bungpeng Posted August 5, 2003 Posted August 5, 2003 I am developing a web application using ASP.NET using n-tiers architecture. My problem is how do I pass the login username and password to database layer everytime I access to database? I will base on this login username and password to access database. Do I need to manual pass from Interface layer to Business layer, then from Business Layer to Database layer? Any better way? Quote
*Gurus* Derek Stone Posted August 5, 2003 *Gurus* Posted August 5, 2003 Store the current principal (the user) in the HttpContext.Current.User property. You can then access that user in your DAL via that same property or via Thread.CurrentPrincipal. Quote Posting Guidelines
bungpeng Posted August 5, 2003 Author Posted August 5, 2003 Sorry, I never use this before, any simple example? Quote
bungpeng Posted August 5, 2003 Author Posted August 5, 2003 I was tried to save in HttpContext.Current.User and retrieve in VB.NET with Thread.CurrentPrincipal but not value return.... Even I check the value in Thread.CurrentPrincipal in same page as HttpContext.Current.User, it still return no value. Anyone help? Quote
mr relaxo Posted August 7, 2003 Posted August 7, 2003 Yes, you call you business layer to do the validation. the first thing that class with probably do is call the data access layer with a query like "select username,password from users where username = '" & (usrnamevariable) & '" and password = '" &(passwordvariable) & '". Then back in the business rules by validating the result i.e if 1 record is returned user == good else user == bad hope this helps :D Quote You can not get ye flask.
bungpeng Posted August 9, 2003 Author Posted August 9, 2003 No, my problem is how do I pass username and password to database layer, because in database layer, I need this username and password to access my database. Is it clear? Hope someone can help.... TQ Quote
mr relaxo Posted August 10, 2003 Posted August 10, 2003 in the code behind your login page you put something like Dim validate As businesslayer.security validate = New businesslayer.security(txtID.Text, txtPassword.Text) 'this calls your business rules layer in your business rules: Private data As New datalayer.access() (or whatever your class is named) Public Sub New(ByVal CustomerID As String, ByVal Password As String) validatefunction(CustomerID, Password) End Sub private sub validatefunction(ByVal CustomerID As String, ByVal Password As String) data.passwordcheck(customerID, password) (this is the call to the data acess layer) then once you have the data your business rules would validate it and probably return a true or false. Good Luck :) Quote You can not get ye flask.
*Gurus* Derek Stone Posted August 10, 2003 *Gurus* Posted August 10, 2003 That's fine assuming you want to instantiate a new instance of your BLL everytime it needs accessing. Generally BLL methods are kept static for ease-of-use. Bungpeng-- you need to implement IPrincipal if you wish to use the method I suggested. I'm assuming you have a user object of some sort which can implement IIdentity from. You can then initialize either a GenericPrincipal object with the User class (which you'll program to implement IIdentity) or manually implement IPrincipal. Public Class User Implements System.Security.Principal.IIdentity Dim _Name As String = String.Empty Dim _Password As String = String.Empty Dim _IsAuthenticated As Boolean = False Dim _AuthenticationType As String = "Custom" Public Property Name() As String Implements System.Security.Principal.IIdentity.Name Get Return _Name End Get Set(ByVal value As String) _Name = value End Set End Property 'Name Public Property Password() As String Get Return _Password End Get Set(ByVal value As String) _Password = value End Set End Property 'Password Public Property IsAuthenticated() As String Implements System.Security.Principal.IIdentity.IsAuthenticated Get Return _IsAuthenticated End Get Set(ByVal value As String) _IsAuthenticated = value End Set End Property 'IsAuthenticated Public ReadOnly Property AuthenticationType() As String Implements System.Security.Principal.IIdentity.AuthenticationType Get Return _AuthenticationType End Get End Property 'AuthenticationType End Class 'User HttpContext.Current.User = New GenericPrincipal(New User(), New String() = {"CustomerService", "Transactions"}) Quote Posting Guidelines
bungpeng Posted August 12, 2003 Author Posted August 12, 2003 I never implement Principal in my application so I not sure about it. Currently I control all those security in application level, means I control manually using coding. The reason is flexible because not limited to the functionality provide by Principal or others. Is it complicated to implement Principal? and what is the advantages of it? Quote
*Gurus* Derek Stone Posted August 12, 2003 *Gurus* Posted August 12, 2003 The advantages are you can access the current user through Thread.CurrentPrincipal. This may not seem spectacular, and for all intents and purposes it isn't, but it's a much better solution than querying a custom security implementation which does nothing more than to duplicate the existing functionality of the framework. In other words there's no point in redoing what's already available. It is not "complicated" to implement at all and fits in very easily with custom security schemes. It doesn't "limit" you in any way as its nothing more than a simple interface which needs implementing. You can add whatever you like to your principal class as long as it implements the IPrincipal members. Additionally, if all you need is a basic IPrincipal implementation simply use the GenericPrincipal class. Quote Posting Guidelines
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.