I am building an extremely simple VB.net web application that uses Visual Studio's forms authentication. As part of this- I am trying to capture the userID upon login and use it while the user is in the app (to dynamically display information via dataset/gridview that is associated with that userID) so I don't have to give them their userID and prompt them for it constantly.
The app is very simple and uses a local DB to do all the authentication (Users, User_Activation, Roles)
This app will have 9-10 users that will be consistent over the years(logging in 10-15 times a year), and 40-50 rotating users that log in once or twice and do not return past that year.
The profiles and authentication/sessions do not need to handle tons of users and authentication requests.
I also want to avoid cookies because I want to keep everything as simple, and centralized to the application as possible.
I have explored building a GetUserID function that queries the database based on the userName every time a user takes an action (button click, page load) that requires the userID. But I am having trouble with the SQL and it seems bulky.
I have also looked into sessions- but they seem unreliable and difficult to manage.(How do i keep each session separate as users login?)
I am now looking at Profiles
https://msdn.microsoft.com/en-us/library/2y3fs9xs.aspx
https://msdn.microsoft.com/en-us/library/system.web.profile.sqlprofileprovider.aspx
I think I can just use the default instance of the SqlProfileProvider and point it to my database I already have built?
I am very new to programming and am not sure how complex the configuration would be for the Profiles, so any guidance or advice would be greatly appreciated!
I can post any code snippets needed, or upload the app to github or something if that helps at all.
Thanks!
Related
I have embedded Ms clarity in my website and i integrated my website in an iframe.
When a user enters my website and performs certain actions, Microsoft Clarity is recording these actions in multiple sessions rather than a single session.
Can anyone provide a possible solution or reason for this issue?
Here is the reference code: https://codesandbox.io/s/ms-clarity-testing-gd5fs0?file=/src/App.js
I am building a job portal for the web using React, Redux and Firebase/Firestore. I've completed all the features I needed except one.
I want unregistered-users/job-seekers to be able to:
Bookmark job posts.
Keep the record of applied jobs.
Keep the record of search queries.
I am thinking about using IndexedDB for this feature. Particularly Dexie.js to make things easier. However, this data will be persisted in user's browser and user will have no access to it in another browser or device. Therefore, I want to give users an option to be able to save all the data to Firestore if user sign into the website and I need this to be automatic. So, as soon as user signs in, I will save it to the database.
I thought about using Anonymous Authentication instead of IndexedDB/Firestore, so all the data will be saved into the database and as soon as user signs in using credentials, the user can claim the ownership of the data. However, this is an extra step to use these features I listed above and not everyone is happy with authenticating an app even though nothing is required from the user. Besides, there will be so many ghost accounts.
So, as I mentioned in the title; I want to save everything to IndexedDB (I will take care of this), but how am I going to synchronize all the data in IndexedDB to Firestore as soon as user signs in?
I imagined the basic process will be like this:
User clicks "Bookmark Job Post"
App checks if users is authenticated or not.
If authenticated, save the bookmark to the Firestore.
If not authenticated, save the bookmark to the IndexedDB.
If User decided to sign in or sign up, check IndexedDB and synchronize it with Firestore and clear IndexedDB.
How can I achieve the 5th step technically? Is there any built in system in Firebase? Also, please feel free to share your idea if you can think of another way implementing this feature. Should I be using firebase.auth().onAuthStateChanged() for the 5th step?
And lastly, how should I structure the Firestore to save bookmarked jobs, applied jobs and search history?
Should I create a bookmarkedJobs collection and have documents of jobPosts duplicated for each user, who bookmarked the job post? And every time a job post is updated by an employer, I will have a cloud function going through bookmarkedJobs collection, updating every instance of it?
Thank you
This may be of interest to you
https://dexie.org/docs/Syncable/Dexie.Syncable.js
Been looking into making my website fully static/pwa, and just using indexeddb, and some webservice for data handling/storage ..this seems like a interesting route to explore.
I am creating an Unity game where I want to have global top 50 score list with usernames. I use Firebase realtime database. There is no need for user to authenticate. I am not that familiar with database security and pretty beginner with this concept. I am using Rest Api from Unity Asset store because it was pretty easy to send and get data from databse.
How can I be sure that every score sent to database is from my app?
Add a dedicated user with password to your database
Somewhere in you app, add those credentials e.g. in a ScriptableObject / in some component
Always use those credentials to authenticate
Note that your app can still be decompiled and thereby cheated.
You can at least make it more difficult by encrypting the data etc.
The only way really around is to have an account and sessioning server to assure a user is locked in with a valid session.
If you don't use Firebase Authentication, you can't restrict who can access your database. Anyone will be able to issues a query, and they can even do it using the Realtime Database REST API. All they have to know is the name of your project.
Even if you do use Firebase Authentication, anyone may still effectively authenticate and access the database outside of your app using other public APIs.
My experience is that you can't stop dedicated "users" from cheating global at high scores. I made a small handfull of trivial games for windows phone with global top 50. Even if your game is unpopular, and you obfuscate your code, and you are on an unpopular platform, and you encrypt your network traffic: somebody is going to jailbreak their phone, decompile your app, and inject their own high score into your game before high scores are sent to the global list. The only way I ever came up with to combat this was to keep track of play sessions -on the server- to make sure their scores were theoretically possible based on how long they were playing.
Disclaimer: I don't know anything about Firebase
From what I can tell, you will need to set up access for Default and Public sections of your configuration to tell the database who can and cannot access your database. Here's their documentation on Get Started with Database Rules.
In general database access, no one should know the details of your connection to a database, so all calls should only ever come from your app.
I'm building ASP.Net MVC application "kinda Game" which deal a lot with online users.
I made Ajax request fired every "10s" to some Action to keep user online when he keeps site open.
this Action update LastActivityDate for this User - ((in static List and DataBase)).
So the Question is :
Is it better to store Online Users in static list and write some code when user log in to add him to that list and then keep manage this list every "10s" to kick out the offline users.
Or the best is to load online users
from DataBase whenever i want OnlineUsers.
note: I'm using technique from this SO Question to do some periodically tasks like re-manage OnlineUsers static list.
First, you wouldn't use a List<User> for this, but rather a Dictionary<int,User>, using the user's id as the key, so that you could immediately find the user to update. Second, I think it's probably a mixture of both. You keep a cached copy of the current users, periodically refreshed from the DB, and persist the data (asynchronously, if necessary) to the DB. You might want to think about a custom persistence class for Users that encapsulates this behavior if you find that you're doing this sort of operation in various places in your code.
If you intend on having a large number of users, and you would need to pull data from the DB frequently, it may be better to store a list of users in the Cache. Obviously this will be stored in the server's memory, so you wouldn't want to store a large amount of objects, but if it's just a simple list of online users it shouldn't be an issue.
The scope of static is always the scope of the process that runs in the operating system. So in a desktop application the use of static makes sense. However, I find the use of static a little bit arbitrary for server side applications because you don't control the processes. It's the web server that does this. What if the process ends unexpectedly? Or what if there are many processes that serve your application?
So, the use of the database is unavoidable. Still, you can the static scope as a temporary cache but you cannot rely on it.
Our requirement is something like this.
We are building a multi-tenant website in ASP.NET MVC, and each customer should be able to create their own users as per predefined user roles.
We are thinking about to create a schema for few tables which would be common for customers. So customer can login to system according to their schema logins and we need not to alter any queries to serve all of them.
We are referring http://msdn.microsoft.com/en-us/library/aa479086.aspx Shared Database, Separate Schemas.
Can someone suggest on following
1. After creating schema how to authorize user against a particular schema
2. Is this possible that without any changes in queries db can serve multi-tenants
Thanks in advance
Anil
After much research, I can say that, although it takes more development up front and more checks along the way, shared database and shared schema is the way to go. It puts a little bit of limits on how easily you can cater to a client's specific needs, but from my point of view SAAS isn't about catering to a single client's weird needs. It's about catering to the majority of clients. Not that it's a SAAS but take iPhone as an example. It was built to cater to the masses. Rather than focusing on doing everything it's built to be one-size fits all just by its simplicity. This doesn't help your case when it comes to authoriztion but it'll save you dev hours in the long run.
If you are asking this in the context of SQL Server authentication/authorization mechanism, i can asnwer this question with saying that every user has a default schema which helps query engine to find out required object in the database.
SQL Query Engine will look at the user's default schema first to find the required object (table). If it founds the object in user's schema then use it, otherwise goes to system default schema (dbo) to find it.
Check this article's How to Refer to Objects section to find out how it works. The article also has some information about security concepts related to schemas.