kahanu / security-guard Goto Github PK

If you have a general model error on login or registration, it doesn't get shown, because you're using Redirect instead of calling View(). I have modified my local code to do so, which also requires you to refresh the model again.

MVC Mailer https://github.com/smsohan/MvcMailer/ is a much better approach to send e-mails and it could be easily integrated in this project! :)

vcMailer provides you with an ActionMailer style email sending NuGet Package for ASP.Net MVC 3. So, you can produce professional looking emails composed of your MVC master pages and views with ViewBag.

I am using SecurityGuard in one of my applications and for a consistent look and feel, I customized the _SecurityGuardLayoutPage.cshtml with the layout and styles that I wanted to use. Well viewing the roles in security, I found that every time that I selected a role in the drop-down list, my navigation would disappear. So I looked at the source code and found that in the Views\Roles\Index.cshtml, there is a client-side javascript method "OnGetUsersInRolesSuccess()" that has a call to:

$("li").remove();

This will remove all

Hi,

I already added a user in "SecurityGuard" role but when I try to access something at SecurityGuard area (Dashboard, Membership and Role) I'm redirected to login page.

Do you know what are happening?

Thanks.

UserCase: 1) user registers an account with his mail [email protected] in UserName field.
2) I can't to visit a page with url like http://host/SecurityGuard/Membership/Update/hell--00%40mail.ru
I got a 404 not found page.
A '@' symbol is restricted and it has encoded. Later In a controller 'Membership' a string(hell--00%40mail.ru) would decoded to [email protected] before quering a user.
The second solution is to restrict usernames which looks like email at all.

MembershipProvider is an abandoned system now; Microsoft is now pushing their ASP.NET Identity solution (http://asp.net/identity).

SecurityGuard still looks to be the most complete user management system available right now for ASP.NET MVC. But unfortunately it's not particularly useful for greenfield projects where ASP.NET Identity is used instead of MembershipProvider.

Are there plans to make a migration? (It may require a rewrite of most of the back-end.)

I noticed today that I could create a user even if I didn't match the passwords. It appears it is checking it at some level because I was able to fix it by adding this to the top of MembershipController.CreateUser:
if (model.Password != model.ConfirmPassword)
return View(model);
I didn't have to set an error message because when it renders the view it puts in a message indicating that the passwords don't match.

Note: I am not using the latest version from NuGet. I customized it way too much to be able to update from NuGet. Forgive me if this is something you've already fixed. I checked the issue list and didn't see it in there.

I had some problems with bad user-links below "Users In Role" in /SecurityGuard/Role

I think this is because I'm using a virtual directory.

I changed line 223 in \Areas\SecurityGuard\Views\Role\Index.cshtml from:

ul.append("<li><a href=\"/SecurityGuard/Membership/Update/" + item + "\">" + item + "</a></li>");

to:

ul.append("<li><a href=\"Membership/Update/" + item + "\">" + item + "</a></li>");

Not sure if this will work in all cases but hope that helps.

Currently it returns 20:

public System.Web.Security.MembershipUserCollection GetAllUsers()
{
    int totalRecords;
    return membershipProvider.GetAllUsers(0, 20, out totalRecords);
}

I'm experiencing one compilation issue with Security Guard 1.0.3, after having installed it into my ASP.NET MVC 4 (RC) project via NuGet. In ChangePasswordViewModel.cs and RegisterViewModel.cs, the CompareAttribute references are ambiguous since they can be resolved to either System.ComponentModel.DataAnnotations or System.Web.Mvc. I take it the intended namespace is System.Web.Mvc?

Hi
I have installed MVCInstaller and Security-Guard.
When I go to url http://localhost:3156/SecurityGuard I am redirected to http://localhost:3156/SGAccount/Login?ReturnUrl=%2fSecurityGuard
there I enter my administrator password again just to be redirected again to the above url.

When completing forgot password. If the user enters an unregistered email address then the application errors. The ForgotPassword action should do something like this:

        [HttpPost]
        public ActionResult ForgotPassword(ForgotPasswordViewModel model) {

                  // Get the userName by the email address
                  string userName = membershipService.GetUserNameByEmail(model.Email);

                  // confirm that the username is not null i.e. the username was found by email.
                  if(!string.IsNullOrEmpty(userName)) {

                           // Get the user by the userName
                           MembershipUser user = membershipService.GetUser(userName);

                           // if(user != null) {

                                    ..... execute the code as normal
                          }
                   }
         }

Hi Kahanu,
I having error when i click Create User.

Unhandled exception at line 16, column 28705 in http://localhost:54793/Content/SecurityGuard/scripts/jquery-1.6.1.min.js

0x80020003 - JavaScript runtime error: Member not found.

Only happen for IE 10 and google Chrome working fine. Hope you can guide me.Thanks

I'm using SecurityGuard.MVC4 1.0.3 in combination with ASP.NET MVC 4. As a test, I logged in as admin and via the Security Guard dashboard I removed myself from the 'Administrator' role (having renamed the 'SecurityGuard' role to this), before I then tried to re-grant the role to myself. This led to an error in Security Guard, where I was prompted with a dialog notifying me of a syntax error: '<'. So I refreshed the page, and I was no longer in the Administrator role, and correspondingly I was denied access to the Security Guard dashboard.

Do you think there should be some sane way of handling this scenario in Security Guard? For instance, deny removing the last administrative user (in whichever role authorizes access to Security Guard) or ask for confirmation that you're sure you wish to remove yourself from the role in question?

Dear kahanu
i used the security guard in my mvc3 application
it works good in my vs2010 , after i published the application and try to test in my iss i understand that when i want to view security guard area in my website it tries to ceate a sqlexpress database , i checked my project and see the App_Data foldr with a ASPNETDB.MDF named file,i copied this file in my iss and the website works fine!
now i upload this application to a windows server 2008 R2 host and an error occur,this error is about the sqlExpress, i want to know is there any way to force SG not to create SQLexpress database ?
the error is this : "Failed to generate a user instance of SQL Server due to failure in retrieving the user's local application data path. Please make sure the user has a local user profile on the computer. The connection will be closed.
"
my connection string works fine and sets to the correct database
thank you
Best regards

In an MVC4 clean project, Internet template, with initialized LocalDB membership database, SG treis to create a new SQLexpress instance and fails.
Any suggestions?

When I click the "Log In" link, enter my username and password in the dialog that appears, and click "Log On" I am presented with the "success" and "returnUrl" JSON, but not redirected to the home view as I would have expected.

This action method returns the empty view instead of the model in case of a failed login attempt.

This:

// If we got this far, something failed, redisplay form
return RedirectToAction("LogOn");

Should be:

// If we got this far, something failed, redisplay form
return View(model);

This is important so that the errors appear in the view. Today the errors are being hidden.

Hi one of the best things of this kind of Wrappers around the membership technology will be if can be managed also the applications, i mean could create applications, but most important can users be associated with applications to be able to manage a central repository as asp.net membership from this project.

Thanks

Subject says it all

Hi
I believe the Change Password link is missing. One can find it using /SGAccount/ChangePassword but maybe there should a page that manage user details and lets her change the password...

When navigating between users it doesn't work if the user has a full stop (period) in the user name, because you cant put them in the url string...

/SecurityGuard/Membership/Update/phil.hey

Maybe it would be better to post the username.

I have installed latest NuGet package from SecurityGuard but when I try to register a user I get an exception regarding missing EntityFramework 4.4 assembly

In SG view jquery is loaded like this:
<script src="@Url.Content("~/Content/SecurityGuard/scripts/jquery.validate.min.js")" type="text/javascript"></script>

but the views created by new mvc 4 internet template use:
@section Scripts { @Scripts.Render("~/bundles/jqueryval") }

Would it be better to use the second form?

i am using mvc4 in vs2010
when i use this line in my
Hello, @Html.ActionLink(User.Identity.Name, "Manage", "SGAccount", routeValues: null, htmlAttributes: new { @Class = "username", title = "Manage" })!
i got error when i select the link .
i change to this line
Hello, @Html.ActionLink(User.Identity.Name, "Update", "Membership", routeValues: new { area = "SecurityGuard" , userName = User.Identity.Name }, htmlAttributes: new { @Class = "username", title = "Manage" })!
and it is work
way?

hi! i did the tutorial of security guard mvc4 for VS 2012, and I cant see de dashboard view.. besides I can't access to role manager...

The following gifs referenced in the pagination.css are not in the images folder
images/pag_bg.gif
images/prev.gif
images/next.gif
images/go.gif

Just installed the version 1.0.8 from NuGet (Package-Install SecurityGuard.MVC4), and the Manage views (both aspx and cshtml) seem to be missing from the "Views/SGAccount" directory.

This obviously trigger errors are there are references to that View (notably in _LoginPartial.cshtml).

This code:

        $(".userRadio").click(function () {
            // Get the value of the clicked radio button
            // which is the username.
            var username = $(this).val();

            // Get a reference to the "href" of the link.
            var href = anchor.attr("href");

            // Concatenate the existing href value with the username
            var newHref = href + "/" + username;

            // Replace the existing href value with the new one
            anchor.attr("href", newHref);

            // Remove the disabled attribute on the 
            // Grant Roles to User link
            anchor.removeAttr("disabled");
        });

Should be:

        $(".userRadio").click(function () {
            // Get the value of the clicked radio button
            // which is the username.
            var username = $(this).val();

            // Get a reference to the "href" of the link.
            var href = '@Url.Action("GrantRolesToUser", "Membership")'

            // Concatenate the existing href value with the username
            var newHref = href + "/" + username;

            // Replace the existing href value with the new one
            anchor.attr("href", newHref);

            // Remove the disabled attribute on the 
            // Grant Roles to User link
            anchor.removeAttr("disabled");
        });

Why? Because when you select different users successively, the href will concatenate the user names, for example:

Clicked user leniel:

http://localhost:8087/SecurityGuard/membership/GrantRolesToUser/leniel

Now I selected user tester after having selected user leniel:

http://localhost:8087/users/membership/GrantRolesToUser/leniel/tester

Can you spot the problem? The route breaks because it's expecting only 1 userName according to this route:

            context.MapRoute("Membership",
                "users/membership/{action}/{username}",
                new { controller = "Membership", username = UrlParameter.Optional }
                ); 

I noticed that the dashboard showed 20 users total for my site and there are a lot more than that. I changed the existing code in DashboardController's Index action from:
viewModel.TotalUserCount = membershipService.GetAllUsers().Count.ToString();

and replaced it with:
int total;
membershipService.GetAllUsers(0, 1, out total);
viewModel.TotalUserCount = total.ToString();

Now it shows over 300 users as it should. I didn't try to dig into why the parameterless version doesn't return the right number.

Hi
It would be nice if the wiki could also mention what could be cleaned from a MVC 4 internet template project after Security Guard installation...

I am getting this error: Could not load type 'SecurityGuard.Services.MembershipService' from assembly 'SecurityGuard, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null'. when I try to access the SGAccount/Login link

Clean MVC 4 project. Added SG via Nuget. Modifying according to Wiki.
Build Error:
'CompareAttribute' is an ambiguous reference between 'System.ComponentModel.DataAnnotations.CompareAttribute' and 'System.Web.Mvc.CompareAttribute'

Changed line 25 in RegisterViewModel
to: System.ComponentModel.DataAnnotations.Compare

and line 21 in ChangePasswordViewModel
to: System.ComponentModel.DataAnnotations.Compare

Clean build

Choice based on this StackOverflow
http://stackoverflow.com/q/10668948
comment by Vinney K:

So, looking at the MSDN documentation and doing a literal comparison of the two classes, I noticed both classes are derived from System.ComponentModel.DataAnnotations.ValidationAttribute. In fact, the classes are almost exactly the same. The only notable difference is that the MVC version also implements IClientValidatable which adds the following properties:
•FormatPropertyForClientValidation - Formats the property for client validation by prepending an asterisk () and a dot.*
•GetClientValidationRules - Gets a list of compare-value client validation rules for the property using the specified model metadata and controller context.

As for which class you should you, if the model will be directly bound to a view, use the MVC version so that you can take advantage of the client-side validation. However, if you're using ViewModels, you can stick with the ComponentModel class and avoid the unnecessary overhead of the additional properties. Your call!

Hello Everyone,

I use Security Guard Membership for MVC3

The scenario is i want to create a CMS for administrator, when admin go to url e.g: site.com/admin . It will go to dashboard as default if admin logined otherwise URL will go to login page for admin to login. And i also want to create a login page for user who want to buy some thing from my site.

1. How can i create 2 login page for admin and for user ? when admin go to some URL in CMS, The site will go to login page for admin. And if the client want to do some thing like order goods ... they are required to login and the site will go to login page for them. Im so confused and get stuck in this.

2.Can i use implementing method create user of membership to add user for the client ?

Please give me suggestions, thanks in advance !

LogOff works fine when requested via GET, but throws a 404 on POST.

To fix this I changed \Controllers\SGAccountController.cs line 102 from:

[HttpGet]
public virtual ActionResult LogOff()

to:

[AcceptVerbs(HttpVerbs.Get | HttpVerbs.Post)]
public virtual ActionResult LogOff()

I hope that helps.

Getting following error when running mvcinstaller.mvc4
Error creating roles, 'System.Data.Objects.ObjectContext System.Data.Entity.Infrastructure.IObjectContextAdapter.get_ObjectContext()'