In-Depth

Managing User Profiles in ASP.NET 2.0

Learn how to implement user profile management, a hot new feature in ASP.NET 2.0.

In ASP.NET 2.0, user profile management—a hot new feature—is implemented through the Personalization API. The Personalization API is designed for persistent storage of structured data using a friendly and type-safe API. Personalization works in conjunction with an HTTP module. The module loads and saves user-specific data when the page is going to be displayed and saved.

The application defines its own model of personalized data—common to all pages. The data model is written to the web.config file using the new <personalization> section:

<personalization enabled="true">
  <profile>
      <property name="BackColor" type="Color" />
      <property name="ForeColor" type="Color" />
  </profile>
</personalization>

Each <property> tag generates a property in a user profile object. When the page is about to display, the personalization module looks for a class named HttpPersonalization in a well-known assembly named personalization.dll. If such a class is not available, the module extracts the data model out of the web.config file, creates the assembly, and loads it up. An instance of HttpPersonalization is created and bound to the new Profile property in the Page class. Each member of the personalized class data corresponds to a piece of information specific to the current user.

User-specific information is stored in a persistent storage medium managed by a personalization provider object. The default provider employs an Access database named aspnetdb.mdb and located in the Data subdirectory of the application's virtual root. The module reads information out of the database and initializes the user profile object. When the request ends, the current state of the profile object is serialized back to the database ready for another request. Information is saved on a per-user basis. Anonymous users are associated with a fixed identity. Loading and saving personalized data is completely transparent to end users and doesn't even require the page author to know much about the internal plumbing.

You work with the user profile properties through the Profile property on the Page class, as shown here:

Profile.BackColor = Color.Cyan 

The Profile property is of type HttpPersonalization, meaning that any access to the user profile information is strong-typed. However, the structure of the HttpPersonalization class is defined by the application's profile data model and is strictly application-specific. All HttpPersonalization classes created by ASP.NET applications inherit from the same HttpPersonalizationBase class.

Personalization information is loaded immediately after the PreInit event fires to the page and before the page receives the Init event. As mentioned, anonymous users can have their own personalization data. For this to work, though, you must first enable another ASP.NET 2.0 feature—anonymous identification. You can do that using this configuration code:

<anonymousIdentification enabled="true" />

In addition to enabling anonymous identification, you also must mark properties in the <profile> section with a special Boolean attribute—allowAnonymous. This code demonstrates how to set up the web.config file to allow for personalization of anonymous users:

<anonymousIdentification enabled="true" />
<personalization enabled="true">
   <profile>
      <property name="BackColor" 
            type="Color" 
            allowAnonymous="true" />
      <property name="Links" 
            type="StringCollection" 
            allowAnonymous="true" />
   </profile>
</personalization>

Personalization data has no predefined duration and is permanently stored. It is up to the Web site administrator to delete the information when convenient.

Featured

comments powered by Disqus

Subscribe on YouTube