There is a table that keeps a user's details. An admin can lock this user by setting the column called locked. Once the user is locked they cannot login. I am using The WebSecurity.Login to login. As of now I am letting the user to login, then it checks if they are not locked and if they are instead of home page they are redirected to locked page.
What is the best practice that I can use so that the user doesnt gets logged in, check the field and gets redirected. This is in MVC 4
Thanks in advance...
Maybe I misunderstand you.. but currently you have something like this:
Membership.LoginUser(userName, password);
if (CurrentUser.IsLocked) {
RedirectUser();
}
..can you not just replace it with something like this?:
var user = Membership.GetUser(userName, password);
if (user.IsLocked) {
Redirect();
}
else {
Membership.LoginUser(user);
}
... ?
Related
I dont do aspx at all so trying to work out this simple task.
I see the following code in some cs files which guess gets the current user and i assume this is a standard method in asp but might be wrong:
CS:
User user = (User)Context.Items["CurrentUser"];
I have tried things like this from other posts on here but maybe this system is different or the setup is different? again i dont know.
var currentUser = Membership.GetUser(User.Identity.Name);
string username = currentUser.UserName; //** get UserName
Guid userID = currentUser.ProviderUserKey; //** get user ID
Does anyone know how i can get the Name and User ID of the current user based on what is written above?
it depends on how you handle users in your website.
if you use the asp.net built in user management, then User.Identity.Name will get you the currently logged in username.
other stuff like (User)Context.Items["CurrentUser"] or (User)Session["myUser"] will get you the user which was saved in those places somewhere in your website.
you just need to start your way from the login page, and follow the functions to see how users are being handled in your website.
I have a application where to access the database user has to be in a session. When the user logs in, in browser he/she gets authenticated and session starts. Here is an example
[HttpPost]
[AllowAnonymous]
public ActionResult CustomLogin(LoginModel login)
{
using (var loginsSession = SoSession.Authenticate(login.Username, login.Password))
{
var x = 0;
}
return null;
}
Problem
Everytime user gets out of this controller's login function, the session expires.
If the user wants to access database again, I need to create new session but the problem is I don't know how to store the username and password so that I don't have to ask user to login again and again.
Is there some smart way to store username and password somewhere so that I can use it till the user logs out from the browser?
I'm not sure: You are using session in using (){} statement. When you get out of login controller, The using statement calls the Dispose method on the Session.
Hope this help.
Gooday, I would like to use the <Login> and <asp:CreateUserWizard > with sessions, is it possible?
I know how to check if the username and password textboxes from a Login control should trigger a session, it should be something like this:
TextBox userTextBox = (TextBox)Login1.FindControl("UserName");
TextBox userPassword = (TextBox)Login1.FindControl("Password");
if (User1.ConnAttempt(userTextBox.Text, userPassword.Text) == 1)
{
Session["User"] = userTextBox.Text;
}
The ConnAttempt method here is defined elsewhere and checks the Clients database table for the specified credentials, returning 1 if they exist.
But how does the system know to actually "log in" after the Login button is pressed?
I should mention I had roles and users configured previously through the Web Site Administration tool, which I am now trying to do without (get rid of) for various reasons, and I am unsure on how to do the transition quickest and most easily. Thanks a lot!
Anna
I was looking for the efficient way to track the logged users when using asp.net login control
if (!IsPostBack)
{
if (Membership.GetUser() != null)
{
var user = Membership.GetUser();
Session["user"] = user;
}
else
{
Session["user"] = "";
}
}
Any suggestions will be appreciated
why all this pain and why do you try to save it in the Session (which is user specific and not application specific), when you can simply get it from this object:
HttpContext.Current.User
check this one for details: How to get current user who's accessing an ASP.NET application?
You can get the user identity (if you're using asp.net forms membership) through:
HttpContext.Current.User.Identity.Name
On logging in, if the user is valid, use:
FormsAuthentication.SetAuthCookie(login.UserName, false);
rather than relying on Session to store user logged in state.
You can then check if a user is logged in by:
User.Identity.IsAuthenticated
And get their username doing:
User.Identity.Name
You can just simply use
User.Identity.Name
You can use User.Identity.Name
Please have a look at HttpContext.User Property
Description: i am user user1 (which is also the user of the app pool of sharepoint, so when i logon with user user1 it says welcome system account).
In my code, i want to test if a file is checked out by user 1, so the result of the following:
file.CheckedOutBy.LoginName.ToLower() == userName.ToLower())
is always false (which is not correct), CheckOutby value is (Sharepoint system) while username value is (user1).
How to resolve this?
Im using SP2010
You shouldn't use the user account which is used as a app pool account, because You will always see system account. In this case the best way is to change the app pool account to another which won't be used for another purposes.
Where does username come from?
Try this:
SPWeb web = SPContext.Current.Web; //get it from somewhere
if(file.CheckedOutBy == web.EnsureUser(username)) {
//do something
}
That should do the comparison on the SPUser.Id
Thanks all, this is how i solved it:
file.CheckedOutBy.LoginName.ToLower() == web.CurrentUser.LoginName.ToLower()
giving sharepoint\system on both sides, which was corrected.