Category Archives: Login

Session Identifier Not Updated

December 5, 2014HTML, Login, Post, Web FormsHTML, Login, Post, Web Formsadmin

Hello,

I am developed VS2012 with MVC4. got error Session Identifier Not Updated with IBM Security AppScan.

I tried to change cookie: __RequestVerificationToken after user log, Here is the code:

Session.Abandon();

Response.Cookies.Add(new HttpCookie(AntiForgeryConfig.CookieName, Guid.NewGuid().ToString()));

I saw __RequestVerificationToken value changed but IBM app scan still reported same error.

Please help.

Thanks.

Have you tried [ValidateAntiForgeryToken] attribute, instead of manually setting cookie. Also please take a look at this blog post

Session Fixation & Forms Authentication Token Termination in ASP.NET

I added [ValidateAntiForgeryToken] attribute, but got the error also.

Thanks for quick response.

MSFan

got error Session Identifier Not Updated with IBM Security AppScan.

Hi MSFan,

With the description, I see the issue caused by a application scan tool with session fixation which can be a session hijack

when occur by user login. Current solution as below:

"For platforms such as ASP that do not generate new values for sessionid cookies, utilize a secondary cookie. In this approach,

set a secondary cookie on the user’s browser to a random value and set a session variable to the same value. If the session

variable and the cookie value ever don’t match, invalidate the session, and force the user to log on again."

When a user logout, you can use below code :

        Session.Abandon();
        // in case a attacker has forced a cookie with a future expiration date, expire that cookie as well
        Response.Cookies["ASP.NET_SessionId"].Expires = DateTime.Now.AddYears(-30);
        Response.Cookies.Add(new HttpCookie("ASP.NET_SessionId", ""));

this will force a new value for the cookie Id when they try to hit the site after logging out.

Hope this helps, thanks.

Best Regards!

Hello,

I tried logout , it is not helpful.

"For platforms such as ASP that do not generate new values for sessionid cookies, utilize a secondary cookie. In this approach,

set a secondary cookie on the user’s browser to a random value and set a session variable to the same value. If the session

variable and the cookie value ever don’t match, invalidate the session, and force the user to log on again."

How to code it on MVC?

Thanks.

MSFan

How to code it on MVC?

You can do this in a filter. Please take a look at this post

Session Fixation & Forms Authentication Token Termination in ASP.NET

ASP.NET Identity signout fails if inactive for longer than security stamp validation interval

December 5, 2014HyperLink, Login, Post, Web FormsHyperLink, Login, Post, Web Formsadmin

My site uses ASP.Net MVC 5.2.2 and ASP.Net Identity 2.1.0. In CookieAuthenticationOptions I set the ExpireTimeSpan to 30 minutes and the security stamp validation interval is set to 2 minutes (so that users will be booted out within two minutes of a call
to UserManager.UpdateSecurityStampAsync).

The problem is that if users remain idle for longer than 2 minutes and then click on the Sign Out button, the site fails to log them off. After a bit of sleuthing, I found that in these cases the server returns a new application cookie (the cookie sent to
the server was different than the one returned from it). What seems to be happening is that the owin code misses the call to AuthenticationManager.SignOut and goes ahead with the generation of a new application cookie, as it normally would have in cases where
the old one is more than two minutes old.

Has anybody else encountered this issue? Any suggestions on how to diagnose and fix?

Hi tiritas,

Thanks for your post.

You can try set AuthenticationMode
like this

AuthenticationMode = AuthenticationMode.Active

More information:

http://stackoverflow.com/questions/21275399/login-page-on-different-domain

What is ASP.NET Identity’s IUserSecurityStampStore<TUser> interface?

Hope it can be helpful.

Best Regards,

Eileen

I tried using AuthenticationMode = AuthenticationMode.Active in my application options for cookie authentication, but the problem remains. Here’s my setup:

app.CreatePerOwinContext(ApplicationDbContext.Create);
app.CreatePerOwinContext<ApplicationUserManager>(ApplicationUserManager.Create);
app.CreatePerOwinContext<ApplicationSignInManager>(ApplicationSignInManager.Create);

// Enable the application to use a cookie to store information for the signed in user
// and to use a cookie to temporarily store information about a user logging in with a third party login provider
// Configure the sign in cookie
app.UseCookieAuthentication(new CookieAuthenticationOptions {
    AuthenticationMode = AuthenticationMode.Active,
    AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
    LoginPath = new PathString("/Account/Login"),
    ExpireTimeSpan = TimeSpan.FromMinutes(Settings.Default.LoginExpirationMinutes),
    Provider = new CookieAuthenticationProvider {
        // Enables the application to validate the security stamp when the user logs in.
        // This is a security feature which is used when you change a password or add an external login to your account.  
        OnValidateIdentity = SecurityStampValidator.OnValidateIdentity<ApplicationUserManager, ApplicationUser, int>(
            validateInterval: TimeSpan.FromMinutes(2),
            regenerateIdentityCallback: (manager, user) => user.GenerateUserIdentityAsync(manager),
            getUserIdCallback:id=>(id.GetUserId<int>()))
    }
});
app.UseExternalSignInCookie(DefaultAuthenticationTypes.ExternalCookie);

Any other suggestions?

Hi tiritas,

Thanks for your post.

Have you installed VS 2013 Update 3?because
ASP.NET Identity 2.1 is included in the ASP.NET templates which were released with
VS 2013 Update 3.

More information:

#Announcing RTM of ASP.NET Identity 2.1.0

http://blogs.msdn.com/b/webdev/archive/2014/08/05/announcing-rtm-of-asp-net-identity-2-1-0.aspx

Hope this can be helpful.

Best Regards,

Eileen

Yes, I did install VS 2013 Update 3.

As an experiment, I created a brand new ASP.NET Web Application project with the VS 2013 Update 3 templates and noticed the exact same issue: I logged in and then waited for an amount of time equal to the security stamp validateInterval (by default, 30 minutes).
After than I clicked the Log Off link and noticed that, just like in my own project, I was not logged out. I had to click the link a second time to be logged out. In fact, I didn’t even need to sit idle for 30 minutes: I could keep making requests during that
period and the click to the log out button would still fail, as long as it was the first request after the 30-minute interval expired.

This seems to be a bug in the OWIN identity code. Basically, if the first request after the validation interval is a signout request, it fails, because the code that validates and issues a new security stamp does not check if the user has logged out as part
of the same request. Log out requests will fail, as long as they are part of a request that would cause the re-issuance of the security stamp — i.e. the first request that is after validationInterval minutes since issuance of the previous security stamp.

I would appreciate it if somebody could confirm this behavior. You don’t have to wait 30 minutes and do not have to create a new project. Just take an existing project that uses Identity, temporarily set the validation interval to something really short
(30 seconds or a minute), log in, and ensure that the first request after the interval expires is a click on the Logout button. If this is a bug, you should notice that you are still logged in.

This seems to be a bug,

http://stackoverflow.com/questions/25824242/signout-is-not-working-when-calling-after-passwordsignin

https://katanaproject.codeplex.com/workitem/201

I reported the bug on the Katana Codeplex site:

https://katanaproject.codeplex.com/workitem/356

[RESOLVED]Bind Data to webgrid

December 5, 2014AJAX, Controller, CSS, HTML, Image, Jquery, Login, Menu, PlaceHolder, Post, Table, View, Web FormsAJAX, Controller, CSS, HTML, Image, Jquery, Login, Menu, PlaceHolder, Post, Table, View, Web Formsadmin

I’m trying to bind data to a webgrid in a view. This is the method that does the bind so to speak:

  public ActionResult queueTable()
        {
            List<Models.User> laUserList = new List<Models.User>();
            DBEntities objentity = new DBEntities();
            var _objuserdetail = (from data in objentity.Users
                                  select data);
            foreach (var item in _objuserdetail)
            {
                Models.User user = new Models.User();
                user.Username = item.Username;
                user.Password = item.Password;
                user.Email = item.Age;//IS ACTUALLY EMAIL HAVENT CHANGED COLUMN NAME IN DB YET AS IM JUST TESTING
                laUserList.Add(user);
            }
            var datas = laUserList;
            return View(datas);
        }

I keep getting the following error :

A data source must be bound before this operation can be performed.

Now I need to some how bind it to the following view :

@model IEnumerable<DashboardBucks.Models.User>
@{
Layout = null;
WebGrid gridQueue = new WebGrid(Model);
}
<!DOCTYPE html>

<html>
<head>
<script type="text/javascript" src="~/JS/jquery-1.10.2.js"></script>
<script type="text/javascript" src="~/JS/JsFunctions.js"></script>
<script type="text/javascript" src="~/JS/placeholders.min.js"></script>
<script type="text/javascript" src="../Styles/Menu/swimbi.js"></script>
<link href="../Styles/Menu/swimbi.css" rel="Stylesheet" type="text/css" media="screen" />
<link href="~/Styles/StyleSheet.css" rel="Stylesheet" type="text/css" media="screen" />
<meta name="viewport" content="width=device-width" />
<title>Dashboard</title>
</head>
<body onload="GetParValue()" style="background-color: white; width:99%;">
<div align="center">
@using (@Html.BeginForm("LoginResult", "User", FormMethod.Post))
{
<table style="width:100%;">
<tr>
<td>
<img src="~/Styles/Images/LogoDash.png" class="" />
</td>
<td>
<div align="right" class="placement">
<img id="flagImg" src="" class="flag" />
</div>
</td>
</tr>
</table>

<li id="lilast" style="margin-right: 25px;"><a data-icon="&#xf024" href="#"> Country</a>
<ul>

<li><a href="?param1=1" onclick="GetParValue()">South Africa</a></li>
<li><a href="?param1=6" onclick="GetParValue()">Zimbabwe</a></li>
<li><a href="?param1=7" onclick="GetParValue()">Botswana BU</a></li>
<li><a href="?param1=9" onclick="GetParValue()">Botswana CC</a></li>
<li><a href="?param1=4" onclick="GetParValue()">Botswana TU</a></li>
<li><a href="?param1=2" onclick="GetParValue()">Kenya</a></li>
<li><a href="?param1=5" onclick="GetParValue()">Malawi</a></li>
<li><a href="?param1=3" onclick="GetParValue()">Spain</a></li>
<li><a href="?param1=8" onclick="GetParValue()">Swaziland</a></li>
</ul>
</li>
</ul>

</div>
<div>

</div>
</div>
}

I WOULD LIKE TO PLACE THE WEBGRID HERE OUTSIDE OF THE WEB FORM —
</div>
</body>
</html>

HERE is the html for the webgrid:

<div id="gridContent" style="padding: 20px; width:30%; font-family:Trebuchet MS, Arial, Helvetica, sans-serif;">
<div style=" border-collapse: separate; border: solid 1px #ffba36;">
<div align="Left" style="padding: 7px;font-family:Trebuchet MS, Arial, Helvetica, sans-serif; color:#6c5d45; border-bottom:solid 1px #6c5d45;">
QUEUE
</div>
@grid.GetHtml( tableStyle: "webgrid-table",
headerStyle: "webgrid-header",
footerStyle: "webgrid-footer",
alternatingRowStyle: "webgrid-alternating-row",
selectedRowStyle: "webgrid-selected-row",
rowStyle: "webgrid-row-style",
columns: new[]{
grid.Column("Username"),
grid.Column("Password"),
grid.Column("Email")
})
</div>
</div>

You have simply mis-named your webgrid.

You have this…

WebGrid gridQueue = new WebGrid(Model);

So then your webgrid markup must reference the "gridQueue" name:

@gridQueue.GetHtml( tableStyle: "webgrid-table",
  ...

you had "grid", but it needed to be "gridQueue"

Hi garethcarver,

First, please refer to JohnLocke’s reply.

Secondly, for that error, it means the instance of WebGrid haven’t the bind to the data source. About WebGird, you could refer to:

# Get the Most out of WebGrid in ASP.NET MVC

http://msdn.microsoft.com/en-us/magazine/hh288075.aspx

# WebGrid in ASP.NET MVC4

http://www.codeproject.com/Tips/615776/WebGrid-in-ASP-NET-MVC

Best Regards

Starain Chen

Thanks, I did change the grid name originally, I think I pasted the un edited code up in my question, I still get the same error with the databind. I have no idea how it is not binding, how would I tell it to bind basically on the page load or on a button
click ?

Hi garethcarver,

garethcarver

I have no idea how it is not binding

You need set the data source to the WebGrid before call GetHtml method. You may refer to the links that I provided.

garethcarver

how would I tell it to bind basically on the page load or on a button click ?

For view load:

@{
   WebGrid grid=new WebGrid([your data]);
}
grid.GetHtml(...)

For button click, you need to send a request the action and load partial view (could use AJAX) or reload current view.

If you still have the issue, please provide the complete code. (E.g. Controller, View)

Best Regards

Starain Chen

[RESOLVED]Multiple Models in one view with 2 webgrids

December 5, 2014Controller, CSS, HTML, Image, Jquery, Login, Menu, PlaceHolder, Post, Table, View, Web FormsController, CSS, HTML, Image, Jquery, Login, Menu, PlaceHolder, Post, Table, View, Web Formsadmin

I have 2 web grids in one page and I am trying to bind data to them both but from different models, would I need to create a model which references both models ? Here is my code

@model IEnumerable<DashboardBucks.Models.User>
@{
Layout = null;
WebGrid grid = new WebGrid(Model);
WebGrid grid2 = new WebGrid(Model);????
}
<!DOCTYPE html>

<li id="lilast" style="margin-right: 25px;"><a data-icon="&#xf024" href="#"> Country</a>
<ul>

</div>
<div>

</div>
</div>

}
<div id="gridContent" style="padding: 20px; width:30%; font-family:Trebuchet MS, Arial, Helvetica, sans-serif;">
<div style=" border-collapse: separate; border: solid 1px #ffba36;">
<div align="Left" style="padding: 7px;font-family:Trebuchet MS, Arial, Helvetica, sans-serif; color:#6c5d45; border-bottom:solid 1px #6c5d45;">
QUEUE
</div>
@grid.GetHtml( tableStyle: "webgrid-table",
headerStyle: "webgrid-header",
footerStyle: "webgrid-footer",
alternatingRowStyle: "webgrid-alternating-row",
selectedRowStyle: "webgrid-selected-row",
rowStyle: "webgrid-row-style",
columns: new[]{
grid.Column("Password"),
grid.Column("UserName"),
grid.Column("Email")
})
</div>
</div>
<br />
<div id="gridContent" style="padding: 20px; width:30%; font-family:Trebuchet MS, Arial, Helvetica, sans-serif;">
<div style=" border-collapse: separate; border: solid 1px #ffba36;">
<div align="Left" style="padding: 7px;font-family:Trebuchet MS, Arial, Helvetica, sans-serif; color:#6c5d45; border-bottom:solid 1px #6c5d45;">
QUEUE
</div>
@grid2.GetHtml( tableStyle: "webgrid-table",
headerStyle: "webgrid-header",
footerStyle: "webgrid-footer",
alternatingRowStyle: "webgrid-alternating-row",
selectedRowStyle: "webgrid-selected-row",
rowStyle: "webgrid-row-style",
columns: new[]{
grid2.Column("Password"),
grid2.Column("UserName"),
grid2.Column("Email")
})
</div>
</div>
</div>
</body>
</html>

Controller :

  public ActionResult Dashboard()
        {
            Uri myUri = new Uri(System.Web.HttpContext.Current.Request.Url.AbsoluteUri);
            string param1 = HttpUtility.ParseQueryString(myUri.Query).Get("param1");
            if (param1 == null)
            {
                string level = (string)System.Web.HttpContext.Current.Cache["Levels"];
                string[] details = level.Split('-').ToArray();
                Response.Redirect(myUri + "?" + "param1=" + details[0]);
               // Response.Write("<script>GetParValue();</script>");
               // System.Web.HttpUtility.ParseQueryString(myUri + "?" + "param1=" + details[0]);
            }
            List<Models.User> laUserList = new List<Models.User>();
            DBEntities objentity = new DBEntities();
            var _objuserdetail = (from data in objentity.Users where data.CountryID==param1
                                  select data);
            foreach (var item in _objuserdetail)
            {
                Models.User user = new Models.User();
                user.Username = item.Username;
                user.Password = item.Password;
                user.Email = item.Age;//IS ACTUALLY EMAIL HAVENT CHANGED COLUMN NAME IN DB YET AS IM JUST TESTING
                laUserList.Add(user);
            }
            List<Models.testData> testList = new List<Models.testData>();
            DBEntities testOb = new DBEntities();
            var _objTestdetail = (from data in testOb.TestDatas
                                 
                                  select data);
            foreach (var item in _objTestdetail)
            {
                Models.testData tests = new Models.testData();
                tests.Count = item.Count;
                tests.Pro = item.Process;
                //user.Email = item.Age;//IS ACTUALLY EMAIL HAVENT CHANGED COLUMN NAME IN DB YET AS IM JUST TESTING
                testList.Add(tests);
            }
            var datas = laUserList;
            var datas2 = testList;
            return View(); // HOW WOULD I RETURN BOTH datas and datas2  to my webgrids
        }

HOW WOULD I RETURN BOTH datas and datas2  to my webgrids in my view

Have a look through similar threads

https://www.google.com/search?q=site%3aforums.asp.net+two+models

Yes exactly! You need a single model, called a ViewModel, that has everything you need.

I wrote a post about it
here.

HI,

Create single model, it contains two model data’s, then pass to view.

public class ModelOne { // Model1 member’s}

public class ModelTwo { // Model 2 member’s }

Create common Model

public class ViewModel{

public ModelOne Grid1{ get; set;}

public ModelTwo Grid2 { get; set; }

}

set each grid item value into ViewModel object, and pass to view.

I hopeit might help to you.

Thanks,

Jai

Thanks guys for your help got it working

[RESOLVED]Windows authentication on every ajax call MVC

December 5, 2014AJAX, Controller, HTML, Jquery, Login, View, Web FormsAJAX, Controller, HTML, Jquery, Login, View, Web Formsadmin

I’ve created an MVC project with windows authentication.

From my views, I use Jquery to retrieve data from the controller asynchronously in order to provide a better user experience and reduce loading times.

These functions look like

public JsonResult someFunction(string parameter)
{

…

return Json(result, JsonRequestBehavior.AllowGet);

}

Everythings works as I want in Chrome, where it prompts me for login when I open the page and no more for the duration of that session. However, in IE, it prompts me for login when I open the page, and on every single ajax call…

Why is this happening and how can I avoid it?

I need to use windows authentication and IE, I can’t change that…

I’m quite new to MVC, so maybe there’s another way to do what I want.

I can live with only having authentication on certain functions and when first opening the web application.

If it prompts you for a login you’re not using windows authentication, you’re using basic authentication. Windows Auth is seamless with no pop-up box.

go through the below link, if you are administration in your machine, you would be able to make this setting in IE. the pop will not be shown anymore.

http://docs.acl.com/ax/310/index.jsp?topic=%2Fcom.acl.ax.admin.help%2Fsystem_administration%2Ft_configuring_internet_explorer_for_integrated_windows_authentication.html

Ok. Strangely enough, when I published the site on a server, it worked exactly as I wanted. It only occurs when running it from Visual Studio.

Thanks, that helped, I already got the "Enable Integrated Windows Authentication" option enabled, as I found that when trying to find solutions for my problem. However, I hadn’t added the page to the sites section. It works like a charm now!

[RESOLVED]***session timeout issue

December 5, 2014IIS, Login, Post, Web FormsIIS, Login, Post, Web Formsadmin

Hi All,

***Urgent help need***

facing one issue, in our application after 20 min we are expiring the sesssion. and any action leads to session time out page.

which is good and expected.

now issue is once the session expires, and we open the new tab in browser we are getting same session time out message…[open the new tab should ask for login]

on subsequent opening the tab getting same time out message, but if we clear the cache and close all instance of browser we are able to get login screen.

plz help out.

Thankx

Session and authentication are not related. What is stopping you get to your login screen? Your real solution is going to be to decouple the session and the authentication. Reading between the lines it seems you are trying to tie the two together and
expire one when the other expires. Deal with your authentication as one issue. Then deal with handling session and session data as another. If session data has gone you need to either re-create it if possible, or redirect the user to a screen that tells
them their session has timed out but lets them continue with the session they have. Sending them to the login screen is not the thing to do. If your code can only work after a user has just logged in then you need to remove that dependency and allow a user
to start a new session from your "session timed out" page, as well as allowing them to start a new session after they just login.

Try clearing Session cookie

This appears to happen all of the type due to the fact that people often refer to the act of a user being logged in as a "Session" and just associate the two, which isn’t the case. You have an actual Session and Forms Authentication token, which are two
distinct concepts and have two separate timeouts.

If this is occurring after 20 minutes, it’s very likely an Idle Timeout through IIS (seen in the third section below). I’ll paste the following which I have posted in the past and contains all of the necessary steps to change all of these various
timeouts (Forms Authentication, Session and IIS Idle Timeouts) :

There are quite a few ways to set timeouts within .NET (Session Timeouts, Forms Authentication Timeouts and IIS-related Timeouts) so a few things could be going wrong here so I’ll detail each of them below.

Setting the SessionState Timeout within your web.config

You can update the timeout property of your Session State (if that is what is actually timing out) within your web.config file in the <sessionState> element as shown below (default of 20 minutes shown below):

<configuration> 
   <system.web> 
      <!-- Adjust the timeout property below -->
      <sessionState mode="InProc" timeout="20"/></sessionState> 
   </system.web> 
</configuration>

so you could simply change this to the number of minutes that you wanted. For instance 3 hours would be :

<sessionState mode="InProc" timeout="180"/></sessionState>

Setting the Forms Authentication Timeout within your web.config

You can adjust the specific timeout property of your Forms Authentication in your application by adjusting the timeout property within the <authentication> element of your web.config file. You will also want to be mindful that if you are using the slidingExpiration
property in conjunction with timeouts as they can actually expire much earlier than the timeout listed.

<authentication mode="Forms"> 
    <forms name=".ASPXAUTH" loginUrl="~/Login.aspx" timeout="yourTimeoutInMinutes"></forms> 
</authentication>

So if you wanted to extend the amount that the authentication token stays "alive" for to say 180 minutes (3 hours), you would set it as seen below :

<authentication mode="Forms"> 
    <forms name=".ASPXAUTH" loginUrl="~/Login.aspx" timeout="180"></forms> 
</authentication>

However, if you are using the slidingExpiration property, the authentication token can expire when half of the timeout duration has elapsed. So you’ll likely want to double your timeout value if you are using it :

<authentication mode="Forms"> 
    <forms name=".ASPXAUTH" loginUrl="~/Login.aspx" timeout="360" slidingExpiration="true"></forms> 
</authentication>

Setting the Application IdleTimeout property within IIS

You may need to check what your timeout is configured for within IIS, as this timeout will override the timeouts defined in your web.config.

Within IIS there is a setting called Idle Timeout, which defaults at 20 minutes. This could explain your early timeout issue and you may want to consider adjusting this property within IIS. Based on your issue, this could likely be the culprit :

Configuring the IdleTimeout property within IIS

Scott Hanselman also addresses strange issues that can occur when dealing with timeouts when using Forms Authentication in this blog post as
well.

how?

using windows authentication

If you’re using windows auth then the user will always be authenticated.

so just clear cookies will work?

Windows auth isn’t cookie based so clearing cookies won’t do anything, you can’t log the person out, and there is no "login" screen, they are automatically authenticated before they even hit your code.

[RESOLVED]MVC multi-tenant design

December 5, 2014Authorization, Login, Table, Web FormsAuthorization, Login, Table, Web Formsadmin

I am trying to use ASP.NET Identity 2.0 in current project and would like take advantage of claims management in ASP.net identity modules.

I have a multi-tenant application, where users of any tenant can be invited access the data of any other tenant by the tenant’s admin using email address.

Once user receives an invitation email then user is prompted to create a password if he is not current application user, if the invitee is a current user then he can login and the tenant will added to his tenant list that user can use.

From the list user can click on any tenant to update the data. While using a tenant user can switch to another tenant using a dropdown list without re-entering credentials.

I am somewhat puzzled what is the best way to go about tackling this situation, thanks.

As you know Authentication and Authorization are two different things. So for your multi-tenant application have same authentication for all sites. That means while authenticating user you will not check which tenant the user belongs to.

Once user is authenticated, check what tenant user is accessing (tenantID can be passed as query string). If the user is not authorized show an error page. Now shifting from one tenant to another is just changing the query string parameter. So on the drop
down list change pass the new tenant id and user if he has access to that tenant should be able to see the corresponding tenant data.

Thank you, this is very helpful.

Do you have any link to similar example so I can explore it more?

Many thanks!

Another approach (may be a hack approach) is treat each site (tenant) as a role. ASP.NET Membership providers provide role based (tenant based) authorization. A user can have multiple roles. If you go with this approach you can find several examples online.

Thank you very much Subsidiary question,

since I am creating the multi tenant app, where a user has a role in a tenant,

so created table with three Id’s (I changed default int type from Guid.tostring).

tenantId,UserId and RoleId, called it TenantUserRole.

What it checks if a user is in tenant and what is its role.

Is there any possibility to extend default methods to take additional parameter of tenantId to create row in TenantUserRole, like currently Identity 2.0 offers out of box following method

Microsoft.AspNet.Identity.UserManager.AddToRoleAsync(TKey userId, string role)

can we change/extend it to take additional paramter of tenantId so it looks as following

Microsoft.AspNet.Identity.UserManager.AddToRoleAsync(TKey userId, string role, int TenantId)

Thank you.

Is your UserId unique across all tenants. In that case you can use the existing Identity provider without the tenanted.

Once user is authorized you can fetch the tenant user belongs and load that application.

Thank you, yes correct UserId is unique across all tenants.

I will give it another shot and will update you as well many thanks.

You might want to take a look at some of the following resources, which detail implementing multi-tenancy within an MVC environment :

These each range in complexity but might be worth exploring if you are targeting multiple tenants or implementing a SAAS-type application.

[RESOLVED]want to access returnurl details

December 5, 2014Controller, Login, Web FormsController, Login, Web Formsadmin

this page is redirected to login page

http://www.nextdhoom.com/Jobs/details/3253

http://www.nextdhoom.com/home/Login?ReturnUrl=%2fJobs%2fdetails%2f3253

now i want access controler name and method name and id details

like jobs

details and id which is 3253

how do i do that

got it its regex

Regex regex = new Regex("^/(?<Controller>[^/]*)(/(?<Action>[^/]*)(/(?<id>[^?]*)(/?(?<QueryString>.*))?)?)?$");
Match match = regex.Match(returnUrl);

            var a= match.Groups["Controller"].Value;
            var b=match.Groups["Action"].Value;
            var id = Convert.ToInt32(match.Groups["id"].Value);
            var d=match.Groups["QueryString"].Value;

HI,

Good work, i had problem once, fixed more traditional way like string functionality,

Regex regex = new Regex("^/(?<Controller>[^/]*)(/(?<Action>[^/]*)(/(?<id>[^?]*)(\?(?<QueryString>.*))?)?)?$");
Match match = regex.Match(returnUrl);
var fromController = match.Groups["Controller"].Value; // get from controller name.
var fromAction = match.Groups["Action"].Value; // get action name.
var id = Convert.ToInt32(match.Groups["id"].Value); // get first value of query string
var d = match.Groups["QueryString"].Value;// get next query string.

While use’s entered specific url with respective id(query string), then first go and check if user has an authorize, build model data( querystring value : pass and get specific model data’s), and return into requested page.

Thanks,

Jai.

[RESOLVED]Timer rebind webgrid

December 5, 2014AJAX, CSS, HTML, Image, Jquery, Login, Menu, PlaceHolder, Post, Table, Timer, View, Web FormsAJAX, CSS, HTML, Image, Jquery, Login, Menu, PlaceHolder, Post, Table, Timer, View, Web Formsadmin

How would I rebind data to a webgrid with a javascript timer in mvc 4 ?

Her is my page:

@model DashboardBucks.Models.IndexViewModel
@{
Layout = null;
WebGrid grid = new WebGrid(Model.dashReport,canPage:false);
WebGrid grid2 = new WebGrid(Model.groupBridge,canPage:false);
}
<!DOCTYPE html>

<html>
<head>
<script type="text/javascript" src="~/JS/jquery-1.10.2.js"></script>
<script type="text/javascript" src="~/JS/JsFunctions.js"></script>
<script type="text/javascript" src="~/JS/placeholders.min.js"></script>
<script type="text/javascript" src="../Styles/Menu/swimbi.js"></script>
<link href="../Styles/Menu/swimbi.css" rel="Stylesheet" type="text/css" media="screen" />
<link href="~/Styles/StyleSheet.css" rel="Stylesheet" type="text/css" media="screen" />
<meta name="viewport" content="width=device-width" />
<script type="text/javascript">
window.onload = setInterval(function () { document.getElementById("Button1").click(); }, 5000);<!– I WAS CALLING A AJAX FUNCTION TO REBIND BUT IT DOESNT REFRESH THE WEB GRID–>
</script>
<title>Dashboard</title>
</head>
<body onload="GetParValue()" style="background-color: white; width: 99%;">
<div align="center">
@using (@Html.BeginForm("LoginResult", "User", FormMethod.Post))
{
<table style="width: 100%;">
<tr>
<td>
<img src="~/Styles/Images/LogoDash.png" class="" />
</td>
<td>
<div align="right" class="placement">
<img id="flagImg" src="" class="flag" />
</div>
</td>
</tr>
</table>

</ul>
</li>
<li id="lilast" style="margin-right: 25px;"><a data-icon="&#xf024" href="#"> Country</a>
<ul>

</div>
<div>
</div>
</div>

}

<table style="width: 70%; vertical-align:top;">
<tr>
<td style="width: auto; vertical-align:top;">
<div id="gridContent" style="padding: 20px; width: 100%; font-family: Trebuchet MS, Arial, Helvetica, sans-serif;">
<div style="border-collapse: separate; border: solid 1px #ffba36;">
<div align="Left" style="padding: 7px; font-family: Trebuchet MS, Arial, Helvetica, sans-serif; color: #6c5d45; border-bottom: solid 1px #6c5d45;">
TABLE 1
</div>
@grid2.GetHtml(tableStyle: "webgrid-table",
headerStyle: "webgrid-header",
footerStyle: "webgrid-footer",
alternatingRowStyle: "webgrid-alternating-row",
selectedRowStyle: "webgrid-selected-row",
rowStyle: "webgrid-row-style",
columns: new[]{
grid2.Column("Name"),
grid2.Column("ReOffer"),
grid2.Column("Total"),
grid2.Column("VoiceContract")
})
</div>
</div>
</td>
<td style="width: auto; vertical-align:top;">
<div id="gridContent" style="padding: 20px; width: 100%; font-family: Trebuchet MS, Arial, Helvetica, sans-serif;">
<div style="border-collapse: separate; border: solid 1px #ffba36;">
<div align="Left" style="padding: 7px; font-family: Trebuchet MS, Arial, Helvetica, sans-serif; color: #6c5d45; border-bottom: solid 1px #6c5d45;">
TABLE 2
</div>
@grid.GetHtml(tableStyle: "webgrid-table",
headerStyle: "webgrid-header",
footerStyle: "webgrid-footer",
alternatingRowStyle: "webgrid-alternating-row",
selectedRowStyle: "webgrid-selected-row",
rowStyle: "webgrid-row-style",
columns: new[]{
grid.Column("Description")
,grid.Column("ItemCount"),
grid.Column("ItemValue"),
grid.Column("ProjectedValue"),
grid.Column("TargetValue")
})
</div>
</div>
</td>
</tr>
</table>
<input type="button" id="Button1" value="Manual Refresh" onclick="bindTable()" />
</div>
<div align="center" class="lowHeader">
<p>GetBucks © 2014</p>
</div>
</body>
</html>

Hi garethcarver,

For this requirement, you could create a partial view to generate the grid, then using AJAX (in your timer function) to load that data and display it or replace old data..

Best Regards

Starain Chen

[RESOLVED]Identity 2.0: Disassociating external account when no other account exists

December 5, 2014Login, Post, View, Web FormsLogin, Post, View, Web Formsadmin

I noticed that when a user creates an account on your web app using an external service such as facebook or google, no password hash is saved. This makes sense due to the fact that they are connecting with another resource; however, what happens if a user
wishes to remove a facebook connection when that is his only connection? Looking at the Disassociate method I do not see any reference to another view to direct the user to create a password to continue using the site.

[HttpPost]
        [ValidateAntiForgeryToken]
        public async Task<ActionResult> Disassociate(string loginProvider, string providerKey)
        {
            ManageMessageId? message = null;
            IdentityResult result = await UserManager.RemoveLoginAsync(Guid.Parse(User.Identity.GetUserId()), new UserLoginInfo(loginProvider, providerKey));
            if (result.Succeeded)
            {
                var user = await UserManager.FindByIdAsync(Guid.Parse(User.Identity.GetUserId()));
                await SignInAsync(user, isPersistent: false);
                message = ManageMessageId.RemoveLoginSuccess;
            }
            else
            {
                message = ManageMessageId.Error;
            }
            return RedirectToAction("Manage", new { Message = message });
        }

What is the common practice in this scenario? I am thinking about making the user create a new password before disassociating his external account.

Hi Man_Cat,

Base on the template project, the feature of disassociate external account is used for the current user has password (PasswordHash!=null) or has more than one linked accounts. So if the user just has only one linked account, he can’t disassociate external
account. We need to associate local account (set password), then disassociate external account.

We could modify the code to achieve to disassociate external account if he don’t has password. After that, that user’s account record is not used. So we can delete that account (base on detail requirement, e.g. manage user’s information by administrator).

Best Regards

Starain Chen

Most app show a password ui after authentication with Facebook, Twitter, etc and make it required so that user can easily (dis)associate as many social providers as they want.