|
at first i wanna say that your article helps me a lot. But i need just 1 more task: when the user close the browser, all the session must be cleared or deleted. So when they access the page again, they must re-login.
And btw is there anyway to increase the session time-out duration? thx
|
|
|
|
|
teeBozss, im happy to hear that my article helps you.
So , i read your questions and here are my answers.
I dont know how to catch the close browser event, so i have the same problem.
Second in order to increment the session time-out you have to write these lines over web.config file
<*sessionState timeout="XX"/*>
Without *s
XX are the numbers of minutes to session timeout.
I hope you cant works with these lines, and if you solve the first problem, please contact me and tell how you solve it.
keep Learning and you never will be out of date...
|
|
|
|
|
uh sry but i have to read the html source to see the code solving the session time-out problem. I don't know why i can't see them but thx for the tip
About the browser close event, most of ppl told me that we must use javascript to do that. But i don't think so. There must be a better way and I'll try my best to find out and contact u asap See you soon.
|
|
|
|
|
Hi Britney,
While closing the browser we can handle the events. Let say for instance we can use Page_Unload event. But here is one more question on it. For example any interrupt occur while surfing web page all of sudden if your system fails. Then your primary memory you will lost. After reboot of your machine again you are requested to reloagin again into the website. Because server won't remember your session id and all once machine is shutdown or reboot. What i am saying is wantedly if you want to close the web page we can handle the page_unload event. But, like above interrputions we can not do any thing.( there is no question of page_unload). If you find any another solution for it please let me know i too need to implement this concept in my stuff.
Thank you,
Aswattha.
|
|
|
|
|
I have a asp.net project.i have followed authentication mode="Forms"
forms name="NavinsForm" loginUrl="logon.aspx" protection="All" path="/" timeout="30"/
it is working fine.
but..i want to validate only few pages in my site.
suppose a.aspx it needs authentication (only login user can see)...but there is another page b.aspx it doesn't required any authentication(any user can see).
so what should i do.
Sujit
|
|
|
|
|
Hi, Sujit, the solution is simple, when you authenticate the user (Login) you must to create a session variable right there (Just for login user).
So, if you want to validate if the user have permit to see the page, you have to evaluate onto onload page if the session var is create.
Use these lines
To Create the session var
<br />
Session["name"]=value; Example: Session[cod_user]= 1;<br />
To Evaluate the session var
Onto Page_Load Event
<br />
try<br />
{<br />
string cod_user = Session["cod_user"].ToString();<br />
}<br />
catch(Exception)<br />
{<br />
Response.Redirect("access_deny.aspx");<br />
}<br />
Dont write the Evaluate sesion var code onto the shared pages.
It works, im using this code to solve these problem
keep Learning and you never will be out of date...
|
|
|
|
|
Its really good article for login template.New user can easily understand all these with images..
good one......thanx
Sujit
|
|
|
|
|
Thanx to recognize the other's effort
keep Learning and you never will be out of date...
|
|
|
|
|
I'm looking at implementing this code on my website but can't seem to find where you create the SQL table/columns to store the usernames/passwords in.
Help?
|
|
|
|
|
There is not a complicated sql scheme, its to simply.
<br />
users<br />
-----<br />
coduser int key<br />
iduser varchar<br />
passuser varchar<br />
nameuser varchar<br />
address varchar<br />
.<br />
.<br />
.<br />
.<br />
Where coduser is the table key(unique)
iduser is the user login name ex: (britney.morales)
passuser is the password
nameuser and the anothers fields are only information
keep Learning and you never will be out of date...
|
|
|
|
|
Thanks, I don't know why I didn't see that before.
|
|
|
|
|
its really gud for new user to understnad all these with images..
nice one......thanx
Jaimin Patel
|
|
|
|
|
|
This code helped me a lot!
G.Stanley
|
|
|
|
|
|
|
Sorry, i can gave you my email, if you have a problem to implement my examples, you can write right here at code project website.
keep Learning and you never will be out of date...
|
|
|
|
|
in this cood i use AccessDB i want to use SQLDB how i can transfer this cood using SQLDB??????please help me
Public Class addnewcontent
Inherits System.Web.UI.Page
#Region " Web Form Designer Generated Code "
'This call is required by the Web Form Designer.
<system.diagnostics.debuggerstepthrough()> Private Sub InitializeComponent()
End Sub
Protected WithEvents Label1 As System.Web.UI.WebControls.Label
Protected WithEvents Label2 As System.Web.UI.WebControls.Label
Protected WithEvents Label3 As System.Web.UI.WebControls.Label
Protected WithEvents Button1 As System.Web.UI.WebControls.Button
Protected WithEvents Button2 As System.Web.UI.WebControls.Button
Protected WithEvents txtTitle As System.Web.UI.WebControls.TextBox
Protected WithEvents txtContent As System.Web.UI.WebControls.TextBox
Protected WithEvents lblMsg As System.Web.UI.WebControls.Label
Protected WithEvents HyperLink1 As System.Web.UI.WebControls.HyperLink
'NOTE: The following placeholder declaration is required by the Web Form Designer.
'Do not delete or move it.
Private designerPlaceholderDeclaration As System.Object
Private Sub Page_Init(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles MyBase.Init
'CODEGEN: This method call is required by the Web Form Designer
'Do not modify it using the code editor.
InitializeComponent()
End Sub
#End Region
Private Sub Page_Load(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles MyBase.Load
'Put user code to initialize the page here
If Request.QueryString("id") <> "" And Not IsPostBack() Then
Dim cn As New OleDb.OleDbConnection
Dim cm As New OleDb.OleDbCommand
Dim dr As OleDb.OleDbDataReader
Try
cn.ConnectionString = ConfigurationSettings.AppSettings("ConnectionString")
cn.Open()
cm.Connection = cn
cm.CommandText = "Select * From Content Where id=" & Request.QueryString("id")
dr = cm.ExecuteReader()
dr.Read()
txtTitle.Text = dr.GetValue(1)
txtContent.Text = dr.GetValue(2)
Catch ex As Exception
lblMsg.Text = ex.Message
End Try
End If
End Sub
Private Sub Button2_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Button2.Click
Response.Redirect("index.aspx")
End Sub
Private Sub Button1_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Button1.Click
Dim cn As New OleDb.OleDbConnection
Dim cm As New OleDb.OleDbCommand
Dim title As String = txtTitle.Text
Dim content As String = txtContent.Text
Try
cn.ConnectionString = "Provider=Microsoft.JET.OLEDB.4.0; Data Source=C:\Inetpub\wwwroot\ASPNETDBAdminControl\database\data.mdb"
cn.Open()
cm.Connection = cn
If Request.QueryString("id") <> "" Then
cm.CommandText = "Update Content Set Title='" & title & "', content='" & content & "' " _
& "Where id=" & Request.QueryString("id")
lblMsg.Text = "Content Record is updated successfully"
Else
cm.CommandText = "Insert Into Content (title,content)" _
& " Values('" & title & "','" & content & "')"
lblMsg.Text = "Content Record is inserted successfully"
End If
cm.ExecuteNonQuery()
Catch ex As Exception
lblMsg.Text = ex.Message
End Try
End Sub
End Class
hi
|
|
|
|
|
In order to make a sqlserver Database connection, you must to create a string connection, and later, you can do your sql sentences y execute them throughout this connection.
Here a Example (C#)
you have to invoice this library
using System.Data.SqlClient;
Create the connection
"public SqlConnection myConnection = new SqlConnection("server='DATABASE_PCNAME';" +<br />
"User ID='DATABASE_USER'; Password='DATABASE_PASSWORD';Initial Catalog='DATABASENAME');
Now, you can execute any sql sentence over the database connection, here write my example:
string idAdmin = TextBox1.Text;<br />
string passAdmin = TextBox2.Text;<br />
<br />
string sql = "SELECT COUNT(id) FROM meta_user WHERE id = @param_Id AND pass = @param_Pass";<br />
SqlCommand commandSql = new SqlCommand(sql, myConnection);<br />
comandoSql.Parameters.AddWithValue("@param_Id", idAdmin);<br />
comandoSql.Parameters.AddWithValue("@param_Pass", passAdmin);<br />
myConnection.Open();<br />
int myResult = 0;<br />
myResult = (int)commandSql.ExecuteScalar();<br />
myConnection.Close();
I hope that this code will be useful for you
keep Learning and you never will be out of date...
|
|
|
|
|
Hola, Gracias por el posting, estaba a punto de tirar la toalla hasta cuando ví su artículo. . Los controles de Login de la versión 2.0 de ASP.NET se ven muy prácticos, pero soy de los que no me gusta usar cosas que no sé realmente qué es lo que hacen, siento que no tengo "control" sobre eso. En su artículo, la implementación es muy buena para realizar las autenticaciones y los logins, ya que ahora puedo utilizar mi propia base de datos para hacer las operaciones correspondientes. Yo soy desarrollador de aplicaciones Windows allí me las sé todas (bueno casi todas) pero no tengo mucho tiempo de estar aprendiendo ASP.NET, así que le tengo una pregunta...
Una vez autenticado el usuario como le haría para mantener la sesión? y determinar qué puede y qué no puede hacer el usuario. Por ejemplo (el ejemplo más común), en el caso de un Foro, que es lo que estoy haciendo (gracias a Dios, sólo me falta esto que le pregunto...) donde cualquiera entra y mira todos los threads y los post, pero no pueden hacer posting, ni siquiera modificar sus propios posts sin haber ingresado (logged in) al sitio con su cuenta. He tratado de hacerlo pero las referencias que he encontrado, en su mayoría me remiten a utilizar la herramienta de administración de sitios web, muy bonita por cierto, pero no me es rentable y no puedo usarla porque ella usa su propia base de datos y ya yo tengo definida, creada y poblada, mi propia base de datos, a/sí que me quedo en el aire.
Cualquier comentario, ayuda, susurro, chisme, etc... que me pueda brindar se lo agradeceré.
Muchas Bendiciones.
Nobody is more responsible for your acts than yourself...
|
|
|
|
|
Me complace mucho que te haya sido de ayuda mi articulo
Aqui va mi ayuda, espero te sirva....
Analizando tu caso lo que debes hacer es crear una tabla de roles, una tabla de permisos, y la relación de que los permisos que tienen los roles.
Una vez hecho esto, debes asignarle un rol a cada usuario.
Asi cada vez que el usuario se logee, creas una variable de session con el código del ROL DEL USUARIO, y cuando ingrese a un hilo, debes validar si el ROL QUE TIENE puede mirar los post del hilo, postear o de plano no ver nada.
PD:Para determinar si el thread pertenece a el, cada vez que el usuario cree un thread nuevo, debes guardar el código del usuario que creo el thread, en la tabla threads.
Ese es mi punto de vista, ojalá te de luces en tu problema...
keep Learning and you never will be out of date...
|
|
|
|
|
Saludos, de veras que me ha dado luces, las pruebas que realizé utilizando las variables de sesión dieron los resultados esperados. Ya queda de mi parte investigar sobre otros aspectos de seguridad, pero con la información que me proporcionó creo que ya puedo avanzar un poco más, muchísimo más diría yo. Soy nuevo en este sitio, pero tengo pensado colocar el proyecto como aporte en esta comunidad, una vez lo termine, o por lo menos parte de él, lo más "aportativo" (es decir lo que sea de mayor provecho... ). Muchas gracias por todo.
Bendiciones !!
Nobody is more responsible for your acts than yourself...
|
|
|
|
|
thank you for your program. But i can not download your program.
Alireza. M.S
|
|
|
|
|
Ar_momti, I didnt create a program to download, i wrote all the form sentences, and you have to follow step by step, all the lines form.
Keep going is not hard to recreate this example, and you learning will be better.
keep Learning and you never will be out of date...
|
|
|
|
|
I just came across this article and want to say it is very useful if you don't want to use the built-in membership database.
Thanks for your effort.
|
|
|
|