How to handle database users in asp.net c#
Question
I am making a website in asp.net. In my application, I divided the users into two categories. One is normal users and other is admin users. Admin users will be probably one or maximum two users. I decided to create separate two database users for admin users rather than table users in SQL server. So I have three database users two for admin and one for normal users
Case 1: Scenario is that if normal user want to login. System will connect to normal database user in SQL SERVER and will look the credentials in users table. If it found the user then session will generate and normal user will redirect to welcome page.
Case 2: For admin users I have direct database user. I am not storing and looking admin users in users table. Admin user can be dynamic. I don't want to save database user in connection string in web.config file for admin. Connection always be runtime but the problem is how to handle database users credentials because I don't want to store database user credentials in cookies and session.
Suppose if admin usr 1 login through login page. My system will check either that database user exist in SQL SERVER or not. If exist system will redirect to welcome page and I want my whole application remember admin usr 1 is logged in.
How to handle this scenario in asp.net.
2 answers
solution1
1 2016-10-25 07:36:37
I would look at implementing ASP.NET Identity rather than rolling your own security implementation. Far better to use a tried and tested methodology and, having just recently implemented this in a project, it is fairly straight-forward if you read through some of the tutorials on the web.
All users should authenticate through a standard login page regardless of their permissions. Once authenticated you should control their access to your application via their Roles , which you can create and assign depending on whether or not the user is a "normal" user or an "admin" user.
You mention about Admin users having a different SQL account with which to connect to the database, I would question whether this is necessary as you should be able to control the actions that each user can perform by the security applied to each user that logs in to your ASP.NET application.
solution2
0 2016-10-25 08:18:31
I would recommend to not have different databases for your roles, because it can mess up the business logic. Instead make one database with a user-table and then have a role-table that connects through a FK.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.