Devart Forums

Discussion forums for open issues and questions concerning database tools, data access components and developer tools from Devart
https://forums.devart.com/

ASP.NET Postgres Providers.

https://forums.devart.com/viewtopic.php?f=3&t=11546

Page 1 of 1

ASP.NET Postgres Providers.

Posted: Fri 15 Feb 2008 17:11
by lkeel
I am very new to ASP.NET security and providers so please forgive me if these questions are trivial.

1) In order to make things properly secured from sql injection attacks, I thought that it was best to use stored procedures (or functions in this case) to manipulate the data. Are the delivered postgres providers configured to use stored procedures?

2) What table is used to define the profiles that are used by the ProfileProvider? I have used the creation scripts to create the aspnet_* tables, but I don't see any of the tables that have the columns that are defined in the web.config of the sample WebProviders app.

3) Are these schemas absolute for these providers? For example, the aspnet_roles table has application in it, but I really want to define a set of applications and a set of roles and have a join that combines the 2. Can I do this with the current providers? If so, how do I configure it as such?

Again, I am sorry if these are way to simple and I am just missing something.

Thanks in advance,
LK

Posted: Mon 18 Feb 2008 12:38
by Alexey.mdr
Yes, PostgreSQLDirect .NET fully supports stored procedures.
As to your other questions, I would gladly like to answer them but it might take me several pages.
Instead, I kindly suggest you to look through our demo projects here
%Program Files%CoreLab\PostgreSQLDirect.NET2\Samples\Web

Feel free to contact us if you have any other problem with PostgreSQLDirect .NET.

Posted: Mon 25 Feb 2008 21:56
by lkeel
I have done a lot of reading over the last couple of weeks and now understand providers a little better. But, how can I configure the provider to use stored procedures for data edits?

Posted: Tue 26 Feb 2008 13:06
by Alexey.mdr
Well the basic scheme is pretty straightforward.
Firstly, create stored procedures on server.
Then modify your code. See the example below:

Code: Select all

	...
     private CoreLab.PostgreSql.PgSqlCommand procedureCommand;
	...
      procedureCommand.CommandText = “SP_selectDept”;
      procedureCommand.Parameters["@pdeptno"].Value = Convert.ToInt32(tbDeptno.Text);
      procedureCommand.Parameters["@pdname"].Value = tbDname.Text;
      procedureCommand.Parameters["@ploc"].Value = tbLoc.Text;
      procedureCommand.ExecuteNonQuery();
	...
Please run the installed example:
%Program Files%CoreLab\PostgreSQLDirect.NET2\Samples\WinForms\
Though it is designed as a desktop example, the usage of stored procedures
is the same for Web projects.

Posted: Tue 26 Feb 2008 14:03
by lkeel
Sorry, I guess I should have been more specific. I am talking about using the ASP.NET providers. So for creating a user there is a function Members.CreateUser() that performs this functionality. What I am trying to figure out is if there is a way to configure these providers to use stored procedures to perform the update.

Again, sorry for the confusion.

Thanks in advance,
LK

Posted: Wed 27 Feb 2008 14:00
by Alexey.mdr
The database objects are created on product installation.
Unfortunately, they are hardcoded and you cannot configure them.
It is recommended to use existent items.
Please see our samples here
%Program Files%CoreLab\PostgreSQLDirect.NET2\Samples\Web\
All times are UTC
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/