Security :: Creating A New User With The Built-in Membership System?
Jan 13, 2010
is there a way to snag the database id of a newly created user after CreateUser has been called? I need to be able to tie that id to another database table. From what my book shows me, it looks like member info is encrypted, so merely looking at the membership database table.
I am creating a interface for User Role Management based on built in membership provider.I want to display all the roles as check boxes for a selected user. I am able to display all the roles in the database, but not able to load the specific user roles. For example, I am able to publish role 1 role 2 role3 role 4 as check boxes. But if the user is already flagged as role 1 and role 3, I am not able to show that data (role1 and 3 should be checked when form loads, but right now, they are not checked)...How do I get the roles as checked boxes display on a page.I am using a repeater control to display roles as check boxes on the page..
used the built-in Membership framework and has implemented his own provider by creating a class that inherits from MembershipProvider (found in System.Web.Security). I actually went ahead and created a custom provider which inherits from MembershipProvider. The problem is that there are several methods I do not really need. Also, the schema is totally different. Plus, most methods return a MembershipUser which means my User class has to inherit from it as well. So really, what benefits does the MembershipProvider and the whole Membership framework add to my system? Do these benefits justify the fact that I won't be using most of the methods on the class?
I'm trying to convert existing user accounts ( MS Access and Classic ASP) to ASP.net membership user account. (I have imported to SQL server but lives in different table in the same database as aspnet membership)
--- Here is basic info of My userinfo table ---
-I have table contains user information. I would like to create .net membership user based on the data.
-Table contains about 30000 rows -Table Name: customers
-Fields: netUserID (unique identifier generated by SQL server)- I need this to join my table with .net membership tables email_address(email address was used as userID as well as email),CreationDate password, etc
--- Here is what I would like to convert ---
-Customer.email_address = aspnet_Membership.Email -Customer.email_address = aspnet_Users.UserName -Customer.netUserID = aspnet_Users.UserID and aspnet_Membership.UserID -Customer.password = ASP.net Membership.password -Customer.creatationDate = aspnet_Membership.CreateDate
--- Here are questions ----
1. When I create a user from web site (web application), this is pretty much everything that you need to enter (email, username, password)
In order to create valid users for membership provider using SQL Server Management Studio, do I have to add more information ? or do they automatically generated by SQL server? ie. LoweredEmail, LoweredUserName etc
2. If I have to include every single fileds in Insert command, are there any SQL statement template to create valid user for membership provider?
3. I believe I will have a problem entering aspnet_Membership.UserID because it's unique identifier. Do I have to change data type temprary in order to insert UserID for aspnet_Users and aspnet_Membership?
I m trying to use the profile system to get information of the authenticated user form the data base, just like the session system : the user is authenticated then I set same variable with information of this user coming from data base !I am familiar with PHP so i m trying to do it like that !Also, i woul like to join my own data base and the asp.net membership database !
I'm just wondering if the built in Hashing in the ASP.Net membership good password security, or if there is more that I should do to protect my passwords? If so, what should I look into for a higher level of security?
Sometimes MS provides error message so silly that its hard to understnad and you feel like throwing away all things.
My Web.Config does not contain any entries of MemberShip, Role or Profile.
I want to create a membership provider dynamically through code at runtime. I wrote following code and it receives following error message. I don;t know how come machine.config error appears in my application. how annoying.
Parser Error Message: The connection name 'LocalSqlServer' was not found in the applications configuration or the connection string is empty.
so after a short talk with some people around ASP.NET MVC forum I took a huge step and chose to create my own Custom Membership Data provider.. so I logged into sweet google and started searching , it doesnt look that hard and seems totally possible for me , that's what i thought...
So now I opened visual studio , and started to think on few things .. So before I would start typing code , I would like to ask those questionsSo i would know better
1. when I build an SQL object , or XML or w.e object, how do I know which fields I need for my table ? should i just copy them from aspnetdb or is there somewhere it is written?
2. how the heck do I copy lines from webconfig ? and should I get those lines like "reset password" from web config or not?
3. I saw some parameters in "create User" called providerKey or something like that, and also MembershipState ? what exacly are those ?
4. last question: the functions get username , and password and stuff like that , but what If i want to create my own User Entity , is there a way to change what the function gets ? or should i just make another class that get my custom UserEntity and let the first class to send her the userentity as repository ?
I would like to know simple thing, If i'm adding additional information to UserProfile such as: Country, PhoneNumber etc'.. So, I added a Table In my DB (which also Got all Membership Provider tables...)
UserProfile, and added Stored Procedures for it for Insert / Update... I would like to know, If I need to create in Business Object a Class for Profile Only? (Cause the User is managed Already by the Membership Provider) And Create for it Also in Business Logic -> ProfileManager with Methods that will use the Stored Procedures to Update and Insert Details? Do I need to do it like this? Or there is another way? What's the right way doing it?
I've had a look through the forums but I couln't find a concrete answer - I found some things that point me in the right direction but I would like to just ask for some clarification.My requirements are as follows:I have an external system, with an API that allows me to log in a user, and returns whether or not it was successful. This can only be done through the API, it can not be done with a direct DB connection.I want to create a site that can only be accessed by someone who has a login to this external system. Through the site they will only be able to log-in, there will be no possibility to change password etc, this is all done in the external system by an admin.I like the ASP membership system, and the way it works with anonymous and member views and would like to continue to use it. My question is, how do I do this? Do I create a custom membership provider that overrides all the methods of the usual membership provider? And how will the fact that all I actually want to do is allow the user to login affect things? There will be no ability to change details etc.
I need to convert a web site using traditional ASP.Net login,membership/role with SQL to a custom system. I need to use a third party (CAS) authentication system while still using membership and roles to control access to content and User.Identity functions.What would be the best way to accomplish this? I use the <deny> and <allow> user throughout the site to control page access.
I am taking MSDN's walkthrough on Creating a Web Site with Membership and User Login. I have some free time and am taking a look at some topics I'm not 100% clear on. So this isn't for a live site; just for my own edification. I set up a user in the web site administration tool then another one in the CreateUserWizard control. I was surprised that in the control it let me create the 2nd user with the same email id as the 1st so I was looking around at how to prevent this. I found requiresUniqueEmail="true" that goes in web.config, in this block:
Which I believe would be the solution. Is that right? My problem is what do I set all those other attributes to in the block? All I really want is requiresUniqueEmail but it seems I have to specify a connectionstring also but I don't know what this would be. The website is using ASPNETDB.MDF which got created in App_Data after I ran the administration tool for the first time (I believe). So I need to explicitly define a connectionstring to that DB now that I want to require a unique email?
I am trying to create my own membership system. Therefore I created my own membershipuser class and membership provider class. But I am getting the following error on Createuser method of My membership provider class; no suitable method found to override
This is how my CreateUser method looks like:
public override MyMembershipUser CreateUser(string username, string password, string email, string status, int registerd_on, out UserCreationStatus creation_status)
I am createing user dynamially with the below code; string MyPassword = Membership.GeneratePassword(8,0).ToString(); Membership.CreateUser(TextBox7.Text, MyPassword, TextBox8.Text); but before I start creating, I would like to check if the user name is used before or not.
In the site I am building we have standard users and superusers. A superuser can delete another user from the system and this should result in that user being logged out (if he/she is currently logged in). We use the Membership provider. Or actually the superuser doesnīt delete the other user completely but instead sets his/her as inActive by following code:
But, that should not matter... What I want to know is how to make the affected user being logged out. I donīt need a popup or anything to be shown to the other user that he/she is just logged out, it is enough to check if that user is logged in when he/she tries to move to another page on my site.
I would like to create a sync process between an ADSI table and aspnet Membership using Membership.CreateUser. However, I need to see if a user exists before importing. I can import as long as a user does not exist however I am having trouble checking if users exist and only importing if they do not. Here is my code so far.
When creating a foreign key to the membership user table, is it better to refer to the user_id column or is it ok to use the username column? I assume that the Membership spec enforces uniqueness in the username since there is a method Membership.GetUser(username) that returns one user. Using the id is a bit awkward in code because I have to end up casting all over the place like (int)user.ProviderUserKey. The username would give more information quickly when viewing raw data as well. Just wondering if someone knows a reason why I shouldn't use it as the foreign key.
if a user wants to clear their personal information from a page after clicking on a button that they be re-directed to the ASP Login page. This code needs to be developed using Java Script because I want the user to confirm with a confirmation box that they intended to clear their info. I have found resources on MS that pointed to referencing the "System Web Extension" within the Web Config file shown below, which enables Java Script to be able to reference the Authentication Service classes. I am also calling the function show_confirm in the button onclick event to process the message box response.
I also need to redirect a user back to the Login page within this same show_confirm() function without pointing directly to the URL, but instead to the folder where the page is locateded like in VB Server Redirect if possible.
The error message I receive when I run this code is: Microsoft JScript runtime error: 'sys' is undefined.