deloused
asked on
Matching a new web user to their pre-loaded personal information
I would like to backload the personal information of my web users in a sql server 2005 database. I want the users to be able create their own username and passwords and associate the user with the appropriate data.
The way I've thought about solving this problem would be to assign the web users users a unique 5 digit number. I will in their personal information in the database, with this number, and then send them this number. When they come to the website they can put in this number which will link them to their information. They will then be prompted to put in their own username, password ect.
Does this sound like a good system? I have no idea how to actually implement this...I was wondering if anyone had some suggestions on how to create this. Specifically, on the second step of the CreateUserWizard, how to load their "personal information" based on the data that I've put in so they can verify it and finish creating the user. I hope that this makes sense.
The way I've thought about solving this problem would be to assign the web users users a unique 5 digit number. I will in their personal information in the database, with this number, and then send them this number. When they come to the website they can put in this number which will link them to their information. They will then be prompted to put in their own username, password ect.
Does this sound like a good system? I have no idea how to actually implement this...I was wondering if anyone had some suggestions on how to create this. Specifically, on the second step of the CreateUserWizard, how to load their "personal information" based on the data that I've put in so they can verify it and finish creating the user. I hope that this makes sense.
you shouldn't just have a number... as then anyone could "steal/view" the data, and you be in violation of several data protection laws... as a minimum you should combine the unique number with some personal data e.g the persons name...
remember to assign the numbers randomly, and consider a checkdigit...
remember to assign the numbers randomly, and consider a checkdigit...
ASKER
chiragkhabaria,
The way you suggested I have thought about. The problem is that I do not want to have clear text passwords. I would prefer to have hashed w/ salt passwords. I don't know how to generate the random passwords that are hashed and salted. If you know how to do that, I have the rest of the steps already set up(i have the webforms to change their personal information).
Lowfatspread,
I agree with what you have stated. I was just using an idea I've seen on another website. I would ideally like to do it in the above mentioned manner...just don't really know how to do either way...
The way you suggested I have thought about. The problem is that I do not want to have clear text passwords. I would prefer to have hashed w/ salt passwords. I don't know how to generate the random passwords that are hashed and salted. If you know how to do that, I have the rest of the steps already set up(i have the webforms to change their personal information).
Lowfatspread,
I agree with what you have stated. I was just using an idea I've seen on another website. I would ideally like to do it in the above mentioned manner...just don't really know how to do either way...
have a look at the followings link for generating passwords..
http://www.obviex.com/Samples/Password.aspx
http://aspnet.4guysfromrolla.com/articles/101205-1.aspx
http://www.obviex.com/Samples/Password.aspx
http://aspnet.4guysfromrolla.com/articles/101205-1.aspx
ASKER
The problem is that I would want to use hashed and salted passwords. The only way I know how to make hashed passwords is through the asp.net CreateUserWizard. I would have to enter the username and password manually for 3,000 web users...which seems completely unreasonable.
Thanks for the links, those will definitely help but I need a way to make those passwords hashed as well.
Thanks for the links, those will definitely help but I need a way to make those passwords hashed as well.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
chiragkhabaria,
That link looks like the perfect solution. I'm having trouble logging in after I've converted the clear text password to hashed/slated password. I'm using the MD5 password format now instead of "Hashed". How would I change this below to match up with MD5. I'm searching the net looking for an answer but have to yet to find one. I think I just need to change the PublicKeyToken and PasswordFormat, but I'm not really sure. Thanks for you help!
<membership>
<providers>
<remove name="AspNetSqlMembershipP
<add name="AspNetSqlMembershipP
type="System.Web.Security.
connectionStringName="Loca
enablePasswordRetrieval="f
enablePasswordReset="true"
requiresQuestionAndAnswer=
applicationName="/"
requiresUniqueEmail="false
minRequiredPasswordLength=
minRequiredNonalphanumeric
passwordFormat="Hashed"
maxInvalidPasswordAttempts
passwordAttemptWindow="10"
passwordStrengthRegularExp
</providers>
</membership>
That link looks like the perfect solution. I'm having trouble logging in after I've converted the clear text password to hashed/slated password. I'm using the MD5 password format now instead of "Hashed". How would I change this below to match up with MD5. I'm searching the net looking for an answer but have to yet to find one. I think I just need to change the PublicKeyToken and PasswordFormat, but I'm not really sure. Thanks for you help!
<membership>
<providers>
<remove name="AspNetSqlMembershipP
<add name="AspNetSqlMembershipP
type="System.Web.Security.
connectionStringName="Loca
enablePasswordRetrieval="f
enablePasswordReset="true"
requiresQuestionAndAnswer=
applicationName="/"
requiresUniqueEmail="false
minRequiredPasswordLength=
minRequiredNonalphanumeric
passwordFormat="Hashed"
maxInvalidPasswordAttempts
passwordAttemptWindow="10"
passwordStrengthRegularExp
</providers>
</membership>
1) I would be having a table, where i would key in their information about their login detail such as UserID, password, UserName (Normally First Name),ID(Primary key) and Flag ( Intially Set to 0).
2) On the basis of the UserName and i would generate some Random UserIDs and Passwords for all the Currents users.
3) I would email then this UserId and Password and ask them to login to the account.
4) When they first login i would check whether the flag of the current userid is 0 or 1 if its 0 then i would first ask them to change their userid and password, once they have changed the userid and password i would set this flag to 1.
5) Then using some web forms i would allow the user to add/edit/delete their personal information.
Hope this makes sense..