Solved

Add Custom Data to ASP.NET Authentication

Posted on 2014-01-23
13
593 Views
Last Modified: 2014-02-19
Hello Experts,

I'm using ASP.NET 4.5.1 C# and was going to implement Forms Authentication. I would like to be able to collect the following information from a New User to store in the database using ASP.NET's Authentication within SQL. The following information is what I would need to collect and I would like to be able to display the information listed below once a user logs in. Is this possible and if so how? I cannot find any tutorials for this using ASP.NET 4.5.1 C#

Information needed to collect:
 - First Name
 - Last Name
 - Address
 - City
 - State
 - Zip
 - Phone
 - Email
 - Username
 - Password

Information that would need displayed at some point after authentication:
 - First Name
 - Last Name
 - Email
 - Address, City, State and Zip

I have been using my own authentication before with the help of EE members and it has been working fine for me. But I'm not 100% sure it's secure. I have been storing username and I applied a salt and hash to my stored password but I was told that I should be using ASP.NET's Authentication and not my own.
0
Comment
Question by:asp_net2
  • 6
  • 4
  • 2
13 Comments
 
LVL 52

Expert Comment

by:Carl Tawn
ID: 39804525
>> but I was told that I should be using ASP.NET's Authentication and not my own
Who told you that?

If you are salting and hashing the passwords then you aren't doing anything that the built-in authentication mechanism doesn't do.
0
 
LVL 4

Author Comment

by:asp_net2
ID: 39804551
I was told that by EE members. I was told that I would be better off using the built in Authentication/Authorization that ASP.NET has built in.

So my question was how can I add custom data such as what I provided above to store in the DB along with the username and password?
0
 
LVL 52

Expert Comment

by:Carl Tawn
ID: 39804656
Well, if you want to use the built-in authentication framework, then your easiest option would be to use Profiles - which are also part of the framework:

http://msdn.microsoft.com/en-us/library/taab950e(v=vs.100).aspx
0
Resolve Critical IT Incidents Fast

If your data, services or processes become compromised, your organization can suffer damage in just minutes and how fast you communicate during a major IT incident is everything. Learn how to immediately identify incidents & best practices to resolve them quickly and effectively.

 
LVL 4

Author Comment

by:asp_net2
ID: 39805454
How would I tie a user the information that I need collected to the initial form that only prompts for username, email and password only for the new user registration? Basically I needed the user to enter his/her personal information along with their username and password and store that data into the same database table or another table as long as they are related.
0
 
LVL 52

Expert Comment

by:Carl Tawn
ID: 39805928
Are you using a WebSite project or a Web Application project?

If you are using WebSite then the Profile is an implicit object (like Session, etc) that is built for you.

If it's a Web Application then it's a bit more fiddly because VS doesn't do the work for you. You can either roll your own Profile class that inherits from ProfileBase, or you can do something like:
// retrieve profile for current user
ProfileBase profile = ProfileBase.Create(Membership.GetUser().UserName);

// set a couple of properties
profile.SetPropertyValue("FirstName", "Bob");
profile.SetPropertyValue("LastName", "Smith");

// save to Membership database
profile.Save();

Open in new window

0
 
LVL 4

Author Comment

by:asp_net2
ID: 39806363
I'm using a Website Project. Are there any sort of tutorials that I could go through that teach you from start to finish how to implement something like this?
0
 
LVL 52

Expert Comment

by:Carl Tawn
ID: 39806477
Try this: http://www.codeproject.com/Articles/420052/Implementing-User-Profiles-in-ASP-NET-A-Beginners

If you have any further queries, or get stuck on any part, just feedback here.
0
 
LVL 4

Author Comment

by:asp_net2
ID: 39807047
Ok, before I can do that I had to setup the Membership, Roles, Users and Profiles within SQL which I just got done doing with no issues.

But, I noticed that the web.config file has the following below:

<membership>
      <providers>
        <!--
	      ASP.NET Membership is disabled in this template. Please visit the following link http://go.microsoft.com/fwlink/?LinkId=301889 to learn about the ASP.NET Membership support in this template
        -->
        <clear />
      </providers>
    </membership>
    <profile>
      <properties>
        <add name="Name" allowAnonymous="true"/>
      </properties>
      <providers>
        <!--
	      ASP.NET Membership Profile is disabled in this template. Please visit the following link http://go.microsoft.com/fwlink/?LinkId=301889 to learn about the ASP.NET Membership support in this template
        -->
        <clear />
      </providers>
    </profile>
    <roleManager>
      <!--
	        ASP.NET Membership Role is disabled in this template. Please visit the following link http://go.microsoft.com/fwlink/?LinkId=301889 to learn about the ASP.NET Membership support in this template
        -->
      <providers>
        <clear />
      </providers>
    </roleManager>

Open in new window


What do I need to add in order to reference my SQL Database and what do I need to add into each of those?
0
 
LVL 4

Author Comment

by:asp_net2
ID: 39807048
Below is my connection string information which is fine.

  <connectionStrings>
    <add name="WTS" connectionString="Data Source=N_PLAPTOP\SQLEXPRESS;Initial Catalog=WebsiteTemplateSecurity;Integrated Security=False;User Id=sa;Password=Tes!34;" providerName="System.Data.SqlClient" />
  </connectionStrings>

Open in new window

0
 
LVL 41

Expert Comment

by:guru_sami
ID: 39830466
As mentioned earlier, I don't see a reason why your one-way hashing is less secure than asp.net membership.
ASP.NET membership gives your a basic class library to work against so you don't need to create your own database, write code to do authentication and creating cookies/etc.

You might want to check these:
http://www.codeproject.com/Articles/27651/ASP-NET-Membership-Part-1

For storing user information, I would create a separate table and link it to the membership user table using the UserId:
- http://www.asp.net/web-forms/tutorials/security/membership/storing-additional-user-information-cs
- http://weblogs.asp.net/gurusarkar/archive/2009/01/27/storing-user-profile-into-a-custom-table-using-createuser-wizard-control.aspx
0
 
LVL 4

Author Comment

by:asp_net2
ID: 39830518
@guru_sami,

I looked at the links you supplied and they seem good. Before I venture in to try those out I just wanted to make sure of a few things.

I plan on storing First name, Last name, Address, City, State, Zip, Phone and Email for my users.

Would it be best to store that data separately from the aspnet_Users table but link them together via UserId field? If so, I was going to create a table named for example EmpData and add the UserId as a FK to the aspnet_Users table.

Or would it be better to store all data to the aspnet_Users table?

The one problem i'm having trouble comprehending is how do I retrieve the UsersId from login and then add to the form that I'm collecting the additional data on?
0
 
LVL 41

Accepted Solution

by:
guru_sami earned 500 total points
ID: 39830746
-> I would store it in a separate table.
- How are you creating your user?
Once the user is created you can get the UserId like:

MembershipUser currentUser = Membership.GetUser(); // Determine the currently logged on user's 
UserId value Guid currentUserId = (Guid)currentUser.ProviderUserKey;

Open in new window


You can use it to pass it to your EmpData table when you store the additional details.
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Wouldn’t it be nice if you could test whether an element is contained in an array by using a Contains method just like the one available on List objects? Wouldn’t it be good if you could write code like this? (CODE) In .NET 3.5, this is possible…
Real-time is more about the business, not the technology. In day-to-day life, to make real-time decisions like buying or investing, business needs the latest information(e.g. Gold Rate/Stock Rate). Unlike traditional days, you need not wait for a fe…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
I've attached the XLSM Excel spreadsheet I used in the video and also text files containing the macros used below. https://filedb.experts-exchange.com/incoming/2017/03_w12/1151775/Permutations.txt https://filedb.experts-exchange.com/incoming/201…

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question