Solved

Add Custom Data to ASP.NET Authentication

Posted on 2014-01-23
13
595 Views
Last Modified: 2014-02-19
Hello Experts,

I'm using ASP.NET 4.5.1 C# and was going to implement Forms Authentication. I would like to be able to collect the following information from a New User to store in the database using ASP.NET's Authentication within SQL. The following information is what I would need to collect and I would like to be able to display the information listed below once a user logs in. Is this possible and if so how? I cannot find any tutorials for this using ASP.NET 4.5.1 C#

Information needed to collect:
 - First Name
 - Last Name
 - Address
 - City
 - State
 - Zip
 - Phone
 - Email
 - Username
 - Password

Information that would need displayed at some point after authentication:
 - First Name
 - Last Name
 - Email
 - Address, City, State and Zip

I have been using my own authentication before with the help of EE members and it has been working fine for me. But I'm not 100% sure it's secure. I have been storing username and I applied a salt and hash to my stored password but I was told that I should be using ASP.NET's Authentication and not my own.
0
Comment
Question by:asp_net2
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 4
  • 2
13 Comments
 
LVL 52

Expert Comment

by:Carl Tawn
ID: 39804525
>> but I was told that I should be using ASP.NET's Authentication and not my own
Who told you that?

If you are salting and hashing the passwords then you aren't doing anything that the built-in authentication mechanism doesn't do.
0
 
LVL 4

Author Comment

by:asp_net2
ID: 39804551
I was told that by EE members. I was told that I would be better off using the built in Authentication/Authorization that ASP.NET has built in.

So my question was how can I add custom data such as what I provided above to store in the DB along with the username and password?
0
 
LVL 52

Expert Comment

by:Carl Tawn
ID: 39804656
Well, if you want to use the built-in authentication framework, then your easiest option would be to use Profiles - which are also part of the framework:

http://msdn.microsoft.com/en-us/library/taab950e(v=vs.100).aspx
0
Is Your Team Achieving Their Full Potential?

74% of employees feel they are not achieving their full potential. With Linux Academy, not only will you strengthen your team's core competencies but also their knowledge of of the newest IT topics.

With new material every week, we'll make sure that you stay ahead of the game.

 
LVL 4

Author Comment

by:asp_net2
ID: 39805454
How would I tie a user the information that I need collected to the initial form that only prompts for username, email and password only for the new user registration? Basically I needed the user to enter his/her personal information along with their username and password and store that data into the same database table or another table as long as they are related.
0
 
LVL 52

Expert Comment

by:Carl Tawn
ID: 39805928
Are you using a WebSite project or a Web Application project?

If you are using WebSite then the Profile is an implicit object (like Session, etc) that is built for you.

If it's a Web Application then it's a bit more fiddly because VS doesn't do the work for you. You can either roll your own Profile class that inherits from ProfileBase, or you can do something like:
// retrieve profile for current user
ProfileBase profile = ProfileBase.Create(Membership.GetUser().UserName);

// set a couple of properties
profile.SetPropertyValue("FirstName", "Bob");
profile.SetPropertyValue("LastName", "Smith");

// save to Membership database
profile.Save();

Open in new window

0
 
LVL 4

Author Comment

by:asp_net2
ID: 39806363
I'm using a Website Project. Are there any sort of tutorials that I could go through that teach you from start to finish how to implement something like this?
0
 
LVL 52

Expert Comment

by:Carl Tawn
ID: 39806477
Try this: http://www.codeproject.com/Articles/420052/Implementing-User-Profiles-in-ASP-NET-A-Beginners

If you have any further queries, or get stuck on any part, just feedback here.
0
 
LVL 4

Author Comment

by:asp_net2
ID: 39807047
Ok, before I can do that I had to setup the Membership, Roles, Users and Profiles within SQL which I just got done doing with no issues.

But, I noticed that the web.config file has the following below:

<membership>
      <providers>
        <!--
	      ASP.NET Membership is disabled in this template. Please visit the following link http://go.microsoft.com/fwlink/?LinkId=301889 to learn about the ASP.NET Membership support in this template
        -->
        <clear />
      </providers>
    </membership>
    <profile>
      <properties>
        <add name="Name" allowAnonymous="true"/>
      </properties>
      <providers>
        <!--
	      ASP.NET Membership Profile is disabled in this template. Please visit the following link http://go.microsoft.com/fwlink/?LinkId=301889 to learn about the ASP.NET Membership support in this template
        -->
        <clear />
      </providers>
    </profile>
    <roleManager>
      <!--
	        ASP.NET Membership Role is disabled in this template. Please visit the following link http://go.microsoft.com/fwlink/?LinkId=301889 to learn about the ASP.NET Membership support in this template
        -->
      <providers>
        <clear />
      </providers>
    </roleManager>

Open in new window


What do I need to add in order to reference my SQL Database and what do I need to add into each of those?
0
 
LVL 4

Author Comment

by:asp_net2
ID: 39807048
Below is my connection string information which is fine.

  <connectionStrings>
    <add name="WTS" connectionString="Data Source=N_PLAPTOP\SQLEXPRESS;Initial Catalog=WebsiteTemplateSecurity;Integrated Security=False;User Id=sa;Password=Tes!34;" providerName="System.Data.SqlClient" />
  </connectionStrings>

Open in new window

0
 
LVL 41

Expert Comment

by:guru_sami
ID: 39830466
As mentioned earlier, I don't see a reason why your one-way hashing is less secure than asp.net membership.
ASP.NET membership gives your a basic class library to work against so you don't need to create your own database, write code to do authentication and creating cookies/etc.

You might want to check these:
http://www.codeproject.com/Articles/27651/ASP-NET-Membership-Part-1

For storing user information, I would create a separate table and link it to the membership user table using the UserId:
- http://www.asp.net/web-forms/tutorials/security/membership/storing-additional-user-information-cs
- http://weblogs.asp.net/gurusarkar/archive/2009/01/27/storing-user-profile-into-a-custom-table-using-createuser-wizard-control.aspx
0
 
LVL 4

Author Comment

by:asp_net2
ID: 39830518
@guru_sami,

I looked at the links you supplied and they seem good. Before I venture in to try those out I just wanted to make sure of a few things.

I plan on storing First name, Last name, Address, City, State, Zip, Phone and Email for my users.

Would it be best to store that data separately from the aspnet_Users table but link them together via UserId field? If so, I was going to create a table named for example EmpData and add the UserId as a FK to the aspnet_Users table.

Or would it be better to store all data to the aspnet_Users table?

The one problem i'm having trouble comprehending is how do I retrieve the UsersId from login and then add to the form that I'm collecting the additional data on?
0
 
LVL 41

Accepted Solution

by:
guru_sami earned 500 total points
ID: 39830746
-> I would store it in a separate table.
- How are you creating your user?
Once the user is created you can get the UserId like:

MembershipUser currentUser = Membership.GetUser(); // Determine the currently logged on user's 
UserId value Guid currentUserId = (Guid)currentUser.ProviderUserKey;

Open in new window


You can use it to pass it to your EmpData table when you store the additional details.
0

Featured Post

SharePoint Admin?

Enable Your Employees To Focus On The Core With Intuitive Onscreen Guidance That is With You At The Moment of Need.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Problem Hi all,    While many today have fast Internet connection, there are many still who do not, or are connecting through devices with a slower connect, so light web pages and fast load times are still popular.    If your ASP.NET page …
More often than not, we developers are confronted with a need: a need to make some kind of magic happen via code. Whether it is for a client, for the boss, or for our own personal projects, the need must be satisfied. Most of the time, the Framework…
There's a multitude of different network monitoring solutions out there, and you're probably wondering what makes NetCrunch so special. It's completely agentless, but does let you create an agent, if you desire. It offers powerful scalability …
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…

717 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question