?
Solved

Add Custom Data to ASP.NET Authentication

Posted on 2014-01-23
13
Medium Priority
?
605 Views
Last Modified: 2014-02-19
Hello Experts,

I'm using ASP.NET 4.5.1 C# and was going to implement Forms Authentication. I would like to be able to collect the following information from a New User to store in the database using ASP.NET's Authentication within SQL. The following information is what I would need to collect and I would like to be able to display the information listed below once a user logs in. Is this possible and if so how? I cannot find any tutorials for this using ASP.NET 4.5.1 C#

Information needed to collect:
 - First Name
 - Last Name
 - Address
 - City
 - State
 - Zip
 - Phone
 - Email
 - Username
 - Password

Information that would need displayed at some point after authentication:
 - First Name
 - Last Name
 - Email
 - Address, City, State and Zip

I have been using my own authentication before with the help of EE members and it has been working fine for me. But I'm not 100% sure it's secure. I have been storing username and I applied a salt and hash to my stored password but I was told that I should be using ASP.NET's Authentication and not my own.
0
Comment
Question by:asp_net2
  • 6
  • 4
  • 2
12 Comments
 
LVL 52

Expert Comment

by:Carl Tawn
ID: 39804525
>> but I was told that I should be using ASP.NET's Authentication and not my own
Who told you that?

If you are salting and hashing the passwords then you aren't doing anything that the built-in authentication mechanism doesn't do.
0
 
LVL 4

Author Comment

by:asp_net2
ID: 39804551
I was told that by EE members. I was told that I would be better off using the built in Authentication/Authorization that ASP.NET has built in.

So my question was how can I add custom data such as what I provided above to store in the DB along with the username and password?
0
 
LVL 52

Expert Comment

by:Carl Tawn
ID: 39804656
Well, if you want to use the built-in authentication framework, then your easiest option would be to use Profiles - which are also part of the framework:

http://msdn.microsoft.com/en-us/library/taab950e(v=vs.100).aspx
0
Granular recovery for Microsoft Exchange

With Veeam Explorer for Microsoft Exchange you can choose the Exchange Servers and restore points you’re interested in, and Veeam Explorer will present the contents of those mailbox stores for browsing, searching and exporting.

 
LVL 4

Author Comment

by:asp_net2
ID: 39805454
How would I tie a user the information that I need collected to the initial form that only prompts for username, email and password only for the new user registration? Basically I needed the user to enter his/her personal information along with their username and password and store that data into the same database table or another table as long as they are related.
0
 
LVL 52

Expert Comment

by:Carl Tawn
ID: 39805928
Are you using a WebSite project or a Web Application project?

If you are using WebSite then the Profile is an implicit object (like Session, etc) that is built for you.

If it's a Web Application then it's a bit more fiddly because VS doesn't do the work for you. You can either roll your own Profile class that inherits from ProfileBase, or you can do something like:
// retrieve profile for current user
ProfileBase profile = ProfileBase.Create(Membership.GetUser().UserName);

// set a couple of properties
profile.SetPropertyValue("FirstName", "Bob");
profile.SetPropertyValue("LastName", "Smith");

// save to Membership database
profile.Save();

Open in new window

0
 
LVL 4

Author Comment

by:asp_net2
ID: 39806363
I'm using a Website Project. Are there any sort of tutorials that I could go through that teach you from start to finish how to implement something like this?
0
 
LVL 52

Expert Comment

by:Carl Tawn
ID: 39806477
Try this: http://www.codeproject.com/Articles/420052/Implementing-User-Profiles-in-ASP-NET-A-Beginners

If you have any further queries, or get stuck on any part, just feedback here.
0
 
LVL 4

Author Comment

by:asp_net2
ID: 39807047
Ok, before I can do that I had to setup the Membership, Roles, Users and Profiles within SQL which I just got done doing with no issues.

But, I noticed that the web.config file has the following below:

<membership>
      <providers>
        <!--
	      ASP.NET Membership is disabled in this template. Please visit the following link http://go.microsoft.com/fwlink/?LinkId=301889 to learn about the ASP.NET Membership support in this template
        -->
        <clear />
      </providers>
    </membership>
    <profile>
      <properties>
        <add name="Name" allowAnonymous="true"/>
      </properties>
      <providers>
        <!--
	      ASP.NET Membership Profile is disabled in this template. Please visit the following link http://go.microsoft.com/fwlink/?LinkId=301889 to learn about the ASP.NET Membership support in this template
        -->
        <clear />
      </providers>
    </profile>
    <roleManager>
      <!--
	        ASP.NET Membership Role is disabled in this template. Please visit the following link http://go.microsoft.com/fwlink/?LinkId=301889 to learn about the ASP.NET Membership support in this template
        -->
      <providers>
        <clear />
      </providers>
    </roleManager>

Open in new window


What do I need to add in order to reference my SQL Database and what do I need to add into each of those?
0
 
LVL 4

Author Comment

by:asp_net2
ID: 39807048
Below is my connection string information which is fine.

  <connectionStrings>
    <add name="WTS" connectionString="Data Source=N_PLAPTOP\SQLEXPRESS;Initial Catalog=WebsiteTemplateSecurity;Integrated Security=False;User Id=sa;Password=Tes!34;" providerName="System.Data.SqlClient" />
  </connectionStrings>

Open in new window

0
 
LVL 41

Expert Comment

by:guru_sami
ID: 39830466
As mentioned earlier, I don't see a reason why your one-way hashing is less secure than asp.net membership.
ASP.NET membership gives your a basic class library to work against so you don't need to create your own database, write code to do authentication and creating cookies/etc.

You might want to check these:
http://www.codeproject.com/Articles/27651/ASP-NET-Membership-Part-1

For storing user information, I would create a separate table and link it to the membership user table using the UserId:
- http://www.asp.net/web-forms/tutorials/security/membership/storing-additional-user-information-cs
- http://weblogs.asp.net/gurusarkar/archive/2009/01/27/storing-user-profile-into-a-custom-table-using-createuser-wizard-control.aspx
0
 
LVL 4

Author Comment

by:asp_net2
ID: 39830518
@guru_sami,

I looked at the links you supplied and they seem good. Before I venture in to try those out I just wanted to make sure of a few things.

I plan on storing First name, Last name, Address, City, State, Zip, Phone and Email for my users.

Would it be best to store that data separately from the aspnet_Users table but link them together via UserId field? If so, I was going to create a table named for example EmpData and add the UserId as a FK to the aspnet_Users table.

Or would it be better to store all data to the aspnet_Users table?

The one problem i'm having trouble comprehending is how do I retrieve the UsersId from login and then add to the form that I'm collecting the additional data on?
0
 
LVL 41

Accepted Solution

by:
guru_sami earned 2000 total points
ID: 39830746
-> I would store it in a separate table.
- How are you creating your user?
Once the user is created you can get the UserId like:

MembershipUser currentUser = Membership.GetUser(); // Determine the currently logged on user's 
UserId value Guid currentUserId = (Guid)currentUser.ProviderUserKey;

Open in new window


You can use it to pass it to your EmpData table when you store the additional details.
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A long time ago (May 2011), I have written an article showing you how to create a DLL using Visual Studio 2005 to be hosted in SQL Server 2005. That was valid at that time and it is still valid if you are still using these versions. You can still re…
Simulator games are perfect for generating sample realistic data streams, especially for learning data analysis. It is even useful for demoing offerings such as Azure stream analytics, PowerBI etc.
This video shows how to quickly and easily deploy an email signature for all users in Office 365 and prevent it from being added to replies and forwards. (the resulting signature is applied on the server level in Exchange Online) The email signat…
In a question here at Experts Exchange (https://www.experts-exchange.com/questions/29062564/Adobe-acrobat-reader-DC.html), a member asked how to create a signature in Adobe Acrobat Reader DC (the free Reader product, not the paid, full Acrobat produ…
Suggested Courses
Course of the Month13 days, 15 hours left to enroll

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question