I am trying to extract the username from the authentication cookie and use it to send a request to the database to pull in the the information for that particular user using a datagrid or sql data source.
I know how to implement a sql datasource /datagrid in the front end (asp.net) but I am confused about how to do it in the code behind so that I can utilize the value of the username there
The code I am using to pull in the username is
IPrincipal p = HttpContext.Current.User;
string userid = p.Identity.Name;
Thanks
** This is what you put in the code behind
datagrid1.datasource = MethodToGetTheDataSourceFromTheDatabase(p.Identity.Name);
datagrid1.databindI();
**
Then you would just have MethodToGetTheDataSourceFromTheDatabase execute the sql statement that you want executed and return the datatype(dataset, dataadapter, List<>, etc...)
Related
I'll use a select in asp.net page which i.e:
string name=TexBox1.Text;
string pas=TextBox2.Text;
string c="select * from users where name='"+name+"' and password ='"+pas+"'";
İs there any methods to preventing sql injections.
First, you must validate the input data in your code and then use it like parameters..
because if occurs an unhandled exception and you are returning sensitive data like "connection strings" you are giving usefull information like "Column" and "Table"names and that is dangerous.
Second, add a "Data Access Layer" to handle your code not in "Code Behind". You can use "Store Procedures" and call them from your code, using this way you hide the query of the programming logic and only pass parameters to the store preocedure and he do the job and you only return the error in the case that a exception occurs.
This preventions are the basics in a small application but exists many others way to avoid SQL Injections.
Good morning,
I have an ASPX page with an UpdatePanel containing a Gridview and SqlDataSource control. In the SqlDataSource control I specify an InsertCommand. I would like to be able to read the InsertCommand that my page will send to the SQL database. Reading the following
mySqlDataSource.InsertCommand
in code-behind gives me the InsertCommand with #parameters rather than the actual value for each parameter that will be sent to SQL.
Is there a way to read the final InsertCommand that will actually be sent to the database for execution?
EDIT: Please note, my question could apply to Select, Update, Insert or any command that is sent from my ASPX page to SQL. The command must be converted to a language that SQL can interpret and execute and that is the very version of the command that I am trying to read.
Thank you.
I guess you should subscribe to the Inserting event of your DataSource.
Then, in your Inserting_Handler, you may browse the your DataSource.InsertParameters Collection
private void On_Inserting(Object sender, SqlDataSourceCommandEventArgs e)
{
var txt = e.Command.CommandText;
//the parameters names and values are in e.Command.Parameters
}
Hope this will help
For an ASP.Net application using VB how can I reference an event or textbox not located within the same file.
For example when you are coding on say Default.aspx and you put a textbox on the page this works to reference it.
Dim username As String
username = Textbox1.Text
Ok but now I want to get the values and response and process it (amongst other tasks) in a separate module say security.vb.
how can I effectively call it from security.vb so it says username = "Default.aspx".Textbox1.Text
i have tried many versions to achieve this and Google'd but I don't know the correct terms to search so am not getting a good result.
The closest Stack question is Reference from Module but that doesn't have an answer. I know this must be so simple but it eludes me.
Another "module"? You're not using classes? Using classes would make this easy:
In Default.aspx.vb
username = Textbox1.Text
Dim security As New Security(username)
In Security.vb:
Public Sub New(ByVal username as String)
Me.username = username
End Sub
Private username as String
Then you can access the username variable in your Security class whenever you need it. (Note that since the username variable is not declared as Shared, it will only be valid for the current instance of the Security class that you created in Default.aspx.vb. You could make it Shared, but that would be a bad idea on a web server, since if you did, that would mean that only one user could be logged in at a time, and whenever Bob logs in, Alice's session suddenly starts displaying Bob's data!)
I'm new to asp.net and C# and I want to ask how to implement a session login using asp.net and C#.
Please advise.
Thanks.
In C# you can define a session variable like this:
Session["userame"]= txtusername.Text;
where txtusername is a text box. In another page you can call it as:
string usrname = Session["username"].ToString();
To check whether a user is logged in or not, in a particular page; you'll have to check if this session is empty or not. If the session is null then redirect the user to login page else he/she can view the page. Same logic applies to all the pages where you want to implement the session validation. Sample (on Page_Load event):
if (Session["username"] == null)
Response.Redirect ("Login.aspx");
Hope it helps... :)
The question is broad answer, in Simply you can follow like this
Create database, user table in sql server or any database of your choice
Create the login form with userid and password
Check them with database for user availability
If User exist and password matches create a session, like Session.Add ("Userid", txtUserid.Text);
In other pages (restricted pages where only registered users allowed) write this code in every page load event
if (Session["Userid"] == null)
Response.Redirect ("Login.aspx");
Session["login_user"] = "[username]";
string username = Session["login_user"].ToString().Trim();
Easiest way to implement session is as following:
Session["SessionName"] = Value;
For retrieving value
String variable = Session["SessionName"].ToString();
Note: Session variable can be of any type.
Generally session is used for checking whether the user is logged in or not.
First of all, let me state I'm very new to EF. With that said, here's my dilemma:
There will be an ASP.NET App migrated to ASP.NET MVC. I would like to utilize EF for this. There is one main database which stores "client information". Apart from that, every "client" has their own database. These are the constraints we have.
Currently, client information in the main DB that enables me to build a connection string per client and make individual SQL calls.
How would I accomplish the same thing in Entity Framework? Each database WILL have the same schema. Is there a way to programmatically switch the Connection String? These DBs are currently on the same server, but that's not a requirement and it may be a completely different server.
Any ideas?
Multiple connection strings in the Web.config would be a last resort. Even then, I'm not sure how exactly to wire this up.
Thank you in advance.
If you work through an EntityConnection in the constructor of your entities object, you can change the database pretty easily.
EntityConnection con = new EntityConnection(connString);
con.ChangeDatabase(dbName);
using (Entities context = new Entities(con))
{
// Some code here
}
When you build a data context, here's how to programmatically change the connection string at runtime by modifying the Context.Connection property:
//Get the connection string from app.config and assign it to sqlconnection string builder
SqlConnectionStringBuilder sb = new SqlConnectionStringBuilder(((EntityConnection)context.Connection).StoreConnection.ConnectionString);
sb.IntegratedSecurity = false;
sb.UserID ="User1";
sb.Password = "Password1";
//set the object context connection string back from string builder. This will assign modified connection string.
((EntityConnection)context.Connection).StoreConnection.ConnectionString = sb.ConnectionString;
Taken from: http://sivapinnaka.spaces.live.com/blog/cns!B027EF7E7070AD69!211.entry
If the number of your customers is limited and the connection strings hardly ever change, an elegant way might be to use ConfigurationManager.ConnectionStrings to retreive the connection string needed.
Like
string connectionString = ConfigurationManager.ConnectionStrings["Miller"].ConnectionString;
return new Entities(connectionString);
See also
http://msdn.microsoft.com/en-us/library/ms254494.aspx