We help IT Professionals succeed at work.

Using database users for authorization and authentication in dotnet

Ondrejovic
Ondrejovic used Ask the Experts™
on
I have MS SQL database with database-users and I would like to create intrantet ASP.NET front-end.

Is it somehow possible to use those db-users to authenticate in ASP.NET?
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Dirk HaestProject manager

Commented:
User Authentication & Role Management in ASP.NET 2.0 using Sql Server 2005: Part I
http://www.c-sharpcorner.com/UploadFile/praveenalwar/PraveenAlwar07202006064726AM/PraveenAlwar.aspx

Author

Commented:
If I understand both suggestions, those are generic answers for "I need some formular for login/password".
My problem is a little more specific:

How to implement custom memebership provider to use db-users (not users defined in some table within the database) ?
Dirk HaestProject manager

Commented:
Your original question was a very generic one, so I couldn't provide you a specific answer :)

Below you can find several articles about implementing  custom membership  ...

How to: Implement a Custom Membership User
http://msdn.microsoft.com/en-us/library/ms366730.aspx

Writing a Custom Membership Provider for the Login Control in ASP.NET 2.0
http://www.codeguru.com/csharp/.net/net_security/article.php/c19415/Writing-a-Custom-Membership-Provider-for-the-Login-Control-in-ASPNET-20.htm

Write custom membership provider for ASP.Net
http://www.devx.com/asp/Article/29256

Video: [How Do I:] Create a Custom Membership Provider?
http://www.asp.net/web-forms/videos/how-do-i/how-do-i-create-a-custom-membership-provider

Author

Commented:
all these examplles use users stored in table(s) within the database, not database-users

what I would like is to use users defined in database (SQL Server Management studio -> Security -> Logins)
Project manager
Commented:
I believe there is no transparent way of using SQL logins. ASP.NET application or IIS for that matter is completely agnostic about them. You can do your own mapping inside the application or ask for SQL login information in a form-like fashion.

Otherwise, you can define Windows groups on the machine running SQL Server and then control group permissions inside SQL Server to achieve desired level of access. This may be a better long term solution as you won’t have to maintain sql logins.

Comment found at this thread: http://social.msdn.microsoft.com/Forums/en-IN/sqldatabaseengine/thread/45537ce3-4728-4657-8666-a5742193257d

Author

Commented:
This negative answer from year 2005 improved my google search.

This is similar discussion: http://www.xtremedotnettalk.com/showthread.php?t=97038
with result: use dynamic connection string as http://www.4guysfromrolla.com/articles/103002-1.aspx

Maybe it's acceptable solution. I'm waiting for real implementation (or for better solution).
I've requested that this question be closed as follows:

Accepted answer: 500 points for Dhaest's comment #37859196

for the following reason:

This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.

Author

Commented:
The real implementation ended as a manual-work.
- Credentials are stored in the sesson.
- In web.config there is only template of connection string.
- Real connection string is created by adding the credentials to the template.
- This is then supplied to data-layer.

It's working but not nice.

Author

Commented:
Thanks for Dhaest help, but #37859196  is not solution of this question.
I don't know how to close this topic correctly .

Author

Commented:
#37878226 is almost a solution.
I think it's ok to close this topic. (My solution is inspired by Dhaest  comments). I would prefer not to delete this question, because someone else might have the same problem and will need the inspiration too.