Manually changing username in Asp.Net Membership

asp.net

I am able to change a username by directly accessing the asp.net membership user tables. However, the old username is preserved in a new row and assigned a new UserID automatically by asp.net. How do I stop that from happening?

EDIT: only in the users table and roles table, not the membership table.

var mUser = dc.aspnet_Users
            .Where(u => u.UserId == (Guid)user.ProviderUserKey)
            .Select(u => u).SingleOrDefault();

mUser.UserName = newName;
mUser.LoweredUserName = newName.ToLower();

try
{
    dc.SubmitChanges();
}
catch
{
    ...
}

Best Answer

Changing username is not supported by the sql membership provider in ASP.NET 2.0. You can still change the username but you have to use custom implementation.

Also you have to update the membership cookie with the new username in order to avoid recreation of the user with the same username but new UserId.

In the example below I use Linq to SQL to update the membership tables - I have data context called MembershipDataContext.

public bool ChangeUserName(Guid userId, string newUserName)
{
    bool success = false;
    newUserName = newUserName.Trim();

    // Make sure there is no user with the new username
    if (Membership.GetUser(newUserName) == null)
    {
        MembershipUser u = Membership.GetUser(userId);
        string oldUsername = u.UserName;
        // get current application

        MembershipDataContext context = new MembershipDataContext ();
        aspnet_User userToChange = (from user in context.aspnet_Users
                                    where user.UserId == userId
                                    select user).FirstOrDefault();

        if (userToChange != null)
        {
            userToChange.UserName = newUserName;
            userToChange.LoweredUserName = newUserName.ToLower();

            context.SubmitChanges();

            // ASP.NET Issues a cookie with the user name. 
            // When a request is made with the specified cookie, 
            // ASP.NET creates a row in aspnet_users table.
            // To prevent this sign out the user and then sign it in

            string cookieName = FormsAuthentication.FormsCookieName;
            HttpCookie authCookie = 
              HttpContext.Current.Request.Cookies[cookieName];

            FormsAuthenticationTicket authTicket = null;

            try
            {
                authTicket = 
                    FormsAuthentication.Decrypt(authCookie.Value);

                FormsIdentity formsIdentity = 
                    new FormsIdentity(
                        new FormsAuthenticationTicket(
                            authTicket.Version, 
                            newUserName, 
                            authTicket.IssueDate, 
                            authTicket.Expiration, 
                            authTicket.IsPersistent, 
                            authTicket.UserData));

                string y = HttpContext.Current.User.Identity.Name;
                string[] roles = 
                    authTicket.UserData.Split(new char[] { '|' });
                System.Security.Principal.GenericPrincipal genericPrincipal = 
                    new System.Security.Principal.GenericPrincipal(
                                                        formsIdentity, 
                                                        roles);

                HttpContext.Current.User = genericPrincipal;
            }
            catch (ArgumentException ex)
            {
                // Handle exceptions
            }
            catch( NullReferenceException ex)
            {
                // Handle exceptions
            }

            FormsAuthentication.SignOut();
            HttpContext.Current.Session.Abandon();
            FormsAuthentication.SetAuthCookie(newUserName, false);
            success = true;
        }
    }

    return success;
}

Website:

The Web Site project is compiled on the fly. You end up with a lot more DLL files, which can be a pain. It also gives problems when you have pages or controls in one directory that need to reference pages and controls in another directory since the other directory may not be compiled into the code yet. Another problem can be in publishing.

If Visual Studio isn't told to re-use the same names constantly, it will come up with new names for the DLL files generated by pages all the time. That can lead to having several close copies of DLL files containing the same class name, which will generate plenty of errors. The Web Site project was introduced with Visual Studio 2005, but it has turned out not to be popular.

Web Application:

The Web Application Project was created as an add-in and now exists as part of SP 1 for Visual Studio 2005. The main differences are the Web Application Project was designed to work similarly to the Web projects that shipped with Visual Studio 2003. It will compile the application into a single DLL file at build time. To update the project, it must be recompiled and the DLL file published for changes to occur.

Another nice feature of the Web Application project is it's much easier to exclude files from the project view. In the Web Site project, each file that you exclude is renamed with an excluded keyword in the filename. In the Web Application Project, the project just keeps track of which files to include/exclude from the project view without renaming them, making things much tidier.

Reference

The article ASP.NET 2.0 - Web Site vs Web Application project also gives reasons on why to use one and not the other. Here is an excerpt of it:

You need to migrate large Visual Studio .NET 2003 applications to VS 2005? use the Web Application project.

You want to open and edit any directory as a Web project without creating a project file? use Web Site project.

You need to add pre-build and post-build steps during compilation? use Web Application project.

You need to build a Web application using multiple Web projects? use the Web Application project.

You want to generate one assembly for each page? use the Web Site project.

You prefer dynamic compilation and working on pages without building entire site on each page view? use Web Site project.

You prefer single-page code model to code-behind model? use Web Site project.

Web Application Projects versus Web Site Projects (MSDN) explains the differences between the web site and web application projects. Also, it discusses the configuration to be made in Visual Studio.

ASP.NET username change

cptScarlet's link was good, however I despise using stored procedures if I don't have to and I favor Entity Framework whenever possible. Here's what I did to change the user name, using EF 4.0 and .NET 4.0:

Right click project -> Add New Item -> ADO.NET Entity Data Model
Give it a proper name, I chose "MembershipModel.edmx" and click Add
Select Generate from database and click Next
Add the connection to your 'aspnetdb' database (the ASP.NET membership database)
Give it a proper name, I chose "MembershipEntities"
Click Next
Drill into Tables and select aspnet_Users
Change the Model Namespace to MembershipModel
Click Finish

Now you can add code to create the EF object context and modify the database:

public void ChangeUserName(string currentUserName, string newUserName)
{
    using (var context = new MembershipEntities())
    {
        // Get the membership record from the database
        var currentUserNameLowered = currentUserName.ToLower();
        var membershipUser = context.aspnet_Users
            .Where(u => u.LoweredUserName == currentUserNameLowered)
            .FirstOrDefault();

        if (membershipUser != null)
        {
            // Ensure that the new user name is not already being used
            string newUserNameLowered = newUserName.ToLower();
            if (!context.aspnet_Users.Any(u => u.LoweredUserName == newUserNameLowered))
            {
                membershipUser.UserName = newUserName;
                membershipUser.LoweredUserName = newUserNameLowered;
                context.SaveChanges();
            }
        }
    }
}

Note: I did not account for application ID's in my code. I typically only ever have one application using the ASP.NET membership database, so if you have multiple apps, you'll need to account for that.

Best Answer

Related Solutions

.net – ASP.NET Web Site or ASP.NET Web Application

Website:

Web Application:

ASP.NET username change

Related Topic