if i have a sql login that belongs to the server role 'public' .
it does not have user access in any database . however it can access pubs sample database why?
View Complete Post
Hello all, I'm new to asp.net and I'm currently practising some few stuffs. I'm creating a hotel reservation system using ASP.net Web site in visual studio 2008 and I currently don't have an App_Data in my solution explorer unlike visual web developer.
1. I have planned to make users of the website login before making their reservations.
2. I have also planned to develop the website such that I will be able to know all reservations made by each user.
First and formost, I will like to know how I can access/View the security database?
Secondly, how do I link my custom made reservation database and the security database in order to achieve my second plan above.?
Someone help me.
I know there is a method built in for retrieving the encrypted password, but how do I retrieve the encrypted security answer?
What I want to do is have a member profile update screen that the end user can update their password and security question and answer. However, when they get to this page, I want to already be showing the security question (the easy part) and its answer (the not so easy part).
I have updated web.config with passwordFormat=Encrypted and have added a machineKey with the generator (forgot the link, but located on eggheadcafe somewhere).
I haven't done ANYTHING yet, since I already have a user store with hashed information. I wanted to get some functionality done before publishing, wiping the store and recreating users (only a couple developers).
For handy database interface, is it good to use SqldataSources exclusively intead of EntLib functions?
Thanks for any feedback.
I am using VS 2010 Professional with SQL Server 2008 Developer. I right click on the App_Data folder in solution explorer and add an existing item, then navigate to the correct database. However, I receive a pop up that Access is Denied. How do I fix this?
I understand how to set security for a ASP.NET web page, how to encrypt a Silverlight page, and a WCF application, but my question goes to this: given a web method, which by definition must be public, how do you keep people from accessing it outside
of your client program?
If your program (client) is the only way to access this web method, then there's no problem. But it is impossible to make a web method private--it won't compile--so how to keep people from using it? The only thing I can think of is that if you call
your web method by an obscure sounding name, it's likely nobody will guess the URL, and if you set your server so it cannot be searched (dir *.*) by the public, it's unlikely anybody will ever guess the name of the web method. But this is hardly 100%
secure. And what if you call your web method "DoWork", which is the default OperationContract name in Visual Studio?
What am I missing?
//what I have in mind
I downloaded the Adventurworks2008 database and the AdventureworksDW2008 database for practice with SSIS. I was wondering what the difference between the two databases is, because in the exercises im following it is stating that i will need to extract
data from the Adventureworks2008 database to the AdventureworksDW2008 database.
Is the the AdventureworksDW2008 an empty database and we are just extracting OLTP data to it? Please any help in clarifying this will be highly appreciated. Thanks!
apologies if this has been answered before.
it seems that the scaffolding that generates the list, edit, details apsx pages uses querystrings to pass the primary key for the relevant record. thus is i have a list.aspx showing me a grid of records, the edit hyperlink will be something like http://../tblTable/edit.aspx?ID=n where n is the key of the record to edit.
however, obviously this is not secure for a multi-user site as someone else with a valid login could potentially see records which they shouldnt simply by trying different "ID=n" values?
is there a way to change this behaviour in a Dynamic Data site or will i have to manually code to ensure a user only see records intended for them?
any help is gratefully appreciated