473,554 Members | 3,205 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

storing connection string in session

Hi,

I wanted some advice on the following. All the users who log in to the
system are created in the SQL Server. As I am not keen to store any user
information on the web.config file for security considerations and I need to
use SQL logins for each user, I decided to create a class CurrentUserClas s
(some what similar to the TTUser class in microsoft's ASP.NET sample Time
Track application) with properties like Name, First Name, LastName, Role,
Password, Display Name etc but in addition also a function that returns
connection string (all encrypted. Once the user is authenticated (via forms
authentication) I just create a new instance of the user class and store it
encrypted in the session. The name of my server and database are encrypted
and stored in my web.config file.

eg.
Dim myUser as New CurrentUserClas s(UserName, Password, ....)
Session("Curren tUser") = myUser

myUser.Connecti onString will return the connection string picking &
decrypting the server and database information from the web config file

I use this Session all across wherever I need to make connections. Is this a
safe method ? Please advice.

Thankyou very much in advance and best wishes.

Regards,

Shyam
Nov 17 '05 #1
2 2376
You do realize this type of connection string has very, very poor
scalibility. You are not receiving any benefits of connection pooling and
will continue to chew up resources on the Sql server based on the number of
users.

But having said that. I don't really see any problem with storing the
connection information as a session variable for the user.

bill

ps. I haven't heard of any problems with the security of the web.config
file as long as security is configured properly.

"Shyam" <s_*****@hotmai l.com> wrote in message
news:OE******** ******@TK2MSFTN GP12.phx.gbl...
Hi,

I wanted some advice on the following. All the users who log in to the
system are created in the SQL Server. As I am not keen to store any user
information on the web.config file for security considerations and I need to use SQL logins for each user, I decided to create a class CurrentUserClas s
(some what similar to the TTUser class in microsoft's ASP.NET sample Time
Track application) with properties like Name, First Name, LastName, Role,
Password, Display Name etc but in addition also a function that returns
connection string (all encrypted. Once the user is authenticated (via forms authentication) I just create a new instance of the user class and store it encrypted in the session. The name of my server and database are encrypted
and stored in my web.config file.

eg.
Dim myUser as New CurrentUserClas s(UserName, Password, ....)
Session("Curren tUser") = myUser

myUser.Connecti onString will return the connection string picking &
decrypting the server and database information from the web config file

I use this Session all across wherever I need to make connections. Is this a safe method ? Please advice.

Thankyou very much in advance and best wishes.

Regards,

Shyam

Nov 17 '05 #2
You do realize this type of connection string has very, very poor
scalibility. You are not receiving any benefits of connection pooling and
will continue to chew up resources on the Sql server based on the number of
users.

But having said that. I don't really see any problem with storing the
connection information as a session variable for the user.

bill

ps. I haven't heard of any problems with the security of the web.config
file as long as security is configured properly.

"Shyam" <s_*****@hotmai l.com> wrote in message
news:OE******** ******@TK2MSFTN GP12.phx.gbl...
Hi,

I wanted some advice on the following. All the users who log in to the
system are created in the SQL Server. As I am not keen to store any user
information on the web.config file for security considerations and I need to use SQL logins for each user, I decided to create a class CurrentUserClas s
(some what similar to the TTUser class in microsoft's ASP.NET sample Time
Track application) with properties like Name, First Name, LastName, Role,
Password, Display Name etc but in addition also a function that returns
connection string (all encrypted. Once the user is authenticated (via forms authentication) I just create a new instance of the user class and store it encrypted in the session. The name of my server and database are encrypted
and stored in my web.config file.

eg.
Dim myUser as New CurrentUserClas s(UserName, Password, ....)
Session("Curren tUser") = myUser

myUser.Connecti onString will return the connection string picking &
decrypting the server and database information from the web config file

I use this Session all across wherever I need to make connections. Is this a safe method ? Please advice.

Thankyou very much in advance and best wishes.

Regards,

Shyam

Nov 17 '05 #3

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

14
2586
by: mjkahn | last post by:
I've read (and read!) that you shouldn't store objects in Session variables. I've read these reasons: - The object takes up memory that may not be freed until the session times out. Better to create the object only when you actually use it. - Causes poor performance because the thread that created the object has to service all requests...
0
900
by: Shyam | last post by:
Hi, I wanted some advice on the following. All the users who log in to the system are created in the SQL Server. As I am not keen to store any user information on the web.config file for security considerations and I need to use SQL logins for each user, I decided to create a class CurrentUserClass (some what similar to the TTUser class in...
2
1703
by: Curt tabor | last post by:
Hi, I have several pages in my app that all use the same oleDBConnection(s). When this connection gets created, I store it as a Session variable so that other pages can access it w/o having recreate new connections every time they load. I noticed during development that when ever the app first started, the connection would not be in...
3
2330
by: Brad | last post by:
I am storing an array which contains about a dozen chracter items to a Session variable. Later, I need to use this array so I am doing the following: Dim eventTypes As String() = DirectCast(Session("EventTypes"), String()) If Date.Today <= closeDate Then If eventTypes(cblEntries.SelectedIndex) = "J" Then thisFee = Session("JRFee") Else...
1
1084
by: Abhijeet Kumar | last post by:
Hi I am using SQL Server to store session State. For this i have to specify <sessionState mode="SQLServer" sqlConnectionString="data source=127.0.0.1;user id=<username>;password=<strongpassword>" cookieless="false" timeout="20" /> in Web.config file. BUT i do not want to reveal User id and password in
1
4046
by: booksnore | last post by:
I have an application where a have a single admin database and multiple customer databases containing the customer's warehouse data. In the admin database I hold a user table and also a client table which holds the encrypted individual clients connection string to their database. At the moment on every page of my web app I make a call to the...
37
8916
by: sam44 | last post by:
Hi, At startup the user log on and chooses the name of a client from a dropdownlist, which then changes dynamically the connection string (the name of the client indicates which database to use). I then change dynamically the connection string by doing : My.Settings.Item("ConnectionString") = "some connection sring" The problem is that if...
3
2031
by: RSH | last post by:
Hi, I have a situation where I have created an object that contains fields,properties and functions. After creating the object I attempted to assign it to a session variable so i could retrieve the information it contained on another page. This was significant because I am initially loading the data from the database, then storing relevent...
6
17108
by: J055 | last post by:
Hi I have the following code. I upload an XML file using the FileUpload object, store the stream in a session so the user gets the chance to confirm some options then pass the stream from the Session to an XmlReader. if (performImport == false) { Session = fileUpload1.FileContent; //... some other code
0
7583
marktang
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main...
0
7507
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it. First, let's disable language...
0
7783
Oralloy
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed. This is as boiled down as I can make it. ...
0
8019
jinu1996
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that...
1
7542
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For...
1
5424
isladogs
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules. He will explain when you may want to use classes...
0
5143
by: conductexam | last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one. At the time of converting from word file to html my equations which are in the word document file was convert...
0
3534
by: adsilva | last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
1
2007
by: 6302768590 | last post by:
Hai team i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.