Connection String question

Question

Hi Hopefully I am not asking a dump question. After reading most of the forums of how to write the connection string in the webconfig file I found all of their suggestions are hard code an user id and password in the connection strings. My question is I list my User ID & Password in the connection string at webconfig file will other users who access to the web site read it? Also I have more than 100 users need to log into the web site how can I hard code all 100 users' id & password into the connection string? I have the code in below in the WebConfig add name =  myDbConnectionString1  connectionStrings > InitialCatalog='Testing';User ID = 'User1';Password='Password1'/> Here is the Login.aspx namespace { WebApplication2 public partial class Login : System.Web.UI. Page { { } { sds.ConnectionString = sds.SelectParameters.Add( sds.SelectParameters.Add( sds.SelectCommand = { } protected void Page_Load( object sender EventArgs e) protected void btnLog_Click( object sender EventArgs e) SqlDataSource sds = new SqlDataSource (); ConfigurationManager .ConnectionStrings[ myDbConnectionString1 ].ToString(); username  TypeCode .String this .lblUsername.Text); password  TypeCode .String this .lblPassword.Text); SELECT * FROM [myTb] WHERE [username] = @username AND [password] = @password ; DataView dv = ( DataView )sds.Select( DataSourceSelectArguments .Empty); if (dv.Count == 0) this .lblinfo.ForeColor = System.Drawing. Color .Red; this .lblinfo.Text = Invalid username and password! ; return ; else { Response.Redirect( } } } } this .Session[ username ] = dv[0].Row[ username ].ToString(); SecurePage.aspx ); Thank you. connectionStrings >

Ankit Nandekar · Answer

i m agree with Jaganathan if u have registration page in ur website then store username and password in database and why u r connecting normal user name and password with sqlserver authentication username password both r diffrent things.AS Manikavelu Database Connection string credentials is not going to vary for all the users. Its going to be only one.

Anil Kumar · Answer

You can follow below approach -> Authenticate the user -> Check the Role (authorization) -> Redirect him at appropriate home page based on his role & access. You can do that as - -> Check the user existence in database (you can do it by just storing the database connection string in your web.config file. In this you specify user id & password for connecting DB and it can be used common irrespective of users login details. Users login detail can be stored in a table. once you connected the database using webconfig you check if the user is in table.) -> If userExist then Check the Role and redirect him accordingly Otherwise Show the login credential error. ---------------------------------------------------------------------------- Mark it as Answered if it is helpful.

Jaganathan Bantheswaran · Answer

Hi Three options are there for your query. 1. Its better to store username password in DB. 2. If your website provides the option to register the user online then write the username and password in webconfig file or a separate xml file and use it to login. 3. Hard code your user name and password in separate XML file and use it to Login.

Ankit Nandekar · Answer

if there are very few persons to whom u r providing authority by there role and as u say that u dont have any registration form then hard code all persons role and username and password in to ur form .check if usernamepassword and role of person if condition true then do what ever u want to do.

omkar mhaiskar · Answer

Dear eggy for this you need not to create or value stored in web config file. FOr this you need to create one page in which you just store hardcoded role and it's respective keyword. proviode one text box on that page ask there to put keyword. thorugh this you will get respective information. after that you can do it what ever you want.

Eggy · Answer

Hi all thanks for the replied. I did store users id & password in database. Also I don't have a register page for user to create his/her own user id and password. So for my understand: 1) In the webconfig page there is a particular user id and password (hard code) so then when an user enter the password the web site will redirect the right page if the user and password has been checked? 2) Other users will be authorized (by the role in table) then redirect to the right page 3) Otherwise stranger user will redirect to the page to login again? Thank you.

Manikavelu Velayutham · Answer

I think there is a misled in your understanding the connection string. Database Connection string credentials is not going to vary for all the users. Its going to be only one. Login credentials of each users should be stored in that particular database. Based on thier username and password supplied through the page you need to vaildate the particualr user.