Solved

Should I use Membership UserID or My Primary Key

Posted on 2010-08-31
2
366 Views
Last Modified: 2013-11-08
I am using asp.net 3.5 with the membership provider.
I added all the provider tables to my existing database using Aspnet_regsql.exe.
I added the userid, which is the data type uniqueidentifier, from the asp.net_users table generated by the membership provider, to my top level table.
The top level table primary key/identity key, is an int (PersonID). Since I used this primary key (PersonID) to relate tables in my original database, before adding membership provider, I just added the userid from the asp.net_users table, to my top level table.

Persons table
PersonID int Identity
UserID uniqueidentifier

Other Tables use PersonID as their FK.

Since this is a web app, I wanted to be sure that, for security reasons, using the PersonID was ok, or if I should change my tables to use the userid/uniqueidentifier instead of the PersonID as the FK.

Thanks
0
Comment
Question by:Sheritlw
2 Comments
 
LVL 32

Accepted Solution

by:
bhess1 earned 500 total points
ID: 33571654
Depends on where you are using it.  If you place the PersonID on a link in your web code, it may make it easier to hack the system in some cases. If I had the option, I would use PersonID internally, and the guid externally (where it could be hacked).  
0
 

Author Comment

by:Sheritlw
ID: 33572547
Thank you bhess1.

I will change the relationship fk to the user id.
0

Featured Post

Back Up Your Microsoft Windows Server®

Back up all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
SSRS 2013 - Finding Datasets/StoredProcedures 4 32
Can I skip a node in XML? 9 29
Change this SQL to get all nodes 3 36
VB.net Filesystem watcher not working 5 31
ASP.Net to Oracle Connectivity Recently I had to develop an ASP.NET application connecting to an Oracle database.As I am doing it first time ,I had to solve several problems. This article will help to such developers  to develop an ASP.NET client…
A long time ago (May 2011), I have written an article showing you how to create a DLL using Visual Studio 2005 to be hosted in SQL Server 2005. That was valid at that time and it is still valid if you are still using these versions. You can still re…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

685 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question