Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 8 years ago.
Improve this question
Say, we are not using forms authentication or membership. When a user requests for any of the pages of the application, she needs to be redirected to login page.
This way, each page needs to have an authentication check on the Page_Load(). But what if we have over 500 pages.
Any chance to use sth like static classes with static properties or creating your own http handlers?
This is too broad of a question with a few aspects, including :
How to manage a User's Session
How to manage multiple user accounts being logged in
How to perform the login process
Managing a user's state must be independent of anyone else's actions. Therefor, you cannot rely on static properties. This presents the question of "Well, how do I keep track of it without it being static?" One of the answers is to use Session information. For example, during an Ajax request to the server you could do this :
if (HttpContext.Current.Session["LoggedIn"] != null)
{
object oValue = HttpContext.Current.Session["LoggedIn"];
bool bResult;
if (bool.TryParse((string)oValue, out bResult) == true)
return bResult
return false;
}
else
return false;
This solves the first two issues and opens a door to creating a hanlder class that knows YOUR specific session keys and patterns for getting different kinds of values.
As for the third issue you will face - No one can give you a concrete answer. Your design and data structure will determine how you validate and track your users.
Related
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 5 years ago.
Improve this question
I build Xamarin.Forms App using this tutorial:
https://learn.microsoft.com/en-us/azure/app-service-mobile/app-service-mobile-xamarin-forms-get-started
and I choose .NET back end.
I implement push notification for android and ios using this:
https://learn.microsoft.com/en-us/azure/app-service-mobile/app-service-mobile-xamarin-forms-get-started-push
and also implement authentication using this: https://learn.microsoft.com/en-us/azure/app-service-mobile/app-service-mobile-xamarin-forms-get-started-users
while choosing Facebook as my authentication provider.
My app is running and working great! but now I trying to add push notification to a specific user and I have few questions:
Is it possible to use the Facebook sid as the unique id and decide that if I want to send push to a specific user, I will do this using the Facebook sid?
I read that when the user does the authentication through Facebook, his Facebook sid is register automatically has a unique id and I can send to this Facebook id as a TAG and it will arrived to the specific user.
In this line of code: var result = await hub.SendTemplateNotificationAsync(templateParams);
that is located in my .NET back end code in the " public async Task PostTodoItem(TodoItem item) " method, I tried to add a TAG after the "templateParams" , I tried to enter the Facebook sid or the Installation id, is this correct?
If I want to send to a specific user, is that the place that I need to add his "TAG"?
Am I going the right way? can I choose the TAG to be the unique id and when I want to send push to a specific user, I will send to his TAG?
I Wanted to know how the user is register to a specific TAG? if the approach from the second question is correct.
*If you have a written code or different approach, I would really like to hear, I trying to implement the push to specific user for about 2 weeks and still did not succeed.
Closed. This question needs details or clarity. It is not currently accepting answers.
Want to improve this question? Add details and clarify the problem by editing this post.
Closed 5 years ago.
Improve this question
I was reading https://learn.microsoft.com/en-us/aspnet.... about Security to prevent AJAX requests to another domain and makes me wonder, if I enable this, I would be able to make request from my Android Client? Cu'z it seems that anything outside of that domain, can't be requested. Is that it? Thanks!
Would be something like:
context.OwinContext.Response.Headers.Add("Access-Control-Allow-Origin", new[] { "*" });
using (IUserRepository _repository = new UserRepository(new Data.DataContexts.OAuthServerDataContext()))
{
var user = _repository.Authenticate(context.UserName, context.Password);
if (user == null)
{
context.SetError("invalid_grant", "The user name or password is incorrect.");
return;
}
}
If you are making the request from another domain then you will need to set up an Access-Control-Allow-Origin header. You can use * if you aren't concerned about security but it's best to specify only the domains you know will need access.
Non-browser-based clients may not necessarily send the Origin header (e.g. Postman) in which case you likely won't need to worry about setting up CORS.
That documentation you linked is a good start. This post provides a good basic example if you want to set up access globally rather than a per-controller basis.
Closed. This question needs details or clarity. It is not currently accepting answers.
Want to improve this question? Add details and clarify the problem by editing this post.
Closed 7 years ago.
Improve this question
I have a website where a user logs in, can see his information and edit it. There is also another website, something like a site only for admins, where if I click a link it redirects me to the first website, logged in as that user but I can only read his information not edit it. I am having trouble finding out how to make website 1 both readable only and read/writeable.
I am doing this in Asp.NET mvc using C#.
One method would be to check for authorization in the Razor view.
Psuedocode:
#if(User.IsAuthorizedForEdit()
{
#*your edit view code*#
}
else
{
#*your readonly view code*#
}
This does make for some bloaty Razor. The other (arguably, better) alternative is to direct them to the appropriate view in your controller based on user.
Handy-wavy psuedocode to give you an idea:
public ActionResult ViewProfile(int profileId)
{
var user = GetCurrentUser();//without looking at your code, I can't infer this piece.
var profile = GetProfile(profileId);
if(IsAuthorizedToEdit(user, profileId)
{
return View("edit", profile);
}
else
{
return View("view", profile);
}
}
In theory, you already have a read-only view and an edit view, so the latter would be more reusable.
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 8 years ago.
Improve this question
In my .NET web application I need to implement time based Logins for students,The system should allow students to login only between 9 AM and 5 PM. somebody please suggest me how to implement this, which is better implementing using SQL time functions or using .net time methods?
If simply compare using normal time functions will it create when I host the application on a remote server(out side My country)?
Assuming that there are some users who are not students: (1) authenticate the user, (2) check the user's roles and if they are a student and attempting a login at naughty time then logout the user and display an appropriate message.
Using a single source for time in an application can reduce complications. I often use the database server as the source of time so that all timestamped data generated by the application can be correlated properly. UTC can be your friend in this case.
You can handle loggingIn event of login control and check if DateTime.Now lays between 9AM and 5PM
void OnLoggingIn(object sender, System.Web.UI.WebControls.LoginCancelEventArgs e)
{
DateTime loginTime=DateTime.Now;
if (loginTime.Hour >= 9 && loginTime.Hour <= 17)
//log in your user
else
//show error message about time
}
Closed. This question needs details or clarity. It is not currently accepting answers.
Want to improve this question? Add details and clarify the problem by editing this post.
Closed 8 years ago.
Improve this question
How to load index page with QueryString in asp.net? I know that we can redirect to a particular page with QueryString, but what I want is to load first page with some querystring.
If you are setting start action in Property pages of your application then you can follow following steps
1) right click on your project in solution explores
2) Go to Property pages
3) Set start action to 'Specific Page' and value = "index.aspx?a=22"
A very simple way to make it work on both local and remote enviroments is to, at page_load(), detect if the desired QueryString content is present.
If not, Use Response.Redirect pointing to the current page with the added QueryString parameters. Example follows:
if (Request.QueryString["QSEntry"] == null)
Response.Redirect("Page.aspx?QSEntry=desiredValue");
Pro: It'll work the way you want.
Con: You're actually loading the page twice (first time it's a parameterless load), so don't forget to take that into consideration.