MVC :: Accessing Different Databases Depending On Logged In User?
Jan 14, 2010
I'm writing an application that will be accessed by different groups of users. I have one aspnetdb for logon; then depending on which group a user belongs to, I want to point them at a different 'content' database. Each user wants similar information, but unique to each group, so the schema of each database will be the same, but the content will be different. We're probably talking a dozen or so groups here.
What's the best way to achieve this? Would roles do? I could put each user into a specific role, group1, group2 etc, then check which role a user was in and use a connectionstring in the web.config file based on that. This seems like it would work, but it seems a bit of a cludge. A dozen or so connection strings doesn't seem too much of a problem, but it doesnt' really seem the correct use for roles.
I've an application only used in my site, and I'm interested to put in production from a global scope and the same instance to all the sites.
The fastest solution I've in mind is to use the current database for each different site, as copy from current system and add/clean a new one when a new site will start using it.
For this purpose I though in a front database where to check the logged in user site and then, depending user configuration, access his own site database.
I'm using now a connection string called ConnectionString1 in all the controls/code-behind database access. Then, my trouble is how to make it configurable to point to a certain database with the same connection string name but different connection string value depending on the user who has logged in, in order to not modify the current code I did. The only work I must do is change LogIn page to select appropiate database to access.
I need to make a webservice in .net (I know how this works) but then I need to get data out of a database. But my company wants to make it in a way that you can use the system with multiple databases.
So my option was make multiple abstract classes which contains the folowing code (depending on the database type, this would be a SQL database)
access the page on public section of the website from the admin section,while logged in?Or i am causing a security hole,jumping like this?all admin section pages have role based authorization and can not be accessed unless authenticated.Public of course is accessible to anyone.
I would like users to upload a profile picture when they register, and to then show that picture in a picture box control when they are logged in based  on that specific user.
I deployed a website where a logged user or an anonymous user can select data and download a XML file. The website generate the XML file in the server and then deliver it.
It works fine in my development environment, but after deployment, the anonymous user can download the file, but the logged user receive this error:
System.UnauthorizedAccessException: Access to the path 'd:HostsLocalUserheringerwebsiteUpload20110107094051.xml' is denied.
It is weird that as anonymous i can do it.
The website server help states this:
"Grant write, modify, delete access rights on website's folder
Your website executes under unique user account that by default has full control over the website's folder. So your application can create, open, read, write and delete files and folders inside of your root folder.
There is no need and no way to change this permissions.
If, when running ASP.Net application, you still unable to create file or update it, you have to check your Web.Config file for "<Identity impersonate..." tag and remove it.
The only exception is when the application tries to modify a file or folder in "Application_Start" event of Global.asax file. This is by design that user authenticated only after the Application_Start even. Before the user is authenticated your website runs under an identity of Application Pool which is "Network services". That account doesn't have access to the folder of your website.
To make it work you eather have to move the code that tries to modify files or folders out of the "Application_Start" event of the Global.asax file or inside the event you'll need to impersonate your user by code."
But i am not using impersonate and the tag is not in my web.config.
I have the membership provider and the create user with tow steps, one of the steps contains a custom registration form, for each created user data will be in the database, and there is an account page shows the data that the new created user did insert during the registration process on the custom registration page,
the problem, when the user is created and logged into his account page, this account page shows only the information for the first created user, not the info on the logged in user , but the logged in user data still saved in database and not showing on his account page?
VB.NET 2.0, windows forms applications. I have two applications, A and B. A accesses a remote Oracle database already, B needs to access a different database, but also Oracle, from the same outside source.So, I thought it would be easy; copy code to connect, change the query, and off we go. But I keep getting the old ORA-12154 error that it can't resolve the connect identifier.First, I developed the query usng sql plus connecting to the target database. So, I know the machine has appropriate entries in tnsnames.ora.Second, I cut-and-pasted the block of code from B into A and gave A a test. It successfully connects and runs the query. So, I know that the data source, user id, password and sql are o.k.Third, I looked in the registry (HKEY_LOCAL_MACHINESOFTWAREOracle) and found the all ORACLE_HOME paths that were set up. Went down all those paths to insure the tnsnames file had my new connection defined.Fourth, I'm able to find the database B is trying to get to via tnsping from the command prompt.Fifth, I copied the connection string from A to B, just to see if it could connect to the database A is known to connect to. Same exception.So, everything connects everywhere except B, who cannot get to Oracle at all. I just can't find what's telling B to use a different tnsnames file (maybe?).Missing something obvious, no doubt.[Edit]I realized overnight I hadn't shown how I was connecting. (The exception is thrown trying to open the connection.) Pretty simple:
I have table called ROLE with fields (id,name,permission) example values (1001,madhu,hr)
I have another table called LOGIN with fields(id,DOB,password) example values(1001,24101989,madhukumar)
What i want is , if i login using the LOGIN table ,it  check the  id and permission in the ROLE table , if the permission is 'hr' it enable to access the menu , or if the permission is any other it just print the error message ("no permission")
Note: menu is placed in master page , but login is not in the master page ...
Then I have prepared a model,controller,view for accessing and displaying the data. I am using LINQ o get the data from database but getting the exception:" A network-related or instance-specific error occurred while establishing a connection to SQL Server. The server was not found or was not accessible. Verify that the instance name is correct and that SQL Server is configured to allow remote connections. (provider: Named Pipes Provider, error: 40 - Could not open a connection to SQL Server)" I have also installed the MYSQL connector. provide me the solution to access the data using MYSQL and LINQ in MVC application
I've made a membership by create user wizard. everything is good but after click on finish register button, when page redirect to index .aspx, this page thinks tht user logged in. whereas user didnt login just added to DB.here is the code:
I'm working on an external web site (in DMZ) that needs to get data from our internal production database.
All of the designs that I have come up with are rejected because the network department will not allow a connection of any sort (WCF, Oracle, etc.) to come inside from the DMZ.
The suggestions that have come from the networking side generally fall under two categories -
1) Export the required data to a server in the DMZ and export modified/inserted records eventually somehow, or
2) Poll from inside, continually asking a service in the DMZ whether it has any requests that need serviced.
I'm averse to suggestion 1 because I don't like the idea of a database sitting in the DMZ. Option 2 seems like a ridiculous amount of extra complication for the nature of what's being done.
Are these the only legitimate solutions? Is there an obvious solution I'm missing? Is the "No connections in from DMZ" decree practical?
Edit: One line I'm constantly hearing is that "no large company allows a web site to connect inside to get live production data. That's why they send confirmation emails". Is that really how it works?
I would like to change the logged in user to another user temporarily to do some process.
For example, say I am logged in as "Joe". In my method, I want to make the logged in user from "Joe" to "SuperUser", do some process, then change the logged in user back to "Joe".
using (OracleConnection myConn = new OracleConnection(connectionString)) { OracleCommand myCmd = new OracleCommand("sproc", myConn); myCmd.CommandType = CommandType.StoredProcedure; myCmd.Parameters.AddWithValue("p1", a1);[code].....
Second format just doesn't feel right but I am not that experienced. I am curious if there is any downfall to that other than exception not being type specific.
Access to my application is controlled by user accounts. I would like my text labels to change within my pages depending on the user logged in. This needs to be easily managed.
What is the best way to achieve this? Would using the resources file work?
My scenario is a 3-Tier app where the data tier is a SQL Server database, the middle tier is a WCF application hosted in a Windows Service and finally the presentation is an Asp.Net MVC application.As usual, the middle tier is the one that performs all of the business logic. Access database, define business rules.. etc. BUT now here's question: How do you handle security in such a scenario? I mean, the user has to log in on the ASP.NET application, but I want to authenticate it not only in ASP but in the WCF middle tier as well, since a WCF service is supposed to be accessed by more apps.
I want the user to log in on the Asp.Net application and let WCF know the credentials as well. Is there some kind of session in WCF in which to specify a logged in user? How do pros handle security in this case? I know you can secure the WCF services with message security, but how do Asp.Net and WCF sync on a single logged user? I want to secure WCF operations depending on the user for authorization means.
Lets suppose my application is deployed on a server located in USA. Now if any client visits my website from anywhere and from any device e.g Mobile , iPad , Surface or Laptop. Now if i want to save his local time then what should i use ?
DateTime.Now;
or
TimeZone curTimeZone = TimeZone.CurrentTimeZone; var yourTime = TimeZoneInfo.ConvertTime(DateTime.Now, TimeZoneInfo.Local, TimeZoneInfo.FindSystemTimeZoneById(curTimeZone.StandardName));
I am currently using the built in ASP login function... the destinationpageurl of that login function locates to "loginhome.aspx" for all users... but for one specific user ("Admin") it needs to link to "adminhome.aspx"... just wondering whats the best way to do this? Can I change the destinationpageurl of the login function depending on the user or creating an admin role so "If membershiprole = 'Admin' redirect to 'adminhome.aspx' End If" or can I just add some code behind the login function so "If User.login.Name = 'Admin' Then destinationpageurl = 'adminhome.aspx' End If" think I have already tried this on the login1_authenticate event but it didn't work
I´m building a website and i need to store somehow some informations that i will use in the whole site depending of the user type logged in.3) Store those 2 or 3 fields that i will get in Database in a persistent way to use it in the whole site.My question is: Whats the best practices to do this?
I have a Menu control in MasterPage based on web.sitemap file. My website has roles enabled (AspNetWindowsTokenRoleProvider) and uses Windows authentication mode. So, user has to be in a specific Windows Group to be able to access the site. I need to allow some users to see all menu nodes and some restricted set of nodes. How do I do that?
I would like to be able to create, say following Windows groups: