I am running into a problem in customizing username table in aspNet Identity.
Currently, i am able to login and register with email.After registration,user's Email is filled in email and username column both. now, i know how to seperate these so that username and email both are unique. i have followed this article.http://marcinjuraszek.com/2014/03/asp-net-identity-2-0-0-username-and-email-separation.html
I have already customized the primary key from string to int.
But, now i want to remove unique constraint on username field also.so that two user's with different email id can have same name ?? I am working on a social application where may be at sometime, the user's count could go up to 100k. then its not possible for every user to have its unique name other than email id. please suggest me how to achieve it ?any article or any suggestion or any way to customize it??
The username column is designed to be used as a unique credential for authentication. See it as an alternative to signing-in with an email address. Because of that, you should not try to use it for another task.
It looks like you are trying to use the username column to store the user's name (as in a full name or pseudonym). Again, this field is not designed for that.
You need to use another mechanism to store the user's name. You may create a new field called DisplayName. You can also use a database table to store extra information.
See How to extend available properties of User.Identity and ASP.NET Identity 2.0: Customizing Users and Roles
Related
I've built a MVC WebApp using the ASP.NET 2.0 Core MVC template + Individual User Accounts (EF) and notice that the AspNetUsers table in the database created for my WebApp has a non-unique index for Email whereas the UserName index is unique. Further upon account creation UserName is set to the same value as Email, but the user is then allowed to change their Email using the account management page. I am struggling to understand the rationale here.
I would expect each AspNetUser record to relate to a different person. Therefore why not make Email unique? After all, the email confirmation process expects the address to be unique to the user. However, being non-unique means that user might change their email address to one shared by one or more other users e.g. admin#abc.com. Where is the value in such a use case? Indeed, this is behaviour I want to stop on my site.
Questions:
Would changing the AspNetUser Email index to unique have any consequences or otherwise break the framework?
Would allowing the user to change their UserName have any consequences or otherwise break anything? The primary key of AspNetUsers is Id and seems to used as the foreign key by the other identity tables created by the framework.
Can anyone recommend how to check from the account management page (client side) that a new UserName is unique?
I've found other questions on StackOverflow about this sort of thing, but they don't answer the above questions or explain the rationale
asp-net-username-to-email
asp-net-identity-use-email-instead-of-user-name
I'm working with a web application in Asp.Net Core 1 and would like to integrate authentication, I thought of using Stormpath but can not connect to a local database to make the login match.
If there is no way, what choice do I use?
Thank you
Stormpath will store your user accounts, but you can also use a local database to 'relate' to your Stormpath user accounts.
The idea is pretty simple. When you store a user in Stormpath, you'll get back an account object. This object has an href property which is a unique ID for the user.
If you want to create a database table named books, that has an author_id ForeignKey type field, you would define the author_id field as a TEXT field, then store the account href from Stormpath there.
This is how you would 'relate' to Stormpath accounts.
Users in my database have a non-unique display name; the only unique identifier is the UserId.
Normally, I would add a user to a Role using the following:
Roles.AddUserToRole(user.Username, role);
But now I don't have usernames, so I need to re-think all work related to Roles.
One messy option I can think of is to copy the Id of every user into the Username field just to satisfy SimpleMembershipProvider... though I'd rather somehow use extension methods to handle this if it's even remotely advisable and possible to do so... just so I don't have to clutter my Users table with a bogus column.
Any help here would be much appreciated.
Update:
Even if I copy the userId to the username column to get SimpleMembership working, I still need a username to create the user:
WebSecurity.CreateUserAndAccount(model.UserName, model.Password, etc)
So I'm at a loss of what to do, aside from rolling my own Membership.
Update again: I just realized I can pluck my email field and just use the Username column to store unique email addresses. I'm still interested in hearing how else this could be addressed.
You need something unique the user can enter to identify themselves during authentication, whether it is a username they user came up with, an email address, PIN, etc... Having the user remember a number generated as the unique identifier for the UserProfile does not seem like a good user experience. So whatever is used to uniquely identify that user, that is used during the log in process by the user, can be stored in the username column, if you do not want to add any additional columns. From the latest update to the question it looks like email address is being used to identify the user and you could store this in the username column without issue.
Adding columns to the UserProfile is easy to do and I would not shy away from it if it provides a better user experience and security. For example, if you want to capture a display name to display on the web site or in any communications with users you could add an email column and tell SimpleMembership that you want to use that to identify the user by changing a parameter in the WebSecurity.InitializeDatabaseConnection Method. You would change the parameter userNameColumn to be the name of your email column.
yes, either use the Ids as username or if the email is unique as username.
It is not a messy way btw with this situation. I would go with the id, if no one will eversee the userId.
I'm wanting to change our c# asp.net mvc application to work with windows authentication as well as forms authentication (as is currently implemented).
Currently we have a number of tables referencing a user id integer in the user table used by the forms authentication.
Is there an appropriate way of converting the unique string username returned by windows authentication to a unique integer that can be used as the id for the other tables?
An example might be using .GetHashCode() on the username, however I'm not sure if that will definitely create an appropriate integer (ie. unique, always the same integer returned given the same username, etc.)
GetHashCode() changes between framework versions, OS platform, etc., so you cannot rely on it for use as a DB PK.
If you are working with Windows authentication then maintaining the identify is useful for debugging, troubleshooting and possibly impersonation. Why not store it in a table with a Windows Username -> UserID mappings so that you can lookup a User ID given a user name?
Do not use GetHashCode()!
Instead, you should create a database table mapping Windows user accounts to integral user IDs (a Users table).
You can also store additional information about each user in this table.
In creating a new ASP.NET MVC application, I have an issue with the approach I'm using to store user-created data for temporary users who have yet to create an account which I then try to convert to a real user. That probably doesn't make much sense, so let me explain:
A visitor to the site can enter profile settings before being made to register with a username, password, etc.
I'm creating database entries via LINQ to SQL for a new user in this case, using the Request.AnonymousID value as a temporary username.
When the user chooses to register, I need to 'switch over' the relevant database records to use the newly entered username instead of the temporary one.
The problem is that when I try to update the record I can't because the username is the primary key, so I'm forced to delete the record and add a new one...
I can probably persevere with this, but I think I might just be going about this in completely the wrong way and wondered if anyone could suggest a better way to allow visitors to store information before they've registered and have that carry over when they do.
I know about profiles but want the profile information to be available to other visitors. I also know that I can create an anonymous profile but it seems like I should be able to keep the data model out of the web.config file.
I would suggest having an independent primary key for the table with your custom user data.
And then have fields like RefAnonymousId and RefUserId to relate that user data to the anonymous user and the registered user, respectively.
For example:
TABLE UserData
(
UserDataID int IDENTITY(1,1) PRIMARY KEY,
RefAnonymousId uniqueidentifier,
RefUserId uniqueidentifier,
... (data fields),
(maybe also unique keys on RefUserId and RefAnonymousId)
)
That way you will also be able to identify the user when the user is logged out and maybe automatically log the user in...