Authentification question

  • Thread starter Thread starter Ivan Demkovitch
  • Start date Start date
I

Ivan Demkovitch

Hi!

I'm reading thru everything I could find on "user Authentification" topic.

There is couple of options ASP.NET suggest: Forms, Passport, etc...

My application is simple portal with forums and Online store will be added
in future.
It will be hosted using hosting provider (no way to setup security, etc..)

I don't see how I can use windows authentification (forms) in my
application.

Or may be I do not understand and this is just set of objects to make my
life easier?

By design my users will be restricted to viewing of page and I will be able
to give them permissions to specific modules, so they can edit info.

I don't see anything problematic here.

I'm planning on using Session object to keep user info. Is it safe?

Please give me links to any info on this topic or share your opinion on how
it's done best. I just don't understand wat this bookstalking about.
Looks like it is all for intranets/personally owned web servers.

Thanks!
 
Steve,

I also was looking at this, but I don't understand how this will work for my
application.

I have 1 Page web application(portal). This is Default.aspx

DB describe "Pages" as to what modules loaded and where. All modules done as
user controls.

Baiscally Pages will be: Default.aspx or Default.aspx?PageKey=1,
Default.aspx?PageKey=2 and so on.

Login Module will be loaded on specific pages and I would like to display
Greeting or UN/PW fields.

How would I make forms authentification to work for this scenario?

TIA!
 
Steve,

Another thing. Wat if user's browser does not accept cookies. From what I
understand it has to place cookie.

How to go about it?
 
The cookie thing is no problem.
In your web.config file, in your sessionState tag, set the attribute
cookieless="true"

As for the non-standard way you're putting all your pages into a single
page, that does make things a bit more difficult.
There's likely a way to get it to work, but it won't be nearly so automatic.
Your idea of using Session state to store permissions is starting to look
better.
There's not really anything wrong with that approach. That's pretty much
how we all had to do it in ASP.Old and it worked well enough in most cases.

--
I hope this helps,
Steve C. Orr, MCSD
http://Steve.Orr.net
Hire top-notch developers at http://www.able-consulting.com
 
Just looked at IBuySPy sample with Form's authentification (It's 1 page
sample portal)

It's funny because it looks like this Authentification used just to show how
to use it, but then every module
has code "if IsLogin==1". Looks like I need to write 1 simple class and go
with it.

Is there any real security issues that could be solved using this Forms
authentification or this is just a set of helping objects???
 
Ivan Demkovitch said:
Just looked at IBuySPy sample with Form's authentification (It's 1 page
sample portal)

It's funny because it looks like this Authentification used just to show how
to use it, but then every module
has code "if IsLogin==1". Looks like I need to write 1 simple class and go
with it.

Is there any real security issues that could be solved using this Forms
authentification or this is just a set of helping objects???
Click to expand...

I'm not sure what you mean "any real security issues that could be solved".
I have several sites using Forms Authentication. None of them have "if
isLogin == 1" in them.
 
John,

I explained before, I have 1 Page portal. This page consists of "blocks" -
"modules"
Theese has to be controlled by security.

Thats why I'm saying that example of forms security (IBuySpy) probably
meaningless because they have same model like mine to start with.
I'm not sure what you mean "any real security issues that could be
Click to expand...
solved".

I don't know what tricks used by hackers and thats why I thought this forms
may offer somthing I can not accomplish with Session object and my code.

TIA
 
Back
Top