Security :: Referencing The Membership User Table?
Oct 13, 2010
When creating a foreign key to the membership user table, is it better to refer to the user_id column or is it ok to use the username column? I assume that the Membership spec enforces uniqueness in the username since there is a method Membership.GetUser(username) that returns one user. Using the id is a bit awkward in code because I have to end up casting all over the place like (int)user.ProviderUserKey. The username would give more information quickly when viewing raw data as well. Just wondering if someone knows a reason why I shouldn't use it as the foreign key.
i m working on mvc 3.0 application and using bulting feature of membership for creating account and i have using ASPNET_REGSQL.EXE command than i have migrated table in our database but when i create any user in membership mvc user account but in database, records are not inserted of user ...
There seems to be something wrong with the create user wizard?I am using hashed password storage. When I change it to clear storage I see the user's password is being stored as something completly different than what they typed in.Example: changeme1 now equates to something like: 4W*KQQ4%=SIf I use 4W*KQQ4%=S as the password to login with it works but changeme1 does not.When I use the reset password wizard it updates the password just fine and it works when I login next.Any clues what could be causing this?
I am createing user dynamially with the below code; string MyPassword = Membership.GeneratePassword(8,0).ToString(); Membership.CreateUser(TextBox7.Text, MyPassword, TextBox8.Text); but before I start creating, I would like to check if the user name is used before or not.
How this line if (usrInfo! = null) add another variable that will be used to login.
This line (usrInfo! = null) works, but I have a database table "confirm". If I change in the Admin to "true", the user successfully logged on. If the base table "confirm" set to "false", the user will not be logged.
The following code works if (null! = & usrInfo & usrInfo. IsApproved), but instead of ' IsApproved ', I want to use table "confirm".
I need to add a column name contact id in asp.net memebership table.I get the contact id from the contacts table and i need to pass that contact id in asp.net membership table when user creation event fires.
I am in the process of creating my database and I have the pending question of whether I should add a UserID using INT to the membership table. I am not replacing the UserID that is a UniqueIdentifier I am just adding a UserID with INT.
The reason I want to do this is because I have about twelve other tables that uses the UserID column. It will be easy for users to insert data into the other tables and I foresee the tables getting to be millions of rows, by using an UserID INT it will avoid the mass amount of storage from the UniqueIdentifier column.
Now my question is what are my repurcussions of doing this? I've already found out one, and I believe it is my biggest question, if I were to create an insert command in .net how would I grab the UserID INT rather then the UserID UniqueIdentifier to insert it into my tables? For example, I can get the userid this way:
I have my membership provider configured and working on my web host.
IŽd like to create a table, for example, table ARTICLES, and iŽd like that the user logged in, his ID or his NAME, was inserted into my ARTICLES database.Which one is the best table i could get for doing that ?
I was checking the table aspnet_users, but its Primary Key has a uniqueidentifer type.This wonŽt be a problem in the future ?Or is there a better way to relate my table with the membership provider ? Maybe another table OR another field.
i'm using asp.net membership for logins/registeration. i have a bookings table with few fields, lets say first_name, last_name, product_name and userID.when the user submits 'buy' i want to get the userID from the membership user tablem that way i know whose made the booking. i'll have these two tables (bookings & user tables) linkedbut how do i get userID from the user table to pass to bookings table? i checked the membership class and it gives options like-Membership.GetUser(), Membership.GetUserNameByEmail(), Membership.GetAllUsers() etcothing for getting user id. user id is stored like this: c1c91682-449f-45dd-b20e-3dac5315bba4
I have set up Membership and Roles and can create users and login using the ASp Login control. However I need to associate users with customers (in a Customers table in the database) and display content according to the customer that the user belongs to. Is the best way of doing this to create a foreign key field in the aspnet_Users table relating back to Customers table which would have to be updated manually after creating the user or is there a better way?
I want to create a site where users can create a very basic profile, with fields like full name, City, Age and Gender, and I want the data for every new member that signs up to go into a simple Table in my sql data base. reason being I want members to be able to view other members info in a table. I am familiar with the "CreateUserWizard", but that only allows me to work with certain predefined info (email, user id, etc). If I just anually add new columns to the table in which user ID and such is saved to, and customize the CreateUserWizard controller to have text boxes for the additional data that I want (i.e. city), will the CreateUserWizard know to save that additional data in the table?
Also, I know I can add fields to the <profile> tag in the web.config files, but I dont know where that gets stored. I want all the info for the user to be stored in one table in a sql data base so that I can easily access it with a quary. I dont see where the profile properties get stored, and how it can be linked to a User ID. by the way I noticed in other posts, there was a mention of a membership provider. I noticed that although I've added some "Login" controlls (i.e. login and CreateUserWizard), no membership provider has been added to my web.config file. Do I need to do this manually? or is there a menu item that adds it for me?
I work with an ASP.NET application and the standard Membership ASP.NET database to register user.
Could it be possible to explain or to give examples how to program the system to work with a confirmation mail so that the user need to click on the link to activate his account?I would like to do this to avoid SPAMMERS
I am wondering what's the easiest way to go about doing this. I am using the user signup form control that comes with .net and they can create user through the application and once they do users see the "members area" of my site.
However, they are only trial members. using my paypal form, once they pay for service, they become a paid member.. so I want to keep track of this in the membership table by having a column in that table: bit registeredUser. Do I have to create my own overriden membership class for this, at first I thought there was already a column like this called isApproved, but seems thats for something else because if its set to false user cannot even login.
In the site I am building we have standard users and superusers. A superuser can delete another user from the system and this should result in that user being logged out (if he/she is currently logged in). We use the Membership provider. Or actually the superuser doesnŽt delete the other user completely but instead sets his/her as inActive by following code:
But, that should not matter... What I want to know is how to make the affected user being logged out. I donŽt need a popup or anything to be shown to the other user that he/she is just logged out, it is enough to check if that user is logged in when he/she tries to move to another page on my site.
I would like to create a sync process between an ADSI table and aspnet Membership using Membership.CreateUser. However, I need to see if a user exists before importing. I can import as long as a user does not exist however I am having trouble checking if users exist and only importing if they do not. Here is my code so far.