Security :: Creating Membership User Using SQL Server Management Studio
Jul 9, 2010
I'm trying to convert existing user accounts ( MS Access and Classic ASP) to ASP.net membership user account. (I have imported to SQL server but lives in different table in the same database as aspnet membership)
--- Here is basic info of My userinfo table ---
-I have table contains user information. I would like to create .net membership user based on the data.
-Table contains about 30000 rows
-Table Name: customers
-Fields: netUserID (unique identifier generated by SQL server)- I need this to join my table with .net membership tables email_address(email address was used as userID as well as email),CreationDate password, etc
--- Here is what I would like to convert ---
-Customer.email_address = aspnet_Membership.Email
-Customer.email_address = aspnet_Users.UserName
-Customer.netUserID = aspnet_Users.UserID and aspnet_Membership.UserID
-Customer.password = ASP.net Membership.password
-Customer.creatationDate = aspnet_Membership.CreateDate
--- Here are questions ----
1. When I create a user from web site (web application), this is pretty much everything that you need to enter (email, username, password)
In order to create valid users for membership provider using SQL Server Management Studio, do I have to add more information ? or do they automatically generated by SQL server? ie. LoweredEmail, LoweredUserName etc
2. If I have to include every single fileds in Insert command, are there any SQL statement template to create valid user for membership provider?
3. I believe I will have a problem entering aspnet_Membership.UserID because it's unique identifier. Do I have to change data type temprary in order to insert UserID for aspnet_Users and aspnet_Membership?
I am creating a interface for User Role Management based on built in membership provider.I want to display all the roles as check boxes for a selected user. I am able to display all the roles in the database, but not able to load the specific user roles. For example, I am able to publish role 1 role 2 role3 role 4 as check boxes. But if the user is already flagged as role 1 and role 3, I am not able to show that data (role1 and 3 should be checked when form loads, but right now, they are not checked)...How do I get the roles as checked boxes display on a page.I am using a repeater control to display roles as check boxes on the page..
is there a way to snag the database id of a newly created user after CreateUser has been called? I need to be able to tie that id to another database table. From what my book shows me, it looks like member info is encrypted, so merely looking at the membership database table.
I want to deisgn a user memebership management interface which allows the Site Admin to:
View all the users and the role the are assigned. Also I want to have a Manage/Edit linkbutton which shows a Popup Modal, allowing the Admin to update the users details.
I come across [URL]. Are there any similar Open Source free components? Or tutorials which i can follow to achieve this?
I am trying to create a Forms Authenticated site and have already used the aspnet_regsql tool to create the necessary logic in my SQL Server DB to hold my data. Now, I am looking to create a custom Membership, User and Role provider for my DB model. I was looking at the following video: [URL]
Now, I get the concept on how to go about it but I notice that this guy uses custom DB Procedures as to the ones that are generated by the aspnet_regsql tool. Can anyone direct me on where I can find info on how to go about building the Membership, User and Role provider class using the DB structure that aspnet_regsql generates? So much junk on google that I am having a hard time finding good guidance.
Sometimes MS provides error message so silly that its hard to understnad and you feel like throwing away all things.
My Web.Config does not contain any entries of MemberShip, Role or Profile.
I want to create a membership provider dynamically through code at runtime. I wrote following code and it receives following error message. I don;t know how come machine.config error appears in my application. how annoying.
Parser Error Message: The connection name 'LocalSqlServer' was not found in the applications configuration or the connection string is empty.
1) No matter how I try Default.aspx never shows up as the StartPage even though I've told it to, the Login.aspx Page shows up first, so the rest of the walkthrough seems strange....
2) I'm a dummy when it comes to SMTP so I can not seem to get the SMTP to send a message to the User supplied e-mail address....
I want to use this methodology for many Web-Sites I have planned, but if it doesn't work then perhaps not....
so after a short talk with some people around ASP.NET MVC forum I took a huge step and chose to create my own Custom Membership Data provider.. so I logged into sweet google and started searching , it doesnt look that hard and seems totally possible for me , that's what i thought...
So now I opened visual studio , and started to think on few things .. So before I would start typing code , I would like to ask those questionsSo i would know better
1. when I build an SQL object , or XML or w.e object, how do I know which fields I need for my table ? should i just copy them from aspnetdb or is there somewhere it is written?
2. how the heck do I copy lines from webconfig ? and should I get those lines like "reset password" from web config or not?
3. I saw some parameters in "create User" called providerKey or something like that, and also MembershipState ? what exacly are those ?
4. last question: the functions get username , and password and stuff like that , but what If i want to create my own User Entity , is there a way to change what the function gets ? or should i just make another class that get my custom UserEntity and let the first class to send her the userentity as repository ?
I would like to know simple thing, If i'm adding additional information to UserProfile such as: Country, PhoneNumber etc'.. So, I added a Table In my DB (which also Got all Membership Provider tables...)
UserProfile, and added Stored Procedures for it for Insert / Update... I would like to know, If I need to create in Business Object a Class for Profile Only? (Cause the User is managed Already by the Membership Provider) And Create for it Also in Business Logic -> ProfileManager with Methods that will use the Stored Procedures to Update and Insert Details? Do I need to do it like this? Or there is another way? What's the right way doing it?
I am taking MSDN's walkthrough on Creating a Web Site with Membership and User Login. I have some free time and am taking a look at some topics I'm not 100% clear on. So this isn't for a live site; just for my own edification. I set up a user in the web site administration tool then another one in the CreateUserWizard control. I was surprised that in the control it let me create the 2nd user with the same email id as the 1st so I was looking around at how to prevent this. I found requiresUniqueEmail="true" that goes in web.config, in this block:
Which I believe would be the solution. Is that right? My problem is what do I set all those other attributes to in the block? All I really want is requiresUniqueEmail but it seems I have to specify a connectionstring also but I don't know what this would be. The website is using ASPNETDB.MDF which got created in App_Data after I ran the administration tool for the first time (I believe). So I need to explicitly define a connectionstring to that DB now that I want to require a unique email?
I need regarding best practice for asp.net session management without using membership. I have design a login page which has two Text boxes and a Login Button. I need a again best practice which authenticate user and save user information in session. So in main page after login I want to check either session is expire or not. I need an complete example. Further more I am using ASP.NET 3.5.
used the built-in Membership framework and has implemented his own provider by creating a class that inherits from MembershipProvider (found in System.Web.Security). I actually went ahead and created a custom provider which inherits from MembershipProvider. The problem is that there are several methods I do not really need. Also, the schema is totally different. Plus, most methods return a MembershipUser which means my User class has to inherit from it as well. So really, what benefits does the MembershipProvider and the whole Membership framework add to my system? Do these benefits justify the fact that I won't be using most of the methods on the class?
I am createing user dynamially with the below code; string MyPassword = Membership.GeneratePassword(8,0).ToString(); Membership.CreateUser(TextBox7.Text, MyPassword, TextBox8.Text); but before I start creating, I would like to check if the user name is used before or not.
I have a custom membership user class and custom MembershipProvider working against database. Due to security reasons the user passwords are stored in the database as hashed values. So my procedure
public override bool ValidateUser(string username, string password) is { //select hashed password from db return (EncodePassword(password) == dbpassword) } [code]....
In the site I am building we have standard users and superusers. A superuser can delete another user from the system and this should result in that user being logged out (if he/she is currently logged in). We use the Membership provider. Or actually the superuser doesnīt delete the other user completely but instead sets his/her as inActive by following code:
[code]...
But, that should not matter... What I want to know is how to make the affected user being logged out. I donīt need a popup or anything to be shown to the other user that he/she is just logged out, it is enough to check if that user is logged in when he/she tries to move to another page on my site.
I'm trying to get the comments section for a user, to populate a text box which can be updated. I'm getting the "Object reference not set to an instance of an object" error. Why is this occurring?
I would like to create a sync process between an ADSI table and aspnet Membership using Membership.CreateUser. However, I need to see if a user exists before importing. I can import as long as a user does not exist however I am having trouble checking if users exist and only importing if they do not. Here is my code so far.
When creating a foreign key to the membership user table, is it better to refer to the user_id column or is it ok to use the username column? I assume that the Membership spec enforces uniqueness in the username since there is a method Membership.GetUser(username) that returns one user. Using the id is a bit awkward in code because I have to end up casting all over the place like (int)user.ProviderUserKey. The username would give more information quickly when viewing raw data as well. Just wondering if someone knows a reason why I shouldn't use it as the foreign key.
if a user wants to clear their personal information from a page after clicking on a button that they be re-directed to the ASP Login page. This code needs to be developed using Java Script because I want the user to confirm with a confirmation box that they intended to clear their info. I have found resources on MS that pointed to referencing the "System Web Extension" within the Web Config file shown below, which enables Java Script to be able to reference the Authentication Service classes. I am also calling the function show_confirm in the button onclick event to process the message box response.
I also need to redirect a user back to the Login page within this same show_confirm() function without pointing directly to the URL, but instead to the folder where the page is locateded like in VB Server Redirect if possible.
The error message I receive when I run this code is: Microsoft JScript runtime error: 'sys' is undefined.
I realize that user names are unique, but is there another identifier associated with the username? If there is, how do I find out what it is for the user who is currently logged in?