In an asp.net webform app, I need to restrict the logged in user to show data only for their company. This is a primary key of my topmost table. How to I set that based off the user. I imagine I would have another table with some user ID mapped to company ID?
If a user can be part of exactly one company, then generally there would be a table of companies and a table of users, with the latter having a company ID foreign key column to the primary key of the former. The user object would then have the company ID throughout the application (such as in the cookie data or session data) and the application would apply filtering rules accordingly.
Related
I want to store a user in DynamoDB. It has an ID, email & password hash.
Both the ID and email will be unique. I want to be able to look up the user object using either the ID or the Email.
How do I both create this table and query/get a user object with just the ID and then again with just the email?
You describe two access patterns
Fetch user by email
Fetch user by ID
You could support these access patterns by creating a primary key of email in your base table and a global secondary index (GSI) on the user ID (or vice versa). The important point is that the attributes you want to search by are built into your primary key. This will allow you to execute a fast query operation for both of your access patterns.
Question No 1
I am familiar with role management, a particular member in a particular role can do this and access this functionally. What I need to do is Manage individual user, not the role he is in.
For example, lets say I create a role, called "Sales". I setup the role permission what the sales persons can do. Now i want to keep a check on individual user. For example if this is "john", i want to show him the records only he created. If his is peter, I want to show him only that records which he created, not by john or other sales people.
Is there a thing called "User Management" in ASP.NET that we can use? If not we have to create it ourselves and I believe the integration with ASP.NET "Role Management" will not be that smooth.
Question No 2.
I am using control for user login. I want to create a session at this time so I can keep track of which user is signed in so I can show him the records only pertaining to him. How can I do that?
Your Q1 isn't really about Role vs User management (ie: authorizations) at this point. It's about audit tracking within your application.
And the way you do that is you capture the ID of the user who created the record in question with the record, so that later you can filter on that ID.
Pseudo database structure
Table Sales
Field...
Field...
Field...
CreatedByUser int not null, -- Populate this on creation and never change it again
ModifiedByUser int not null - populate this on every row update including insert
See ASP.NET Profile Properties.
Assuming the records in the database correspond to a unique ID for a user, you can store the unique id in a profile property per user.
1) If you want to filter records by the creating user, you need to record in your table the ID of the user who created the record. You can access the name of current user through User.Identity.Name and their ID (provider-dependent) through User.ProviderUserKey.
2) Sessions are created automatically in ASP.NET and provided you have a properly configured MembershipProvider, you can retrieve all the needed user info using the User object as shown above.
It sounds like you are a little unfamiliar with ASP.NET Membership and Roles capabilities, because they are actually set up quite well to accomplish what you are describing. I would recommend checking out this tutorial series:
https://web.archive.org/web/20211020202857/http://www.4guysfromrolla.com/articles/120705-1.aspx
You are talking about Authentication and Authorization. For question 1 you and implement a custom authorization provider to allow for user level control http://msdn.microsoft.com/en-us/library/aa479048.aspx For question 2, once you log in and are Authenticated, the session contains a userprinciple object that has the info in it automatically.
I added asp.net membership in my web application. Now I have one table where I have columns for user specific information UserProfile(FirstName, Lastname, DisplayName etc.). I didn't use Profile from membership because if in the future I decide to change asp.net membership for something else I want to keep user personal data in separate table. My question is: I use UserId (unique identifier from asp_membership_users table) as a foreign key in my custom table. Is UserId smart choice to connect these tables?
Yes, it's the primary key of the asp_membership_users table so it makes sense to use it as the foreign key of your custom table.
I am thinking of following what buttons the user has pressed. I intend to choose the CreateUserWizard control that will create a database for me. The Membership class has got a few functions to identify who the user is..e.g. GetUserNameByEmail..
What i am trying to do, is to track what each user has pressed and use his input for sqlCommand.
For example, when the user presses the "post response" button, i want to record his identity and use it in sql to insert his message and identity..
The problem is that in the Users table that i made it has UserID as a primary key that identifies the user..and in the CreateUserWizard database or Membership cookie, it has its own functions fields.
So the question is how do i SELECT the users identity from the database/cookie created to me, and incorporate it into a statement in the SQL for my sqlStatement..
I need to obtain the identity of the user and use it in an SQL statement.. How can i achieve that?
You can grab the user_id from the Membership provider...
for example:
System.Web.Security.Membership.GetUser().ProviderUserKey
the will give you the user id of the current user - and you can use that value in your sql statement. If you're using the default Membership provider - this value will be a unique identifier (Guid) so:
Guid currentUserId = new Guid(System.Web.Security.Membership.GetUser().ProviderUserKey.ToString());
I'm writing a small intranet app that uses Windows Authentication and Asp.Net MVC.
I need to store various bits of data in a db against each user.
As far as I can tell the IPrinciple object does not seem to have something like a unique id. So I was thinking I could just use User.Identity.Name as a unique value to identify rows in my db.
Is this a bad idea? Is there an alternative to this approach?
Thanks for any help.
I would create a User table that included an identity column as the id. When a person accesses the site, I would check the user table for that individuals unique id, and read it if it exists, or insert a new row if the user is new.
Login names can be long, and that could affect your indexes depending on the expected size of your data.