I've started to work with new ASP.Net Identity and I would like to know how does identity handle IsOnline ...? Does it have this option?
And another question using mvc 5 and identity, how do i best keep track of online ppl? Should i still use the old method when user closes the page and then js unload to set the the property in db to IsOnline to false?
But what if user has 2 instances or even 3 instances open of the website and navigates throught different pages, how can i still correctly and synced maintain the online / offline?
Maybe there is some sort of library for that or some new way of doing that? Maybe some helpful link ....
Thanks
By default identity doesn't have anything similar to IsOnline, so you would have to add this functionality yourself. You can probably do it with a combination of adding a lastActivity property for the user, along with extending UserManager and overriding all the methods you wish to consider the user being online to update this field. Alternatively you could just manually update the lastActivity where appropriate in your app, which might be easier.
Related
I am building an MVC4 app using razor, I have done many in the past but I want to roll some best practice in to this one in terms of dealing with variables.
The situation is that I have a logged in user (logged in meaning a windows authentication, with that user name matched to a user in my user table). That user comes with a set of profile options such as "canViewReports", "canEditPerson" etc etc.
Now, there are two prongs to those profile options. First is that my presentation layer needs to customise itself depending on what is presented to it. So profile 1 has canViewReport set to false so the tab for reports will be hidden. Profile 2 has it true so the tab will be shown.
The second prong is that if my savvy users type in /reports/index, I need to pick that up and block access for profile 1 but allow profile 2.
Ok, so at the moment I am using a base controller that is decorated with a [UserDataFilter], that user data filter calls a method that checks the current session for a set of keys and if they are missing assigns them. I put each of those profile options for the current user in to the session. I can then use the session variables in my presentation layer and also in code.
My concern is that that is messy looking in my code having to put this kind of thing everywhere:
(bool)session["canViewReports"] everywhere in my razor.
That lead me to try using the viewstart.cshtml and setting App variables in there that I can use in my razor a bit cleaner. In viewstart I set:
App.canViewReports = (bool)HttpContext.Current.Session["canViewReports"];
I can then just use App.canViewreports everyhwere in my views without too much trouble.
My questions are:
1) Is App.canViewReports for the entire application at an IIS level, or does each connection to IIS get its own pool of App. variables. The thing I want to avoid is the first user setting the variable and every other user that subsequently uses the application getting that value! (on different computers)
2) Is there a better way of doing this!!!
Many thanks
Iain
I would use User.IsInRole("canViewReports") in my razor logic to hide and show the menus item. If you build you menu in you layout you only need to do this once.
I would then further protect the action method by decorating the method with
[AuthorizeUser("canViewReports")]
You could create an ISessionService that stores the session information you need.In this way,you can implement it however you want and have full control over it.It could be retrieved easily via a DI container and it's easy to mock.
I will try to explain my situation and what I wanted to do. There is not any difficult and rare situation, but I can't find any relative questions or articles in internet.
I have created a web application on ASP.NET MVC 5. Users are not going to enter my application directly. Users will enter let's say to CentralInformationSystem.com. Then they must login to this website one of supported ways. After signing in, they will see a list of applications. There will be applications which has been allowed to use for the signed user. One of this applications will be my application which has developed in Asp.Net MVC.
And the main point is that our applications will not be opened in other tabs or in current tab and so on. Our application will be opened in a big iframe inside the current tab.
And other main point is our applications and CentralInformationSystem.com belong to other domains.
The other question of course is, how then I can now which user has signed in? And the answer is, CentralInformationSystem.com sends encrypted data with the query string to our web site. For example, the URL will look like that:
MyMvcApplication/Home/Index?Token=jkndid758adsai==qwdbqwiudhqwadoqidwqq=wqdiqw
Also keep in mind that they will always sent different tokens.
And after that, I will decrypt token and find to which user it belongs. Also keep in mind that, one Token can be used only once.
1. What type of application is my application?
User will enter very big form. It can actually take almost 3-4 hours. So, I have tried some-type of wizard logic. After entering some portion of datas, I will insert them to the database, get identifier from the database and store it somewhere and take the user to the next level and so on.
2. What I want to achieve?
I want to create such logic that, some identifier variables values must be stored in such place that never must be expired till the user closes browser or signing out. I don't want to increase session timeout to 5-6 hours.
3. What if user opens my application in more than one tab?
Alongside 2 I have also one problem, that user can open my website inside iframe more than one tab. I know that, in Asp.net we can differ session per each tab. But, I don't want to store datas in session, because user can stop filling forms after 20 minutes or 4 hours. Also, I cannot use cookie, because cookies will be same for all tabs.
My other option is, to inject hidden inputs with encrypted value to all views. But, I can't find how to automatically add these datas to each views. Also, it doesn't seem to me as most efficient way.
The other logic is to prevent user to open same application in more than one tab with differen tokens. But, don't how to achieve this also.
Additional:
I have read almost all articles and questions/answers. I know how to make it work. But, I want the best approach. Neither of my approaches are efficient.
Use your own concept of a persistent session that is identified by a hidden input on the page and does not expire, or at least does not expire for a very long time. Have all of your controllers derive from a single base controller and use the OnActionExecuted to add the session "key" to the ViewBag when the result is a ViewResult (you won't need it for partial views or JSON, etc). Every page can then access the ViewBag and create the hidden input - probably you want to use a partial view for this and simply include the partial on every page. Store the data associated with this session in the database.
I'm currently working on a website being developing using ASP.NET and C#. I'm fairly new to ASP and C# so I apologise if I'm making an obvious mistake. The website I am working on has a login page which displays relevant PDF files. The client now wants to rebuild that by only displaying certain PDF files to the end user depending on their role. I have looked into Role based. My problem is I have over 100 PDF files which need to be displayed. What would be the best approach for this? Where would I store the roles in my DB?
Shall I do something like
if(User.IsInRole("Management"))
{
//Do something
}
Thanks in advance for your help and support
You can use the built-in Membership- and Roleproviders (e.g. http://logcorner.wordpress.com/2013/08/29/how-to-configure-custom-membership-and-role-provider-using-asp-net-mvc4/) or customize/override any of these in case you don't want the standard-table structure these providers bring with them.
If you combine the two providers and use the "default" implementation you can actually do it like you suggested yourself in your question, without any further implementation. It would be just configuration in your web.config then.
You can then introduce new roles and user/role mappings in the tables, that ASP.NET automagically created for you in the DB.
Here is some example how to override them: http://www.codeproject.com/Articles/607392/Custom-Role-Providers
The solution is for a project in which changing all instances of Session[string] is not an option. My thoughts have been implementing the SessionStateStoreProviderBase. I understand that creating a class Session and having properties like Session.UserName would be a good idea.
Edit: The goal here is to turn off Sessions per user request, not application wide, without changing code in each aspx page.
First you need a way to tell a bot from a human apart.
When you're through, consider what do you want to achieve.
If you wish to disable Session to bots, then be sure it won't break you site. If a search engine bot gets a crashed page, it will index and rank it as such.
Set up your robots.txt file to direct (most) bots to a page of your choice, where you have control over session and other information. If you want free access to all pages, you have to put in code to distinguish bots by http header information - that's a research project in itself.
I'm wanting to create a user account creation section for unregistered users on our internet site. I want to ask the same questions as the CreateUserWizard control but have a few changes. I want the question to come from a question lookup table in SQL. The user will have a dropdown of available questions and I'll store the questionid they selected and the answer. Also, I want to store 1 other piece of data about the user (SSN).
My questions are:
1) Is forms based authentication an acceptable solution for this if using SSL?
2) Can I add additional columns (questionid and ssn) to the membership table or another table and how do I do that so I can save the info in the 'blessed' way? Will the solution have any negative effect if down the road I want to add password reset/recovery?
When adding columns, does it make sense to invoke Membership.CreateUser rather than using the CreateUserWizard?
Thanks!!
1) Yes it is. You can extend Membership with Profiles, and add any arbitrary fields you like
2) You can customize the CreateUserWizard a great deal, but behind the scenes it just ends up calling Membership.Create user. Personally, I would just roll my own (since it really isn't all that hard) unless you want to use the default wizard. But that is more personal preference then anything else.
NOTE: the link I provided for Profiles assumes you are using a WebSite project. If you are using Web Application projects, there are a few additional steps you can read about here.