I am trying to make an access role in my system. I have these two roles ; Admin and user. In my login page, I put this line of code:
if (Roles.IsUserInRole(Login1.UserName, "Administrator"))
Response.Redirect("~/4_Admin/Page1.aspx");
else if (Roles.IsUserInRole(Login1.UserName, "Users"))
Response.Redirect("~/3_User/Expense.aspx");
When user role logged in, they are directed to the correct page but for the admin, it gives me this error,
The resource cannot be found.
Description: HTTP 404. The resource you are looking for (or one of its dependencies) could have been removed, had its name changed, or is temporarily unavailable. Please review the following URL and make sure that it is spelled correctly.
Requested URL: /Self_studies/login.aspx
<membership>
<providers>
<clear/>
<add name="AspNetSqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider" connectionStringName="Connection" requiresQuestionAndAnswer="false" requiresUniqueEmail="false" minRequiredPasswordLength="6" minRequiredNonalphanumericCharacters="0" applicationName="SampleApplication"/>
</providers>
</membership>
<profile>
<providers>
<clear/>
<add name="AspNetSqlProfileProvider" type="System.Web.Profile.SqlProfileProvider" connectionStringName="Connection" applicationName="SampleApplication"/>
</providers>
</profile>
<roleManager enabled="true">
<providers>
<clear />
<add connectionStringName="Connection" applicationName="SampleApplication"
name="AspNetSqlRoleProvider" type="System.Web.Security.SqlRoleProvider" />
</providers>
</roleManager>
<compilation debug="false">
<assemblies>
<add assembly="System.Core, Version=3.5.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/>
<add assembly="System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
<add assembly="System.Data.DataSetExtensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/>
<add assembly="System.Xml.Linq, Version=3.5.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/>
</assemblies>
</compilation>
<!--
The <authentication> section enables configuration
of the security authentication mode used by
ASP.NET to identify an incoming user.
-->
<authentication mode="Forms" />
I think I have checked the name and went through all the coding for so many times. Is there anything that I can do to fix this? Thank you.
Reference this- Examining ASP.NET's Membership, Roles, and Profile
try to configure your role manager as:
<roleManager enabled="true"
defaultProvider="CustomizedRoleProvider">
<providers>
<add name="CustomizedRoleProvider"
type="System.Web.Security.SqlRoleProvider"
connectionStringName="MyDB"
applicationName="/" />
</providers>
</roleManager>
and at login button check user role as: Ref: Validation on current user
if (HttpContext.Current.User.IsInRole("Administrators"))
Response.Redirect("~/PageA.aspx");
else
Response.Redirect("~/PageB.aspx");
Related
<system.web>
<profile defaultProvider="TestProfileProvider" inherits="Test.Library.UserAccountProvider.TestUserProfile">
<providers>
<add name="TestProfileProvider" type="Test.Library.UserAccountProvider.TestProfileProvider, , Test.Library.UserAccountProvider" connectionStringName="SecurityContext" applicationName="Sigma" applicationContext="XpressPago" />
</providers>
</profile>
<membership defaultProvider="TestMembershipProvider">
<providers>
<add name="TestMembershipProvider" type="Test.Library.UserAccountProvider.TestMembershipProvider, Test.Library.UserAccountProvider" connectionStringName="SecurityContext" passwordFormat="Clear" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" requiresUniqueEmail="false" maxInvalidPasswordAttempts="3" minRequiredPasswordLength="6" minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10" applicationName="Sigma" PasswordResetLimit="45" applicationContext="XpressPago" />
</providers>
</membership>
<roleManager enabled="true" defaultProvider="TestRoleProvider">
<providers>
<add name="TestRoleProvider" type="Test.Library.UserAccountProvider.TestRoleProvider" connectionStringName="SecurityContext" applicationName="Sigma" applicationContext="XpressPago" />
</providers>
</roleManager>
<httpRuntime executionTimeout="90" maxRequestLength="1048576" useFullyQualifiedRedirectUrl="false" minFreeThreads="8" minLocalRequestFreeThreads="4" appRequestQueueLimit="100"/>
<machineKey validationKey="196975F087819B74AC983A6D0882E5936BD0F30915A770C58E1177505D72D46F2D6F50BDB35DDF4E904AE01FD3E62726A6E63ADED231644D2D2E595A84AA76B2" decryptionKey="4496E865CAED30BA35BE7B60A06023CC3A13422F15060346" validation="SHA1" />
</system.web>
TestMembershipProvider is not showing any error but TestUserProfile is showing the following error:
Could not load type
'Test.Library.UserAccountProvider.TestUserProfile' from assembly
'System.Web, Version=4.0.0.0, Culture=neutral,
PublicKeyToken=b03f5f7f11d50a3a'.
on statement return (TestUserProfile)Create(username);
Maybe you should add the full assembly name (", Test.Library.UserAccountProvider") at the end of 'type' attribute of the line with name="TestProfileProvider" if its the location of your class ?
Like this :
<add name="TestProfileProvider" type="Test.Library.UserAccountProvider.TestProfileProvider, Test.Library.UserAccountProvider" connectionStringName="SecurityContext" applicationName="Sigma" applicationContext="XpressPago" />
And the same for the 'inherits' attribute :
<profile defaultProvider="TestProfileProvider" inherits="Test.Library.UserAccountProvider.TestUserProfile, Test.Library.UserAccountProvider">
I think Create does not where to pick the class since it tries in "System.Web".
Of course I suppose Test.Library.UserAccountProvider is the right assembly name, fix it if needed...
I am using membership tag for login attempt restriction after 3 times given wrong password in web.config file. But it is not working please help me
this is my web.config file below code is I given but it is not working
<connectionStrings>
<add name="mydb" connectionString="Data Source=mydbcnt;Initial Catalog=19052015;Integrated Security=True" providerName="System.Data.SqlClient" ></add>
</connectionStrings>
<membership defaultProvider="DefaultMembershipProvider">
<providers>
<add name="DefaultMembershipProvider" type="System.Web.Providers.DefaultMembershipProvider, System.Web.Providers, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" connectionStringName="DefaultConnection" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" requiresUniqueEmail="false" maxInvalidPasswordAttempts="3" minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10" applicationName="/"/>
</providers>
</membership>
Add a <clear/> tag before adding your provider.
<membership>
<providers>
<clear/>
<add name="AspNetSqlMembershipProvider" [...]/>
</providers>
</membership>
As stated here, the section within the web.config file is implemented as a collection, and so it is possible to register multiple providers at the same time, includig the ones created by ASP.NET in the root web.config file on your machine.
I am using the below defined membership provider web config settings. when I access my admin pages to start to add roles and users to the system generated SQL Server tables I see two applications created. one with a application name of "/" and the second is called what my setting is configured to PolyWebSite.
My steps are:
as an unauthenticated user I browse to role config page to add admin and other roles. this is when the first application is created.
I browse to a custom user page where I add users and assign them roles. also as an unauthenticated user. this is when a second application is created with the name PolyWebSite as set in my web.config
<roleManager enabled="true" />
<membership defaultProvider="AspNetSql2005MembershipProvider">
<providers>
<add name="AspNetSql2005MembershipProvider"
type="System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.0.0"
connectionStringName="SqlConnString"
enablePasswordReset="true"
requiresQuestionAndAnswer="true"
applicationName="PolyWebSite"
requiresUniqueEmail="false"
maxInvalidPasswordAttempts="5"
minRequiredPasswordLength="1"
minRequiredNonalphanumericCharacters="0"
passwordAttemptWindow="10"
passwordStrengthRegularExpression=""
passwordFormat="Clear"/>
</providers>
</membership>
figured it out: added details to the roleManager part of the web.config to be in sync with membership section. items added were connectionStringName and applicationName.
<membership defaultProvider="AspNetSql2005MembershipProvider">
<providers>
<add name="AspNetSql2005MembershipProvider"
type="System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
connectionStringName="SqlConnString"
enablePasswordReset="true"
requiresQuestionAndAnswer="true"
applicationName="PolyWebSite"
requiresUniqueEmail="true"
maxInvalidPasswordAttempts="5"
minRequiredPasswordLength="1"
minRequiredNonalphanumericCharacters="0"
passwordAttemptWindow="10"
passwordStrengthRegularExpression=""
passwordFormat="Clear"/>
</providers>
</membership>
<roleManager enabled ="true" defaultProvider ="SqlRoleProvider" >
<providers>
<add name ="SqlRoleProvider"
type="System.Web.Security.SqlRoleProvider"
connectionStringName="SqlConnString"
applicationName="PolyWebSite"/>
</providers>
</roleManager>
I'm using Roles.GetRolesForUser() and when I call it I get {string[0]}. However, when I type in a users name as a hard coded string like this: Roles.GetRolesForUser("theloggedinusersname"), I get {string[2]} [0]: "AccountingAdmin" [1]: "Admin". For the record, I also get values for Roles.IsUserInRole and User.Identity.
Here is how I have my Web.config set up:
<roleManager enabled="true" defaultProvider="DefaultRoleProvider">
<providers>
<clear/>
<add connectionStringName="DefaultConnection"
applicationName="[MyAppName]"
name="DefaultRoleProvider"
type="System.Web.Providers.DefaultRoleProvider, System.Web.Providers, Version=1.0.0.0, Culture=neutral, PublicKeyToken=[MyPublicKeyToken]" />
</providers>
</roleManager>
Clue: "theloggedinusersname" is not equal to User.Identity.Name.
I made a new MVC3 application and it's hosted on WinHost's basic plan.
The gist of the problem is, the app pool memory limits are reached and every session InProc is erased, meaning my users are logged out.
As per their documentation, I see this:
http://support.winhost.com/KB/a626/how-to-enable-aspnet-sql-server-session-on-your-web.aspx
Here is the contents of my web.config after following the steps outlined above:
<?xml version="1.0"?>
<!--
For more information on how to configure your ASP.NET application, please visit
http://go.microsoft.com/fwlink/?LinkId=152368
-->
<configuration>
<connectionStrings>
<!-- REMOVED FOR PRIVACY -->
</connectionStrings>
<appSettings>
<add key="webpages:Version" value="1.0.0.0"/>
<add key="ClientValidationEnabled" value="true"/>
<add key="UnobtrusiveJavaScriptEnabled" value="true"/>
</appSettings>
<system.web>
<sessionState mode="SQLServer"
allowCustomSqlDatabase="true"
cookieless="false"
timeout="2880"
sqlConnectionString="data Source='tcp:s407.winhost.com';database='DB_41_xx';user id='DB_11_xx_user'; password='xx';" />
<trust level="Full"/>
<compilation debug="true" targetFramework="4.0">
<assemblies>
<add assembly="System.Web.Abstractions, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
<add assembly="System.Web.Helpers, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
<add assembly="System.Web.Routing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
<add assembly="System.Web.Mvc, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
<add assembly="System.Web.WebPages, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
</assemblies>
</compilation>
<authentication mode="Forms">
<forms loginUrl="~/" timeout="2880"/>
</authentication>
<membership>
<providers>
<clear/>
<add name="AspNetSqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider" connectionStringName="ApplicationServices" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" requiresUniqueEmail="false" maxInvalidPasswordAttempts="5" minRequiredPasswordLength="6" minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10" applicationName="/"/>
</providers>
</membership>
<profile>
<providers>
<clear/>
<add name="AspNetSqlProfileProvider" type="System.Web.Profile.SqlProfileProvider" connectionStringName="ApplicationServices" applicationName="/"/>
</providers>
</profile>
<roleManager enabled="false">
<providers>
<clear/>
<add name="AspNetSqlRoleProvider" type="System.Web.Security.SqlRoleProvider" connectionStringName="ApplicationServices" applicationName="/"/>
<add name="AspNetWindowsTokenRoleProvider" type="System.Web.Security.WindowsTokenRoleProvider" applicationName="/"/>
</providers>
</roleManager>
<pages>
<namespaces>
<add namespace="System.Web.Helpers"/>
<add namespace="System.Web.Mvc"/>
<add namespace="System.Web.Mvc.Ajax"/>
<add namespace="System.Web.Mvc.Html"/>
<add namespace="System.Web.Routing"/>
<add namespace="System.Web.WebPages"/>
</namespaces>
</pages>
</system.web>
<system.webServer>
<validation validateIntegratedModeConfiguration="false"/>
<modules runAllManagedModulesForAllRequests="true"/>
</system.webServer>
<runtime>
<assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">
<dependentAssembly>
<assemblyIdentity name="System.Web.Mvc" publicKeyToken="31bf3856ad364e35"/>
<bindingRedirect oldVersion="1.0.0.0-2.0.0.0" newVersion="3.0.0.0"/>
</dependentAssembly>
<dependentAssembly>
<assemblyIdentity name="Newtonsoft.Json" publicKeyToken="30ad4fe6b2a6aeed" culture="neutral"/>
<bindingRedirect oldVersion="0.0.0.0-4.0.8.0" newVersion="4.0.8.0"/>
</dependentAssembly>
</assemblyBinding>
</runtime>
</configuration>
Here lies the problem:
My users are still getting logged of after some time. I thought using SQL for the session would prevent this issue.
Here is the relevant bit of code on how I'm loggin my users in:
[HttpPost]
public ActionResult Login(LogOnModel model)
{
using (EfAccountRepository accountRepository = new EfAccountRepository())
{
if (accountRepository.ValidateCredentials(model.Email, model.Password))
{
FormsAuthentication.SetAuthCookie(model.Email, true);
return RedirectToAction("Index", "Home");
}
}
ModelState.AddModelError("", "Your email or password is incorrect.");
return View(model);
}
And here is some code I use to see if the user is logged in:
public static MvcHtmlString AdminDashboardLink()
{
if (SecurityHelpers.UserIsPartOfCompany(HttpContext.Current))
{
string html = "<li><a href='/Admin'>ADMIN DASHBOARD</a></li>";
return new MvcHtmlString(html);
}
else
{
return new MvcHtmlString("");
}
}
public static bool UserIsPartOfCompany(HttpContext context)
{
if (!context.Request.IsAuthenticated)
return false;
using (EfAccountRepository accountRepository = new EfAccountRepository())
{
var loggedInUser = accountRepository.FindByEmail(context.User.Identity.Name);
string[] userRoles = accountRepository.GetRolesForUser(loggedInUser.AccountId);
return userRoles.Contains("Editor") || userRoles.Contains("Finance") || userRoles.Contains("Administrator");
}
}
Any suggestions? Maybe my web.config is botched and this is causing issues. Maybe I also needed to remove something after I added in the session information?
It is caused some times because the garbage collector cleans the machine key assigned to your application and assigns a new key that causes the looged in users to log out. Solution is to generate a machineKey for your application and place it in the web.config under system.web like
<system.web>
<machineKey validationKey="###YOUR KEY HERE ###"
decryptionKey="## decrypt key here ##"
validation="SHA1" decryption="AES" />
...
...
this link may help you http://aspnetresources.com/tools/machineKey
Forms auth is not session related, at all. It has nothing to do with session state. Everything required is stored in the forms auth cookie.
Your timeout above is set to 2880, so 48 hours i.e. two days so I would expect timeouts to happen.