Solved

ASP.NET using Integer as ID for Membership

Posted on 2008-10-29
3
542 Views
Last Modified: 2008-11-05
I am new to asp.net, but I have programmed for years in classic asp.  I have been looking into the membership, role and profile providers but using anything that is standard from microsoft scares me.  If I use the default database layout, it will be only a matter of time before hackers have their way.  But my real issue is that I have a very complex site I would lke to change to .net but it uses int values as ID instead of GUID.  Is there a way I can use integer ID with a custome membership provider??  
0
Comment
Question by:Sitewizard
  • 2
3 Comments
 
LVL 4

Expert Comment

by:nasserd
ID: 22833140
Adopting the ASP.NET Membership Provider is recommended as a wholesale approach, especially if you are migrating existing membership data -- you'll either have to rely on the built-in ASP.NET mechanisms, or use your existing ID-based system.

Nothing prohibits you from modifying the tables and stored procedures once they are installed in your SQL Server database.  As a matter of fact, the SQL Scripts used to generate the tables exist in your C:\Windows\Microsoft.NET\Framework\... folders, so you can modify them at your heart's desire (backup the originals; better yet, modify only copies of those scripts).

I've become a fan of GUIDs myself.
0
 

Author Comment

by:Sitewizard
ID: 22878224
Adopting the asp.net membership is what I mostlikly have to do.  It seems that I can use a custom membership provider to alter table names, I dont like default due to hackers.  But I do have one more question on this subject.  The exhiting data has all passwords in plain text.  I would like to use Encyrpted password type in the new system.  Is there a funciton that I can use to alter my exhisting clear text passwords to the encrypted password that membership will use?  What would be the best approach to accomplish this?
0
 
LVL 4

Accepted Solution

by:
nasserd earned 500 total points
ID: 22881605
From experience, there are several settings to consider: the encryption scheme, and the ASP.NET encryption settings.  There are, fundamentally, 3 types of password security schemes (passwordFormat web.config node):

Plain-text, 1-way Encryption (password is NOT retrievable), 2-way Encryption (password IS retrievable).  Also, membership records using 1-way Encryption _cannot_ get converted to 2-way Encryption.  In that case, every member's password must get re-created -- and this is necessary for their accounts to even log-in!

Here is a MSDN resource (Implementing a Membership Provider)
http://msdn.microsoft.com/en-us/library/f1kyba5e.aspx

Here is another (Securing Membership)
http://msdn.microsoft.com/en-us/library/ms178398.aspx

To answer the "best approach" statement: once you determine your security scheme (hashed or other), run the encryption/hash process within SQL Server (you can use C# in SSIS) to store the plain-text pwd in a db table column and secured pwd into a different column... then, replace the plain-text with the secured equivalents.

If done correctly, your ASP.NET Login controls should work if all web.config settings are changed properly.  ALWAYS use dummy data (and always have a dummy ASP.NET site) before touching live data.
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

I recently went through the process of creating a Calendar Control of events with the basis of using a database to keep track of the dates that are selectable, one requirement was to have the selected date pop-up in a simple lightbox.  At first this…
If you need to start windows update installation remotely or as a scheduled task you will find this very helpful.
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …
This video demonstrates how to create an example email signature rule for a department in a company using CodeTwo Exchange Rules. The signature will be inserted beneath users' latest emails in conversations and will be displayed in users' Sent Items…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now