472,334 Members | 2,217 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

home > topics > asp.net > questions > storing connection string in session

Join Bytes to post your question to a community of 472,334 software developers and data experts.

storing connection string in session

Hi,

I wanted some advice on the following. All the users who log in to the
system are created in the SQL Server. As I am not keen to store any user
information on the web.config file for security considerations and I need to
use SQL logins for each user, I decided to create a class CurrentUserClass
(some what similar to the TTUser class in microsoft's ASP.NET sample Time
Track application) with properties like Name, First Name, LastName, Role,
Password, Display Name etc but in addition also a function that returns
connection string (all encrypted. Once the user is authenticated (via forms
authentication) I just create a new instance of the user class and store it
encrypted in the session. The name of my server and database are encrypted
and stored in my web.config file.

eg.
Dim myUser as New CurrentUserClass(UserName, Password, ....)
Session("CurrentUser") = myUser

myUser.ConnectionString will return the connection string picking &
decrypting the server and database information from the web config file

I use this Session all across wherever I need to make connections. Is this a
safe method ? Please advice.

Thankyou very much in advance and best wishes.

Regards,

Shyam
Nov 17 '05 #1
2 2273
You do realize this type of connection string has very, very poor
scalibility. You are not receiving any benefits of connection pooling and
will continue to chew up resources on the Sql server based on the number of
users.

But having said that. I don't really see any problem with storing the
connection information as a session variable for the user.

bill

ps. I haven't heard of any problems with the security of the web.config
file as long as security is configured properly.

"Shyam" <s_*****@hotmail.com> wrote in message
news:OE**************@TK2MSFTNGP12.phx.gbl...
Hi,

I wanted some advice on the following. All the users who log in to the
system are created in the SQL Server. As I am not keen to store any user
information on the web.config file for security considerations and I need to use SQL logins for each user, I decided to create a class CurrentUserClass
(some what similar to the TTUser class in microsoft's ASP.NET sample Time
Track application) with properties like Name, First Name, LastName, Role,
Password, Display Name etc but in addition also a function that returns
connection string (all encrypted. Once the user is authenticated (via forms authentication) I just create a new instance of the user class and store it encrypted in the session. The name of my server and database are encrypted
and stored in my web.config file.

eg.
Dim myUser as New CurrentUserClass(UserName, Password, ....)
Session("CurrentUser") = myUser

myUser.ConnectionString will return the connection string picking &
decrypting the server and database information from the web config file

I use this Session all across wherever I need to make connections. Is this a safe method ? Please advice.

Thankyou very much in advance and best wishes.

Regards,

Shyam

Nov 17 '05 #2
You do realize this type of connection string has very, very poor
scalibility. You are not receiving any benefits of connection pooling and
will continue to chew up resources on the Sql server based on the number of
users.

But having said that. I don't really see any problem with storing the
connection information as a session variable for the user.

bill

ps. I haven't heard of any problems with the security of the web.config
file as long as security is configured properly.

"Shyam" <s_*****@hotmail.com> wrote in message
news:OE**************@TK2MSFTNGP12.phx.gbl...
Hi,

I wanted some advice on the following. All the users who log in to the
system are created in the SQL Server. As I am not keen to store any user
information on the web.config file for security considerations and I need to use SQL logins for each user, I decided to create a class CurrentUserClass
(some what similar to the TTUser class in microsoft's ASP.NET sample Time
Track application) with properties like Name, First Name, LastName, Role,
Password, Display Name etc but in addition also a function that returns
connection string (all encrypted. Once the user is authenticated (via forms authentication) I just create a new instance of the user class and store it encrypted in the session. The name of my server and database are encrypted
and stored in my web.config file.

eg.
Dim myUser as New CurrentUserClass(UserName, Password, ....)
Session("CurrentUser") = myUser

myUser.ConnectionString will return the connection string picking &
decrypting the server and database information from the web config file

I use this Session all across wherever I need to make connections. Is this a safe method ? Please advice.

Thankyou very much in advance and best wishes.

Regards,

Shyam

Nov 17 '05 #3
New Post

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

14
Storing objects in Session Variables - exactly why not?
by: mjkahn | last post by:
I've read (and read!) that you shouldn't store objects in Session variables. I've read these reasons: - The object takes up memory that may not...
ASP / Active Server Pages
0
storing connection string in session
by: Shyam | last post by:
Hi, I wanted some advice on the following. All the users who log in to the system are created in the SQL Server. As I am not keen to store any...
ASP.NET
2
Storing OleDBConnection in Session
by: Curt tabor | last post by:
Hi, I have several pages in my app that all use the same oleDBConnection(s). When this connection gets created, I store it as a Session variable...
ASP.NET
3
Storing an array to a Session
by: Brad | last post by:
I am storing an array which contains about a dozen chracter items to a Session variable. Later, I need to use this array so I am doing the...
ASP.NET
1
Storing Session in SQL Server
by: Abhijeet Kumar | last post by:
Hi I am using SQL Server to store session State. For this i have to specify <sessionState mode="SQLServer" sqlConnectionString="data...
ASP.NET
1
Is storing connection string in a session variable a good idea?
by: booksnore | last post by:
I have an application where a have a single admin database and multiple customer databases containing the customer's warehouse data. In the admin...
ASP.NET
37
change connection string dynamically
by: sam44 | last post by:
Hi, At startup the user log on and chooses the name of a client from a dropdownlist, which then changes dynamically the connection string (the...
ASP.NET
3
Storing a user created object as a session variable
by: RSH | last post by:
Hi, I have a situation where I have created an object that contains fields,properties and functions. After creating the object I attempted to...
ASP.NET
6
Problems storing upload file in session (ObjectDisposedException)
by: J055 | last post by:
Hi I have the following code. I upload an XML file using the FileUpload object, store the stream in a session so the user gets the chance to...
ASP.NET
0
The Top 5 Skills You Need in a PowerApps Developer
by: concettolabs | last post by:
In today's business world, businesses are increasingly turning to PowerApps to develop custom business applications. PowerApps is a powerful tool...
.NET Framework
0
List of Topmost 8 Electronics Engineering Forum Websites
by: teenabhardwaj | last post by:
How would one discover a valid source for learning news, comfort, and help for engineering designs? Covering through piles of books takes a lot of...
General
0
Benefits of Blockchain App Development for Enterprise Businesses
by: Kemmylinns12 | last post by:
Blockchain technology has emerged as a transformative force in the business world, offering unprecedented opportunities for innovation and...
General
0
How to minimize a tool bar that shows up when in reports
by: CD Tom | last post by:
This happens in runtime 2013 and 2016. When a report is run and then closed a toolbar shows up and the only way to get it to go away is to right...
General
0
Basic concepts of WebLogic Admin training?
by: Naresh1 | last post by:
What is WebLogic Admin Training? WebLogic Admin Training is a specialized program designed to equip individuals with the skills and knowledge...
Oracle Database
0
Hyperconverged All-in-One Streaming Engine, ushering in new age for distributed database
by: antdb | last post by:
Ⅰ. Advantage of AntDB: hyper-convergence + streaming processing engine In the overall architecture, a new "hyper-convergence" concept was...
General
0
How to layout php header location with a variable as the location?
by: Matthew3360 | last post by:
Hi there. I have been struggling to find out how to use a variable as my location in my header redirect function. Here is my code. ...
PHP
0
HOW CAN I CREATE AN AI with an .executable file that would suck all files in the folder and on my computer
by: AndyPSV | last post by:
HOW CAN I CREATE AN AI with an .executable file that would suck all files in the folder and on my computerHOW CAN I CREATE AN AI with an .executable...
General
0
hi
by: WisdomUfot | last post by:
It's an interesting question you've got about how Gmail hides the HTTP referrer when a link in an email is clicked. While I don't have the specific...
General

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2023
About Bytes
Advertise
Terms Of Use
Privacy Policy

Sitemap

Follow us! Get the Latest Bytes Updates