I am working with an ASP.NET MVC application. In this application I am wanting to update some data fields on the record just written - including the userID of the person responsible for the change. The problem is that I don't know how to find out who has changed the record.
I have used CURRENT_USER in my script but that always returns the current SQL_SERVER security user - in this case "dbo" as that is the user that ASP.NET MVC connects to the database with. This would mean that all changes were made by the same user. If I can get the AspNetUser record ID then I'll be okay.
Any Ideas? Do I need to find a way to add unique users for all web logins? That is not mentioned anywhere, so I suspect that it's not expected.
Thanks
From a SQL Server perspective the "user" of the database is your MVC application, not a user logged in to your web application. The only way to change this is to create database logins for all web application users, but I wouldn't recommend this approach.
IMHO it is best to move the mentioned functionallity from SQL Server triggers to your data access layer (in .NET, your "repositories" or whatever data access pattern you are using).
Related
This is my first project in WPF. My goal is to build a template project that can be duplicated and reused again.
The goal is to build a Central Dashboard with permissions for each page/element in the application, with a login form.
For login and access to different elements of the app, I would like to assign each page a permission_id in the code. Then i want those permissions given to roles and the roles given to user_id.
I have attached an image of the database tables.
Here are my questions:
Q1: How can I link the tables in the database together?
Q2: What is the safest method to connect to a MySQL database in WPF?
Q3: What would i need to do, to show online users to everyone logged into the app?
Q1: Not really sure what you mean, the tables are linked already.
Q2: The safest method would be to create an API and have your WPF app consume that. Accessing the database directly from WPF app is not a good idea, since you're giving your connection string away.
Q3: It'd also be in your API logic, but the simplest way I think is simply to track users that make request and store them in-memory. These "tokens" would need to have some expiry date and refreshing mechanism, and you'd have to remove users whose tokens have expired from the list.
I have the project to create a C# application for multiple users. Users' credentials will have to be stocked in a SQL Server database table.This database will be used to stock further informations in other tables.
At an application user account creation, his level of permissions on the database will be set.
Knowing that the server/database login/users are already stocked in a system table in the database, can I use this table as my application credentials table too ?
In this case, could it allow to have a unique log for the application and the SQL server.
Thank you.
The short answer is yes but why would you want to allow users to access the SQL Server, that's the job of the C# application. The basic C# application template should be able to take care of the permission levels. These are generally stored in the aspnet database on your SQL server.
The safest approach is to have a single SQL user for each level of access, which can then be determined by the application, once the user has logged in.
You can easily log the who, what, when and why, by creating a simple logging method in C#, which records every SQL transaction.
(I would have put this in the comments but apparently my reputation isn't good enough ;-)
You might be able to do something like this, but I would advise against it. If it were me, I would do something like this (if I understand your scenario correctly, and just generally speaking....this is of course only one way)
Figure out the set of database access levels you want users to have
Create a sql user per scenario in sql server and add to the appropriate role to get the access required
Create an application role table with an ID column and the credentials for the sql users you created in step 2.
Create an application user table which stores user credentials and other information, including a role id which is a foreign key to the table created in 3.
In your application, when generating your sql connection/s, you can then use the application role details for the logged in user to create your sql connection string dynamically
I have a SQL Server database that I made using Visual Studio's LocalDB.
It has 5 tables, one for the Employee information and credentials, one for the location codes of the offices of the company and others for the meetings he attended and the tasks assigned to him.
I am mainly looking to implement Login functionality on my WebApp. How do I access the SQL database and implement Login?
I have currently connected the database and used ADO.NET Entity Model to access the database. I am looking to avoid stored procedures. It would be best if the someone explained how to do this with ADO.NET Entity Model and the Login control.
You have to create your own table with login credential{like username, password,role(if you want to set)}, then after just connect your table with the login template to check the credential.
These links will help you out:
http://www.c-sharpcorner.com/uploadfile/raj1979/login-control-in-Asp-Net-3-5/
http://www.aspsnippets.com/Articles/Simple-User-Login-Form-example-in-ASPNet.aspx
you can just use Membership class, install the required db objects via aspnet_regsql or automatically created if it does not exist by the framework. the Login control for example uses it internally by calling Membership.Validate(username, password) for example.
Otherwise, if you insist to use another data framework such as entity model then you may create your own table for storing users, roles etc. there should be plenty examples of this. You still can use the Login control and handle the event such as LoggingIn, LoggedIn to plug in your own codes.
I want to make a simple web service for internal company use which will use standard authentication but without open registration. All users will be added manually from external application.
I connected my Asp.Net application to SQL database and in AspNetUsers table I can see users but as far as I understand I can't add users directly since password is hashed and, salted(?) I guess, so I need to somehow generate this hash. Plus there is something called SecurityStamp which I guess I need to generate somehow as well.
So is there a way to add users of Asp.Net MVC 5 app directly to database or somehow else from external tool?
Why don't you try Thinktecture's IdentityManager project? It's created for this purpose. Creater Brock Allen also shot some videos in order to use it on different authorization systems. Have a look at these videos.
Setting up ASP.NET Identity
Security and IdentityManager
I am designing an in house application in asp.net 4.0 and have to use the window authentication. Database and application both are on different servers.
Environment
Asp.net 4.0, Vb.net 4.0, Oracle 10g, window server 2003 and IIS 6.0
Scenario
When user lands on the first page, system will assign a session id for this user and this id will be saved in the database in the user table under LAST_SESSION_ID column. So every time he access the application (or on new session) system will overwrite this LAST_SESSION_ID column. I will be keeping the session id in the session variable and pass it to oracle store procedure on every DML transaction and will compare this id with the value in LAST_SESSION_ID column, if they are same then it means user’s session is still active.
Questions
I like to know if I should create the unique session id in the oracle database (through sequence) or use the one generated by asp.net session ‘HttpContext.Current.Session.SessionID’? To get the unique asp.net session id I would have to set the webconfig file with the following settings and I don’t know if it is a good idea as I haven’t used this technique before.
Is there any better solution to above scenario? For an example the system I am designing is for 200-300 users (Timesheet APP) and this is an in house application so security is not a big concern. Instead of authenticating the session in the store procedure can’t I just check the session before user send the request to database server?
If this is for security reasons, the answer is you need to check the users access, based on their username as authenticated by the web server, on every request.
Rather than worrying about how they got to page 2, just ask "are they allowed to see page 2".