ASP.NET Membership

[Tem]

Im making a photo gallery application where users can only see their own
photos.
My photos table looks like this
Id, PhotoName, PhotoURL, PhotoUser

I need to know how I can integrate this with ASP.NET's membership provider
Can someone points me to the right direction

Thanks

Tem

[Scott M.]

You'll need to create your own custom provider if you wish to manage, not
only the users & roles but also the photo data.

http://www.devx.com/asp/Article/29256

"Tem" <tem...@yahoo.com> wrote in message
news:%23FSXuiM...@TK2MSFTNGP02.phx.gbl...

[Phil H]

I'm not sure what you mean by "integrate" but the requirement you
describe could be met by filtering the data table on Membership
username (if that differs from PhotoUser then add an extra column)
which is easily read with the Membership.getuser() function.

[Tem]

Thanks

If I understand this correctly PhotoUser would store the username of the
user the photo belongs to. Wouldn't this be slow performance wise?
(searching a string)
would it be faster to use UserID uniqueidentifier instead?

"Phil H" <goo...@philphall.me.uk> wrote in message
news:aa5c6776-b9e8-4e9e...@e6g2000prf.googlegroups.com...

[Mohamad Elarabi [MCPD]]

Not if you indexed the PhotoUser column.

--
Mohamad Elarabi
MCP, MCTS, MCPD.

[Tem]

how would I do that?

"Mohamad Elarabi [MCPD]" <MohamadEl...@discussions.microsoft.com>
wrote in message news:5879D58F-89BB-4CA5...@microsoft.com...

[clintonG]

Jeeeeeeeesus are you getting a bunch of nonsense for advice or what? Mohamad
was the only guy who tried to set you straight. First of all clean up your
redundant use of the PhotoUser column in your table as it is not needed and
poor design. Delete it.

Secondly, you do not neet to write your own "provider" that was nonsense.
The Membership, Roles and Profiles released in 2.00 are very
powerful --but-- you need to learn how to use them. Start by reading maybe?

//search.live.com
membership overview site:msdn2.microsoft.com

Membership and Roles are so powerful in fact that we can filter content out
of a page right down to a single image, a sentence or even a single word if
we do not want anoybody to see that specific content. Just learn Membership
and Roles. We can get the identity of anybody logged in from any page at any
time. All you need to do is learn how and using search is the way to get
started.

--
<%= Clinton Gallagher
NET csgallagher AT metromilwaukee.com
URL http://clintongallagher.metromilwaukee.com/

"Tem" <tem...@yahoo.com> wrote in message

news:%23IF$nvXSIH...@TK2MSFTNGP02.phx.gbl...

[Tem]

Believe me I tried. I have read those documentations and watched all the
video tutorials. They covered how to create login page, set up user profile,
web.config....none of them addressed what I'm trying to do.
that is why I posted my question here. maybe im not reading them correctly,
if you can point me to the right direction that would be really helpful.

Tem

"clintonG" <nob...@nowhere.com> wrote in message
news:OwL809XS...@TK2MSFTNGP06.phx.gbl...

[sloan]

I think you may be confusing what the Membership and Role provider can do.

Lets take a generic example.

I work at a hospital.

There are a few roles.

VP
HR
Worker

Let's say there is a business rule which says...
VP can delete employees under them.
HR can delete any employee.
Worker can't delete anybody.

So maybe here is a webpage called

employeedelete.aspx

look at the vp rule. even though the vp can delete employees...he/she can
only delete CERTAIN employees, not all employees.
thus when the vp visits the page "employeedelete.aspx"...only a handful of
emp's should show up.

the filtering is NOT handled by the membership or role provider. you have
to do that.

being able to see employeedelete.aspx in the sitemap, being able to visit
employeedelete.aspx page, that is (kinda) handled via the 2 providers.

so your "can see my images" rule is like the VP deleting employees. the
user can see images, but only his/her images. not everyones.

so the user (in role of "normaluser" for example) can get to a page called
imagesShowForUser.aspx
but YOU need to write the filtering code for which images show up here on
this page.

Membership is going to allow you to create users ... and all that jazz
(passwords, password reset, etc)...
Roles will allow you to put userX into a role (like "normalUser").

But you still need to code up the filtering for a user getting only his/her
images.

"Tem" <tem...@yahoo.com> wrote in message

news:uC80m$YSIHA...@TK2MSFTNGP04.phx.gbl...

[Tem]

This is what I don't understand
How would it know, who the photo belongs to if there wasn't an identifier
field (PhotoUser) in the Photo table?

"sloan" <sl...@ipass.net> wrote in message
news:#0u#czZSI...@TK2MSFTNGP03.phx.gbl...

[Phil H]

On 28 Dec, 18:28, "clintonG" <nob...@nowhere.com> wrote:
> Jeeeeeeeesus are you getting a bunch of nonsense for advice or what? Mohamad
> was the only guy who tried to set you straight. First of all clean up your
> redundant use of the PhotoUser column in your table as it is not needed and
> poor design. Delete it.
>
> Secondly, you do not neet to write your own "provider" that was nonsense.
> The Membership, Roles and Profiles released in 2.00 are very
> powerful --but-- you need to learn how to use them. Start by reading maybe?
>
> //search.live.com
> membership overview site:msdn2.microsoft.com
>
> Membership and Roles are so powerful in fact that we can filter content out
> of a page right down to a single image, a sentence or even a single word if
> we do not want anoybody to see that specific content. Just learn Membership
> and Roles. We can get the identity of anybody logged in from any page at any
> time. All you need to do is learn how and using search is the way to get
> started.

Speaking as one of those other than Mohamid who offered advice here I
would make the following observations:

(1) It is reasonable to suspect that the PhotoUser column is redundant
but without more information about background and context I was a
little cautious in suggesting it should be deleted.

(2) Yes it is true that loginViews can filter out various elements
according to identity and privelege but that is not the kind of
filtering that was being requested in this case. All that was asked
for is that the user only see records from a datasource that are
relevent to them personally. Ordinary row filtering is straight-
forward enough and probably simpler than constructing a LoginView type
control to meet that particular need (what are you going to do, create
an individual template for every user?).

I don't see any performance issues. If your application is data-driven
then the suggested solutions will not make it any worse.

[Mohamad Elarabi [MCPD]]

To index the PhotoUser column run the following SQL command

CREATE INDEX PhotoUserIndex ON Photos (PhotoUser)

The syntax is

Create Index [IndexName] On [TableName] ([ColumnName])

Imho there isn't much wrong with your current approach, and as far as
efficiency this is just fine. There may be benifits to taking advantage of
.Net membership but if you can't implement it you're just wasting your time.
Put it down on your "to learn" list but my advice is to move on with this
project and start a little test project where you can play around with
membership, roles, authorization, personalization, themes, webparts, etc.
These are all very cool and good to know features of the .Net 2.0 framework.

Good luck.

[Phil H]

On 29 Dec, 20:44, "Tem" <tem1...@yahoo.com> wrote:
> This is what I don't understand
> How would it know, who the photo belongs to if there wasn't an identifier
> field (PhotoUser) in the Photo table?

I don't know whether I made it clear but I suggested that the
"username" (or user id) that users log in with could be used as a
unique identifier in the photo table. To achieve this a column would
have to be created to contain it, and the identity added to the table
as part of the process of creating user accounts with the Membership
object. It does in effect mean that two databases are being used along-
side each other - the photo database and the membership one but
without a lot of extra coding to create a custom membership provider
it is unavoidable.

[sloan]

I would agree with this approach as well.

If your photos are unique to each user..than sure

Table dbo.Photo
PhotoUUID
UserID ( FK to the membershp...UserID (guid)
PhotoName
--(etc, add others columns if necessary)

that would work.

Then you can write your own usp (user stored procedure) to get a photo list
for a specific UserID

But YOU have to roll this code. Aka, the filtering.

You can use and piggy back off of the UserId (guid) as the uniqueidentifier
for each user...but what I was getting at is that the Membership/Role
providers aren't going to magically do this for you.

create proc dbo.uspPhotoListGetByUserId
( @UserId uniqueidentifier )
as

Select PhotoUUID , UserId, PhotoName, (etc , etc)
From
dbo.Photo ph
where
ph.UserId = @UserId

Go

You'll be able to know the UserId from the membership stuff..but you'll have
to create and call uspPhotoListGetByUserId when needed.

"Phil H" <goo...@philphall.me.uk> wrote in message

news:717495e1-8af9-451a...@i72g2000hsd.googlegroups.com...

[Tem]

Is there a way to add this to Membership.GetUser(),
an overload method that gets user by uniqueidentifier GUID instead of by
username

"sloan" <sl...@ipass.net> wrote in message

news:O2MNMBWT...@TK2MSFTNGP05.phx.gbl...