In-Depth

Managing User Profiles in ASP.NET 2.0

Learn how to implement user profile management, a hot new feature in ASP.NET 2.0.

In ASP.NET 2.0, user profile management—a hot new feature—is implemented through the Personalization API. The Personalization API is designed for persistent storage of structured data using a friendly and type-safe API. Personalization works in conjunction with an HTTP module. The module loads and saves user-specific data when the page is going to be displayed and saved.

The application defines its own model of personalized data—common to all pages. The data model is written to the web.config file using the new <personalization> section:

<personalization enabled="true">
  <profile>
      <property name="BackColor" type="Color" />
      <property name="ForeColor" type="Color" />
  </profile>
</personalization>

Each <property> tag generates a property in a user profile object. When the page is about to display, the personalization module looks for a class named HttpPersonalization in a well-known assembly named personalization.dll. If such a class is not available, the module extracts the data model out of the web.config file, creates the assembly, and loads it up. An instance of HttpPersonalization is created and bound to the new Profile property in the Page class. Each member of the personalized class data corresponds to a piece of information specific to the current user.

User-specific information is stored in a persistent storage medium managed by a personalization provider object. The default provider employs an Access database named aspnetdb.mdb and located in the Data subdirectory of the application's virtual root. The module reads information out of the database and initializes the user profile object. When the request ends, the current state of the profile object is serialized back to the database ready for another request. Information is saved on a per-user basis. Anonymous users are associated with a fixed identity. Loading and saving personalized data is completely transparent to end users and doesn't even require the page author to know much about the internal plumbing.

You work with the user profile properties through the Profile property on the Page class, as shown here:

Profile.BackColor = Color.Cyan 

The Profile property is of type HttpPersonalization, meaning that any access to the user profile information is strong-typed. However, the structure of the HttpPersonalization class is defined by the application's profile data model and is strictly application-specific. All HttpPersonalization classes created by ASP.NET applications inherit from the same HttpPersonalizationBase class.

Personalization information is loaded immediately after the PreInit event fires to the page and before the page receives the Init event. As mentioned, anonymous users can have their own personalization data. For this to work, though, you must first enable another ASP.NET 2.0 feature—anonymous identification. You can do that using this configuration code:

<anonymousIdentification enabled="true" />

In addition to enabling anonymous identification, you also must mark properties in the <profile> section with a special Boolean attribute—allowAnonymous. This code demonstrates how to set up the web.config file to allow for personalization of anonymous users:

<anonymousIdentification enabled="true" />
<personalization enabled="true">
   <profile>
      <property name="BackColor" 
            type="Color" 
            allowAnonymous="true" />
      <property name="Links" 
            type="StringCollection" 
            allowAnonymous="true" />
   </profile>
</personalization>

Personalization data has no predefined duration and is permanently stored. It is up to the Web site administrator to delete the information when convenient.

Featured

  • Vendors Issue Patches for Linux Container Runtime Flaw Enabling Host Attacks

    This week, the National Institute of Standards and Technology (NIST) described a high-risk security vulnerability (CVE-2019-5736) for organizations using containers that could lead to compromised host systems.

  • Windows 10 Version 1809 Users May Get Visual Studio Crashes

    Microsoft on Friday issued an advisory for Windows 10 version 1809 users about possible Visual Studio crashes.

  • Standardizing the Look of Outlook's Outbound Messages

    Microsoft typically gives users a blank canvas to compose new e-mails in Outlook. In some corporate environments, however, a blank canvas isn't a good thing.

  • Windows 10 'Semiannual Channel Targeted' Goes Away This Spring

    Microsoft plans to slightly alter its Windows servicing lingo and management behavior with its next Windows 10 operating system feature update release, coming this spring.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.