In asp.net 4.0 c#, i have two databases on different servers 1.Sql server 2.Oracle
I want to develop a web application in which the users will login with their id password and then
perform the allowed tasks.
I want to know that how i can make a single connection string for multiple users?
I dont want to make connection string on every page.
I was looking for this for a whole day but could not found any solution.
currently i am not using web.config file but i have a class where i have made a connection string and passed the textbox values to it
and the storing them in static fields and suppling them to other classes , but i dont think it is good approach
i think most of people are not getting what i really want to ask
kindly let me know if you want any confirmation.
for example there are 40 users each having a different id,password (no of users can be increased or decreased) there are two approaches to have a connection string
1)make a connection string in a class
string conn=#"server=MYSERVER;database=mydb;user id="+userid+";password="+password);
but how the userid,password fields can be accessed in web.config? here userid=textbox1.text,,password=textbox2.text;
2)make a connection string in a web.config file
so how?
It is very common for all users to use the same connection string to talk to the database server for a web application, and for the application to control what functions the users can and can't do based on their userid and password and security you build into you application.
In this type of setup, the user's id and password are separate (and different) from the userid and password for the database server.
If you must use a separate userid and password for each users db connection, then you wouldn't store it in a connection string in your config file, but would instead build it dynamically based on the user logging in.
Like this for example:
var userid = "testuser"; //these would come from your login page, not hardcoded
var password = "letmein";
var sqlConn = new SQLConnection("server=MYSERVER;database=mydb;user id="+userid+";password="+password);
Related
I created an application with Visual Studio and ASP.NET 4.0 with MSSQL 2012 Express as backend.
Initially there was no planning of multiple databases, so I programmed the app accordingly with single connection string for a single database.
Now, client's requirements has changed and he is asking for separate database for each year, DATABASE2015 for year 2015, DATABASE2016 for year 2016 and so on.
I will migrate structure and data from previous year database to new year database and thats fine.
But how will I connect to different database for different user as per their year selection at login time?
Also, I am having a single connectionstring in web.config and I have referenced that connection string throughout my project in both code side and html side for asp.net controls.
Please advise.
As Jon P said, what your client is asking would be a nightmare for you to manage and extensive multiple year reporting would be very difficult. But since you have asked a solution, so I think I can guide you somewhere about how to do that.
In your web.config file you could make your connection string as,
<add name="YourConnStr" connectionString="Data Source=.;Initial Catalog={0};UID=sa;PWD=password;"
providerName="System.Data.SqlClient" />
Then on every user login as per the selected year on login screen you would be validating the user name and password from some database table. In that table, you could make a column for storing the database name, and on successful login, store that name in a session variable.
Or you might make another table with a foreign key from Users table. In your new table you could store the database names per user per year.
In your DAL, while getting the connection string for SqlConnection, you could do as,
var db = System.Web.HttpContext.Current.Session["dbName"].ToString(); // from session variable
var connection = System.Configuration.ConfigurationManager.ConnectionStrings["YourConnStr"].ConnectionString;
return new SqlConnection(string.Format(connection, db));
I built an c# desktop application for attendance
application is working fine when i run it on single machine and all is good..
but now issue is ... my boss want this application should work on LAN and every client can access application from server
but i used static variables which store some values at run time and then i utilized these values in next forms.
here is example..
on login form username is stored in static variable as
public static string username;
username = txtUser.Text.Trim().ToString();
and in next form which is Home Page this user name is used as
lblName.Text = Login.username;
here lblName is name of label and Login name of Login form
when i configure this application on LAN then may be at same time more than one user will be logged in and want to access application then each user should see his/her own username....
e-g abc is user 1 and xyz is user 2
if both are logged in at same time then i want abc to see
lblName.Text = "abc"
and xyz to see
lblName.Text = "xyz"
so what should i do to handle this job?
i need not to mix up any information between users...
i used c# windows app.
thanks in advance.
I assume you use static variables on server-side, right?
So, your issue happens because you use static variables.
Static variables are consistent in your class during all period of application is running. And that fields are shared between ALL processes which can use that class. Static variables was designed for this.
As a possible quick solution you can generate something like unique session Id. During client logs in to your system - you need just generate that id on client's side, send it with login information to server. In case of successful authentication server will store id in cache a key. And value of the cache can be object with user's name and other needs.
Every request to your server should be followed with that id. So your server will always know which user it is.
If you need more detailed answer please provide more information about app network structure and it's modules.
I want to pass an additonal string value in connection string so that can see which person was connected.
This connection string is login as sql authentication and log file will show sql user id and computer name but i want to add user name who is connected to my applicaiton.
Is there a way to pass user information who is using that application and add in sql server log file. e.g. message.
string constr = "WorkStation id=computerName;"
+ "packet size=0000"
+ ";user id=user001;"
+ "data source=servername;"
+ "persist security info=True;"
+ "initial catalog=database"
+ ";password=password";
A connection string is intended as a single string that is used by all the users. It's also something that usually is shared by multiple users, because a database has a limited amount of open connections possible. If you have a connection open for every user, you're going to run into scaling issues and connection pool overflows.
If you want to know what user issued the command, the best solution is to use a stored procedure that takes the user information as a parameter and logs it through that.
However, passing user info through the logic layer to the data layer is a code smell. If you need to know who did a transaction, it's better that you log this in the application code instead of through the SQL database.
There is simply no way of doing that directly in to the SQL Logs.
If you want to log the usage you have 2 good options:
1) Create a different SQL user for each username in your application. This is probably only possible if you have Active Directory integration, otherwise it could be a very tedious proces of adding new SQL users
2) Log your application usage from the application into a seperate SQL table. This is how a lot of applications works, and would be considered best practice in this case.
I'm currently developing an application based on ASP.NET MVC3, SQL Server 2008 and EF with database first.
My application requires every user to have it's own SQL Server database. These databases all have an identical structure.
My customers are identified with a customercode, e.g. fgt. This code is provided in the url.
I need to know how can I retrieve the customercode from the url and set the connection string accordingly.
Thanks for the help
My idea is to connect to the database once the customercode is retrieved from the URL and then prompt to user to enter his username and password for access data.
But yes, is a good idea to create a database to store the connection string of each customer.
Can anyone write the code that I need for do this please?. I am new to asp. I come from php.
(I'm just learning English. Sorry about the bad grammar)
Try something like this to get started:
string customerCode = Request.QueryString["cust"].ToString();
string myNewConnString = ConfigurationManager
.ConnectionStrings["MyDatabase"]
.ConnectionString
.Replace("[placeholder]", customerCode);
Where your connection string in your .config is something like this. Note that I've assumed you'll place a token to be replaced ([placeholder]).
<add name="MyDatabase"
connectionString="Data Source=192.168.0.1;Initial Catalog=[placeholder];User ID=foo;Password=bar"
providerName="System.Data.SqlClient" />
Suggest that you whitelist your customers and their connection strings.
setup a web service on your side.
your deployed application calls your web service using the customer code.
web service validates the customer code, and returns a valid conn string.
customer's app keeps the conn string in memory (session, cache, whathaveyou).
This would allow you to ensure the conn string is always valid for a given customer code. You'd have fine grain control on access to the database for any reason (non-payment, etc). Your service would have a few hits thanks to any caching that you build in.
maybe sqlshard could help you in using multiple databases?
http://enzosqlshard.codeplex.com/
Sounds like pretty insecure solution. What if customer put another customer code in URL? Where is validated if customer can access that code if you don't have any central database with customer's permissions?
You need authentication and some central store (additional database) where you will validate that user accessing the application has access permissions to provided URL. It will also validate if such database even exists. Next you need just SqlConnectionStringBuilder and use the customer code as a name of database (or part of the name). For security reason each database should have a separate SQL account with permissions to read only from that database. This db account can also be stored with that central storage with encrypted passwords.
There can be additional complexities if you also expect dynamical adding or removing customer codes = databases. That would require high privileged account to manage logins, accounts, databases, etc.
Because you are asking how to get part of Uri it looks like you have almost no experience with ASP.NET MVC and perhaps with everything related. You should definitely ask any more skilled colleague or boss to review your architecture because at this point it looks like you are going to have serious problems and you can develop very insecure application which can significantly harm reputation of your company and your customer.
I am deploying a Windows Application that uses SQL Server 2005. The program will use SQL Authentication.
My question is, how do you handle the connection string when you don't know what the username/password will be? Do you load this from an encrypted file? Or are there provisions for handling this already?
If the user will provide their login details (username and password) then you just need to provide the ability to enter them in your app, e.g. show a dialog asking for these details. You can then use those values the user gives to build the connection string in your code.
Alternatively, if all your users are going to be using a single SQL account to connect then you can put the connection string in your app.config file using encryption if you want to hide it from your users, see cmsjr's answer for an example of how to do this.
Alternatively, if you're developing this on an internal domain (intranet) then switch your database to integrated security and put your users domain accounts into the relevant access group on your database server. Then you won't have to worry about collecting username or passwords at all.
If the enduser will provide the password you don't need to do anything, dont save the usernamne/password in the config file.
If you don't want the end user to provide the password you could put it in the config file at installation. But that could be a problem if the username needs to be changed and you have encrypted the connectionstring.
Encrypting sections of the configuration is not as simple for a windows app as for a web app, but it is certainly doable. Here's a sample.
Just make sure to check the username/password for "weird" characters that the user might enter. The last thing you want is for them to change around your connection string. Then basically you just specify the driver (if using ODBC), the database, the server, but leave all the username/password and trusted connection info out. Then just tack on username= and password= which will be set equal to what was entered by the user on the end. However watch out for semicolons. I've never tried to see what happens if there is both a username/password and a trusted_connection = true.