I am new in ASP 2.0 and i need help to create a createUserWizard. It is not for a real application, it is just for homework. Could someone give me some guidelines on what should i do?
This is what i did so far:
1-I created the database with a user table
2-I create a page for registration and i added the userWizardComponent on it:
What should i do now to be able to:
-Add users to the database
-Make the password validation less restrictive(I cannot enter it correctly i would like to make it easier or dissable it).
Ill appreciate your help
Since this is homework, I'll just try and give you some guidance in the right direction.
Firstly, the create user wizard is designed to work against ASP.NET's built in Membership api. This api utilizes a certain Database schema which can be automatically created in a database using the "aspnet_regsql" tool. For more information on ASP.NET Membership, check out these links: Introduction to Membership and Walkthrough: Creating a Web Site with membership and login
That should get you started in the right direction. To relax the constraints on the password, you would modify the membership settings in web.config and the above links should also point that out. You can control the minimum length, number of special characters, etc.
ASP.NET has a built in Membership system that those controls work with. You do not need to create a custom database to store user information (unless of course it is a requirement of your assignment). Rather, run the AspNet_regsql tool from the VS command prompt which will create the Membership database.
In order to make less restrictive passwords and things like that, you'll need to research custom Membership Providers, and this is set in the web.config.
You need to run AspNet_regsql from the VS Tools Command Prompt to create the tables used by the ASP.Net membership system.
You can change the complexity requirements in Web.config.
Related
I'm working on a project for an events site. I want to create it so that users can create an event and they become the admin for only that event, and they can authorise others as fellow admins (FB style), meanwhile they are only a user for. Is it possible to use the existing roles tools built into .NET to do this?
Thanks
The comments provided are pretty useful (create your own table for it\creating roles on the fly). In short, the functionality you are looking for is not currently available in the existing Universal Role Provider packaged with .NET. However, the URP is intended to only be a starting framework for you to work with\edit as you see fit. I would use a combination of these 2 suggestions, using the built in role provider tables to generate roles on the fly, and use a custom table to manage that hierarchy.
Hope this helps, and welcome to Stack Overflow!
I need some advice. I'm currently using MVC 4 & SimpleMemberhip with LDAP to authenticate users. The issue is, I don't want to store their usernames and passwords in the
webpages_Membership table due to security concerns. The second issue is I want to provide user-editable profiles.
Here's what works so far:
User logs for the first time and a new entry is created in webpages_Membership
An individualized link to edit the user profile is displayed on the homepage
Username is added to the UserProfiles table when profile is accessed for the first time
Certain user details are fetched from LDAP server and written to profile
Users can then customize their profiles
I'm currently using SimpleMembership with an override to the ValidateUser method. Everything works as it should but I don't need to store the LDAP usernames & passwords. Can this be done?
p.s. I know there is a better way to create new users & profiles besides on first time log in but I'm still working on it.
If you don't want to store the passwords (which SimpleMembership would do by default), you are better off deriving your own custom provider from ExtendedMembershipProvider (or maybe from SimpleMembership, but that would get complex) and write the LDAP implementation, or using one of the ones on NuGet. There's no built-in LDAP support in SimpleMembership, so any approach you do would be a nasty hack which will probably bite you later on.
As for the UserProfile, it doesn't sound like your requirement is that different to the usual UserProfile use case - create custom properties on the UserProfile model, update the database accordingly, and build a UI to allow the user to edit whichever of those properties they should be able to directly edit.
(edit)
Footnote. In my answer to "How do I use my own database with SimpleMembership and WebSecurity? What is MVC4 security all about?" I examine the history of membership, how ExtendedMembershipProvider fits into this, and how the new classes such as WebSecurity work on the basis of a provider being a concrete implementation of ExtendedMembershipProvider (which SimpleMembershipProvider is, for example). For anyone looking to derive their own provider to use with WebSecurity, that answer is worth reading.
I've managed to bypass storing user details in the Membership provider by creating the required tables with Code First. I'm now able to create new users and store them in the UserProfile table.
Ok so i have been searching hard but i cannot find the solution to this problem, which should be fairly common though.
The problem is that ASP.NET MVC automatically creates the code using WebSecurity helper methods to log users in. Now what i want is connect that user and password database created by mvc with my own database so that i can write queries for example to identify which users have written which posts on a blog.
Please i need a little bit of guidance in this matter.
The easiest way to do it is to change the DefaultConnection connectionstring in your web.config file to point to your own database. The MVC security tables will then be created in your database. You can then link your table to these tables.
After I was learning about ASP .NET Membership built-in framework I have decided that this stuff is almost suitable for me. But there are couple features and edits I would like to have:
Two step registration: after user have typed all account information, verification letter should be send to typed email. Before email address is verified it impossible to log in (some message should appear, telling user that email verification is needed before it's allowed to use account).
Membership DB Scheme:
There is no need to store user question for restoring password.
Illegal attempts to login is uneccessary.
Default aspnet_ prefix is likely to be changed.
... and so on
For the first item I know that I could use own class derived from SqlMembershipProvider. Am I right about this? Could you point me at some good post where I could get learned.
For the second improvement it's seems like a trouble. In this book I have read that isn't so easy:
• The built-in SQL storage providers need direct access to your database, which
feels a bit dirty if you have a strong concept of a domain model or use a particular
ORM technology elsewhere.
• The built-in SQL storage providers demand a specific data schema
that isn’t easy to share with the rest of your application’s data
schema.
The biggest problem I've encountered with subclassing SqlMembershipProvider is it doesn't give you the connection string to work with. You have to hack the class to pieces to get anything useful for the way most modern login systems work.
I'm not sure about the database tables names - I don't think that's controlled by the SqlMembershipProvider but is actually inside an ASP.NET installer class.
My advice would be to create your own from scratch, and use the built in FormsAuthentication helpers. It's really not a big task compared to hours of annoyance having to conform to the providers. I did this with Roadkill after going down the Membership Provider route, and discovering it a cul-de-sac particularly for Active Directory support.
You can completely control your membership DB schema by Implementing Custom Membership User (of course you also need to implement Membership Provider for the User).
Customize user creation steps by configuring CreateUserWizard control. You will change its' template and handle events, I don't think you need to override it.
We are using the ASP.NET Membership Provider for managing the users in our application.
All was fine until when we had a new requirement.
Users should be able to select multiple security questions and give answers to the same.
While recovering the password, the user will be presented with one of the security questions and if the user answers correctly the password will be sent.
By default ASP.NET Membership provides only one security question and one security answer.
Is there is any way to make it use multiple ones?
Creating your own custom ASP.NET membership provider would be the key. Additionally, you'd have to create a custom template for the .NET login controls that use the password Q's, so that you can display multiple question/answer sections.
You may have to set the membership provider to not use the password question/answer, but programmably manage it yourself. By default, it uses that single Q/A to manage security; but since you need multiple, it may be easier to use custom logic to manage this.
EDIT: the only other thing I can think of is have two provider definitions, each with their own password question/answer, so that you are effectively storing two records in the database per user. The thing is that the UI controls won't work with that approach, so you would need to custom build the UI.
HTH.
You could customize the default ASP.NET Membership provider to your specific requirements by subclassing it.