Security :: Standalone Stored Procedure To Verify Credentials In Aspnet Database?
Apr 12, 2010
I have a requirement to develop an application in Excel VBA to talk to an MSSQL database.The client wants a login facility for a number of named users - I am going to setup these users in the aspnet tables in my database (aspnet_users, aspnet_membership etc).There is no facility in VBA to do automatic verification of a users credentials like there is in ASP.Net so I have developed a simple login form for the user to enter their username and password and send these to a stored procedure in the database. I am looking for a stored procedure that implements the ASP.Net hashing routine to convert the user supplied password into the same format as the database stored password so I can compare and return a true or false.
View 1 Replies
Similar Messages:
Dec 3, 2010
I am building a web application that is limited to one database, thus I cannot use the handy ASP.NET config tool. I am attempting to use SqlClient to authenticate users from a user table I added to my database. Here is the code I have thus far:
[Code]....
[Code]....
View 5 Replies
Mar 18, 2010
I just want to make sure I used SCOPE_IDENTITY() correctly to get the newly made TestimonialID
[Code]....
Is this the proper way to use it?
View 4 Replies
Jun 16, 2010
For our website, we have decided we would like to maintain our user passwords as encrypted binary data in our database. We are using ASP.NET 3.5 to host our site and SQL Server Express 2008 for the database, both running on the same server. When a user logs in and submits a username and password, there will need to be some sort of encryption or decryption in order to verify the credentials. To me, it would appear that there are 3 ways to do this:
1)[C# Encyrption] On User creation, perform encryption in the Web App and submit the encrypted password to the database. To verify credentials at Login, perform the same encryption on the submitted password and ensure that it matches the value stored in the database.
2)[SQL Encryption] On User creation, submit the plain-text password to the database and have it perform one of the SQL encryption variants during INSERT. To verify credentials at Login, have the database perform decryption on the password during the SELECT statement, and compare the plain-text submitted password to the one in the database.
3)[Mix] On User creation, submit the plain-text password to the database, and have it perform one of the SQL encryption variants during INSERT. To verify credentials at Login, perform the same encryption algorithm used by SQL on the submitted password ( is this possible? ), and ensure that it matches the value stored in the database.
Does anybody have an opinion as to which of these options is best? Number 1) is the most familiar to me, and would be the easiest to use with LINQ to SQL ( which is our current data model ), so I am leaning towards that. But if there are better options I would love to know about them.
View 3 Replies
Jun 9, 2010
How to verify users login credentials using users login credentials of user's gmail account (like in stackoverflow on clicking gmail it takes to gmail login page and gmail verifies the user)
View 1 Replies
May 18, 2010
I would like to know how I can verify a user's credential against an existing asp.net membership database. The short story is that we want provide single sign on access.
So what I've done is to connect directly to the membership database and tried to run a sql query against the aspnet_Membership table:
[Code]....
The problem is the password value, does anyone know how the password it is hashed?
View 3 Replies
Apr 2, 2010
This is surareddy. i nead some small clarification in the "Stored Procedure"
how to convert the oracle Stored Procedure to sqlserver2005/2008 Stored Procedure.
right now i am enhancing the project that project already developed the oracle Stored Procedure. now our company is using sqlserver 2005/2008.
how to convert the Oracle Stored Procedure to sqlserver 2005 Stored Procedure
View 4 Replies
Dec 9, 2010
Initially, I have tried to use stored procedure. But I changed my mind and preferred to call sql query in codebase with command text. However, it stills tries to find initially-called stored procedure (which is neither called or exists).I think that it is related caching. But I tried it with different browsers it did not work.What might be the reason?
View 4 Replies
Feb 1, 2011
I'm working on an ASP.NET project for the first time in about three years; in the meantime I've been working with Python/Django, PHP and Obj-C. Anyways, picked it right back up... except something that is totally killing me right now, and I have a feeling it must be staring me in the face:
I'm trying to bind to an LDAP server, for the purpose of authenticating users. The way it works here is, you bind on your own credentials, use that to find the Distinguished Name of the user you're authenticating, then you bind again on their DN and their password. If the bind is successful, the password was correct and the user can be authenticated.
Here's the problem - the first bind (on the fixed credentials, the ones with the ability to search for users and their subtrees) works fine. The search works fine. The second bind fails, no matter what, with the LDAP error INVALID_CREDENTIALS. This happens even when completely valid credentials are supplied.
Here's the code, with the usernames and passwords redacted, of course...
[Code]....
View 1 Replies
Jan 28, 2011
I could probably figure this out if I tried to, but I have been working so long on code, I'm a little fried
I have a stored procedure, and I want to execute another stored procedure during a time period of lets say 1/1/2011 to 12/31/2011
How Would I accomplish this?
View 4 Replies
May 29, 2010
I am trying to insert a UserID column into a database table during membership creation. I have my tables set up in a dataset with the stored procedure in there. Now I am trying to call that stored procedure in the newuserwizard code and I it is not recognizing the stored procedure. I know it is because my dataset is not referenced in the newuserwizard code. Here is the code I am using:
[Code]....
The name of the stored procedure is "InsertUserID". I think I need to create a function that references the ataset but I am not sure how to do this..
View 6 Replies
Jan 26, 2011
I have an application with 40 or so separate databases that share a number of identical table schemas. Each is for a separate agency that performs functions identical (nearly) to the others. I have a number of reports that involve complex queries that each agency is required to produce. There is a "top-level" agency that would like to run the same reports but have the data consolidated for ALL agencies. I have tried having the query generated simply re-produced for each sub-agency by using a "UNION" ..
SELECT .... FROM [Agency].[dbo].[Table] ... UNION SELECT ... FROM [Next Agency].[dbo].[Table]....
This works for a few agencies selected/included but when they try to select all agencies or more than a few, it fails because the query is too large. I have tested a stored procedure:
CREATE PROC Test @DB AS
SELECT ... FROM [@DB].[dbo].[Table]...
Thinking I can build a smaller query by having up to 40 items of "EXEC Test (db) UNION EXEC Test (next db)" That also fails.... won't permit the database specifier as a parameter (plus, I don't know if I can do a UNION on the EXEC results).
View 9 Replies
Sep 1, 2010
I want to import file ( CSV ). how to write a stored procedure for this purpose or any other way to import a CSV file into my database.
View 1 Replies
Jan 26, 2011
In my .aspx page, i have two textbox and one add button and one delete button.
I want simply, when entering data textboxes and click add button, adding to database with stored procedure.
When entering data textboxes and click delete button, delete from database with stored procedure.
How can I do that?
Simply I need 4 code part, add_click(), delete_click(), sp_add, sp_delete
View 1 Replies
Jan 18, 2010
Does anybody if it is possible that a stored procedure returns rows which is the result of the execution of another sp? Something like..
[Code]....
View 11 Replies
May 13, 2010
i want to return output parameter from 1 storeprocedure. into another stored procedure.
View 7 Replies
Aug 18, 2010
Change user's password via stored procedure in ASPNETDB. Changed to another post [URL]
View 1 Replies
Nov 1, 2010
I kept getting this using ASP.NET Administration Tool/Security tab: There is a problem with your selected data store. This can be caused by an invalid server name or credentials, or by insufficient permission. It can also be caused by the role manager feature not being enabled. Click the button below to be redirected to a page where you can choose a new data store. Could not find stored procedure 'dbo.aspnet_CheckSchemaVersion'.
View 3 Replies
Oct 16, 2010
Iam using Visual Studio 2010 ultimate. Iam trying to use a CreateUserWizard control, but iam getting this error below,eachtime i click the click user. Kindly guide me where iam getting wrong.this has disturbed me for two dayz,figuring out where the problem is but i cannot see it. Kindly see Both my web.config file below and the type of error iam getting.
<?
xml
version="1.0"?>
<!--
For more information on how to configure your ASP.NET application [URL]
-->
<
<
<
configuration>connectionStrings>add
name="WebDataBaseConnectionString"
connectionString="data
source=.SQLEXPRESS;Integrated Security=SSPI;AttachDBFilename=|DataDirectory|WebDataBase.mdf;User Instance=true"
</
providerName="System.Data.SqlClient"
/>connectionStrings>
<
<
system.web>compilation
debug="false"
targetFramework="4.0"
/>
<
<
</
authentication
mode="Forms">forms
loginUrl="~/Account/Login.aspx"
timeout="2880"
/>authentication>
<
<
<
<
membership
defaultProvider="WebDataBaseSqlMembershipProvider">providers>clear/>add
name="WebDataBaseSqlMembershipProvider"
type="System.Web.Security.SqlMembershipProvider"
connectionStringName="WebDataBaseConnectionString"
enablePasswordRetrieval="false"
enablePasswordReset="true"
requiresQuestionAndAnswer="false"
requiresUniqueEmail="false"
maxInvalidPasswordAttempts="5"
minRequiredPasswordLength="6"
minRequiredNonalphanumericCharacters="0"
passwordAttemptWindow="10"
</
</
applicationName="/"
/>providers>membership>
<
<
<
<
</
</
profile>providers>clear/>add
name="WebDataBaseSqlProfileProvider"
type="System.Web.Profile.SqlProfileProvider"
connectionStringName="WebDataBaseConnectionString"
applicationName="/"/>providers>profile>
<
<
<
<
<
</
</
roleManager
enabled="false">providers>clear/>add
name="WebDataBaseSqlRoleProvider"
type="System.Web.Security.SqlRoleProvider"
connectionStringName="WebDataBaseConnectionString"
applicationName="/"
/>add
name="AspNetWindowsTokenRoleProvider"
type="System.Web.Security.WindowsTokenRoleProvider"
applicationName="/"
/>providers>roleManager>
</
system.web>
<
<
</
</
system.webServer>modules
runAllManagedModulesForAllRequests="true"/>system.webServer>configuration>
This is the type of error iam getting below Server Error in '/AspDotNetWebsite' Application. Could not find stored procedure 'dbo.aspnet_CheckSchemaVersion'. Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code. Exception Details: System.Data.SqlClient.SqlException: Could not find stored procedure 'dbo.aspnet_CheckSchemaVersion'. Source Error:
[Code]....
Stack Trace:
[Code]....
View 4 Replies
May 16, 2010
I have the following stored procedure:
ALTER PROCEDURE Pro_members_Insert
@id int outPut,
@LoginName nvarchar(50),
@Password nvarchar(15),
@FirstName nvarchar(100),
@LastName nvarchar(100),
@signupDate smalldatetime,
@Company nvarchar(100),
@Phone nvarchar(50),
@Email nvarchar(150),
@Address nvarchar(255),
@PostalCode nvarchar(10),
@State_Province nvarchar(100),
@City nvarchar(50),
@countryCode nvarchar(4),
@active bit,
@activationCode nvarchar(50)
AS
declare @usName as varchar(50)
set @usName=''
select @usName=isnull(LoginName,'') from members where LoginName=@LoginName
if @usName <> ''
begin
set @ID=-3
RAISERROR('User Already exist.', 16, 1)
return
end
set @usName=''
select @usName=isnull(email,'') from members where Email=@Email
if @usName <> ''
begin
set @ID=-4
RAISERROR('Email Already exist.', 16, 1)
return
end
declare @MemID as int
select @memID=isnull(max(ID),0)+1 from members
INSERT INTO members (................................
When I run this page, signup.aspx, provide required fields and click submit, the page simply reloads and the database table does not reflect the newly-inserted record. How do I catch the error messages that might be returned from the sproc? how to change signup.aspx so that the insert occurs.
View 3 Replies
Jan 20, 2011
I am trying to create dataset (.xsd) and link it with stored procedure in MySQL database. the problem is when i connect it it's changing the schema name. like if I have this stored procedure name or table name or whatever :
News.tbNews the builder it self change it to :
def.News.tbNews. MySql version 5.5.8, MySqlConnector 6.3.4 I searched for a solution for this problem and one of the answers was to change the MySqlConnector from 6.3.4 to 6.3.6 !!! I download the new connector 6.3.6 but it's giving me Error while installing it.
View 1 Replies
Jan 6, 2010
i am creating new database in my sql server 2000.But this database donot have any system storeprocedure. I am not able to create new store procedure in this database.
View 2 Replies
Jul 4, 2012
I have used in line queries for inserting and retrieving data from database. How should i use stored proceduress
Insertion code
string strSQL1 = "select * from cust_details";
DataSet ds = new DataSet();
SqlConnection m_conn;
SqlDataAdapter m_dataAdapter;
m_conn = new SqlConnection(conn);
[Code] ....
Retrieval code
try {
SqlConnection conn3 = new SqlConnection(conn);
String q1;
//string ddl = DropDownList1.SelectedItem.ToString();
q1 = "select * from Product where ID ='" + DropDownList1.SelectedItem.ToString() + "'";
SqlCommand cmd = new SqlCommand(q1, conn3);
[Code] .....
View 1 Replies
Nov 23, 2010
how can I create stored procedure and write my select statement in it, I know how to create dataset then put type stored procedure and assign it to the sp ... what I want is writing my sp... how can I make it ?
check the following code, this is what I want to write put I don't know where or how !
CREATE STORED PROCEDURE SP_CATEGORY
@CATEGORY VARCHAR(30)
AS
BEGIN
SELECT LATIN_NAME, ENGLISH_NAME, ARABIC_NAME, CATEGORY
FROM FLORA, CATEGORY_LIST
WHERE FLORA.CATEGORY=CATEGORY_LIST.CATEGORY_NAME AND CATEGORY_LIST.CATEGORY_NAME IN (SELECT * FROM SPLITLIST(@CATEGORY, ','))
END
where can I write this code ?!
View 5 Replies
Aug 3, 2010
I have heard that saving connection strings and stored procedure names in web.config file of our application is not safe. It is a good practice to store the connection string in a config file rather than as a hard coded string in our code and if we need to change it,then it makes our job easier. how to protect our code in web.config?
View 4 Replies