Professional Web Applications Themes

Authentification question - ASP.NET General

Hi! I'm reading thru everything I could find on "user Authentification" topic. There is couple of options ASP.NET suggest: Forms, Passport, etc... My application is simple portal with forums and Online store will be added in future. It will be hosted using hosting provider (no way to setup security, etc..) I don't see how I can use windows authentification (forms) in my application. Or may be I do not understand and this is just set of objects to make my life easier? By design my users will be restricted to viewing of page and I will be able to give ...

  1. #1

    Default Authentification question

    Hi!

    I'm reading thru everything I could find on "user Authentification" topic.

    There is couple of options ASP.NET suggest: Forms, Passport, etc...

    My application is simple portal with forums and Online store will be added
    in future.
    It will be hosted using hosting provider (no way to setup security, etc..)

    I don't see how I can use windows authentification (forms) in my
    application.

    Or may be I do not understand and this is just set of objects to make my
    life easier?

    By design my users will be restricted to viewing of page and I will be able
    to give them permissions to specific modules, so they can edit info.

    I don't see anything problematic here.

    I'm planning on using Session object to keep user info. Is it safe?

    Please give me links to any info on this topic or share your opinion on how
    it's done best. I just don't understand wat this bookstalking about.
    Looks like it is all for intranets/personally owned web servers.

    Thanks!


    Ivan Guest

  2. #2

    Default Re: Authentification question

    Steve,

    I also was looking at this, but I don't understand how this will work for my
    application.

    I have 1 Page web application(portal). This is Default.aspx

    DB describe "Pages" as to what modules loaded and where. All modules done as
    user controls.

    Baiscally Pages will be: Default.aspx or Default.aspx?PageKey=1,
    Default.aspx?PageKey=2 and so on.

    Login Module will be loaded on specific pages and I would like to display
    Greeting or UN/PW fields.

    How would I make forms authentification to work for this scenario?

    TIA!



    "Steve C. Orr, MCSD" <net> wrote in message
    news:phx.gbl... [/ref]
    topic. [/ref]
    added [/ref]
    etc..) 
    > able 
    > how 
    >
    >[/ref]


    Ivan Guest

  3. #3

    Default Re: Authentification question

    Steve,

    Another thing. Wat if user's browser does not accept cookies. From what I
    understand it has to place cookie.

    How to go about it?

    "Steve C. Orr, MCSD" <net> wrote in message
    news:phx.gbl... [/ref]
    topic. [/ref]
    added [/ref]
    etc..) 
    > able 
    > how 
    >
    >[/ref]


    Ivan Guest

  4. #4

    Default Re: Authentification question

    The cookie thing is no problem.
    In your web.config file, in your sessionState tag, set the attribute
    cookieless="true"

    As for the non-standard way you're putting all your pages into a single
    page, that does make things a bit more difficult.
    There's likely a way to get it to work, but it won't be nearly so automatic.
    Your idea of using Session state to store permissions is starting to look
    better.
    There's not really anything wrong with that approach. That's pretty much
    how we all had to do it in ASP.Old and it worked well enough in most cases.

    --
    I hope this helps,
    Steve C. Orr, MCSD
    http://Steve.Orr.net
    Hire top-notch developers at http://www.able-consulting.com



    "Ivan Demkovitch" <id> wrote in message
    news:%phx.gbl... [/ref]
    > topic. [/ref]
    > added [/ref]
    > etc..) [/ref][/ref]
    my 
    > > able [/ref][/ref]
    on 
    > >
    > >[/ref]
    >
    >[/ref]


    Steve Guest

  5. #5

    Default Re: Authentification question

    Just looked at IBuySPy sample with Form's authentification (It's 1 page
    sample portal)

    It's funny because it looks like this Authentification used just to show how
    to use it, but then every module
    has code "if IsLogin==1". Looks like I need to write 1 simple class and go
    with it.

    Is there any real security issues that could be solved using this Forms
    authentification or this is just a set of helping objects???




    "Steve C. Orr, MCSD" <net> wrote in message
    news:phx.gbl... 
    automatic. 
    cases. [/ref]

    > > topic. 
    > > added 
    > > etc..) [/ref][/ref]
    make [/ref][/ref]
    be [/ref]
    > on 
    > >
    > >[/ref]
    >
    >[/ref]


    Ivan Guest

  6. #6

    Default Re: Authentification question

    "Ivan Demkovitch" <id> wrote in message
    news:%phx.gbl... 
    how 

    I'm not sure what you mean "any real security issues that could be solved".
    I have several sites using Forms Authentication. None of them have "if
    isLogin == 1" in them.
    --
    John Saunders
    Internet Engineer
    com


    John Guest

  7. #7

    Default Re: Authentification question

    John,

    I explained before, I have 1 Page portal. This page consists of "blocks" -
    "modules"
    Theese has to be controlled by security.

    Thats why I'm saying that example of forms security (IBuySpy) probably
    meaningless because they have same model like mine to start with.
     
    solved".

    I don't know what tricks used by hackers and thats why I thought this forms
    may offer somthing I can not accomplish with Session object and my code.

    TIA


    "John Saunders" <com> wrote in message
    news:phx.gbl... 
    > how [/ref]
    go 
    >
    > I'm not sure what you mean "any real security issues that could be[/ref]
    solved". 


    Ivan Guest

Similar Threads

  1. Forms Authentification
    By SalamElias in forum ASP.NET Security
    Replies: 1
    Last Post: November 26th, 03:18 AM
  2. authentification
    By Dan Nash in forum ASP.NET Security
    Replies: 1
    Last Post: September 10th, 03:49 PM
  3. Logon using Basic authentification
    By Jonas S. in forum ASP Components
    Replies: 1
    Last Post: August 2nd, 01:37 PM
  4. PAM authentification
    By Rastislav in forum Informix
    Replies: 2
    Last Post: December 20th, 04:09 AM
  5. user authentification
    By Quy Ngo in forum PHP Development
    Replies: 2
    Last Post: September 24th, 12:39 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139