Here is what I have and (somewhat understand). I'm using Visual WebDeveloper 2005 Express Edition and have setup my application to use form authentication(which automatically creates the ASPNETDB.MDF file with several default tablesand views). I'm using the CreateUserWizardwhich is fine…but I need to collect additional information like (firstname,lastname, address…and on..). What I'vedone. I've created a tabled namedUserProfile and set UserId as the primary key (uniqueidentifier). I then setup a 1-to-1 relationshipbetween aspnet_Users and UserProfile (which I think is correct). On my UpdateContactInfo.aspx page (whereusers go to update their personal information) I use a hidden label control(UserValue) to receive the UserId during the page_load event as below:
UserValue.Text = Membership.GetUser().ProviderUserKey().ToString()
End Sub
Then you can use a SqlCommand to issue the insert command to the UserProfile anywhere you like in your code:
using (SqlConnection conn= new SqlConnection(@."Data Source=(local);Integrated Security=SSPI;Database=mydb;");
{
connection.Open();
SqlCommand cmd = new SqlCommand("insert into UserProfile select @.UserId, @.firstname, @.lastname, @.address", conn);
cmd.Parameters.Add("@.UserId", SqlDbType.UniqueIdentifier);
cmd.Parameters["@.UserID"] = UserValue.Text;
//add all parameters and set their values
cmd.ExecuteNonQuery();
conn.Close();
}
|||
Why aren't you using the built-in profile system?
Why are you setting a hidden form field (Which can be spoofed) to store the userid, instead of a session variable or just looking it up when you want to do the update?
|||How do I go about retrieving the current user's [UserId] information from the session variable? And what is stored inside the session variable by default. Also... I've done some reading on the built-in profile system and have walked through the [ASP.NET HOW DO I Video Series: Profiles and Themes ] . My next question is...what if I wanted to store items in my profile that is not of type: string. So far all the property values that have been stored in the profiles table are all storing as type: string. I would like to store some of these properties as an integer type.|||
The profile can store anything that can be automaticlly converted to and from a string (That includes datetime, integer, float, decimal, and a lot of other obejcts).
You can retrieve the state of the session variable in a sqldatasource by selecting the parameter as type "Session" and the sessionkey of whatever you used.
In code after authentication, for example, put this code:
Session("UserID")=membership.getuser().whatever (Sorry, I forget the exact syntax)
Then in sqldatasource, the parameter type is session, with the key being "UserID".
|||Thanks for all the help! I'm now using the profile to store user information (firstname, lastname, age, address...). However I think I've ran into another problem :( Becuase the profile date is stored in a serialized format blob... I cant easily query the database and perform common sql routines. I would like to display all users and their profile data within a gridview but can't figure how to do that. I've read the TableProfileProvider how-tohttp://www.asp.net/sandbox/samp_profiles.aspx?tabindex=0&tabid=1 but the source code is not in VB.NET. Can someone advise... thanks.|||
I had to write my own T-SQL function to pull out profile properties from the blobified format. Not elegant, and definately not fast. You would probably be better off pulling back usernames in a dataset, then calling the membership object to pull the properties and appending them to the dataset, then binding that to the datagrid.
I wish I had time to finish my profile provider. Unfortunately, I've been to busy to go back to revist it since my deblobify function works ok for what I needed at the time. If you want to use the TableProfileProvider, you should be able to compile it into a dll, then reference it from within your VB.NET web application just fine. But I haven't tried it, as I usually just convert stuff from C# to VB myself, and leave it as source in the project.
No comments:
Post a Comment