Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 9 years ago.
Improve this question
I am creating a MVVM application and the basic system allows a user to register, login, and add data to a database.
There are multiple users, so I want the system to be able to maintain the user's credentials/state after they login and have the application open.
So far I haven't been able to find any good tutorials online to advise me about this, so if anyone knows any or knows of a way to do this I would really appreciate some help.
Thanks.
You can use application settings as a store for user state and credentials. To store settings in user's profile, you should set corresponding scope for each setting you'll define.
Consider settings as a part of application model (Model in MVVM).
Build model when starting application, using application settings, and save it on application shutdown.
Also, do not store passwords in clear text. Use ProtectedData to encrypt and decrypt passwords.
Use cookies or local storage are 2 things that jump out to me.
Simply, after receiving the username and password of the user, if the credentials are correct generate a guid and save it to db for that user and add this guid in cookies also. And on every request search the guid value in db and authorize the user if the guid is existing.
Related
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 3 years ago.
Improve this question
I need my program to be able to connect to some kind of a database (e.g. SQL) and obviously the program needs the password to get access to the database. And setting a hardcoded variable with a password would be more than enough but I want to think like it's a real life situation. So I want it to be stored securely, and hardcoding a password to the code from what I know is not a very good idea. How do I do it then? I searched multiple forums, topics and maybe there was an answer but im not gonna lie it is complicated. Any help?
It's a broad question but the simple answer is that you would not store it but instead make the user provide a password.
Typically you would have an API server between an app and a database rather than allow direct access to the DB. The API would have a route that accepts a username and password and returns a jwt or some other kind of authorization token. Subsequent calls to the API would also send the token, which is used to verify the requests. You can store the authorization token locally but its something you should try to protect from other applications as much as possible.
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 5 years ago.
Improve this question
I have a number of projects developed in WinForms. Despite looking around on SO and other areas I've not really found a satisfactory answer.
The projects make use of the app.config and are deployed to multiple users using ClickOnce. Each physical install on a users machine will have both the deployed application as well as the app.config. The app.config holds credentials for a restricted account for a database.
Is it possible to encrypt data such as credentials for a Db connection in WinForms that is deployed to the masses? Some users work on laptops offsite, so a network connection wont always be available. I'm just trying to find out what the best practices are for securing a WinForms application might be in this scenario.
Of course you can save the credentials as an encrypted string in your app.config. SO provides some good examples on how to use the System.Security.Cryptography.Rijndael symetric algorithm.
This of course requires the same key to encrypt and decrypt the data. That key will be stored in the source code, and .NET sourcecode is not really save, everyone with the ability to use google and use a program with more than one button will be able to find it in the decompiled code and thus, it's only slightly more safe than just having the password not encrypted.
Most important is, that the credentials your app uses to access the database are only allowed to do what the app needs, so not like using SQL Management Studio to oben the DB and being able to reconfigure everything (Saw that once at a customer).
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 6 years ago.
Improve this question
I will develop a system in C# wherein there are different types of user and these are: admin, cashier and clerk. My question is, where should I start and what are the things needed in order to do this project? Hope to have an answer with you guys! thank you!
First thing is the privilages.
You need to start with creating login screen upon there you should decide the user type that which user type is trying to logging in.
Now you have to show form to different level users.
So what I recommend is that make separate dashboard for each role or create a form but disable the controls that are out of privileges of some user.
But in my case first one would be preferable as it sounds more professional.!
So just start with it. If you need some more query than please do comment!
Well, you start with a 'user' object, and inside that user object, you define a 'role' property. Make a Global instance of the user object. And once you have that, you can code every page/form against 'user.role' to see if it should be shown/enabled. For logins, make a database with a users table where you store the name, password, and role....and anything else you feel like collecting about users. Then check logins against the table.
That's about as specific as I can be given how generic this question was!
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 8 years ago.
Improve this question
I am currently making a website using ASP.NET MVC5 and I need to keep track of active sessions (or to be more correct, a single value for each users session)
I have looked around and people seem to recommend Session_end() for this but all those recommendations are accompanied by people saying that session_end isn't reliable.
The reason I need to keep track of this is that users receive a unique folder to upload files to. This folder is deleted when a user completes the process but it remains if the website is closed without finishing it.
I currently save the value in a session variable (users should get a folder even when not logged in) and it is lost when the session expires. After the session expired, the folder should be deleted as no user can access it anymore (to save storage space).
I have access to a database, in case that helps for a solution.
It is true that the Session events are unreliable. As a rule of thumb playing with Session is almost never a good idea.
Now if I had to start from scratch with your requirements, I'd go with something that can actively monitor the active user connections on the web application.
Lucky for you there's a tool that does this and much more: SignalR. It's an ASP.NET component that allows to create responsive applications where multiple session can communicate with each other passing through the server. Applications like chats, dashboards and webgames are common applications of this library.
I suggest you to take a look at it and experiment a little, it has all you need to solve your current problem.
Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 9 years ago.
Improve this question
I have added functionality to my web app to allow someone to create an account with a password, which is then hashed and stored.
I would like to be able to allow the user to login to my site and use the pages within that check the user has access. Then after a period of time the session will expire and the user has to log in again.
It would also be good to have a logout button.
I am just wondering what is the best way to setup this kind of security as I have not done it before like this.
That wheel that you are making is nice for sure, but why not use one that has been invented already?
http://support.microsoft.com/kb/301240
As for sessions, you can use Session["NameOfSession"] to create a variable, don't forget to use Session.Abandon() though when a user logs out.
http://msdn.microsoft.com/en-us/library/ms178581.ASPX
As HTTP is offline protocol then there should be some extra-data being sent between client and server that makes server know you are logged on every request. The thing like this is cookie file that holds this information. On every request server checks this data and decides if you've already logged or not. Once you find the user's name and pass are OK you create this file, set its lifetime and attach to server response. After this the client browser will automatically send it to your server with each request. Once file is expired it will be automatically deleted by client browser.
You can maintain this functionality by hands or trust to FormsAuthentication.