Vulnerability in EPiServer.Forms
We have an EPiServer 9 site where users are authenticated using a multiplexingmembershipprovider, which in turn uses the WindowsMembershipProvider.
During the log on process, I want to access the user's First Name, Last Name, and Email address, as associated with the windows account that was validated. I am getting back the username and the appropriate groups, but can't work out how to access the additional profile information. The defaultProfileProvider already covers these fields, so I wasn't expecting to need to do anything custom to link these up.
Can someone show me how to access the membership user's profile information during the login process (e.g. after Membership.ValidateUser(...) returns)?
Membership provider doesn't have that functionality so you would need some custom coding to query AD by using the System.DirectoryServices namespace in .NET and then set the EPiServer Profile from that (which is stored in SQL server by default).
Something like the following should work:
var userPrincipal = UserPrincipal.Current;
var lastName = userPrincipal.Surname;
var email = userPrincipal.EmailAddress;
var currentProfile = EPiServer.Personalization.EPiServerProfile.Current;
currentProfile.LastName = lastName;
currentProfile.Email = email;
Doing this on log on will always keep an updated profile in EPiServer or a slightly different if you want to use a scheduled job to synch changes for all users in a nightly run or similar...