[2008] Membership Provider to allow duplicate usernames and assign different roles?

[nlraley]

I'm developing a web site app and I am also going through and creating a user registration through windows forms. As you may know if you have seen my previous posts.

Well I have everything up and running except I have one small problem.

It's not allowing me to add duplicate usernames to my aspnetdb.

Problem is I want duplicate usernames for simplicity sake and to distinguish between the users by their userid, not necessarily the username.

Each user is assigned a different userid, so this should be possible right? However, when i create a user with the same username I get the duplicate username error. And when I try to add them to a role I get that user already exists in the role.

Why isn't the duplicate username being entered into the aspnetdb with a different userid?

[Hack]

Isn't duplicate user names going to create no end of confusion for the other users?

How would the other folks know that "Hack" UserId 1 = John and "Hack" UserId 2 = Sam if the only thing they ever see is simply "Hack"

[nlraley]

Okay, setting up my application name lets me add both users.

However, adding the user to role pops up the error that the user already exists in the role.

The AddUserToRole only accepts two parameters, username and role, however is the usersinroles table there is only a userid and a roleid. So how can I pass this table the userid and the roleid instead of the generic username?

[nlraley]

I don't see why it really would.

They have unique emails, names associated with them, etc.

Reason why I am wanting duplicates is b/c their accounts will be auto generated and was wanting to keep their usernames as simple as possible. I mean I could go through and toss in the last 4 of the ssn or mmdd of their bday for username, but that's getting more and more complex for them to use.

And since their usernames are auto generated adding more information provides people with more of their user information when displaying their pages and whatnot, does it not? Or should I just do searches by their actual user information such as their FirstName, LastName, etc. and not by usernames?

[nlraley]

Well, guess I'll just force the unique userid and then just hide the userid from everything but the actual sign in page.

[techgnome]

Usernames should be unique, plain and simple. If you need to, then generat a random 4 digit number to add to the username when it is created. If multiple people have the same username and the only thing to seperate them is a password... then when "Hack #1" (being John) logs in.... how does it know which "Hack" he is? Or what if he some one manages to login as the other "Hack" (Billy Bob)? Now, suddenly the wrong hack has access to stuff he may not normally have access to.

I don't think asking people to remember 4 extra digits is too much. An alternative is to make their user name their firstname.lastname....
but I wouldn't use their birthday or ssn, as that's a privacy act violation.

-tg

[nlraley]

Was going to allow duplicate usernames and do the check on the password, if they password is the same (although the probabilities of a strong password being exactly the same with same FirstInitial, MiddleInitial, LastName is unlikely) perform a simple check against the user's email, which is guaranteed to be unique with the way I have it assigned.

So, I just did FirstInitial, MiddleInitial, LastName, last 4 of SSN for a username. It will just be used to log in and never be displayed on any form of input.

I am still interested however if doing my original concept is possible.

Adding the same usernames is fine, and they are given a guid, however I can't assign them to roles unless I directly force access to the database and write directly into it because the add user to role only accepts the username and role as parameters.

[mendhak]

The membership APIs have been built with unique usernames in mind. If this fundamental feature is something you want to change, then you're better off writing your own authentication mechanism.

Also, if you really want to be unique, just give each user a GUID. I'm sure they'd love to remember something like e234819d-5184-440b-af7b-e519f2d4420e


However, in most applications for all intents and purposes, an email address as a username or a simple username is enough since the underlying mechanism already takes care of unique usernames! So there isn't much point trying to circumvent existing functionality for creating your own version of the same.

From what I'm trying to understand - at some point a user will be giving you some details. You seem to have their name, SSN and email address. So you could actually ask for a username too at that point and perform a uniqueness check right there. If you can't, though, then the email address should do the trick. If there ever is a conflict, then you know that someone has lied and so doesn't really qualify for an account.

[nlraley]

Well, for my final project I was working on a Blackboard portion of a web site. I was wanting to tie in student registration for the school with the actual registration process of the Blackboard site.

Hence why I did the user creation, course registration, and student signing up for classes all through window forms backboning off the asp.net membership and role providers.

Also why I have their information. Instead of typing in some random username at the start, same goes for email and password, I use the information that would normally be collected when a student registers through the registration office and used that to designate usernames, emails, and passwords based off the first initial, middle initial, last name, and I'm guessing now SSN. This keeps the hassle off the registrars office and makes remembering things alot easier.

Since users on this aspect of the site were only going to be available in the classes they were registered for, having non unique usernames wouldn't have been very confusing. Since the probability of 2 or more users with the same first initial, middle initial, and last name are going to be relatively rare, and that even if it did occur it was in a relatively small class room and people would distinguish between them from the most part. In the back end I always have the unique email, strong password ( which again could be the same but odds are they aren't), and then the GUID that the CreateUser automatically stores in the Users table.

Problem was when you add a user to roles, it references username and not the GUID of the username for some reason, even though it stores that GUID into the UserInRoles table along with the RoleID. So beats me there.

Anyways, right now I have a username of first initial, middle initial, last name, last 4 of SSN. Passwords and emails are determined in a similar manner. All of this assigning is done through private read only properties within a class so is actually separated from the user interface and the actual program. Also makes moving it to a different registration system and platform much easier.

I'm course registration now. Maybe you guys can help with a question I have now since I had user SSN added to the username.

I'm wanting to pull all the users with roles as instructors to populate a combo box for course registration so they registrars is forced to only add instructors that have already been registered as the class instructor.

Problem is now I have 4 numbers tagged onto the end of the username, and the usernames vary in size. My code for doing this is rather simple. I'm going to create a view, since for some reason the way I was trying to access this was trying to assign a system.data to a system.data.view or some error message of that sort.

But anyway, I basically have this after I create my view, from this select statement:

Code:

SELECT     aspnet_UsersInRoles.UserId, aspnet_Users.UserName
FROM         aspnet_UsersInRoles INNER JOIN
                      aspnet_Users ON aspnet_UsersInRoles.UserId = aspnet_Users.UserId INNER JOIN
                      aspnet_Roles ON aspnet_UsersInRoles.RoleId = aspnet_Roles.RoleId
WHERE     (aspnet_Roles.RoleName = 'Instructor')

I have created a binding source for that view and I have this:

Code:

For each r As Data.DataRow In InstructorsBindingSource
		cmbInstructors.Items.Add(r!UserName)
	Next

So, question is, how do I chop of those last 4 numbers from the username to display in this combo box?

[nlraley]

Could I just do an append and then for the starting point do a count on the string and start at the count -4 location?

[mendhak]

If it's at the end of the username, your question is one of string parsing.

vb Code:

Dim currentUserName As String = r.Item("UserName").ToString()
currentUserName = currentUserName.Remove(currentUserName.Length-4,4)

(Might be 5, try it out)