Users in my database have a non-unique display name; the only unique identifier is the UserId.
Normally, I would add a user to a Role using the following:
Roles.AddUserToRole(user.Username, role);
But now I don't have usernames, so I need to re-think all work related to Roles.
One messy option I can think of is to copy the Id of every user into the Username field just to satisfy SimpleMembershipProvider... though I'd rather somehow use extension methods to handle this if it's even remotely advisable and possible to do so... just so I don't have to clutter my Users table with a bogus column.
Any help here would be much appreciated.
Update:
Even if I copy the userId to the username column to get SimpleMembership working, I still need a username to create the user:
WebSecurity.CreateUserAndAccount(model.UserName, model.Password, etc)
So I'm at a loss of what to do, aside from rolling my own Membership.
Update again: I just realized I can pluck my email field and just use the Username column to store unique email addresses. I'm still interested in hearing how else this could be addressed.
You need something unique the user can enter to identify themselves during authentication, whether it is a username they user came up with, an email address, PIN, etc... Having the user remember a number generated as the unique identifier for the UserProfile does not seem like a good user experience. So whatever is used to uniquely identify that user, that is used during the log in process by the user, can be stored in the username column, if you do not want to add any additional columns. From the latest update to the question it looks like email address is being used to identify the user and you could store this in the username column without issue.
Adding columns to the UserProfile is easy to do and I would not shy away from it if it provides a better user experience and security. For example, if you want to capture a display name to display on the web site or in any communications with users you could add an email column and tell SimpleMembership that you want to use that to identify the user by changing a parameter in the WebSecurity.InitializeDatabaseConnection Method. You would change the parameter userNameColumn to be the name of your email column.
yes, either use the Ids as username or if the email is unique as username.
It is not a messy way btw with this situation. I would go with the id, if no one will eversee the userId.
Related
I've built a MVC WebApp using the ASP.NET 2.0 Core MVC template + Individual User Accounts (EF) and notice that the AspNetUsers table in the database created for my WebApp has a non-unique index for Email whereas the UserName index is unique. Further upon account creation UserName is set to the same value as Email, but the user is then allowed to change their Email using the account management page. I am struggling to understand the rationale here.
I would expect each AspNetUser record to relate to a different person. Therefore why not make Email unique? After all, the email confirmation process expects the address to be unique to the user. However, being non-unique means that user might change their email address to one shared by one or more other users e.g. admin#abc.com. Where is the value in such a use case? Indeed, this is behaviour I want to stop on my site.
Questions:
Would changing the AspNetUser Email index to unique have any consequences or otherwise break the framework?
Would allowing the user to change their UserName have any consequences or otherwise break anything? The primary key of AspNetUsers is Id and seems to used as the foreign key by the other identity tables created by the framework.
Can anyone recommend how to check from the account management page (client side) that a new UserName is unique?
I've found other questions on StackOverflow about this sort of thing, but they don't answer the above questions or explain the rationale
asp-net-username-to-email
asp-net-identity-use-email-instead-of-user-name
I am running into a problem in customizing username table in aspNet Identity.
Currently, i am able to login and register with email.After registration,user's Email is filled in email and username column both. now, i know how to seperate these so that username and email both are unique. i have followed this article.http://marcinjuraszek.com/2014/03/asp-net-identity-2-0-0-username-and-email-separation.html
I have already customized the primary key from string to int.
But, now i want to remove unique constraint on username field also.so that two user's with different email id can have same name ?? I am working on a social application where may be at sometime, the user's count could go up to 100k. then its not possible for every user to have its unique name other than email id. please suggest me how to achieve it ?any article or any suggestion or any way to customize it??
The username column is designed to be used as a unique credential for authentication. See it as an alternative to signing-in with an email address. Because of that, you should not try to use it for another task.
It looks like you are trying to use the username column to store the user's name (as in a full name or pseudonym). Again, this field is not designed for that.
You need to use another mechanism to store the user's name. You may create a new field called DisplayName. You can also use a database table to store extra information.
See How to extend available properties of User.Identity and ASP.NET Identity 2.0: Customizing Users and Roles
I am coming to the end of my rails project now and I have done everything I wish to do apart from confirm the users account through email before creating it. I already have it to send an email to the user but I want the user to contain a link. It's far too late to add devise now as I already have a users table etc.
I have heard of having a confirmed field in the users table and having it set to false and then true on user confirmation, but I have no idea on how to implement this. Any ideas?
If anyone else has some other solutions or links to tutorials showing how to add such feature then that would be outstanding. The end is so close yet so far.
It's never too late to add devise. If I were you, I'd do exactly this.
But, if I were to implement confirmation functionality myself, this is how I would go about this:
For each user, make a hash (as in MD5 hash). There are many ways: 1) for each user generate its own and store in a dedicated table column; 2) make one out of password salt, user id and (optionally) some static strings; 3) something else.
Send a user an email with a link, which contains his id and that hash.
When someone hits your confirmation url, you extract user id and hash from query string, and compare them with what you have. If they match, then you mark user as confirmed.
i have something in mind, i have some user types, Building owner, building manager.
I want to create user as building manager, but i dont want they have access to login system. this user are only for some selectbox in my website, but i need to show them in my user index page.
what i think i can do is create normal user and with a before_save i create a new data in another table.
In a request i need to be able to setup in my building form more than one building manager. maybe the best are with nested form.. I think i will need to add building id to my user table. maybe they can be assigned more than one building.
for now, my db structure are like this :
table users with user data (username, password, email, first and last name, phone)
table usertype have userid, typename and accesslvl
But this problem give me some managing problem. They will not be associated with user data.
How can i resolve this? Does Device can block some user? I searched in the Devise docs, but nothing found.
Thanks for your help.
There is an approach where admin users can approve other user accounts for login. You could use a similar approach but programmatically approve the accounts you actually want to allow logins for. Details are here:
https://github.com/plataformatec/devise/wiki/How-To:-Require-admin-to-activate-account-before-sign_in
In creating a new ASP.NET MVC application, I have an issue with the approach I'm using to store user-created data for temporary users who have yet to create an account which I then try to convert to a real user. That probably doesn't make much sense, so let me explain:
A visitor to the site can enter profile settings before being made to register with a username, password, etc.
I'm creating database entries via LINQ to SQL for a new user in this case, using the Request.AnonymousID value as a temporary username.
When the user chooses to register, I need to 'switch over' the relevant database records to use the newly entered username instead of the temporary one.
The problem is that when I try to update the record I can't because the username is the primary key, so I'm forced to delete the record and add a new one...
I can probably persevere with this, but I think I might just be going about this in completely the wrong way and wondered if anyone could suggest a better way to allow visitors to store information before they've registered and have that carry over when they do.
I know about profiles but want the profile information to be available to other visitors. I also know that I can create an anonymous profile but it seems like I should be able to keep the data model out of the web.config file.
I would suggest having an independent primary key for the table with your custom user data.
And then have fields like RefAnonymousId and RefUserId to relate that user data to the anonymous user and the registered user, respectively.
For example:
TABLE UserData
(
UserDataID int IDENTITY(1,1) PRIMARY KEY,
RefAnonymousId uniqueidentifier,
RefUserId uniqueidentifier,
... (data fields),
(maybe also unique keys on RefUserId and RefAnonymousId)
)
That way you will also be able to identify the user when the user is logged out and maybe automatically log the user in...