3

I am rewriting an old visual basic 6 application by using ASP.Net MVC.

This old app will extract data based on username and password the user entered. It uses the username and password to connect to AS400 and get different data value (Because the users are from different companies).

Now when developing on ASP MVC app, the user logins through another portal page and uses cookie authentication. There are no username and password to be passed to the connection string. This MVC app needs to use the login information to connect to AS400 as well.

My issue is: On the vb6 app, it uses username and password for each AS400 connection. But on ASP app, I only get the cookie string. And If I want to connect to AS400, I have to create a generic account. However, the generic account cannot distinguish the users' companies. I am not sure how the AS400 handles each users and provided different data.

Please give me some advises and directions. Thank you so much.

Improve this question

1 Answer 1

Reset to default
0

You have several options:

  1. Get the credentials from the portal.

Don't know what kind of authentication the portal uses, but that is most likely the worst option. Passing clear text credentials.

  1. Map the users of your MVC app to AS400 credentials.

I would avoid this option too. Someone has to maintain those mappings.

  1. Ask your user for AS400 credentials.

Easy to implement. Not the best user experience, but close to what the old app did.

  1. Take your generic account and set the library list per user in the connection string.

Background info: After login the AS400 sets a library list. Which is used to find objects like data tables. In your case those library lists most probably differ per company.

Here is an example connection string:

    <add name="InforMASConnection" connectionString="DataSource=127.0.0.1;UserID=abc;Password=xyz;naming=1;Library List=WWKO000MAS,WWKD000MAS,WWBD000MAS,ARUBA_EW21" providerName="IBMDA400.DataSource" />

As with option 2, someone would have to maintain those mappings.

  1. Implement Single-Sign-On.

In that case you would have to talk to your admins. That must be configured.

Option 5 is the best user experience, but the most work on your side. I would go with option 3. At least for the first version of your application.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.