Anas Ghanem

while working with Forms Authentication and Membership services , if the user selects " remember me " check box in the login dialog ,the runtime will create a persistent authentication  cookie for him, the persisted cookie is responsible to keep the user logged in for a specified period(even he closed his browser) ,and the default period is 30 minutes in .Net 2.0 or later , and you can change it  to some value lets say 50 minutes  as follows :

in web.config file  :

<authentication mode="Forms">
  <forms timeout="50"></forms>
</authentication>

Now the problem comes if the administrator deleted the user from the Membership users , the user still authenticated and can access your site !

to override this behavior , you need to check the user existence upon request , and redirect the user to login page if he is not exists ,

to accomplish this , you can use HttpModule that intercept the user request .

the following are the HttpModule :

and you need to register it in web.config file as follows:

<httpModules>
  <add name="checkUserStatus" type="checkUser"/>
</httpModules>

Of  course this solution will slow your website , because it will add one extra database call for every request ...

Regards,

Anas Ghanem

The profile services is a very helpful and easy way to add custom properties for your users which is  not contained in the Standard MembershipUser Properties...

for example , you may need to add the Marital status , Date of Birth, Address.... all of these are custom properties that you may need them while developing your projects ...

If you are familiar with Profile .. you will know that the first thing that must done when working with profiles is to set the Profile properties in web.config File ,

for example ,you can add  the Date of Birth, address, Marital status for the user profile as follows,

<profile>
  <properties >
    <add name="DateOfBirth" type="DateTime"/>
    <add name="Address" type="String"/>
    <add name="MaritalStatus" type="String"/>
  </properties>
</profile>

after saving the file , and working under a website project ,

you will notice that if you  typed profile in the page code behind , you will see the properties  generated for you as in the picture below:

this happened because the Visual studio created a new class called ProfileCommon Thats inherits ProfileBase , and adds the new properties to it ..

Note that visual studio will always update that class when you change the Profile properties in web.config ...

Now , if you are working with web application projects , you will notice that adding the Profile properties to web.config will not add any properties to Profile object in the code behind of the page.... this is because Visual studio doesn't generate a profileCommon class ...

instead you need to access the properties using  ProfielBase.GetPropertyValue(PropertyName)

for example , to access the DateOfBirth property , you need to use this code

Dim DOB As DateTime = CDate(HttpContext.Current.Profile.GetPropertyValue("DateOfBirth"))

In this post , I talked about the Differences in Profile  between the normal website and WAP projects  , Note that there is a lot of other differences between them, for example ,

when working with resource files , the website will provide a strong typing for resources properties which is also handled by Visual studio ...

Regards,

Anas Ghanem

Hi,

While working with login control , you may need to redirect each user for a different page based on there roles.To do this , you can handle the LoggedIn event of login control( which will be  fired after the user logged in successfully)

protected void Login1_LoggedIn(object sender, EventArgs e)
{
// please don't use User.IsInRole here , because it will not be populated yet at this stage.

if (Roles.IsUserInRole(Login1.UserName, "Admins"))
Response.Redirect("~/Admins/Default.aspx");
else if (Roles.IsUserInRole(Login1.UserName, "Editors"))
Response.Redirect("~/Editors/Default.aspx");
}

Regards,

Anas Ghanem