Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Add Custom Data to ASP.NET Authentication

Posted on 2014-01-23
13
Medium Priority
?
601 Views
Last Modified: 2014-02-19
Hello Experts,

I'm using ASP.NET 4.5.1 C# and was going to implement Forms Authentication. I would like to be able to collect the following information from a New User to store in the database using ASP.NET's Authentication within SQL. The following information is what I would need to collect and I would like to be able to display the information listed below once a user logs in. Is this possible and if so how? I cannot find any tutorials for this using ASP.NET 4.5.1 C#

Information needed to collect:
 - First Name
 - Last Name
 - Address
 - City
 - State
 - Zip
 - Phone
 - Email
 - Username
 - Password

Information that would need displayed at some point after authentication:
 - First Name
 - Last Name
 - Email
 - Address, City, State and Zip

I have been using my own authentication before with the help of EE members and it has been working fine for me. But I'm not 100% sure it's secure. I have been storing username and I applied a salt and hash to my stored password but I was told that I should be using ASP.NET's Authentication and not my own.
0
Comment
Question by:asp_net2
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 4
  • 2
13 Comments
 
LVL 52

Expert Comment

by:Carl Tawn
ID: 39804525
>> but I was told that I should be using ASP.NET's Authentication and not my own
Who told you that?

If you are salting and hashing the passwords then you aren't doing anything that the built-in authentication mechanism doesn't do.
0
 
LVL 4

Author Comment

by:asp_net2
ID: 39804551
I was told that by EE members. I was told that I would be better off using the built in Authentication/Authorization that ASP.NET has built in.

So my question was how can I add custom data such as what I provided above to store in the DB along with the username and password?
0
 
LVL 52

Expert Comment

by:Carl Tawn
ID: 39804656
Well, if you want to use the built-in authentication framework, then your easiest option would be to use Profiles - which are also part of the framework:

http://msdn.microsoft.com/en-us/library/taab950e(v=vs.100).aspx
0
Get free NFR key for Veeam Availability Suite 9.5

Veeam is happy to provide a free NFR license (1 year, 2 sockets) to all certified IT Pros. The license allows for the non-production use of Veeam Availability Suite v9.5 in your home lab, without any feature limitations. It works for both VMware and Hyper-V environments

 
LVL 4

Author Comment

by:asp_net2
ID: 39805454
How would I tie a user the information that I need collected to the initial form that only prompts for username, email and password only for the new user registration? Basically I needed the user to enter his/her personal information along with their username and password and store that data into the same database table or another table as long as they are related.
0
 
LVL 52

Expert Comment

by:Carl Tawn
ID: 39805928
Are you using a WebSite project or a Web Application project?

If you are using WebSite then the Profile is an implicit object (like Session, etc) that is built for you.

If it's a Web Application then it's a bit more fiddly because VS doesn't do the work for you. You can either roll your own Profile class that inherits from ProfileBase, or you can do something like:
// retrieve profile for current user
ProfileBase profile = ProfileBase.Create(Membership.GetUser().UserName);

// set a couple of properties
profile.SetPropertyValue("FirstName", "Bob");
profile.SetPropertyValue("LastName", "Smith");

// save to Membership database
profile.Save();

Open in new window

0
 
LVL 4

Author Comment

by:asp_net2
ID: 39806363
I'm using a Website Project. Are there any sort of tutorials that I could go through that teach you from start to finish how to implement something like this?
0
 
LVL 52

Expert Comment

by:Carl Tawn
ID: 39806477
Try this: http://www.codeproject.com/Articles/420052/Implementing-User-Profiles-in-ASP-NET-A-Beginners

If you have any further queries, or get stuck on any part, just feedback here.
0
 
LVL 4

Author Comment

by:asp_net2
ID: 39807047
Ok, before I can do that I had to setup the Membership, Roles, Users and Profiles within SQL which I just got done doing with no issues.

But, I noticed that the web.config file has the following below:

<membership>
      <providers>
        <!--
	      ASP.NET Membership is disabled in this template. Please visit the following link http://go.microsoft.com/fwlink/?LinkId=301889 to learn about the ASP.NET Membership support in this template
        -->
        <clear />
      </providers>
    </membership>
    <profile>
      <properties>
        <add name="Name" allowAnonymous="true"/>
      </properties>
      <providers>
        <!--
	      ASP.NET Membership Profile is disabled in this template. Please visit the following link http://go.microsoft.com/fwlink/?LinkId=301889 to learn about the ASP.NET Membership support in this template
        -->
        <clear />
      </providers>
    </profile>
    <roleManager>
      <!--
	        ASP.NET Membership Role is disabled in this template. Please visit the following link http://go.microsoft.com/fwlink/?LinkId=301889 to learn about the ASP.NET Membership support in this template
        -->
      <providers>
        <clear />
      </providers>
    </roleManager>

Open in new window


What do I need to add in order to reference my SQL Database and what do I need to add into each of those?
0
 
LVL 4

Author Comment

by:asp_net2
ID: 39807048
Below is my connection string information which is fine.

  <connectionStrings>
    <add name="WTS" connectionString="Data Source=N_PLAPTOP\SQLEXPRESS;Initial Catalog=WebsiteTemplateSecurity;Integrated Security=False;User Id=sa;Password=Tes!34;" providerName="System.Data.SqlClient" />
  </connectionStrings>

Open in new window

0
 
LVL 41

Expert Comment

by:guru_sami
ID: 39830466
As mentioned earlier, I don't see a reason why your one-way hashing is less secure than asp.net membership.
ASP.NET membership gives your a basic class library to work against so you don't need to create your own database, write code to do authentication and creating cookies/etc.

You might want to check these:
http://www.codeproject.com/Articles/27651/ASP-NET-Membership-Part-1

For storing user information, I would create a separate table and link it to the membership user table using the UserId:
- http://www.asp.net/web-forms/tutorials/security/membership/storing-additional-user-information-cs
- http://weblogs.asp.net/gurusarkar/archive/2009/01/27/storing-user-profile-into-a-custom-table-using-createuser-wizard-control.aspx
0
 
LVL 4

Author Comment

by:asp_net2
ID: 39830518
@guru_sami,

I looked at the links you supplied and they seem good. Before I venture in to try those out I just wanted to make sure of a few things.

I plan on storing First name, Last name, Address, City, State, Zip, Phone and Email for my users.

Would it be best to store that data separately from the aspnet_Users table but link them together via UserId field? If so, I was going to create a table named for example EmpData and add the UserId as a FK to the aspnet_Users table.

Or would it be better to store all data to the aspnet_Users table?

The one problem i'm having trouble comprehending is how do I retrieve the UsersId from login and then add to the form that I'm collecting the additional data on?
0
 
LVL 41

Accepted Solution

by:
guru_sami earned 2000 total points
ID: 39830746
-> I would store it in a separate table.
- How are you creating your user?
Once the user is created you can get the UserId like:

MembershipUser currentUser = Membership.GetUser(); // Determine the currently logged on user's 
UserId value Guid currentUserId = (Guid)currentUser.ProviderUserKey;

Open in new window


You can use it to pass it to your EmpData table when you store the additional details.
0

Featured Post

Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

International Data Corporation (IDC) prognosticates that before the current the year gets over disbursing on IT framework products to be sent in cloud environs will be $37.1B.
The article shows the basic steps of integrating an HTML theme template into an ASP.NET MVC project
In this video, Percona Director of Solution Engineering Jon Tobin discusses the function and features of Percona Server for MongoDB. How Percona can help Percona can help you determine if Percona Server for MongoDB is the right solution for …
In response to a need for security and privacy, and to continue fostering an environment members can turn to for support, solutions, and education, Experts Exchange has created anonymous question capabilities. This new feature is available to our Pr…

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question