Understanding application security in .NET

From: Alex Jaquet (da-geek@caramail.com)
Date: 07/24/02

From: "Alex Jaquet" <da-geek@caramail.com>
Date: Tue, 23 Jul 2002 21:10:48 -0700

It's really depending if you need to store your
users and pass into a database or into an XML document
and then parse it.
The two ways are good but if you have to abstract
ressources maybe an external XML file will be better
to treat permissions on abstract ressource.
Into your Web.config file, you can set
the to our forms then you will be able to secure them

<autentification mode="Forms" >
  <forms name "Your form name" path ="/" loginPage
                 ="WebFormLogin.aspx" protection ="All"
rigth here you tell your config file to all users zo be
autentified by your WebFormLogin.aspx
     <deny users="?" /> here you set you deny all
                        users who are not autified

then in your WebFormLogin.aspx you have to create use
the System.Web.Security and System.XML namespace
once a user is directly "log" by this current web form
you can parse a XML documents who contains some users
name and your rules. It's gonna really better to didn't
user data base to store info due to the fact of your
abstract ressource. Simply go and see the SAX api
to extend your XML file.

Hope this can help you.

Alexandre Jaquet
22 years old
Analyst Programmer looking for a job in US in
january with .NET tech.