i'm new to membership. i have a table named contact, with a field, userId that must get its data from the membership users table. so when a user is created i have to get the userId from membership users table. how can i do that?
thanx in advance
Use the ProviderUserKey property of the MembershipUser object:
http://msdn.microsoft.com/en-us/library/system.web.security.membershipuser.provideruserkey.aspx
So say:
MembershipUser user = Membership.CreateUser("foo","password");
user.ProviderUserKey
Related
I'm working on the ASP.NET Identity. By default, the AspNetUsers table comes with a few columns such as: ID, UserName, HashPassword, Email, EmailConfirmed, Phone etc.
By default, the ID column is the Primary Key and UserName has the Unique Constraint.
How do I make other fields such as Email and/or Phone to have the same unique constraint as the UserName?
What I have done so far:
I manage to add the unique constraint to the database manually, however, unlike the UserName field, I was unable to do the validation on the application level. For example: The UserName field will display the error message "Name XXX is already taken" if the user tries to register an account with the same username.
To enforce uniqueness at the UserManager layer, you can implement your own IUserValidator and check for your custom uniqueness rules
I want to implement an audit table and I have no idea how am I supposed to get the username.
I am using C# and Sql Server. I have a Users table in my database. When I log in my windows form application I verify if the correct combination of username and password is used. But how do I inform the database of the current user? I thought of adding an extra column to my Users table in which to set on 1 the logged username. Is that a solution for single-user? But my application in supposed to support multi-user. What could be done in this case?
Depending on your authentication scheme, you need to get the the User name.
for thick client applications,
Environment.Username
and
System.Security.Principal.WindowsIdentity.GetCurrent()
are a couple of options.
typically for audit tables, there is a column called 'ModifiedByUser' where you can log the user name provided by the win form app.
create the nvarchar and datetime columns (if not already) in your audit table.
one will stored the user name and the other the datetime of the audit action.
in your code, whenever you want to add an entry to the audit table, get Environment.Username or System.Security.Principal.WindowsIdentity.GetCurrent(), along with DateTime.UtcNow and pass it on to be saved to the DB into the Audit table.
SQL Server knows who you are. You can simply use SUSER_SNAME() or/and ORIGINAL_LOGIN() function as a default value for the username column in your audit table. Same for the time of audit event, use GetDate() function. There is no need to send this information from the client.
This is a very open-ended question but I think I understand what you are trying to do. You have application-specfic users that are defined in a Users table (as opposed to using database users or active directory users) and you need to log specific information for auditing purposes or drive security based off of the logins. Is that correct?
This can be done, but the logic for it will need to be written in your application.
Let’s pretend we are writing a program to send out an invoice to a customer.
I used role based security where you can give users access to do specific tasks by granting them a role. For example, “Create New Invoice” could be a role. I usually have 2 tables for this:
SecuirtyRoleDefintion
SecurityRoleUsers
The fist table, Security Role Definition will have an ID column, the Description (“Create New Invoice”), and I usually have a Audit column to indicate if this action needs to be logged for Audit.
The second table, SecurityRoleUsers, is where I define if a user has permission to execute that role. Columns are usually something like this: a unique ID, User ID (foreign key to the Users table), RoleID (foreign key to SecurityRoleDefintion)
Now in your application we need a class to check if a user has a role. It needs to take in the role ID (or name) and the user ID. Example: public bool IsUserAuthorized(int RoleID, int UserID)
This method can run a query on your SecurityRoleUsers table to see if the user is in the table for that role. If so, it returns true. If not, it returns false.
Now back in the application when user click the “Create New Invoice” button it runs the IsUserAuthorized() method to check if a user can perform the operation.
If creating an audit log is necessary, you could do something similar. After the security check is done for “Create New Invoice” you can check to see if the Role needs to be audit logged, if so then write to an Audit table.
DECLARE #username varchar(128)
SET #username = CONVERT(VarChar(128), CONTEXT_INFO());
PRINT #username
DECLARE #ID_User int
SET #ID_User = ( SELECT Users.ID_User
FROM Users
WHERE Users.Username=#username )
PRINT #ID_User
This is how I solved it. I inserted this piece of code in each update trigger.
I am new to mvc4 and trying to develop a new application where I have three user in table Employee, admin and customer. The problem is that customer has many fields than employee or admin so I cannot make a single user table and then I made a different table for each user where username and password is included. Now I am lost when I want to authenticate user from their respective table. Is it possible or should I make user table separately with username and password? But doing so should I have to first create user every time before I create customer, employee and admin?
so i cannot make a single user table
Sure you can. Just separate the "users" from the "details about the users." For example, say you have a Users table here:
Users
---------
ID (PK)
Username
Password
(maybe a few other fields)
Then you san sub-type some other tables off of this one. Tables like:
Employee
----------
ID (PK, FK to Users)
Name
EmployeeNumber
etc.
Customer
----------
ID (PK, FK to Users)
Name
CustomerNumber
etc.
Admin
----------
ID (PK, FK to Users)
(you get the idea)
Very similar to sub-classing in an object-oriented system, this allows you to sub-table in a relational system. The login components in the application are only concerned with the Users table, then once authenticated the other components can get information about the user from the other tables. (This has the added benefit of allowing a single user to be more than one thing. Such as an Employee who is also an Admin.)
Edit: Keep in mind this is based on knowing very little about your relational data needs. You might also be able to accomplish the same thing using a setup like:
Users
----------
ID (PK)
Username
etc.
Roles
----------
ID (PK)
RoleName
UsersInRoles
----------
UserID (FK to Users)
RoleID (FK to Roles)
(Other tables about users)
This setup is a lot closer to what's built in to the ASP.NET membership system as well, so you may be able to benefit significantly from it. Though based on your description of your user data you may still need to sub-type some tables containing the user information in order to avoid having lots of null values.
When I use:
Membership.GetUser(User.Identity.Name)
does anyone know which table and field User.Identity.Name corresponds to when I use the 'standard asp.net membership provider tables' like these:
aspnet_Membership
aspnet_Users
Thanks.
Its retrieves record from aspnet_Membership table
Please read more about Stored procedures used by SqlMembershipProvider section under Membership Providers which describes which method access which table.
How would you design a database to manage multi organisation?
(ie 1 user can own/manage more than 1 organisation)
Example
Xero (www.xero.com), you can login to xero then select the company on the list that you want to manage. I think freshbook has something simular.
USER_ACCESS
Id
CompanyUserId (UserId of company)
UserId (UserId that will manages company)
USER_PERMISSION
Id
UserAccessId
CanViewM
CanEditM
....
CanViewN
CanEditN
You should not mix users and logins. They should be kept treated as seperate tables/objects. As ones role in one company might not be the same role as in the other company.
Also do not create a permission table with one column for each possible permission. Instead you should create one row per allowed permission. (and if needed one table defining all permissions)
Hence you should have tables like:
USER_ACCOUNT (used to define logins)
Id
UserName
Password
USER
Id
AccountId (account used for login)
CompanyId (company that the user belongs to)
PERMISSIONS
Id
Name
USER_ALLOWED_PERMISSIONS
UserId
PermissionId
When logging in, simply check the USER table if more than one row is returned for the account and display a select user form if needed.