Solved

ASP.NET using Integer as ID for Membership

Posted on 2008-10-29
3
572 Views
Last Modified: 2008-11-05
I am new to asp.net, but I have programmed for years in classic asp.  I have been looking into the membership, role and profile providers but using anything that is standard from microsoft scares me.  If I use the default database layout, it will be only a matter of time before hackers have their way.  But my real issue is that I have a very complex site I would lke to change to .net but it uses int values as ID instead of GUID.  Is there a way I can use integer ID with a custome membership provider??  
0
Comment
Question by:Sitewizard
  • 2
3 Comments
 
LVL 4

Expert Comment

by:nasserd
ID: 22833140
Adopting the ASP.NET Membership Provider is recommended as a wholesale approach, especially if you are migrating existing membership data -- you'll either have to rely on the built-in ASP.NET mechanisms, or use your existing ID-based system.

Nothing prohibits you from modifying the tables and stored procedures once they are installed in your SQL Server database.  As a matter of fact, the SQL Scripts used to generate the tables exist in your C:\Windows\Microsoft.NET\Framework\... folders, so you can modify them at your heart's desire (backup the originals; better yet, modify only copies of those scripts).

I've become a fan of GUIDs myself.
0
 

Author Comment

by:Sitewizard
ID: 22878224
Adopting the asp.net membership is what I mostlikly have to do.  It seems that I can use a custom membership provider to alter table names, I dont like default due to hackers.  But I do have one more question on this subject.  The exhiting data has all passwords in plain text.  I would like to use Encyrpted password type in the new system.  Is there a funciton that I can use to alter my exhisting clear text passwords to the encrypted password that membership will use?  What would be the best approach to accomplish this?
0
 
LVL 4

Accepted Solution

by:
nasserd earned 500 total points
ID: 22881605
From experience, there are several settings to consider: the encryption scheme, and the ASP.NET encryption settings.  There are, fundamentally, 3 types of password security schemes (passwordFormat web.config node):

Plain-text, 1-way Encryption (password is NOT retrievable), 2-way Encryption (password IS retrievable).  Also, membership records using 1-way Encryption _cannot_ get converted to 2-way Encryption.  In that case, every member's password must get re-created -- and this is necessary for their accounts to even log-in!

Here is a MSDN resource (Implementing a Membership Provider)
http://msdn.microsoft.com/en-us/library/f1kyba5e.aspx

Here is another (Securing Membership)
http://msdn.microsoft.com/en-us/library/ms178398.aspx

To answer the "best approach" statement: once you determine your security scheme (hashed or other), run the encryption/hash process within SQL Server (you can use C# in SSIS) to store the plain-text pwd in a db table column and secured pwd into a different column... then, replace the plain-text with the secured equivalents.

If done correctly, your ASP.NET Login controls should work if all web.config settings are changed properly.  ALWAYS use dummy data (and always have a dummy ASP.NET site) before touching live data.
0

Featured Post

Networking for the Cloud Era

Join Microsoft and Riverbed for a discussion and demonstration of enhancements to SteelConnect:
-One-click orchestration and cloud connectivity in Azure environments
-Tight integration of SD-WAN and WAN optimization capabilities
-Scalability and resiliency equal to a data center

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
How to limit User Input 2 27
SSRS 2016 Rendering HTML tables 3 31
Access/Visual Basic Question 3 29
How to filter by key press ? 6 25
Creating an analog clock UserControl seems fairly straight forward.  It is, after all, essentially just a circle with several lines in it!  Two common approaches for rendering an analog clock typically involve either manually calculating points with…
Parsing a CSV file is a task that we are confronted with regularly, and although there are a vast number of means to do this, as a newbie, the field can be confusing and the tools can seem complex. A simple solution to parsing a customized CSV fi…
Finds all prime numbers in a range requested and places them in a public primes() array. I've demostrated a template size of 30 (2 * 3 * 5) but larger templates can be built such 210  (2 * 3 * 5 * 7) or 2310  (2 * 3 * 5 * 7 * 11). The larger templa…
I've attached the XLSM Excel spreadsheet I used in the video and also text files containing the macros used below. https://filedb.experts-exchange.com/incoming/2017/03_w12/1151775/Permutations.txt https://filedb.experts-exchange.com/incoming/201…

820 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question