Solved

Add Custom Data to ASP.NET Authentication

Posted on 2014-01-23
13
589 Views
Last Modified: 2014-02-19
Hello Experts,

I'm using ASP.NET 4.5.1 C# and was going to implement Forms Authentication. I would like to be able to collect the following information from a New User to store in the database using ASP.NET's Authentication within SQL. The following information is what I would need to collect and I would like to be able to display the information listed below once a user logs in. Is this possible and if so how? I cannot find any tutorials for this using ASP.NET 4.5.1 C#

Information needed to collect:
 - First Name
 - Last Name
 - Address
 - City
 - State
 - Zip
 - Phone
 - Email
 - Username
 - Password

Information that would need displayed at some point after authentication:
 - First Name
 - Last Name
 - Email
 - Address, City, State and Zip

I have been using my own authentication before with the help of EE members and it has been working fine for me. But I'm not 100% sure it's secure. I have been storing username and I applied a salt and hash to my stored password but I was told that I should be using ASP.NET's Authentication and not my own.
0
Comment
Question by:asp_net2
  • 6
  • 4
  • 2
13 Comments
 
LVL 52

Expert Comment

by:Carl Tawn
Comment Utility
>> but I was told that I should be using ASP.NET's Authentication and not my own
Who told you that?

If you are salting and hashing the passwords then you aren't doing anything that the built-in authentication mechanism doesn't do.
0
 
LVL 4

Author Comment

by:asp_net2
Comment Utility
I was told that by EE members. I was told that I would be better off using the built in Authentication/Authorization that ASP.NET has built in.

So my question was how can I add custom data such as what I provided above to store in the DB along with the username and password?
0
 
LVL 52

Expert Comment

by:Carl Tawn
Comment Utility
Well, if you want to use the built-in authentication framework, then your easiest option would be to use Profiles - which are also part of the framework:

http://msdn.microsoft.com/en-us/library/taab950e(v=vs.100).aspx
0
 
LVL 4

Author Comment

by:asp_net2
Comment Utility
How would I tie a user the information that I need collected to the initial form that only prompts for username, email and password only for the new user registration? Basically I needed the user to enter his/her personal information along with their username and password and store that data into the same database table or another table as long as they are related.
0
 
LVL 52

Expert Comment

by:Carl Tawn
Comment Utility
Are you using a WebSite project or a Web Application project?

If you are using WebSite then the Profile is an implicit object (like Session, etc) that is built for you.

If it's a Web Application then it's a bit more fiddly because VS doesn't do the work for you. You can either roll your own Profile class that inherits from ProfileBase, or you can do something like:
// retrieve profile for current user
ProfileBase profile = ProfileBase.Create(Membership.GetUser().UserName);

// set a couple of properties
profile.SetPropertyValue("FirstName", "Bob");
profile.SetPropertyValue("LastName", "Smith");

// save to Membership database
profile.Save();

Open in new window

0
 
LVL 4

Author Comment

by:asp_net2
Comment Utility
I'm using a Website Project. Are there any sort of tutorials that I could go through that teach you from start to finish how to implement something like this?
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 
LVL 52

Expert Comment

by:Carl Tawn
Comment Utility
Try this: http://www.codeproject.com/Articles/420052/Implementing-User-Profiles-in-ASP-NET-A-Beginners

If you have any further queries, or get stuck on any part, just feedback here.
0
 
LVL 4

Author Comment

by:asp_net2
Comment Utility
Ok, before I can do that I had to setup the Membership, Roles, Users and Profiles within SQL which I just got done doing with no issues.

But, I noticed that the web.config file has the following below:

<membership>
      <providers>
        <!--
	      ASP.NET Membership is disabled in this template. Please visit the following link http://go.microsoft.com/fwlink/?LinkId=301889 to learn about the ASP.NET Membership support in this template
        -->
        <clear />
      </providers>
    </membership>
    <profile>
      <properties>
        <add name="Name" allowAnonymous="true"/>
      </properties>
      <providers>
        <!--
	      ASP.NET Membership Profile is disabled in this template. Please visit the following link http://go.microsoft.com/fwlink/?LinkId=301889 to learn about the ASP.NET Membership support in this template
        -->
        <clear />
      </providers>
    </profile>
    <roleManager>
      <!--
	        ASP.NET Membership Role is disabled in this template. Please visit the following link http://go.microsoft.com/fwlink/?LinkId=301889 to learn about the ASP.NET Membership support in this template
        -->
      <providers>
        <clear />
      </providers>
    </roleManager>

Open in new window


What do I need to add in order to reference my SQL Database and what do I need to add into each of those?
0
 
LVL 4

Author Comment

by:asp_net2
Comment Utility
Below is my connection string information which is fine.

  <connectionStrings>
    <add name="WTS" connectionString="Data Source=N_PLAPTOP\SQLEXPRESS;Initial Catalog=WebsiteTemplateSecurity;Integrated Security=False;User Id=sa;Password=Tes!34;" providerName="System.Data.SqlClient" />
  </connectionStrings>

Open in new window

0
 
LVL 41

Expert Comment

by:guru_sami
Comment Utility
As mentioned earlier, I don't see a reason why your one-way hashing is less secure than asp.net membership.
ASP.NET membership gives your a basic class library to work against so you don't need to create your own database, write code to do authentication and creating cookies/etc.

You might want to check these:
http://www.codeproject.com/Articles/27651/ASP-NET-Membership-Part-1

For storing user information, I would create a separate table and link it to the membership user table using the UserId:
- http://www.asp.net/web-forms/tutorials/security/membership/storing-additional-user-information-cs
- http://weblogs.asp.net/gurusarkar/archive/2009/01/27/storing-user-profile-into-a-custom-table-using-createuser-wizard-control.aspx
0
 
LVL 4

Author Comment

by:asp_net2
Comment Utility
@guru_sami,

I looked at the links you supplied and they seem good. Before I venture in to try those out I just wanted to make sure of a few things.

I plan on storing First name, Last name, Address, City, State, Zip, Phone and Email for my users.

Would it be best to store that data separately from the aspnet_Users table but link them together via UserId field? If so, I was going to create a table named for example EmpData and add the UserId as a FK to the aspnet_Users table.

Or would it be better to store all data to the aspnet_Users table?

The one problem i'm having trouble comprehending is how do I retrieve the UsersId from login and then add to the form that I'm collecting the additional data on?
0
 
LVL 41

Accepted Solution

by:
guru_sami earned 500 total points
Comment Utility
-> I would store it in a separate table.
- How are you creating your user?
Once the user is created you can get the UserId like:

MembershipUser currentUser = Membership.GetUser(); // Determine the currently logged on user's 
UserId value Guid currentUserId = (Guid)currentUser.ProviderUserKey;

Open in new window


You can use it to pass it to your EmpData table when you store the additional details.
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
.net VBA word safemode 1 23
C# Reverse int in fast ways 6 27
Closing all open child forms. 4 22
fomat Json objects 6 15
Many of us here at EE write code. Many of us write exceptional code; just as many of us write exception-prone code. As we all should know, exceptions are a mechanism for handling errors which are typically out of our control. From database errors, t…
Introduction This article shows how to use the open source plupload control to upload multiple images. The images are resized on the client side before uploading and the upload is done in chunks. Background I had to provide a way for user…
It is a freely distributed piece of software for such tasks as photo retouching, image composition and image authoring. It works on many operating systems, in many languages.
Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now