locked
Web Matrix Security - Change username RRS feed

  • Question

  • User439975351 posted

    Hi all,

    I'm using the standard WebSecurity in web pages but I have a problem updating the username (e.g email). I have the following code which does update the db but does not update the "session cookie"??

    if (action == "changeuser")
            {
                var newusername = Request.Form["changeuser"];
    
                if (Validation.IsValid())
                {
                    sql = "Select Email From UserProfile Where Email=@0";
                    var query = db.QuerySingle(sql, newusername);
                    if(query == null)
                    {                   
                        sql = "Update UserProfile Set Email=@0 Where UserId=@1";
                        db.Execute(sql, newusername, userId);   
                    }
                    else
                    {
                        Response.Redirect("~/account/details/?action=userexists&changeuser=" + newusername);
                    }
                }
            }  

    As a result the logged in sesssion still thinks its current username is the old (pre updated) one.

    Does anyone know how to resolve this or what session data I need to update as part of this process?

    Thanks,

    Jus

    Thursday, June 6, 2013 8:24 AM

Answers

  • User1526116210 posted

    You should log the user out then log them back in after they have changed their username. Change it to something like the following:

    if (action == "changeuser")
            {
                var newusername = Request.Form["changeuser"];
    
                if (Validation.IsValid())
                {
                    sql = "Select Email From UserProfile Where Email=@0";
                    var query = db.QuerySingle(sql, newusername);
                    if(query == null)
                    {
                        sql = "Update UserProfile Set Email=@0 Where UserId=@1";
                        db.Execute(sql, newusername, userId);
                        WebSecurity.Logout();
                        WebSecurity.Login(newusername, password);
                    }
                    else
                    {
                        Response.Redirect("~/account/details/?action=userexists&changeuser=" + newusername);
                    }
                }
            }



    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Tuesday, June 11, 2013 10:44 PM

All replies

  • User-1496281956 posted

    You'd have to log them out i guess, you need to end the current session, or it could be a cache issue, try refreshing several times, Cache is big issue for me with WebPages. 

    Thursday, June 6, 2013 10:13 AM
  • User895691971 posted

    Listen, why not just update the column with usernames? And use that one as username? And let the email for that account work cool!

    That would let you have a rest from that long code for Cookie and would also help you to let the user change the username!

    That pretty more like it, as the user would have access to his account via both, Email and username! (If you want to let him in with username)

    Sunday, June 9, 2013 3:56 PM
  • User1526116210 posted

    You should log the user out then log them back in after they have changed their username. Change it to something like the following:

    if (action == "changeuser")
            {
                var newusername = Request.Form["changeuser"];
    
                if (Validation.IsValid())
                {
                    sql = "Select Email From UserProfile Where Email=@0";
                    var query = db.QuerySingle(sql, newusername);
                    if(query == null)
                    {
                        sql = "Update UserProfile Set Email=@0 Where UserId=@1";
                        db.Execute(sql, newusername, userId);
                        WebSecurity.Logout();
                        WebSecurity.Login(newusername, password);
                    }
                    else
                    {
                        Response.Redirect("~/account/details/?action=userexists&changeuser=" + newusername);
                    }
                }
            }



    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Tuesday, June 11, 2013 10:44 PM
  • User439975351 posted

    I have gone with the log out option, thanks for the replies guys.

    At the moment the user has to "re-login" but if anyone can suggest a way that I can avoid having them login after a username change then I'd welcome that! :)

    Cheers

    Wednesday, June 12, 2013 8:50 AM
  • User1046901242 posted

    A little late, but just add:

    FormsAuthentication.SetAuthCookie(email, ((FormsIdentity)User.Identity).Ticket.IsPersistent);
    

    after your db.Execute statement. At least this works for me.

    When push comes to shove, all WebSecurity does is call this method. The second parameter is whether or not to persist the auth cookie (i.e. "Remember Me"). That last bit if code simply queries the current ticket to get this value.

    Hope this helps.

    Sunday, June 23, 2013 1:30 AM
  • User439975351 posted

    Thanks ptyork :)

    Sunday, July 7, 2013 12:13 PM
  • User439975351 posted

    Thanks ptyork :)

    Sunday, July 7, 2013 12:13 PM