I havent worked on ActiveDirectory Membership provider earlier, I have a doubt on creating an application using AD membership provider. If I need to foreign reference a user in a different table(lets say a custom role table ) then what primary identifier(Foreign key) should I use to identify the user in the the table which holds the relation of Role and the users.
Also , where is the additional information(other than AD details) about the user is stored like User Name, Department, Current project etc.
Is a snapshot of Active directory taken frequently and stored in a table in the database which is then used in sql joins?
The base membership provider (and derived providers such as the ActiveDirectoryMembershipProvider) uses UserName as a functional key (queries for members expect UserName as the key query parameter and return a single MembershipUser object). Those queries return MemberShipUser objects that have basic membership information—including roles, email, comments, etc. If you want to combine the ADMembership Provider with extra information, you're best off using the UserName as the key to do so. Storing extra data is easier if you use a database because .UpdateUser only commits Email, Comment, and IsApproved properties.
And no, snapshots are not taken, though you can enable caching if you wish. The provider queries AD directly when it needs the information.
The aspnet membership database when created resides in App_Data folder and is quite handy as it supports all the Login controls very well. The user roles can be very well managed by the aspnet configuration manager. The profile properties are managed all by the the database itself.
The database thus created can be seen in the server connections. If you analyze the datatbase you will see that every user has a specific userId apart from the username. Both of them are unique. You need not copy all user data in other tables. You can specify the related data using joins. Once a user is logged in, you can refer him/her by User.Identity.Name (c#) in your code behind.
Kindly view the database tables using the Server Explorer in Visual Studio and you can view the tables structures -- aspnet_Users, aspnet_Membership, aspnet_Profile etc...
Related
Inside some web api controllers, I would like to access the User as indicated in this answer: https://stackoverflow.com/a/12705062/538962
sample code from answer...
[Authorize]
public List<Product> GetProductsFromId()
{
string username = User.Identity.Name;
return _productService.GetProductsFromUsername(username);
}
The asp_net membership tables in my scenario are on a different database server than then the database server the application runs on. The database for the application has its own Users table with an IDENTITY column as the Primary Key on the Users table, and then other tables that include a CreatedByUserID and UpdatedByUserID columns are integers based off the IDENTITY column in the users table.
The issue is that if CRUD type operations depend on the user being updated in tables as an INTEGER, just accessing the username alone is not sufficient; we still have to get to that username's corresponding UserID.
This could be done with another join to the Users table, but this seems a bit kludgy. What would be the best way to go about handling this issue?
From the perspective of ASP.NET Web API, using membership provider and the out-of-box FormsAuthentication is already kludgy, so why not the join? :) Anyways, assuming your web API is consumed by only the web clients and FA is cool, you can use the UserData of the FA ticket to put in the user ID. That way, you don't need to get the ID by hitting your DB every time. But you will need to create the ticket yourself and not let the default out-of-box implementation do that for you. Then, in the PostAuthenticateRequest event, you can read the user ID from the ticket and set it in the identity. Of course, you need to create your own custom identity for this with an ID property or if you are on .NET 4.5, you can use FormsIdentity itself but you can use the NameIdentifier claim to store the ID, perhaps. Check this out - ASP.NET MVC - Set custom IIdentity or IPrincipal.
Tech - asp.net 3.5, Sql server 2005
I have integrate aspnet membership for my webapplication.
I am adding some users (member) from importing excel file.
So how can I add that user and role of that user in aspnet membership tables?
NOTE - I have SP which is used to add member in DB from uploaded excel file, I have wrote insert trriger on membertable.
Do not insert DB records manually. Use .NET's Membership Provider's stored procedures to do that, for example aspnet_Membership_CreateUser and aspnet_Roles_CreateRole.
But better off, use .NET's classes/methods to do that. They encapsulate the whole mechanism for you:
Membership Provider
Role Provider
First you create a user, then you (optionally) attach role(s) to.
UPDATE December 2015
Folks keep reading this. It's important to know that for a few years now, there is a totally different paradigm, ASP.NET Identity. please use it instead of the old Membership Provider.
Abhi you should use
//to create a user
MembershipUser newUser = Membership.CreateUser(UserName, Password, Email);
//to attach created user some role
Roles.AddUserToRole(newUser.UserName, role);
Update
For that you can for for membership stored procedure aspnet_Membership_CreateUser to create a user or you can create one for you to insert data into user and userinroles table.
I would encourage you to refer link
You can simply do INSERT in the AspNetUsers table with empty PasswordHash and SecurityStamp. Then we have a "forgot password" flow that establishes credentials using ASP.NET Membership.
I have these roles:Admin, Doctor and Patient. But login information is stored in different table. Admin's username and password are stored in User_TABle(They are two items). Patient's Login information is stored in Patient_TABLE: PatientID, Year and DocumentID(They are three items). I want to use SQLRoleProvider and SQLProfileProvider. How can I design different login page with loginView?
Sincerely yours
I think a better setup would be this:
Use the standard MembershipProvider shipped with ASP.NET to use in conjunction with RoleProvider. Once this is setup and you have the roles you can store personal information for each either by:
Using ProfileProvider (not a bad method but requires a bit of work as you have polymorphic data (you would store it using XML in text field of the provider or write your own custom profile provider)
OR
Add a table similar to your schema but with a foreign key to the aspnet_Users PK. In code then you could do Roles.IsUserInRole("Whatever") and change the loginView appropriately. It would also mean you could just drag and drop the remaining LoginControl etc and have it just work with the standard membership provider
SqlRoleProvider, SqlProfileProvider and SqlMembershipProvider come with default Aspnetdb.
To create the database used by these providers, run the aspnet_regsql.exe executable found in the C:\WINDOWS\Microsoft.NET\Framework\ versionNumber folder. Otherwise, you have to create CustomRoleProvider, CustomProfileProvider and CustomMembershipProvider.
http://msdn.microsoft.com/en-us/library/system.web.security.sqlroleprovider.aspx
I'm wondering how to solve the following issue:
I have a web asp.net app where Forms Authentification is used, connected to the Active Directory. Also, I have a connection string to MS SQL db in the web app, where one global user (with given privileges) is used. The problem is that when I want to store information about the user (e.g. data modification log) in database, I can only get the global user info provided in the connection string, not the real user who is logged in.
Is there any possiblity to log onto a web app with my personal credentials, after, use a global user credentials to connect into the database and pass my personal user credentials (but not as parameters in store procedure) that database will think that the user who is logged in is not the global user?
I assume, it might be only possible if I also create same users in the database and use Impersonalization?
Or any other possibillities?
Thanks in advance.
What are you doing to get the current user? Are you doing something like SELECT #user = SYSTEM_USER? This will obviously only return the user that you connect to SQL Server with.
I would rather keep to using a single SQL login that the application uses, but pass in the username when you are making changes, e.g. through a sproc or a table update:
CREATE PROCEDURE dbo.DoSomething
#id INT,
#username VARCHAR(50)
AS
-- Make your changes.
INSERT INTO dbo.[Audit] SELECT 'update', #id, #username
GO
In ASP.NET you can grab the currently logged in user through User.Identity.Name property of the page.
You could use a role within your database to handle permissions, and then get the users you need in a group in AD, and assign permissions to that AD group to access your database under the role you define. (This way you don't need to assign each user to your database as you create them).
You would then use windows authentication right the way through from your web site to the database, and have the user identity that you need for logging. (You'll need to set identity impersonate="true" in your configuration).
I would note that this is only going to work (easily) if your servers and your users are all on the same network.
I've done MVC in the past, but I am new to ASP and ASP MVC. I really love the ease that ASP MVC provides me, so far, but I am having trouble figuring out how to get more control over the Users. By default, the MVC provides a minimal user registration form. I have looked around quite a bit, but I still have two questions:
How do I make the User data base a local database in my project? I think SQLEXPRESS is used to store the user values, in what seems like a magical process. How do I de-magic-ify this? I would like to have more control on the location of this database.
This leads to another question: How do I expand the User? I have been reading up on Profiles, but I am still confused about a few things. How do I prepare a Profile and link it with a User? What serves as the foreign key? And, in my controllers, how can I access various parts of the user like username, email, or even from the profile stuff like firstname, lastname (though I guess once when I have a Profile's database and a User's database locally, I can run sql commands to retrieve data)
I would really appreciate some pointers to the right resources, and/or best practices with ASP.NET
I would start by reading this official Microsoft article on extending the ASP.NET Membership API. It talks about creating extra tables for storing additional information about users.
The membership database
If you have an existing database which holds all your other website information, you can run the aspnet_regsql.exe tool to generate the necessary user tables. You will then need to modify your web.config and add the SqlMembershipProvider along with your connection string.
If you're creating a new project and don't have a database, start with a new MVC project which already has Membership enabled. Your database will be created inside the App_Data folder on first use, and you can take this and attach it to your SQL/SQLEXPRESS server. Then it's just a matter of changing the connection string to use a DB server rather than a local file.
Creating additional tables
This part is actually quite simple and consists of a few short steps:
Create a new table, i.e. UserProfiles
Add a uniqueidentifier column as your primary key, and add a foreign key to the aspnet_Users table
Add any other fields you want to store (Phone, Address, Gender etc.)
If you're using LINQ-to-SQL or the Entity Framework, you can simply drag the tables you need onto the designer, and you'll be ready to query the Membership tables.
Here's a little sample on usage
Add this snippet to your repository responsible for Profile/Account information.
public aspnet_User GetUser()
{
MembershipUser user = Membership.GetUser();
return db.aspnet_Users.SingleOrDefault(u => u.UserId == user.ProviderUserKey);
}
Then inside your models, you can get the user and access the other information stored in your UserProfiles table.
AccountRepo accountRepo = new AccountRepo();
aspnet_User user = accountRepo.GetUser();
string Address = user.UserProfile.Address; // bingo!
And that's pretty much it!
This is obviously a simple example, and you should be checking if the user is null and you could also create a class responsible for returning the necessary information about a user, implement caching, etc..
I would start from here:
Managing Users by Using Membership
Managing Authorization Using Roles
Also a great article series (18 articles!!!) is from Scott Mitchell at 4GuysFromRolla.
The ASP.NET membership model is desgned to have a pluggable architecture. You can write you own MembershipProvider implementation that best suit your needs.
Even if most of the samples you will find on the net regards ASP.NET web forms, there are only very small differences when used with MVC.
If you're still looking for insight into this, I just ran across the fact that in MVC 4 WebPages sites, there's a provider called the SimpleMembership provider. It gives more control to the developer of the Users, Roles and Membership info stored on websites. More here:
http://blog.osbornm.com/archive/2010/07/21/using-simplemembership-with-asp.net-webpages.aspx