
You can implement the logics you need there and add the relevant AudienceUri to:
FederatedAuthentication.ClaimsAuthorizationModule.FederationConfiguration.
IdentityConfiguration.AudienceRestriction.AllowedAudienceUris
As I said this is just a workaround, if you got can pour more information for my original question that will be great :)
Thanks.
I am using asp.net MVC3 and I am very new to this technology.
My models are designed in such a way that the properties will throw validation errors if the data is invalid. In this case, the properties are not set with invalid data.
When I redisplay my editing-view, validation error messages are shown; however the values that the user previously entered are gone because the model that it is bound to only contains the old-valid data.
For example, say I had a Person class and the Name property cannot be a null or empty string otherwise it throws a validation exception and prevents the property from being set. Now say the user removes the value from the Name property and tries to save the Person from the web. A validation exception will be thrown and handled properly to add the error to the ModelState so that it is displayed on the screen; however the old value for the Name is redisplayed since the invalid, empty string never made it into the property.
I do not know how to solve this problem and any advice on the issue would be greatly appreciated.
My advise is allow invalid data but use validation attributes. You wont save invalid entities so there is no problem and this is the standard approach these days. If you don't want do that, there is no easy solution. Most simple solution would be using the info from Request.Form
You should implement IValidatableObject to performe this kind of validation at server side.
From MSDN IValidatableObject Interface:
Provides a way for an object to be invalidated.
Theres an exemple here Using IValidatableObject Custom Validation, also from MSDN.
The solution to this problem was to create a ViewModel that allowed invalid data to be entered into this. This solution also simplified my ModelBinder classes because it took on most of the work.
When all property validation passes but the login info passed in is incorrect, I want to display a model-level error that reads:
Incorrect login. Reset Password.
#Html.ValidationSummary() is encoding the html.
I have tried creating a custom HtmlHelper for this but it's still doing the same thing.
I've also checked the source code and the ValidationSummary method uses internal methods that I can't use to recreate a helper for this.
Is there a way, whether in my view or in a HtmlHelper, to write an Html message if there is a model-level error?
I will use TempData to solve your problem.
In your method you set the message in
TempData["Error"] = "my error link";
then from your view you check if TempData["Error"] is not empty and then with
#Html.Raw(TempData["Error"])
you should get your message not encoded
I have a class "User" that is inherited by two other classes(LocalUser and Donor). I have created a custom membership provider for ASP.net forms authentication and overridden the ValidateUser() method. In the ValidateUser() method of my custom membership provider, I need to pass in a parameter to know whether the "User" to validate is "LocalUser" or "Donor" and accordingly validate the user against the database. The problem is that ValidateUser() takes only two parameters (username and password). So there is no scope for me to push in another one. One thing that came to my mind was to set a session variable but then I was looking for a cleaner approach. Any suggestions?
Just create an overridden version of your Validate method, taking 3 parameters and call it directly like:
((MyCustomMembershipProvider)Membership.Provider).Validate( username, pass, anything );
The only drawback of such approach is that you can no longer rely on the automatic invocation of the two-parameter version of the Validate method, if and only if it is automatically called from somewhere (for example from the asp:Login control)
You could send both username and usertype in username field and then parse it in ValidateUser method? Like this: username|userType. Of course, you should forbid entering delimiter in username field.
As I create user using built in asp.net sql tables and login controls, I would like to get to userid. How do I do that? Google is returning whole bunch of information but no where I could find an easy example to get UserID.
If user does exist, then I should get a userid, which I could store in my own custom tables for further user personal information management.
This whole membership and profile thing is very confusing to me. Google returned resuilts have all these pages with long explanation but it only confuses me. I can not even find the namespace in some of those dumb examples.
You can tell I am frustrated.
Please help !!!
This will give you the MembershipUser for the current logged in user
MembershipUser currentUser = Membership.GetUser(True)
From that you would use the ProviderUserKey property to get provider specific identifier. This is an object, so, assuming SqlMembershipProvider you need to cast it to a GUID. You can then use that in your tables.
You're looking for information on Forms Authentication.
The answer to your specific question is via HttpContext.Current.User. The Page class has a property named User which wraps HttpContext.
If HttpContext.Current.User.Identity.IsAuthenticated Then
Dim userName As String = HttpContext.Current.User.Identity.Name
' ...
End If