How do I migrate users from a existing users table to Forms Authentication?
There seems to be three options:
T-SQL - Iterate through the existing users table and insert into Forms Authentication tables using the stored procedure aspnet_Membership_CreateUser
Code - create a utility that will iterate through the existing users table and insert into Forms Authentication tables using Membership.CreateUser()
Code - as users login verify credentials against existing users table and insert into Forms Authentication tables using Membership.CreateUser()
Which is the most practical?
I have been currently trying option 1 but I am running into difficulties using the password salt to create the encrypted password from a plain text password
With regard to #1, what exactly is the problem? You don't need to worry about the hashing if you've got plaintext passwords already. Just call CreateUser(username, password). Simple as that.
Have you considered implementing your own MembershipProvider class that hits only your user table?
Trying to synchronise data between two tables may seem trivial now, but may cause you a whole world of hurt in the future as your software evolves.
Just to confirm are you saying you've got an existing users table in your database and you want to use asp.net membership and the membership tables generated?
If that is the case you don't necessarily need to migrate your data. You could extend the membership provider and create your own membership that links into the existing table you already have.
Here's a couple of link if it helps:
Asp.net video
Writing A Custom Membership Provider
Related
I've just started with MVC after working on Web Forms for 4 years. I've watched few videos explaining the architecture/fundamentals and I'm now able to replicate few modules of my old project with MVC5 using EF6.
I've a SQL Server DB containing tables such as Albums/Artists/Titles/Reviews and he User Table. I was able to work with the first set of tables using EF6 just fine including inserts/deletes. The prev project I had implemented custom Web Forms authentication using BCrypt by storing the details in the User table and later doing the validations and setting the auth cookie.
User table has details such as UserId, PWHash, EMail, FirstName, LastName. The UserId is a FK in the Reviews table and few others.
The implementation I'm hoping for is as below:
1. Login screen accepts credentials and validates with existing User table.
2. If valid, move to the 2FA screen(eMail/SMS).
3. If valid, then allow access to application.
Most of the tutorials say how to extend the attributes such as FirstName/LastName but do not say how to use an existing DB. I'm planning to use bcrypt/scrypt to encrypt the sensitive details.
I've gone through MVC 5 & ASP.NET Identity - Implementation Confusion but id doesn't have all the answers to my queries
I just need the starting point on how to plug the existing DB instead of using the dbcontext provided by default
Personally I find the documentation quite frustrating as well when you move away from th conventional, so you may be in for a world of pain.
The easiest way would be to fully take control of the authentication process yourself, utilising FormsAuthentication
However, if you want to leverage a lot of the out the box code, that has been delivered with MVC5 but against a custom database, or schema you will probably have to implement your own UserStore and maybe UserManager among other things.
The problem is, there is a lot to implement, so you are going to have a fun time guaranteed.
Have a read through this article on Custom Storage Prodivers to get a head start.
Good luck
If your app is using EF Code First then you can use your existing schema and plug in your own user. Look at the following example which shows how you can reuse your existing user information and plug it into Identity http://aspnet.codeplex.com/SourceControl/latest#Samples/Identity/CustomMembershipSample/Readme.txt
You do not have to inherit from the IdentityDbContext. You can directly use the DbContext. In this case you will have to override the onModelCreating to create the Users/ Roles tables and all the mappings between the tables.
I want to change the password of Membership table ,i can change directly in database but that is in encrypted format.how to retrieve original password in front end and How to update that .Please send me the logic.
You cannot directory change it in database and should use Membership provided methods.
using System.Web.Security;
u = Membership.GetUser("username1");
u.ChangePassword("OldPassword","NewPass");
If you don't know old pass, use MembershipUser.ResetPassword instead
If you want a ready-made solution, I use this tool to manage my users and roles.
You just fire it up and point it to the web.config of your web app and away you go.
http://aspnetmemberman.codeplex.com/
Features
Initialize membership databases
Create and delete users
Create and delete roles
Assign and un-assign users to roles
Reset user passwords
Unlock, activate and de-activate users
Works with System.Web and custom providers
Attempts to handle custom profiles
Tech - asp.net 3.5, Sql server 2005
I have integrate aspnet membership for my webapplication.
I am adding some users (member) from importing excel file.
So how can I add that user and role of that user in aspnet membership tables?
NOTE - I have SP which is used to add member in DB from uploaded excel file, I have wrote insert trriger on membertable.
Do not insert DB records manually. Use .NET's Membership Provider's stored procedures to do that, for example aspnet_Membership_CreateUser and aspnet_Roles_CreateRole.
But better off, use .NET's classes/methods to do that. They encapsulate the whole mechanism for you:
Membership Provider
Role Provider
First you create a user, then you (optionally) attach role(s) to.
UPDATE December 2015
Folks keep reading this. It's important to know that for a few years now, there is a totally different paradigm, ASP.NET Identity. please use it instead of the old Membership Provider.
Abhi you should use
//to create a user
MembershipUser newUser = Membership.CreateUser(UserName, Password, Email);
//to attach created user some role
Roles.AddUserToRole(newUser.UserName, role);
Update
For that you can for for membership stored procedure aspnet_Membership_CreateUser to create a user or you can create one for you to insert data into user and userinroles table.
I would encourage you to refer link
You can simply do INSERT in the AspNetUsers table with empty PasswordHash and SecurityStamp. Then we have a "forgot password" flow that establishes credentials using ASP.NET Membership.
I have these roles:Admin, Doctor and Patient. But login information is stored in different table. Admin's username and password are stored in User_TABle(They are two items). Patient's Login information is stored in Patient_TABLE: PatientID, Year and DocumentID(They are three items). I want to use SQLRoleProvider and SQLProfileProvider. How can I design different login page with loginView?
Sincerely yours
I think a better setup would be this:
Use the standard MembershipProvider shipped with ASP.NET to use in conjunction with RoleProvider. Once this is setup and you have the roles you can store personal information for each either by:
Using ProfileProvider (not a bad method but requires a bit of work as you have polymorphic data (you would store it using XML in text field of the provider or write your own custom profile provider)
OR
Add a table similar to your schema but with a foreign key to the aspnet_Users PK. In code then you could do Roles.IsUserInRole("Whatever") and change the loginView appropriately. It would also mean you could just drag and drop the remaining LoginControl etc and have it just work with the standard membership provider
SqlRoleProvider, SqlProfileProvider and SqlMembershipProvider come with default Aspnetdb.
To create the database used by these providers, run the aspnet_regsql.exe executable found in the C:\WINDOWS\Microsoft.NET\Framework\ versionNumber folder. Otherwise, you have to create CustomRoleProvider, CustomProfileProvider and CustomMembershipProvider.
http://msdn.microsoft.com/en-us/library/system.web.security.sqlroleprovider.aspx
I've done MVC in the past, but I am new to ASP and ASP MVC. I really love the ease that ASP MVC provides me, so far, but I am having trouble figuring out how to get more control over the Users. By default, the MVC provides a minimal user registration form. I have looked around quite a bit, but I still have two questions:
How do I make the User data base a local database in my project? I think SQLEXPRESS is used to store the user values, in what seems like a magical process. How do I de-magic-ify this? I would like to have more control on the location of this database.
This leads to another question: How do I expand the User? I have been reading up on Profiles, but I am still confused about a few things. How do I prepare a Profile and link it with a User? What serves as the foreign key? And, in my controllers, how can I access various parts of the user like username, email, or even from the profile stuff like firstname, lastname (though I guess once when I have a Profile's database and a User's database locally, I can run sql commands to retrieve data)
I would really appreciate some pointers to the right resources, and/or best practices with ASP.NET
I would start by reading this official Microsoft article on extending the ASP.NET Membership API. It talks about creating extra tables for storing additional information about users.
The membership database
If you have an existing database which holds all your other website information, you can run the aspnet_regsql.exe tool to generate the necessary user tables. You will then need to modify your web.config and add the SqlMembershipProvider along with your connection string.
If you're creating a new project and don't have a database, start with a new MVC project which already has Membership enabled. Your database will be created inside the App_Data folder on first use, and you can take this and attach it to your SQL/SQLEXPRESS server. Then it's just a matter of changing the connection string to use a DB server rather than a local file.
Creating additional tables
This part is actually quite simple and consists of a few short steps:
Create a new table, i.e. UserProfiles
Add a uniqueidentifier column as your primary key, and add a foreign key to the aspnet_Users table
Add any other fields you want to store (Phone, Address, Gender etc.)
If you're using LINQ-to-SQL or the Entity Framework, you can simply drag the tables you need onto the designer, and you'll be ready to query the Membership tables.
Here's a little sample on usage
Add this snippet to your repository responsible for Profile/Account information.
public aspnet_User GetUser()
{
MembershipUser user = Membership.GetUser();
return db.aspnet_Users.SingleOrDefault(u => u.UserId == user.ProviderUserKey);
}
Then inside your models, you can get the user and access the other information stored in your UserProfiles table.
AccountRepo accountRepo = new AccountRepo();
aspnet_User user = accountRepo.GetUser();
string Address = user.UserProfile.Address; // bingo!
And that's pretty much it!
This is obviously a simple example, and you should be checking if the user is null and you could also create a class responsible for returning the necessary information about a user, implement caching, etc..
I would start from here:
Managing Users by Using Membership
Managing Authorization Using Roles
Also a great article series (18 articles!!!) is from Scott Mitchell at 4GuysFromRolla.
The ASP.NET membership model is desgned to have a pluggable architecture. You can write you own MembershipProvider implementation that best suit your needs.
Even if most of the samples you will find on the net regards ASP.NET web forms, there are only very small differences when used with MVC.
If you're still looking for insight into this, I just ran across the fact that in MVC 4 WebPages sites, there's a provider called the SimpleMembership provider. It gives more control to the developer of the Users, Roles and Membership info stored on websites. More here:
http://blog.osbornm.com/archive/2010/07/21/using-simplemembership-with-asp.net-webpages.aspx