0

I have a very small website that is used by a couple of users to share the same data in a table that they fill in. The plan is to sort this out properly very soon but for now is like that. I am just comparing the user and password input with some keys in web.config:

    <configuration>
  <connectionStrings>
    <add name="PMIcommConnectionString" connectionString="xxxxxx />
  </connectionStrings>
  <appSettings>
    <add key="UserName" value="xxxxxx" />
    <add key="Password" value="xxxxxxx" />
    <add key="Telerik.Skin" value="Windows7" />
  </appSettings>
  <system.web>
    <customErrors mode="On" defaultRedirect="~/Error.aspx" />
    <compilation debug="true" targetFramework="4.5">
      <assemblies>
        .........
      </assemblies>
    </compilation>
    <httpRuntime targetFramework="4.5" />
    <pages>
      <controls>
        <add tagPrefix="telerik" namespace="Telerik.Web.UI" assembly="Telerik.Web.UI" />
      </controls>
    </pages>
    <httpHandlers>
      ........
    </httpHandlers>
    <httpModules>
      <add name="RadUploadModule" type="Telerik.Web.UI.RadUploadHttpModule" />
      <add name="RadCompression" type="Telerik.Web.UI.RadCompression" />
    </httpModules>
  </system.web>
  <system.webServer>
    <validation validateIntegratedModeConfiguration="false" />
    <modules runAllManagedModulesForAllRequests="true">
      <remove name="RadUploadModule" />
      <add name="RadUploadModule" type="Telerik.Web.UI.RadUploadHttpModule" preCondition="integratedMode" />
      <remove name="RadCompression" />
      <add name="RadCompression" type="Telerik.Web.UI.RadCompression" preCondition="integratedMode" />
    </modules>
    <handlers>
      ......
    </handlers>
  </system.webServer>
</configuration>

My question is: can such login system be used to log on two users simultaeously?

Nullbyte
  • 231
  • 1
  • 6
  • 16

3 Answers3

0

Yes it can and every user will have its own session, but in turn it depends on how you implemented server side logic of user authentication. Is there forms authentication used?

Borys Generalov
  • 2,255
  • 17
  • 19
  • Actually there is no form authentication in the web.config. There is no lines about authentication. – Nullbyte Mar 31 '14 at 16:33
  • Borys, I have added the web.config in my question. Could you please advice if I should add a form of authentication to it? Thanks – Nullbyte Mar 31 '14 at 16:45
  • @Nullbyte Juding by your comments, you don't understand what Forms Authentication is. Please see [MSDN](http://msdn.microsoft.com/en-us/library/7t6b43z4.aspx). – mason Mar 31 '14 at 16:51
0

Yes, it can, you'd want to have a way of linking them together though.

<add key="JON-Username" value="JON" />
<add key="JON-Password" value="jonspassword" />
<add key="MMC-Username" value="MMC" />
<add key="MMC-Password" value="mccspassword" />

Obviously, you'd need to write your server-side logic so that it knows how to get the proper key for the username.

Alternative, you could do something like this...

<add key="JON" value="jonspassword" />
<add key="MMC" value="mmcspassword" />

But the downside of that is that if you want to use any other AppSettings, you don't be able to tell which is intended for other settings and which is intended for credentials, which is why I recommend the first method.

That being said, my top recommendation is to use a proper database for storing this type of information, and provide an administrative view within the site for configuring who has access.

mason
  • 31,774
  • 10
  • 77
  • 121
0

Ok, probably you can use this system to handle access to 'private' areas of your website, and yes, you can easily retrieve your key in appsetting by:

string jonUsername = WebConfigurationManager.AppSettings["JON-Username"];
string jonPassw = WebConfigurationManager.AppSettings["JON-Password"];

if(myUsernameInputfield.Text == jonUsername && myPasswInputfield.Text == jonPassw)
 {
   // ok this guy have the right to access to my page
 }

to compare values inserted by your users

If you would do this, maybe you should you also encrypt your webconfig

Community
  • 1
  • 1
ale
  • 10,012
  • 5
  • 40
  • 49