I'm wanting to create a user account creation section for unregistered users on our internet site. I want to ask the same questions as the CreateUserWizard control but have a few changes. I want the question to come from a question lookup table in SQL. The user will have a dropdown of available questions and I'll store the questionid they selected and the answer. Also, I want to store 1 other piece of data about the user (SSN).
My questions are:
1) Is forms based authentication an acceptable solution for this if using SSL?
2) Can I add additional columns (questionid and ssn) to the membership table or another table and how do I do that so I can save the info in the 'blessed' way? Will the solution have any negative effect if down the road I want to add password reset/recovery?
When adding columns, does it make sense to invoke Membership.CreateUser rather than using the CreateUserWizard?
Thanks!!
1) Yes it is. You can extend Membership with Profiles, and add any arbitrary fields you like
2) You can customize the CreateUserWizard a great deal, but behind the scenes it just ends up calling Membership.Create user. Personally, I would just roll my own (since it really isn't all that hard) unless you want to use the default wizard. But that is more personal preference then anything else.
NOTE: the link I provided for Profiles assumes you are using a WebSite project. If you are using Web Application projects, there are a few additional steps you can read about here.
Related
I am building an MVC4 app using razor, I have done many in the past but I want to roll some best practice in to this one in terms of dealing with variables.
The situation is that I have a logged in user (logged in meaning a windows authentication, with that user name matched to a user in my user table). That user comes with a set of profile options such as "canViewReports", "canEditPerson" etc etc.
Now, there are two prongs to those profile options. First is that my presentation layer needs to customise itself depending on what is presented to it. So profile 1 has canViewReport set to false so the tab for reports will be hidden. Profile 2 has it true so the tab will be shown.
The second prong is that if my savvy users type in /reports/index, I need to pick that up and block access for profile 1 but allow profile 2.
Ok, so at the moment I am using a base controller that is decorated with a [UserDataFilter], that user data filter calls a method that checks the current session for a set of keys and if they are missing assigns them. I put each of those profile options for the current user in to the session. I can then use the session variables in my presentation layer and also in code.
My concern is that that is messy looking in my code having to put this kind of thing everywhere:
(bool)session["canViewReports"] everywhere in my razor.
That lead me to try using the viewstart.cshtml and setting App variables in there that I can use in my razor a bit cleaner. In viewstart I set:
App.canViewReports = (bool)HttpContext.Current.Session["canViewReports"];
I can then just use App.canViewreports everyhwere in my views without too much trouble.
My questions are:
1) Is App.canViewReports for the entire application at an IIS level, or does each connection to IIS get its own pool of App. variables. The thing I want to avoid is the first user setting the variable and every other user that subsequently uses the application getting that value! (on different computers)
2) Is there a better way of doing this!!!
Many thanks
Iain
I would use User.IsInRole("canViewReports") in my razor logic to hide and show the menus item. If you build you menu in you layout you only need to do this once.
I would then further protect the action method by decorating the method with
[AuthorizeUser("canViewReports")]
You could create an ISessionService that stores the session information you need.In this way,you can implement it however you want and have full control over it.It could be retrieved easily via a DI container and it's easy to mock.
I'm currently working on a website being developing using ASP.NET and C#. I'm fairly new to ASP and C# so I apologise if I'm making an obvious mistake. The website I am working on has a login page which displays relevant PDF files. The client now wants to rebuild that by only displaying certain PDF files to the end user depending on their role. I have looked into Role based. My problem is I have over 100 PDF files which need to be displayed. What would be the best approach for this? Where would I store the roles in my DB?
Shall I do something like
if(User.IsInRole("Management"))
{
//Do something
}
Thanks in advance for your help and support
You can use the built-in Membership- and Roleproviders (e.g. http://logcorner.wordpress.com/2013/08/29/how-to-configure-custom-membership-and-role-provider-using-asp-net-mvc4/) or customize/override any of these in case you don't want the standard-table structure these providers bring with them.
If you combine the two providers and use the "default" implementation you can actually do it like you suggested yourself in your question, without any further implementation. It would be just configuration in your web.config then.
You can then introduce new roles and user/role mappings in the tables, that ASP.NET automagically created for you in the DB.
Here is some example how to override them: http://www.codeproject.com/Articles/607392/Custom-Role-Providers
I've started to work with new ASP.Net Identity and I would like to know how does identity handle IsOnline ...? Does it have this option?
And another question using mvc 5 and identity, how do i best keep track of online ppl? Should i still use the old method when user closes the page and then js unload to set the the property in db to IsOnline to false?
But what if user has 2 instances or even 3 instances open of the website and navigates throught different pages, how can i still correctly and synced maintain the online / offline?
Maybe there is some sort of library for that or some new way of doing that? Maybe some helpful link ....
Thanks
By default identity doesn't have anything similar to IsOnline, so you would have to add this functionality yourself. You can probably do it with a combination of adding a lastActivity property for the user, along with extending UserManager and overriding all the methods you wish to consider the user being online to update this field. Alternatively you could just manually update the lastActivity where appropriate in your app, which might be easier.
My website that sells products one page is called dvd.aspx which, using a sproc, displays all the dvds in my database with the "type=dvd". I have some admin pages in an admin folder where i can add new product, edit existing products but i need to let the admin decide which items to display, would anyone have any advice on how to go about this, do i need to create a page in admin folder for this or maybe edit code behind dvd.aspx page?
Any kind of advice is welcome,
Thank you
Create new column in you table called somehing like "ToShow" and make it a bit type, edit your dvd.aspx to show items with type=dvd and ToShow=true.
Create admin page, add GridView with the option to change ToShow property. That way admin can select items to show.
Just a friendly advice,move to .net 4.0 and you can use some Object-relational mapper like Linq to Sql,NHibernate or Entity Framework, it would make your life a lot easier!
A flag on the product which indicates if it should be displayed. The admin can then adjust the flag to determine if it should be selected by your sproc.
My doubt is pretty simple, I suppose. But still I need assistance.
I have a registration form as ASP.NET web form. There are 5-6 fields in it (username, password, email id, sex, country etc. ). I want to enter all the data, entered by a new user in the specified field, to enter the table of a database automatically, when I hit a SUBMIT button. Those data should come into sperate columnsof the table, for each field of web-form.(langauage used C#)
String Connection and then Stored Procedure could help.
Thanks in advance.
You should be using the CreateUserWizard to handle your registration. You can customise it in many many ways and it works with the rest of the asp.net membership system.
One of the ways that you can extend this control is to add extra pages to the sign up wizard that contain your own form fields and then save these to the database.
There is a great article series that will pretty much make you an expert on asp.net membership over the 4guysfromrolla site. Part 18 of this series shows how to add extra member details and store them in a database and as requested, full SQL code is included in the article.
Read part 18 here:
https://web.archive.org/web/20211020114106/https://www.4guysfromrolla.com/articles/110310-1.aspx
If you peruse the table of contents for this series I'm sure more than a couple of the other articles will catch your eye :)