Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations TouchToneTommy on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

How to make my asp.net apllication multi user 2

Status
Not open for further replies.
StylizIT

StylizIT

Programmer
Dec 4, 2003
62
NL
Hi people, I'm having trouble connecting to my asp.net application. I have created several users in my sql2000 database. But when I try to connect with two different users at the same time, only one of them can log in. The other one gets the following error: Cannot change the connection string property while connection is open.

I know that this is because I have declared a public connection in my module, but I want to use only one. How can i use session states, or use the web.config file to make things work correctly?

thanks in advance

You can better regret that you have done something than regret the fact you done nothing
 
Sort by date Sort by votes
I personally use an application wide login to log in to the SQL Database (Only one login to SQL.) And then I Use a Session Variable to validate the users login and then to set their security level based on a lookup to the SQL Database.

Not sure if this is what you were looking for, but this how I do it.

Hope everyone is having a great day!

Thanks - Jennifer
 
Upvote 0 Downvote
thanks for your reply Jennifer,

I have thought your solution over, but it's not quit the solution I'm looking for. At least i don't know if there is another way to do it.
The situation is like this:

I've assigned roles to the users in my sql2000 database. The reason I need the users to login trough the database is because the database will handle the security. This way no one could be able to delete stuff for example if they aren't granted the access to do so. If I use your method, I will have to connect once with a login that has enough permissions to be able to use all the functions of the aaplication (Let say Admin)and then handle the security in the application just like you're doing. so if people find a way to hack my application they will still be able to modify stuff because the connection that is open is an administrator connection.

I just want to use one connection if possible, and the users have to be able to use their own login names and the database has to cover the security handeling. If this is not possible, could You give any more info about the method you are using..

Thnx in advance


You can better regret that you have done something than regret the fact you done nothing
 
Upvote 0 Downvote
Hi Styliz

You can't! When the connection is opened it uses a specific connection string and this includes the SQL user (wether that be SQL or Windows account), hence you can't change the user for a connection object without closing it.

Can you not just close your public connection and then reopen it using a different DSN when you wish to change users?

Rob

Go placidly amidst the noise and haste, and remember what peace there may be in silence - Erhmann 1927
 
Upvote 0 Downvote
Styliz

Your last post popped up before I posted mine! Are you using windows authentication within SQL to set permissions for individual users of your app. And then wish to connect the app for each user to SQL as their windows account using integrated security? If so, you just need to setup a seperate DSN for each user and open the connection using the relevant DSN. These could all be in your web.config as application settings. This will require you to know the users passwords though!

Alternatively you could store a generic string in your web.config and create the DSN on the fly using the users identity details, though you would still have the problem of finding out their password, short of asking them to input it to a textfield and using that to build the dsn i'm not sure how you would go about this and it would make a bit of a mockery of "pass-thru" authentication...

%-)

Rob

Go placidly amidst the noise and haste, and remember what peace there may be in silence - Erhmann 1927
 
Upvote 0 Downvote
I don't think that is possible cause the connection has to be open all the time for each user, so that the user can work with the database.

could you please give me some more information on the dsn part of solution you were thinking of?

A solution I was thinking of was creating a new connection for each user, but how can I do that in a way that the connection stays public so I can use it troughout my asp .net program? and I don't know if this is a good solution for a application that will be used by let's say 40 people. (thinking about performace issues)



You can better regret that you have done something than regret the fact you done nothing
 
Upvote 0 Downvote
hehe, lemme check the setting. I think I'm using windows authentication

You can better regret that you have done something than regret the fact you done nothing
 
Upvote 0 Downvote
well I'm not using windows authentication, I'm using sql server authentication. The users are all created in the database and roles are assigned to them instead of using their windows accounts.

The only thing I can think of is the solution I described above. But I don't know if this is an efficient solution.:S

You can better regret that you have done something than regret the fact you done nothing
 
Upvote 0 Downvote
"...the connection has to be open all the time for each user, so that the user can work with the database"

This is not true and if you had several hundred users logged on at one time it would be a disaster. One option is to open the connection each time a page is entered and close it on the way out. That way the connection is used for only a short period and you are not tying up resources while the end user thinks what to do next.

Reopening connections is pretty fast as SQL caches its connections. I have noticed no performance problems using this technique.


 
Upvote 0 Downvote
thanks for your reply m8, I think I'll have no choice but to do that. But can I still use only one connection or do I still have to declare a different connection for each user?

You can better regret that you have done something than regret the fact you done nothing
 
Upvote 0 Downvote
The best solution is a locally declared connection in each page. You'll have to determine the username and password if necessary from the session information.

Why are you worrying about using more than one connection object? With this solution the chances are that unless the site is very heavily loaded you will never use more than one connection anyway.
 
Upvote 0 Downvote
StylizIT,

I think that you got the information that you need. The way I am programming the connections, they are only open when needed. Leaving the connections open, can be a performance hit. Locally declaring the connection based on the login in password as bboffin should work.

The way I handle the security is to disable features that they are not allowed to do. So if the user doesn't have rights to delete, delete is not an option.

Sorry that I didn't get back to you sooner.


Hope everyone is having a great day!

Thanks - Jennifer
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Makumbi256
  • Locked
  • Question
How to make days vertical and grid view editable using asp.net vb
Replies
0
Views
869
Makumbi256
Makumbi256
chikwendu
  • Locked
  • Question
Mouse jumps to DropDownList when clicking a button
Replies
0
Views
179
chikwendu
chikwendu
weberm
  • Locked
  • Question
How do I make a page with multiple AJAX custom controls?
Replies
2
Views
957
weberm
weberm
AhmedAzizBarbary
  • Locked
  • Question
How to read data response body after success login razor page ?
Replies
0
Views
968
AhmedAzizBarbary
AhmedAzizBarbary
AhmedAzizBarbary
  • Locked
  • Question
How to pass list of checkboxes not checked on page model razor page?
Replies
0
Views
1K
AhmedAzizBarbary
AhmedAzizBarbary

Part and Inventory Search

Sponsor

Back
Top