I am going to try and tackle this Membership system 1 little step at a time...
So, let's say that:
Step 1, I create an SQL database and in that database I have a Users table, very basic, that looks like this:
Users
UserID int, identity, primary key
UserName nvarchar(25)
UserPassword nvarchar (25)
UserEmail nvarchar (75)
Step 2, I create a new ASP.NET MVC3 Web Application
Step 3, I select the Internet Application template with the Razor view engine and check Use HTML 5 semantic markup
Step 4, I add an ADO.NET Entity Data Model
Step 5, In the Entity Data Model Wizard, I choose to Generate from database
Step 6, I select my data connection and select to Save entity connection settings in Web.Config
Step 7, In the Entity Data Model Wizard ==> Choose Your Database Objects, I put a check in Tables and leave the default checks in "Pluralize or singularize generated object names" and "Include foreign key columns in the model" and click Finish
Step 8, I Build Solution
Step 9, I right click in the .edmx file and choose to "Add Code Generation Item..."
Step 10, I add a new ADO.NET DbContext Generator (This then creates all of the table models)
OK, so this is where I don't know how to go any further with using the built-in Account/Membership system with my Users table. For right now, for this particular project anyway, I don't need Roles and what-not, just the [authorize] functionality...
So, what exactly, verbatim compliance, do I need to do in order for when a user comes to the website and registers or logs in, for the application to use my Users table? Ultimately so that when a user does log in, the [authorize] decoration will work for my user base.
EDIT: Thanks to olivehour ... The following changes, additions really, to make this work...
After Step 10: (side note: remove the UserPassword from your Users table, you won't need it)
Step 11, Run the aspnet_regsql.exe tool to add ASP.NET's tables to your database.
Step 12, Open up your Web.config file, copy just the "data source" information from your EntityFramework connectionString, then paste and replace the "ApplicationServices" connectionString "data source" with that of the EntityFramework's.
Step 13, In the Solution Explorer, right click on the Controller directory and Add Controller. At this point go ahead and add your UserController
Step 14, In the AccountController, in the [HttpPost] Register action method, inside of the "if (createStatus == MembershipCreateStatus.Success)" statement, add the following:
TheNameOfYourEntities db = new TheNameOfYourEntities();
User user = new TheNameOfYourProject.User();
user.UserName = model.UserName;
user.UserEmail = model.Email;
db.Users.Add(user);
db.SaveChanges();
Step 15, Build Solution, Save All, Run
We keep the built-in membership provider separate from our application users table.
I suggest using the built-in membership provider to handle user authentication. There are some settings that require you to make some decisions. For example, what will the username be? Do you want to allow email addresses as usernames? If so, you should set the requiresUniqueEmail to true on the provider element in web.config. (We make the user's email address their username. This simplifies things a lot.)
As for your custom Users table that you created using EF, don't use that for login. Use it to store application-specific information about your users. But, give rows in the table the same primary key value as the username in the membership provider db.
So, if a user registers with email address olivehour#stackoverflow.com, you would first do Membership.CreateUser to add them to the provider db, and in the same action, add a row to your users table with a primary key of olivehour#stackoverflow.com.
This way you never have to store any password encryption values in your database... you outsource it to the membership provider. When a user signs in, FormsAuthentication will write a cookie to maintain the login status. In a controller action, you can get the username with the code User.Identity.Name. Use that value as a parameter to select rows from your custom application-specific users table.
Related
I am new to microservices, and I need to create a "Student" service, which will get, save and also adds via a webhook from another thirdparty application
However, one of the fields i need to save is "Subject"
Normally, in SQL i would have a subject table, with things like
ID | Subject
1, Maths
2, English
3, Software
which i can use to populate drop down boxes, and in my Student table, i could have "SubjectId" field
However, if using a microservice... how would i setup my student microservice database so its independent?
then, what if I have a "CollegeCourse" service, which also needs the Subject type?
Should they both have there own 2nd database table, but doesnt that run the risk of a miss match... or maybe a nugGet package and just hardcode some enums which i can share between microservices?
Thank you
I can seem to find any suggestions or answers anywhere for this, but,
I'm basically trying to create a primary ID between CRM and QuickBooks. Figured I'd just use the existing PK in CRM for the lookup. I'd like the PK to visible to the user, but not editable in CRM.
This has presented several problems in that you can't do that out of the box. I thought I read somewhere you could either via business rule or calculated field, but I haven't had luck with that.
It sounds like it would require web resources if I were to go this route.
The other option would be to just generate unique values for every record in Accounts and Contacts.
Does this automatically populate existing records or just new records? How do I get it to populate existing records?
You can use Auto number manager for configuring an auto-number attribute in every entity. This seeds a number based on configured format for new records. Uniqueness assured by SQL sequence feature & no need of any extra plugin/workflow.
For existing records - you can design a workflow along with a temp entity to assign auto-number. Read more.
Otherwise you can use SSIS + Kingswaysoft package to generate auto-number & assign for existing records.
I am suggesting you to create a new text field on the entity and create a pre plugin that will get the record primary GUID id from context and will set this GUID into the newly added attribute. You can set this field as read-only of form as well.
OR you can generate new GUID as well into the plugin.
I'm new to Oracle WCC.
In Oracle WCC/UCM( Universal content management), I have one table named CreateStudent has 2 columns StudentID and StudentName.
One metadata custom field XXStudent_Info for which user will pass the value on Checkin page.
We need to validate the value of XXStudent_Info to database column StudentID, if it matches then checkin possible otherwise restrict on checkin itself.
How can i do this in WCC via out of the box functionality or will i have to create a custom service/query for this DB validation. Please give steps in detail
Is the custom metadata field XXStudent_Info based on an option list which uses a view which is based on the table? If so, you should be able to restrict it to only valid values.
Simple parent/child scenario like Order and OrderLineItems. I am inserting a new Order, the OrderID is an identity column (sql server). I'm also inserting OrderLineItems in the same SaveChanges transaction. I need to get the new OrderID into the OrderLineItems, but not sure how to do it. I have the appropriate FK relationships setup properly. When I save, I get an error that OrderID is a required field in OrderLineItems.
Will I have to split this out into 2 server calls? First to insert the Order, which will return the OrderID. And then another to insert the OrderLineItems?
The Breeze documentation discusses this topic (key generation) at several points including but not limited to: http://www.breezejs.com/documentation/save-changes, http://www.breezejs.com/documentation/extending-entities and http://www.breezejs.com/documentation/add-new-entity.
The basic idea idea is that providing that your model and metadata are set up properly, breeze can assign a temporary id in place of the identity column for use in linking your order and orderlineitem entities prior to being saved. As part of the save process, Breeze updates these temporary keys to their "real" key values and updates the local cache as well upon successful completion of the save.
I have a Products table in SQL Server database, it has an ID column that contains uniqueidentifiers, and a ProductName column with VARCHAR(100). This table contains over 5000 entries.
Now on my razor cshtml page, I have a drop down that displays these pProduct names. The way I have done is by binding drop-down value field to ID column and display text to ProductName. This mean that on the client side, if someone does a view source in their browser (or use any http sniffer etc), they can see all the GUIDs associated with these Product Names. Now when user submits this information, I have setup a server side validation, where I make sure that all the submitted GUIDs are
1) Valid Guids (not strings or anything else)
2) Submitted Guid exists among the IDs in Products. This ensure that any Guid that don't exists in Products.ID will not be processed.
The fact that a user can see this GUID data, does it expose any security risks? Are there any better ways of handling this situation?
Assuming your database has foreign keys, this causes no security hole. Even if it has no foreign keys (between a product table and product orders), you can simply look for the product first. If it doesn't exist, ignore the request.
So no, it's not a security hole - unless there is a security hole in the Guid Parsing of the .NET framework.