Web forms authentication, should I use it?

• Previous message: charlestek: "Re: Size of Entropy with Dpapi Encrypted Connection String"
• Next in thread: Brock Allen: "Re: Web forms authentication, should I use it?"
• Reply: Brock Allen: "Re: Web forms authentication, should I use it?"
• Reply: Igor Dombrovan: "Re: Web forms authentication, should I use it?"
• Reply: Paul Glavich [MVP ASP.NET]: "Re: Web forms authentication, should I use it?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Tue, 15 Mar 2005 08:27:54 +0200

Hello, people!
I’m presently trying to choose an appropriate user authentication
solution for online banking system implemented in ASP.NET, and as far as
I understood the best practice of what Mcrosoft has to offer (with the
exception of Windows integrated) is WEB forms authentication. So my
question would be:
- Would using forms authentication really be appropriate for such
security demanding software, considering that authentication cookie will
still be saved on the client’s computer where it cannot be protected by
SSL anymore. Or is it better to implement some tailor made
authentication/authorization mechanism, based on authentication
information storing into session state/viewstate? What would you suggest?

Best regards,
Vlad.

vladi_dPLACEATHEREdotLV

• Previous message: charlestek: "Re: Size of Entropy with Dpapi Encrypted Connection String"
• Next in thread: Brock Allen: "Re: Web forms authentication, should I use it?"
• Reply: Brock Allen: "Re: Web forms authentication, should I use it?"
• Reply: Igor Dombrovan: "Re: Web forms authentication, should I use it?"
• Reply: Paul Glavich [MVP ASP.NET]: "Re: Web forms authentication, should I use it?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]