Security :: Using Membership And Adding Additional Information - Creating BO?
May 18, 2010
I would like to know simple thing, If i'm adding additional information to UserProfile such as: Country, PhoneNumber etc'.. So, I added a Table In my DB (which also Got all Membership Provider tables...)
UserProfile, and added Stored Procedures for it for Insert / Update... I would like to know, If I need to create in Business Object a Class for Profile Only? (Cause the User is managed Already by the Membership Provider) And Create for it Also in Business Logic -> ProfileManager with Methods that will use the Stored Procedures to Update and Insert Details? Do I need to do it like this? Or there is another way? What's the right way doing it?
I'm working on an ASP.NET4.0/C# application for a public site that needs to authenticate only the employees that work at the associated business. The idea is for the site to have a CMS such that employees can go in and make changes to certain content without having to work with any html.My question relates to the design and use of a ASP.NET membership provider. I'm not trying to make the site work with an existing database, so there's no need to create my own MembershipProvider for that purpose.
With Forms Authentication when the app needs to redirect to sign-in page is there an event or any extensibility point that will let me do additional work to the request before it redirects to the sign-in page?
I would like to send additional information in the query string that could vary such that it wouldn't work to just statically embed that in the link in the loginUrl node in the web.config.
Edit: For clarification, I want to intercept the request prior to being redirected TO the login page.
And prior the user being redirected to http://the/interwebs/login.aspx I would like to be able to pack in query values so the url could end up something like http://the/interwebs/login.aspx?Action=Refresh
I want to use the Control of ASP.NET (User wizard Control) to create user, but it only provide its default field like: -username, password, securityQuestion.All I want is the addtional information like Address, Company Name, Telephone number. And I know a solution by building it in 2 step, first the default username, passworld and the next step is the additional information. BUT i don't want to do like that.
while creating users/groups using web site administration tool, is there a way to configure it to store to a specific database rather than store to a Microsoft SQL 2005 Server Express Edition by default in the App_Data folder?
In my application I am using the aspnetdb membership for authorizing users. I created a new table UserProfiles that will hold their profile information. The UserID is linked to aspnet_users UserID with a foreign key. One of the columns in the table represent CompanyID (int). I want to be able to restrict logged in users to only see records from their company based on the CompanyID. There can be more than one user with the same CompanyID to the UserID would not work. I can restrict their access by UsedID to only see records they created by using code behind:
[Code]....
and my select statement is:
[Code]....
How would be the best way to restrict the selected data to UserProfiles.CompanyID?
I m trying to use the profile system to get information of the authenticated user form the data base, just like the session system : the user is authenticated then I set same variable with information of this user coming from data base !I am familiar with PHP so i m trying to do it like that !Also, i woul like to join my own data base and the asp.net membership database !
I'm authenticating my users using the following code for the login event:
[Code]....
The following code runs in global.asax at Application_AuthenticateRequest:
[Code]....
Everything works great so far. Next thing that I need to do is add additional user information to the forms authentication ticket using user profile. When I try to add it right after the login code above, I end up getting an error message about anonymous profile. On the other hand, HttpContext.Profile is read only and doesn't seem to work. Is there any workaround for this?
Sometimes MS provides error message so silly that its hard to understnad and you feel like throwing away all things.
My Web.Config does not contain any entries of MemberShip, Role or Profile.
I want to create a membership provider dynamically through code at runtime. I wrote following code and it receives following error message. I don;t know how come machine.config error appears in my application. how annoying.
Parser Error Message: The connection name 'LocalSqlServer' was not found in the applications configuration or the connection string is empty.
Im very new to ASP.net and have no experience with it at all.Im currently developing a website,and am confused about creating users.Im using the create user wizard,everything is working fine.However,I am worried about the security of user information.I believe the user information is stored in the APP_Data folder, am I right in believing that this folder is secure?
Exactly how is the user information stored when using the create a user wizard?In a database in the APP_Data folder?Is it encrypted automatically when a user signs up?
so after a short talk with some people around ASP.NET MVC forum I took a huge step and chose to create my own Custom Membership Data provider.. so I logged into sweet google and started searching , it doesnt look that hard and seems totally possible for me , that's what i thought...
So now I opened visual studio , and started to think on few things .. So before I would start typing code , I would like to ask those questionsSo i would know better
1. when I build an SQL object , or XML or w.e object, how do I know which fields I need for my table ? should i just copy them from aspnetdb or is there somewhere it is written?
2. how the heck do I copy lines from webconfig ? and should I get those lines like "reset password" from web config or not?
3. I saw some parameters in "create User" called providerKey or something like that, and also MembershipState ? what exacly are those ?
4. last question: the functions get username , and password and stuff like that , but what If i want to create my own User Entity , is there a way to change what the function gets ? or should i just make another class that get my custom UserEntity and let the first class to send her the userentity as repository ?
is there a way to snag the database id of a newly created user after CreateUser has been called? I need to be able to tie that id to another database table. From what my book shows me, it looks like member info is encrypted, so merely looking at the membership database table.
In order to better learn various techniques in ASP.NET development, I've written an ASP.NET app at home, which I use for learning. (It's a simple application we use to track our video library.) When I first started it, I didn't bother with adding membership to it. However, I've recently thought it might be nice to add the ability to allow family members to vote on various movies, etc. In order to track their preferences, I'd need table in the database, etc. (I won't bother going into the details.) So I was thinking that it might be good to add ASP.NET membership to this app, but I've never done that before. Normally, I've only added membership to an ASP.NET app when I was first getting it started; not on an established app. Can I add ASP.NET membership to an older app?
And if the answer to that question is yes, then I would like to use simple Windows authentication. This is a simple peer-to-peer network I've got, everyone has an account (profile) on the box that hosts the ASP.NET app, so I would just use that. Right now this app is an ASP.NET 3.5 app, but I could move it up to ASP.NET 4.0.
I'm trying to convert existing user accounts ( MS Access and Classic ASP) to ASP.net membership user account. (I have imported to SQL server but lives in different table in the same database as aspnet membership)
--- Here is basic info of My userinfo table ---
-I have table contains user information. I would like to create .net membership user based on the data.
-Table contains about 30000 rows -Table Name: customers
-Fields: netUserID (unique identifier generated by SQL server)- I need this to join my table with .net membership tables email_address(email address was used as userID as well as email),CreationDate password, etc
--- Here is what I would like to convert ---
-Customer.email_address = aspnet_Membership.Email -Customer.email_address = aspnet_Users.UserName -Customer.netUserID = aspnet_Users.UserID and aspnet_Membership.UserID -Customer.password = ASP.net Membership.password -Customer.creatationDate = aspnet_Membership.CreateDate
--- Here are questions ----
1. When I create a user from web site (web application), this is pretty much everything that you need to enter (email, username, password)
In order to create valid users for membership provider using SQL Server Management Studio, do I have to add more information ? or do they automatically generated by SQL server? ie. LoweredEmail, LoweredUserName etc
2. If I have to include every single fileds in Insert command, are there any SQL statement template to create valid user for membership provider?
3. I believe I will have a problem entering aspnet_Membership.UserID because it's unique identifier. Do I have to change data type temprary in order to insert UserID for aspnet_Users and aspnet_Membership?
I'm currently writing a website in VWD2010 Express, which requires me to write a custom membership provider.
I've followed the tutorial here [URL] , which seems relatively straight forward.
I am, however, struggling at the stage where the custom membership provider is included in a site. Now obviously the tutorial writer is using a different version of VS to me, so I've had to adapt it somewhat. Instead of building the class as a dll, and referencing that in a new site, I've started a new site from scratch and added the custom membership provider to the Add_Code file (HDIMembershipProvider.vb). It is now required that I add details of the provider to the web.config file, which seems to be where I am encountering problems.
The tutorial requires me to add:
[Code]....
within the System.Web part of the web.config file. However, upon running the site I get the error:
Could not load type 'HDI.AspNet.Membership.HDIMembershipProvider'.
I realise that how you reference the class must have changed since the tutorial was written, but I can't for the life of me find the format I should be using, and trial&error has turned up nothing so far.
I am attempting to implement a custom locale service in an MVC 2 webpage. I have an interface IResourceDictionary that provides a couple of methods for accessing resources by culture. This is because I want to avoid the static classes of .Net resources.The problem is accessing the chosen IResourceDictionary from the views. I have contemplated using the ViewDataDictionary given, creating a base controller from which all my controllers inherits that adds my IResourceDictionary to the ViewData before each action executes.
(ViewData["Resources"] as IResourceDictionary).GetEntry(params);
The following code is used to add the asp membership tables to an already existing database instead of creating a seperate database for membership and having two databases in the application.
aspnet_regsql.exe -S .SQLEXPRESS -U username -P password -d databsename -A all
It works fine by adding the membership tables to the existing database that is located in the c drive, program files sqlserver folder.
But my database however is not in the c drive but located in my asp website app_data folder, so the above code does not give any error and the tables are not added after I run it. how can I now add the membership tables using the above code when my database is located in the website app_data folder,
I have a problem with my membership management. I moved the aspnet membership database to my MSSQL server and I would like to create an add user form not using the CreateUserWizard (I would like to add more information then in the simple CUW). I've created the form and I would like to use the Membership.CreateUser method to add the user. After running the script (VB) the user is available in the aspnet_Users table, also in the aspnet_UserInRoles table but not in the aspnet_Membership table. I'm sure that something is wrong with the configuration, I just can't find what.
