Solved

ASP.NET using Integer as ID for Membership

Posted on 2008-10-29
3
567 Views
Last Modified: 2008-11-05
I am new to asp.net, but I have programmed for years in classic asp.  I have been looking into the membership, role and profile providers but using anything that is standard from microsoft scares me.  If I use the default database layout, it will be only a matter of time before hackers have their way.  But my real issue is that I have a very complex site I would lke to change to .net but it uses int values as ID instead of GUID.  Is there a way I can use integer ID with a custome membership provider??  
0
Comment
Question by:Sitewizard
  • 2
3 Comments
 
LVL 4

Expert Comment

by:nasserd
ID: 22833140
Adopting the ASP.NET Membership Provider is recommended as a wholesale approach, especially if you are migrating existing membership data -- you'll either have to rely on the built-in ASP.NET mechanisms, or use your existing ID-based system.

Nothing prohibits you from modifying the tables and stored procedures once they are installed in your SQL Server database.  As a matter of fact, the SQL Scripts used to generate the tables exist in your C:\Windows\Microsoft.NET\Framework\... folders, so you can modify them at your heart's desire (backup the originals; better yet, modify only copies of those scripts).

I've become a fan of GUIDs myself.
0
 

Author Comment

by:Sitewizard
ID: 22878224
Adopting the asp.net membership is what I mostlikly have to do.  It seems that I can use a custom membership provider to alter table names, I dont like default due to hackers.  But I do have one more question on this subject.  The exhiting data has all passwords in plain text.  I would like to use Encyrpted password type in the new system.  Is there a funciton that I can use to alter my exhisting clear text passwords to the encrypted password that membership will use?  What would be the best approach to accomplish this?
0
 
LVL 4

Accepted Solution

by:
nasserd earned 500 total points
ID: 22881605
From experience, there are several settings to consider: the encryption scheme, and the ASP.NET encryption settings.  There are, fundamentally, 3 types of password security schemes (passwordFormat web.config node):

Plain-text, 1-way Encryption (password is NOT retrievable), 2-way Encryption (password IS retrievable).  Also, membership records using 1-way Encryption _cannot_ get converted to 2-way Encryption.  In that case, every member's password must get re-created -- and this is necessary for their accounts to even log-in!

Here is a MSDN resource (Implementing a Membership Provider)
http://msdn.microsoft.com/en-us/library/f1kyba5e.aspx

Here is another (Securing Membership)
http://msdn.microsoft.com/en-us/library/ms178398.aspx

To answer the "best approach" statement: once you determine your security scheme (hashed or other), run the encryption/hash process within SQL Server (you can use C# in SSIS) to store the plain-text pwd in a db table column and secured pwd into a different column... then, replace the plain-text with the secured equivalents.

If done correctly, your ASP.NET Login controls should work if all web.config settings are changed properly.  ALWAYS use dummy data (and always have a dummy ASP.NET site) before touching live data.
0

Featured Post

ScreenConnect 6.0 Free Trial

Check out the updates in one game-changing release, ScreenConnect 6.0, based on partner feedback. New features include a redesigned UI that improves session organization and overall user experience. See the enhancements for yourself!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
IIS redirect 1 68
Deploying to Azure 3 29
Error handling in asp.net site 5 27
vb.net winforms sizing/resolution? 4 32
In an ASP.NET application, I faced some technical problems. In this article, I list them out and show the solutions that I found.  I hope it will be useful. Problem: After closing a pop-up window, the parent page should be refreshed automaticall…
The ECB site provides FX rates for major currencies since its inception in 1999 in the form of an XML feed. The files have the following format (reducted for brevity) (CODE) There are three files available HERE (http://www.ecb.europa.eu/stats/exch…
This tutorial gives a high-level tour of the interface of Marketo (a marketing automation tool to help businesses track and engage prospective customers and drive them to purchase). You will see the main areas including Marketing Activities, Design …
Although Jacob Bernoulli (1654-1705) has been credited as the creator of "Binomial Distribution Table", Gottfried Leibniz (1646-1716) did his dissertation on the subject in 1666; Leibniz you may recall is the co-inventor of "Calculus" and beat Isaac…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question