?
Solved

ASP.NET using Integer as ID for Membership

Posted on 2008-10-29
3
Medium Priority
?
586 Views
Last Modified: 2008-11-05
I am new to asp.net, but I have programmed for years in classic asp.  I have been looking into the membership, role and profile providers but using anything that is standard from microsoft scares me.  If I use the default database layout, it will be only a matter of time before hackers have their way.  But my real issue is that I have a very complex site I would lke to change to .net but it uses int values as ID instead of GUID.  Is there a way I can use integer ID with a custome membership provider??  
0
Comment
Question by:Sitewizard
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 4

Expert Comment

by:nasserd
ID: 22833140
Adopting the ASP.NET Membership Provider is recommended as a wholesale approach, especially if you are migrating existing membership data -- you'll either have to rely on the built-in ASP.NET mechanisms, or use your existing ID-based system.

Nothing prohibits you from modifying the tables and stored procedures once they are installed in your SQL Server database.  As a matter of fact, the SQL Scripts used to generate the tables exist in your C:\Windows\Microsoft.NET\Framework\... folders, so you can modify them at your heart's desire (backup the originals; better yet, modify only copies of those scripts).

I've become a fan of GUIDs myself.
0
 

Author Comment

by:Sitewizard
ID: 22878224
Adopting the asp.net membership is what I mostlikly have to do.  It seems that I can use a custom membership provider to alter table names, I dont like default due to hackers.  But I do have one more question on this subject.  The exhiting data has all passwords in plain text.  I would like to use Encyrpted password type in the new system.  Is there a funciton that I can use to alter my exhisting clear text passwords to the encrypted password that membership will use?  What would be the best approach to accomplish this?
0
 
LVL 4

Accepted Solution

by:
nasserd earned 1500 total points
ID: 22881605
From experience, there are several settings to consider: the encryption scheme, and the ASP.NET encryption settings.  There are, fundamentally, 3 types of password security schemes (passwordFormat web.config node):

Plain-text, 1-way Encryption (password is NOT retrievable), 2-way Encryption (password IS retrievable).  Also, membership records using 1-way Encryption _cannot_ get converted to 2-way Encryption.  In that case, every member's password must get re-created -- and this is necessary for their accounts to even log-in!

Here is a MSDN resource (Implementing a Membership Provider)
http://msdn.microsoft.com/en-us/library/f1kyba5e.aspx

Here is another (Securing Membership)
http://msdn.microsoft.com/en-us/library/ms178398.aspx

To answer the "best approach" statement: once you determine your security scheme (hashed or other), run the encryption/hash process within SQL Server (you can use C# in SSIS) to store the plain-text pwd in a db table column and secured pwd into a different column... then, replace the plain-text with the secured equivalents.

If done correctly, your ASP.NET Login controls should work if all web.config settings are changed properly.  ALWAYS use dummy data (and always have a dummy ASP.NET site) before touching live data.
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Parsing a CSV file is a task that we are confronted with regularly, and although there are a vast number of means to do this, as a newbie, the field can be confusing and the tools can seem complex. A simple solution to parsing a customized CSV fi…
International Data Corporation (IDC) prognosticates that before the current the year gets over disbursing on IT framework products to be sent in cloud environs will be $37.1B.
This tutorial will teach you the special effect of super speed similar to the fictional character Wally West aka "The Flash" After Shake : http://www.videocopilot.net/presets/after_shake/ All lightning effects with instructions : http://www.mediaf…
In this video, Percona Director of Solution Engineering Jon Tobin discusses the function and features of Percona Server for MongoDB. How Percona can help Percona can help you determine if Percona Server for MongoDB is the right solution for …
Suggested Courses
Course of the Month14 days, 23 hours left to enroll

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question