I've been searching for this for a little while now and cannot seem to find a way to accomplish my goal.
First, what I'm currently trying to code is a ticketing app for our IT department to use, mostly to help us keep track of what has and hasn't been done to different machines and some people that may need further training in the software that is used on site. I have a few tables created to keep tracking of work performed, issues, and any relevant notes. The final product will be more than a ticketing system, but a somewhat comprehensive IT support app.
My goal in the use is to have the tech "sign in" to the app by providing his/her username and password to our database system. From there the tech's permissions will be loaded as to what a tech can and can't do with tickets. When the tech would like to view tickets or edit tickets I want the app to load any relevant tickets (i.e. open tickets, closed tickets, PC tickets, printer tickets,...etc.).
I have a ticket class that contains all of the properties that are stored within the database, but my question is how to properly link the first sign on information to the ticket class.
For example in my class I have something like:
public class ticket
{
public int TicketNumber {get;set;}
public string Tech {get;set;}
public string Category {get;set;}
public string ReportedBy {get;set;}
public void Save()
{
//Code to update record in DB
}
public void Create()
{
//Code to add a new record to DB
}
}
So, how do I properly get the class to where I can add the proper user name and password to this to include the tech's user name and password? I've had similar projects working before, but I have pretty much always used another person's user name and password hard coded. For this I would not want someone else using the application to be changing any of the ticket information if their user name and password was not valid for these tables.
Sorry for being wordy, but wanted to provide a basic look at what the app is in case someone has a better idea. I am open to suggestions especially on proper ways to pass the sign on information from app to class then data back to app.
The database is an iSeries. We use the IBM iSeries 32-bit ODBC driver to connect from Windows, if this helps. Most of the coding will be done in C# using Visual Studio 2013.
Thank you for any help.
Create a separate class to hold to user:
public class TechUser
{
public string UserName {get; private set;}
public string Password{get; private set;}
public TechUser(string userName, string password)
{
UserName = userName;
Password = password;
}
}
Then pass it in to the create function:
TechUser user = new TechUser("name", "pw");
ticket t = new ticket();
t.Create(user)
Related
I am making a website that uses the default EF Core to manipulate user data. It has a custom user with a definition like:
class AppUser : IdentityUser
{
[ProtectedPersonalData]
public Address HomeAdress { get; set; }
[ProtectedPersonalData]
public Address BusinessAddress { get; set; }
...
}
It also has the same default stuff like Email, UserName, etc., which are the same as the IdentityUser. However, I noticed that when saving the addresses to the database a new table is made for Address class where a new table entry is created for each instance of Address in my user class and the Id of the Address in the Address table is stored in HomeAddressId and BusinessAddressId of my users' database entries.
Considering this information how should I receive the user information from the database, including the Address data? I aim to get every field in the user data and also get the "related" data. Should I just make a database connection and receive stuff with SQL? Is there a way to do this using UserManager?
Side Question: Is this the most efficient way to store the Address data?
I'm new to web application in asp.net mvc 5. I'm curious about how static classes behaves in web application. I'd like to know how my program will behave.
Let's say I have CurrentUser static class which stores logged user id.
public static class CurrentUser{
public static int UserId {get; set;}
}
Which is set whenerever user is logging in.
My app is in external server.
So what will happen if:
User A log in -> userId is set to 1, then User B log in (they access to from differentlcoations) so user Id is set to 2. When User A would like to perform action which need to check his Id, will it be 1 or 2?
I checked one scenario where 2 differentpersons log in from one pc at the same time (different tabs) and I know that User Id will be 2 for both of them (when User B logged in as second to the app). How to resolve this?
I've already read: Static classes in web applications.
I know that my solution may be error prone because every one has access to that class but I don't know if static classes in web app aren't store per user (thread?)?
If you store current user in session storage it will be better than static class. Because there is one copy of static class and fields and for every user login the last login is kept.
I'm creating a UI App on C# using .NET Core .
I have to register users and let them login. So, the question is: how may I welcome logged user? I want the following: "Welcome back, {UserName}".
I create new window with input of class User object, so I know where to get his/her name, but I'm not sure how to program adding the name in .xaml.
Would be grateful for any possible help!
From your description, you may created a wpf Application(net core 3.0)?
When you logged from the log form. You can show the "Welcome back, {UserName}" in the main form. Like the following simple code.
We can define a User object property in App class.
public partial class App : Application
{
public static Users usersd { get; set; }
}
And assign the User object when logging. Then, in the Main Windows/others form, you can show the user information:
private void Window_Loaded(object sender, RoutedEventArgs e)
{
if (App.usersd != null)
{
label.Content = "Welcome back, {" + App.usersd.Name + "}";
}
}
In order to welcome users back, you need to store the user data in a database or in a file(.txt,.json,..). One way to do this is storing the user data as JSON when they first open the program. link
Then, you can check if the user has already logged in before. (perhaps use a userID property in User class)
Don't forget you need to add a NuGet package called Newtonsoft.Json in order to serialize and deserialize the data. Install NuGet package
We are currently working on a smaller ASP.NET MVC 5 application using ASP.NET Identity. It allows us to maintain different projects and their tasks. We recently implemented basic authentication so we are able to register a user with our site and login with them.
We want to be able to manage access rights on project basis so we can say for every single user that he has read, write, admin or no permissions for a specified project.
My first thought was that we can create a simple new table in our database which stores the user rights. But I feel that there might be a built-in way to achieve this with ASP.NET Identity.
So my question really is, which path we should follow - manually building a new table to administer the rights or use something built-in provided by ASP.NET Identity.
use something built-in provided by ASP.NET Identity
The only things you could use there are claims or roles and both are not built for what you want IMO.
So I would go with your own table which links the project to a user, e.g.:
public class UserProjectRights
{
[Key]
public ApplicationUser User { get; set; }
[Key]
public Project Project { get; set; }
public AccessRight Right { get; set; }
}
Then whenever you do some actions where a specific right is required you need to check for that. There are several ways how you could do that. In my app I created "access right check extensions" like the following (I have defined a common interface for all "access right entities" to "reuse" that method):
public static bool? CanView(this ApplicationUser user, Project project)
{
var userRight = project.Rights.FirstOrDefault(r => r.User == user);
return userRight == null ? (bool?)null : userRight.Right.HasFlag(AccessRight.View);
}
assuming AccessRight is an enum like:
[Flags]
public enum AccessRight
{
View,
Edit,
Admin
}
Then you can do something like the following in your logic:
if (user.CanView(project) == true)
{
// show project
}
I used bool? so I can implement different "default behaviour" as I know if null is returned there is no right defined.
For reasons I would rather not discuss, I need to create a custom authentication system for my app. I was just reviewing the system and am having some doubts if my solution is thread safe. My goal was to create a solution that would allow my app to authenticate a user one time and that users authentication info would be shared by all master pages, pages, classes, user controls, etc that are used. (But not share the same info between users)
Here is my setup:
PageHttpModule.cs - this is added to the web.config as a httpModule.
public class PageHttpModule : IHttpModule
{
public void Init(HttpApplication app)
{
app.AuthenticateRequest += new EventHandler(OnAuthenticateRequest);
}
public void OnAuthenticateRequest(Object s, EventArgs e)
{
CurrentUser.Initialize();
}
public void Dispose() { }
}
CurrentUser.cs
public static class CurrentUser
{
public static bool IsAuthenticated { get; private set; }
public static string Email {get; set;}
public static string RealName {get; set;
public static string UserId {get; set;}
public static void Initialize()
{
CurrentUser.AuthenticateUser();
}
Note: this is a scaled down version of my authentication code.
public static void AuthenticateUser()
{
UserAuthentication user = new UserAuthentication();
user.AuthenticateUser();
if (user.IsAuthenticated)
{
CurrentUser.IsAuthenticated = true;
CurrentUser.UserId = user.UserId;
CurrentUser.Email = user.Email;
CurrentUser.RealName = user.RealName;
}
}
}
UserAuthentication.cs
public class UserAuthentication
{
public string Email { get; set; }
public string RealName { get; set; }
public string UserId { get; set; }
public bool IsAuthenticated { get; private set; }
public UserAuthentication()
{
IsAuthenticated = false;
Email = String.Empty;
RealName = String.Empty;
UserId = String.Empty;
}
public void AuthenticateUser()
{
//do some logic here.. if the user is ok then
IsAuthenticated = true
Email = address from db
UserId = userid from db;
Realname = name from db;
}
}
I have tested between 3 different browsers and it seems to work fine, but I am still learning and don't want to make a huge mistake.
If my logic is totally wrong, then how should I do it so I dont have to put user lookups on every page directly?
No, this is not thread-safe. For instances of the application living in separate processes or AppDomains, this will be just fine. But if your ASP.NET server is going to serve multiple requests at once using threading, you are going to have some very bad side effects if two people try to use the application at the same time.
In the Init method, the HttpApplication parameter is described as:
An HttpApplication that provides access to the methods, properties, and events common to all application objects within an ASP.NET application
The key here is that there is one PageHttpModule for the lifetime of the app, and all static objects that exist in the lifetime of the app will share those variables.
BUT... the lifetime of CurrentUser is only within the scope of the OnAuthenticateRequest event, unless some other reference keeps the object alive. If it were a PageHttpModule member-level variable, you'd have issues that you would have noticed immediately. In your situation, however, you'll work fine so long as you don't get more than one simultaneously-processed OnAuthenticateRequest call.
The answer to your question is no, you're not guaranteed to be thread-safe. If two authentication requests come in simultaneously, you're not guaranteed to have one event complete before the other begins, in which case the second user can appear authenticated, when it's really the first user that was logged on.
Update
I think part of the problem is coming from a misunderstanding of AuthenticateRequest... By the time this event is called, the user has already been authenticated by either Windows or Forms authentication... you're just getting notified that it's happened. In fact, the property User.Identity.IsAuthenticated has already been set (I believe this event fires even if the user fails authentication, but I won't swear to that without double-checking).
If I understand what you are after, you're really trying to write your own custom membership provider. If you take this approach, you will have all the benefits of the built-in authentication... all of the standard properties related to authentication will be set and accessible, and will be isolated to a user's session in the manner you want.
Writing a custom provider is not a small feat, but it is doable, and you should be able to reuse a lot of the logic and code you're currently using for your classes.
Trying to completely re-write the authentication mechanism would be jumping through painful, complicated hoops.
Some links:
http://www.devx.com/asp/Article/29256/0/page/3
http://www.codeproject.com/KB/aspnet/WSSecurityProvider.aspx
http://msdn.microsoft.com/en-us/library/f1kyba5e%28v=VS.90%29.aspx
The properties you must implement may look daunting, but unless you need a specific functionality (such as ResetPassword), you can simply throw a NotImplementedException. Code only what you'll use.
Why not just do it the way microsoft recommends?
http://msdn.microsoft.com/en-us/library/9wff0kyh.aspx
I've done custom authentication this way and it works fine.
Here is another link which should prove useful:
Link
What you have done with IHttpModule seems like a good path to tackle this kind of issue. One of the purposes of the http module as stated by microsoft is to enable for any kind of special authentication. When http module intializes it uses the same instance for new requests. Since you dont have any global variables I am not so sure how to address your thread safe question. It seems like you are onlu reading some data out, so please elaborate!