 |
|
|
|
|
|
|
|
|
kindly informe me that how can we creat the session for name that name show at all pages how is loggedin.code mustly informe asp.net(vb)
|
|
|
|
|
|
|
|
|
|
You've provided a line saying have the appropriate code in Web.Config, but have not indicated what that code needs to be. I'm learning to write in C# in asp.net, so please excuse me if this question is too lame, and help me out here.
Also what is the code for doing the same thing in C# using asp.net?
|
|
|
|
|
|
|
Hello..
I am bulding a website using asp.net (vb)with mysql database.I want to
allow subscriber to logging to my website.
I want to use a login session.
How to implement the login using mysql database..
Thank you...
|
|
|
|
|
|
|
i want to create a shoping website .at first time from the home the user is redirected to the Authenticated(login) form.how can i Authenticated him?after this he may be came back to the hom(befor he close the explorer) .I want he directly redirected to the shopping form not login form for the second time.can i use session?
thank you!
|
|
|
|
|
|
|
Each client gets its own unique session, which is created the first time it accesses a page which creates or retrieves a session. So it's actually created before the login. SO YOU CANNOT USE SESSIONID TO CHECK IF USER WAS LOGGED IN OR NOT (Authentification)
For security (login checks) use TICKETS instead. A ticket is actually a GUID stored in the application cache. It is created after the user was validated. These ticket guid can be passed utomatically by each call within the SOAP header. Then on the server-side you can check, if this ticket id exists in the cache. If yes: client was already validated... For additional role based Athorization you may use additional function calls(checks).
On the server side, you can not only store a ticket, but also the client's IP. Which can be then checked on each call - (see more on IP sec.) - to ensure, that the session is not hijacked.
So that's all. You can find more about in the book Microsoft® .NET Distributed Applications: Integrating XML Web Services and .NET Remoting.
C#, ASPX, COM, SQL
|
|
|
|
|
|
|
I want to create a shoping website .at first time from the home the user is redirected to the Authenticated(login) form.how can i Authenticated him?after this he may be came back to the hom .I want he directly redirected to the shopping form not login form for the second time.
thank you!
|
|
|
|
|
|
|
Normally you would gather user information and setup their new account the 1st time the user makes a purchase. The information needed to setup an account is probably the same information you need to process their transaction. To automatically identify a user on subsequent visits you will have to store a cookie on the user's machine and then look for that cookie when the user revisits your site.
*** Never store sensitive user information, like credit card numbers, in a cookie. Cookies are not very secure.
Hope that helps.
Scott
|
|
|
|
|
|
|
Just a advice...
Do not use RawUrl for this. There is a security problem.
For example:
if a malicious user just enter this:
http://mysite.com/a_page.aspx?anything=Login.aspx
in this case the "RawUrl" parameter will have "Login.aspx" inside and the checklogin() will not block the page if the user is logged in or not.
You may use FilePath as a replacement for RawUrl. FilePath wil give you the file acessed on the server, not the full url.
|
|
|
|
|
|
|
Good Catch!
Thanks for pointing it out.
Scott
|
|
|
|
|
|
|
will u give me 1 xample plz
|
|
|
|
|
|
|
Sure:
String Text1 = Request.RawUrl.ToString();
|
|
|
|
|
|
|
Article deserves a better rating - at least a 3.
I think when people saw some VB code (and before editing the formatting was kinda weird too) they automatically gave it a 1. I myself am guilty of havign given a low rating to this one.
My one consolation is that ratings are mostly meaningless. A good many people give 1s if they do not like the author's forum posts, his general ideas, his religion, race etc.
BTW pretty nice idea - thats to the author.
Nish
Extending MFC Applications with the .NET Framework [NW] (coming soon...)
Summer Love and Some more Cricket [NW] (My first novel)
Shog's review of SLASMC [NW]
This post was made from Trivandrum city, India on a 0.0001 KB/s net connection
|
|
|
|
|
|
|
Hi dear,
I have a main ASP.NET project in my wwwroot directory in web server.
now I want to create second ASP.NET project in a subdirectory for example wwwroot\subdir\
and also I want to add form based authentication to the second project. as you know I must do
appropriate changes in web.config files and place it in wwwroot\subdir\ directory because I don't
want change my main project web.config file. but when I place web.config file with authentication
in wwwroot\subdir\ directory my second web application doesn't work properly.
\wwwroot\
main web application
main web.config file
\wwwroot\subdir\
second web application
second web.config file
now how can I do this job that my two web.config files don't have conflict with each other?
Thank you in advance.
|
|
|
|
|
|
|
You are using the Session object, which is actually a special "cookie" object, it just doesn't store the cookie information on the client's disk, instead holding it in browser's memory and on server. I'm not sure about ASP.NET, but I guess there is no big change in Session since ASP 3.0. In ASP, Session will not work if your client (browser) has disabled cookies, so same should be in ASP.NET, but again I'm not sure.
Philip Patrick
Web-site: www.stpworks.com
"Two beer or not two beer?" Shakesbeer
|
|
|
|
|
|
|
Well, actually there're 2 versions of Session in ASP.NET. You can work with Session with or without Cookies by setting the property in web.config file. When using Sesson without cookies your web application will control the users' sessions by adding more information to every hyperlink in your page which will capture every step of the user's. But by the way using cookies is still the best choice.
<font color="green"><font color="blue">foreach</font> (System.Hours hour <font color="blue">in</font> EveryDay.Hours)
{
WorkingWithMyComputer();
}
|
|
|
|
|
|
|
Ah I see.. Good to know that, thanx 
Philip Patrick
Web-site: www.stpworks.com
"Two beer or not two beer?" Shakesbeer
|
|
|
|
|
|
|
Cookieless session mode is a bad idea because if you copy the url and send it to someone else, they take over the session. You can fix this by checking that the host name has not changed every time. If it has changed then you can start a new session.
dog_spawn
http://www.hatekill.com[^]
|
|
|
|
|
|
|
Yeah, but this "someone else" will take over YOUR session So if you don't want it, simply don't give it away, what the problem?
Philip Patrick
Web-site: www.stpworks.com
"Two beer or not two beer?" Shakesbeer
|
|
|
|
|
|
|
The problem is that not every visitor may be an expert in sessions. For example you may have personal information in a session like 'this person is logged in'. A novice user may simply not realise that the number 'cookiless' mode puts in the url will give this away to someone else.
They may intend to give a link to an article, but end up giving away their session. How many web users even pay any attention at all to the url after the domain?
This is trivial to fix with a tiny bit of code.
It is not good enough to ignore this issue, unless you want to make an insecure site.
dog_spawn
http://www.hatekill.com[^]
|
|
|
|
|
|
|
So if you record the ip-address or host-name when the session is first started and compare this on each page request, would this be sufficient. i.e. if these elements do not match the original session_onstart data then terminate the session of both users and notify them with a custom error message stating that an ipaddress/hostname conflict was detected and for security reasons the session was terminated.
Would this be sufficient?
Regards,
Dave
htpp://www.dave-auld.net/
|
|
|
|
|
|
|
Correct.
You could put the value in the session state. The ip address is in the HttpRequest.UserHostAddress property.
However, I am not sure what happens when you have multiple people on internet connection sharing or similar. They have the same IP? I do not know anything about TCP/IP. Probably not an issue... ?
|
|
|
|
|
|
|
turning all cookies (1st, 3rd parts and session) off in ie still works.
?!?
here is the c# source i used:
<script language="C#" runat="server">
private void Application_OnPostRequestHandlerExecute(
Object Sender, EventArgs e)
{
CheckLoggedIn();
}
private void Session_Start(Object Sender, EventArgs e)
{
Session["Loggedin"] = "";
CheckLoggedIn();
}
private void CheckLoggedIn()
{
if(Session["LoggedIn"] == "" &&
Request.RawUrl.ToString().IndexOf("Login.aspx") == -1)
{
Response.Redirect("Login.aspx");
}
}
</script>
# THIS CODE AND INFORMATION ARE PROVIDED
# "AS IS" WITHOUT WARRANTY OF ANY
# KIND, EITHER EXPRESSED OR IMPLIED,
# INCLUDING BUT NOT LIMITED TO THE
# IMPLIED WARRANTIES OF MERCHANTABILITY
# AND/OR FITNESS FOR A PARTICULAR PURPOSE.
# http://www.lennybacon.com/
|
|
|
|
|
General 
News 
Suggestion 
Question 
Bug 
Answer 
Joke 
Rant 
Admin