Can anyone tell me how to create Session Context in Mvc3 ?
I am new in Mvc and want to know about How to create session and Syntaxes in Detail.
Thanks in advance.
To save session
#{ HttpContext.Current.Session["Session"] = "Test"; }
To fetch session
#HttpContext.Current.Session["Session"]
Use the HttpContext class to access Session and more. You will not need to instantiate a session, this happens automatically. All you need to do is reference it in your code.
HttpContext.Current.Session["MyVariable"] = "Something";
#HttpContext.Current.Session["MyVariable"].ToString()
http://msdn.microsoft.com/en-us/library/system.web.httpcontext.aspx
Related
It seems a like a pretty fundamental question, in a running Servlet hosted on Domino I want to access Domino resources that I have wisely protected using the the very fine security of IBM Notes and Domino.
I want the Servlet to be able to read and write data to Domino whilst keeping that data from the client that called the Servlet (or xAgent) and preventing the client from writing directly.
I'd be happy to be able to get a session that represented the signer of the application. I can get a session for a registered user by calling the Servlet using ?open&login and signing in. That's not practical.
I've looked here: How can you use SessionAsSigner in a Java Bean called from an XPage? where Mark Leusink (https://stackoverflow.com/users/1177870/mark-leusink) implies the use of ExtLib's getCurrentSessionAsSigner() could be used. I've tried it, having signed the whole application with a single user id and it doesn't return a session. The answer seems to lie in the Servlet's inability to get a FacesContext object.
This feels like the answer should be obvious but it isn't to me. Any ideas?
FacesContext is JSF stuff and can be used from XAgent (=XPage).
In a servlet you can do this:
Session session = NotesFactory.createSession(null, "user", "password");
Server ID usually has no password and doing this will use the server ID:
Session session = NotesFactory.createSession();
Check the source of the WebDav project on OpenNTF. It has all the code you need
There have been lots of good answers to the original question. Thanks very much.
The solution I propose to use is to port the code I have to OSGi plugins. It appears that java code/Servlets within the NSF context are subject to security controls that are relaxed when the same code runs within the OSGi context. The code:
try {
NotesThread.sinitThread();
Session s = NotesFactory.createSession("","<my username>","<my password>");
.....
session = null;
} catch (Exception e) {
} finally {
NotesThread.stermThread();
}
Runs fine in the OSGI context, but within in an NSF produc
com.ibm.domino.osgi.core.context.ContextInfo.getUserSession()
Jason - I assume you basically want the same functionality you would get running a Web Query Save agent if you didn't select run as Web User selected, in other words as the signer of the code.
You could try setting up a internet site rule to allow basic authentication for the specific application path you wanted to use - might be worth using a subdomain for this.
Then within the Servlet call this URL, whilst setting the Basic authorization parameters (username & password).
Something like this.
URL url = new URL(URL_TO_CALL);
String authStr = "USERNAME:PASSWORD";
String authEncoded = Base64.encodeBytes(authStr.getBytes());
HttpURLConnection connection = (HttpURLConnection) url.openConnection();
connection.setRequestMethod("GET");
connection.setDoOutput(true);
connection.setRequestProperty("Authorization", "Basic " + authEncoded);
InputStream is = connection.getInputStream();
I am building a website using spring mvc. Just I built the login screen and the related controllers and services.
Now when validating the user credentials if the given password is wrong then it should navigate back to the login.jsp page. If the inputs are correct then it should navigate to userHomepage.jsp page.
I have done this as below,
try {
loginService.checkUserValidity(userId, password);
return new ModelAndView("userHomePage"); //if all the user credentials are good then redirect the user to User Home Page
} catch (UserNotExistsException e) {
loginResult = e.toString();
return new ModelAndView("login", "loginResult", loginResult);
} catch (InvalidPasswordException e) {
loginResult = e.toString();
return new ModelAndView("login", "loginResult", loginResult);
}
In the above code snippet I was hardcoding the navigating pages file names in ModelAndView (like login, userHomePage etc.,).
Is it correct approach to hardcode them? Is it possible to specify the page navigation using some properties kind of file in spring MVC like in JSF? Is spring MVC webflow sole purpose that?
Thanks
It's not unusual to hae the views specified as you have them.
If you have complex navigation you wanr to specify in an XML file, like JSF, Spring Webflow is for you. It can be tricky to set up, but provides a nice framework for complex navigation.
Have you set up Spring Security? The user is sent to the login page (form) when he's unauthorised, otherwise to the page he requested.
Recently I asked a question about how to use ajax calls to
authenticate user in asp.net mvc, and I got my answer.
But then is decided to use 'Roles' property of 'GenericPrincipal' class
so I changed my code as follow to contain 'Roles':
HttpContext.User = new System.Security.Principal.
GenericPrincipal(new System.Security.Principal.GenericIdentity(login.LoginName),
userRole);
In my site.master view, I check to see which kind of roles users
belongs to and I show appropriate menu, but when I watch
'HttpContext.Current.User.Identity' values during debugging,
I see m_roles=string[0] and 'IsInRole("Admin")' returns false.
How could it be fixed?
Try setting the current thread principle:
System.Threading.Thread.CurrentPrincipal = principal;
as is shown here:
http://social.msdn.microsoft.com/forums/en-US/Vsexpressvcs/thread/5f9735a9-096b-47af-963d-e95130cad6b4
Is there a way to enable sessions for just a specific part of the Coldfusion application by just adding Application.cfm into its directory with the session enablers?
For example, a website that has the following:
/extranet
/intranet
/store
/rentals
I want to use session variables in the rental section, independent of the ones in the intranet and store.
If you don't want to share session variables, and don't need to share application variables, then it's easy. Just put a different Application.cfc (or .cfm) in the root of the context for which you want access to the session variables.
So if you want sessions in /extranet, and sessions in /intranet and don't want them to be the same application, then:
/extranet/Application.cfc:
component {
this.name = "extranet";
this.sessionmanagement = true;
}
/intranet/Application.cfc:
component {
this.name = "intranet";
this.sessionmanagement = true;
}
It sounds like you aren't really up to speed on all of the things that you can do with Application.cfc, so I'll also add that this is a really good reference. There is a lot to learn, but it is also pretty simple once you understand how it works.
Maybe a Single Signon (SSO) solution would work for you? Rather than monkey around with the values in the session struct, just pass a user id from one app to another. When the user passes from extranet to rentals, the app says "here comes user #45", the rentals app looks them up in the db, does some validation to make sure that the user is who the extranet says they are, then starts a new session for them in rentals.
I have a proxy object generated by Visual Studio (client side) named ServerClient. I am attempting to set ClientCredentials.UserName.UserName/Password before opening up a new connection using this code:
InstanceContext context = new InstanceContext(this);
m_client = new ServerClient(context);
m_client.ClientCredentials.UserName.UserName = "Sample";
As soon as the code hits the UserName line it fails with an "Object is read-only" error. I know this can happen if the connection is already open or faulted, but at this point I haven't called context.Open() yet.
I have configured the Bindings (which uses netTcpBinding) to use Message as it's security mode, and MessageClientCredentialType is set to UserName.
Any ideas?
I noticed that after creating an instance of the proxy class for the service, I can set the Username and Password once without errors and do a successful call to my webservice. When I then try to set the Username and Password again on the existing instance (unnecessary of course) I get the 'Object is Read-Only' error you mentioned. Setting the values once per instance lifetime worked for me.
It appears that you can only access these properties pretty early in the instanciation cycle. If I override the constructor in the proxy class (ServerClient), I'm able to set these properties:
base.ClientCredentials.UserName.UserName = "Sample";
I'm beginning to appreciate the people who suggest not using the automatically built proxies provided by VS.
here is the solution:
using SysSvcmod = System.ServiceModel.Description;
SysSvcmod.ClientCredentials clientCredentials = new SysSvcmod.ClientCredentials();
clientCredentials.UserName.UserName = "user_name";
clientCredentials.UserName.Password = "pass_word";
m_client.ChannelFactory.Endpoint.Behaviors.RemoveAt(1);
m_client.ChannelFactory.Endpoint.Behaviors.Add(clientCredentials);
I have similar code that's passing UserName fine:
FooServiceClient client = new FooServiceClient("BasicHttpBinding_IFooService");
client.ClientCredentials.UserName.UserName = "user";
client.ClientCredentials.UserName.Password = "password";
Try creating the proxy with binding name in app.config.
The correct syntax is:
// Remove the ClientCredentials behavior.
client.ChannelFactory.Endpoint.Behaviors.Remove<ClientCredentials>();
// Add a custom client credentials instance to the behaviors collection.
client.ChannelFactory.Endpoint.Behaviors.Add(new MyClientCredentials());
http://msdn.microsoft.com/en-us/library/ms730868.aspx
It worked for me.
I was facing same problem, my code started working when I changed my code i.e. assigning values to Client credential immediately after initializing Client object.
here is the solution ,
ProductClient Manager = new ProductClient();
Manager.ClientCredentials.UserName.UserName = txtUserName.Text;
Manager.ClientCredentials.UserName.Password = txtPassword.Text;
This will not happen if the service reference is added through -> Add service reference ->Advanced->Add Web Reference-> Url/wsdl (local disk file).
I was facing this issue where I was trying to create a generic method to create a clients for different end points.
Here how I achieved this.
public static T CreateClient<T>(string url) where T : class
{
EndpointAddress endPoint = new EndpointAddress(url);
CustomBinding binding = CreateCustomBinding();
T client = (T)Activator.CreateInstance(typeof(T), new object[] { binding, endPoint });
SetClientCredentials(client);
return client;
}
public static void SetClientCredentials(dynamic obj)
{
obj.ChannelFactory.Endpoint.Behaviors.Remove<ClientCredentials>();
obj.ChannelFactory.Endpoint.Behaviors.Add(new CustomCredentials());
obj.ClientCredentials.UserName.UserName = "UserId";
obj.ClientCredentials.UserName.Password = "Password";
}
I think your problem might be related to the use of the InstanceContext. I thought that was only needed for duplex communication channels from the server side.
I admit I'm not sure about this, but I think in this case you are telling the client to use an existing instance context so it thinks there is already a running service and will not allow changes.
What is driving the use of InstanceContext?
If using a duplex client, when you instantiate it the DuplexChannelFactory within the DuplexClientBase that your client is derived from is initialized with existing credentials so it can open the callback channel, which is why the credentials would be read only.
I second Mike's question and also ask why are you using NetTcpBinding if you are not going to use its inherent transport level security? Perhaps an HTTP based binding would be a better fit? That would allow you to use certificate based security which I believe can be modified after instantiation (http://msdn.microsoft.com/en-us/library/ms576164.aspx).
A shot in the dark but does netTcpBinding allow username and password validation? Try using application layer (SOAP) security using a http binding
or you could just simply check the Credentials
if (client.ClientCredentials.ClientCertificate.Certificate == null || string.IsNullOrEmpty(client.ClientCredentials.ClientCertificate.Certificate.Thumbprint))
{
client.ClientCredentials.ClientCertificate.SetCertificate(
StoreLocation.LocalMachine,
StoreName.My,
X509FindType.FindByThumbprint, ConfigurationManager.AppSettings.Get("CertificateThumbprint"));
}
In .NET 4.6 I couldn't remove the credentials using Fabienne's answer. Kept getting Compiler Error CS0308 in the Remove method. What worked for me was this:
Type endpointBehaviorType = serviceClient.ClientCredentials.GetType();
serviceClient.Endpoint.EndpointBehaviors.Remove(endpointBehaviorType);
ClientCredentials clientCredentials = new ClientCredentials();
clientCredentials.UserName.UserName = userName;
clientCredentials.UserName.Password = password;
serviceClient.Endpoint.EndpointBehaviors.Add(clientCredentials);