Hello everyone:
Instead of creating a custom Membership Provider. I decided to create an additional table in the same database.
The additional table uses the UserId from the the SqlMembershipProvider table; aspnet_Users as aPrimary Key and then Reference the UserId in the aspnet_Users as a Foreign Key.
I created a Method using the SqlCommand Object which inserts a First and Last name into the new table when a UserName and Password are created in theaspnet_Users table.
My Question is, is this safe? I am a little worried about how the new table gets theUserId from aspnet_Users table. Is it possible that the wrong ID fromaspnet_Users can be given to the wrong user. This will cause a user ID not to work.
Here is the new Table I created called MPersonal:
Basically this is for demostration only but in reality this will hold the user Name, Phone Number and Address.
CREATE TABLE [dbo].[MPersonal] (
[UserId] UNIQUEIDENTIFIER NOT NULL,
[FirstName] NVARCHAR (30) NOT NULL,
[LastName] NVARCHAR (30) NOT NULL,
[MInitial] NCHAR (1) NOT NULL,
[Email] NVARCHAR (50) NOT NULL,
PRIMARY KEY CLUSTERED ([UserId] ASC),
FOREIGN KEY ([UserId]) REFERENCES [dbo].[aspnet_Users] ([UserId])
);Now here is the Stored Procedure AddNewUserthat Inserts the data into the MPersonal Table using the UserId from the aspnet_Users table.
CREATE PROCEDURE [dbo].[AddUser] @FirstName NVARCHAR(30), @LastName NVARCHAR(30), @MInitial NCHAR(1), @Email NVARCHAR(50) AS SET NOCOUNT ON DECLARE @UserCode NVARCHAR(36) DECLARE @UserEmail NVARCHAR(50) SELECT @UserCode = UserId FROM dbo.aspnet_Users WHERE NOT EXISTS (SELECT UserId FROM MPersonal WHERE
MPersonal.UserId = dbo.aspnet_Users.UserId);
SELECT @UserEmail = Email FROM dbo.aspnet_Membership WHERE NOT EXISTS (SELECT Email FROM MPersonal WHERE
MPersonal.Email = dbo.aspnet_Membership.Email); INSERT INTO [dbo].[MPersonal](UserId, FirstName, LastName, MInitial, Email) VALUES(@UserCode, @FirstName, @LastName, @MInitial, @UserEmail); RETURN 0;
Finally I am inserting the Membership data (username password) and the new table method in a Try/Catch block using the Button Submit/Click event:
try
{
MembershipUser newUser = Membership.CreateUser(inputUsername, inputPassword,
inputEmail, inputSecurityQuestion, inputSecurityAnswer, false, out status);
if (newUser == null)
{
GetErrorMessage(status);
Literal1.Text = "And Error Happened";
}
else
{
ltrDisplayMsg.Text = "Account successfully created";
Database.AddNewUser(inputFirstName, inputLastName, inputMInitial, inputEmail);
ClearTextBoxes(Page);
}
}
catch (MembershipCreateUserException ex)
{
ltrDisplayMsg.Text = ex.Message;
}
And below is the result of the insert: Everything works fine but what happens if 1000 people create an account at the same time?
The Stored procedure inserts the data into the new table with an assumption that the UserId inAddNewUserwhich is not available in the MPersonal table belongs to the record just created.
I really need your help. All I need is a way to add a user information in additiona to creating an account.
Thank you my friends.