Using an XML File to Host Credentials

Another area in which you can store user information is within a separate XML file. Given the .xml file shown here

<username>mary</username> <password>marypassword</password> <user>

<username>joe</username> <password>joepassword</password> </user> </root>

We can change the UserLoginVaiid() function to that shown in Listing 31.2. LISTING 31.2 UserLoginValidO Using an XML File

1: function TLoginForm.UserLoginValid(aUserName, aPassword: String): Boolean;

3: dsUsers: DataSet;

4: fsUsers: FileStream;

5: srUsers: StreamReader;

6: drArray: array of DataRow;

7: pwString: String;

8: begin

9: fsUsers := FileStream.Create(Server.MapPath('users.xml'),

10: FileMode.Open, FileAccess.Read);

11: try

12: dsUsers := DataSet.Create;

13: srUsers := StreamReader.Create(fsUsers);

14: dsUsers.ReadXml(srUsers);

15: drArray := dsusers.Tables[0].Select(

16: System.String.Format('username=''{0}''', aUserName));

18: if (System.Array(drArray).Length > 0) then

19: begin

21: Result := System.String.Compare(pwString, aPassword) = 0;

22: end

23: else

26: if Result = False then

27: Label4.Text := 'Invalid username or password.'; 28:

29: finally

30: fsUsers.Close;

. Find the code on the CD: \Code\Chapter 31\Ex04.

In this example, the method loads the .xml file into a stream and then reads it into a DataSet (line 14). The user is located by invoking the Select() method on the table within the DataSet. If a row is located, the password string is extracted and compared against that which the user entered (lines 20-21).

This technique has the same drawbacks as storing the username/password combinations in the web.config file. It requires that an administrator manages entering users and passwords into this text file. This becomes especially problematic if the passwords stored are in some sort of encrypted format such as MD5. Certainly, one could develop a tool that would make this data entry easier and generate the encrypted form of the password.

Was this article helpful?

0 0

Post a comment