Asp.net Mvc - Expose Built-in Security And User Management To A MVC Application?
Jul 23, 2009
I have built a MVC website on IIS6. I used the built-in ASP.NET Security without Membership, just the way it was implemented in the template solution. It is easy to secure a contoller or action, but now I need to expose the user management to an admin logged into the site. I understand that the builtin ASP controls for doing this are not "best practice" and are a dog to get working. So what is the best practice for offering user management through a ASP.NET MVC application?
I considered using the Entity Framework and wireing it up to the myriad of stored procs. but that seems awkward. I see options for AccountMembershipService and FormsAuthenticationService. That is what the existing project account controller uses. But, I am not fimilliar with either.I can't help but think that this should have already been there from the project template. This is a fundamental part of any website and you were given 15%, why not the rest?
What kind of security has to be built into the application if it is connecting to a remote database server, mail server, on the company network/over a WAN?
I'm creating a composite user control and trying to exposing the controls as properties so that I can databind them from the form that I drop the user control onto. One of the controls I'm trying to expose is a combobox and I can't seem to figure out how to expose this combobox to the designer. I'm trying the following code that I've cobbled together from what bits of documentation I can find but so far no joy.
<Category("Data"), Bindable(True), _ Browsable(True), EditorBrowsable(EditorBrowsableState.Always), _ DesignerSerializationVisibility(DesignerSerializationVisibility.Visible), _ AttributeProvider(GetType(IListSource))> _ Public Property RollbackCombo As ComboBox [Code] .....
at some points, I need to call the same method on those controls (ex. user presses the clear button on the big control, I want to call the clear f(x) on each of the controls)I thought to toss the controls in a collection, and then be able to handle them something like this: nextturns out, and I should have realized, methods and properties of controls are not exposed when treated this way. The only thing that can be seen is the stuff that the base class (control, I guess) has.
I have a simple user control which wraps some logic around an AutoCompleteBox. This question could apply to any ItemsControl control like a dropdown or listbox though.
I'm looking for a template or starter kit of sorts that has user management and roll manage allready built in.I would like to use this to restrict certain windows forms based on rolls?I've done a google search, and founds tons and tons of stuff for asp, but nothing for windows forms.
I had an idea to embed a PDF document into my application somehow.The PDF is a copy of the user manual. I expect that the file will be around 20 KB. This way, if people don't distribute the PDF with my app, they can extract it whenever they need to.
i have created a project in asp.net.now i want to implement asp.net administration tool in my project for user management.The tool works fine in a website ,but in a project it does not work.
I've been trying to develop a VB application which retrieves a lot of information from an XML file on our secure intranet. So far I've been using...
Dim request As WebRequest = WebRequest.Create(xmlUrl) request.Credentials = New NetworkCredential(username, password) Dim response As WebResponse = request.GetResponse() Dim str As Stream = response.GetResponseStream()
Where username and password are predefined. What I need is a way of utilising the Windows credential manager to handle this. Ideally, I like it to pop up a credential prompt at application start, and then store the credentials for later use. So far so easy, but I want to be able to use the tick box to save the credentials back to the store, so taht next time the application is used, they are already filled in.
So far I've been investigating the CredentialsDemo from MSDN, but have been unable to adapt the routines to a web request from the given example of a SQL request. In fact I've not even been able to get the demo working adapting it to my own SQL server!It utilises the CredUIPromptForCredentials function. Is this the right way to go? Or am I barking up the wrong tree?
I try to create a form that managing the access level of user management system.The model I use is the following :I create a connection to database I create a DataAdapter to transfer the data from the database I create a Dataset to hold my data My form consists of the following :A ListBox that list all the access level namesThree text boxes: the first for the record ID The second for the access level name And the third for the discription of the access level Five check boxes:One for writing rights One for the deleting rights One for the Updating rights One for Printing rights And one for Special area access rightsSo what i do is the following :I create a connection string I create a new connection to my database server I create the DataAdapter I initializing the DataAdapter command such as SelectCommand, DeleteCommand, e.t.c.I fill my DataSet with the data DataAdapter get from DataBase I binding my controls to DataSet I setting the DataSource property of the ListBox to my DataSet I setting the DisplayMember to the ACCL_NAME column of the DataTable inside the DataSet I setting the ValueMember to ACCL_ID column of the DataTable inside the DataSetUntil this time all are fine ! ! !The question is :When i try to add a new row to dataset by using the following code i have a problem :
Dim newRow As DataRow = Dataset.Tables("TableName").NewRow newRow("COLUMN_NAME") = Binded Control Value DataSet.Tables("TableName").Rows.Add(newRow)
I'm trying to update a data user using vb.net2008 and sql server management studio express for my backend. the error says "must declare the scalar variable "@username"
Here's the code .
Private Sub btnupdate_Click(ByVal sender As System.Object, ByVal e As System.EventArgs)Handles btnupdate.Click Dim connstring = New SqlClient.SqlConnection("Data Source=MISD-
I am writting an application in VB 2008. The application will reside on a 'Manufacturing Workstaion'. The workstation is assigned a user ID of Prodxx. Once the workstation is booted up and the application is running the 'Operator" must login to the application. The users who login to the app must have a valid account on the domain. I need to validate the individual users against the domain security. Many Users will login and logout during the day.
i need advise regarding user security on the network i am unable explain my need , because it won't visualize much hence i attached the graphical representation here kindly find it
I am trying to construct a data management application for work. I had this working fairly well then moved over to VS 2008. When I am submitting my data via the button it is giving me a null exception error on the call sub.. Here is the code.[code....]
I wish to build and display a simple diagram that is built from data entered by the user. Because I can't post a picture of the types of diagrams here I'll use the following example. Image a picture of a house as a child might draw it a large square, with a triangle for a roof, a rectangle for a door, and two smaller squares for windows. Now I want to build an application that lets the user enter data and change that drawing according. For example, by entering the length and height of the house the size changes, change the number of windows, size of the door or height of the roof.
Now this may seem like a useless application but keep in mind the house is just an example the real purpose is different but should be as simply drawn. I'm looking for suggestions on make this work. Should I use a paint? or is something like this better done with a tie into the Visio references?
Is it possible for a VB.NET web application to check the user's Windows security group and behave differently accordingly?I'd like to disable a certain bit of functionality if the user does not belong to a specific windows group.I've tried using the Microsoft code at url... but get the error "Reference to a non-shared member requires an object reference" on the "irc = WindowsIdentity.Groups" line (I have imported all the required namespaces).Does anyone know if it's possible to get the user's security group?
I want to use the Windows built-in OSK in a touch application I am creating. I found this link to a class that allows one to manage the size & location of the OSK. However, when I run it in my project all I get is a big blue bar at the bottom of the screen, with no keys being displayed. Here is the code from that link:
Imports System.Runtime.InteropServices Public Class ClKeyboard #Region "Constants"
I changed default form icon in VB 2010. It worked perfect. But I re-changed this icon (form's icon property) to another icon, and when I debug or built the application it is still showing the old icon, through it shows it perfectly in design mode... What is the problem?
I'm working on a Windows Forms Application. I use a Label with a special font I selected. I would like to see this font on another Windows system where the font doesn't installed. So, how can I build-in my font to the application?
I need to have the ability to have a Global variable/class that stores some basic information about the currently logged in user including that user's preferences, security rights, UserID, etc. This information will be needed by any/every part of my application. In the past I have either used a Public variable/class in a vb.net module for this purpose. I'm trying to get away from my old ways of doing things and was curious what people currently do for this functionality.
I am thinking a singleton or 2 regarding preferences and security but am not sure if that is the best way to go.
EDIT: I asked this when I was too sleepy last night. This is an n-Tier WinForms application.
I have an application which I've developed which queries Active Directory information and stores about 15 properties into a Datatable which is kept in memory. I need to decrease the amount of "Commit" memory it is setting aside. The application stays active in the system tray and allows for quick searching of information along with pictures for users. I have a class, which is able keep memory usage down pretty low. It runs on a timer every 10 seconds and listed below:
Is it possible to immediately use code that is built in a dynamically built assembly?I would like to create an instance of an ENUM built using.http:[url]......
I want to use PKI public and private encryption for authentication to allow for a more streamlined and secure application access control system. Any help in the generation of certificate and authentication will be useful. One more question, can i use System.Security.Cryptography.X509Certificates class for the same?
I am creating a VB.NET application for a Calculus class as a little side-project. It requires user profiles that are saved locally in the program's main files. I am using 2 separate classes to access the user profiles right now.
The first class is called Config and it is used to manipulate the basic config file which contains lesson document paths, settings, and user profile names.
The second class is called User and it is used to load up user profiles from a profile directory where user data is saved in separate text files.
The Config class retrieves the user names, and user profile text file paths. This text file path is then handed off to a User object that can then load up and interpret the file.
how should I format the config file and user files so they are secure enough that someone can not easily retrieve or manipulate data?
Here is a sample of how I am reading the text files:
Dim userList() As String = {Nothing} If My.Computer.FileSystem.FileExists(configPath + "config.cfg") Then Using MyReader As New Microsoft.VisualBasic.FileIO.TextFieldParser(configPath + "config.cfg")
[Code]....
The problem isn't reading the text file, I am just not sure how to make it secure. I was thinking about first parsing the entire file to translate it from 'encrypted' to text, and then save it as a temporary file which I would pass off to the above code, then delete the file immediately afterward. As for 'encrypting' (is that the right word for this?) the file, I could maybe bit-shift each character using a key that I would save at the beginning of the file.
I am developing and application in vb.net winxp+ (windows xp upwards). The application has to receive backup data from clients software located at different pc over the Internet. but am concerned about security of this application on the Internet. what would be the best way to implement security in vb.net 2008 to make sure that the data is not sniffed or interfere with?
am thinking of encrypting the data before sending, saving it that way until it need to be viewed before decrypting. what type of encryption would you suggest? Is there any other way you would suggest this data be sent?
