membership

问题 Session.Abandon() doesn't seem to do anything. You would expect the Session_end event to fire when Session.Abandon() is called. 回答1: This is most likely because your SessionMode is not InProc (the only one that can detect when a session ends). Quoted from MSDN: Session Events ASP.NET provides two events that help you manage user sessions. The Session_OnStart event is raised when a new session starts, and the Session_OnEnd event is raised when a session is abandoned or expires. Session events

问题 I'm updating my website at the moment and figure that if I am to update my login/security mode, now is a good time. I have looked through the Membership model which is included in ASP.NET but I'm not convinced that it will provide any benefit apart from being familiar to other .NET developers. There seems to be quite a lot of documentation for it, but little discussion for why its worth the effort. Can anybody shed some light upon this? 回答1: I see little benefit to using membership for a

问题 i have change the default Account Membership provider to set IsApproved to false. public MembershipCreateStatus CreateUser(string userName, string password, string email) { MembershipCreateStatus status; _provider.CreateUser(userName, password, email, null, null, false, null, out status); return status; } But i then go back to the login page and it allows me to login. Shouldn't it fail login and say that i am not approved ?? EDIT: [AcceptVerbs(HttpVerbs.Post)] public ActionResult Register

问题 I have two asp.net applications on one IIS server and I would like to use the same back end asp_security database and membership provider. I've read that all I have to do is reference the same application name in both web configs as I'm doing now, but I must be doing something wrong In each applications web.config I have this section. <membership> <providers> <clear/> <add name="AspNetSqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.0.0, Culture

问题 What is default hash algorithm that ASP.NET membership uses? And how can I change it? 回答1: EDIT: Do not use the Membership Provider as-is because it is horridly inadequate in terms of protecting user's passwords In light of the fact that googling "membership provider hashing algorithm" turns up this answer as the first result, and the gospel that will be inferred, it behoves me to warn folks about using the Membership Provider like this and using hashes like SHA-1, MD5 etc to obfuscate

问题 Someone who works with MVC4 and the SIMPLEMEMBERSHIP knows how can I get a username by the userId? The user is not logged in and I want to delete it, and to delete I have to use Membership.DeleteUser(string username) 回答1: You could use the GetUserNameFromId method of the SimpleMembershipProvider as such: SimpleMembershipProvider provider = new SimpleMembershipProvider(); string name = provider.GetUserNameFromId(id); Ensure you have a reference to WebMatrix.WebData so you can use the

问题 Our site is hosted on a shared server. We have a login module independent of any membership roles. We have not used this feature.Our login db table only has email id and pwd fields. One of our folders (General) contains sensitive documents: pdf; jpg; doc files etc. We do not want this folder to be accessed by unauthorized users as well as any search engines such as google, yahoo and others. We added the below lines in the web config <location path="General" allowOverride="true"> <system.web>

问题 I am currently using MVC4 and entity framework model first. I was wondering how I am supposed to associate the asp.net membership provider tables with entity framework models. I tried adding membership provider tables into my EF database. But when I make association between UserProfile table from asp.net membership provider and one of my table, another UserProfile table is automatically created and nothing is stored in the original UserProfile table. Am I supposed to not make any associations

问题 I have to design a CMS where a set of credentials can only be used once. So if a user has logged in from his computer, no-one can login with his credentials from another location until that user logs out. Now using the asp.net membership provider out the box, the IsOnline method returns a boolean that reflects the timeout window vs. the last activity date. This is not a viable option for me, because if the user just closes the browser after logging in, IsOnline will still be true. But his

问题 I want use the OAuthWebSecurity API in a custom membersip and not the SimpleMembership. my project is ASP.NET MVC 4. Link found here My question: How i can do this work? 回答1: You need to have a few things in place. First you need your Custom membership provider to inherit from WebMatrix.WebData.ExtendedMembershipProvider This has a whole bunch of extra methods for dealing with OAuth. 来源： https://stackoverflow.com/questions/12228100/use-oauthwebsecurity-api-in-custom-membersip