I am developing an MVC 4 application. I am working on the membership authentication and profile module, and I am a bit confused.
I am confused because it seems that there ar TWO sets of Authorization/Profile modules working behind the scenes:
Short Version
There are TWO sets of tables for Authorization: one created when you create a new MVC 4 Internet application
The second is created when you run aspnet_regsql.
Data is saved and feteched from the two sets in a confusing way.
How are the two sets related:
What is saved where?
Why are Users created in the two sets?
etc.
Long Version
Set 1
I created a new MVC 4 Internet project. It was generated with the ability to register users and create roles. The database that was automatically generated contained the following tables: Users, Roles, UserInRoles, Memebership, Profiles.
There were no stored procedures.
The Authorization worked OK: Users data and roles were correctly saved in Users, Roles and UserInRoles tables.
Set 2
I then moved on tp add Profile for the site users. I followd Joel's answer. When running the code hit this line:
AccountProfile.CurrentUser.FullName = "Snoopy";
I received this error:
Could not find stored procedure 'dbo.aspnet_CheckSchemaVersion'.
I ran aspnet_regsql against the database created earlier, and the expected set of aspnet_ tables and stored procedure was created.
Tested my code again.
This time it worked OK and the profile property was saved OK to the aspnet_Profile table (whic is to be expected).
In the next step I created a new user. The user was created in BOTH Users and aspnet_Users tables (with different UserId values) -- please see here picture 1
Added the property FullName=Snoopy to his profile.
Running Membership.GetUser().ProviderUserKey returns the UserId from table Users.
Running AccountProfile.CurrentUser.FullName returns "Snoopy".
Please see here picture 2.
This very surprising because it means that somehow the system knows how to relate a record from table Users to a record in table aspnet_Profile where the UserId field is from table aspnet_users.
BTW, I verified that table Profiles is empty so the value was not feteched from there.
So what is going on here?
Is this behavior the expected behavior?
Or is Jole's answer wrong in the sense that there some other (better?) way to implement Profile in an MVC 4 application, and what I did is to throw a wrench in the works?
You should probably use one or the other. Here's a recent post to help you decide:
http://weblogs.asp.net/jgalloway/archive/2012/08/29/simplemembership-membership-providers-universal-providers-and-the-new-asp-net-4-5-web-forms-and-asp-net-mvc-4-templates.aspx
Related
I am making a user form in Delphi for documents tracking application. I am interested in functionalities input new entry (record) and view list by... (date, name of document, ID,...).
My problem is that I don't know how to implement these functionalities for more than one user. Currently, I have 5 users. Each user has a unique input data (record) fields (columns) and view fields (columns) of each user are also unique. There could be more users.
So, how to implement these functionalities for this form? How to assign different data (fields) for each separate user for input and view? That is what I don't understand. Is that distributed functionality of an application? If yes, how to achieve it?
Note that I don't want static assigning of a user in application's code, e.g:
if(username='user1') then {
input();
view();
}
else if (username='user2') then {...}
...
because, than, every time there is a new user, developer must go back to the application's code and hard-code it. That is not efficient and is a bad implementation. Rather, I want that to be dynamic (if that is the right term). How to achieve this?
Note: I am using dbExpress tool with MySQL DBMS with RAD Studio XE7 Architect.
If I'm correctly understanding what you are asking, it seems as if you are unfamiliar with the idea of tables/datasets which operate in a so-called Master-Detail relationship. These are very easy to set up in Delphi.
Once you get familar with M->D relationships, I think you'll realise that what you should have been asking about is how to set one up in your app, rather than the problem of hard-coding of individual users into your form.
In your case, what you are missing at the moment is a table of users' details. Let's call that the Users table. Usually this would contain their name, obviously, and some kind of unique identifier (best is a "Primary key" in the Users database table), but NOT, please, their password to access the db, especially not in plain text.
Once your Users table is created, you can create a display grid (TDBGrid) and input/editing form for it.
Then, if you don't have it already, you could set up a grid and editing form for users' documents (which I'm going to refer to as the Documents table).
Once that's done, the main thing left to do is to set up in your Delphi project a Master-Detail relationship between your Users table (the master) and your Documents table (the detail).
If you prefer you can have a single form with two grids, the Users grid and the Documents grid on it, and as you scroll through the Users grid, you'll see that the Documents grid shows only their document records.
The details of how to set up a Master-Detail vary somewhat according to the type of table/dataset you're using so you'll need to search online for the details of how to do it. Broadly, it's a matter of connecting a TDataSource to your Users table and setting the DataSource (or MasterSource) property of your Documents table to point at the Users TDataSource, and then setting a couple of other, table-type-dependent properties of the Documents table.
Every edition of Delphi since well before D7 has come with a demo app, "MastApp" which illustrates how you use Master-Detail relationship amongst a number of tables. I suggest you take a look at the MastApp for your Delphi version and then look into how to set up M->D relationships for the type of Delphi dataset you are actually using.
I have an MVC 5 application set up with windows authentication and my own custom roles table for authorization. This works fine if the user exists in my application database - username in my users table maps to the usernames in active directory.
My question is how do I keep my users table in sync with active directory. Any time a new user is hired, a new record has to be added to my intranet application to ensure this user has access to it.
Is there a way to load users from active directory into my own users table perhaps with some kind of scheduled job or is there a better way to achieve what I'm trying to do?
I think sync two database instances (AD database and you app database) will become management issue as your business grow. Even, adding new user and removing is day to day work, so in both cases you need to execute some sort of action to add or remove users from your app database.
Why don't you ask your team to give you access of AD database and consume this into your intranet app, this is what I was using in my past organization and this works great.
The AD can be used in a programmatic manner. Just look for LDAP stuff and you'll find lots of examples. Here's one to get you started : Connect to Active Directory via LDAP
If your application allows people to register then implement your own custom membership provider which talks to the AD. You can create the users in the AD, you will have to pass the password requirements which are set on the AD as well, which is more than likely a good thing. The roles information can be stored there as well, no need for a local custom roles table either.
First-time poster, long-time admirer! :-) Coming from ASP.NET WebForms world and building my first MVC web app. Over the past month or so, I've watched a lot of videos and read a lot about MVC, EF Code-First, patterns, strategies, etc. Exciting!
Building an ASP.NET MVC 5 web application, which is to be a fairly simple, 3-step sign-up form on an anonymous portion of the web site. An [anonymous] user fills out "step 1," clicks "next," and data gets recorded into a database between steps (which is desired even if the user quits before finishing step 3).
So my approach so far is to build a single "Signup" controller with 3 controller actions for the 3 steps (along with their own ViewModels containing only the needed fields for each step):
Site/Signup/Step1 (creates a new record in DB and fills out some fields)
Site/Signup/Step2 (edits the record created in Step1 and fills out some other fields)
Site/Signup/Step3 (edits the record created in Step1 and fills out some other fields)
My question is, how do I best persist a unique identifier for the newly-created record from Step1 over to steps 2 and 3, safely, securely, conveniently?
There is an auto-identity integer SignupID, but that is not safe-enough to pass via querystring (.../Step2?id=xxx), as anyone could just type a different number and overwrite data in the database.
Some thoughts I've had so far:
Option: Generate a longer random number or alphanumeric code and store in DB, and use it as a URL parameter. Maybe even GUID without hyphens or something like that.
Option: Persist the identifier (auto-increment ID or the longer alphanumeric code) someplace other than the querystring. Maybe Session? TempData?
Option: Some combination of the two above, but with added crypto hashing or something, to ensure that the ID only works for some small period of time (say, an hour, or something).
I don't want to make this overly complex for a very small application with small number of users/sign-ups. Just need to make it not stupidly "inviting" for poking around, considering the form needs to be filled out by anonymous users.
I'd appreciate some thoughts from the community. Thanks!
I am building an MVC4 application and need to use external authentication (Facebook, etc). I have that working fine. I see the SimpleMembershipProvider creates 2 separate tables to handle this: "webpages_Membership" and "webpages_OAuthMembership". I need to map other tables (foreign keys) to User ID. The problem is both tables have a user ID which are unrelated to each other.. I could ignore the foreign keys in the database if necessary (don't like that though), but the bigger question is this: in code, how would I determine whether a user is authorized externally or locally so that I know where to get his other info from? Specifically, I have a user profile table where I will map other attributes to.. having 2 different types of user, how does one go about this?
Right, I have learned more about MVC4 and SimpleMembershipProvider and I see now that the User ID on both tables is actually a foreign key to a parent table called UserProfile. So, User IDs will still be unique.. it's just the mappings are a little different to what I was accustomed to with the standard ASP.NET membership provider. Email address and whatever other properties are required can be easily applied to the UserProfile table.
I have a rails app that consists of lots of accounts.
Inside these accounts users can create tickets.
What is the best way to give each ticket a Id that is sequential inside their account?
Obviously managing the id's myself seems to be the initial answer, but this seems to be filled with all sort of edge cases that would cause issues (for instance, two tickets writing down to the DB at once...)
I think you'll end up managing them yourself - I've implemented something similar previously, account stored 'current_ticket_id' and then when a ticket (for example) get's created it is still stored with a global PK but then an observer assigns it a friendly_ticket_id and then increments to one on the account model for the next time round. You can use the friendly_ticket_id scoped to the account via your URLs to make sure you get the right ticket back.