Hi all I'm new in ASP/
VB .Net and would appriciate all your guide and walkthrough / tutorial.
I have previously work out one some basic ASP assignment and had never program with .Net, so this is the first time I doing it and hope you can bare with me.....
In ASP we can set a database connection string and import it whenever neccessary like following
MySqlOdbc.inc
-------------
Dim oConn
Set oConn = Server.CreateObject("ADODB.Connection")
oConn.Open DSN=someOdbc
Then on let say login page I need to connect to db and validate as below
Login.asp
---------
<%@ Page Language="
VB" %>
<%
Dim Rs, Query
Query = "Select * From Login Where UserId = " & _
Request.Form("username") & "Pwd= " &_
Request.Form("password") & ";"
Set Rs = Server.CreateObject("ADODB.Recordset")
Rs.Open Sql,
oConn
...
...
...
%>
Since now I'm using .Net, I was told that there are various way in doing something similar to what I mentioned above by using
1.) Traditional <! \-- import file --> method
2.) CodeBehind
3.) Web.Config
I'm however interested in web.config as I wanted to grab this chance to learn also the security issue.
Unfortunately for me, even after I have gone through many article and tutorials I'm still not capable to understand much and that is why I turn to this forum. Ya go ahead, you can treat me as a small kid or someone who knows html only. Try to explain in your own word and in simple english terms as I'm kinda poor in english...
The matter I had is as below:
1.) How do I code the connection string in web.config (*Note: for odbc / mysql connection)
2.) Web.config is also capable of handling security issues too like authorization and etc. Under the authorization tag we have the allow and deny tag. For example
<authorization>
<allow>
<deny>
</authorization>
Is it a must that developer have to hard-code those allow user in the allow tag? What if a user have uncountable authorized user and the number of authorized user may increase day by day? I don't think it will be possible for the develop to sit and hard-code those info. So how do I code in both .aspx and .config that it will check through the db and determine whether this user is allow of deny?
3.) <Location> is to determine the location / path a user will be redirected to, am I correct? How do I specify a user to be directed? What is the usage of location?
That's all for now, and I hope you guys can really help me out. Thanks again. Have a nice day!
*Oh ya if there is any .aspx code as sample, do code it in ASP/
Vb.Net thanks!!!
Web.Config confusion
