ASP.NET Postgres Providers.

ASP.NET Postgres Providers.

Postby lkeel » Fri 15 Feb 2008 17:11

I am very new to ASP.NET security and providers so please forgive me if these questions are trivial.

1) In order to make things properly secured from sql injection attacks, I thought that it was best to use stored procedures (or functions in this case) to manipulate the data. Are the delivered postgres providers configured to use stored procedures?

2) What table is used to define the profiles that are used by the ProfileProvider? I have used the creation scripts to create the aspnet_* tables, but I don't see any of the tables that have the columns that are defined in the web.config of the sample WebProviders app.

3) Are these schemas absolute for these providers? For example, the aspnet_roles table has application in it, but I really want to define a set of applications and a set of roles and have a join that combines the 2. Can I do this with the current providers? If so, how do I configure it as such?

Again, I am sorry if these are way to simple and I am just missing something.

Thanks in advance,
LK
lkeel
 
Posts: 12
Joined: Fri 15 Feb 2008 14:49

Postby Alexey.mdr » Mon 18 Feb 2008 12:38

Yes, PostgreSQLDirect .NET fully supports stored procedures.
As to your other questions, I would gladly like to answer them but it might take me several pages.
Instead, I kindly suggest you to look through our demo projects here
%Program Files%CoreLab\PostgreSQLDirect.NET2\Samples\Web

Feel free to contact us if you have any other problem with PostgreSQLDirect .NET.
Last edited by Alexey.mdr on Tue 26 Feb 2008 12:51, edited 1 time in total.
Alexey.mdr
 
Posts: 729
Joined: Thu 13 Dec 2007 10:24

Postby lkeel » Mon 25 Feb 2008 21:56

I have done a lot of reading over the last couple of weeks and now understand providers a little better. But, how can I configure the provider to use stored procedures for data edits?
lkeel
 
Posts: 12
Joined: Fri 15 Feb 2008 14:49

Postby Alexey.mdr » Tue 26 Feb 2008 13:06

Well the basic scheme is pretty straightforward.
Firstly, create stored procedures on server.
Then modify your code. See the example below:
Code: Select all
   ...
     private CoreLab.PostgreSql.PgSqlCommand procedureCommand;
   ...
      procedureCommand.CommandText = “SP_selectDept”;
      procedureCommand.Parameters["@pdeptno"].Value = Convert.ToInt32(tbDeptno.Text);
      procedureCommand.Parameters["@pdname"].Value = tbDname.Text;
      procedureCommand.Parameters["@ploc"].Value = tbLoc.Text;
      procedureCommand.ExecuteNonQuery();
   ...

Please run the installed example:
%Program Files%CoreLab\PostgreSQLDirect.NET2\Samples\WinForms\
Though it is designed as a desktop example, the usage of stored procedures
is the same for Web projects.
Alexey.mdr
 
Posts: 729
Joined: Thu 13 Dec 2007 10:24

Postby lkeel » Tue 26 Feb 2008 14:03

Sorry, I guess I should have been more specific. I am talking about using the ASP.NET providers. So for creating a user there is a function Members.CreateUser() that performs this functionality. What I am trying to figure out is if there is a way to configure these providers to use stored procedures to perform the update.

Again, sorry for the confusion.

Thanks in advance,
LK
lkeel
 
Posts: 12
Joined: Fri 15 Feb 2008 14:49

Postby Alexey.mdr » Wed 27 Feb 2008 14:00

The database objects are created on product installation.
Unfortunately, they are hardcoded and you cannot configure them.
It is recommended to use existent items.
Please see our samples here
%Program Files%CoreLab\PostgreSQLDirect.NET2\Samples\Web\
Alexey.mdr
 
Posts: 729
Joined: Thu 13 Dec 2007 10:24


Return to dotConnect for PostgreSQL