-1

In asp.net 4.0 c#, i have two databases on different servers 1.Sql server 2.Oracle

I want to develop a web application in which the users will login with their id password and then perform the allowed tasks.

I want to know that how i can make a single connection string for multiple users? I dont want to make connection string on every page.

I was looking for this for a whole day but could not found any solution. currently i am not using web.config file but i have a class where i have made a connection string and passed the textbox values to it and the storing them in static fields and suppling them to other classes , but i dont think it is good approach

i think most of people are not getting what i really want to ask kindly let me know if you want any confirmation.

for example there are 40 users each having a different id,password (no of users can be increased or decreased) there are two approaches to have a connection string 1)make a connection string in a class string conn=@"server=MYSERVER;database=mydb;user id="+userid+";password="+password); but how the userid,password fields can be accessed in web.config? here userid=textbox1.text,,password=textbox2.text;

2)make a connection string in a web.config file so how?

Dragon
  • 1,078
  • 2
  • 9
  • 31
  • Usually this question asked in opposite way - "how to specify connection string unique/different for each user". Have you tried to see how to set connection string in ASP.Net application in general? Or you have some problem not covered by normal web.Config setting (like http://stackoverflow.com/questions/5642474/setting-up-connection-string-in-asp-net-to-sql-server) - please clarify. – Alexei Levenkov Feb 28 '14 at 19:59
  • @TusharGupta i have been searching for this a whole day but could not find a thing what i want.I have made some edits in my question so kindly let me know if you want any more details – Dragon Feb 28 '14 at 20:08

1 Answers1

1

It is very common for all users to use the same connection string to talk to the database server for a web application, and for the application to control what functions the users can and can't do based on their userid and password and security you build into you application.

In this type of setup, the user's id and password are separate (and different) from the userid and password for the database server.

If you must use a separate userid and password for each users db connection, then you wouldn't store it in a connection string in your config file, but would instead build it dynamically based on the user logging in.

Like this for example:

var userid = "testuser";  //these would come from your login page, not hardcoded
var password = "letmein";

var sqlConn = new SQLConnection("server=MYSERVER;database=mydb;user id="+userid+";password="+password);
E.J. Brennan
  • 45,870
  • 7
  • 88
  • 116
  • If i have a web.config file then i can supply only one id and password in it so how can i use it for different users? – Dragon Feb 28 '14 at 20:10
  • 1
    You build a login page in you application and control what they can do thru your application logic, not the database permissions. For example, Facebook uses a database, you login to Facebook with a userid and password, but I guarantee you Facebook is not using your userid and password to connect to their database- the security is instead built into the application. – E.J. Brennan Feb 28 '14 at 20:13
  • i have the same connection string which you have given as an example.But how i can access the userid and password fields in web.config because they are not accessible in web.confg – Dragon Feb 28 '14 at 20:29
  • Why do you need access to them in web.config? – Bradley Uffner Feb 28 '14 at 20:33
  • 2
    `String.Format` may provide more readable code (`...id={0};password={1}`) keeping the same SQL injection issues... I.e. with Web.Config one can do something like `String.Format(WebConfigurationManager.ConnectionStrings["myConnectionString"].ConnectionStrin‌​g, userId, password)` – Alexei Levenkov Feb 28 '14 at 20:36
  • @BradleyUffner so how i can dynamically change the id,password fields in my connection string if i dont write them in web.config – Dragon Feb 28 '14 at 20:46
  • 1
    @raz I thought you wanted a single connection string? Maybe I'm not understanding your question; how can a different connection string for each user be considered a single connection string? – Bradley Uffner Feb 28 '14 at 20:52
  • @BradleyUffner for ex: there are 100 users which login now i have 2 options i can make a connection string like var sqlConn = new SQLConnection("server=MYSERVER;database=mydb;user id="+userid+";password="+password); here userid=textbox1.text ,password=textbox2.text ,,but how i can implement this in web.config? – Dragon Feb 28 '14 at 20:59
  • @AlexeiLevenkov Its not working string.Format(WebConfigurationManager.ConnectionString["myConnectionString"].ConnectionString,userId,password); Its not providing userId and password ..it only supplies the connection string in web.config – Dragon Mar 04 '14 at 06:30
  • @raz What is "not working"? What do you expect to happen with that code? (You may want to either ask separate question or edit this one with what you've tried/expected - code in comments is not very readable). – Alexei Levenkov Mar 04 '14 at 17:09
  • its not providing userId and password – Dragon Mar 05 '14 at 07:03
  • @AlexeiLevenkov for ex its only suppling the connection string present in web.config,but not providing the userid ,password when i edit it in code behind – Dragon Mar 05 '14 at 07:05
  • @raz - no, web config does don't provide magical way to know what information you would like to use connection string. You should clarify for yourself what you have and what you need to construct and than think how to do so. I though that you have "userId" and "password" and just needed a way to somehow use one value from configuration to combine all into valid connection string. Apparently I'm absolutely off in my understanding of your question - sorry about that and random suggestions. – Alexei Levenkov Mar 05 '14 at 17:24