Different connection strings based on user

Collapse
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • jothikumar
    New Member
    • Sep 2007
    • 8
    #1

    Different connection strings based on user

    I have a fairly large webapp which is used by many customers. Each customer has its own database.

    I want to use the same webapp for all of the customers, but they still need to have separate databases and thus different connection strings.

    What is the best way to do this?

    I thought of this approach:
    1. One database contains a table called Customers. This table contains all customers and what their connection string is.
    2. When a customer is accessing the webapp, they should also provide their customerId (http://server/webapp/Default.aspx?cu stomerid=xx)
    3. Then i will retrive the connection String attributes from the Main database and will store in the session and its working finr.


    But i think this is not a good solution. So can anyone suggest solution.

    Thanks in advance.
    Tags: None
    • balabaster
      Recognized Expert Contributor
      • Mar 2007
      • 798
      #2
      Originally posted by jothikumar
      I have a fairly large webapp which is used by many customers. Each customer has its own database.

      I want to use the same webapp for all of the customers, but they still need to have separate databases and thus different connection strings.

      What is the best way to do this?

      I thought of this approach:
      1. One database contains a table called Customers. This table contains all customers and what their connection string is.
      2. When a customer is accessing the webapp, they should also provide their customerId (http://server/webapp/Default.aspx?cu stomerid=xx)
      3. Then i will retrive the connection String attributes from the Main database and will store in the session and its working finr.


      But i think this is not a good solution. So can anyone suggest solution.

      Thanks in advance.
      I'm assuming that the database server is the same... i.e. they're all hooking up to the same instance of SQL Server (or some other server)? Or Microsoft Access? If that's the case, your customers table (which would be in a separate database) would only need to hold the name of the database or the filename of the access database. It does seem kind of hokey... but it's probably also the most secure.

      In a commercial environment I would probably set a group username and password too in that table which they can save in a cookie so they don't have to enter it every time they connect - only the first time. This way is most likely the most secure because any given customer can't even get access to the connection string for another customer's database let alone any access to their data.

        Comment

        • Brad Orders
          New Member
          • Feb 2008
          • 21
          #3
          Also, take care if you are using the URL:
          http://server/webapp/Default.aspx?cu stomerid=xx

          You will need to make sure that one customer cannot impersonate another customer by simply changing the customerid in the URL. This will need to happen on every page in the web app - not just the page after login.

          I agree that the customer should provide a password as well as their id. If security of the database is also an issue, then consider encrypting the values in the table.

          Good luck.

            Comment

            Previous template Next
            Working...