Migrating From Custom User List To MS Membership In SQL Server?
Aug 27, 2010
For that, I made my own users and passwords tables and hashed the passwords myself. Now, I would much rather move to Microsoft's built in membership provider with asp.net in sql server. Does anybody know a good way to migrate over?
The only real idea I've had so far is to make both systems run simultaneously, then when a user logs in, validate them in my old system, then ask them to re-enter their password and save their new stuff in the microsoft's system... then clear the record out of my old system. Eventually, I would hope that would move everybody into the new system. But that seems annoying and messy. Is there some better way?
I have an existing ASPNET role/membership database created on SQLExpress 2005 (WIndows 2003 Server). I created it under the .NET 3 framework many years ago using the aspnet_regsql.exe application in full GUI mode.
I am setting up a new Windows 2008R2 server with .Net Framework 4 and SQL Server 2008R2. I don't want users to have to recreate accounts or create roles, etc.
So...
1. Should I backup the current database and import it into the new system, and if so do I even need to use the aspnet_regsql.exe application. (If so which version do I use, different aspnet_regsql.exe files exist in different directories (i.e., FrameWork, FrameWork64)
2. Should I just run aspnet_regsql.exe on its own and then somehow try to import the current data into those tables.
I am concerned that if I just import somehow the roles within SQL server will not be created properly.
I am trying to create a Forms Authenticated site and have already used the aspnet_regsql tool to create the necessary logic in my SQL Server DB to hold my data. Now, I am looking to create a custom Membership, User and Role provider for my DB model. I was looking at the following video: [URL]
Now, I get the concept on how to go about it but I notice that this guy uses custom DB Procedures as to the ones that are generated by the aspnet_regsql tool. Can anyone direct me on where I can find info on how to go about building the Membership, User and Role provider class using the DB structure that aspnet_regsql generates? So much junk on google that I am having a hard time finding good guidance.
I have a custom membership user class and custom MembershipProvider working against database. Due to security reasons the user passwords are stored in the database as hashed values. So my procedure
public override bool ValidateUser(string username, string password) is { //select hashed password from db return (EncodePassword(password) == dbpassword) } [code]....
Dim req as httprequest ip = req.servervariables("remote_host") 'result = nothing Dim req as new httprequest ip = req.servervariables("remote_host") 'result = nothing Dim req as requestcontext ip = req.request.servervariables("remote_host") 'result = nothing...
I have an old website running fine in Classic ASP with large customer base registered onto the site. The current site allows users to have their own user name(unique) registered against an ID assigned to them. They can change the User name later as well provided it is still Unique in the database(Database is SQLServer2005).
The Problem: Now i want to move the website to .NET and want to use the .NET Membership. I know how to create the database structure in SQL Server through aspnet_regsql script but my problem is how should i import the existing username and passwords as the password stored in MembershipDB is Hashed (salt). Also i might want to allow admins to impersonate as users later.
I've got a system that was partially written by someone else and is a complete maintenance nightmare for such a small app. I've finally been given changes which justifies just rewriting the horrible mess so I am moving it to Django.
Before I take the plunge, I've been trying to move over the password hash and salt into the Django auth tables [sha1]$[salt]$[hash] but can't get it to hash properly (resetting passwords isn't really an option).
Here is what I've been able to find out so far:
ASP.NET stores the hash as base64 string and uses a base64 salt (before hash) I can obviously reverse the base64 hash to a byte array Django uses a hexdigest, I tried BitConverter.ToString but they hash differently
We have just migrated our application from VS 2008 to VS 2010 and our database from Sql server 2005 to 2008. Everything was working great until i tried to login to the site.
As when i try to log into the site, i am surprisingly always getting "FALSE" from Membership.Validateuser (). I goggled it and now i know i am not the alone victim of this irritating bug. Our live site is going to be down...
I've wrote a custom membership provider and a custom membership user. So far so good, I can create users / login etc, but when I try to access the custom membership user in code like this;
Code: Public Function GetOpportunities() As IQueryable(Of Opportunity) 'Dim p As CiseroMembershipProvider = System.Web.Security.Membership.Provider 'Dim _User = p.GetUser(System.Web.HttpContext.Current.User.Identity, True), CiseroMembershipUser Dim _User As Curve.CiseroMembershipUser = Nothing _User = System.Web.Security.Membership.GetUser() 'Dim _CurveUser As New CiseroMembershipUser 'Return From o In Me.ObjectContext.Opportunities Where o.ClientID = User.ClientID Return From o In Me.ObjectContext.Opportunities Where o.ClientID = _ _User.ClientID Order By o.ModifiedDate Descending End Function I get this error:
Unable to cast object of type 'CustomMembershipUser' to type 'Curve.CustomMembershipUser'. When I put a quickwatch on the object System.Web.Security.Membership.GetUser() it is of type CustomMembershipUser. The quickwatch window generates the text DirectCast(System.Web.Security.Membership.GetUser(), CustomMembershipUser) when I click onto the properties, but reevaluating the expression raises the error.
This is my first membership provider; I converted the sample provider [URL] to SQL. I created a vb class provider and put it into the App_Code folder. After it was created I tried to modify my webconfig but the error pops up. I don't know what else to try, I don't know if I have missed something
I'm using DotNetOpenAuth as my membership system, and the way I have it working now seems to be working quite well. What I'd like to do however is build into my website the ability to check user credentials against the AuthCookie rather than a session. In the membership provider, I can check for the username like this
string UserName = System.Web.HttpContext.Current.User.Identity.Name; ''# which returns the OpenId ClaimedIdentifier
What I'm wondering is if there is a way to extend this so that I can retrieve custom properties from the AuthCookie rather than having to create my own session object. Currently I have this setup.
UserSessionModal Namespace Domain Public Class UserSessionModel Public Property ID As Integer Public Property RegionID As Integer Public Property Username As String Public Property Slug As String Public Sub New(ByVal user As User) _ID = user.ID _RegionID = user.RegionID _Username = user.UserName _Slug = Replace(user.UserName, " ", "-") End Sub End Class End Namespace
BaseController (inherited by all controllers) Protected Overrides Function CreateActionInvoker() As System.Web.Mvc.IActionInvoker ''# Create a UserInfo object for the logged in user ''# and store it in a session state. If Session("UserInfo") Is Nothing AndAlso User.Identity.IsAuthenticated Then Dim user As Domain.UserSessionModel = New Domain.UserSessionModel(OpenIdService.GetOpenId(HttpContext.User.Identity.Name).User) Session("UserInfo") = user End If Return MyBase.CreateActionInvoker() End Function
Then in my views I do something like this
<% Dim user As MyApp.Core.Domain.UserSessionModel = DirectCast(Session("UserInfo"), MyApp.Core.Domain.UserSessionModel) %> <%: Html.ActionLink(user.UserName, "Details", "Users", New With {.id = user.ID, .slug = user.Slug}, Nothing)%>
What I really need to be able to do is remove the Session stuff all together and just simply check the AuthCookie for my custom properties ID, RegionID, Username, and Slug. I can already get the "ClaimedIdentifier" out of the AuthCookie using HttpContext.User.Identity.Name... I just need to be able to extend it.
I have a custom control, inherited from Button. This is the class definition for the control and 2 properties:
[Code]....
I show you 2 properties, only to illustrate the problem.
as you see Aplicacion property is of a custom type Sistema, and Roles property is of type List<UserRol>.
The Aplicacion property is rendered well, this way:
[Code]....
The problem I have is with List<UserRol>. I couldn't get it to be rendered. I expeect to be rendered this way:
[Code]....
Finally, this is the TypeConverter and Editor definitions for the list:
[Code]....
The UserRol class is a typical class, without any special attributes.
I have discovered that when I use the custom editor for Roles property, the collection is not persisted. When I use the default editor for the collection, the collection is persisted.
I created a custom forms authentication and membership provider and it seems to work fine opening up in WAT, creating roles and adding users. Also when I in my mvc app use it to log users in, it works fine. However it seems to fail to determine a user's role (no errors, but just jump over User.IsInRole(...) lines and Roles.GetRolesForUser(); comes up empty. I got a gut feeling I did something wrong with my configuration, so for now I'll post just that:
I'm new to all of this, so go easy on me. This should be an easy one. I have created a custom SmartContentBlock user control for a CMS.The control works, but only if I invoke the Fill() function in the Page_init event in the codebehind of the ASPX page. My goal is to modify the class file so that the Fill() in the codebehind is no longer neccesary. So, for reference, here's the gist of the current situtation.Controls.cs
I had been trying to solve this but there is a hidden key i wish someone point me to.
I had a simple membership database with users in first the Membership Provider configured for clear password to retrieve the original password .
Now a new requirement say that the password must be hashed and reset .
I configure the Membership password to hash , and Implemented the Reset Password Module.
My problem is as follow.
If the user is new registered user with the new configuration the password and the security answer is hashed.
also when I go and reset the password it continue to be hashed.
Now I thought that with new configuration if any previous user with clear text configuration , If he use the password Reset module , because my configuration now is hashed , I expected that the new password and security answer will be hashed . what happen is old user continue in clear text even if the configuration is hashed. so If I had new users everything is fine.
old users Membership Provider somehow know they had been stored in clear text and it keep change password and security answer in clear text . If I delete this user and create it , Membership Provider understand that everything will be hashed. I need to know how it know this , I need to migrate users not to delete and recreate users .
Also if there are no solution for that , I wish Microsoft Consider it in future cause it is a real user scenario, that can happen imagine a business system that related to membership user Id , deleting users and recreate them is not a solution .
With following code, I can fetch all properties of user control. I need to get only those properties which were separately defined excluding the default ones.
how to implement the authentication and membership for a hobby project I'm working on. Tought I'd ask for opinions here. I started using the asp.net membership/authentication/profile providers. First off I want user's to "activate" their accounts, so upon registration I figured I'll set "IsApproved" to false, generate and email an activation code which I store in a user profile. User's won't have usernames, just log in by email address. While it's easy to pass an email address as username, I'm worried about user's having to change their email addresses (used for logging in) later.
I have a user control (ascx file) that contains an interface for users to change the data retrieved from the db. So, I am displaying data and most of this data can be edited by the user. When the user enters text into a textbox, and clicks "Save Changes", the value they typed in is lost and not persisted to the database. I realize now this is because the SaveChanges button does a postback, and the user control gets reloaded with its original valuesbefore the code within my SaveChanges button gets executed. I'm not sure if there are properties I need to set to save the input data, or if I need to write my own code to do it. What is the generally accepted method to do this? (Also, all of the controls in the ascx file are wrapped in an Update Panel.)
I used Integrated Security for a database connection for the first time for a website. The website pool uses Network Service as a user. I added Network Service as a SQL Server user mapped to public, then allowed it access to my database as websiteuser. There are many aspnet_... roles to choose from. Any links out there that explains which ones to use? Do I just check them all since there's only one login coming from the website?
I'm trying to convert existing user accounts ( MS Access and Classic ASP) to ASP.net membership user account. (I have imported to SQL server but lives in different table in the same database as aspnet membership)
--- Here is basic info of My userinfo table ---
-I have table contains user information. I would like to create .net membership user based on the data.
-Table contains about 30000 rows -Table Name: customers
-Fields: netUserID (unique identifier generated by SQL server)- I need this to join my table with .net membership tables email_address(email address was used as userID as well as email),CreationDate password, etc
--- Here is what I would like to convert ---
-Customer.email_address = aspnet_Membership.Email -Customer.email_address = aspnet_Users.UserName -Customer.netUserID = aspnet_Users.UserID and aspnet_Membership.UserID -Customer.password = ASP.net Membership.password -Customer.creatationDate = aspnet_Membership.CreateDate
--- Here are questions ----
1. When I create a user from web site (web application), this is pretty much everything that you need to enter (email, username, password)
In order to create valid users for membership provider using SQL Server Management Studio, do I have to add more information ? or do they automatically generated by SQL server? ie. LoweredEmail, LoweredUserName etc
2. If I have to include every single fileds in Insert command, are there any SQL statement template to create valid user for membership provider?
3. I believe I will have a problem entering aspnet_Membership.UserID because it's unique identifier. Do I have to change data type temprary in order to insert UserID for aspnet_Users and aspnet_Membership?
This control may contain some other web server controls such as GridView.I need explanation of experienced developers, how to do that - take me to the right way
I create custom principal for implement logic for users. In identity I store Id, Name. But it abnormally - this classes must use for authenticate and authorize.
I can implement custom MembershipUser, custom Roles and Membership provider.
