469,957 Members | 2,716 Online
Bytes | Developer Community
New Post

Home Posts Topics Members FAQ

Post your question to a community of 469,957 developers. It's quick & easy.

storing connection string in session


I wanted some advice on the following. All the users who log in to the
system are created in the SQL Server. As I am not keen to store any user
information on the web.config file for security considerations and I need to
use SQL logins for each user, I decided to create a class CurrentUserClass
(some what similar to the TTUser class in microsoft's ASP.NET sample Time
Track application) with properties like Name, First Name, LastName, Role,
Password, Display Name etc but in addition also a function that returns
connection string (all encrypted. Once the user is authenticated (via forms
authentication) I just create a new instance of the user class and store it
encrypted in the session. The name of my server and database are encrypted
and stored in my web.config file.

Dim myUser as New CurrentUserClass(UserName, Password, ....)
Session("CurrentUser") = myUser

myUser.ConnectionString will return the connection string picking &
decrypting the server and database information from the web config file

I use this Session all across wherever I need to make connections. Is this a
safe method ? Please advice.

Thankyou very much in advance and best wishes.


Nov 17 '05 #1
0 817

This discussion thread is closed

Replies have been disabled for this discussion.

Similar topics

2 posts views Thread by Shyam | last post: by
2 posts views Thread by Curt tabor | last post: by
3 posts views Thread by Brad | last post: by
1 post views Thread by Abhijeet Kumar | last post: by
37 posts views Thread by sam44 | last post: by
reply views Thread by rainxy | last post: by
By using this site, you agree to our Privacy Policy and Terms of Use.