I'm trying to save user-specific settings for my web application, but the amount of information out there is overwhelming me and I'm not sure what the standard way to do this is. It's a Google Maps application and the types of settings I am talking about are things like current map center, zoom level, etc so that when a user exits the application and returns it appears the same way as when they left it.
This is an MVC5 app. We are using Entity Framework database-first for storage, and the Identity API for user logins. My Googling shows that this is built on code-first, so I'm not sure what that means for me. I see a lot of information about the User Profiles API and cookies, but there is so much varying info that I'm not sure what is current or if there is some standard way to do this. I could just add tables to my database and stick these settings in there, but is there some more correct way to accomplish this? It seems like they should tie in to the Identity database somehow since it's already there.
Related
My client asked to build an API in ASP NET Core for a business management application. Nonetheless, he made me an unusual requirement for me: He needs each user to have their own database. All databases have the same structure of tables and relationships and all are MySql.
This means that each user will need their own connection string and some way to store that information.
In addition, other users will be added in the future, each with a bank created just for their use.
Anyway, I don't know if this is possible, but if it is, how would I do it?
I am trying to create an application that has the ability to create user accounts that have a wide range of permissions. I am currently using the built in ASP.NET Core identity system, but I run into some problems that I haven't find any or haven't find any clean solutions and that will get explained later on the post. This had made me thinking of creating my own custom identity mechanism that will fit my needs.
The problems that I am facing are:
I am using MySQL as my db provider and upon creating the db tables I
was thrown the following exception "Specified key was too long: max
key length is 3072 bytes". I managed to fix this issue by
overriding the OnModelCreating method and manually changing the
HasMaxLength value using the following code
modelBuilder.Entity<IdentityUserLogin>().Property(ul => ul.LoginProvider).HasMaxLength(36);
It's not beautiful but it gets the job done.
I want my users to be able to add multiple emails and multiple
phone numbers to their accounts. The built in ASP.NET Core identity
creates an email and a phone number column in the users table. I know
I can prevent it from creating those columns but I really don't
believe that's the right solution. Basically what I need is to have a
table related to the users table that will store the users' emails
and one for the phone numbers following the same pattern.
My application will have the ability to create dynamic fields and
will also have the ability to give its users permissions related to
those fields (ex. CanSee,CanEdit,CanDelete). The built in Role
authorization system doesn't fit my requirements and I have seen a
lot of buzz surrounding the built in Claims authorization system. I
have actually read that the implementation of an authorization system
that is pretty close to what I need is very complicated and very hard
to maintain!
My question is, should I use the built in ASP.Net core identity system to achieve my goals even though I am facing the such problems? Are there any solutions to my problems that I don't know about and would make my life easier while using the ASP.Net core identity system? Should I create my own identity system and if so, how difficult and potentially dangerous such a system will be?
You should use ASP.NET Identity and customize it.
You should treat claims as permissions. Claims are at their base, authorized filters.
I’m currently working on a LightSwitch (LS) app that will be use for tracking project workload across multiple departments in my organization. I intend on using Windows Authentication (Allow only user and AD sec groups) for my access control. I’ve hit a brick wall in my thought/design process. When approaching this project my first thought was to set up a “Users” table that will be referenced in my other tables when a user performs any DB insert. Heres a basic diagram to help illustrate:.
This is where I’m stuck. When you publish a LS app, you can choose to also publish the SQL DB schema that you designed in LS which i intend on doing. When it publishes the schema, it also includes the popular asp.net membership tables/SP’s. This is where where LS stores the applications users. Because this table isn't created until after the application has been published i can’t reference it in my code. And the reason i would like to reference it, is so when a user does a insert into the WorkLog table, i can use the username/ID. I can also use the username to do Row Level Security (RLS). Anyone have any suggestions on how i can achieve this?
Nutshell: I would like to reference the table that the registered users are stored in so i can use their username/userID in my other tables. I’m open to ANY suggestion at this point
I use a "Users" table to store many details that are not stored in the .net tables such as phone, picture, department,etc. and use the active directory account to compare the user, then use the "Users" properties in the app because the user has already been authenticated. That way, I can add any property to the Users table that I need and I don't need to change the .net tables. For auditing, You can use Beth Massi's blog or this forum link:
http://social.msdn.microsoft.com/Forums/vstudio/en-US/21da645b-93ba-41c9-a224-ea6a74362d15/how-to-create-a-simple-audit-trail-change-log-in-lightswitch-in-c?forum=lightswitch
Scott
I am building a very simple asp.net application that will have a SQL Server 2008 backend.
Some users will be entering data and storing in the database and some users will be viewing data.
The SQL Server 2008 is working with Windows authentication for every user; however, I am unable to get ASP.NET working with Windows authentication yet. Is there a simple way to allow windows authentication with ASP.NET? I found a very convoluted way, but I don't like it.
I will need to audit every action that the users perform.
Should I audit the users at the application level or at the SQL Server level?
Are there already built in methods to do this? If so, how?
On the contrary, I have always found Windows Authentication to be quite easy to set up and relatively painless. Here's some guides:
Setting up
More Setting up
I didn't realize that you could audit what users did at the ASP.NET level. My answer would be to use SQL Server for this one. You'd need to log:
timestamps and user name for every action
do you need to log workstation or location where the actions were performed?
can users go to mul
if multiple locations use this application, consider storing UTC time only
all actions, even deletes, which mean that delete's only get "hidden" from the user, but never erased from the database. Same for edits, the old record should never be changed or taken out of the database.
Your best bet here is to talk to your boss about this one. Auditors can have very specific needs, and you definitely don't want to forget anything. Every situation is different, so be sure to sit down and double check all your requirements and specifications.
Two things:
Here is example on Win auth on asp.net app:
http://weblogs.asp.net/scottgu/archive/2006/07/12/Recipe_3A00_-Enabling-Windows-Authentication-within-an-Intranet-ASP.NET-Web-application.aspx
I suggest you implement a log framework like log4net to log your application. It's simple and easy to use http://logging.apache.org/log4net/download.html
I would do this from the application if it is significant HOW people accessed the data as much as the WHO, but that's quite different from rlb.usa's answer. In my past jobs, it's often been as important to know which application the person changed data from as when/who. If it's primarily for application issues, log4net is a good option.
I'm working on a .NET 3.5 Web Application and I was wondering what would be good way to persist user specific settings (i.e. user preferences) server-side?
Here are the conditions:
It needs to be able to store/retrieve
settings based on a User ID
I don't want to use SQL Server or any such DB engine
I don't want to store it in cookies
Any guidance would be greatly appreciated.
Edit: If it makes any difference, it doesn't have to support a web farm.
Use the ASP.NET Profile feature for this. See ASP.NET Profile Properties Overview
If you want to persist data, and you don't want to use a database, then you need to save the data to disk (such as XML). If you're looking for something that isn't local to your server, you could use a SaaS solution that would host your data for you, such as Amazon's S3 service. If you do that, the latency of data retrieval will slow your application down, so you'll want to cache the data.
Text files (JSON/XML/etc), though security then becomes an associated problem.
Given those parameters, you could just keep track of your own user preferences XML file on the server.