views:

237

answers:

1

My web app is using .NET 3.5 framework, VS 2008 with a SQL Server database. I am using Forms authentication and the generic login to validate user access to the aspx pages. Is there a way I can pass the user's form auth credentials (different from their Windows login) to the sql server connectionstring so that their database permissions can be based on that login?

+1  A: 

You could construct a connection string, inserting the Forms Authentication username and password (that you'll have to have saved somewhere). It's just simple string manipulation - have a connection string with placeholders for the username and password.

One disadvantage is that you won't be able to share pooled connections between different users, so won't benefit from connection pooling.

On a site with more than a handful of users this will quickly become a problem.

Joe
Thank you very much for the answer - Where would I save the username and password? If you have an example of how the connectionstring would look in the web.config that would be a big help to me. Thanks!
Sarah
The username will be available from HttpContext.Current.User. The password you'd have to manage yourself - i.e. you'll have to save it somewhere when the user logs in (e.g. in the ASP.NET Cache, or in a static Dictionary somewhere). What's most appropriate is difficult to say without knowing more about your requirements - as noted in the answer, this approach is not appropriate for sites with more than a few users, so I assume your requirements are fairly basic.
Joe
I think that will work because only a few users will be accessing the app at one time. I really appreciate the help - Thanks!
Sarah