Hi,
I wanted some advice on the following. All the users who log in to the
system are created in the SQL Server. As I am not keen to store any user
information on the web.config file for security considerations and I need to
use SQL logins for each user, I decided to create a class CurrentUserClas s
(some what similar to the TTUser class in microsoft's ASP.NET sample Time
Track application) with properties like Name, First Name, LastName, Role,
Password, Display Name etc but in addition also a function that returns
connection string (all encrypted. Once the user is authenticated (via forms
authentication) I just create a new instance of the user class and store it
encrypted in the session. The name of my server and database are encrypted
and stored in my web.config file.
eg.
Dim myUser as New CurrentUserClas s(UserName, Password, ....)
Session("Curren tUser") = myUser
myUser.Connecti onString will return the connection string picking &
decrypting the server and database information from the web config file
I use this Session all across wherever I need to make connections. Is this a
safe method ? Please advice.
Thankyou very much in advance and best wishes.
Regards,
Shyam 2 2381
You do realize this type of connection string has very, very poor
scalibility. You are not receiving any benefits of connection pooling and
will continue to chew up resources on the Sql server based on the number of
users.
But having said that. I don't really see any problem with storing the
connection information as a session variable for the user.
bill
ps. I haven't heard of any problems with the security of the web.config
file as long as security is configured properly.
"Shyam" <s_*****@hotmai l.com> wrote in message
news:OE******** ******@TK2MSFTN GP12.phx.gbl... Hi,
I wanted some advice on the following. All the users who log in to the system are created in the SQL Server. As I am not keen to store any user information on the web.config file for security considerations and I need
to use SQL logins for each user, I decided to create a class CurrentUserClas s (some what similar to the TTUser class in microsoft's ASP.NET sample Time Track application) with properties like Name, First Name, LastName, Role, Password, Display Name etc but in addition also a function that returns connection string (all encrypted. Once the user is authenticated (via
forms authentication) I just create a new instance of the user class and store
it encrypted in the session. The name of my server and database are encrypted and stored in my web.config file.
eg. Dim myUser as New CurrentUserClas s(UserName, Password, ....) Session("Curren tUser") = myUser
myUser.Connecti onString will return the connection string picking & decrypting the server and database information from the web config file
I use this Session all across wherever I need to make connections. Is this
a safe method ? Please advice.
Thankyou very much in advance and best wishes.
Regards,
Shyam
You do realize this type of connection string has very, very poor
scalibility. You are not receiving any benefits of connection pooling and
will continue to chew up resources on the Sql server based on the number of
users.
But having said that. I don't really see any problem with storing the
connection information as a session variable for the user.
bill
ps. I haven't heard of any problems with the security of the web.config
file as long as security is configured properly.
"Shyam" <s_*****@hotmai l.com> wrote in message
news:OE******** ******@TK2MSFTN GP12.phx.gbl... Hi,
I wanted some advice on the following. All the users who log in to the system are created in the SQL Server. As I am not keen to store any user information on the web.config file for security considerations and I need
to use SQL logins for each user, I decided to create a class CurrentUserClas s (some what similar to the TTUser class in microsoft's ASP.NET sample Time Track application) with properties like Name, First Name, LastName, Role, Password, Display Name etc but in addition also a function that returns connection string (all encrypted. Once the user is authenticated (via
forms authentication) I just create a new instance of the user class and store
it encrypted in the session. The name of my server and database are encrypted and stored in my web.config file.
eg. Dim myUser as New CurrentUserClas s(UserName, Password, ....) Session("Curren tUser") = myUser
myUser.Connecti onString will return the connection string picking & decrypting the server and database information from the web config file
I use this Session all across wherever I need to make connections. Is this
a safe method ? Please advice.
Thankyou very much in advance and best wishes.
Regards,
Shyam
This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics |
by: mjkahn |
last post by:
I've read (and read!) that you shouldn't store objects in Session variables.
I've read these reasons:
- The object takes up memory that may not be freed until the session times
out. Better to create the object only when you actually use it.
- Causes poor performance because the thread that created the object has to
service all requests for it.
Assuming I can live with the memory and performance implications (a big if,
|
by: Shyam |
last post by:
Hi,
I wanted some advice on the following. All the users who log in to the
system are created in the SQL Server. As I am not keen to store any user
information on the web.config file for security considerations and I need to
use SQL logins for each user, I decided to create a class CurrentUserClass
(some what similar to the TTUser class in microsoft's ASP.NET sample Time
Track application) with properties like Name, First Name, LastName,...
|
by: Curt tabor |
last post by:
Hi,
I have several pages in my app that all use the same
oleDBConnection(s). When this connection gets created, I store it as a
Session variable so that other pages can access it w/o having recreate
new connections every time they load.
I noticed during development that when ever the app first started, the
connection would not be in Session when I navigvated to a page that
used it. But with subsequent calls everything would be fine and...
|
by: Brad |
last post by:
I am storing an array which contains about a dozen chracter items to a
Session variable. Later, I need to use this array so I am doing the
following:
Dim eventTypes As String() = DirectCast(Session("EventTypes"), String())
If Date.Today <= closeDate Then
If eventTypes(cblEntries.SelectedIndex) = "J" Then thisFee =
Session("JRFee") Else thisFee = Session("PEFee")
Else
If eventTypes(cblEntries.SelectedIndex) = "J" Then thisFee =
|
by: Abhijeet Kumar |
last post by:
Hi
I am using SQL Server to store session State. For this i have to specify
<sessionState
mode="SQLServer"
sqlConnectionString="data source=127.0.0.1;user
id=<username>;password=<strongpassword>"
cookieless="false"
timeout="20"
/>
in Web.config file. BUT i do not want to reveal User id and password in
| |
by: booksnore |
last post by:
I have an application where a have a single admin database and multiple
customer databases containing the customer's warehouse data. In the
admin database I hold a user table and also a client table which holds
the encrypted individual clients connection string to their database. At
the moment on every page of my web app I make a call to the admin
database to retrieve the connection string and then decrypt it (the
web.config holds the...
|
by: sam44 |
last post by:
Hi,
At startup the user log on and chooses the name of a client from a
dropdownlist, which then changes dynamically the connection string (the
name of the client indicates which database to use).
I then change dynamically the connection string by doing :
My.Settings.Item("ConnectionString") = "some connection sring"
The problem is that if another user loggs in and chooses another
client, then obviously it changes the connection string...
|
by: RSH |
last post by:
Hi,
I have a situation where I have created an object that contains
fields,properties and functions. After creating the object I attempted to
assign it to a session variable so i could retrieve the information it
contained on another page. This was significant because I am initially
loading the data from the database, then storing relevent information in the
object, I am allowing users to change the data then preview the
modifications...
|
by: J055 |
last post by:
Hi
I have the following code. I upload an XML file using the FileUpload object,
store the stream in a session so the user gets the chance to confirm some
options then pass the stream from the Session to an XmlReader.
if (performImport == false)
{
Session = fileUpload1.FileContent;
//... some other code
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look !
Part I. Meaning of...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it.
First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
| |
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed.
This is as boiled down as I can make it.
Here is my compilation command:
g++-12 -std=c++20 -Wnarrowing bit_field.cpp
Here is the code in...
|
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth.
The Art of Business Website Design
Your website is...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules.
He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms.
Adolph will...
|
by: TSSRALBI |
last post by:
Hello
I'm a network technician in training and I need your help.
I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs.
The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols.
I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
|
by: adsilva |
last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
|
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
| |
by: bsmnconsultancy |
last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...
| |