Hi All,
I am in the process of writing an online training course, I am trying to get the login control to check a username and password against fields in an SQL database rather than using the administration site DB. I dont really know where to start. Also, as well as a username and password I would like a dropdown list that the user can select whether they are a "Delegate" or "FireWarden".
Hope this makes sense,
thanks very much everyone.
Scott.
What do you mean by Administration site DB? Do you mean the DB that the ASP.NET Configuration interface uses? If this is the case then ASP.NET by default uses SQL Server 2005 (or Express edition). You can configure it to use SQL Server 2000 also. I would suggest you use the default database for authentication purposes because it implements its own hashing to usernames and passwords, its easy to use and secure and tested (unless you are confident that you can build something more secure and rubust).
If you need more info. then let me know...
good luck...
bullpit
Hi Bullpit,
Thanks for the reply, sorry to not be very clear.
When I meant the admin db I meant the ASPNETDB.Mdf.
How customisable is the default database? Only reason I ask is that I will need to associate a user to a company.
Basically, its an online fire training course. A company will sign up, then set up its own users to take the course.
I thought that having custom databases would be easier, unless you think otherwise.
thanks very much, sorry if its a bit vague.
scott.
Its very flexible. In your case, what you can use is the Role Management feature. With this, you can create comapany users that have admin rights to the database and grant permission to create and remove child users within the company. You can Login control, Create User Wizard control to accomplish this. You can use the configuration panel to control the website and users.
If you think figuring all this out is too much work, then you can also go for your own custom database application. But if you use ASPNETDB, it already has all the relations built in. You do not have to worry about the creating the whole database application from scratch.
good luck...
bullpit
By Admin rights I mean the minimal rights that can do the work.
Hi Bullpit,
Yes I see what you are saying. I might not have explained it right: :-)
There will be 3 levels of login
1) The Owner of the training course / website (this person can see a list of ALL compaines and delegates)
2) The Firewarden (This is the firewarden for the company that will be taking the training course, this person can add, edit, delete users from the training course, only for their own company)
3) The Delegate (They are assigned a username and password by the firewarden, they can then user these to log in and take the course)
The Owner can activate / deactivate any user within any company
The Firewarden can do the same but only for their own company
The Delegate can only take the course
Does this make it a bit clearer?
This is why I thought a custom designed solution might be better.
thanks very much,
Scott.
1) The Owner of the training course / website (this person can see a list of ALL compaines and delegates) = YOU
2) The Firewarden (This is the firewarden for the company that will be taking the training course, this person can add, edit, delete users from the training course, only for their own company) = COMPANY's ADMIN USER
3) The Delegate (They are assigned a username and password by the firewarden, they can then user these to log in and take the course) = CHILD USERS.
You can add another table or a field in a table that has the company name and do the verification at login, may be provide a dropdown so that the users can choose the company they belong to and then give the rights according to the role and company they belong to.
Does this sound doable to you?
bullpit
Hi Bullpit,
Thanks very much for that, it does make sense, not quite sure where to start but it does sound doable to me.
thanks again for your help,
scott.
Hi Bullpit,.
one more thing to point out
"1) The Owner of the training course / website (this person can see a list of ALL compaines and delegates) = YOU"
This will actually be the customer that I supply the site to so they will not be using the site configuration, can they still see the list of users and companies etc?
thanks,
Scott.
Sure, anytime...I dont know which database server you are using but if you are using SQL Server 2005, it should already be configured but if you are using 2000 and need help with configuring it, let me know. And your application does need more thinking than what I have suggeted, so make a good plan and then go for it. My suggestions may not be the best ones.
good luck...
bullpit
You can actually have remote access to the Site Mangement tool.
go thru this tutorial and I believe this will help you.
http://www.sitepoint.com/article/asp-net-2-security
good luck...
bullpit
thanks very much mate, I will work through the tutorial.
And yes I am using SQL Server 2005.
thanks again for all your help.
Scott.
I am sorry but the tutorial I sent does not tell you explicitely how to use it remotely. I am looking into it and will get back to you with a good article but it is accessible remotely (documentation in MSDN). You may find my question posted in this forum soon.
good luck...
bullpit
ha ha, its ok and thanks for looking into it.
To be honest, I didnt even know that you could view the users in a gridview so that is a step forward anyway.
thanks again.
Scott.
I believe you can use these two articles to get remote access to the website admin tool.
http://weblogs.asp.net/jeffwids/archive/2005/07/26/420572.aspx
http://www.extremeexperts.com/Net/Articles/ConfigurationManagementinASPNET.aspx
bullpit
0 comments:
Post a Comment