Showing Who is online in ASP.NET - c#

what is the best simple way to show who is online in c# without using membership control?
Is the only way is using session ?

You can do this via:
var onlineUsers = System.Web.Security.Membership.GetAllUsers()
.Cast<System.Web.Security.MembershipUser>()
.Where(user => user.IsOnline);
But you will need to cache/refresh this properly, since it can be a very expensive operation.

yes go to global.asax and create a new List<> of your User Class type in application_start event and save it to Cache
List<User> OnlineUsers = new List<User>();
Cache.Insert ("onlineuser",OnlineUsers,...);
and in your loginButton code get the list from cache and add the logged in user
User loggedin =someHelperCode.GetUser (txtUserName.Text,txtPassword.Text);
((List<User>)Cache["onlineuser"]).Add (loggedin);
and when a user logs out do the same and remove the user
and you can just bind the list to any lost bound control

Related

What is the best way to keep user information entered in MVC?

I have some users information like personal information and profile image. I need to user these information thought my web application.
I've created a public class that I set to users when I log in and I use the fields in that class in the entire web application.
Is this the right way?
Is there a better way to use this information at no cost?
Note: I have more than 2000 users in the user table.
Login Action:
var user = new LoginAction().getLogin(obj);
if (user!=null)
{
FormsAuthentication.SetAuthCookie(obj.Username, false);
Helper.loginUser = user;
}
Helper Class:
public static tblUser loginUser;
Static class in not good choice for storing users profile in memory. First problem is that Helper.loginUser always has last logged in user profile. Session and Cache are better choice to keep users profile in memory and after user logout or expiring session memory will be freed.
var user = new LoginAction().getLogin(obj);
if (user!=null)
{
FormsAuthentication.SetAuthCookie(obj.Username, false);
Session["User"] = user;
}

ASP.Net MVC Preventing direct access to action out of RedirectToAction method

My site aims to upload files to sharepoint folders. Users are coming from another system by using a button referencing my site and contains userId and other parameters. When a call comes to my site shown below
http://myapplication/Upload/ToFolder?entityName=new_policy&entityGuid=4451E282-80B0-E611-80E8-C4346BACFC18&systemUserId=1ADEC6E1-008C-430D-A163-D7BA7AD75689
I authenticate user with userId and redirect user to http://myapplication/Policy using RedirectToAction method and setting some parameters to static properties. Because of static properties I use my params but I dont want to do this way. I want to detect that when users types directly http://myapplication/Policy link and throw an error like "You should come from this site only via link on other system."
How can I detect this behaviour of users ?
You could set a tempdata value in the first action...
TempData["isRedirect"] = true;
which gets read by the second action
if(TempData["isRedirect"] == null)
{
//Deny access
}
//Set temp data again so that user can refresh
TempData["isRedirect"] = true;

Why is my List.GetUserEffectivePermissions() method not working?

I'm developing a process in C# with the SharePoint 2013 Client Side Object Model. I need to retrieve the SharePoint List Permissions of a given user, that will be different than the user that is executing the code.
using SP = Microsoft.SharePoint.Client;
SP.ClientContext SpContext = new SP.ClientContext("SITEURL");
SP.Web SiteWeb = SpContext.Web;
SP.List Lst = SpContext.Web.Lists.GetByTitle("LIST");
var ClientUserEffPerms = Lst.GetUserEffectivePermissions(#"<domain>\<username>");
SpContext.Load(SiteWeb, S => S.EffectiveBasePermissions);
SpContext.Load(Lst, L => L.EffectiveBasePermissions);
SpContext.ExecuteQuery();
After this code executes, the ClientUserEffPerms.Value (BasePermissions) object does not represent the permissions of the given user correctly. The object isn't null, but it represents the user as having no permissions. The user has at minimum view and edit permissions and I can confirm this by viewing/editing List Items using the web browser as this user.
The code executing user has permission to enumerate permissions at both the Web and List level. I've confirmed this with the code below, both booleans resolve to true.
bool SvcUserHasSiteEnumPermsPerm = SiteWeb.EffectiveBasePermissions.Has(SP.PermissionKind.EnumeratePermissions);
bool SvcUserHasListEnumPermsPerm = Lst.EffectiveBasePermissions.Has(SP.PermissionKind.EnumeratePermissions);
Can anyone help me determine what is wrong with my GetUserEffectivePermissions() method?
When you call GetUserEffectivePermissions you need to pass in the full claims token version of the login name, which looks something like this:
i:0#.w|domain\user
You can get this by loading the LoginName property on a user object:
clientContext.Load(clientContext.Web.CurrentUser, i => i.LoginName);
clientContext.ExecuteQuery();
Of course, that's for the current user, so you'll need to acquire the user you actually want first.

How to handle anonymous user in mvc application?

I am creating an Asp.NET MVC-4 application. In my application user can post their products. I want that whether user logged in or not [Anonymous] , he could post there products. For this i can use SessionId, but i am worry about if session expires that how can i detect the anonymous user.
I want to know about Migrating the Anonymous profile to logged in Userprofile. Please suggest me some good tutorials or resources or logic by which i can implement this.
http://msdn.microsoft.com/en-us/library/ewfkf772(v=vs.100).aspx has it all.
Use this to migrate rhe profiles in Global.asax
public void Profile_OnMigrateAnonymous(object sender, ProfileMigrateEventArgs args)
{
ProfileCommon anonymousProfile = Profile.GetProfile(args.AnonymousID);
Profile.ZipCode = anonymousProfile.ZipCode;
Profile.CityAndState = anonymousProfile.CityAndState;
Profile.StockSymbols = anonymousProfile.StockSymbols;
////////
// Delete the anonymous profile. If the anonymous ID is not
// needed in the rest of the site, remove the anonymous cookie.
ProfileManager.DeleteProfile(args.AnonymousID);
AnonymousIdentificationModule.ClearAnonymousIdentifier();
// Delete the user row that was created for the anonymous user.
Membership.DeleteUser(args.AnonymousID, true);
}

Registering a new user overwrites current user session - why?

I've come across an issue when registering new users with my app. The behaviour looks to be by design, but I don't understand why.
My problem is as follows (and I know it's a bit of an edge case):
User browses to my site's login page in two separate tabs in the same browser.
In the first tab, the user logs in and is correctly redirected to my home page.
In the second tab, the user follows my signup logic (which doesn't require any kind of page refresh, it's all done with client side code that culminates in a jQuery AJAX POST to the built in ServiceStack RegistrationService's /register endpoint)
Instead of creating a new user, the second user's details overwrite that of the logged in user's UserAuth record, and the first user can no longer log in.
Looking at the code in ServiceStack.ServiceInterface.Auth.RegistrationService, this behaviour appears to be 100% intentional:
var session = this.GetSession();
var newUserAuth = ToUserAuth(request);
var existingUser = UserAuthRepo.GetUserAuth(session, null);
var registerNewUser = existingUser == null;
var user = registerNewUser
? this.UserAuthRepo.CreateUserAuth(newUserAuth, request.Password)
: this.UserAuthRepo.UpdateUserAuth(existingUser, newUserAuth, request.Password);
Once the first user is logged in, the session cookie for that user gets sent with the registration request, causing the existingUser variable in the code above to be populated with the UserAuth for that user, which is then updated with the registering user details.
Can anyone explain why the code's been written in this way? And is there any way around it without replacing the RegistrationService with my own implementation?
This is the feature that lets you to auto-merge different Auth Providers into the same account in ServiceStack.

Categories