Membership user names and DotNetOpenAuth

Question

I found an article describing how to connect existing membership with OpenID but when user uses some OpenID provider to login first time my app creates account from him, it puts his authenticate link as username, and display name as comment.How am I currently determining what to show as username:

string username = Membership.GetUser(UserID).UserName;

            return string.IsNullOrEmpty(Membership.GetUser(UserID).Comment) ? username : Membership.GetUser(username).Comment;

This really isn't a problem,but now I have to link somehow to user profile page, and I am not sure how to do that, here is an example of what could work for me:

www.example.com/users/Guid/DisplayName

Display name is either username if he registered through my page or comment if user used OpenID provider do create account.

if I did something like:

 www.example.com/users/DisplayName

I'm not sure it won't display wrong user since someone could regeister username "Foo" through membership and some other user is using that username with OpenID so he would get "Foo" in his comment field

So to finish my question, would it be bad to put user GUID in routed url as I saw similar stuff on many other websites,or is there way to derive integer from GUID back and forth?

Andrew Arnott · Accepted Answer

A GUID can certainly be put into a URL (probably without curly braces around it). Alternatively as a 128-bit number, it can also be represented in a base64 string, which would be shorter than a GUID. Either one is pretty user-unfriendly, but your concern about collisions between different types of user accounts seems justified.

Here is how you could convert a GUID into a base64 web-safe string. Code snippets courtesy of DotNetOpenAuth utilities).

Guid userGuid; // value comes from your database
ConvertToBase64WebSafeString(userGuid.ToByteArray());


    /// 
    /// Converts to data buffer to a base64-encoded string, using web safe characters and with the padding removed.
    /// 
    /// The data buffer.
    /// A web-safe base64-encoded string without padding.
    internal static string ConvertToBase64WebSafeString(byte[] data) {
        var builder = new StringBuilder(Convert.ToBase64String(data));

        // Swap out the URL-unsafe characters, and trim the padding characters.
        builder.Replace('+', '-').Replace('/', '_');
        while (builder[builder.Length - 1] == '=') { // should happen at most twice.
            builder.Length -= 1;
        }

        return builder.ToString();
    }

And of course convert back from the URL base64 string to a Guid:

string base64SegmentFromUrl; // from incoming web request to profile page
Guid userGuid = new Guid(FromBase64WebSafeString(base64SegmentFromUrl);

    /// 
    /// Decodes a (web-safe) base64-string back to its binary buffer form.
    /// 
    /// The base64-encoded string.  May be web-safe encoded.
    /// A data buffer.
    internal static byte[] FromBase64WebSafeString(string base64WebSafe) {
        Requires.NotNullOrEmpty(base64WebSafe, "base64WebSafe");
        Contract.Ensures(Contract.Result() != null);

        // Restore the padding characters and original URL-unsafe characters.
        int missingPaddingCharacters;
        switch (base64WebSafe.Length % 4) {
            case 3:
                missingPaddingCharacters = 1;
                break;
            case 2:
                missingPaddingCharacters = 2;
                break;
            case 0:
                missingPaddingCharacters = 0;
                break;
            default:
                throw ErrorUtilities.ThrowInternal("No more than two padding characters should be present for base64.");
        }
        var builder = new StringBuilder(base64WebSafe, base64WebSafe.Length + missingPaddingCharacters);
        builder.Replace('-', '+').Replace('_', '/');
        builder.Append('=', missingPaddingCharacters);

        return Convert.FromBase64String(builder.ToString());
    }

Membership user names and DotNetOpenAuth

Answers (1)

Related Questions