Is it possible to allow a client connect to a database (E.g. with Excel) via a WebPage? The WebPage acts like a proxy and handles the user connection to the DB? The user can then query the DB with their client app.
I have never heard of a way of achieving this, but a colleague mentioned it was possible in ASP.NET.
Related
We have web application designed in VS2008. When adding some new functionality we are trying to use Web API.
In the existing system, each user from a client has access to their database. So, when a user logs in, we pull the connection string and save it in a session. Every insert, Update or select that the user performs, it uses the connection string in the session and when the user logs out, it gets cleared out.
How do I achieve this functionality if I have to use a Web API in this scenario?
Can I pass the connection string to Web API for every request?
The only other way I could think of is after every request to Web API, I have to connect to database and get the connection string based on the UserID that I have. This would add one extra step of connecting to database for every request.
Is there any other way?
Thanks in Advance
I am learning PowerApps and while I am surfing on this, I come across Connector and Connections which are main components before proceeding with actions/triggers. So, could you please explain in detailed what is connector and connections on PowerApps?
Thanks in Advance
A Connector is a proxy that sits between PowerApps/Flows and the backend service. This can either simply pass information and requests
along to the backend service or it can change the request going out or the response coming back from the service.
You can create Connectors for things like OneDrive, Twitter, ShrePoint, Facebook etc. and then use those in your app.
A Connection holds all of the configuration information for the user so that you can use a specific Connector. This could be
authentication information such as username and password, database name, environment, etc. Each time you log in to a connector with different credentials, you are creating a new Connection for the same Connector.
PowerApps Datasources can hold additional configuration information
for the Connection. For example, a datasource can use a SharePoint connection and will provide further information on which Site
and List specifically it is referencing.
We are using Advantage Database Server (ADS) to store data that is being used by some dashboard components in an ASP.NET 4.5 Web Form application. My connection string is set up to connect to my ADS DB in order to generate the dashboard visualizations, and it works great. However, when trying to use the built in forms for authentication and authorization, I don't know how to get the data to store in ADS.
Normally it would create a localDb SQL-like database, and store the .mdf files in the App_Data folder. However, I am not using this default connection, but am instead connecting to my ADS DB. Is there a way to utilize the Identity functions, but use ADS to store the user data?
In short, I discovered the answer is "no." MySQL (and also MariaDB) can be used to store the Identity user and role tables, but not ADS.
Im currently in the process of exposing our internal CRM system to the web so our employees can use it outside out network. The data is being surfaced to our web application via asp.net WebAPI.
We have SSL setup on the website. But am thinking how else I can make sure the WebAPI is secure from malicious use. My ideas are:
Tracking what IP addresses are accessing the WebAPI and only allow addresses that we have validated are from employees. Problem with this having dynamic IP addresses we might be constantly updating a data store of valid IP addresses.
The user has to login to the system. So every request to the webapi will send across their login details which will be validated before the webapi will process any request.
Pass the device ID of the device using the webAPI and validate (pretty much the same as IP Address tracking in idea 1)
Having a unique clientside generated access token which much match up at the server side.
Has anybody got any advice on my security ideas I outlined? Is it to little or is it overkill?
Just want to make sure the data cannot be hacked, because my butt would be on the line if it did.
Thanks in advance
I would actually choose a totally different solution - updating valid dynamic IP's will be hell.
I would:
Create a new Project using the "Intranet Application" instead of using "Internet Application"
Host the application on your local office network
Set up VPN to your Office for your colleagues
Would this solution be possible for you?
I have inherited a conventional three tier web app with ASP.net 2.0 for the UI, .Net web services (ASMX) in the middle tier and SQL Server 2005 for the DB. This is currently an intranet application with the only users being company employees. Currently the application uses Active Directory (AD) authentication.
At the login screen, the user is presented with username / password dialog. The middle tier makes a simple call to the AD to check the username / password. If ok, then a sessionId guid is generated and sent back to the UI. This sessionId is then passed on every subsequent call from the UI within the session. All methods in the middle tier first check the validity of the sessionID against a simple session table in SQL Server, before processing the request.
I now need to make the web services middle tier of the application available to a new UI that will be available to the public internet. I don't need to worry about authentication because that will be managed by the new UI. However, I don't want to leave the web services completely open without any security. I just want to be sure that the system calling the services has permission to do so. I don't want to burden the new UI with having to maintain the sessionIds currently used.
Any views on the best way to secure the services when being called from the new UI? I guess I could use x509 certificates but I've done this before so I'm not aware of any disadvantages (performance?) or how to go about the implementation.
The new UI has been developed used .Net 3.5. We can install .Net 3.5 on the middle tier so I guess we could benefit from using WCF?
I don't believe this is a problem that is suited for cryptography. It would be better to limit access to your web service using an IP restriction. If this data is being transfered over an insecure connection like the open internet, then you could use ssl to verify the client and server as well as keep the transmitted data safe. You could also use VPN which is probably the easiest to implement.
I am concerned with your session table. I believe this introduces a lag time for revoking user accounts. If this session doesn't have an expire time then it would make it impossible to revoke a user account. After a user has logged in how do you kick them off?
One solution is to have the ASMX web service query active directory for each request, if your AD server isn't under a heavy load then this should be fine. Keep in mind that AD is a very efferent database in its own right.