I have a login page which requires all users to login everytime they visit,
the remember me feature isn't working. We all have cookies and js enabled.
Any suggestions on how to diagnose this?
My login aspx:
<asp:Login ID="Login1" runat="server" BackColor="#FFFFCC"
BorderColor="#5400A8" BorderPadding="4" BorderStyle="Solid" BorderWidth="1px
"
Font-Names="Verdana,Arial" Font-Size="12px" ForeColor="#333333"
MembershipProvider="myMembershipProvider" PasswordRecoveryText="Can't
remember your password?" PasswordRecoveryUrl="PwdRecovery.aspx"
Height="150px" Width="245px"> <TitleTextStyle BackColor="#5400A8"
Font-Bold="True" Font-Size="14px" ForeColor="White" />
<InstructionTextStyle Font-Italic="True" ForeColor="#5400A8" />
<TextBoxStyle Font-Size="14px" />
<LoginButtonStyle Font-Names="Verdana" Font-Size="12px" ForeColor="#5400A8"
/>
My web config:
<authentication mode="Forms" >
<forms name="CCAuth"
loginUrl="myLogin.aspx"
timeout="20"
slidingExpiration="true"
cookieless="AutoDetect"
protection="All"
requireSSL="false"
enableCrossAppRedirects="false"
defaultUrl="default.asp"
path="/" />
</authentication>
<membership defaultProvider="myMembershipProvider">
<providers>
<add name="myMembershipProvider"
type="System.Web.Security.SqlMembershipProvider"
connectionStringName="myDB"
applicationName="/"
enablePasswordRetrieval="false"
enablePasswordReset="true"
requiresQuestionAndAnswer="true"
requiresUniqueEmail="true"
passwordFormat="Hashed"
minRequiredPasswordLength="6"
minRequiredNonalphanumericCharacters="0"
maxInvalidPasswordAttempts="10" />
</providers>
</membership>Dabbler <Dabbler@.discussions.microsoft.com>'s wild thoughts
were released on Thu, 29 Jun 2006 06:54:02 -0700 bearing the
following fruit:
>I have a login page which requires all users to login everytime they visit,
>the remember me feature isn't working. We all have cookies and js enabled.
IIRC the timeout was changed thus rendering the 'remember
me' feature useless, so you need to set a timeout in your
web config to get it working again.
somthing like
<authentication mode="Forms">
<forms timeout="43200"/>
</authentication>
J
>Any suggestions on how to diagnose this?
>
>My login aspx:
><asp:Login ID="Login1" runat="server" BackColor="#FFFFCC"
>BorderColor="#5400A8" BorderPadding="4" BorderStyle="Solid" BorderWidth="1p
x"
>Font-Names="Verdana,Arial" Font-Size="12px" ForeColor="#333333"
>MembershipProvider="myMembershipProvider" PasswordRecoveryText="Can't
>remember your password?" PasswordRecoveryUrl="PwdRecovery.aspx"
>Height="150px" Width="245px"> <TitleTextStyle BackColor="#5400A8"
>Font-Bold="True" Font-Size="14px" ForeColor="White" />
><InstructionTextStyle Font-Italic="True" ForeColor="#5400A8" />
><TextBoxStyle Font-Size="14px" />
><LoginButtonStyle Font-Names="Verdana" Font-Size="12px" ForeColor="#5400A8"
/>
>My web config:
> <authentication mode="Forms" >
> <forms name="CCAuth"
> loginUrl="myLogin.aspx"
> timeout="20"
> slidingExpiration="true"
> cookieless="AutoDetect"
> protection="All"
> requireSSL="false"
> enableCrossAppRedirects="false"
> defaultUrl="default.asp"
> path="/" />
> </authentication>
> <membership defaultProvider="myMembershipProvider">
> <providers>
> <add name="myMembershipProvider"
> type="System.Web.Security.SqlMembershipProvider"
> connectionStringName="myDB"
> applicationName="/"
> enablePasswordRetrieval="false"
> enablePasswordReset="true"
> requiresQuestionAndAnswer="true"
> requiresUniqueEmail="true"
> passwordFormat="Hashed"
> minRequiredPasswordLength="6"
> minRequiredNonalphanumericCharacters="0"
> maxInvalidPasswordAttempts="10" />
> </providers>
> </membership>
Jan Hyde (VB MVP)
"Caring for Fine Wood" by Lindsey Doyle (David Reihmer)
Thursday, March 29, 2012
login control remember me doesnt work
I have a login page which requires all users to login everytime they visit,
the remember me feature isn't working. We all have cookies and js enabled.
the remember me feature isn't working. We all have cookies and js enabled.
Any suggestions on how to diagnose this?
My login aspx:
<asp:Login ID="Login1" runat="server" BackColor="#FFFFCC"
BorderColor="#5400A8" BorderPadding="4" BorderStyle="Solid" BorderWidth="1px"
Font-Names="Verdana,Arial" Font-Size="12px" ForeColor="#333333"
MembershipProvider="myMembershipProvider" PasswordRecoveryText="Can't
remember your password?" PasswordRecoveryUrl="PwdRecovery.aspx"
Height="150px" Width="245px"> <TitleTextStyle BackColor="#5400A8"
Font-Bold="True" Font-Size="14px" ForeColor="White" />
<InstructionTextStyle Font-Italic="True" ForeColor="#5400A8" />
<TextBoxStyle Font-Size="14px" />
<LoginButtonStyle Font-Names="Verdana" Font-Size="12px" ForeColor="#5400A8" /
My web config:
<authentication mode="Forms" >
<forms name="CCAuth"
loginUrl="myLogin.aspx"
timeout="20"
slidingExpiration="true"
cookieless="AutoDetect"
protection="All"
requireSSL="false"
enableCrossAppRedirects="false"
defaultUrl="default.asp"
path="/" />
</authentication>
<membership defaultProvider="myMembershipProvider">
<providers>
<add name="myMembershipProvider"
type="System.Web.Security.SqlMembershipProvider"
connectionStringName="myDB"
applicationName="/"
enablePasswordRetrieval="false"
enablePasswordReset="true"
requiresQuestionAndAnswer="true"
requiresUniqueEmail="true"
passwordFormat="Hashed"
minRequiredPasswordLength="6"
minRequiredNonalphanumericCharacters="0"
maxInvalidPasswordAttempts="10" />
</providers>
</membership>Dabbler <Dabbler@.discussions.microsoft.com>'s wild thoughts
were released on Thu, 29 Jun 2006 06:54:02 -0700 bearing the
following fruit:
Quote:
Originally Posted by
>I have a login page which requires all users to login everytime they visit,
>the remember me feature isn't working. We all have cookies and js enabled.
IIRC the timeout was changed thus rendering the 'remember
me' feature useless, so you need to set a timeout in your
web config to get it working again.
somthing like
<authentication mode="Forms">
<forms timeout="43200"/>
</authentication
J
Quote:
Originally Posted by
>Any suggestions on how to diagnose this?
>
>My login aspx:
><asp:Login ID="Login1" runat="server" BackColor="#FFFFCC"
>BorderColor="#5400A8" BorderPadding="4" BorderStyle="Solid" BorderWidth="1px"
>Font-Names="Verdana,Arial" Font-Size="12px" ForeColor="#333333"
>MembershipProvider="myMembershipProvider" PasswordRecoveryText="Can't
>remember your password?" PasswordRecoveryUrl="PwdRecovery.aspx"
>Height="150px" Width="245px" <TitleTextStyle BackColor="#5400A8"
>Font-Bold="True" Font-Size="14px" ForeColor="White" />
><InstructionTextStyle Font-Italic="True" ForeColor="#5400A8" />
><TextBoxStyle Font-Size="14px" />
><LoginButtonStyle Font-Names="Verdana" Font-Size="12px" ForeColor="#5400A8" />
>My web config:
<authentication mode="Forms" >
<forms name="CCAuth"
loginUrl="myLogin.aspx"
timeout="20"
slidingExpiration="true"
cookieless="AutoDetect"
protection="All"
requireSSL="false"
enableCrossAppRedirects="false"
defaultUrl="default.asp"
path="/" />
</authentication>
<membership defaultProvider="myMembershipProvider">
<providers>
<add name="myMembershipProvider"
type="System.Web.Security.SqlMembershipProvider"
connectionStringName="myDB"
applicationName="/"
enablePasswordRetrieval="false"
enablePasswordReset="true"
requiresQuestionAndAnswer="true"
requiresUniqueEmail="true"
passwordFormat="Hashed"
minRequiredPasswordLength="6"
minRequiredNonalphanumericCharacters="0"
maxInvalidPasswordAttempts="10" />
</providers>
</membership>
Jan Hyde (VB MVP)
--
"Caring for Fine Wood" by Lindsey Doyle (David Reihmer)
Login Control Requires Response.Redirect?
Please tell me NO to this question. Shouldn't all controls be developed
with Server.Transfer or Server.Execute in mind? I am finding my Login
Control does not behave per its "ShowWhileLoggedIN" setting unless I
force some kind of client side navigation to happen.
Is it me, or the control that is broken? :-)
Happy Holidays
Please reply to brian.oneil@dotnet.itags.org.mcdean.com
( I am not finding my own posts in this forum anymore
( what happened to Search for messages by author feature? ) )Revision to this problem ; Whenever I browse to a page called
"DEFAULT", the Login Control refuses to adhere to the
"VisibleWhenLogged" property.
Any other pages on the site seem to function as expected. The Default
page has no code in it, as is the case with my other test cases. Guess
this is a throwback to the original security model where the Web.Config
handles all the Forms auth page setup?
Thanks for listening,
Brian
with Server.Transfer or Server.Execute in mind? I am finding my Login
Control does not behave per its "ShowWhileLoggedIN" setting unless I
force some kind of client side navigation to happen.
Is it me, or the control that is broken? :-)
Happy Holidays
Please reply to brian.oneil@dotnet.itags.org.mcdean.com
( I am not finding my own posts in this forum anymore
( what happened to Search for messages by author feature? ) )Revision to this problem ; Whenever I browse to a page called
"DEFAULT", the Login Control refuses to adhere to the
"VisibleWhenLogged" property.
Any other pages on the site seem to function as expected. The Default
page has no code in it, as is the case with my other test cases. Guess
this is a throwback to the original security model where the Web.Config
handles all the Forms auth page setup?
Thanks for listening,
Brian
Login Control used with existing database
Hi,
I'm creating my first 2.0 web application. I want to use the login
control to validate users using my existing SQL 2000 database (using
email address and password)
I can't find a tutuorial to do this...they always seem to want me to
create this new aspnet db and use roles and memberships and the like.
Can I simply just use my own database? I want them to login and then
fill in a session variable with their "id code", and I'll be good to
go.
thanks,
PaulOn 28 Dec 2005 08:54:35 -0800, "paulmac106" <paulmac106@.hotmail.com> wrote:
Hi,
I'm creating my first 2.0 web application. I want to use the login
control to validate users using my existing SQL 2000 database (using
email address and password)
I can't find a tutuorial to do this...they always seem to want me to
create this new aspnet db and use roles and memberships and the like.
Can I simply just use my own database? I want them to login and then
fill in a session variable with their "id code", and I'll be good to
go.
The login control operates through a Membership Provider, which uses tables in a data store, such as
SQL Server. However, it isn't designed to inter operate with SQL Server security.
Paul
~~~~
Microsoft MVP (Visual Basic)
Login Control used with existing database
Hi,
I'm creating my first 2.0 web application. I want to use the login
control to validate users using my existing SQL 2000 database (using
email address and password)
I can't find a tutuorial to do this...they always seem to want me to
create this new aspnet db and use roles and memberships and the like.
Can I simply just use my own database? I want them to login and then
fill in a session variable with their "id code", and I'll be good to
go.
thanks,
PaulOn 28 Dec 2005 08:54:35 -0800, "paulmac106" <paulmac106@.hotmail.com> wrote:
Hi,
I'm creating my first 2.0 web application. I want to use the login
control to validate users using my existing SQL 2000 database (using
email address and password)
I can't find a tutuorial to do this...they always seem to want me to
create this new aspnet db and use roles and memberships and the like.
Can I simply just use my own database? I want them to login and then
fill in a session variable with their "id code", and I'll be good to
go.
The login control operates through a Membership Provider, which uses tables
in a data store, such as
SQL Server. However, it isn't designed to inter operate with SQL Server secu
rity.
Paul
~~~~
Microsoft MVP (Visual Basic)
I'm creating my first 2.0 web application. I want to use the login
control to validate users using my existing SQL 2000 database (using
email address and password)
I can't find a tutuorial to do this...they always seem to want me to
create this new aspnet db and use roles and memberships and the like.
Can I simply just use my own database? I want them to login and then
fill in a session variable with their "id code", and I'll be good to
go.
thanks,
PaulOn 28 Dec 2005 08:54:35 -0800, "paulmac106" <paulmac106@.hotmail.com> wrote:
Hi,
I'm creating my first 2.0 web application. I want to use the login
control to validate users using my existing SQL 2000 database (using
email address and password)
I can't find a tutuorial to do this...they always seem to want me to
create this new aspnet db and use roles and memberships and the like.
Can I simply just use my own database? I want them to login and then
fill in a session variable with their "id code", and I'll be good to
go.
The login control operates through a Membership Provider, which uses tables
in a data store, such as
SQL Server. However, it isn't designed to inter operate with SQL Server secu
rity.
Paul
~~~~
Microsoft MVP (Visual Basic)
login control validation - how use simple password?
In ASP.NET 2.0, the login control seems to automatically want strong
passwords. How can I allow simple passwords, such as 6 in length with at
least 1 number?
passwords. How can I allow simple passwords, such as 6 in length with at
least 1 number?
Thanks!In your web.config inside system.web add this:
<membership>
<providers>
<remove name="AspNetSqlMembershipProvider" />
<add connectionStringName="LocalSqlServer"
enablePasswordRetrieval="false"
enablePasswordReset="true" requiresQuestionAndAnswer="false"
applicationName="/" requiresUniqueEmail="false"
passwordFormat="Hashed"
maxInvalidPasswordAttempts="5" minRequiredPasswordLength="2"
minRequiredNonalphanumericCharacters="0"
passwordAttemptWindow="10"
passwordStrengthRegularExpression=""
name="AspNetSqlMembershipProvider"
type="System.Web.Security.SqlMembershipProvider, System.Web,
Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
</providers>
</membership
Also, you may need to edit some details according to your database.
notice the options you have for your password strength. use it wisely!
;)
Yossi.
You can set the password regular expression in the membership element of the
web.config file. See sample below.
<membership defaultProvider="MyProvider">
<providers>
<add name="MyProvider" connectionStringName="MyDB"
applicationName="MyWebsite" enablePasswordRetrieval="false"
enablePasswordReset="true" requiresQuestionAndAnswer="true"
requiresUniqueEmail="false" passwordFormat="Hashed"
minRequiredPasswordLength="6"
minRequiredNonalphanumericCharacters="0"
passwordStrengthRegularExpression="^[put your regex here]$"
maxInvalidPasswordAttempts="5" passwordAttemptWindow="5"
type="System.Web.Security.SqlMembershipProvider"/>
</providers>
</membership
There are some other details associated with setting up the provider that
don't come me right now. But this works for me.
Good luck,
Eagle
"VB Programmer" wrote:
> In ASP.NET 2.0, the login control seems to automatically want strong
> passwords. How can I allow simple passwords, such as 6 in length with at
> least 1 number?
> Thanks!
>
login control using SQL DB
Hi All,
I am in the process of writing an online training course, I am trying to get the login control to check a username and password against fields in an SQL database rather than using the administration site DB. I dont really know where to start. Also, as well as a username and password I would like a dropdown list that the user can select whether they are a "Delegate" or "FireWarden".
Hope this makes sense,
thanks very much everyone.
Scott.
What do you mean by Administration site DB? Do you mean the DB that the ASP.NET Configuration interface uses? If this is the case then ASP.NET by default uses SQL Server 2005 (or Express edition). You can configure it to use SQL Server 2000 also. I would suggest you use the default database for authentication purposes because it implements its own hashing to usernames and passwords, its easy to use and secure and tested (unless you are confident that you can build something more secure and rubust).
If you need more info. then let me know...
good luck...
bullpit
Hi Bullpit,
Thanks for the reply, sorry to not be very clear.
When I meant the admin db I meant the ASPNETDB.Mdf.
How customisable is the default database? Only reason I ask is that I will need to associate a user to a company.
Basically, its an online fire training course. A company will sign up, then set up its own users to take the course.
I thought that having custom databases would be easier, unless you think otherwise.
thanks very much, sorry if its a bit vague.
scott.
Its very flexible. In your case, what you can use is the Role Management feature. With this, you can create comapany users that have admin rights to the database and grant permission to create and remove child users within the company. You can Login control, Create User Wizard control to accomplish this. You can use the configuration panel to control the website and users.
If you think figuring all this out is too much work, then you can also go for your own custom database application. But if you use ASPNETDB, it already has all the relations built in. You do not have to worry about the creating the whole database application from scratch.
good luck...
bullpit
By Admin rights I mean the minimal rights that can do the work.
Hi Bullpit,
Yes I see what you are saying. I might not have explained it right: :-)
There will be 3 levels of login
1) The Owner of the training course / website (this person can see a list of ALL compaines and delegates)
2) The Firewarden (This is the firewarden for the company that will be taking the training course, this person can add, edit, delete users from the training course, only for their own company)
3) The Delegate (They are assigned a username and password by the firewarden, they can then user these to log in and take the course)
The Owner can activate / deactivate any user within any company
The Firewarden can do the same but only for their own company
The Delegate can only take the course
Does this make it a bit clearer?
This is why I thought a custom designed solution might be better.
thanks very much,
Scott.
1) The Owner of the training course / website (this person can see a list of ALL compaines and delegates) = YOU
2) The Firewarden (This is the firewarden for the company that will be taking the training course, this person can add, edit, delete users from the training course, only for their own company) = COMPANY's ADMIN USER
3) The Delegate (They are assigned a username and password by the firewarden, they can then user these to log in and take the course) = CHILD USERS.
You can add another table or a field in a table that has the company name and do the verification at login, may be provide a dropdown so that the users can choose the company they belong to and then give the rights according to the role and company they belong to.
Does this sound doable to you?
bullpit
Hi Bullpit,
Thanks very much for that, it does make sense, not quite sure where to start but it does sound doable to me.
thanks again for your help,
scott.
Hi Bullpit,.
one more thing to point out
"1) The Owner of the training course / website (this person can see a list of ALL compaines and delegates) = YOU"
This will actually be the customer that I supply the site to so they will not be using the site configuration, can they still see the list of users and companies etc?
thanks,
Scott.
Sure, anytime...I dont know which database server you are using but if you are using SQL Server 2005, it should already be configured but if you are using 2000 and need help with configuring it, let me know. And your application does need more thinking than what I have suggeted, so make a good plan and then go for it. My suggestions may not be the best ones.
good luck...
bullpit
You can actually have remote access to the Site Mangement tool.
go thru this tutorial and I believe this will help you.
http://www.sitepoint.com/article/asp-net-2-security
good luck...
bullpit
thanks very much mate, I will work through the tutorial.
And yes I am using SQL Server 2005.
thanks again for all your help.
Scott.
I am sorry but the tutorial I sent does not tell you explicitely how to use it remotely. I am looking into it and will get back to you with a good article but it is accessible remotely (documentation in MSDN). You may find my question posted in this forum soon.
good luck...
bullpit
ha ha, its ok and thanks for looking into it.
To be honest, I didnt even know that you could view the users in a gridview so that is a step forward anyway.
thanks again.
Scott.
I believe you can use these two articles to get remote access to the website admin tool.
http://weblogs.asp.net/jeffwids/archive/2005/07/26/420572.aspx
http://www.extremeexperts.com/Net/Articles/ConfigurationManagementinASPNET.aspx
bullpit
Subscribe to:
Posts (Atom)