which database will I use with Sys.Services.AuthenticationService.get_isLoggedIn() - asp.net

I read this article and examine source code. But I cant understand that which database have he used.
And I have a database and table named "users" and field of "username" and "password" and "roles". So I want to use Sys.Services.AuthenticationService.get_isLoggedIn().
And I cant understand how reach my database and query recorded user and return answer..
Can u give same example..
thanks..

MSDN :
Sys.Services.AuthenticationService.get_isLoggedIn: The value of
this property is set by the ScriptManager object during a page
request.
So, if my understanding is good, this value should be the same as HttpRequest.IsAuthenticated property. You just have to do normal authentication in server side code (using ASP.NET membership or FormsAuthentication) to automatically have this property set.

Related

How do I find out a field's type information for a 'record' in appmaker in Server script?

I'm trying to create a re-usable script for capturing record changes onSave with Server-side scripting. To do that, I need the model information for a given table, including what type each field is.
I have figured out how to get the model for my table and details for the fields:
var table = "Clients";
var myObject = app.models[table];
// Dump the properties of the 2nd field in the model
console.log("Field 2 properties: " + JSON.stringify(myObject["L"]["fields"]["1"]));
I see this:
{"name":"Client",
"key":"zzzkS1spSPKkRXMn",
"displayName":null,
"description":"Short name for client (must be unique)",
"type":{},
"required":false,
"uid":false,
"defaultValue":null,
"minLength":0,
"maxLength":null,
"integer":false,
"sortable":true,
"minValue":null,
"maxValue":null,
"regexp":null,
"regexpError":null,
"possibleValues":null,
"aggregationType":null
}
"type" looks like an empty property here and I can't seem to figure out how to get any reference to it to tell me what I need.
How do I get usable type information for a given field in a model?
Right now, App Maker doesn't expose an API to access the model metadata.
You snippet is actually accessing App Maker's internal state and might break in future releases (the "L" property is actually obfuscated by a JS compiler and not designed to be accessed from user land).
We know this kind of meta-programming is handy and this is something we might add in the future based on user feedback. Please feel free to submit a request feature in our issue tracker (https://developers.google.com/appmaker/support).

Create Common Database Object

I have written SQL Server class and which contains all methods for insert, update, delete, execute stored procedure.
Now I have created a object of this class on Default page load and using class methods
to implement database operations.
Now if i am on second page and want to do database operation. I need to again create the database object.
Is there any way that can i only create it initially and use on other pages ?
You can look into Singleton pattern.
Click here for the MSDN article on it
ASP .NET solves many of these issues with the help of User Controls.
by using user control you can do code re usability
so you should go for user control
bellow link help you to create user control
http://www.codeproject.com/Articles/1739/User-controls-in-ASP-NET

avoid sql inject by query string in asp.net

I programed an application with asp.net and use "respons.redirect" in some pages, like this:
Response.Redirect(string.Format("~/*****/****.aspx?ID={0}", ID));
as user execute this cod he will redirect to correct page and every thing is fine .he can see this redirect link in his browser address :
http://localhost:1852/Jornal/Editor/ReviewerEmail.aspx?ID=1030
Now if he changes the ID manually and the ID is correct he can access the other data without any permission. how can i avoid this problem?(I wont use session)
please help me
If the ID needs to be public and no access control can solve the problem.
then i would suggest that you add a second parameter that is a hash of that Id.
Tampering with the ID parameter will cause a missmatch between ID and hash
http://msdn.microsoft.com/en-us/library/system.security.cryptography.sha256.aspx
you cold also change your ID parameter to a less 'guessable' id, like a GUID
You need to use access control.
Whenever you display any data, you need to check whether the currently-logged-in user has access to that data.
Obviously, you also need to track the currently-logged-in user, in a way that will prevent attackers from being able to claim they are someone else..
To do that, use ASP.Net's built-in membership system.

Is it possible to access a profile without updating LastActivityDate?

In asp.net (using MVC, but this happens in regular too)
Profile.GetProfile(username);
will update the LastActivityDate for that user. This is not intended when someone else is viewing that user's profile.
In the membership class you can specify whether to update this date with a second param, like so:
Membership.GetUser(username, false); // doesn't update LastActivityDate
Membership.GetUser(username, true); // updates LastActivityDate
Is there anyway to do something similar in the Profile provider without writing my own provider?
You might use one ugly workaround which includes changing aspnet_Profile_GetProperties stored procedure. This one is responsible for getting the properties while accessing user profile.
Open this procedure and you will find following code at the bottom:
IF (##ROWCOUNT > 0)
BEGIN
UPDATE dbo.aspnet_Users
SET LastActivityDate=#CurrentTimeUtc
WHERE UserId = #UserId
END
Remove it in order to stop updating the LastActivityDate. You will still get LastActivityDate updated when calling Membership.GetUser(username, true);.
You might look at using a provider that someone else has written, rather than write your own.
This one on Scott Guthrie's blog includes stored procedures which could be called directly by your own code to get the information:
http://weblogs.asp.net/scottgu/archive/2006/01/10/435038.aspx
This page has an msi download which installs a sample application for working with custom Profile data. The table based profile performs a lot better than the default on, where all of the profile data is contained in a single database field. The table based one is also a lot easier to query directly, which will help you with your question. The stored procedure from the sample schema is called getCustomProfileData
Otherwise, just query the database directly.

aspnet_users: get user id and use id web page

As I create user using built in asp.net sql tables and login controls, I would like to get to userid. How do I do that? Google is returning whole bunch of information but no where I could find an easy example to get UserID.
If user does exist, then I should get a userid, which I could store in my own custom tables for further user personal information management.
This whole membership and profile thing is very confusing to me. Google returned resuilts have all these pages with long explanation but it only confuses me. I can not even find the namespace in some of those dumb examples.
You can tell I am frustrated.
Please help !!!
This will give you the MembershipUser for the current logged in user
MembershipUser currentUser = Membership.GetUser(True)
From that you would use the ProviderUserKey property to get provider specific identifier. This is an object, so, assuming SqlMembershipProvider you need to cast it to a GUID. You can then use that in your tables.
You're looking for information on Forms Authentication.
The answer to your specific question is via HttpContext.Current.User. The Page class has a property named User which wraps HttpContext.
If HttpContext.Current.User.Identity.IsAuthenticated Then
Dim userName As String = HttpContext.Current.User.Identity.Name
' ...
End If

Resources