mathieu_cupryk
asked on
need to add an administrator page or site.
I need to add an administrator site for login
I can create an admin directory
and have a default page,
how can I modify the web.config to do this
if I have this
<authentication mode="Forms">
<forms loginUrl="Login.aspx" defaultUrl="UserProfile.as px" slidingExpiration="false"/ >
</authentication>
<authorization>
<allow users="*" />
<deny users="?" />
</authorization>
How can I point my admin to another page.
I can create an admin directory
and have a default page,
how can I modify the web.config to do this
if I have this
<authentication mode="Forms">
<forms loginUrl="Login.aspx" defaultUrl="UserProfile.as
</authentication>
<authorization>
<allow users="*" />
<deny users="?" />
</authorization>
How can I point my admin to another page.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
<?xml version="1.0" encoding="utf-8"?>
<configuration xmlns="http://schemas.microsoft.com/.NetConfiguration/v2.0">
<system.web>
<authorization>
<allow roles="Admin" />
<deny users="*" />
</authorization>
</system.web>
<location path="Default.aspx">
<system.web>
<authorization>
<allow roles="Administrators,Edit ors,Contri butors,Mod erators,St oreKeepers " />
<deny users="*" />
</authorization>
</system.web>
</location>
</configuration>
this is my webconfig in the admin folder needs fixing.
I am not sure right now the site goes to default.aspx page
and in the behind code I do a redirect response to login.aspx page
in my case if the user's credit. are ok then goto userprofile.aspx
this implies we must put this in admin folder?
<configuration xmlns="http://schemas.microsoft.com/.NetConfiguration/v2.0">
<system.web>
<authorization>
<allow roles="Admin" />
<deny users="*" />
</authorization>
</system.web>
<location path="Default.aspx">
<system.web>
<authorization>
<allow roles="Administrators,Edit
<deny users="*" />
</authorization>
</system.web>
</location>
</configuration>
this is my webconfig in the admin folder needs fixing.
I am not sure right now the site goes to default.aspx page
and in the behind code I do a redirect response to login.aspx page
in my case if the user's credit. are ok then goto userprofile.aspx
this implies we must put this in admin folder?
ASKER
this is what i have in my page
<div id="loginbox">
<asp:LoginView ID="LoginView1" runat="server">
<AnonymousTemplate>
<asp:Login ID="LoginStatus" runat="server" Height="31px" width="100%" FailureAction="RedirectToL oginPage"
onloggedin="LoginStatus_Lo ggedIn" onloggingin="LoginStatus_L oggingIn">
<LayoutTemplate>
<table border="0" cellpadding="0" cellspacing="0" width="100%">
<tr>
<td nowrap="nowrap" width="25%">
<asp:Label runat="server" ID="lblUserName" AssociatedControlID="UserN ame" Text="Username:" />
<asp:TextBox id="UserName" runat="server" BorderColor="DarkGray"
BorderStyle="Inset" BorderWidth="2px" Width="125px" />
</td>
<td width="8px" style="text-align: left;" valign="middle">
<asp:RequiredFieldValidato r ID="valRequireUserName" runat="server" SetFocusOnError="True"
ControlToValidate="UserNam e" Text="*" ValidationGroup="Login"
Font-Bold="True" />
</td>
<td nowrap="nowrap" width="25%">
<asp:Label ID="lblPassword" runat="server" AssociatedControlID="Passw ord" Text="Password:" />
<asp:TextBox ID="Password" runat="server" TextMode="Password"
BorderColor="DarkGray" BorderStyle="Inset" BorderWidth="2px"
Width="125px" />
</td>
<td width="8px" style="text-align: left;" valign="middle">
<asp:RequiredFieldValidato r ID="valRequirePassword" runat="server"
ControlToValidate="Passwor d" SetFocusOnError="True" Text="*"
ValidationGroup="Login" Font-Bold="True" />
</td>
<td width="25%">
<asp:Button CssClass="button-login" validationgroup="Login"
CommandName="Login" ID="btnLogin"
runat="server" Text="Login" Font-Bold="True" />
</td>
</tr>
<tr>
<td width="100%" colspan="5" style="text-align: right;">
<asp:CheckBox ID="RememberMe" runat="server" ForeColor="DarkSlateGray"
Text="Remember me" />
| <asp:HyperLink ID="lnkRegister" runat="server" NavigateUrl="~/Register.as px">Create New Account
</asp:HyperLink>
| <asp:HyperLink ID="lnkPasswordRecovery" runat="server"
NavigateUrl="~/PasswordRec overy.aspx ">Forgot
password?</asp:HyperLink>
</td>
</tr>
<tr>
<td width="100%" colspan="5" style="text-align: right;">
<br />
<asp:Literal ID="FailureText" runat="server" EnableViewState="False"></ asp:Litera l>
<input type="text" class="value" name="theTime" size="25" readonly="readonly" style="border: 0px;">
</td>
</tr>
</table>
</LayoutTemplate>
</asp:Login>
</AnonymousTemplate>
<LoggedInTemplate>
<div id="welcomebox">
<asp:LoginName ID="LoginName1" runat="server" FormatString="Welcome {0}" />
<asp:Button CssClass="button-login" ID="btnLogout" runat="server" Text="Logout" Font-Bold="True"
OnClick="btnLogout_Click" /><br />
<input type="text" class="value" name="theTime" size="25" readonly="readonly" style="border: 0px;">
</div>
</LoggedInTemplate>
</asp:LoginView>
</div>
<div id="loginbox">
<asp:LoginView ID="LoginView1" runat="server">
<AnonymousTemplate>
<asp:Login ID="LoginStatus" runat="server" Height="31px" width="100%" FailureAction="RedirectToL
onloggedin="LoginStatus_Lo
<LayoutTemplate>
<table border="0" cellpadding="0" cellspacing="0" width="100%">
<tr>
<td nowrap="nowrap" width="25%">
<asp:Label runat="server" ID="lblUserName" AssociatedControlID="UserN
<asp:TextBox id="UserName" runat="server" BorderColor="DarkGray"
BorderStyle="Inset" BorderWidth="2px" Width="125px" />
</td>
<td width="8px" style="text-align: left;" valign="middle">
<asp:RequiredFieldValidato
ControlToValidate="UserNam
Font-Bold="True" />
</td>
<td nowrap="nowrap" width="25%">
<asp:Label ID="lblPassword" runat="server" AssociatedControlID="Passw
<asp:TextBox ID="Password" runat="server" TextMode="Password"
BorderColor="DarkGray" BorderStyle="Inset" BorderWidth="2px"
Width="125px" />
</td>
<td width="8px" style="text-align: left;" valign="middle">
<asp:RequiredFieldValidato
ControlToValidate="Passwor
ValidationGroup="Login" Font-Bold="True" />
</td>
<td width="25%">
<asp:Button CssClass="button-login" validationgroup="Login"
CommandName="Login" ID="btnLogin"
runat="server" Text="Login" Font-Bold="True" />
</td>
</tr>
<tr>
<td width="100%" colspan="5" style="text-align: right;">
<asp:CheckBox ID="RememberMe" runat="server" ForeColor="DarkSlateGray"
Text="Remember me" />
| <asp:HyperLink ID="lnkRegister" runat="server" NavigateUrl="~/Register.as
</asp:HyperLink>
| <asp:HyperLink ID="lnkPasswordRecovery" runat="server"
NavigateUrl="~/PasswordRec
password?</asp:HyperLink>
</td>
</tr>
<tr>
<td width="100%" colspan="5" style="text-align: right;">
<br />
<asp:Literal ID="FailureText" runat="server" EnableViewState="False"></
<input type="text" class="value" name="theTime" size="25" readonly="readonly" style="border: 0px;">
</td>
</tr>
</table>
</LayoutTemplate>
</asp:Login>
</AnonymousTemplate>
<LoggedInTemplate>
<div id="welcomebox">
<asp:LoginName ID="LoginName1" runat="server" FormatString="Welcome {0}" />
<asp:Button CssClass="button-login" ID="btnLogout" runat="server" Text="Logout" Font-Bold="True"
OnClick="btnLogout_Click" /><br />
<input type="text" class="value" name="theTime" size="25" readonly="readonly" style="border: 0px;">
</div>
</LoggedInTemplate>
</asp:LoginView>
</div>
ASKER
this is the behind
using System;
using System.Collections;
using System.Configuration;
using System.Data;
using System.Web;
using System.Web.Caching;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.HtmlControls ;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls. WebParts;
using System.Globalization;
using System.Collections.Generic ;
public partial class Controls_Login : System.Web.UI.UserControl
{
protected MembershipUser loginUser;
protected void Page_Load(object sender, EventArgs e)
{
if (!this.IsPostBack)
{
// Search recursively for a Login control, called LoginStatus
// starting from within the Page object.
System.Web.UI.WebControls. Login curLogin = FindControl<System.Web.UI. WebControl s.Login>(t his, "LoginStatus");
// You still should check whether you got something back!
if (curLogin != null)
this.Page.SetFocus(curLogi n.FindCont rol("UserN ame"));
}
}
// Search recursively a control sub-tree for a specific control.
// It searches every control in the sub-tree, so it potentially
// could be optimized to search only, say, INamingContainers.
public T FindControl<T>(string id) where T : Control
{
return FindControl<T>(Page, id);
}
public static T FindControl<T>(Control startingControl, string id) where T : Control
{
T found = null;
foreach (Control activeControl in startingControl.Controls)
{
found = activeControl as T;
if (found == null)
{
found = FindControl<T>(activeContr ol, id);
}
else if (string.Compare(id, found.ID, true) != 0)
{
found = null;
}
if (found != null)
{
break;
}
}
return found;
}
protected void btnLogout_Click(object sender, System.EventArgs e)
{
MembershipUser mu = Membership.GetUser();
mu.Comment = String.Empty;
Membership.UpdateUser(mu);
FormsAuthentication.SignOu t();
FormsAuthentication.Redire ctToLoginP age();
}
protected void LoginStatus_LoggedIn(objec t sender, EventArgs e)
{
if (loginUser == null)
{
Login lgnMain = ((Login)LoginView1.FindCon trol("Logi nStatus")) ;
string username = lgnMain.UserName;
loginUser = Membership.GetUser(usernam e);
}
//represents the active login session
Guid g = System.Guid.NewGuid();
HttpCookie c = Response.Cookies[FormsAuth entication .FormsCook ieName];
FormsAuthenticationTicket ft = FormsAuthentication.Decryp t(c.Value) ;
//Generate a new ticket that includes the login session ID
FormsAuthenticationTicket ftNew = new FormsAuthenticationTicket(
ft.Version,
ft.Name,
ft.IssueDate,
ft.Expiration,
ft.IsPersistent,
g.ToString(),
ft.CookiePath);
//Store the expiration date and login session ID in Membership
loginUser.Comment = "LoginExpiration;" + ft.Expiration.ToString() + "|LoginSessionID;" + g.ToString();
Membership.UpdateUser(logi nUser);
//Re-issue the updated forms authentication ticket
Response.Cookies.Remove(Fo rmsAuthent ication.Fo rmsCookieN ame);
//Basically clone the original cookie except for the payload
HttpCookie newAuthCookie = new HttpCookie(
FormsAuthentication.FormsC ookieName,
FormsAuthentication.Encryp t(ftNew));
//Re-use the cookie settings from forms authentication
newAuthCookie.HttpOnly = c.HttpOnly;
newAuthCookie.Path = c.Path;
newAuthCookie.Secure = c.Secure;
newAuthCookie.Domain = c.Domain;
newAuthCookie.Expires = c.Expires;
//And set it back in the response
Response.Cookies.Add(newAu thCookie);
}
protected void LoginStatus_LoggingIn(obje ct sender, LoginCancelEventArgs e)
{
if (loginUser == null)
{
Login lgnMain = ((Login)LoginView1.FindCon trol("Logi nStatus")) ;
string username = lgnMain.UserName;
loginUser = Membership.GetUser(usernam e);
}
//Only need to check if the user instance already has login information
//stored in the Comment field.
if ((!MembershipUser.Equals(l oginUser, null)) &&
(!String.IsNullOrEmpty(log inUser.Com ment)) &&
loginUser.Comment.Contains ("LoginExp iration"))
{
string currentExpirationString = loginUser.Comment.Split("| ".ToCharAr ray())[0];
DateTime currentExpiration = DateTime.Parse((currentExp irationStr ing.Split( ";".ToChar Array()))[ 1]);
//The user was logged in at some point previously and the login is still
//valid
if (DateTime.Now <= currentExpiration)
{
e.Cancel = true;
Literal tx = (Literal)LoginView1.FindCo ntrol("Fai lureText") ;
ScriptManager.RegisterStar tupScript( this.Page, this.GetType(), "message", "alert('You are already logged in.');", true);
}
}
}
}
using System;
using System.Collections;
using System.Configuration;
using System.Data;
using System.Web;
using System.Web.Caching;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.HtmlControls
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.
using System.Globalization;
using System.Collections.Generic
public partial class Controls_Login : System.Web.UI.UserControl
{
protected MembershipUser loginUser;
protected void Page_Load(object sender, EventArgs e)
{
if (!this.IsPostBack)
{
// Search recursively for a Login control, called LoginStatus
// starting from within the Page object.
System.Web.UI.WebControls.
// You still should check whether you got something back!
if (curLogin != null)
this.Page.SetFocus(curLogi
}
}
// Search recursively a control sub-tree for a specific control.
// It searches every control in the sub-tree, so it potentially
// could be optimized to search only, say, INamingContainers.
public T FindControl<T>(string id) where T : Control
{
return FindControl<T>(Page, id);
}
public static T FindControl<T>(Control startingControl, string id) where T : Control
{
T found = null;
foreach (Control activeControl in startingControl.Controls)
{
found = activeControl as T;
if (found == null)
{
found = FindControl<T>(activeContr
}
else if (string.Compare(id, found.ID, true) != 0)
{
found = null;
}
if (found != null)
{
break;
}
}
return found;
}
protected void btnLogout_Click(object sender, System.EventArgs e)
{
MembershipUser mu = Membership.GetUser();
mu.Comment = String.Empty;
Membership.UpdateUser(mu);
FormsAuthentication.SignOu
FormsAuthentication.Redire
}
protected void LoginStatus_LoggedIn(objec
{
if (loginUser == null)
{
Login lgnMain = ((Login)LoginView1.FindCon
string username = lgnMain.UserName;
loginUser = Membership.GetUser(usernam
}
//represents the active login session
Guid g = System.Guid.NewGuid();
HttpCookie c = Response.Cookies[FormsAuth
FormsAuthenticationTicket ft = FormsAuthentication.Decryp
//Generate a new ticket that includes the login session ID
FormsAuthenticationTicket ftNew = new FormsAuthenticationTicket(
ft.Version,
ft.Name,
ft.IssueDate,
ft.Expiration,
ft.IsPersistent,
g.ToString(),
ft.CookiePath);
//Store the expiration date and login session ID in Membership
loginUser.Comment = "LoginExpiration;" + ft.Expiration.ToString() + "|LoginSessionID;" + g.ToString();
Membership.UpdateUser(logi
//Re-issue the updated forms authentication ticket
Response.Cookies.Remove(Fo
//Basically clone the original cookie except for the payload
HttpCookie newAuthCookie = new HttpCookie(
FormsAuthentication.FormsC
FormsAuthentication.Encryp
//Re-use the cookie settings from forms authentication
newAuthCookie.HttpOnly = c.HttpOnly;
newAuthCookie.Path = c.Path;
newAuthCookie.Secure = c.Secure;
newAuthCookie.Domain = c.Domain;
newAuthCookie.Expires = c.Expires;
//And set it back in the response
Response.Cookies.Add(newAu
}
protected void LoginStatus_LoggingIn(obje
{
if (loginUser == null)
{
Login lgnMain = ((Login)LoginView1.FindCon
string username = lgnMain.UserName;
loginUser = Membership.GetUser(usernam
}
//Only need to check if the user instance already has login information
//stored in the Comment field.
if ((!MembershipUser.Equals(l
(!String.IsNullOrEmpty(log
loginUser.Comment.Contains
{
string currentExpirationString = loginUser.Comment.Split("|
DateTime currentExpiration = DateTime.Parse((currentExp
//The user was logged in at some point previously and the login is still
//valid
if (DateTime.Now <= currentExpiration)
{
e.Cancel = true;
Literal tx = (Literal)LoginView1.FindCo
ScriptManager.RegisterStar
}
}
}
}
Why are you using such a complicated method in the background code?
My total login CodeBehind looks like this...
My total login CodeBehind looks like this...
Partial Class Login
Inherits System.Web.UI.Page
Protected Sub Page_Load(ByVal sender As Object, ByVal e As System.EventArgs) Handles Me.Load
Dim MetaTitle As Object = Master.FindControl("metaTitle")
MetaTitle.Text = ConfigurationManager.AppSettings("MetaTitle") & "Login" & ConfigurationManager.AppSettings("MetaTitleDmn")
If Request.QueryString("email") <> "" Then
CType(LoginView1.FindControl("Login1").FindControl("UserName"), TextBox).Text = Server.UrlDecode(Request.QueryString("email"))
End If
End Sub
End Class
ASKER
maybe u can help me the reason is that I don't want multiple users logged in under one account.
Is there another approach.
Is there another approach.
Oh, that's an interesting point and idea...
Well surley it's only the
"protected void LoginStatus_LoggingIn(obje ct sender, LoginCancelEventArgs e)" sub that you need then...
Well surley it's only the
"protected void LoginStatus_LoggingIn(obje
ASKER
u confused me
Sorry,
What I was saying / suggesting was that if you need to check to see if that user is logged-in before logging them in again, then I don't think you need to do ALL of the login processes manually, you could let the wizard to the bulk of it (it does it really well), and just use your piece of script to check at the actual time of the login, to see if they should be logged-in or not.
Gayo
What I was saying / suggesting was that if you need to check to see if that user is logged-in before logging them in again, then I don't think you need to do ALL of the login processes manually, you could let the wizard to the bulk of it (it does it really well), and just use your piece of script to check at the actual time of the login, to see if they should be logged-in or not.
Gayo
ASKER
do u have an example of this?
Not off-hand... will be quite quick and easy to do... (I think)
I've gone back and had a "quick" look... it "seems" as though you are writing a comment when the user log's in, and then checking for an expiry time on the next login... (Is that correct?)
How do you update the expiry date/time while the 1st person is logged-on? (As long as they are active on the site that date/time should be increasing?)
I haven't had a look anywhere, but doesn't .Net possibly monitor this all automagically?
Gayo
How do you update the expiry date/time while the 1st person is logged-on? (As long as they are active on the site that date/time should be increasing?)
I haven't had a look anywhere, but doesn't .Net possibly monitor this all automagically?
Gayo
I did a quick look on Google and found this article:
http://forums.asp.net/p/11 19826/1745 387.aspx
Looks like it can be quite tricky... (the joys of working with Asynchronous connections...)
http://forums.asp.net/p/11
Looks like it can be quite tricky... (the joys of working with Asynchronous connections...)
ASKER
Hmmm, interesting solution he has but we need more explanation.
Hi,
I just saw this is another thread... that may work for you...
Dim thisUser As MembershipUser = Membership.GetUser("Guest" )
If thisUser.IsOnline Then
' Show Error Message to user attempting to login
end if
I just saw this is another thread... that may work for you...
Dim thisUser As MembershipUser = Membership.GetUser("Guest"
If thisUser.IsOnline Then
' Show Error Message to user attempting to login
end if
ASKER
i need to see the whole thing to understand this.
That's basically all there was...
It just looked as though as he logged the user in that he checks to see if that user is already online...
If thisUser.IsOnline Then
If the user is, then he "does something"... else he logs the user on...
It just looked as though as he logged the user in that he checks to see if that user is already online...
If thisUser.IsOnline Then
If the user is, then he "does something"... else he logs the user on...
Open in new window