Web Application Project with Profiles

Question

I created a user as follows:

MembershipCreateStatus status = MembershipCreateStatus.InvalidPassword;
MembershipUser newUser = Membership.CreateUser(userNameTxt.Text.Trim(),
    passwordTxt.Text, emailTxt.Text, "N//A", "N//A", true, out status);
Roles.AddUserToRole(userNameTxt.Text.Trim(), "Member");

// Gather and save Profile info
CustomProfile profile =  CustomProfile.GetProfile(userNameTxt.Text.Trim());

profile.Personal.Email = emailTxt.Text.Trim();
profile.Personal.FirstName = firstNameTxt.Text.Trim();
profile.Personal.LastName = lastNameTxt.Text.Trim();
profile.Personal.Street = streetTxt.Text.Trim();
profile.Personal.City = cityTxt.Text.Trim();
profile.Personal.State = stateDDL.SelectedValue;
profile.Personal.Zip = zipTxt.Text.Trim();
profile.Save();

I see the data in the DB Profile table but not in the Users table - is this by design? It doesn't seem to recognize the user created this way when using the PasswordRecovery control. Can someone explain which tables are used when creating profiles this way and how to reset the password?

UPDATE:

Getting null for user name when testing my PasswordRecovery control:

MembershipUser user = Membership.GetUser(User.Identity.Name);
if (Page.IsPostBack)
{
    Response.Write(user.UserName);
} 

<add 
    name="DefaultMembershipProvider" 
    type="System.Web.Providers.DefaultMembershipProvider, System.Web.Providers,
        Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"
    connectionStringName="LocalSqlServer" 
    enablePasswordRetrieval="false" 
    enablePasswordReset="true" 
    requiresQuestionAndAnswer="true" 
    requiresUniqueEmail="false" 
    minRequiredPasswordLength="6" 
    minRequiredNonalphanumericCharacters="0" 
    passwordAttemptWindow="1000" 
    applicationName="/" >

To make this `User.Identity.Name` works, the user must be logged in. Check if `HttpContext.Current.User.Identity.IsAuthenticated==true`, and you can direct get it as `Membership.GetUser()` if its logged in only (no need the `User.Identity.Name`) — Aristos, Nov 24 '12 at 07:55
No, login is failing for user with original password. Weird. — IrishChieftain, Nov 24 '12 at 08:09
You can also check, if you have set ssl (secure) must be true for the login, and the page is not ssl, then is fail. Can also fail if the cookie is not setup correctly on the web.config - must have place the name and the domain correctly — Aristos, Nov 24 '12 at 08:11
Read this post: http://stackoverflow.com/questions/2498599/can-some-hacker-steal-the-cookie-from-a-user-and-login-with-that-name-on-a-web-s and this http://stackoverflow.com/questions/2454623/multiple-applications-using-same-login-database-logging-each-other-out/2491686#2491686 — Aristos, Nov 24 '12 at 08:17

score 1 · Accepted Answer · answered Nov 24 '12 at 07:13

1

The profile data are saved on the aspnet_Profile Table, where each property is dynamic and placed on the PropertyNames and PropertyValuesString the value of it.

Each property is connected to the user with the UserId. This design is logical from the moment asp.net is let you design your custom profile parameters. From the other hand if you have your database, you can create your personal table to keep that information's as you like, with your design.

To reset the password you can use the ResetPassword method that is fully explained on MSDN.

An alternative method that I prefer, but you need to make some more code is, to send the user an e-mail, from the e-mail you send them on a page that actually can write a new password, and you on code behind you reset it as:

MembershipUser mu = Membership.GetUser(UserIdToChangePass);

if (mu != null)
{
    string sTemporaryPassword = mu.ResetPassword();
    mu.ChangePassword(sTemporaryPassword, txtNewPassword.Text);
}

where txtNewPassword is a TextBox that the users enter the new password.

answered Nov 24 '12 at 07:13

Aristos

66,005
16
114
150

Which API method do I use to get the user name of a user created like this? – IrishChieftain Nov 24 '12 at 07:37
@IrishChieftain I have lost you... :) – Aristos Nov 24 '12 at 07:41
Membership.GetUser returns null. Since I'm using profiles, shouldn't I be using something like this instead? var p = CustomProfile.GetProfile(userNameTxt.Text); – IrishChieftain Nov 24 '12 at 15:08
@IrishChieftain You ask for the `profile`, not the user info, custom profile is the part on your code. The table name I have it here is as I have write it. – Aristos Nov 24 '12 at 20:03
The user info is in a table called aspnet_Users. The Profile info is in a table called Profiles (not aspnet_Profile). – IrishChieftain Nov 25 '12 at 03:25
I don't know what's happening the password after I create the user - the login won;t work... – IrishChieftain Nov 25 '12 at 03:41
Aristos, I'm going to mark this as answer, and re-phrase as a new question :) – IrishChieftain Nov 25 '12 at 15:48

Web Application Project with Profiles

1 Answers1