Membership system in ASP.net - asp.net

I'm going to use the membership system in ASP.net, but need to change it in 2 ways.
The database which stores the users is Access, and I want to salt the password(etc) plus ask the user to enter details like links to their facebook pages etc which are stored in the database.
So how do I use access with the system?
And how can I change/add fields which are stored in the database (i know how to create them in the database btw, just how I get the membership system to ask for it and store it)
(I could make my own registration/user login system, except I don't know how to restrict access to pages, so how could I go about this?)
Links to tutorials/references would be great

And another on how to write a custom membership provider for the Access Database.

1) Use SQL Server Express edition. It's free, it's good, it works out of the box.
2) Check out the Profile providers for personalisation. http://msdn.microsoft.com/en-us/library/2y3fs9xs.aspx

Here's a link explaining how to use Access:
http://msdn.microsoft.com/en-us/library/44w5aswa.aspx
As for storing extra user information. Asp.NET provides this via personalization. Here are two links to get you going:
Video: http://www.asp.net/learn/videos/video-43.aspx
Article: http://msdn.microsoft.com/en-us/magazine/cc163724.aspx

one more...
Membership Provider MSAccess

Related

ASP.net member security access

We are looking at enhanching our current security access model which is basically a check if the user is logged in. We now require the acesss to modules and pages and possible certain sections in the page such as dropdown restrictions based on your role.
I'm not sure how to design but maybe a few pointers and writing the requirements here will help.
The user usually belongs to an company.
The user usually has a role within that company
The company is made up of 1 or more sub companies
The user/role can have access to some modules in the system
The user/role can have access to some or all sub companies.
A role must be completely configurable on the fly.
A interface is required to configure the access for the users and the roles.
The menu needs to be configured based on access rights
The page needs to be configured based on access rights
We are using asp.net 2.0 at the moment but could possibly upgrade.
So based on that I think we need
User, Group, Role ( but roles need to be configurable) and Modules
A role for one organisation may have same name but have access to completely different Modules.
I am not sure asp.net membership is suitable so would like some opinions as it seams that access to pages is all hardcoded in config etc?
Yes, you can use ASP.Net Membership Provider for what you have stated.
As you said you are using ASP.Net 2.0, you cannot use new ASP.NET Universal Providers which is based on Entity Framework.
However, Membership Provider is introduced in ASP.Net 2.0. So you can still use the old version which uses aspnet_regsql.exe to create tables with the correct schema.
Here is the link for step-by-step instruction -
https://web.archive.org/web/20211020202857/http://www.4guysfromrolla.com/articles/120705-1.aspx
Please note that you cannot migrate from old ASP.Net 2.0 Membership to new Universal Providers.

SQL Server logins for ASP.NET CMS

We have completed developing a custom CMS using ASP.NET. The CMS will be setup in IIS hundreds to thousands of times (one per domain). The CMS uses SQL Server to store page content, settings etc.
Should we create a new SQL Server login (using SQL Authentication) for every website or should we use the same login for all websites?
Any thoughts on this would be appreciated
If you are going to the trouble of provisioning a separate CMS and DB for each instance, then you should create a separate sql login for each instance.
This way you add one more layer of security to the design (and incur little more of your already hellish maintenance cost).
It would seem safer to let each site have it's own login.
That way you can't look at the wrong content database by accident (or mischief).
I would advise using Windows Authentication in SQL. It is easier to set up, and doesn't require storing passwords in web.config files.
You can further restrict this user account for security purposes.
Also don't let these user accounts use the same passwords, that screams insecurity.

Custom membership provider for asp.net

I want to use NauckIT asp.net membership provider for Postgres.
I was playing with example and I managed to register/login/logout user. However, This membership provider also has role management, but i dont know how to use it.
My question is: Is it possible to use ASP.NET Configuration utility (the one you start from menu Project>ASP.NET Configuration) to create roles and users? How do I achieve this?
If this is not possible, Is there any other way to do this (besides inserting/update roles/users directly to Postgres DB - this is not much user friendly)
Thank you in advance
Roles are managed by a RoleProvider in ASP.Net
I would imagine if it has a custom Membership provider, then it would also have a custom role provider as well. If this is the case, then you can certainly use the out of the box Management Pages for ASP.Net as it simply uses the Role and Membership providers that are already defined.
It would appear that NauckIT does in fact have a role provider.
Again, the management pages should work just fine if following the instructions in the link above.

ASP.NET Active Directory Membership Provider - Storing Extra Profile Fields in AD

I have set up an Active Directory Membership provider and can successfully create and log in users into the active directory with an ASP.NET application.
However, the active directory has other fields besides Username/Password such as First Name, Last Name , Telephone Number etc. Is there any way for me to be able to gather this information using my ASP.NET website and store it in the Active Directory?
I understand that I need to use a Profile Provider and I can technically set it up to use an SQL DB to store the extra profile information, but is there any way I can store the information directly in the fields available in the Active Directory? As far as I know there is no ActiveDirectoryProfileProvider.
Thank you,
You could get there -- probably would need to step outside the membership system and use the System.DirectoryServices to write to AD. Now, writing to SQL will be a lot easier, especially at development time. And you won't have to fight a sysadmin who doesn't want your web app having elevated AD privileges.

ASP.NET 2.0 Security Membership Provider Pattern

I am creating a website in ASP MVC. Can anyone give me some advice on using the built-in membership provider in the following way.
I want my users to create an Administrative account for themselves and then create accounts for the people in their organization, or the people that they want to give access to.
I guess in a Database it will look something like this:
Companies have Administrators. Administrators can give users access.
I am sure this pattern is used all over the place, I am just not sure how to implement it. Especially using the membership providers.
Thanks,
David
There is nothing special in implementing this. It can be easily accomplished by built-in features of ASP.NET 2.0:
Configure Web site to use membership (via web.config)
Enable role management (via web.config <roles enabled="true"> tag)
Add administrator accounts to Administrators role.
Control access to the administrative pages by using [Authorize(Roles="Administrators")] attribute in the controller action.
Require authentication on other non-admin actions ([Authorize])
When I did this, I used the Membership Provider for authentication however, the organization concept I created externally from the Provider. You could use the Profile Provider.
As for roles I would still use the Roles within the ASP.Net Membership Model.
You can create a role for those people and name it something like organizational-admin, though that's a bit long, you catch my drift :). And give those the power to create users with a regular user role. At least that's how i did it in one of my applications.
Ofcourse you'll keep the admin to yourself or to the person who is in charge of this particular site.
Gu's blog has a small example of how to implement the roles in an action filter.

Resources