This blog will mention the steps that is required to share the asp.net security database between different applications.
The steps to follow :
- Since you are going to use one database for many applications , it will not be practical to have the database(aspnet.mdf) placed in App_Data folder of one web site.Instead Create a new database to hold the security tables ,Please follow This post on how to create that database and populate it with the required database tables.
- Now you have the required security tables in shared database , you need to tell each application to use it's own data(users,roles,profiles...).This can be accomplished by specifying the ApplicationName for Membership configuration section.
This is an example on how to configure one web site to use the shared security database( assuming the database name is "MembershipDataBase").
<connectionStrings>
<remove name="LocalSqlServer"/>
<add name="LocalSqlServer" connectionString="Initial Catalog=MembershipDataBase;Data Source=.\sqlexpress;Integrated Security=SSPI;Persist Security Info=False;"/>
</connectionStrings>
<system.web>
<roleManager enabled="true" />
<membership defaultProvider="SqlMembershipProvider" userIsOnlineTimeWindow="15">
<providers>
<clear />
<add
name="SqlMembershipProvider"
type="System.Web.Security.SqlMembershipProvider"
connectionStringName="LocalSqlServer"
applicationName="Website1"
/>
</providers>
</membership>
Note:Notice how I set the applicationName attribute to "website1" , this value will be used by the Providers to get the data of the current application and to avoid mixing application data.( data here means : users,profiles,Roles,personalization ....)
Now , if you want to use the same security database for another website, you need to change applicationName value from Website1 to any other value (for simplicity you may choose the website name for that value )
Hope it helps.
In this blog, I will show how to change the Assigned session Id programmatically.
You may ask : why I need to change the automatically generated the user session id ? well there is many possible reasons like :
- You may use the session ID to track the User activities or to implement audit trails in your system.
- Preventing Session Hijacking by generating a new session id after the user logged in.
- Removing the user session after logging out.
There could be more reasons that I don't know about them , if you know more reasons feel free to post it in the comments section .
Changing the Session id is an easy task in asp.net.You just need to use SessionIDManager class.
The class contains a lot of helpful methods ,I will list some of them :
- CreateSessionID : returns a unique session identifier that is a randomly generated number encoded into a 24-character string.
- GetSessionID : gets the session-identifier value from the current Web request.
- SaveSessionID : saves a newly created session identifier to the HTTP response.
The rest of methods and class members can be found here.
I will now show a simple code that will print the Current SessionId and Create a new session id and save it to the context.
[Code provided in C# ]
SessionIDManager Manager = new SessionIDManager();
string NewID = Manager.CreateSessionID(Context);
string OldID = Context.Session.SessionID;
bool redirected = false;
bool IsAdded = false;
Manager.SaveSessionID(Context, NewID,out redirected, out IsAdded);
Response.Write("Old SessionId Is : " + OldID);
if (IsAdded)
{
Response.Write("<br/> New Session ID Is : " + NewID);
}
else
{
Response.Write("<br/> Session Id did not saved : ");
}
Hope it helps.