Users and authentication

  • Thread starter Thread starter mrajanikrishna
  • Start date Start date
M

mrajanikrishna

Hello friends,

I am new to dotNETand familier with classic ASP. I've one doubt
regarding users.

I am developing an application. In which i want to authenticate users
and logged in which is valid. I've read that ASP.NET authentication is
fast and secure.

Which is the best method for maintaining and authering users of my
application.
In cassic ASP, I used to store the details in database.

If we maintain ASP.NET authentication, we need to fix the userids and
passwords in the web.config file. If we want to add new users, how can
the end user does this?

thanx in advance.
 
No you can use your own authentication method with ASP.NET's Forms
authentication and you don't have to define users in your web.config file.
Simply for instance, write some authentication method (Assume that method is
named IsAuthenticated for this example) that returns bool (true if user is
valid and false if it's not) and then you may write:

if(IsAuthenticated())
FormsAuthentication.SetAuthCookie("UserNameGoesHere", false);
else
// Validation failed code goes here...
Note seconfd parameter of SetAuthCookie 'false' means we do not want a
persistent cookie. This sends that user a cookie (a security token to put
simply). Look for FormsAuthentication class on MSDN for more info. And
ASP.NET 2.0 comes with a new provider-based membership model and there are
some providers like SQL provider out of the box. This model eases the
authentication process but customizing this providers is not a trivial work
and out of the box provider requires some specific tables and table schemas.
You can learn more from MSDN.
 
Mranjankrisha,

I don't know were you have read about an other method, if I understand you
well than is the method you use now still the most used, as well in AspNet.

This is by the way a newsgroup about ADONET. The one about ASPNET is
microsoft.public.dotnet.framework.aspnet

What you can think about is that you can use more sophisticated methods to
hide the password on the serverside even for admins.

I hope this helps,

Cor
 
Back
Top