I'm developing an application that requires user accounts to automatically be disabled if they haven't renewed their membership
Is there an easy way to do this with ASP.NET membership framework, where it is possible to define/set an expiration date?
Thanks
I think, in your case, you can use profile provider along with membership provider. Just create a profile property for expiry date, and set it when new user is registered. Update login functionality of site to check for expiry of user in that profile property.
That's the only simplest way I can see.
Let me know if you need more help.
Related
It's my first contact with MVC so please be understanding for me. First of all:
1) If I will implement custom Membership provider with sql database, with my methods to activate user via e-mail, putting user into database etc. (and just one table - tableUsers), this solution about oAuth and Facebook login will works properly? Honestly, it's not clear for me at all.
2) What solution is better. My custom membership provider, or using default?
I want to sending my custom activation e-mail, then activate account. Later, I want to add new columns into userProfile table - "ID type" and "isActivated". I will storage additional info about user in separate table (telephone, webiste, about me, hobby etc) - I will get this data by IDuser from userProfile. What is more, I want to use loggin method via Facebook or Twitter. I found solution on asp.net website, how to do it with Oauth.
What solution I have to choose?
Regards
What solution is better. My custom membership provider, or using default?
As you want to store extra user information in the database, you will need to create your own custom Membership Provider as the default one lacks this flexibility. Also with the default membership Provider , you will not be able to verify your user with an activation email. You will have to customize it.
How to do it with Oauth.?
The default Membership Provider provided with MVC4 in VS 2012 has the ability to do login using Facebook and Twitter and you can add even more like LinkedIn. But, as you will need to create Custom Membership provider for storing additional information, you can use DotNetOpenAuth library for this. It is the same used by the default Membership Provider. You can add it through Nuget.
i need to know this.. in the asp.net membership provider, it is possible to create a user with more than one mail?
The thing is that i want in my page (ASP.NET MVC 3) the users can have various emails to login.
It's this possible?
Thanks!
Membership Provider is limited to 1 email account per account holder. You can attach custom attributes for each account using Membership Profile. So your secondary email would simply be an attribute of the user's profile. Here is a great article explaining how to do this.
It is possible, but not with any of the built-in membership providers. You will need to implement your own. Just know that your design will come down to ensuring that e-mail is unique in the table and is linked to a single user account (many-to-one). This will require a separate table in the database for the many e-mails a user may have.
With the default membership providers, no. An email address maps to one user. You can however implement your own membership provider that will take care of this situation.
I'd argue its not a job for the membership provider -- multiple email addresses smell like an application-layer concern.
I'm trying to create a custom login for my flex web app with spring-security.
I have an working version where we use the channelset.login with blazeds.
The problem i have is that i would like to split the authentication and the authorization.
I would like to ask the user to make some choices after the authentication to determine its roles.
Since the roles the user is authorized to are determined by this choices.
This means the user has to be authenticated and then the client needs to do a service call to the service and then the authorization process needs to take place.
Does anyone know if this is possible and have some tips of how this can be done?
Thanks in advance,
Arjen
Yes, that doesn't sound too far-fetched.
You can store the user roles in the database, make each role for new users something like SIGNUP which will only allow the user to signup, once his new role is determined, simply update that role and restrict the new role from being able to update the role again, unless you're admin.
You can also override the authentication process to do whatever you want to do: http://mark.koli.ch/2010/07/spring-3-and-spring-security-setting-your-own-custom-j-spring-security-check-filter-processes-url.html
The session object might need to be refreshed if you're using some form of ORM.
Our site has got two ASP.NET membership providers. The built in one, and a custom one (SqlMembershipProvider.
I am able to log into both no problems, but I don't necessary require the ability to have both logged in at the same time.
The issue I have is as follows:
User "person_a#site.com" logs into the built in provider. They then navigate to the section of the site where we require the custom provider.
On this page, I can check if they are authenticated, and get their username. I can then get a MembershipUser object form the custom providers GetUser method. (HttpContext.Current.User.Identity.Name)
It is possible (and very likely) that the username "person_a#site.com" could also exist in the users for the custom provider.
But, I don't want them to be logged in here, as they haven't authenticated against the custom provider.
So, is it possible to check which proivider HttpContext.Current.User was generated from.
Hope this all makes sense!!
Yes, if you notice on the RolePrincipal there is a property called ProviderName.
Typically when people roll their own providers they omit usage of this field.
In your case, simply modify your custom provider to identify itself, if it does not already, and check that property of the user.
Our SSO login process uses Forms Authentication against a custom user store in SQL Server.
One of our new security requirements is to only allow an account to have one active session at a time. So any time a user logs in, we will check to see if the login credentials are already active, and preferably prevent the new user from logging in again until the other session ends. Alternatively we could force the other session to end, if that would be easier to implement.
Is there a simple way to do this with Forms Authentication? We've considered a custom approach where we track each session in the database, but it would be a lot of work and we'd probably have to modify all of our applications to detect the session_end, which I'm hoping to avoid. I figure there has to be something in Forms Auth that handles this.
I've seen the MembershipUser.IsOnline() method, which seems ideal, but we're not using a Membership provider.
UPDATE: Just to be clear, I do not need to check whether the current user is logged in, I need to know if somebody else is already logged in using the same account.
Try this:
System.Web.HttpContext.Current.User.Identity.IsAuthenticated
If I understood you correct, you would need to store the last activity state based on the user id.
Membership.IsOnline() is implemented by checking the LastActivityDate property persisted in the membership database.
So somewhere, you would need to track user activity.
You could maybe implement a httpmodule that updates a timestamp for user activity.
If the HttpContext.Current.User property is not null then they are logged in. And Identity.IsAuthenticated is true.