Question about membership/security

[Cirene]

I am creating an ASP.NET 2.0 website. Rather than using all the membership
functions I wanted to just create my own SQL Server db and use SESSION vars
to track if the user is logged in etc...

Is doing it in this way just as secure? I know that the "membership" stuff
will save me some coding, but I was just thinking....

Thanks.

 

[Cowboy \(Gregory A. Beamer\)]

I am creating an ASP.NET 2.0 website. Rather than using all the membership
functions I wanted to just create my own SQL Server db and use SESSION vars
to track if the user is logged in etc...

If you have a custom database schema you wish to use, you can still use
Membership. Just create your own custom provider.

Is doing it in this way just as secure?

The Session stuff is encrypted, so it should be secure enough. The
Membership bits still send encrypted information to the client, so it is
probably pretty equivalent.

I know that the "membership" stuff will save me some coding, but I was
just thinking....

A lot of coding. A lot of missed bugs. Etc.

Before rewriting the entire authentication system, I would look at creating
your own custom provider.
http://www.devx.com/asp/Article/29256
http://www.15seconds.com/issue/050216.htm

Google "Custom Membership Provider" and you should find a lot of additional
articles.

--
Gregory A. Beamer
MVP, MCP: +I, SE, SD, DBA

Subscribe to my blog
http://gregorybeamer.spaces.live.com/lists/feed.rss

or just read it:
http://gregorybeamer.spaces.live.com/

*************************************************
| Think outside the box!
|
*************************************************