I created a website in ASP 2.0/c# that connects to an Access 2000 database. Currently I have 4 pages that people can view without logging in, which are reports that post marathon race results. Only one maybe two people will actually ever have to log in to enter the race data.
For the login I created a form that asks for user name and password. Then I do a sql query to see if that matches the information in the database. If it does it grabs their role which would be admin.
Here is my code for this: -
protected void Button1_Click(object sender, EventArgs e)
-
{
-
if (txtUser.Text != "" && txtPassword.Text != "")
-
{
-
OleDbConnection conn = new OleDbConnection("Provider=Microsoft.Jet.OLEDB.4.0;data source=" + Server.MapPath("~/App_Data/pfrpc.mdb"));
-
OleDbCommand cmd = new OleDbCommand("select RunnerID, Role from Runner WHERE UserName = @UserName and Pass = @Password", conn);
-
-
cmd.Parameters.Add("@UserName", OleDbType.VarChar, 50);
-
cmd.Parameters["@UserName"].Value = txtUser.Text;
-
cmd.Parameters.Add("@Password", OleDbType.VarChar, 50);
-
cmd.Parameters["@Password"].Value = txtPassword.Text;
-
-
conn.Open();
-
-
OleDbDataReader reader = cmd.ExecuteReader();
-
string test = "";
-
if (reader.Read())
-
{
-
Session["userRole"] = reader["Role"];
-
Session["RunnerID"] = reader["RunnerID"];
-
-
test = Session["userRole"] + "";
-
-
-
if (test == "admin")
-
{
-
Response.Redirect("RaceTimes.aspx");
-
}
-
-
}
-
else
-
{
-
lblError.Text = "Invalid Login";
-
}
-
reader.Close();
-
conn.Close();
-
-
}
-
else
-
{
-
lblError.Text = "You must fill in both the username and password fields";
-
}
-
-
}
-
Once the session variable is equal to admin the other pages become available. By default in all of the admin pages the controls are not visible and if the session variable is equal to admin it will make the items visable. Here is a sample of one of the pages: -
string test = Session["UserRole"] + "";
-
-
//verifies if user logged in
-
-
if (test == "admin")
-
{
-
txtMinutes.Visible = true;
-
txtSeconds.Visible = true;
-
txtYear.Visible = true;
-
ddlBibNum.Visible = true;
-
ddlRace.Visible = true;
-
lblBibNum.Visible = true;
-
lblMinutes.Visible = true;
-
lblSeconds.Visible = true;
-
lblYear.Visible = true;
-
lblRaceNum.Visible = true;
-
btnSave.Visible = true;
-
-
}
-
else
-
{
-
lblError.Text = "You must login to have access to this page!";
-
}
-
Anyways this works on my pc through development but after I put these files on a server (which is on a free hosting server that I am using for testing) it times out really fast. After about 30 seconds to a minute my session loses that it is an admin and the pages tell me that I am not an admin anymore. Any thoughts on this? Are session variables the best way to go in this case? Hopefully I provided enough code for you to have an understanding of what I am trying to do. Any help would be much appreciated!
Thanks!
Aug 6 '07
16  2054  Plater 7,872
Recognized Expert Expert
The Session Timeout and InProc settings are in the IIS management controls, which, you probably don't have access to since you're hosted.
Check with your host, and if they're not already there, have them set the Session Timeout to like 15-20mins (or whatever) and make sure it's set to "InProc".
That might not help, but it's good to check.
My settings:
Session State Mode: "InProc"
Cookieless mode: "UseCookies "
Session Timeout(inutes) : "20"
Hmm, is your session cookie being set and passed correctly between pages? That could cause the problem you are seeing as well.
Hello again,
Thanks for everyone's help on this. I contacted the host provider and got a generic message stating to check the tech support page which sucks. So I replied with a more specific question. Lets see if they get back to me with a real answer or not.
Either way I plan on looking into the form authentication this weekend. I have other things going on that I can't spend alot of time on it until then. If I run into anymore problems I will post again.
Thanks!
Well I sort of got the form authentication working except for 1 thing. My sitemaps. I have 2 sitemaps, 1 for anyone and 1 for admins. I don't want the admin sitemap to be visible until the admin logs in. I read to do this I could use securityTrimmin gEnabled="true" . This does hide the second sitemap but it doesn't bring it back when I log in. I don't know what I am doing wrong here. I know my security is working because if I take out that line the site map appears and if those links are clicked it redirects to the login page. Once logged in those pages are accessible. Any thoughts?
Here is my webconfig: -
<?xml version="1.0"?>
-
-
<configuration>
-
<appSettings/>
-
<connectionStrings/>
-
<system.web>
-
<roleManager enabled="true" />
-
<pages theme="purple"/>
-
-
<compilation debug="true">
-
<assemblies>
-
<add assembly="System.Windows.Forms, Version=2.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/>
-
<add assembly="System.Security, Version=2.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"/>
-
<add assembly="Accessibility, Version=2.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"/>
-
<add assembly="System.Runtime.Serialization.Formatters.Soap, Version=2.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"/>
-
<add assembly="System.Deployment, Version=2.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"/></assemblies></compilation>
-
-
<authentication mode="Forms" />
-
-
-
<siteMap defaultProvider="AspNetXmlSiteMapProvider"
-
enabled="true">
-
<providers>
-
<add siteMapFile="~\web.sitemap" name="MyXmlSiteMapProvider" type="System.Web.XmlSiteMapProvider" />
-
<add siteMapFile="~\web2.sitemap" name="MyXmlSiteMapProvider2" type="System.Web.XmlSiteMapProvider" />
-
-
</providers>
-
</siteMap>
-
-
-
</system.web>
-
</configuration>
-
Here are my sitemaps (admin): -
<?xml version="1.0" encoding="utf-8" ?>
-
<siteMap xmlns="http://schemas.microsoft.com/AspNet/SiteMap-File-1.0" >
-
<siteMapNode url="" title="" description="">
-
-
<siteMapNode url="admin\ChangePassword.aspx" title="Change Password" description="Change User Name or Password" />
-
<siteMapNode url="admin\NewRunner.aspx" title="New Runner" description="Add New Runners" roles="Administrator"/>
-
<siteMapNode url="admin\UpdateRunner.aspx" title="Update Runner" description="Update Runner information" roles="Administrator"/>
-
<siteMapNode url="admin\RaceTimes.aspx" title="Enter Race Times" description="Enter Race Times" roles="Administrator"/>
-
<siteMapNode url="admin\EditTimes.aspx" title="Edit Race Times" description="Edit Current Year Race Times" roles="Administrator"/>
-
<siteMapNode url="admin\RegisterRunner.aspx" title="Register Runners" description="Register Runners for the year" roles="Administrator"/>
-
<siteMapNode url="admin\RegisteredRunners.aspx" title="List of Registered Runners" description="List of Registered Runners" roles="Administrator"/>
-
-
-
</siteMapNode>
-
</siteMap>
-
NON ADMIN: -
<?xml version="1.0" encoding="utf-8" ?>
-
<siteMap xmlns="http://schemas.microsoft.com/AspNet/SiteMap-File-1.0" >
-
<siteMapNode url="" title="" description="">
-
-
<siteMapNode url="age.aspx" title=" Race Times by Sex/Age" description="Report of Race times sorted first by Sex, then Age groups" />
-
<siteMapNode url="individual.aspx" title="Individual Race Times" description=" Race Times for each individual runner" />
-
<siteMapNode url="Overall.aspx" title="All Marathon Totals" description="Report of overall Marathon Progress" />
-
<siteMapNode url="OverallbyAge.aspx" title="Marathon Totals by Sex/Age" description="Report of overall Marathon Progress by Sex/Age" />
-
<siteMapNode url="http://www.pfrpc.com" title="PFPRC Home" description="Park Forest Running and Pancake Club Home Page" target="_blank"/>
-
<siteMapNode url="http://www.pfrpc.com/about-us.html" title="About PFPRC" description="About the Park Forest Running and Pancake Club" target="_blank"/>
-
<siteMapNode url="http://www.pfrpc.com/contact-us.html" title="Contact Us" description="Contact the PFRPC" target="_blank"/>
-
-
-
</siteMapNode>
-
</siteMap>
-
HERE IS MY MASTERPAGE: -
<%@ Master Language="C#" AutoEventWireup="true" CodeFile="MasterPage.master.cs" Inherits="test" %>
-
-
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-
-
<html xmlns="http://www.w3.org/1999/xhtml" >
-
<head runat="server">
-
<title>Untitled Page</title>
-
</head>
-
<body>
-
<form id="form1" runat="server">
-
<!-- Header -->
-
<div class="Header">
-
<asp:Image ID="Image1" runat="server" ImageUrl="~/images/title.png" AlternateText="PFRPC Progressive Marathon" Width="750px" /> <br />
-
-
</div>
-
-
<!--Menu-->
-
<div class="Menu">
-
<asp:SiteMapDataSource id="NotLoggedInSiteMap" runat="server" ShowStartingNode="false" SiteMapProvider="MyXmlSiteMapProvider2" />
-
<asp:HyperLink ID="hlHome" runat="server" NavigateUrl="~/Default.aspx">Home</asp:HyperLink><br />
-
<asp:HyperLink ID="hlLogin" runat="server" NavigateUrl="~/login.aspx">Admin Login</asp:HyperLink>
-
<asp:HyperLink ID="hlLogout" runat="server" NavigateUrl="~admin/LogoutSuccess.aspx" Visible="False">Logout</asp:HyperLink>
-
<asp:Menu ID="NotLoggedInMenu" runat="server" DataSourceID="NotLoggedInSiteMap" OnMenuItemDataBound="NotLoggedInMenu_MenuItemDataBound">
-
-
</asp:Menu>
-
</div>
-
-
<!-- Menu -->
-
<div class="Menu2">
-
<asp:SiteMapDataSource id="LoggedInSiteMap" runat="server" ShowStartingNode="false" SiteMapProvider="MyXmlSiteMapProvider" />
-
<asp:Menu id="LoggedInMenu" runat="server" DataSourceID="LoggedInSiteMap" Visible="true" ></asp:Menu>
-
-
-
</div>
-
MASTERPAGE CODE BEHIND: -
public partial class test : System.Web.UI.MasterPage
-
{
-
protected void Page_Load(object sender, EventArgs e)
-
{
-
-
}
-
-
protected void NotLoggedInMenu_MenuItemDataBound(object sender, MenuEventArgs e)
-
{
-
-
e.Item.Target = ((SiteMapNode)(e.Item.DataItem))["target"];
-
}
Never mind. I think I got it working. The next step is to upload it to the server and see if it works!
Well I uploaded it to the server and it isn't working. This is quite frustrating!
When I go to log in I just get an application runtime error. Any thoughts on why??
I am going to email them back about this.
This was the web hosts answer:
Dear Customer,
Thank you for your inquiry regarding your account(s).
Free sites are hosted in busy environment. They are
hosted in Application pools where many others sites
are hosted too. The application pools have a limit on
amount of memory they can use. After reaching the
memory limit application pool will recycle causing a
reset of session variables among other things.
If sites that have a memory leaks are hosted with your
site in the same application pool you'll experience a
problem you've described.
Without complicated investigation we cannot detect a
sites with severe memory leaks. An we do not
investigate this sort of problems on our servers with
free hosting plans.
There are however many web servers with hundreds of
application pools where you can host you site.
To workaround the issue: Delete your site wait 5
minutes, and then register it again.
-----------------------------------------------
I guess I can try that but after getting form validation to work I see how much nicer and secure it is. I don't want to go back...
Any thoughts or suggestions would be much appreciated!
Never mind, I think I figured it out. Since using the form authentication creates a sql database I think that is my problem. My free webhost doesn't support sql databases, only access databases.. Fun...
Thanks for the help!
Frinavale 9,735
Recognized Expert Moderator Expert
Never mind, I think I figured it out. Since using the form authentication creates a sql database I think that is my problem. My free webhost doesn't support sql databases, only access databases.. Fun...
Thanks for the help!
That's to bad about the database.
You can customize your Forms Authentication to not use a database by creating a custom Membership object.
Or
More simply you could use the web.config file to store your user information instead of a database!
Sign in to post your reply or Sign up for a free account.
Similar topics | |
by: Larry Woods |
last post by:
I have a site that works fine for days, then suddenly, I start getting ASP
0115 errors with an indication that session variables IN SEPARATE SESSIONS
have disappeared!
First, for background information, I have a customized 500-100 page that
sends the value of various session variables via email to my support site.
The situation:
On the home page of the site, the FIRST THING that is done is a Session
|
by: Al Jones |
last post by:
This is a repost form the vbscript newgroup - if this isn't the appropriate
group would you point me toward one that is.
Basically, I seem to be losing session data part way though preparing an
email from (possibly) three seperate forms.
the following code is the end of a routine which stashes data from the first
form
off to session variables and then redirects itself to the proper form /
procedure depending upon the state of two...
|
by: Paul H |
last post by:
Hi there
I'm having a problem where I'm losing Session variables as soon as they've
been set up.
The user logs onto the system, the system sets some Session variables, and
redirects to a menu page. The menu page checks the Session variables, can't
find them, and asks the user to log in again - the second login is successful.
Has anyone seen this before, and do you know what I should do about it?
|
by: bennett |
last post by:
In the web.config file for my application, in the <sessionState>
section I have set timeout="120" (in minutes), but session state
variables in my application seem to be expiring in about 5 minutes.
Any idea what could cause this?
I have the mode="InProc" attribute set for <sessionState>. I know that
some people have solved the problem of session variables timing out too
quickly by changing that attribute, but I cannot use...
|
by: tshad |
last post by:
I have been using the default session state (InProc) and have found that I
have been loosing my information after a period of time (normally 20
minutes).
Is there anyway to find out how much more time I have on a session?
If I do a refresh, does reset the session clock?
Do you have have to go to another page to reset the session timeout or will
a postback also do it? This is important as we have a few pages that a user
| | |
by: Phillip N Rounds |
last post by:
I'm writing a user control which has two states: Active & InActive. I
additionally am required that there to be only one active control per page,
and all logic has to be contained within the control.
In its inactive state, only a single button appears. If the user clicks on
this button, the control becomes active( the rest of the control's
functionality becomes visible), and all other instances of this user control
on the page should...
|
by: Not Me |
last post by:
Hi,
I have a set of pages that use forms authentication for access. There
are times when one of the session objects I'm using appears to
disappear. The session is not timing out, however. (if I go to a page
that doesn't use that specific object it works fine and I'm not
redirected to the login page)
Apologies if I'm using the incorrect terminology.. the session object
I'm using is a class of my own, which features several private...
|
by: MrHelpMe |
last post by:
Hello again all,
I've finished my whole application and now I don't like the whole
session variables that I am using. I have a form, user fills in info
clicks submit and using CDOSYSMail an email link gets created with an
encoded query string. i.e
http://www.yahoo.ca?#$@%@&#%#$@&^@%# which translates into
http://www.yahoo.ca?userID=54&LocationID=Denver.
Now when the user get's this email and clicks on the link I have a
|
by: Nathan Sokalski |
last post by:
I have a page that uses Session variables when generating the SQL statements
used to submit and retrieve data from a database. However, because I don't
know how long the user will be on the page, setting the Session.Timeout
property doesn't help me avoid errors (I can obviously set the value to a
very high value, but that still doesn't completely solve the problem). Is
there any way for me to avoid the Session timing out? Thanks.
--...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it.
First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed.
This is as boiled down as I can make it.
Here is my compilation command:
g++-12 -std=c++20 -Wnarrowing bit_field.cpp
Here is the code in...
| | |
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
|
by: conductexam |
last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one.
At the time of converting from word file to html my equations which are in the word document file was convert into image.
Globals.ThisAddIn.Application.ActiveDocument.Select();...
|
by: TSSRALBI |
last post by:
Hello
I'm a network technician in training and I need your help.
I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs.
The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols.
I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
|
by: adsilva |
last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
|
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
|
by: muto222 |
last post by:
How can i add a mobile payment intergratation into php mysql website.
| | |
by: bsmnconsultancy |
last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...
| |
