Print Page | Close Window

DB having own security using user tables

Printed From: IdeaBlade
Category: DevForce
Forum Name: DevForce 2010
Forum Discription: For .NET 4.0
URL: http://www.ideablade.com/forum/forum_posts.asp?TID=2669
Printed Date: 27-Mar-2025 at 7:24pm


Topic: DB having own security using user tables
Posted By: Stecy
Subject: DB having own security using user tables
Date Posted: 11-May-2011 at 12:05pm
Hi,

We have a SQL database where an application always log using the same credentials regardless of the user using it.
However, the application must open a user session and it is implemented by using a user table in the database.

Furthermore, some tables, views, sprocs are protected using this mechanism by using a SQLServer CONTEXT_INFO set by the application. This context info contains a session id and the sproc executes only if the CONTEXT_INFO contains this session id and the session allows execution for the user (derived from the session id and user table).

Does DevForce support this scenario?


Replies:
Posted By: DenisK
Date Posted: 12-May-2011 at 2:16pm
Hi Stecy;

The answer is yes and no.

No, because we are not certain of the lifetime of the CONTEXT_INFO. We open/close the DB connection as needed and don't expose it at the application level. Thus, each connection issued to the db may results in a different session.

The answer is yes, if you can move away from using CONTEXT_INFO. DevForce uses role-based security within the application level, not the database, based on the principal. We have what we called Query Interceptor and Query Filters that supports this same concept, but on an application level instead of the database level.

Hope this helps.

Posted By: DenisK
Date Posted: 12-May-2011 at 4:17pm
Here is a page on our DRC (DevForce Resource Center) that explains how Query Interceptor and Query Filters work.

http://drc.ideablade.com/xwiki/bin/view/Documentation/query-server-lifecycle-events - http://drc.ideablade.com/xwiki/bin/view/Documentation/query-server-lifecycle-events

Posted By: Stecy
Date Posted: 13-May-2011 at 10:21am
Thank you for the answer.

Sadly, the system we have cannot be changed and the method of authenticating users is what I described.

Since there's no way to accomodate this then I fear DevForce would not be a perfect fit in our case.

I really hope there is a way though...


Print Page | Close Window