Section 5.8. Manage User Settings

5.8. Manage User Settings

Note: Learn how to programmatically modify user's account information using the Membership class.

So far, you have seen how to modify users' information using the built-in controls that ship with ASP.NET 2.0. A much more versatile approach would be to modify user data programmatically. The Membership class makes this possible and is, in fact, the source of many of the APIs driving all the new Login controls in ASP.NET 2.0.

5.8.1. How do I do that?

In this lab, you will learn how to programmatically modify and access a user's settings. You will create a Web Form and populate it with text boxes and Button controls to let users perform tasks such as changing their passwords and identity validation questions, as well as updating their email addresses. All these tasks will be performed using the Membership and MembershipUser classes.

  1. Using the same project created in the last lab (C:\ASPNET20\chap-5-SecurityControls), add a new Web Form to the project (right-click the Members folder in Solution Explorer and then select Add New Item...; select Web Form). Name the Web Form UserInfo.aspx.

  2. Add a 3 6 table to the Web Form (Layout Insert Table) and populate it with the controls shown in Figure 5-36.

    Figure 5-36. The various controls on the UserInfo.aspx page

  3. When the form is first loaded, retrieve the user's information using the GetUser( ) method from the Membership class. It returns a MembershipUser object. To code the Form_Load event, double-click on the Web Form to switch to the code-behind:

    Protected Sub Page_Load(ByVal sender As Object, _                         ByVal e As System.EventArgs) _                         Handles Me.Load     Dim user As MembershipUser     '---get info about current user     user = Membership.GetUser     Response.Write("Your last login was on: " & _                     user.LastLoginDate & "<br/>")     Response.Write("Your account was created on: " & _                     user.CreationDate & "<br/>")     Response.Write("Your password was last changed on: " & _                     user.LastPasswordChangedDate & "<br/>")     If Not IsPostBack Then         txtUserID.Text = user.UserName.ToString         txtPasswordQuestion.Text = user.PasswordQuestion         txtEmail.Text = user.Email     End If End Sub

  4. Note that the MembershipUser class contains several pieces of information about the user, such as last login date, user creation date, and password last changed date. You can also retrieve the password question (but not the answer to the question).

    Tip: If the user is not authenticated, the Membership.GetUser method returns a null reference.

  5. Add the following displayMessage( ) subroutine to format and display a message on the page:

    Private Sub displayMessage(ByVal str As String)     Response.Write("<br/><b>" & str & "</b>") End Sub

  6. When the Change Password button is clicked, you can change the user's password via the ChangePassword( ) method in the MembershipUser class. This method returns a Boolean value indicating whether the change is successful:

    Protected Sub btnChangePassword_Click(ByVal sender As Object, _                                       ByVal e As System.EventArgs) _                                       Handles btnChangePassword.Click     Dim user As MembershipUser = Membership.GetUser     '==change password===     If txtCurrentPassword.Text <> "" And _        (txtNewPassword.Text <> txtCurrentPassword.Text) And _        txtNewPassword.Text <> "" Then         '---means the user wants to change password         If user.ChangePassword(txtCurrentPassword.Text, _                                txtNewPassword.Text) Then             displayMessage("Password Changed.")         Else             displayMessage("Password Changed Failed.")         End If     Else         displayMessage("Required fields missing")     End If End Sub

  7. You can change the password question and answer using the ChangePasswordQuestionAndAnswer( ) method. It, too, returns a value indicating whether the change is successful:

    Protected Sub btnChangePasswordQuestion_Click( _               ByVal sender As Object, _               ByVal e As System.EventArgs) _               Handles btnChangePasswordQuestion.Click     Dim user As MembershipUser = Membership.GetUser     If txtCurrentPassword.Text <> "" And _        txtPasswordQuestion.Text <> "" And _        txtPasswordAnswer.Text <> "" Then         If user.ChangePasswordQuestionAndAnswer( _            txtCurrentPassword.Text, _            txtPasswordQuestion.Text, _            txtPasswordAnswer.Text) Then             displayMessage("Password Question Changed.")         Else             displayMessage("Password Question Failed.")         End If     Else         displayMessage("Required fields missing")     End If End Sub

  8. When the user clicks on the Update Email button, the email is updated via the UpdateUser( ) method in the Membership class:

    Protected Sub btnUpdateEmail_Click(ByVal sender As Object, _                                    ByVal e As System.EventArgs) _                                    Handles btnUpdateEmail.Click     Dim user As MembershipUser = Membership.GetUser     user.Email = txtEmail.Text     Membership.UpdateUser(user)     displayMessage("Email Updated.") End Sub

  9. Press F5 to test the page. When the page is loaded, you will be prompted to log in (use the Administrator account created in the previous lab). Figure 5-37 shows the page in action. To change the password, type in the current and new passwords and then click on Change Password. To change the password question and answer, fill in the new question and answer and then click Change Question. To change the email address, fill in the new email address and click Update Email.

    Figure 5-37. Modifying a user's information

    Take note that this UserInfo.aspx page should be appropriately protected (using SSL, for example), since passwords are transmitted in the clear.

5.8.2. What about ...

...retrieving all users' information?

You can retrieve all the users' information in your application using the GetAllUsers( ) method in the MembershipUser class:

Dim users As MembershipUserCollection users = Membership.GetAllUsers

The users' information is returned as a MembershipUserCollection. You can then bind it to, say, a GridView control:

GridView1.DataSource = users GridView1.DataBind( )

If you need to reset a user's password, you can use the ResetPassword( ) method in the MembershipUser class. You just need to supply a password answer (if your user account requires one):

Dim newPassword As String = user.ResetPassword(txtPasswordAnswer.Text)

The ResetPassword( ) method returns the new randomly generated password.

5.8.3. Where can I learn more?

Check out the MSDN Help topics "Membership Members" and "MembershipUser Members" for all the properties and methods in the two classes.

For more comprehensive coverage of the GridView control, refer to Chapter 4.

To learn how to configure SSL on IIS, check out:

ASP. NET 2.0(c) A Developer's Notebook 2005
ASP. NET 2.0(c) A Developer's Notebook 2005
Year: 2005
Pages: 104 © 2008-2017.
If you may any questions please contact us: