Wrox Programmer Forums
|
BOOK: Beginning ASP.NET 1.0
This is the forum to discuss the Wrox book Beginning ASP.NET 1.0 with C# by Chris Goode, John Kauffman, Christopher L. Miller, Neil Raybould, S. Srinivasa Sivakumar, Dave Sussman, Ollie Cornes, Rob Birdwell, Matt Butler, Gary Johnson, Ajoy Krishnamoorthy, Juan T. Llibre, Chris Ullman; ISBN: 9780764543708
Welcome to the p2p.wrox.com Forums.

You are currently viewing the BOOK: Beginning ASP.NET 1.0 section of the Wrox Programmer to Programmer discussions. This is a community of software programmers and website developers including Wrox book authors and readers. New member registration was closed in 2019. New posts were shut off and the site was archived into this static format as of October 1, 2020. If you require technical support for a Wrox book please contact http://hub.wiley.com
 
Old June 3rd, 2003, 07:10 PM
Registered User
 
Join Date: Jun 2003
Posts: 5
Thanks: 0
Thanked 0 Times in 0 Posts
Default C# Web Apps & Databases

Worx:

I've bought and read your "Beginning C# Web Applications with Visual Studio .NET" book by Danniel Cazzulino.
I think the book explains ASP.NET, C#, and the basics well with a good balance between theory and tutorial examples.
However, I have many questions about the MSDE connecting.

I've been getting many errors such as "sa is not a trusted username" "Authentication problems" etc. I was able to finish all the tutorials after getting an eval verison of SQL 2000 and playing with Enterprise Manager.

It seems to me that I have a basic lack of understanding with MSDE and SQL Server connecting with ADO.NET. After the database and ADO.NET are connected, everything works well as described in the book.

Most SQL Server books I've seen discuss how to build tables, query strings, normalization, and so on. But, that's not my big problem.

Can someone please recommend a book which covers most these issues and expands Chapter 4,5 and Appendix B (preferably in a C# & a Web environment).

Thanks for the good books!

Erric

this form is a good idea :D

Life to the fullest
 
Old June 6th, 2003, 01:22 PM
Imar's Avatar
Wrox Author
 
Join Date: Jun 2003
Posts: 17,089
Thanks: 80
Thanked 1,576 Times in 1,552 Posts
Default

Hmmmm, there are lots of books dealing with these issues so it's hard to name one.

Anyway, what you may need is a basic understanding of the authentication mechanism of SQL Server and MSDE. The MSDE is basically the same as SQL Server, except that it's limited to just a few users (after 5, if I recall correctly, things start to slow down).

Anyway, SQL Server 2000 (and MSDE 2000) have two different security mechanisms: SQL Security and Integrated Security.

The first is the easiest to understand. You define a user in SQL server, supply an account and a password which you can use to connect to the server. An example of a connection string looks like this:

"Provider=sqloledb;Data Source=ServerName;Initial Catalog=DatabaseName;User Id=YourUser;Password=YourPassword;"

Since you need to store the password in the connection string (and thus in include files or configuration files) this is considered an insecure solution. However, it's easy to set up and use. Once you can log in to the Query Analyzer with this account, you can be pretty sure you connect to it from a database.

The other possibility is Integrated Security where the connection is made under the context of the "current user". An example of a connection string could look like this:

"Provider=sqloledb;Data Source=ServerName;Initial Catalog=DatabaseName;Integrated Security=SSPI;" "

You can also replace Integrated Security=SSPI; with Trusted_Connection=True if I am not mistaken (it's Friday afternoon, with beautiful weather and too much beer here ;) )

Now, the concept of the "current user" may be hard to graps at first as it depends on a lot of factors.

First of all, the IIS user is used in ASP solutions when IIS is set to Anonymous access. If that's the case, the IUSR_MachineName is the current user. For ASP.NET solutions, the ASPNET account is that user.

If anonymous access is off (you use Basic or Integrated security in IIS) the current user is the user visiting your site.

For more details on the ASPNET account, check out:

http://msdn.microsoft.com/library/de...SecNetHT01.asp

As for recommendations, it really depends on your application. In classic ASP I'd like to have a VB DataAccess layer that takes care of all the data access. This DLL can be configured using COM+ to use a specific user context.
In ASP.NET with Anonymous Access, Integrated Security has always worked for me (add the ASPNET account as a database account). Alternatively, you can change that account as the URL I posted suggests.

I know it's not a book, but it may give you a head start in the right direction.

Regards,

Imar
 
Old June 6th, 2003, 03:43 PM
Registered User
 
Join Date: Jun 2003
Posts: 5
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Imar:

Thanks for the info. You did point me in the right direction.

Erric


Life to the fullest





Similar Threads
Thread Thread Starter Forum Replies Last Post
Beginning C# Web Apps - Where's the Source Code??? nebulus All Other Wrox Books 3 April 6th, 2009 09:31 AM
how to control the layout with VB web apps hexOffender VB How-To 1 July 19th, 2006 05:27 PM
Passing Variables between Web Apps TSEROOGY Javascript How-To 5 September 22nd, 2004 04:09 AM
C# Web Apps & Databases enewmen All Other Wrox Books 2 November 25th, 2003 02:50 PM
Beg C# Web Apps w/ VS.Net, p. 86 nellster All Other Wrox Books 0 July 14th, 2003 02:15 PM





Powered by vBulletin®
Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.
Copyright (c) 2020 John Wiley & Sons, Inc.