The Intranet was done with forms authentication and stored in a SQL database. how I go about (if possible) authenticating a login in a vb.net project that queries the user settings from the ASP.Net database that was created on the SQL server for the forms Authentication.
View 5 RepliesI am using Forms Based Authentication I have extended the Forms Authentication Tables creating a custom table called Profile_Contact that holds the user's GUID, username, email address, and other information. I have another table called Profile_Account which holds company account information such as Company Name, address info, phone numbers etc. This table has a Key Field called IDProfileAccount.
[Code]...
I'm writing an internal web application right now (with ASP.Net Web Forms), and it presents an odd problem. I have to be able to impersonate the currently logged in windows user, and execute a command based on their Windows Authentication to log in.. AND ... if they don't have Windows Authentication set up in the application I have to use to log them in, I have to be able to accept a user name and password. I also have to write the application in .Net 4.0, and secure it as much as possible. I got this to work by NOT utilizing Windows Authentication or Forms Authentication in the web.config, and instead setting session variables to guard against user accessing pages in the web app other that the log in. I did this by creating an oddly name session variable with a value based on their user name (windows auth or not), and then a secret session variable. The secret variable is in the web.config as a 256bit encrypted string, in which I decrypt, and set as the session secret. In order for the page to load, the first session variable can't be blank, and the second variable has to equal the decrypted key value... if the variables don't pass inspection, it redirects them to the login page. I set this up on every page, generic handler, and webservice method in the web app. I make the session timeout after a few minutes of no activity, and on log out, I set all session variables to nothing, and expire all cookies. (I also disable all cache).
My question is... Does this offer comparable security to that of Forms authentication? I have always used Forms authentication, but can't use it here. If I did, the users would have to reconfigure settings in IIS and in he web.config to toggle login procedures (From my knowledge, you can't use both Forms authentication, and windows authentication to manage the security of your pages and other web resources). With the method described above, I can accomplish the best of both worlds, but am curious about the security of my methods. Is there anything else I can implement here to assure the utmost security other that using forms authentication? Is it possible to accomplish the same level of security of Forms authentication without using it?
If I wanted to make sure that AUTHENTICATED users were denied access to Enroll.aspx and UNAUTHENTICATED users had access how should my "allow/deny users" tags be set in the web.config?[code]......
View 2 RepliesI have an issue with my .NET application and it can only be reproduced sometimes and only on client's location, which makes it extremely difficult to resolve. In the application the forms authentication is used. There is a login page to which every anonymous user is redirected. After user enters username and password, it redirects to DefaultURL or some predefined page. The problem is that sometimes when user enters correct username and password, it doesn't login, instead it just refreshes the login page without any error messages. After several tries of inputing username and password, user is able to login to the system.
See my login page Submit_Click code below:
Dim userName As String = tbUsername.Text
Dim password As String = tbPassword.Text
Dim returnUrl As String = Request("returnUrl")
[code]....
We have an application in Access for UI and MS Sql server as Database server. We now decided to build a new application in web application for UI. This web application is only used by the employees who work for the company. But later we decided to host this web application on outside server. So the user (from this company only.) can able to login anywhere in the world. First I thought creating the web application using 'windows' authentication thinking we may be using it as an intranet web application. But now my manager asked me to use both 'Forms' and as well as 'Windows' for using this application and this web application will be hosted on outside server. I really don't catch his point of using both types of authentication.
View 1 RepliesI am reading the article at: [URL].. Forms Authentication in ASP.NET 2.0". I am using VS 2008 and .Net Framework 3.5. I don't know if this makes a difference, so please let me know.
A user logs on to our system in the morning Based on their Windows Authentication, they can access several intranet applications. For a particular application, the user has to select their Organization or Position or Location.
Based on the user's Windows Authentication, once the user selects one of the three above and clicks a "Submit" button, a second page is launched that shows certain information about the selection based on the User's authentication.
For example, if User selects Organization, the following information will be returned based on the Organization THEY are a member of. They can not access information from OTHER organizations, ONLY their own based on their login credentials. This information returned as a result of the dropdownlist selected value includes: street address, city, state, zipcode, Bus. Unit #, etc. appears in labels on the second page.
The labels can be dynamically created at runtime. (I dont know if a User control can be created to do this, since the "Position" and "Location" will contain the same address information, and it doesn't matter at the moment). I just want to populate the labels on the second page (or on Postback) based on the User's log in credentials after they click the "Submit" button. Or, if they don't have to click a button, just have the information complete based on the selected value of the dropdownlist control.
[Code] When I run this on my visual studio 2008 dev server it runs fine and works well. When I publish to IIS I always get Http 403 Forbidden Errors when trying to access any page on the site. There is 1 folder within my site that should be login protected called 'administration'.
View 2 Repliesas topic, i need to send an e-mail without outgoing authentication becouse server hasn't outgoing authentication.. how i can do this??
View 1 RepliesMy organisation has re-created some SQL test databases, and only enabled Windows Authentication -no problemThey have then created a local accounts on the server, and given them read or write rights to the database.How can i connect to the database in visual basic. I can't use SQL authentication as there is no account,and i can't use windows authentication as only one account has read rights ont the databse. I have tried an sql connection string
myConnection = New SqlConnection("Server=<servername>;Database=<databasename>;UID=<servername><serveraccount>;PWD=<password>"
and it doesn't work. I'm starting to thing our entire SQL authentication model is wrong!
I am trying to create a login authentication using the values from SQL database but when i try to login i get the follwing message."value cannot be null. Parameter name: dataset". [code]
View 2 RepliesI want to use windows authentication in my vb.net application rather than validating against Database. Is there any possiblitiies or APIs that allows me to use Windows authentication? I have user id and passoword text boxes. Once user entered the userid and password, it should validate again Windows authentication.
View 1 RepliesI have a database (using Microsoft SQL Server Management Studio Express) that is currently being used quite heavily in a functioning application. I am porting this application over to Windows Authentication rather than the current basic authentication system (or lack thereof) that exists.The easiest way that I know to set this up involves using the aspnet_reegsql.exe file to set up some tables for me. This obviously creates its basic tables, such as dbo.aspnet_Roles, dbo.aspnet_Users and dbo.aspnet_UsersInRoles.In the current database, there exist tables named dbo.Users, dbo.UserRole, and dbo.UserRoleMapping. Many of the stored procedures that are written currently for this database rely on these tables.
View 1 RepliesWhere is a good VB.NET tutorial where I can have a username box and a password box and it checks in the database if it's there and if it is then another form will show?
View 2 RepliesI have an application, I want to connect my database in SOL Server Authentication mode(mixed mode), Hence When I connecting my database through connection string. then what parameter to be passed or what to be checked.
View 1 RepliesI am trying to follow an example in the VB 2010 book and the author has set up the local server using a named instance of SQLEXPRESS and uses mixed mode authentication with a sa login and wrox as the password the code is then
[code]...
I am using the Express server initially set up for windows authentication (pubs is one of 6 databases on it) but no matter what I seem to try I can not connect
[code]...
I have developed some software(vb.net) that records fees paid by the students. The purpose is that the database should be stored in a server, which can be accessed from any stations linked with it.This is working fine with a network of 10 computers. I need to publish it over the net so people could do this job logging in over internet. Database (access database) should be stored on a web based server.
View 1 Replieshow do I refer to a panel. i,e. i have 5 panels in total, and based on specific inputs , i want changes to occur in specific panels(each stored in a tab). So, now how do i give the control to the rspective panel ??
View 1 RepliesI am new to VB.net and I am trying to work out an exercise from a book I am reading on VB. Basically I am storing some book information in a hashtable using a class called Book to store the book information. I am trying to work out my Search and Display All procedures. My Search will work for the first value in my arraylist but not for any other values. I even added the ISBN to my book class to try and use this as a search point. The ISBN is used to pull the item from the hashtable as well.
In the main code I am having problems with the ButtonSearch and ButtonAll.
[Code]...
I have the following sub in a windows form:
Private Sub BTNC_storeclientdata_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles BTNC_storeclientdata.Click
' Update Clientdata[code].....
This performs an update in the SQL Database via a stored procedure. When I add '; insert into codeinjection(test) values ('CodeInjected!'); select ' in the last textbox (TBC_phone.Text) the value 'codeinjdected' is inserted into the table codeinjection as well. How can I avoid this?
I am working with Vb.net and have a form with a combo Box. On load the form is loaded with one of the following details depending on what is stored in the database; Cancelled, Processed and Failed. [code] Then I have an update button and when the user drops down the list he/she can select between Cancelled/Processed/Failed. I want to be able to grey out or disable Processed and Failed, so that when the user updates the field he/she can ONLY update with the Cancelled option ONLY.
View 7 Repliesive made changes to my data stored in the database for a login i.e. ive changed the password that is stored in the database however for my application to continue the previous password still has to be used does anybody know why and how to change this, this also is the case for new entry's in the database i.e. new users. I also had an update button that also no longer works i think this is because of the same problem. I think the problem is that its saving the data changes from the update to the data set and not the database its self can this be changed?
View 4 RepliesI am working on login and registration page in vb express 2010. I have connected access 2007 database with my project and when I register as a user, it stores information to the database successfully and I can log in with that id as well. But when I close that project and reopen it, the same exact id won't work and the information in the database disappears.
View 1 RepliesI am attempting to create a tier application. Im wondering which approach would be better to take on. Should i have stored procedures on the database and then call these from my Data Access Layer (this is when you right click your dataset and add a table adapter, select existing stored procedures or create the entire query in my Dataset under TableAdapter?
My reason for asking is because my Stored procedures are created to insert and update in one command (by using an If statement), but saw the other approach recently. Any reason for one over the other?
I have a requirement for a form where user can add a list of 'documents'. These could be word, excel, images etc... pretty much anything. They want a form where they use the openfiledialog to locate the document and then want the list of documents stored on a database.
However, when they view this form they want a preview of all of the listed documents and the ability to print them all. I was considering a datagrid view with image cells but how would I show a word document in there? Or, should I insist that they convert all documents to PDF's?
I am making a login with the database stored in MYSQL and for some reson when i press login i get a error on this line
CODE:
Is there a function or something that is built into VB.NET so that when I save a text field (of a user's input), malicious code isn't being executed in the process.
View 2 RepliesI am developing an application that runs on a network. It needs to contact to database (access database) very very often, which is stored in server. Around 30 Client computers contact the database almost every 2-3 seconds. I need to know could there be potential manifest problem in with the application? Could there will be a problem if database is being updated by one client, at the same time other client contacts it?
View 3 Repliesim trying to read a database that is online. My goal is to be able to store a database online, and be able to edit it through my application and the web (the web part is done). all that remains is the application.
View 5 RepliesWe are trying to retrieve PDF files stored in a SQL Database. We want to display them on a web page. We are using VB and ASP Code within Visual Studio 2008. We have found snippets of code, but because we are new it does not make sense to us. We are looking for infomation on how to retrieve the PDF from the database and either display directly to a web page, or write the information to a Temporary PDF file we can delete later.
View 1 Replies