User Identification for ASP.NET Profile Properties
The ASP.NET user profile feature is designed to provide information that is unique to the current user. Profiles can work with either authenticated users or with anonymous (non-authenticated) users.
By default, a user profile is associated with the user identity stored in the User property of the current HTTP context, accessible through the HttpContext.Current property. The user identity is determined by:
The ASP.NET Forms authentication system, which sets the user identity after successful authentication.
Windows or Passport authentication, which sets the user identity after successful authentication.
Custom authentication, where you manage getting user credentials and setting the user identity manually.
ASP.NET Forms authentication involves creating a login form and prompting the user for credentials. You can use the ASP.NET login controls to create the login form and perform Forms authentication without writing any code. For information on using ASP.NET features to authenticate users, see ASP.NET Login Controls Overview and Managing Users by Using Membership. For information about Forms authentication, see How to: Implement Simple Forms Authentication.
Profiles can also work with anonymous users. Support for anonymous profiles is not enabled by default, so you must explicitly enable it. In addition, when you define profile properties in the Web.config file, you must explicitly make them available individually for anonymous users. Profile properties do not support anonymous access by default because profiles may be designed to work with authenticated users, and many properties are likely to pertain to personal information that is not available for anonymous users.
If anonymous identification is enabled, ASP.NET creates a unique identification for users the first time they visit your site. The unique user identification is stored in a cookie on the user's computer so that the user can be identified with each page request. The cookie's default expiration is set to approximately 70 days and is periodically renewed when a user visits the site. If the user's computer does not accept cookies, the user's identification can be maintained as part of the URL of the page request, although the identification will be lost when the user shuts down the browser.
For information on enabling anonymous identification, see the anonymousIdentification Element (ASP.NET Settings Schema).
In some cases, your application might initially be maintaining personalization information for an anonymous user, but eventually the user logs in to your application. In that case, the user's identity changes from the assigned anonymous user identity to the identity provided by the authentication process.
When users log in (that is, when they stop being anonymous users), the MigrateAnonymous event is raised. You can handle this event to migrate information from the user's anonymous identity to the new authenticated identity, if necessary. The following code example shows how to migrate information when a user is authenticated.
Public Sub Profile_OnMigrateAnonymous(sender As Object, args As ProfileMigrateEventArgs) Dim anonymousProfile As ProfileCommon = Profile.GetProfile(args.AnonymousID) Profile.ZipCode = anonymousProfile.ZipCode Profile.CityAndState = anonymousProfile.CityAndState Profile.StockSymbols = anonymousProfile.StockSymbols '''''''' ' Delete the anonymous profile. If the anonymous ID is not ' needed in the rest of the site, remove the anonymous cookie. ProfileManager.DeleteProfile(args.AnonymousID) AnonymousIdentificationModule.ClearAnonymousIdentifier() ' Delete the user row that was created for the anonymous user. Membership.DeleteUser(args.AnonymousID, True) End Sub