Ask a Question related to ASP.NET Security, Design and Development.
-
John Childress #1
Security Application Block
Anyone using the Security Application Block from the Enterprise Library?
I have a rather embarassing situation where I've setup the database and
configured my application to use this block. I have added users to the database
using a web form, but I am unable to login using any of the new users I've
created.
Here is how I'm creating the user:
public bool addNewUser(string username, string password, string firstName,
string lastName, string email)
{
byte[] encryptedContents;
encryptedContents = SHA1Managed.Create().ComputeHash(ASCIIEncoding.ASC II.GetBytes(password));
// Create an instance of the database object
Database database = DatabaseFactory.CreateDatabase();
// Create the wrapper
DBCommandWrapper addNewUserWrapper = database.GetStoredProcCommandWrapper("AddNewUser") ;
// Setup the parameters
addNewUserWrapper.AddInParameter("@username", DbType.String, username);
addNewUserWrapper.AddInParameter("@password", DbType.Binary, encryptedContents);
addNewUserWrapper.AddInParameter("@firstname", DbType.String, firstName);
addNewUserWrapper.AddInParameter("@lastname", DbType.String, lastName);
addNewUserWrapper.AddInParameter("@email", DbType.String, email);
// Execute the query
database.ExecuteNonQuery(addNewUserWrapper);
return true;
}
Then in my login page I try to authenticate with the following:
private void btnLogin_Click(object sender, System.EventArgs e)
{
if(Page.IsValid)
{
// Get the provider to authenticate with
IAuthenticationProvider authenticationProvider = AuthenticationFactory.GetAuthenticationProvider("D atabase
Provider");
// An identity for later use
IIdentity identity;
byte[] passwordBytes;
passwordBytes = ASCIIEncoding.ASCII.GetBytes(txtPassword.Text);
// Create the credentials
NamePasswordCredential credentials = new NamePasswordCredential(txtUsername.Text,
passwordBytes);
// authenticate
if(authenticationProvider.Authenticate(credentials , out identity))
{
// log the users access time
logUserAccessTime(txtUsername.Text);
// Authorize and redirect the user
System.Web.Security.FormsAuthentication.RedirectFr omLoginPage(identity.Name,
false);
}
else
{
lblError.Visible = true;
lblError.Text = "Login failed.";
}
}
else
{
lblError.Visible = true;
lblError.Text = "Login failed. Page is not valid.";
}
}
I always get "Login failed." for my error...
Any suggestions?
thanks,
John
John Childress Guest
-
How to deal with the second security header block with WSE2?
My scenario is that one client need make soap request and send some information to a soap server1, signed by its X509 cert. Inside of the request... -
Exception manegement application block can't write to Windows server 2003
Hi, I have posted a similar question to ASP.Net newsgroup but I found the "EMAB, Impersonation and Event log" question here and decided to ask my... -
Security concern to block Win32 API in ASP.NET?
Hello, I have to call the Win32 API such as PostMessage and CreateNamedPipe through my ASP.NET pages (.aspx) directly, but all return is no... -
Data Access Application Block ?
Hi everybody Is it possible to use data Access Application Block without having VS.NET ? Yhanks in advance Raja -
find physical blocks/disks, mapped from Oracle file# and block#, block corruption
Hello "lopera" <prlopera@techie.com> schrieb im Newsbeitrag news:3E1C7C00.9090402@techie.com... I think that we need a bit more data here.... -
Dominic Morin #2 Re: Security Application Block
Because the NamePasswordCredential class use
Encoding.Unicode.GetBytes internally to encode, you have to use
Encoding.Unicode.GetBytes and not ASCIIEncoding.ASCII.GetBytes.
Dominic
--
POST BY: [url]http://www.dotNET.us[/url] - Need .NET? Just ask, Please dotNET.us
Dominic Morin Guest
Reply With QuoteSimilar Questions and Discussions
Posting Permissions
- You may not post new threads
- You may post replies
- You may not post attachments
- You may not edit your posts
