Architecture :: Implementation Of User Authentication In C#?
Feb 15, 2011
I am working on a web application project with a layered architectural style having DAL, BLL, Service Layer and Presentation Layer. It's going to be a Web forms application.
My intent is to try using some of the new features of .Net 3.5 or 4.0.
Currently, I am thinking through different approaches for implementing Authentication in this project.
I have a query regarding the design of the application, particularly Authentication.
In which layer should I have Authentication class? BLL? If I implement the Authentication class in BLL, should I be having an app.config in the same class library project to contain the Database connection string and all.
View 7 Replies
Similar Messages:
Apr 28, 2010
I have implemented the 3-tier architecture project; DAL, BAL, and presentation layer are three layers in it. I am going to implement the following scenario:
Presentation layer calls to a function in the BAL layer which returns 2 string variable, and in turn this function from BAL layer calls to a DAL layer function which also returns 2 string variable. How can I implement the above scenario?
View 2 Replies
Feb 27, 2011
I'm fairly new to dependency injection but it seems like a proper DI implementation will be fairly complex.
For example, DI requires a centralized class that manages the configuration and resolves the dependencies at runtime.
DI is also based on the concept of using interfaces. For example, a SpecialLogger should use an ILogger interface.
The centralized DI manager class will need to register types - for example, associate ILogger to SpecialLogger.
SpecialLogger will also need to implement the ILogger interface so SpecialLogger can be used through the DI ILogger interface.
Therefore, it seems like a sln using DI will need multiple projects to support DI. Here is an example for logging:
* MyCompany.MyDivision.Framework.DI.Management - this would have the DI manager where dependency types are registered and resolved at runtime
* MyCompany.MyDivision.Framework.Logging - this would have the implementation of a logging class. The main logging class would need to implement ILogger.
* MyCompany.MyDivision.Framework.DI.Interfaces - this would have the ILogger interface.
Interfaces would need to be stored in a separate class library from the DI manager because both the DI manager and SpecialLogger use the ILogger interface. Since the DI manager associates SpecialLogger to ILogger a circular reference would be encountered without a separate class library to store the ILogger interface.
View 1 Replies
Feb 28, 2011
I have been learning C# for the last year or so and trying to incorporate best practices along the way. Between StackOverflow and other web resources, I thought I was on the right track to properly separating my concerns, but now I am having some doubts and want to make sure I am going down the right path before I convert my entire website over to this new architecture.
The current website is old ASP VBscript and has a existing database that is pretty ugly (no foreign keys and such) so at least for the first version in .NET I do not want to use and have to learn any ORM tools at this time.
I have the following items that are in separate namespaces and setup so that the UI layer can only see the DTOs and Business layers, and the Data layer can only be seen from the Business layer. Here is a simple example:
[Code]....
Am I completely off base? Should I also have the same properties in my BLL and not pass back DTOs to my UI? what is wrong and what is right. Keep in mind I am not a expert yet.
I would like to implement interfaces to my architecture, but I am still learning how to do that.
View 4 Replies
Mar 18, 2011
I'm conducting a project in which a website should have multi-language support.Now, this website is supposed to serve about 500K+ visitors a day, so it must be super-efficient.
I've created a table of parameters {[ID],[Name]} AND a linkage-table {[objectID],[parameterID],[languageID],[value]}. I think it's the best way to deploy multi-language support while having the privilege to translate different parameters for each language.
As far as I know, server's memory is much faster than a physical HDD. Therefore, I'm planning to store ASP.NET Application State objects for my translation architecture.[URL]
View 3 Replies
Feb 16, 2010
In a project im working on there are many sql tables containing different ID, Name pairs. Those are represented as Enums in classes that need them however that requires casting since tables contain ID only.Also when serialize the Enum contains the ID not value.
View 3 Replies
Jul 22, 2010
not sure if I'm posting to the right thread or not.. but here is the questiondoes anyone know how to implement a best pratice on SEO?One of the example is: if the user types "brand new canon camera" then I want the system to find a sequence of string in the database that contains "new", "cannon", "camera". It is ok with or without the word "brand". However if the user types "HP laptop DV1000" and i want the system to find all HP laptop whether new or not but limited to specific series.
View 3 Replies
Jul 19, 2010
I am searching for the advantages and disadvantages of the explicit interface implementation
View 1 Replies
Feb 10, 2010
I am in the process of redesigning our main product, a knowledge database system for clients to access clinical and specialist advice articles. There is a requirement to add "Social Networking" to this allowing users to connect and post remarks etc...
This is somewhat similar to the Facebook wall scenario - where Articles, Photos, Groups, Products, Events, ActivityFeed can all have comments. I am at a lose as to the database design I would need to implement this. All comments must allow for Moderation/Approval/Spam Reporting etc...
I originally thought a individual table for each Comments entity ex: ArticleComment, ProductComment would work as the comments themselves are not all directly related. Each table having the same exact columns. But this makes life abit awkward as then this creates a separation between something that for all purposes is the same i.e. They are all comments.
The other design idea was to have a single Comment table with an "arc" type relationship to related tables with FK references back to the source.
The other option was to have a single Comment table with an Object Type and XID but this breaks the rules of relation and does not all for referential integrity.
I am at a lose and don't know what to do. I have asked over at SQLCentral.com and all I have done is raised more questions than answers about what to do.
Design 1: This would require exact copies of this table for all the entities.
-- Photo Comments --
CREATE TABLE dbo.PhotoComment
(
CommentID int IDENTITY(1,1) NOT NULL,
PhotoID int NOT NULL,
Body ntext NOT NULL,
ReportedAsSpam bit NOT NULL CONSTRAINT [DF_PhotoComment_ReportedAsSpam] DEFAULT (0),
IsSpam bit NOT NULL CONSTRAINT [DF_PhotoComment_IsSpam] DEFAULT (0),
IsApproved bit NOT NULL CONSTRAINT [DF_PhotoComment_IsApproved] DEFAULT (1),
CreatedDate datetime NOT NULL,
CreatedBy uniqueidentifier NOT NULL,
UpdatedDate datetime NOT NULL,
UpdatedBy uniqueidentifier NOT NULL,
IsDeleted bit NOT NULL CONSTRAINT [DF_PhotoComment_IsDeleted] DEFAULT (0),
CONSTRAINT [PK_PhotoComment] PRIMARY KEY (CommentID),
CONSTRAINT [FK_PhotoComment_PhotoID] FOREIGN KEY (PhotoID) REFERENCES dbo.Photo(PhotoID),
CONSTRAINT [FK_PhotoComment_CreatedBy] FOREIGN KEY (CreatedBy) REFERENCES dbo.aspnet_Users(UserId),
CONSTRAINT [FK_PhotoComment_UpdatedBy] FOREIGN KEY (UpdatedBy) REFERENCES dbo.aspnet_Users(UserId)
)
Design 2: The "Arc" relationship
CREATE TABLE dbo.Comment
(
CommentID int IDENTITY(1,1) NOT NULL,
CommentType char(1) NOT NULL CHECK(CommentType IN ('A','I','E','G','U','P')),
Body ntext NOT NULL,
ReportedAsSpam bit NOT NULL CONSTRAINT [DF_Comment_ReportedAsSpam] DEFAULT (0),
IsSpam bit NOT NULL CONSTRAINT [DF_Comment_IsSpam] DEFAULT (0),
IsApproved bit NOT NULL CONSTRAINT [DF_Comment_IsApproved] DEFAULT (1),
CreatedDate datetime NOT NULL,
CreatedBy uniqueidentifier NOT NULL,
UpdatedDate datetime NOT NULL,
UpdatedBy uniqueidentifier NOT NULL,
IsDeleted bit NOT NULL CONSTRAINT [DF_Comment_IsDeleted] DEFAULT (0),
CONSTRAINT [PK_Comment] PRIMARY KEY (CommentID),
CONSTRAINT [FK_Comment_CreatedBy] FOREIGN KEY (CreatedBy) REFERENCES dbo.aspnet_Users(UserId),
CONSTRAINT [FK_Comment_UpdatedBy] FOREIGN KEY (UpdatedBy) REFERENCES dbo.aspnet_Users(UserId),
CONSTRAINT [UC_Comment_CommentID_CommentType] UNIQUE (CommentID, CommentType)
)
-- Article Comments --
CREATE TABLE dbo.ArticleComment
(
ArticleID int NOT NULL,
CommentID int NOT NULL,
CommentType char(1) CONSTRAINT [DF_ArticleComment_CommentType] DEFAULT 'A', CHECK (CommentType = 'A'),
CONSTRAINT [PK_ArticleComment] PRIMARY KEY CLUSTERED (ArticleID, CommentID),
CONSTRAINT [FK_ArticleComment_ArticleID] FOREIGN KEY (ArticleID) REFERENCES dbo.Article(ArticleID),
CONSTRAINT [FK_ArticleComment_CommentID] FOREIGN KEY (CommentID) REFERENCES dbo.Comment(CommentID),
CONSTRAINT [FK_ArticleComment_CommentID_CommentType] FOREIGN KEY (CommentID, CommentType) REFERENCES dbo.Comment(CommentID, CommentType)
)
Design 3: The one that breaks the rules
CREATE TABLE dbo.Comment
(
CommentID int IDENTITY(1,1) NOT NULL,
ObjectType char(1) NOT NULL, /* A = Article, P = Photo etc... */
XID int NOT NULL, /* Would be the ID of the main entity being queried. */
Body ntext NOT NULL,
ReportedAsSpam bit NOT NULL CONSTRAINT [DF_Comment_ReportedAsSpam] DEFAULT (0),
IsSpam bit NOT NULL CONSTRAINT [DF_Comment_IsSpam] DEFAULT (0),
IsApproved bit NOT NULL CONSTRAINT [DF_Comment_IsApproved] DEFAULT (1),
CreatedDate datetime NOT NULL,
CreatedBy uniqueidentifier NOT NULL,
UpdatedDate datetime NOT NULL,
UpdatedBy uniqueidentifier NOT NULL,
IsDeleted bit NOT NULL CONSTRAINT [DF_Comment_IsDeleted] DEFAULT (0),
CONSTRAINT [PK_Comment] PRIMARY KEY (CommentID),
CONSTRAINT [FK_Comment_CreatedBy] FOREIGN KEY (CreatedBy) REFERENCES dbo.aspnet_Users(UserId),
CONSTRAINT [FK_Comment_UpdatedBy] FOREIGN KEY (UpdatedBy) REFERENCES dbo.aspnet_Users(UserId),
CONSTRAINT [UC_Comment_CommentID_ObjectType_XID] UNIQUE (CommentID, ObjectType, XID)
)
-- Ex: Get all comments for article ID 23.
SELECT * FROM Comment Where ObjectType ='A' and XID = '23'
View 1 Replies
Dec 30, 2010
Has any body got a clue to how to impliment the httphandler in the case o forms authentication for Authenticating multiple websites .Lets say you have 2 websites and after you authenticate one using forms i need not authenticate the other .(Already assumed that the machine key between the websites are the same )And both implement Forms authentication.
View 3 Replies
Sep 22, 2010
i want to create a centralised business or Service authendication architecture in .net. for example, we have a clients like c1, c2, c3, c4, ... etc. everybody logins seperatly as well as grouply. ie, if client "C1" logins [with login authentication] he can access c2 , c3, c4 also without login authendication. So its like a google. if we enters gmail account, we can access orkut, picasa like that.. i need the cetralised architecture.
And, client "c1" seperately asks seperately how will be the authendication architecture.
so give me the single solution for both these two scenarios. how will be the architecture for these two and how is the Data Base (Login) Structure.
View 3 Replies
Feb 12, 2011
By default ASP.NET MVC setups up the AccountController to use the SqlMembershipProvider, SqlProfileProvider and the SqlRoleProvider. I don't really need everything that brings to the table, in fact, it is more of a hassle to shape my data into that model.What is the minimum I need to implement on the MembershipProvider, RoleProvider and ProfileProvider abstract classes to get authentication and authorization and not break some other dependency that might be there?
View 3 Replies
Oct 7, 2010
implementing a strong two factor authentication solution to an app that's already using asp.net authentication? any particular add-ons that work well with asp.net? Preferably one that doesnt involved end-user hardware.
View 1 Replies
May 7, 2015
i develope asp.net web site based on users authentication.
How can i promiss that user who logins to the site and closes and explorer, could reopen it and be connected without insert his user & password again.
View 1 Replies
Jul 17, 2015
Article : Encrypt and Decrypt Username or Password stored in database
The whole thing works very well but my issue is, after entering and encrypted password how does the user then log into the database?
When a user types in his password, the typed in password will not match the ecnrypted value in the database.
So how do I decrypt what is in the database and compare with what the user typed in and then validate the user.
View 1 Replies
Feb 7, 2010
I'm building a site that can possibly have millions of users (yes ambitious!). Each user can upload an image or two for his/her profile. How would you architect the directories to support this type of thing? I was thinking of having a users subfolder off the root dir where each user will have their own sub-dir that corresponds to their userId created at registration time. I could then upload their profile pics to their corresponding sub-directory under the users dir. Seems straightforward but am I missing anything? Can I have a million sub-dirs under the user dir? NTFS supports it so my guess is YES.
View 2 Replies
Jan 18, 2011
I'm developing web application with concurrent user using the application. The problem i'm facing is that if the first user login his details are taken affecting the second user how is process the data in the application.How to avoid it?the best way to code to maintain concurrent users.
View 4 Replies
Mar 29, 2010
I have a user object and each user.. has a parent! Of course one user must be the exception, can't be a rule without exceptions.
What to do with the user that has no 'parent'?
1. Create a constant/global SystemUser whose parent is NULL
2. Allow any User's parent to be NULL and hope that only 1 user ever will have a NULL parent
3. Allow a User to be their own parent implying they are the top of the food chain
Really not sure what the best strategy is here, the users will be stored in a table along with their parent user's ID. Each user has one and only one immediate parent.
View 7 Replies
Feb 10, 2010
My boss asked me to develop an API library for user registration. I am planning to write it in C#, compile it into DLL, and then give DLL to other groups to use it in a web (ASP.Net) application.
View 4 Replies
Mar 26, 2011
I reffer users from my website to another website (not my own website, I dont have any access to code).How can I detect a user registered in this website I have reffered to....
View 2 Replies
Jan 19, 2011
I'm building a web app (VS2010, C#, .NET 4.0) and am aiming to make heavy use of objects. One particular object will be a 'user' object. One of the properties I am exposing for the object is the users Status (e.g. Pending, Active, Suspended, Expired). In the front end this status will be editable and I don't want users of the app to enter invalid statuses (Pendong, New, etc.). I could hard code the valid statuses in the front end making use of a radiobutton list or dropdownlist, but that isn't logically where the valid values should be defined, I would have thought that the objects class would be a better place.Now this leave me with two problems:
Which is the best place to define the valid values? If I add them to the class, how do I read and present them in the front end?I'm hoping that you guys can put me straight here. Are any of my ideas architectually correct, or if not then what would be better.
View 4 Replies
Jan 4, 2011
I want to use forms authentication on my ASP.NET MVC site. All I need is a place for users to login, a page to add a user, and a page to edit a user. I'm using all the default ASP.NET forms authentication tables for SQL Server (aspnet_Profile, aspnet_Roles, aspnet_Users, etc.). The only difference is that I've added an Employees table to my database, which contains a FK to aspnet_Users to create a one-to-one relationship. The Employees table contains columns for FirstName, LastName, StartDate, etc. It's a way for me to keep additional information for the users.
I'm having trouble finding any sort of tutorial that would help me build a basic page in MVC, everything I find is for WebForms. For my page to add a user, I'd like there to be fields for the Employees table. I don't know if I can modify the CreateUserWizard to add those fields, or if I'd be better off just creating my own custom page.
View 2 Replies
Jan 26, 2010
Let me tell you what I need to implement on my company .NET application and I will be more than glad to hear your advise how to do it:
For every user loged-in to the company website, We want to know on which page he is right now. It means, If user X is now on page "1.html", I need to save this information somewhere. If user X after 30-60 seconds going to page "2.html" I want to update it fast where he is now surfing. It means I want to be able to tell at REAL TIME, on each page, Which users are right now observing the page. This is the problem, now I'm looking for the right solution.
If some day my company website will have 400,000 user log-in at the same time, I am going to save to every one of them where he is surfing right now. Maybe I exaggerated, but we do have 45,000 users at the same time on the company web site and the number is growing. I think big so the solution for this problem will be good for a lot of users.
So, my data object for every user should keep this information somewhere:
1. User code (User Number).
2. Which page user is now observing (Page Number).
This object is going to update every 30-60 seconds by using AJAX, so it should be updated fast. It is a lot of reading/writing data. If a user want to see which other users are now on the same page as he his, he will be able to see it, just by going through the whole array of objects.
I don't need this information to be saved in DB, because it doesn't mean anything. It is temporary and changing A LOT. So, I think the right place to do it is using RAM at the the company server, using the Caching Data option. What do you think? Am I wrong?
If I am going to have a data table with lots of records and every record is going to be update every 30-60 seconds. Where should I save all this table data? I am using SQL Server 2008 to save important data as needed, but this data is not important to save, just need to use it for my purpose. Where should I save this data? I think saving it in DB is a bad idea, because of the dynamic update of records every few seconds. I am thinking about 100,000 users who update this table every few seconds. It probably going to kill my DB, so DB is not an option.
What is the right way to implement this kind of thing?
You may think of it like every page is "a chat room" and I want to know who enter now the room (the page), it doesn't have to be completely accurate in time, but approximately.
View 7 Replies
Feb 28, 2011
I'm looking for exampe of user managenet (login / registration / recover pass ...)
that is written in 3 layer architecture.
View 1 Replies
Dec 7, 2010
Problem Statement: I have a details web page which has a unique sesssion ID generated per user. Now if a user does Ctrl + N or File > New Window and opens a new browser instance then the same session ID is genrated and user can update on both the windows differently and this leads to ambigous updates to DB. How can we stop user to open a new window or how can we detect that a new instance of the same session ID has been genrated twice so as to kill both the sessions with a user firiendly message.
View 1 Replies