asp.net-membership

问题 Using a trigger-based approach to audit logging, I am recording the history of changes made to tables in the database. The approach I'm using (with a static sql server login) to record which user made the change involves running a stored procedure at the outset of each database connection. The triggers use this username when recording the audit rows. (The triggers are provided by the product OmniAudit.) However, the ASP.NET Membership tables are accessed primarily through the Membership API.

问题 Am using ASP.NET membership authentication in a small website and i just noticed some thing funny during testing. Am trying to enable user to change their login password any time they wish, i dragged a change password control to the form, i changed the password for my test account, but now all passwords are still working. I can login with the old password as well as the new password with this particular test account. If i try with any other random characters as the new password, i cant

问题 In my application i am using System.Web.Providers.DefaultMembershipProvider, System.Web.Providers, Version=2.0.0.0 as my membership provider and here my Account Controller code [HttpPost] public ActionResult Login(string username,string password) { var result = Membership.ValidateUser(username, password); if(result) { var user = Membership.GetUser(username); var roles = Roles.GetRolesForUser(username); var isDistributor = roles.Any(x => x.ToUpper() == "DISTRIBUTOR"); if (isDistributor) return

问题 I'm missing a concept here. I was assuming that Membership.DeleteUser() would expunge a user from my membership tables. My code: // remove all but 'admin' from Membership MembershipUserCollection users = Membership.GetAllUsers(); foreach ( MembershipUser user in users ) { if ( user.UserName != "admin" ) { Membership.DeleteUser( user.UserName ); } } DeleteUser() fails with exception: The DELETE statement conflicted with the REFERENCE constraint "FK__aspnet_Me__UserI__58D1301D". The conflict

问题 I have an ASP.NET web application using forms membership authentication. We have recently been penetration tested and an issue that was flagged was the ability to steal a users account. If the .ASPXAUTH cookie value was copied from a user before logging out a user could log in as a different user, edit their cookie to match the copied value and get all of their privileged. On logging out I have tried: Removing the cookie. I could successfully do this but it doesn't invalidate the

问题 I was considering using the custom MembershipProvider / RoleProviders. Unfortunately, the security layer we currently have requires some session stuff being set. So, when the IsUserInRole() method is called, the Session object is always null, due to the Session stuff being all prepopulated. Any suggestions on how I would be able to work around this, and retain the use of the Session based security model we have? (I didn't write it, and I have got to use it). Any help greatly appreciated as

问题 My application has custom Role and MembershipProviders. I've registered them in web.config, but when I try to do if(User.IsInRole("Blah")) , neither of my breakpoints in the RoleProvider's Initialize or IsUserInRole are hit. The membership provider works fine, so I guess there must be something I've missed from web.config. This is what I have: <system.web> ... <membership defaultProvider="MyAppMembershipProvider" userIsOnlineTimeWindow="15"> <providers> <clear /> <add name=

问题 I'm drawing from different questions (listed below as I ask the question). I would like to do five things and as far as I can tell from these questions and answers... all of this can be done in my OnModelCreating method. Preface : I am using the latest nightly bits for Asp.Net Identity 1.1-alpha I would like to use "UserId" instead of Id as the property for my Users Id in the AspNetUsers table. I understand this would involve using "HasColumnName" during OnModelCreating. I would like to use

问题 Is there a difference in the working between the Membership Provider of Webforms and Membership Provider of MVC 3? 回答1: No. The membership provider is part of the System.Web.Security namespace Webforms is the System.Web.UI namespace MVC is the System.Web.Mvc namespace Therefore, there are no dependencies. In other words, you'll be making the same membership calls with the same membership objects in an MVC application as you would in a WebForms application. 回答2: No, MVC is just a design

问题 Is there a difference in the working between the Membership Provider of Webforms and Membership Provider of MVC 3? 回答1: No. The membership provider is part of the System.Web.Security namespace Webforms is the System.Web.UI namespace MVC is the System.Web.Mvc namespace Therefore, there are no dependencies. In other words, you'll be making the same membership calls with the same membership objects in an MVC application as you would in a WebForms application. 回答2: No, MVC is just a design