An array of C#, PHP, and HTML programming articles, tutorials, and resources

Posts Tagged ‘ web.config ’

Basic User Login Impersonate on Trusted Network

by Victor | March 25, 2008 in C# | 1 Comment

In most cases, designing a website will require some form of user validation. Some users will be granted more permissions than others, which complicates the process of testing and debugging. One method to ease this process is to impersonate a user of a different permission.

If users with access to the website can be trusted, perhaps a company intranet or home network, this easy method of user impersonation includes a value key combination in the WebConfig file (to read an article on Store Constant Variables in WebConfig). The high level idea is to create two keys to control user login. One is of the debugger’s username (yourAccount) and the second of the username you want to impersonate (accountToImpersonate).

<appSettings>
<add key = “currentDebugger” value = “yourAccount” />
<add key = “debuggerImpersonateAs” value = “accountToImpersonate” />
</appSettings>

With these appSettings, you want to create a function to manipulate the username before it is evaluated for permission levels. The function will switch the login username to accountToImpersonate whenever you log in as yourAccount allowing you specifiec access. Additionally, because the changes occur in the WebConfig file, changes can be made to the accountToImpersonate account without requiring a recompile.

public static string currentUser(string username)
{
   if (username== ConfigurationSettings.AppSettings["currentDebugger"])
   {
      username = ConfigurationSettings.AppSettings["debuggerImpersonateAs"];
   }
   return username;
}

The function above will return either the username that is logged in or if you are the currentDebugger will return debuggerImpersonateAs. When the debug process is over, simply leave the currentDebugger value blank as shown below and you can log in as usual to yourAccount.

<appSettings>
<add key = “currentDebugger” value = “” />
<add key = “debuggerImpersonateAs” value = “accountToImpersonate” />
</appSettings>

An important security issue to keep in mind is that this method should only be used on website located on a trusted network. The important settings are saved in the WebConfig file, which can be altered without requiring a recompile, and therefore presents a potential security risk on open networks or the internet.

Store Constant Variables in WebConfig

by Victor | March 17, 2008 in C# | 2 Comments

In a web application, there is sometimes a need to store a read only string accessible throughout the project without having to access a database. An easy way to achieve this end goal is to create a key in the web.config file.

An advantage to adding a key to the appSettings of the web.config file is that the key will be accessible to all files in your project. Secondly, if this key should ever change, you can edit the key’s value without the need to recompile! Therefore, the value is semi-constant in that it doesn’t change during execution, but can be easily altered between builds. The key is added within appSettings of configuration in the web.config file.

<configuration>
<appSettings>
</appSettings>
<configuration>

Next is a simple example of how this can be used. Below is the relevant code sample of the web.config file.

<configuration>
<appSettings>
<add key =”supportEmailGroup” value=”support@victorchen.info”/>
</appSettings>
<configuration>

To access the key named supportEmailGroup, use the following code below. In the example below, the supportEmailGroup value is accessed in the code behind.

string supportEmailAddress = ConfigurationSettings.AppSettings["supportEmailGroup"];

It is that easy. The web.config file can hold an arbitrary number of keys. I use the appSettings feature in every project. Some example of where this can be useful is pointing to file directory or connection strings.