Avatar of deloused

asked on 

Matching a new web user to their pre-loaded personal information

I would like to backload the personal information of my web users in a sql server 2005 database.  I want the users to be able create their own username and passwords and associate the user with the appropriate data.

The way I've thought about solving this problem would be to assign the web users users a unique 5 digit number.  I will in their personal information in the database, with this number, and then send them this number.  When they come to the website they can put in this number which will link them to their information.  They will then be prompted to put in their own username, password ect.

Does this sound like a good system?  I have no idea how to actually implement this...I was wondering if anyone had some suggestions on how to create this.  Specifically, on the second step of the CreateUserWizard, how to load their "personal information" based on the data that I've put in so they can verify it and finish creating the user.  I hope that this makes sense.  
.NET ProgrammingEditors IDEsMicrosoft SQL Server

Avatar of undefined
Last Comment
Avatar of chiragkhabaria

Well, if i had this project then i would do in this way.

1) I would be having a table, where i would key in their information about their login detail such as UserID, password, UserName (Normally First Name),ID(Primary key) and Flag ( Intially Set to 0).

2) On the basis of the UserName and i would generate some Random UserIDs and Passwords for all the Currents users.

3) I would email then this UserId and Password and ask them to login to the account.

4) When they first login i would check whether the flag of the current userid is 0 or 1 if its 0 then i would first ask them to change their userid and password, once they have changed the userid and password i would set this flag to 1.

5) Then using some web forms i would allow the user to add/edit/delete their personal information.

Hope this makes sense..
Avatar of Lowfatspread
Flag of United Kingdom of Great Britain and Northern Ireland image

you shouldn't just have a number... as then anyone could "steal/view" the data, and you be in violation of several data protection laws... as a minimum you should combine the unique number with some personal data e.g the persons name...

remember to assign the numbers randomly, and  consider a checkdigit...
Avatar of deloused


The way you suggested I have thought about.  The problem is that I do not want to have clear text passwords.  I would prefer to have hashed w/ salt passwords.  I don't know how to generate the random passwords that are hashed and salted.  If you know how to do that, I have the rest of the steps already set up(i have the webforms to change their personal information).  

I agree with what you have stated.  I was just using an idea I've seen on another website.  I would ideally like to do it in the above mentioned manner...just don't really know how to do either way...
Avatar of deloused


The problem is that I would want to use hashed and salted passwords.  The only way I know how to make hashed passwords is through the asp.net CreateUserWizard.  I would have to enter the username and password manually for 3,000 web users...which seems completely unreasonable.  

Thanks for the links, those will definitely help but I need a way to make those passwords hashed as well.  
Avatar of chiragkhabaria

Blurred text
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
Avatar of deloused


That link looks like the perfect solution.  I'm having trouble logging in after I've converted the clear text password to hashed/slated password.  I'm using the MD5 password format now instead of "Hashed".  How would I change this below to match up with MD5.  I'm searching the net looking for an answer but have to yet to find one.  I think I just need to change the PublicKeyToken and PasswordFormat, but I'm not really sure.  Thanks for you help!

                        <remove name="AspNetSqlMembershipProvider" />
                        <add name="AspNetSqlMembershipProvider"
                              type="System.Web.Security.SqlMembershipProvider, System.Web, Version=, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
                              passwordStrengthRegularExpression="" />
Microsoft SQL Server
Microsoft SQL Server

Microsoft SQL Server is a suite of relational database management system (RDBMS) products providing multi-user database access functionality.SQL Server is available in multiple versions, typically identified by release year, and versions are subdivided into editions to distinguish between product functionality. Component services include integration (SSIS), reporting (SSRS), analysis (SSAS), data quality, master data, T-SQL and performance tuning.

Top Experts
Get a personalized solution from industry experts
Ask the experts
Read over 600 more reviews


IBM logoIntel logoMicrosoft logoUbisoft logoSAP logo
Qualcomm logoCitrix Systems logoWorkday logoErnst & Young logo
High performer badgeUsers love us badge
LinkedIn logoFacebook logoX logoInstagram logoTikTok logoYouTube logo