http://forums.asp.net/t/286794.aspx/1?appsettings+in+Web+configFri, 01 Aug 2003 11:11:41 -0400286794286794http://forums.asp.net/p/286794/286794.aspx/1?appsettings+in+Web+config hello i am using the web.config to store the connection to the SQLServer. but when i do so ..i get a error msg saying "UNRECOGNIZED CONFIGURATION SECTION appsettings" the code is IN WEB.CONFIG and on the click of the LOGIN BUTTON of the login screen i create the SQLConnection Dim conn as SQLConnection conn=new SQLConnection(configurationSettings.appsettings("cn") but this doesn't work. Appreciate ur help 2003-07-23T10:46:30-04:00287194http://forums.asp.net/p/286794/287194.aspx/1?Re+appsettings+in+Web+config deepti Your code in both web.config and on the login button click event looks fine. (except for the missing bracket behind ("cn"), but I expect that just got missed on the copy and paste.) From the error I would guess that the appsettings configsection is not defined correctly in your machine.config file. Check the machine.config file for the following (5000 can be replaced by 3300 if you're using an version 1.0 of .net fx instead of 1.1): This should appear somewhere between and in machine.config file (which is normally located in C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\CONFIG, or at least it is on my machine) If it does not, then you could just paste it in there (make sure you use the correct version number), or you could add it to your web.config file, once again between the and tags. You may want to also try reinstalling the .Net Framework to make sure you have all the standard stuff in the machine.config (unless of course you have made some specific changes to machine.config) Good luck 2003-07-23T15:38:24-04:00288001http://forums.asp.net/p/286794/288001.aspx/1?Re+appsettings+in+Web+config hi Thank u so much. But i have solved the problem.It was a very small problem. Since this is the first time i am working on ASP.net/ASP or XML files i din't realise that the tags in the XML file are case sensitive unlike HTML. but now the code is just working fine. thanks again. 2003-07-24T03:52:33-04:00288013http://forums.asp.net/p/286794/288013.aspx/1?Re+appsettings+in+Web+config I have another Doubt. The Application that i am building is for a stores management will be used thro intranet. There is a StoreIncharge & Stores Manager AND all other users just view the items available in the stores. other than the stores manager & stores incharge al the other user login as Guests. my question is while logging in i want to check if the person loogged in is a guest or stores manager. if he is a GUEST he had to be directed to Form1.aspx and if he is a Stores Incharge &stores manager he has to be directed to form2.aspx. how do i do this. 2003-07-24T04:03:55-04:00288199http://forums.asp.net/p/286794/288199.aspx/1?Re+appsettings+in+Web+config I would say there are two options (depending on what you really want to do). For both options I would put two buttons on the login screen. One for logging in with a user name and password (btnLogin), the other for logging in as a guest (btnGuest). I assume you already have this, or something similar. Option 1 is very easy and simple, but has obvious limitations. It basically assumes that you actually have two seperate applications for guests and known users that just look at the same DB. This approach should really only be followed in very simplistic apps, and even then I don't think it has any real advantage other then saving a little bit of dev time. Option 1: On btnGuest_Click redirect the user to Form1.aspx. On btnLogin_Click redirect the user to Form2.aspx (after authenticating of course). Option 2 is still quite simple, but involves a bit more logic and provides you with the opportunity to make the solution really elegant. It involves saving the user name or some form of indicator telling you the user is a guest to a session variable. Option 2: On either of the two click events, save the user name to a session variable. The code would look something like this: Session("UserName") = lblUserName.Text Whenever you call a form for which there are two alternatives for the two types of user, do a simple check as below. If Session("UserName") = "Guest" Then Response.Redirect = "Form1.aspx" Else Response.Redirect = "Form2.aspx" EndIf You could of course make this a lot neater by declaring the values like "UserName" and "Guest" as constants, but the way in which you choose to implement it is really up to you. I would recommend that you actually store a boolean value in a session variable based on the logic that you define (e.g. which button is clicked) that indicates the user is not a guest, or is a guest. You therefore wouldn't ever work with a 'user name' Guest. Hope that's what you're looking for... 2003-07-24T08:58:42-04:00288215http://forums.asp.net/p/286794/288215.aspx/1?Re+appsettings+in+Web+config You may want to check out this tutorial on managing application and session state: http://samples.gotdotnet.com/QuickStart/aspplus/default.aspx?url=/quickstart/aspplus/doc/stateoverview.aspx And these two msdn articles on session state: http://msdn.microsoft.com/msdnmag/issues/01/11/cutting/toc.asp?frame=true http://msdn.microsoft.com/msdnmag/issues/01/12/cutting/toc.asp?frame=true 2003-07-24T09:33:09-04:00289424http://forums.asp.net/p/286794/289424.aspx/1?Re+appsettings+in+Web+config I have one more suggestion... Authentication in ASP.NET is in three ways. 1. Windows Based [IIS's Basic, NTLM, certificated based] 2. Forms based (you write your own code for authorization. Basically a couple of .aspx and probably one table in database and few session variables) 3. Passport - You can use Microsoft Passport for the authorization. Now since you are using a simple intranet you can go for the first authentication method. How to do this? You can start windows authorization using tag.... as . You can add users list and their group in autherization... as the following Here in the above tag... you can pass NT Users list in users attribute. NT groups name to roles attribute. Others please suggest if this approach is correct or not. I didn't used this. 2003-07-25T04:13:02-04:00289553http://forums.asp.net/p/286794/289553.aspx/1?Re+appsettings+in+Web+config syamd I don't see why not. Haven't used it myself, but it should work. I would still rather go for "2. Forms based" for the following reasons: 1. It gives you full control over design for authentication in your system. Anything where you want to customise look/feel per user or usergroup would be easier. 2. You're not limiting the application to its current use. If it is a simple intranet based thing today, tomorrow they may want to allow customers to login as guests over the internet. My experience is of the forms based method, and I've found that it works well, is easy to implement and offers excellent flexibility. Point 1 above to me is the real strength of this approach, because it allows you to implement an authentication design that will be perfect for your application (and once you've done it a few times you'll find that there are actually very few decisions to make, but those decisions can have a very large impact on your development). Having said that there probably are situations where windows based authentication would be the more suitable approach, but I don't know enough about it... Perhaps someone with experience of using it can share an opinion here? 2003-07-25T08:26:11-04:00289595http://forums.asp.net/p/286794/289595.aspx/1?Re+appsettings+in+Web+config Well thank u all for the Help. This has surely given me a big picture of how to go about things. BUt i was wondering which way to go about . Cos my organisation is a huge one with more that 2000 employees. 2003-07-25T09:41:20-04:00291889http://forums.asp.net/p/286794/291889.aspx/1?Re+appsettings+in+Web+config deepti I'm not sure exactly what you're looking for? I would suggest based on the information you've given that forms-based authentication is the best option. The following MSDN article contains enough info to get you going: http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpguide/html/cpconthecookieauthenticationprovider.asp The following article will also provide you with info on the other two types that syamd mentioned: http://msdn.microsoft.com/library/default.asp?url=/library/en-us/vsent7/html/vxconASPNETAuthentication.asp In addition to the code and config settings described in the aforementioned articles you will probably need to create a few tables. At the very least you'll need a table to store user names and passwords (encrypted of course). Hope that helps 2003-07-28T14:14:12-04:00292859http://forums.asp.net/p/286794/292859.aspx/1?Re+appsettings+in+Web+config Thank you These links were very useful. But what i was looking for is that .... the employers want to me to create an application based on the windows authentication.Since this is a very big organization.And that each employee's user name and password will be created when they join the organization and stored in the Server.they don't want me to create another table for user name and password n their roles based on which the application functionalities can be accessed. Instead they want me to import the user name and password to the SQL Server and then Give permissions or assign roles for each user in the database(SQL server).Using the Roles object for each table.So that when employee tries to add data to a table and if he has no permission to insert for that particular table then the database rises error which should be caught in the application and then displayed to the user. Don't u think this is a very bad kind of Coding.Why should each user be given access to the database. 2003-07-29T05:01:46-04:00297108http://forums.asp.net/p/286794/297108.aspx/1?Re+appsettings+in+Web+config deepti I don't really know enough about using windows authentication to help you out, but I can say this: 'Why should each user be given access to the database' - Each user must have some form of access to the database, otherwise they would not be able to view any data stored in that database. However, they will all connect to the database through your application. The application will be using a connection string containing a database username and password amongst other things. So all those users will have access to the database, but not as individual users only through the application. If you want to control permissions at database level then you could use multiple connection strings in your code (i.e. the guest users could connect to the db using a db user with only display permissions and the other users could connect using a db user with update permissions on certain tables). As I said, I don't know enough about the windows authentication method to give you a definitive answer, but if you're going to have only a few regular users and many guest users then forms based authentication will be a lot easier for the system administrator to maintain. Also, and I'm only guessing here, if you use windows authentication then you're making your application dependent on a whole lot of external factors that could be difficult to control. E.g. if the network administrator decides to restructure the group policy this might have an impact on the application etc. Cheers 2003-08-01T11:09:46-04:00