Solved

ASP.NET using Integer as ID for Membership

Posted on 2008-10-29
3
583 Views
Last Modified: 2008-11-05
I am new to asp.net, but I have programmed for years in classic asp.  I have been looking into the membership, role and profile providers but using anything that is standard from microsoft scares me.  If I use the default database layout, it will be only a matter of time before hackers have their way.  But my real issue is that I have a very complex site I would lke to change to .net but it uses int values as ID instead of GUID.  Is there a way I can use integer ID with a custome membership provider??  
0
Comment
Question by:Sitewizard
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 4

Expert Comment

by:nasserd
ID: 22833140
Adopting the ASP.NET Membership Provider is recommended as a wholesale approach, especially if you are migrating existing membership data -- you'll either have to rely on the built-in ASP.NET mechanisms, or use your existing ID-based system.

Nothing prohibits you from modifying the tables and stored procedures once they are installed in your SQL Server database.  As a matter of fact, the SQL Scripts used to generate the tables exist in your C:\Windows\Microsoft.NET\Framework\... folders, so you can modify them at your heart's desire (backup the originals; better yet, modify only copies of those scripts).

I've become a fan of GUIDs myself.
0
 

Author Comment

by:Sitewizard
ID: 22878224
Adopting the asp.net membership is what I mostlikly have to do.  It seems that I can use a custom membership provider to alter table names, I dont like default due to hackers.  But I do have one more question on this subject.  The exhiting data has all passwords in plain text.  I would like to use Encyrpted password type in the new system.  Is there a funciton that I can use to alter my exhisting clear text passwords to the encrypted password that membership will use?  What would be the best approach to accomplish this?
0
 
LVL 4

Accepted Solution

by:
nasserd earned 500 total points
ID: 22881605
From experience, there are several settings to consider: the encryption scheme, and the ASP.NET encryption settings.  There are, fundamentally, 3 types of password security schemes (passwordFormat web.config node):

Plain-text, 1-way Encryption (password is NOT retrievable), 2-way Encryption (password IS retrievable).  Also, membership records using 1-way Encryption _cannot_ get converted to 2-way Encryption.  In that case, every member's password must get re-created -- and this is necessary for their accounts to even log-in!

Here is a MSDN resource (Implementing a Membership Provider)
http://msdn.microsoft.com/en-us/library/f1kyba5e.aspx

Here is another (Securing Membership)
http://msdn.microsoft.com/en-us/library/ms178398.aspx

To answer the "best approach" statement: once you determine your security scheme (hashed or other), run the encryption/hash process within SQL Server (you can use C# in SSIS) to store the plain-text pwd in a db table column and secured pwd into a different column... then, replace the plain-text with the secured equivalents.

If done correctly, your ASP.NET Login controls should work if all web.config settings are changed properly.  ALWAYS use dummy data (and always have a dummy ASP.NET site) before touching live data.
0

Featured Post

PeopleSoft Has Never Been Easier

PeopleSoft Adoption Made Smooth & Simple!

On-The-Job Training Is made Intuitive & Easy With WalkMe's On-Screen Guidance Tool.  Claim Your Free WalkMe Account Now

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In .NET 2.0, Microsoft introduced the Web Site.  This was the default way to create a web Project in Visual Studio 2005.  In Visual Studio 2008, the Web Application has been restored as the default web Project in Visual Studio/.NET 3.x The Web Si…
IntroductionWhile developing web applications, a single page might contain many regions and each region might contain many number of controls with the capability to perform  postback. Many times you might need to perform some action on an ASP.NET po…
This video Micro Tutorial shows how to password-protect PDF files with free software. Many software products can do this, such as Adobe Acrobat (but not Adobe Reader), Nuance PaperPort, and Nuance Power PDF, but they are not free products. This vide…
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…

689 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question