i am trying to show a list of users of my application "school", when admin logs in then he can view all the users in list but when school principals logins, he should get only users of his school, So i thought to get the current loggedIn userId first and then by that userId i'll get schoolId since userId is foreign key in school table...once i'll get the schoolId i can show the members of that school.
But my problem is how to get the UserID of currently loggedIn. I'm using MVC 1.0 Asp.Net -- "Membership"
if my logic above is wrong then please tell me the alternate good idea, so that principal can see only his users list..
Based on this question and answer by J. Pablo Fernández you can get the user id of the current user with the following code:
//It will only be a Guid if you are using SQL Server as the DB as oppose to MySQL
Guid userGuid = (Guid)Membership.GetUser().ProviderUserKey;
Here is the MSDN Documentation.
The Simple Solution
With the scenario you describe you would only be able to do this by retrieving the User information with the data stored in the HttpContext.Current.Identity. For example, if the HttpContext.Current.Identity.Name is the Username, then you would use that value to retrieve the User data for the principal that should include the UserId you can use to locate the appropriate school.
Alternate Solution
You might consider storing the SchoolId in the user's profile so that it is more easily accessible.
The easiest way that I've tried
You have to include Microsoft.AspNet.Identity
using Microsoft.AspNet.Identity;
Then use it like this
var userId = User.Identity.GetUserId().ToString();
Related
I'm trying to create a setup where I have different entities (e.g. User and Customer). Each of these entities have some Login-information which I store in a Login-table to avoid having to do duplicate work on the different entities requiring Login-data.
However - I can't get the setup to work using Entity Framework. I hope you can help me out :)
My database has 3 tables:
Users
Id (PK)
Name
...
Login_Id (FK to Login.Id)
Customers
Id (PK)
CustomerNumber
...
Login_Id (FK to Login.Id)
Logins
Id (PK)
Username
Password
...
Each entity has one - and only one - login. So a given User has one Login. And a given Customer has one Login.
I need to be able to do something like this in C#:
var user = _userService.GetUser(2);
user.Login.Username;
var customer = _customerService.GetCustomer("abc");
customer.Login.Username;
But I simply cannot get the EF mappings to work.
I've tried changing my database schema so that Logins contains nullable User_Id and Customer_Id columns - but the result is the same. My Login-entity is null when accessing User or Customer. And I've already added the
Include(i => i.Login);
I might have just gone totally blind looking at it. I've read dusins of posts about this - but the majority of them seems to focus on Code-First and not Db-First (e.g. http://blog.bennymichielsen.be/2011/06/02/entity-framework-4-1-one-to-one-mapping/)
Could someone please supply me with the EF Fluent API mappings to get this to work?
Thank you guys so much! :)
I am working with Aspnet membership, and I have stored users information in membership related data e.g. userid and password stored in Aspnet_Membership table, member profile like firstname, lastname, surname, dob etc in aspnet_profile table.
Now I need to add a search panel in my webpage. This search panel contains searching parameters like firstname, lastname and joining date etc. as per this searching parameters I need to search users from profile and user's last login information. I used profilecommon and profilebase class for retrieving this data. But it is seriously slow. The system takes at least 2 minutes to find data as per parameters from 70 records.
Please help to resolve this program.
You should retrieve the membership and profile information within the stored procedure, and not using any of the code-based classes to get the name. It won't perform well with extracting profile information per user.
When regsitering in my site (ASP.Net MVC application), the users get inserted into the aspnet_users table. Since its a shopping site, I would want the users to have a customer id and all their details provided by them at registration in this Customer table as well. How do I link these 2 tables? Is it recommended to use the aspnet_user's UserId(Guid) in the application for other business processes.
Also, I would like to know when should a new record be inserted into the customers table.
I mean, when should a new customer be created. I guess its not good to create a record as ans when users are registered? Here, I want to know whats the norm? I felt it would be better to add it when a user adds an item to the shopping cart. Pls guide me.
Thanks in advance.
Add the UserId field into your customer table and then make a foreign key relationship back to the UserId in the aspnet_users table if you want to enforce relational integrity.
I'm not sure what you mean about when to insert the customer record. As long as you insert it after you have created the user (so that you have the user ID), you should be fine. It can happen in the same postback.
I'm not sure how you are saving the user. As in are you using one of the built-in ASP.Net controls or making the call manually?
If you are using the Membership provider as it sounds like you are, you can save the member using:
var user = Membership.CreateUser;
Guid userKey = user.ProviderUserKey;
//Populate your customer object.
//now use whatever EF/ADO/etc... to save your customer record.
Question No 1
I am familiar with role management, a particular member in a particular role can do this and access this functionally. What I need to do is Manage individual user, not the role he is in.
For example, lets say I create a role, called "Sales". I setup the role permission what the sales persons can do. Now i want to keep a check on individual user. For example if this is "john", i want to show him the records only he created. If his is peter, I want to show him only that records which he created, not by john or other sales people.
Is there a thing called "User Management" in ASP.NET that we can use? If not we have to create it ourselves and I believe the integration with ASP.NET "Role Management" will not be that smooth.
Question No 2.
I am using control for user login. I want to create a session at this time so I can keep track of which user is signed in so I can show him the records only pertaining to him. How can I do that?
Your Q1 isn't really about Role vs User management (ie: authorizations) at this point. It's about audit tracking within your application.
And the way you do that is you capture the ID of the user who created the record in question with the record, so that later you can filter on that ID.
Pseudo database structure
Table Sales
Field...
Field...
Field...
CreatedByUser int not null, -- Populate this on creation and never change it again
ModifiedByUser int not null - populate this on every row update including insert
See ASP.NET Profile Properties.
Assuming the records in the database correspond to a unique ID for a user, you can store the unique id in a profile property per user.
1) If you want to filter records by the creating user, you need to record in your table the ID of the user who created the record. You can access the name of current user through User.Identity.Name and their ID (provider-dependent) through User.ProviderUserKey.
2) Sessions are created automatically in ASP.NET and provided you have a properly configured MembershipProvider, you can retrieve all the needed user info using the User object as shown above.
It sounds like you are a little unfamiliar with ASP.NET Membership and Roles capabilities, because they are actually set up quite well to accomplish what you are describing. I would recommend checking out this tutorial series:
https://web.archive.org/web/20211020202857/http://www.4guysfromrolla.com/articles/120705-1.aspx
You are talking about Authentication and Authorization. For question 1 you and implement a custom authorization provider to allow for user level control http://msdn.microsoft.com/en-us/library/aa479048.aspx For question 2, once you log in and are Authenticated, the session contains a userprinciple object that has the info in it automatically.
In my master page I have:
MembershipUser thisUser = Membership.GetUser();
loggedInUserID = thisUser.ProviderUserKey.ToString();
thisUser gives me access to all the fields in aspnet_Membership.
I want a new field, isSubscribed for each user. I can use an SQL query to fetch the value fine, but I want to know if there is someway to modify the membershipuser object so it retrieves this value as well, so it is accessible from:
thisUser.isSubscribed.ToString();
Thanks for any help!
you will need to add the field to the Profile Provider
A description of the Profile provider can be found here.
http://msdn.microsoft.com/en-us/library/2y3fs9xs.aspx
here is an excerpt from the article
"The ASP.NET profile feature associates information with an individual user and stores the information in a persistent format. Profiles allow you to manage user information without requiring you to create and maintain your own database. In addition, the ASP.NET profile feature makes the user information available using a strongly typed API that you can access from anywhere in your application."
Membership is for identification and authentication. It is not good practice to hack your security for the sake of a meta property.
As mentioned, Profile is the proper place to store meta data and this would obviate the need for a custom MembershipUser.
If you need sql query access to the data use the SqlTableProvider
Si Robinson gave a good answer for storing additional meta data against users without having to change the underlying schema but if you already have data stored about this user in your custom database schema, that won't quite work out.
The solution I have used is to implement my own membership provider:
http://msdn.microsoft.com/en-us/library/f1kyba5e.aspx
And then you can implement your own MembershipUser which exposes the IsSubscribed property.
This works fine with the Membership process within ASP.NET such as the login components. All you need to do is cast the object returned by GetUser() to your custom implementation and you are set!
You could use roles for this and assign users to a Subscriber role. Such as:
Roles.AddUserToRole("Bob", "Subscriber");
You're gonna have a real un-fun time querying by profile fields. With a role you will be able to enumerate users with:
Roles.GetUsersInRoles("Subscriber");
And you'll be able to add these roles to Web.Config files to control which parts of the site only Subscribers can see. Possibly better than wrapping content with a conditional based on a profile field.